Use the quick filters#

Filters make it easy to highlight and isolate specific clusters of information you want to zero in on during an analysis.
They help you identify entities sharing properties and attributes, which in turn can disclose connections and links among entities.

By default, quick filters are switched off. To toggle quick filter visibility click the filter icon.

Most Intelligence Center views include a range of quick filters with selectable checkboxes or input fields to quickly filter content on the current view, and to show or hide specific subsets, based on the selected shared properties and attributes.

The number and type of available quick filters may vary: quick filters are enabled and they become available only when there are selectable values, and therefore filtering options, for the data points the filters process.

If the current view does not allow filtering based on, for example, dataset or TLP because no entities on the view belong to a dataset or have a TLP color code, the corresponding filters are disabled and they are not displayed.
This behavior applies to all filters.

Click a filter group name to expand the corresponding child elements with the selectable options.

Some filters with many options — for example, Dataset — feature a search input field with autocompletion.
If a filter includes the search field, you can start typing the names of the desired values to look them up without browsing through the option list.

You can stack and combine filters as you need.

Note

About the Dataset filter

  • You can filter and search for entities by selecting one or more static datasets in the Dataset filter option available in most Intelligence Center views.

  • You cannot filter or search for entities by selecting dynamic datasets. Dynamic datasets are not included in the Dataset filter option available in most Intelligence Center views.

  • The Dataset filter is not available when the results do not include any entities belonging to at least one dataset.

Classification#

Filters objects on the current view by maliciousness classification.

Select one or more checkboxes to include in the resulting filtered view observables flagged as malicious, safe, or unknown.
The filter is available in the following Intelligence Center area:

  • Search Search icon > GO TO SEARCH AND BROWSE > Observables

Connections#

Filters objects in the current view by number of connections with other entities in EclecticIQ Intelligence Center.
Enter a minimum and a maximum number of connections to include in the resulting filtered view observables whose numbers of connections/links with other entities match the specified range.
The filter is available in the following Intelligence Center area:

  • Search Search icon > GO TO SEARCH AND BROWSE > Observables

Date#

Filters objects in the current view by date.
Select a start and an end date to include in the resulting filtered view entities ingested within the specified time range.
The filter is available in the following Intelligence Center areas:

  • Search Search icon > GO TO SEARCH AND BROWSE > Entities

  • Create + > VIEW PRODUCTION > Published

  • Create + > VIEW PRODUCTION > Drafts

  • Discovery Discovery icon

Dataset#

Filters objects in the current view by dataset.
Select one or more checkboxes to include in the resulting filtered view entities belonging to the specified datasets.
The filter is available in the following Intelligence Center areas:

  • Search Search icon > GO TO SEARCH AND BROWSE > Entities

  • Create + > VIEW PRODUCTION > Published

  • Create + > VIEW PRODUCTION > Drafts

  • Discovery Discovery icon

  • ExposureExposure icon

Discovery rules#

Filters objects in the current view by one or more specific discovery rules.
Select one or more checkboxes to include in the resulting filtered view entities whose properties and attributes match the selection criteria of the specified discovery rules.
The filter is available in the following Intelligence Center area:

  • Discovery Discovery icon

Entity#

Filters objects in the current view by entity type.
Select one or more checkboxes to include in the resulting filtered view the specified entity types.

The filter is available in the following Intelligence Center areas:

  • Search Search icon > GO TO SEARCH AND BROWSE > Entities

  • Create + > VIEW PRODUCTION > Published

  • Create + > VIEW PRODUCTION > Drafts

  • Discovery Discovery icon

  • ExposureExposure icon

  • Search Search icon > GO TO SEARCH AND BROWSE > Datasets

  • Data configuration Data configuration icon Incoming feeds > Feed > Ingested entities

Kind#

Filters objects in the current view by observable data type.
Select one or more checkboxes to include in the resulting filtered view observables whose data types match the specified values.
The filter is available in the following Intelligence Center area:

  • Search Search icon > GO TO SEARCH AND BROWSE > Observables

Reliability#

Filters objects in the current view by data source reliability.
Select one or more checkboxes to include in the resulting filtered view entities ingested from data sources whose reliability level matches the specified value(s).
The filter is available in the following Intelligence Center areas:

  • Search Search icon > GO TO SEARCH AND BROWSE > Entities

  • Create + > VIEW PRODUCTION > Published

  • Discovery Discovery icon

  • ExposureExposure icon

Source#

Filters objects in the current view by data source (incoming feeds, enrichers, user groups).
Select one or more checkboxes to include in the resulting filtered view entities ingested from the specified data sources.
The filter is available in the following Intelligence Center areas:

  • Search Search icon > GO TO SEARCH AND BROWSE > Entities

  • Search Search icon > GO TO SEARCH AND BROWSE > Observables

  • Create + > VIEW PRODUCTION > Published

  • Create + > VIEW PRODUCTION > Drafts

  • Discovery Discovery icon

Timestamp#

Filters objects in the current view by observable timestamp.
Select a start and an end date to include in the resulting filtered view observables whose timestamps fall inside the specified time range.
The filter is available in the following Intelligence Center area:

  • Search Search icon > GO TO SEARCH AND BROWSE > Observables

TLP#

Filters objects in the current view by.
Select one or more checkboxes to include in the resulting filtered view entities flagged with the specified TLP color codes.
The filter is available in the following Intelligence Center areas:

  • Search Search icon > GO TO SEARCH AND BROWSE > Entities

  • Create + > VIEW PRODUCTION > Published

  • Create + > VIEW PRODUCTION > Drafts

  • Discovery Discovery icon