Exclusion Filtering Enhances Analysis Precision
Predict 21: The Intelligence Summit Register Today

Exclusion Filtering Enhances Analysis Precision

January 24, 2014 • Chris

We recently added functionality in Recorded Future that allows analysts to exclude selected entities and sources using the same advanced query builder they already know. This means users can filter out an entity that’s dominating news coverage, ignore news coming from mainstream channels, or hide results from sources published in particular locations.

How to Use Exclusion Filters

We’ve upgraded the query device in Recorded Future so an analyst can quickly define entities or source categories they’d like to omit from their analysis. The exclusion filters currently available include: Entities, Topic, Media Type, Source, Author, and Source Location.

Exclusion Filters

The above image is an example of the exclusion filters in action. The query calls for information about cyber events related to any topic except Germany reported by non-US, non-mainstream sources. The results are displayed in the new Table view, which we introduced last week.

Additional Examples of Exclusion Filtering

To get you thinking about the potential for this functionality, we wanted to share a few examples.

The first relates to the spread of point-of-sale malware, a hot topic on which we recently hosted a webinar. Researching this subject, we might want to omit any events specifically talking about Target Corporation as we look for trends during the second half of 2013. The following timeline shows events related to point-of-sale malware from July to December 2013 but hides reporting that mentions Target:

POS Malware Timeline

Live Visualization

Analysts might also want to remove particular types of sources, say, mainstream media and any sites published in the United States or United Kingdom, from their analysis. Below we get a look at recent, non-mainstream reporting on security vulnerabilities associated with a particular malware or attack method from sources published outside of the US and UK.

Security Vulnerabilities Feed

Live Visualization

The exclusion functionality is particularly handy for filtering out noisy entities and setting up event alerts on information delivered by high-value or niche source sets that might otherwise be drowned out.

Ready to try it yourself? Bookmark the how-to article on our support site and then login to your Recorded Future account.

New call-to-action

Related Posts

Using Intelligence to Prioritize AWS Guard Duty Alerts

Using Intelligence to Prioritize AWS Guard Duty Alerts

March 10, 2021 • Meghan McGowan

Security operations teams are inundated with alerts and threats making it difficult for them to...

Announcing Security Intelligence for Splunk — For Free

Announcing Security Intelligence for Splunk — For Free

February 23, 2021 • Ellen Wilson

Today, we’re thrilled to announce the launch of a free 30-day trial of our integration for Splunk...

Special Delivery: Recorded Future Hunting Packages

Special Delivery: Recorded Future Hunting Packages

September 25, 2019 • The Recorded Future Team

Quickly detecting and preventing malicious activity is imperative to effectively protecting your...