Using the Advanced-Query Filter
  • 24 Oct 2023
  • 1 Minute to read
  • Dark

Using the Advanced-Query Filter

  • Dark

Article Summary

On the Browse screen, you can use the advanced-query filter to build structured queries with ThreatConnect Query Language (TQL). Follow the steps in this article to access and use this filter on the Browse screen.

  1. On the top navigation bar, click Browse to display the Browse screen.
  2. Click Advanced at the upper-right corner of the Browse screen to initiate an advanced query (Figure 1). Some commonly used TQL expressions and a link to a complete list of TQL operators and parameters are displayed in the ThreatConnect Query Language (TQL) pane on the left side of the screen.

    Figure 1_Using the Advanced-Query Filter_7.3.0


    If you created a contains or exact matches query using the basic search features on the Browse screen, clicking Advanced at the upper-right corner of the screen will convert the query into a TQL query.
    • Use the dropdown to the left of the search bar to select the type of object for which to query. Available options include Intelligence Requirements, Indicators, Groups, Tags, Tracks, Victims, and Victim Assets.
    • Enter a TQL query expression into the search bar along the top of the screen
    • Click SearchSearch button, or press the Enter key on your keyboard, to run the query.

You can save queries for later viewing and use in Query cards in custom dashboards, as well as view and manage your saved queries, by clicking the vertical ellipsis at the upper-right corner of the Browse screen.

ThreatConnect® is a registered trademark of ThreatConnect, Inc.

20052-02 v.17.C

Was this article helpful?