Filtering in the Technical Blogs and Reports Source
  • 08 Sep 2022
  • 2 Minutes to read
  • Dark
    Light

Filtering in the Technical Blogs and Reports Source

  • Dark
    Light

Minimum Role: Organization role of Read Only User

Prerequisites: None

Overview

The Technical Blogs and Reports Source aggregates blog posts from over 90 open-source security blogs. Each blog post is represented as an Incident in ThreatConnect, and a Tag is assigned to each blog. The Browse screen filters can be used to identify the blogs that are in the Source and to find all Groups from a particular blog that contain one or more keywords. The results of these filters can be saved as queries for convenient viewing at a later time or for use in a Query card on a dashboard.

Filtering to Blogs Only

  1. On the top navigation bar, click Browse to display the Browse screen.
  2. Click the My Intel Sources selector at the upper-left corner of the screen.
  3. Locate the Technical Blogs and Reports Source in the Intel Sources section, hover your cursor over it, and click Icon  Description automatically generated only so that results from this Source only are displayed on the Browse screen (Figure 1).
    Note
    If you have a large number of Sources, use the Filter sources bar in the My Intel Sources selector to filter the list of Sources to only display the Technical Blogs and Reports Source.
    Graphical user interface, application  Description automatically generated

     

  4. Click Tags on the left side of the Browse screen to display all Tags in the Technical Blogs and Reports Source (Figure 2). Graphical user interface, table  Description automatically generated

     

  5. Enter the term BLOG: (including the colon) into the search bar at the top left of the screen. The Browse screen search results will show all Tags containing this search term, each of which represents a blog collected into the Technical Blogs and Reports Source (Figure 3).
    Note
    You do not need to press Enter after typing in the BLOG: search term. The filter results will automatically update to reflect the entered search term after at least three letters are entered in the search box.
    Important
    Do not select the Exact matches checkbox when entering the term BLOG: into the search bar, as no results will be returned. For more information on using this checkbox to perform an exact-matches query, see the "Exact Matches Query" section of Browse.

     

  6. To save the query, click the vertical ellipsis at the upper-right corner of the screen and select Save Current Query…. See the “Saving and Viewing Queries” section of Browse for more information.

Filtering Groups in a Blog by Keyword

  1. Follow Steps 1–5 in the “Filtering to Blogs Only” section to view a list of all blogs in the Technical Blogs and Reports Source.
  2. Click on a Tag (BLOG: AlienVault Tag in this example) by which Groups are to be filtered. The Details drawer for that blog’s Tag will be displayed (Figure 4). A screenshot of a cell phone  Description automatically generated

     

  3. Click the vertical ellipsis at the upper-right corner of the drawer and select Pivot.
  4. After selecting Pivot, you will be prompted to select whether to pivot on Indicators or Groups (Figure 5). Select GroupsGraphical user interface, text, application, email  Description automatically generated

     

  5. The Browse screen will display all Groups from the selected blog (Figure 6). Graphical user interface, text, application, email  Description automatically generated

     

  6. Enter a keyword (“vulnerability” in this example) into the search bar at the top left of the screen. The Browse screen search results will show only Groups in the selected blog with the keyword in their title (Figure 7). Graphical user interface, text, application, email  Description automatically generated

     

  7. To save the query, click the vertical ellipsis at the upper-right corner of the screen and select Save Current Query…. See the "Saving and Viewing Queries" section of Browse for more information.

ThreatConnect® is a registered trademark of ThreatConnect, Inc.

20068-01 v.02.C


Was this article helpful?


What's Next