Skip to main content
Version: Spectra Detect 5.2.0

Filter Management

Filter Management provides users with advanced capabilities for managing filters that can be applied across supported Egress Integrations Connectors. Users can create new filters, edit existing ones, and remove any filters that are no longer required. The Advanced Filter can be enabled in Central Configuration > Egress Integration > File Storage for each supported Connector.

When enabled, the Filter Management will replace the existing File Filter for file storage management.

Adding a Filter

The Filter Management allows users to define and apply specific filters within the system. The filters help control the flow of data or enforce policies according to user requirements. Filters can be set up to include or exclude certain criteria, and applied to different types of data containers depending on the configuration.

General Information

  • Filter Name: Enter a unique name for the filter. The name should be descriptive to indicate its purpose.
  • Description: Provide a detailed description of the filter to explain its function, application, or any other relevant details and references.
  • Filter Type: Users can select between two options of filter types:
    • Inclusive: Includes the specified criteria within the filter.
    • Exclusive: Excludes the specified criteria from the filter.
note

Click the info icon next to the options for more details on their use.

  • Filter Applies Only to Container: Select the checkbox if the filter should be applied only to a specific container or grouping of data within the system.

Conditions

Conditions allow you to specify rules based on various attributes such as file type, file size, classification, and more. These conditions refine the behavior of your filter, ensuring it targets the specific data elements needed. Users can define the conditions that dictate how the filter behaves.

Available conditions:

  • File

    • Type: Select a file type.
    • Size Select a From - To file size expressed in bytes (B), kilobytes (KB), megabytes (MB), or gigabytes (GB).

  • Classification

    • Classification: Select a classification. Supported values are: Unknown, Goodware, Suspicious, and Malicious
    • RCA Factor: Select an operator (Equals, Does not Equal, Greater Than, Greater Than or Equal, Less Than, Less Than or Equal), and value (0 - 10).

  • Idenfitication

    • Success: Successful or Not Successful.
    • Name: Select an operator (Equals, Contains, Starts With, Ends With)
    • Version: Select an operator (Equals, Contains, Starts With, Ends With), and input value.
    • Author: Select an operator (Equals, Contains, Starts With, Ends With), and input value.

  • Behavior

    • URI String: Select an operator (Equals, Contains, Starts With, Ends With), and input value.
    • Protocol: Select an operator (Equals, Contains, Starts With, Ends With), and input value.
    • Hostname: Select an operator (Equals, Contains, Starts With, Ends With), and input value.
    • Port: Select an operator (Equals), and input value.
    • Path: Select an operator (Equals, Contains, Starts With, Ends With), and input value.
    • IP Protocol: Select an operator (Equals, Contains, Starts With, Ends With), and input value.

  • Document

    • Capabilities: Select and apply one or more capabilities. Some capabilities may also require an input value.
    • Language: Select an operator (Equals, Contains, Starts With, Ends With), and input value.
    • Creation Date: Select a From - To date value specified in the YYYY-MM-DD format.
    • Modified Date: Select a From - To date value specified in the YYYY-MM-DD format.
    • Needs Rendering: Select Yes or No value.
    • Page Count: Select an operator (Equals, Does not Equal, Greater Than, Greater Than or Equal, Less Than, Less Than or Equal), and input value.
    • Word Count: Select an operator operator (Equals, Does not Equal, Greater Than, Greater Than or Equal, Less Than, Less Than or Equal), and input value.
    • Character Count: Select an operator (Equals, Does not Equal, Greater Than, Greater Than or Equal, Less Than, Less Than or Equal), and input value.

  • Unpacking

    • Status: Select an unpacking status. Supported values are: Unknown, Failed, Success, Partial.
    • Warning: Select an unpacking warning value. Supported values are: Yes and No.

  • File Statistics

    • Type: Select an operator (Equals, Contains, Starts With, Ends With), and input value.
    • Subtype: Select an operator (Equals, Contains, Starts With, Ends With), and input value.
    • Count: Select an operator (Equals, Does not Equal, Greater Than, Greater Than or Equal, Less Than, Less Than or Equal), and input value.

  • Capabilities:

    • Capabilities: Select and apply one or more capabilities.

  • Yara Matches:

    • Classification: Select a classification used for YARA matches. Supported values are: Unknown, Goodware, Suspicious, and Malicious.
    • Identifier: Select an operator (Equals, Contains, Starts With, Ends With), and input value.

  • Indicators:

    • Category: Select and apply one or more categories.
    • Priority: Select a priority. Supported value is from 0 to 10.

  • Mitre

    • Mitre Techniques: Select a Mitre Technique. Mitre Techniques are grouped into sections. Each section contains specific sub-items the user can select.

  • Tags

    • Tags: Select and apply one or more tags.