Search and Analyze Overview
  • 10 Jan 2024
  • 1 Minute to read
  • Dark

Search and Analyze Overview

  • Dark

Article Summary


The ThreatConnect® search mechanism uses direct and indirect search algorithms to find data based on a given input. Depending on certain characteristics of the search term (e.g., size and complexity), different search methodologies are utilized to return the most relevant data possible. There are two main parts to this mechanism:

  • “Exact”-matching algorithms that search for Indicators, Groups, Tags, Victims, Workflow Cases, and Artifacts based on a “direct hit” to a known item summary or, for Indicators only, a pattern for a ThreatConnect Indicator type
  • “Potential”-matching algorithms that search for intelligence data by leveraging the OpenSearch® engine. When looking for potential matches, the search mechanism searches all data, including object summaries and descriptions, Attributes and Case Attributes, Notes, Tasks, and the contents of document uploads, to form a relevance-ordered result set based on a scoring system that filters out common words and phrases while prioritizing applicable matches.

ThreatConnect search results also provide information of analytic value, including exact and potential matches in your ThreatConnect owners and the ability to identify, create, and explore new Indicators.

Before You Start

Minimum Role(s)
  • Organization role of Read Only User (for performing searches and viewing search results)
  • Organization role of Standard User (for adding Indicators to an Organization, Community, or Source)
PrerequisitesOpenSearch enabled and configured on your ThreatConnect instance (for retrieving potential matches)

ThreatConnect® is a registered trademark of ThreatConnect, Inc.
OpenSearch® is a registered trademark of Amazon Web Services.

20075-01 v.07.A

Was this article helpful?