Blog

Exclusion Filtering Enhances Analysis Precision

Posted: 24th January 2014
By: CHRIS
Exclusion Filtering Enhances Analysis Precision

We recently added functionality in Recorded Future that allows analysts to exclude selected entities and sources using the same advanced query builder they already know. This means users can filter out an entity that’s dominating news coverage, ignore news coming from mainstream channels, or hide results from sources published in particular locations.

How to Use Exclusion Filters

We’ve upgraded the query device in Recorded Future so an analyst can quickly define entities or source categories they’d like to omit from their analysis. The exclusion filters currently available include: Entities, Topic, Media Type, Source, Author, and Source Location.

NotSearchFunctionality.png

The above image is an example of the exclusion filters in action. The query calls for information about cyber events related to any topic except Germany reported by non-US, non-mainstream sources. The results are displayed in the new Table view, which we introduced last week.

Additional Examples of Exclusion Filtering

To get you thinking about the potential for this functionality, we wanted to share a few examples.

The first relates to the spread of point-of-sale malware, a hot topic on which we recently hosted a webinar. Researching this subject, we might want to omit any events specifically talking about Target Corporation as we look for trends during the second half of 2013. The following timeline shows events related to point-of-sale malware from July to December 2013 but hides reporting that mentions Target:

POSmalwaretimeline.png

Live Visualization

Analysts might also want to remove particular types of sources, say, mainstream media and any sites published in the United States or United Kingdom, from their analysis. Below we get a look at recent, non-mainstream reporting on security vulnerabilities associated with a particular malware or attack method from sources published outside of the US and UK.

AttackMethodPlusVulnerability.png

Live Visualization

The exclusion functionality is particularly handy for filtering out noisy entities and setting up event alerts on information delivered by high-value or niche source sets that might otherwise be drowned out.

Ready to try it yourself? Bookmark the how-to article on our support site and then login to your Recorded Future account.

Related