Search | Query Syntax

To search for intelligence in EclecticIQ Intelligence Center (EIQ IC) you create a search query by specifying one or more attributes and the values that that attribute must have. Intelligence objects whose values for the attributes you included match the values you specified will be included in the results.
Whenever you include more than one attribute in your query, you need to use boolean operators to indicate if both attributes must be matched (“AND”) or if only one of them needs to be (“OR”).

The following documents will help you search across EIQ IC:

Basics

• Most search input fields in EIQ IC respond to the same operators and syntax.

• You can combine this basic syntax with wildcards to extend your search.

• EIQ IC also allows the use of the regular expression (RegEx) search syntax.

Types of intelligence

• You can search by querying for specific Entity attributes.
  

  • You can create Search query datasets by saving Entity searches and load the queries used to create Search query datasets.

• Likewise, you can search by querying for specific Observable attributes.

• Also, you can find Entities and/or Observables by querying for Outgoing feeds that include them.