Filtering and search

Filtering nodes

To filter nodes:

  1. Click the Filter button (Filter) in the top toolbar.

    The filter form appears.

  2. Specify the filtering rules for the nodes that you want to display on the graph. For example, to display only the nodes of a certain type:
    1. Click Type.

      The Type filter appears.

    2. Check the types of nodes to display on the graph. For example, "External indicator".
    3. Click Apply.

    The graph will contain only the nodes of type "External indicator" and their relationships.

    When you specify multiple filters, the graph contains only those nodes and relationships that meet all the filtering conditions.

  3. If you want the filter to be applied permanently, save the graph.

The table below lists the filters that you can use to filter nodes.

Graph filters

Filter

Description

Node type

Specify which types of nodes to display on a graph.

You can choose the following node types:

  • Standard CyberTrace indicator
  • External indicator (observable)
  • Detection
  • Report
  • Node group

    Multiple choice is available.

Indicator type

Specify which types of indicators to display on a graph.

You can apply this filter to the following node types:

  • Standard CyberTrace indicator
  • External indicator (observable)
  • Node group containing indicators

    Multiple choice is available.

Indicator value

Specify a substring to search in indicators' values.

You can apply this filter to the following node types:

  • Standard CyberTrace indicator
  • External indicator (observable)
  • Node group containing indicators

Indicator context

Conditions for filtering indicators by the values of the indicator attributes.

From the drop-down menu, select a context field, and then specify its value to display only those indicators that have the specified context field and value. Multiple choice is available.

You can apply this filter to the following node types:

  • Standard CyberTrace indicator
  • Node group containing standard CyberTrace indicators

Detection context

Conditions for filtering detections by the values of the detection attributes. Kaspersky CyberTrace extracts these attributes from incoming events by using regular expressions.

From the drop-down menu, select a regular expression name, and then specify its value to display only those detections that have the specified context field and value. Multiple choice is available.

You can apply this filter to the following node types:

  • Detection
  • Node group containing nodes of the type Detection

Searching for nodes

To search for a certain node:

Enter the search query in the search box at the top of the graph.

The search results appear below the search box. Click the node in the results list to locate the node on the graph.

Page top