Search | Query Syntax | Basic Operators & Syntax#

Search fields in EclecticIQ Intelligence Center use the Elasticsearch DSL query syntax unless otherwise specified.

Combine these operators with the searchable Entity attributes and Observable attributes to find the intelligence you are looking for.

Query syntax element	Description
`AND`	Boolean operator between filters.
`NOT`	Boolean operator between filters.
`OR`	Boolean operator between filters.
`"we want to look up all these keywords"`	Use double quotes to group multiple search entries into one single search string. The search query looks for matches for the string as one token.
`keywo*`	Use the `*` character for multiple character wildcards.
`key?ord`	Use the `?` character for single character wildcards.
`keyword~`	Searches for similar words. Fuzzy search.
`"keyword1"^2 AND keyword2`	Use the `^${integer}` suffix to give more weight to a search term over another in a search query.
`+keyword`	Prefix `+` to include a keyword in a search (must be in the search).
`-keyword`	Prefix `-` to exclude a keyword from a search (must not be in the search).
`/keyw?rd)/`	Searches using Elasticsearch DSL query syntax regular expressions.