How to best work with the manual search

What is the manual search?

The manual search is your starting point for finding relevant content in our Cyphergraph. The user interface offers you an easy way to create complex search queries that allow you to create very specific searches and save them as feeds.

Best Practice for searching

To get to your goal as quickly as possible, it is best to follow the procedure described below:

1. Define a query term: To do this, type as broad a search term as possible into the search box in the top centre of the page. At this stage, it is advisable not to limit the search too much. Tip: Start with a wildcard search and type in *.

2. Define the filters: To do this, you can use the filter options provided visually on the left-hand side. These filters are used the most. Of course, there are many more filter options that you can define directly in the cypher query, for example. We are also happy to help you with this. To use the visual filters, choose between ‘Publishing company’, “Severity” and ‘Classification’. There is also an on/off filter that only shows you content in which products affected by a vulnerability have been mentioned. Important: the filters only show what is available in the results generated by the search query. So if there are no search results, these filters are empty. Once you have selected the filters, they will be displayed accordingly. This allows you to keep an eye on which filters are active at all times.

   

3. Apply the filters: Click on ‘Submit Filter’ to apply the filters to the search results.

4. Check and refine: Take a look at the search results and refine your search. You can either revise the filters again. Or you can fine-tune your search query now. Using the filters you have set, you will be able to replace the previously very broad term with a very specific search query. You can find out more here.

5. Save as feed: Once you are happy with the definition of the search, you can save it as a feed. In this way, the search is automatically executed again and again at certain intervals. This way you can always be kept up to date with new results. To do this, click on the ‘Save as feed’ button in the lower right corner of the filter bar.

   

   A pop-up opens in which you select the target tenant and give the feed a name.

   

Confirm by clicking on ‘Submit’. You will now be taken to a new window where you can define further details of the feed. It makes sense to give the feed a meaningful description here. You can also select the analytic buckets that should receive the new results from this feed.

The "Publishing Company" Filter

This filter allows you to filter your search results according to specific sources. These sources are the organisations that have published the content. For example, you can define that you only want to find official search results from a specific manufacturer, such as Cisco.

You can select different organisations. Bear in mind that you can only do this as long as the search results are still unfiltered. As soon as you confirm the filter, no further organisations can be added as they are no longer included in the search set. To do this, you would first have to remove all ‘Publishing Companies’ again.

The "Severity" Filter

This filter is a very essential filter as it allows you to focus on important events. The severity is extracted from the information available in the sources. In the vast majority of cases, these are CVSS score based. However, the filter is not based on a score, i.e. numerical, but on the corresponding textual variant.

This filter refers to two properties of a search result. Firstly, it takes into account the vendor's assessment. This means that, for example, in relation to an official security advisory, it contains the vendor's original assessment. This may or may not correspond to the official CVE risk system, which consists of ‘low’, ‘medium’, “high” and ‘critical’. For example, Microsoft has introduced ‘important’ as an additional value. Secondly, the filter refers to the official CVE ratings associated with the search result.

Multiple filters can be selected. Please note that you can only do this while the search results are still unfiltered. As soon as you confirm the filter, no further severities can be added as they are no longer included in the search set. To do this, you would first have to remove all ‘Severities’ again.

The "Classification" Filter

This filter allows you to filter according to the content classes set by cybernality. You can find out what these are and what's behind them here. In a nutshell, there are six different classes. These are:

• Exploit Discovery

• Hacking Attack

• Patch Announcement

• Security Advisory

• Threat Intelligence

• Vulnerability Discovery

Of these six classes, the Security Advisory is the most frequently used. It is an excellent tool for searching for official reports of new vulnerabilities.

Multiple filters can be selected. Please note that you can only do this while the search results are still unfiltered. As soon as you confirm the filter, no further classes can be added as they are no longer included in the search set. To do this, you would first have to remove all ‘classes’ again.

The "Has Vulnerable Products" Filter

There are some manufacturers who publish security advisories even though their products are not vulnerable. These reports generate unnecessary effort. This filter is intended to filter out such results. It can either be activated or deactivated. It is deactivated by default.