Filter and search IntelliFind results

Filter IntelliFind results

You can filter the results by the source of mention, report date, and dark web source.

You can also filter by results in a time frame indicated by peak points in the **Mentions** graph.

To filter Intellifind results:

  1. Use IntelliFind to search for a term.
  2. From the results page, apply filters, as follows:
To filter thisDo this
Report dateClick the Date filter button. By default, mentions are shown for the last 12 months. To find mentions in a different time period, click the filter and change the time period.
AuthorClick the Author filter button. Type the author name or select to show only results that have no author.
Matching assetsClick the Asset filter button, and select company assets to match (max: 5000).
Product for saleClick the Product for Sale filter button and select Product for sale.
TagsClick the Tags filter button, and select tags to match. Options include: Credit Card, Domain, Email Address, IP Address, SSN, and URL
Source typeTo display dark web (Onion) mentions, select Show only mentions from the dark web. To show mentions from other sources, click any of the mention sources. test
Time frameClick any peak in the Mentions graph: test
Clear filtersClick Clear all filters.

Search options

The following table describes the various ways to create more effective searches, from either the landing page or the search page:

Search toolUsage
Simple keywordsEnter keywords to search for. To search for all parts of a phrase, use quotes around the words. For example, "" or "intsights cyber intelligence"
Basic operatorsAdd the following (case-sensitive) for more exact results: AND Searching for "intsights" AND "scam" returns only results that contain both intsights and scam. OR Searching for "intsights" OR "scam" returns results that contain at least one of the search terms. NOT Searching for “intsights” AND “hack” AND NOT (“scam”) returns results that contain intsights and hack, but don’t contain the word “scam”. For readability, it is recommended to use parentheses. () Searching for “intsights” AND (“scam” OR “hack”) returns results that contain both intsights and scam, or both intsights and hack, or all three.
Advanced search operatorsSee following table.
Search by document typeSearching for type:comment returns all comments. Searching for type:post returns all posts. You can also search for the following types: (type:) chat_message = IRC chats instant_message = Telegram post = Forums comment = Forums blog = Cybersecurity blogs ransomware_blog = Ransomware blogs paste = Pastes product = Black market status = Twitter

Advanced search operators

Type any of these operators to find an exact match. The operators (only) are case-sensitive.

Operator nameExampleDisplays all mentions...
author:author:“black panther”.. authored by Black Panther.
title:title:“underground market”.. with “underground market” in the title.
url.url:url.url:“login”.. with the word “login” in the source URL.
url.domain:url.domain:“facebook”.. with the word “facebook” in the domain source URL, regardless of the TLD.
url.tld:url.tld:“com”.. with a specific TLD in the source URL (can be combined with the ‘domain’ operator).
source_url_full:””..with the exact URL in the Source URL
source_url_root_domain:””..with the exact root domain in the Source URL
source_url_domain_name:“facebook”..with the exact domain name in the Source URL
source_url_tld:“com”..with the exact TLD in the Source URL
domains_root_domain:“”..with the exact root domain in the content or title
domains_tld:“com”..with the exact TLD in the content or title
domains_domain_name:“google”..with the exact domain name in the content or title
domains_full:“ ”..with the exact full domain in the content or title
url_content_full:””..with the exact URL in the content
url_content_keyword: *“facebook” or “login” or “now”..with a specified keyword in the content
ssn_number:”123456789” or “123-45-6789”..with a specified Social Security number (with or without dashes) in the content or title
credit_cards:”1234notepad567890123456”..with a specified credit card number in the content or title
bin_number:“1234”..with a specified BIN number in the content or title a specified full email address in the content or title
emails_domain:””..with a specified email domain in the content or title
emails_user_name:”john_smith”..with a specified email user name in the content or title
ip:”” or ”[ TO]”..with a specified IP address or range of addresses in the content or title

Save and edit search queries

You can use the Query Manager to save, use, and manage search queries. When you save a search query, you can easily reuse, edit, name, or delete that query. Saved queries include all the search terms.

A maximum of 200 queries can be saved, per account. temporary placeholder In the Query Manager, the latest updated query is shown first.

Each line shows a saved query, its details, whether (and how many) alerts are being generated from the query, the name of the user who made the most recent changes, and when the query was last updated.

Product for Sale query

Querying for "product for sale" will return results, as follows:

  • Hacking forum posts with the product for sale tag.
  • By enabling alert triggering for this query, future IntelliFind results that contain an indication of a product being offered for sale and a match to the company's name or brand name will be elevated to alerts.

Automatic alert creation is described in IntelliAlert.

To save a search query:

  1. From the IntelliFind search page or landing page, type a search query, then press Enter.
    The searched mentions are displayed.
  2. Click Save query.
    The Save query dialog displays the search query terms and selected filters.
  3. Type a unique name for the query.
    Names are case-sensitive.
  4. Click Save query.

To search with a saved query:

  1. Open the Query Manager, in either of these ways:
    • If no IntelliFind page is open, choose TIP > Intellifind, then click Query Manager.
    • If an IntelliFind page is open, click Query Manager.
      temporary placeholder
  2. Select a saved query, then click temporary placeholder.
    You can find a saved query by searching by name or by query terms.

To edit or delete a saved query:

  1. Open the Query Manager, in either of these ways:

    • If no IntelliFind page is open, choose TIP > Intellifind, then click Query Manager.
    • If an IntelliFind page is open, click Query Manager.
  2. Select a saved query.
    You can find a saved query by searching by name or by query terms.

  3. Perform any of the following:

    To do this actionDo this
    Change the query search terms or alert triggering settings and to search for the new terms. Press Enter to search.

    After searching, you can either save this query or save the new terms as a new query.
    Click temporary placeholder
    Edit a query name or alert triggering options.Click temporary placeholder
    Delete a saved query.Click temporary placeholder