Filter and search IntelliFind results
Filter IntelliFind results
You can filter the results by the source of mention, report date, and dark web source.
To filter Intellifind results:
- Use IntelliFind to search for a term.
- From the results page, apply filters, as follows:
| To filter this | Do this |
|---|---|
| Report date | Click the Date filter button. By default, mentions are shown for the last 12 months. To find mentions in a different time period, click the filter and change the time period. |
| Author | Click the Author filter button. Type the author name or select to show only results that have no author. |
| Matching assets | Click the Asset filter button, and select company assets to match (max: 5000). |
| Product for sale | Click the Product for Sale filter button and select Product for sale. |
| Tags | Click the Tags filter button, and select tags to match. Options include: Credit Card, Domain, Email Address, IP Address, SSN, and URL |
| Source type | To display dark web (Onion) mentions, select Show only mentions from the dark web. To show mentions from other sources, click any of the mention sources.  |
| Time frame | Click any peak in the Mentions graph:  |
| Clear filters | Click Clear all filters. |
Search options
The following table describes the various ways to create more effective searches, from either the landing page or the search page:
| Search tool | Usage |
|---|---|
| Simple keywords | Enter keywords to search for. To search for all parts of a phrase, use quotes around the words. For example, "intsights.com" or "intsights cyber intelligence" |
| Basic operators | Add the following (case-sensitive) for more exact results: AND Searching for "intsights" AND "scam" returns only results that contain both intsights and scam. OR Searching for "intsights" OR "scam" returns results that contain at least one of the search terms. NOT Searching for “intsights” AND “hack” AND NOT (“scam”) returns results that contain intsights and hack, but don’t contain the word “scam”. For readability, it is recommended to use parentheses. () Searching for “intsights” AND (“scam” OR “hack”) returns results that contain both intsights and scam, or both intsights and hack, or all three. |
| Advanced search operators | See following table. |
| Search by document type | Searching for type:comment returns all comments. Searching for type:post returns all posts. You can also search for the following types: (type:) chat_message = IRC chats instant_message = Telegram post = Forums comment = Forums blog = Cybersecurity blogs ransomware_blog = Ransomware blogs paste = Pastes product = Black market status = Twitter |
Advanced search operators
Type any of these operators to find an exact match. The operators (only) are case-sensitive.
| Operator name | Example | Displays all mentions... |
|---|---|---|
| author: | author:“black panther” | .. authored by Black Panther. |
| title: | title:“underground market” | .. with “underground market” in the title. |
| url.url: | url.url:“login” | .. with the word “login” in the source URL. |
| url.domain: | url.domain:“facebook” | .. with the word “facebook” in the domain source URL, regardless of the TLD. |
| url.tld: | url.tld:“com” | .. with a specific TLD in the source URL (can be combined with the ‘domain’ operator). |
| source_url_full: | ”http://www.facebook.com/login-now” | ..with the exact URL in the Source URL |
| source_url_root_domain: | ”facebook.com” | ..with the exact root domain in the Source URL |
| source_url_domain_name: | “facebook” | ..with the exact domain name in the Source URL |
| source_url_tld: | “com” | ..with the exact TLD in the Source URL |
| domains_root_domain: | “google.com” | ..with the exact root domain in the content or title |
| domains_tld: | “com” | ..with the exact TLD in the content or title |
| domains_domain_name: | “google” | ..with the exact domain name in the content or title |
| domains_full: | “http://login.google.com ” | ..with the exact full domain in the content or title |
| url_content_full: | ”http://www.facebook.com/login-now” | ..with the exact URL in the content |
| url_content_keyword: * | “facebook” or “login” or “now” | ..with a specified keyword in the content |
| ssn_number: | ”123456789” or “123-45-6789” | ..with a specified Social Security number (with or without dashes) in the content or title |
| credit_cards: | ”1234notepad567890123456” | ..with a specified credit card number in the content or title |
| bin_number: | “1234” | ..with a specified BIN number in the content or title |
| emails_full: | john_smith@intsights.com | ..with a specified full email address in the content or title |
| emails_domain: | ”intsights.com” | ..with a specified email domain in the content or title |
| emails_user_name: | ”john_smith” | ..with a specified email user name in the content or title |
| ip: | ”192.158.1.38” or ”[127.0.0.0 TO 127.0.0.24]” | ..with a specified IP address or range of addresses in the content or title |
Save and edit search queries
You can use the Query Manager to save, use, and manage search queries. When you save a search query, you can easily reuse, edit, name, or delete that query. Saved queries include all the search terms.
A maximum of 200 queries can be saved, per account.
In the Query Manager, the latest updated query is shown first.
Each line shows a saved query, its details, whether (and how many) alerts are being generated from the query, the name of the user who made the most recent changes, and when the query was last updated.
Product for Sale query
Querying for "product for sale" will return results, as follows:
- Hacking forum posts with the product for sale tag.
- By enabling alert triggering for this query, future IntelliFind results that contain an indication of a product being offered for sale and a match to the company's name or brand name will be elevated to alerts.
Automatic alert creation is described in IntelliAlert.
To save a search query:
- From the IntelliFind search page or landing page, type a search query, then press Enter.
The searched mentions are displayed. - Click Save query.
The Save query dialog displays the search query terms and selected filters. - Type a unique name for the query.
Names are case-sensitive. - Click Save query.
To search with a saved query:
- Open the Query Manager, in either of these ways:
- If no IntelliFind page is open, choose TIP > Intellifind, then click Query Manager.
- If an IntelliFind page is open, click Query Manager.
- Select a saved query, then click
.
You can find a saved query by searching by name or by query terms.
To edit or delete a saved query:
Open the Query Manager, in either of these ways:
- If no IntelliFind page is open, choose TIP > Intellifind, then click Query Manager.
- If an IntelliFind page is open, click Query Manager.
Select a saved query.
You can find a saved query by searching by name or by query terms.Perform any of the following:
To do this action Do this Change the query search terms or alert triggering settings and to search for the new terms. Press Enter to search.
After searching, you can either save this query or save the new terms as a new query.Click Edit a query name or alert triggering options. Click 
Delete a saved query. Click 
Did this page help you?