Skip to content

Filters and data enrichment

Filters and data enrichment in AQtive Guard (AQG) enhance your inventory analysis by providing deeper insights and focusing your attention on relevant risks. These features are comprised of three related tools that work in harmony.

img

  1. Local filters - allow you to temporarily narrow views in data tables and exports.
  2. Global filters - enable you to narrow the scope of data across dashboards, priority issues, and statistics for the current user.
  3. Enrichments {coming soon} - provide a specialized set of intelligent filters that leverage the proprietary AQG intelligence database.

Using filters

As you explore the following sections, experiment with different filter types to learn about their impact on your data view.

Your filter settings offer several benefits to facilitate exploration:

  • Non-destructive: Won’t modify the underlying data.
  • Personalized: Unique to your view, without affecting others in your organization.
  • Flexible: Can be easily changed or reset at any time.

Use local and global filters to focus on a specific subset of related items. Then, apply enrichments to bring in additional context for deeper insight and a more targeted understanding of the data.

Local filters

Local filters are found at the top of the Inventory and IT Assets tables, providing contextual filtering options to customize the data view within each table and tab. Use them to refine analysis results and facilitate more effective investigation and management.

The scope of local filters is limited to your active table view, and they solely impact the data display and export from that table. Local filters don’t influence other data, such as dashboards, priority issues, or statistics.

Tip

Local filter settings are temporary. They reset when you navigate away from the active tab, reverting to reflect current global filter settings.

Refer to the Inventory and IT Assets for details on the specific data and filters found on each tab.

Global filters

Global filters, found at the top of all AQG data views, have a broader impact than local filters. They:

  • Affect the data display across views.
  • Influence dashboard data and statistics.
  • Impact priority issues.

Unlike local filters, global filters persist across all your views and sessions until you modify them, remaining in effect even after logging off and back in. This provides a consistent filtering experience throughout the AQtive Guard platform.

Tip

Any time your data isn’t displaying as expected, check your global filter settings.

Global filter types

The following global filters are available to help you narrow down your data view across AQG:

  • Profile - View data for one or more selected profiles. This enables you to focus on the data relevant to a particular profile, to assist you in auditing for compliance or other specialized needs. Refer to Profiles for details.
  • Severity - Filter your data by issue severity. Refer to Issues to learn more.
  • Source - Select one or more data sources to filter your view to display data from the select Data source(s) or AQG scanner(s). Refer to AQtive Guard Sensors and Data sources for details on available data sources.
  • Current scans - Narrow the date and time range for your data view. This is especially useful when you want to:
    • Retrieve data from a recent scan.
    • Analyze changes or trends within a particular time frame.
    • Isolate issues or events that occurred during a specific scan.
  • Enrichments {coming soon} - A specialized intelligent filter, covered in detail in Enrichments.

Enrichments

Data enrichment is a powerful AQtive Guard feature that provides deeper, clearer insights into your inventory and cryptographic assets. It works by sifting through the noise and filtering out irrelevant or misleading data. This ensures you get a more accurate and comprehensive understanding of your assets, giving you the clarity you need to make informed decisions and proactively manage potential compliance and security risks.

With data enrichment, you can:

  • Reduce the time you spend on root-cause analysis, allowing you to quickly identify and address potential issues.
  • Zero in on actionable priorities, ensuring that you’re focusing on the most critical aspects of your inventory.
  • Gain deeper insights into your Non-Human Identity (NHI) and cryptographic assets and issues, empowering you to make more informed decisions.
  • Create custom filters and views that meet your specific needs, making it easier to manage and prioritize compliance and remediation efforts.

How it works

AQG data enrichment is powered by our proprietary intelligence database, continuously updated with information compiled by collecting and analyzing vast amounts of Non-Human Identity (NHI) and cryptographic data from numerous public online sources. This database is compiled via specialized collection and analysis processes, verified by our world-class cybersecurity and cryptography research team, ensuring that the data is accurate, relevant, and up-to-date.

Enrichment can be accessed on the far right side of the Global filter bar from the following pages:

From these pages, you can apply the enrichment filters to your inventory. This applies relevant metadata that adds useful context to better understand the nature, usage, and potential risks associated with discovered cryptographic objects.

Tip

The enrichment feature functions similarly to other Global filters, impacting data across dashboards, priority issues, and statistics, and persisting across views and login sessions.

Using data enrichment

To apply intelligent filters using enrichment metadata, follow these steps:

  1. Select Enrichments in the Global filter bar on the Issues page or the Keys or Certificates tabs of the Inventory page.
  2. For the desired item(s) under each data enrichment category, select one or more checkboxes:
    • Include - adds or retains objects that meet the selected criteria.
    • Exclude - removes objects that meet the selected criteria.

Tip

The top five filters with the most associated objects are displayed under each category by default. Use the Search at the top of the enrichment categories to filter the view based on your search criteria.

Enrichment categories

Available enrichment categories include:

  • Publicly known: This inventory object is recognized from publicly available software or online sources.
  • Unknown: This inventory object is not recognized from publicly available software or online sources.
  • Distribution: This inventory object is associated with a specific Docker image.
  • Package: This inventory object is associated with a specific software package or application bundle.
  • Application: This inventory object is linked to a particular application or application category.
  • Path: This inventory object was discovered in your filesystem at a specific location.