Pivoting on Data

Last Updated: Jun 20, 2018 01:46AM EDT
User
None

Overview

Pivoting is an analytic transition in which a user in ThreatConnect® moves from one entity—Indicators and Groups in the ThreatConnect Data Model, as well as Tags and Attributes—to an associated entity in accordance with the methodology defined by the Diamond Model. Through the process of pivoting, users can, in a contiguous manner, explore relationships and find correlations between entities.

Steps

  1. On the top navigation bar (Figure 1), place the cursor over BROWSE and then over the INDICATORS or GROUPS option (INDICATORS in this example). Click on an object (HOST in this example) to display a results table (Figure 2).
  2. Click on one of the entries, and the Details window for that entry will appear (Figure 3).
  3. Click the vertical ellipsis icon at the top right of the window. A dropdown menu will appear with the Pivot option (Figure 4).
  4. Click the Pivot option, and a screen containing all associated Groups will appear (Figure 5), with the original Indicator shown in a gray rectangle above the results table. If the initial resource was a Group, then choosing the Pivot option will result in a screen containing all associated Indicators.
  5. The same pivoting operation may be performed by clicking the Details icon at the top left corner of the the Details window (Figure 3) and then clicking the PIVOT button on the top left of the Details Overview screen for the object (Figure 6).

Pivoting from a Tag

  1. On the top navigation bar (Figure 1), place the cursor over BROWSE and then click on the TAGS option to display a results table (Figure 7).
  2. Click on one of the entries, and the Details window for that entry will appear (Figure 8).
  3. Click the vertical ellipsis icon at the top right of the window. A dropdown menu will appear with the Pivot option (Figure 9).
  4. Click on the Pivot option, and a dropdown menu will appear, offering the choice between pivoting on Indicators or Groups (Figure 10).
  5. Select one of the options (Indicators in this example), and a screen containing a results table for all of the selected objects that have the chosen Tag will appear (Figure 11).

Pivoting on an Attribute

  1. On the top navigation bar (Figure 1), place the cursor over BROWSE and then over the INDICATORS or GROUPS option (GROUPS in this example). Click on an object (INCIDENT in this example) to display a results table (Figure 12).
  2. Click on one of the entries, and the Details window for that entry will appear (Figure 13).
  3. Click the Details icon at the top right corner of the window, and the Overview tab of the Details screen will appear (Figure 14).
  4. Scroll down to view the Attributes card (Figure 15).
  5. Click the magnifying glass icon next to an Attribute, and a results table displaying all objects that have this Attribute will appear, with the selected Attribute shown in a gray rectangle above the results table (Figure 16). Only Attributes that have a maximum length of 500 characters or under will have a magnifying glass displayed.

20034-05 EN Rev. D

Contact Us

  • ThreatConnect, Inc.
    3865 Wilson Blvd.
    Suite 550
    Arlington, VA 22203

    Toll Free:   1.800.965.2708
    Local: +1.703.229.4240
    Fax +1.703.229.4489

    Email Us



https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete