Search and Analyze Overview
- 10 Jan 2024
- 1 Minute to read
-
Print
-
DarkLight
Search and Analyze Overview
- Updated on 10 Jan 2024
- 1 Minute to read
-
Print
-
DarkLight
Article Summary
Share feedback
Thanks for sharing your feedback!
Overview
The ThreatConnect® search mechanism uses direct and indirect search algorithms to find data based on a given input. Depending on certain characteristics of the search term (e.g., size and complexity), different search methodologies are utilized to return the most relevant data possible. There are two main parts to this mechanism:
- “Exact”-matching algorithms that search for Indicators, Groups, Tags, Victims, Workflow Cases, and Artifacts based on a “direct hit” to a known item summary or, for Indicators only, a pattern for a ThreatConnect Indicator type
- “Potential”-matching algorithms that search for intelligence data by leveraging the OpenSearch® engine. When looking for potential matches, the search mechanism searches all data, including object summaries and descriptions, Attributes and Case Attributes, Notes, Tasks, and the contents of document uploads, to form a relevance-ordered result set based on a scoring system that filters out common words and phrases while prioritizing applicable matches.
ThreatConnect search results also provide information of analytic value, including exact and potential matches in your ThreatConnect owners and the ability to identify, create, and explore new Indicators.
Before You Start
| Minimum Role(s) |
|
|---|---|
| Prerequisites | OpenSearch enabled and configured on your ThreatConnect instance (for retrieving potential matches) |
ThreatConnect® is a registered trademark of ThreatConnect, Inc.
OpenSearch® is a registered trademark of Amazon Web Services.
20075-01 v.07.A
Was this article helpful?
