Search and Analyze Overview

Minimum Role: Organization role of Read Only User (for performing searches and viewing search results); Organization role of Standard User (for adding objects to an Organization, Community, or Source)

Prerequisites: None

The search mechanism in ThreatConnect^® uses a combination of direct and indirect search algorithms to find data based on a given input. Depending on certain characteristics of the search term (e.g., size and complexity), different search methodologies are utilized to return the most relevant data possible back to you. There are two main parts to this mechanism: (1) “exact”-matching algorithms that search for Indicators and other intelligence data based on a “direct hit” to a known item summary or a pattern ; and (2) “potential”-matching algorithms that search for intelligence data by leveraging the OpenSearch^® engine. For the partial-matching part of the mechanism, all data, including document uploads, are searched to form a relevance-ordered result set based on a scoring system that filters out common words and phrases while prioritizing applicable matches.

The ThreatConnect search results also provide information of analytic value, including exact and potential matches in your ThreatConnect owners and the ability to identify, create, and explore new Indicators.

ThreatConnect^® is a registered trademark of ThreatConnect, Inc.
OpenSearch^® is a registered trademark of Amazon Web Services.

20075-01 v.06.A