Skip to main content
Ctrl
+
K
Intelligence Center 3.5.0 Docs
EclecticIQ documentation home
EclecticIQ documentation home
Site Navigation
Release
Manage
Use
Integrate
Section Navigation
Navigate
Search
Basic search
Basic operators & syntax
Wildcards
Regular expression
Entity search
Relational search
Observable-based
Save & load
Observable search
Outgoing feed inclusion
Kibana
Tokenization
Browse
Filter
Source filter
TLP filter
Customize list columns
Edit Entities while browsing
AI features
Data privacy disclaimer
Assistant
Search
Report generation
Entity Extraction
Text editing
Command palette
Intelligence objects
Entities
STIX compatibility
STIX 2.1 Common Properties
STIX 2.1 STIX Patterns
STIX 2.1 Indicator SDO
STIX 2.1 Observed Data SDO
STIX 2.1 Data Markings
STIX 2.1 Cyber-observable Objects
STIX 2.1 Known issues
Entities | Edit
Entities | Copy
Entity | Details
Access the entity detail pane
Entity | Details | Entity overview
Entity | Details | Versions
Entity | Details | History
Entity | Details | Observables tab
Entity | Details | Manually add Observables from Entities overview
Entity | Details | Neighborhood tab
Add relationships
Entity | Details | JSON tab
Entity | Details | Extract PDFs
Entity types
Entities: Common properties
Attack pattern
Campaign
Course of Action
Exploit target
Identity
Incident
Indicator
Infrastructure
Intrusion Set
Location
Malware
Malware Analysis
Note
Report
Sighting
Threat Actor
Tool
TTP (deprecated)
View and search
Dashboard overview
Search for entities
Discover entities
Act on exposed entities
Manage entities
Export entities
Download entities
Delete entities
Merge entities
Observables
Add observables
Manage observables
Export Observables
Ignore observables
Observable link types
Observable maliciousness
EIQ's data model
Attributes
TLP
Relations
Relationship type compatibility tables
ATT&CK Classifications
(Un)assign TTPs to entities
Filter with and view TTPs
Observable scoring
Work with policies
Configure decay
Source reliability
Tags
Create
Ingest
Access incoming feeds
Create and configure incoming feeds
Start and stop incoming feeds
Reingest incoming feeds
Delete incoming feed content and configuration
Upload files
Standard upload
Create custom data mapping
Upload with a custom mapping
Review uploads
Delete files
Manually create
Draft and published entities
Create entities from observables
Customize list columns
Edit entities in Production
Filter entities in Production
Retention policies
Create
Manage
Organize
Dashboards
Create & Manage
Configure
Create Widgets
Configure Widgets
Datasets
Create
Edit
Delete
Metrics
Edit Entities in Dataset
Export Entities in Dataset
Datasets | Add Entities to Collection datasets
Workspaces
Access workspaces
Default public workspace
Create workspaces
List and unlist workspaces
Add edit and remove entities
Add edit and remove datasets
Add and remove graphs
Collaborate with other users
Add collaborators to a workspace
Remove collaborators from a workspace
Create user tasks
View tasks
Edit tasks
Write and review comments
Edit workspaces
Archive workspaces
Restore workspaces
Delete workspaces
View workspace history
Taxonomy
Create a taxonomy entry
Edit a taxonomy entry
Filter by tag and taxonomy
Delete a taxonomy entry
Knowledge packs
Process
Rules
Entity rules
About entity rules
Create entity rules
Entity rule actions
Content criteria tool
Manage entity rules
Observable rules
Create observable rules
Manage observable rules
Enrichment rules
Create
Manage
Discovery rules
Create
Manage
Enrichment
Configure enrichers
Run enrichers
Rules for enrichers
Saving data
Intelligence Compass
Create
View matches & history
Manually run
Manually update Entities
Discovery
Add entities from the discovery service
Customize list columns
Edit entities through the Discovery page
Export from discovery
Graphs
About graphs
Create a graph
Access a graph
Add entities to a graph
Analyze entities in a graph
Group entities in a graph
Edit entities in a graph
Publish entities in a graph
Remove entities from a graph
Add relationships to a graph
Edit relationships in a graph
Publish relationships in a graph
Remove relationships from a graph
Add observables to a graph
Publish observables in a graph
Edit observables in a graph
Remove observables from a graph
Delete observables from a graph
Review Enrichment observables
Move around on the graph
Graph on Neighborhood tab
Add graph to workspaces
Filter entities with the timebar
Filter entities with the histogram
Toggle visualization layouts
Save and export the graph
View full titles in the graph
ATT&CK Heatmaps
Create heat maps
Customize heat maps
Malware Sandbox
Integrate
Use
Exposure
About exposure
Configure exposure
View exposure
Edit entities in Exposure
Review Exposure
Override exposure
Customize list columns
Outgoing feeds
Access outgoing feeds
Configure content types
Update strategy
Download outgoing feed created packages
Create and configure outgoing feeds
Start and stop outgoing feeds
Exchange data between EclecticIQ Intelligence Center instances
Exchanging data between EclecticIQ Intelligence Center instances
Create an automation role
Create an automation user
Create an automation group
Create a TAXII outgoing feed
Create a TAXII incoming feed
About ingestion discrepancies
Users & access
Users
User permissions
Manage your own user account
Manage users
Manage groups
Manage roles
Manage notifications
Manage automation users
Export and import user database
Permissions
Default Intelligence Center roles
Intelligence Center permissions
Permissions to access settings
Permissions to access data
Permissions for public API endpoints
Token-based authentication
Create an API token
Delete an API token
Two-factor authentication (2FA)
About two-factor authentication
Enforce two-factor authentication
Set up two-factor authentication
Use
Do not ask for N days
Generate new recovery codes
Recover two-factor authentication
Disable two-factor authentication
Review two-factor authentication activity
Account policies
Observable rules
#
Create observable rules
Manage observable rules