Filtering in the Technical Blogs and Reports Source

Minimum Role: Organization role of Read Only User

Prerequisites: None

Overview

The Technical Blogs and Reports Source aggregates blog posts from over 90 open-source security blogs. Each blog post is represented as an Incident in ThreatConnect, and a Tag is assigned to each blog. The Browse screen filters can be used to identify the blogs that are in the Source and to find all Groups from a particular blog that contain one or more keywords. The results of these filters can be saved as queries for convenient viewing at a later time or for use in a Query card on a dashboard.

Filtering to Blogs Only

1. On the top navigation bar, click Browse to display the Browse screen.
2. Click the My Intel Sources selector at the upper-left corner of the screen.
3. Locate the Technical Blogs and Reports Source in the Intel Sources section, hover your cursor over it, and click only so that results from this Source only are displayed on the Browse screen (Figure 1).
   Note

   If you have a large number of Sources, use the Filter sources bar in the My Intel Sources selector to filter the list of Sources to only display the Technical Blogs and Reports Source.
   

    

4. Click Tags on the left side of the Browse screen to display all Tags in the Technical Blogs and Reports Source (Figure 2). 

    

5. Enter the term BLOG: (including the colon) into the search bar at the top left of the screen. The Browse screen search results will show all Tags containing this search term, each of which represents a blog collected into the Technical Blogs and Reports Source (Figure 3).
   Note

   You do not need to press Enter after typing in the BLOG: search term. The filter results will automatically update to reflect the entered search term after at least three letters are entered in the search box.
   Important

   Do not select the Exact matches checkbox when entering the term BLOG: into the search bar, as no results will be returned. For more information on using this checkbox to perform an exact-matches query, see the "Exact Matches Query" section of Browse.
   

    

6. To save the query, click the vertical ellipsis at the upper-right corner of the screen and select Save Current Query…. See the “Saving and Viewing Queries” section of Browse for more information.

Filtering Groups in a Blog by Keyword

1. Follow Steps 1–5 in the “Filtering to Blogs Only” section to view a list of all blogs in the Technical Blogs and Reports Source.
2. Click on a Tag (BLOG: AlienVault Tag in this example) by which Groups are to be filtered. The Details drawer for that blog’s Tag will be displayed (Figure 4). 

    

3. Click the vertical ellipsis at the upper-right corner of the drawer and select Pivot.
4. After selecting Pivot, you will be prompted to select whether to pivot on Indicators or Groups (Figure 5). Select Groups. 

    

5. The Browse screen will display all Groups from the selected blog (Figure 6). 

    

6. Enter a keyword (“vulnerability” in this example) into the search bar at the top left of the screen. The Browse screen search results will show only Groups in the selected blog with the keyword in their title (Figure 7). 

    

7. To save the query, click the vertical ellipsis at the upper-right corner of the screen and select Save Current Query…. See the "Saving and Viewing Queries" section of Browse for more information.

ThreatConnect^® is a registered trademark of ThreatConnect, Inc.

20068-01 v.02.C