Exploring search results in Data Explorer

Use filters to find results faster or to further narrow the data so that you see only data that you are interested in reviewing.

1. To open or close the filter category options menu, click Filters. To do a filter search, in the search icon field, specify your search criteria.
   The filters that are available for you to select vary depending on your connected data sources.
2. Use the Sort results option to select and organize the results based on predefined filters.
   These filter options correspond to the properties or table column names and vary depending on your connected data sources.

1. Select an area of the chart by clicking and dragging the mouse pointer.
   Note: The selected area immediately expands to fill the available view space. Each time you click and drag, the chart zooms to show more detail.
2. To undo a zoom action, press Esc.
   Note: The plot area returns to the previous size.

The search results are presented in narrative view by default. Click the Switch to table view icon to view your results in tabular format.

1. Click the case icon to add data from a row to an existing case or associate the data with a new case. For more information, see Case Management.
2. To see the full result of the query that is associated with a row of data that includes the relationships between the objects, click the row.
3. To see more details, click the value.
4. Click STIX 2.0 to view the result in STIX 2.0 code format.
5. Click the Switch to table view icon to view your results in table view.
6. Click Items per page to specify the number of the items displayed.

1. Click More options (…) in the very end of a row, and then click Add to case to add data from a row to an existing case or associate the data with a new case. For more information, see Case Management.
2. To see the full result of the query that is associated with a row of data that includes the relationships between the objects, hover over the first column.
3. To see more details, click the value.
4. To sort the results in ascending or descending order, click the column header.
5. To view your results in narrative view, click the Switch to narrative view icon.
6. To specify the number of the items displayed, click Items per page.

You can use Analytics Toolkit to run extra analysis. For example, Observations Per Period, Most Common Values, Least Common Values, and Potential Outliers.

1. To open the Analytics Toolkit window, click the Analytics switch on.
2. Click Select property and select the STIX property that you want to analyze.
   The Analytics window displays information for attributes such as Observations Per Period, Most Common Values, Least Common Values, and Potential Outliers.

Add alerts to the federated search and run a STIX command to pull all the alerts. Viewing all the alerts that were generated might help you find correlations between each of the alerts.

1. Select the search result card with the data source ID that starts with ALERT label, and ensure you are on the Advanced builder tab.
2. Under the Sort by bar, click Add to case.
3. In the Add finding to case window, complete the following parameters.
   1. Name: Enter a name of the finding.
   2. Description: Optionally enter descriptive text or a helpful hint.
   3. Case name: Either select an existing case or create a new one.
   4. Finding summary: Detailed information of the selected result.
4. Click Add finding.
5. Click the notification that appears on the bottom of the page.

1. On the Search Results page, click Export and choose your file format. A new tab opens and your download begins.
2. When the file is ready, the system prompts you to download the file. In some browsers, the download happens automatically.
3. To cancel the export process at any time, click Cancel.