Rapid7 continuously monitors the clear, deep, and dark web inspecting thousands of sources and tens of millions of web pages with proprietary crawlers.

While the Threat Command and TIP IOCs provide tactical intelligence, IntelliFind search gives you operational intelligence.

Use the IntelliFind search module to:

  • Search company-specific assets and mentions (matching results) across the entire intelligence surface.
  • Perform complex searches to find relevant findings and relevant context.
  • For example, you can search for a result that contains both a specific threat and your company name.
  • Proactively track threat actors and view their activity.
  • Automate searches via Threat Command RESTful APIs.
  • Use IntelliAlert to automatically trigger alerts when results match specific query criteria.

Access to IntelliFind is limited to users with a subscription to the TIP module.

WarningThe use of IntelliFind must comply with the applicable laws and terms of use.

These are the applicable laws:

The Service may use and/or contain links and references to third-party websites and applications. The Company does not make any representations with respect to such websites or applications, or regarding the completeness of the sources and information contained in such websites or applications, nor to their availability or correctness. It is hereby clarified the Company may stop making use of any such application or third-party website at any time, without providing any notification to that effect. In no event shall the Company be responsible or liable in any way for the use of such third party websites and applications, their practices, the information driven from such and your reliance on such third-party websites and/or applications and/or the information driven from such.

To search with IntelliFind:

  1. From the Threat Command main menu, choose TIP > IntelliFind.
    The IntelliFind  landing page is displayed:
    temporary placeholder
  2. Type a search term in the Search bar and press Enter.
    The IntelliF ind search page displays all found results (mentions):
    temporary placeholder

By default, the IntelliFind  search page shows mentions from all sources, from the past 12 months, with the most recent shown first.

You can export IntelliFind results to a CSV. For more information, see Export IntelliFind Results to CSV.

The following table describes the IntelliFind view and ways to filter and view IntelliFind results:

The following table describes the IntelliFind view and ways to filter and view IntelliFind results:

testYou can show results from specific sources as well as filter the results according to the report date, matching assets, and tags. When using the top row filter buttons, a mention must match ALL of the filters to be displayed. Within each filter, a mention can match ANY of the selected criteria.
testMention information: See the following table.
testResults with identical content and source type are grouped together under the latest mention. To see those, click View Similar Mentions. When a matched result is part of a thread (either as an original post or as a comment about a post), all of the thread posts and comments are grouped together in the Threads tab. To see those, click View Thread. When an alert has been triggered for a result, its severity and alert type is indicated in the display. To see the alert in the Alerts page, click Go To Alert. When multiple alerts have been triggered for the same source URL, you can see them all in the Alerts page by clicking View Related Alerts. You can elevate a result to an alert by clicking Create Alert. You can also use IntelliAlert to automatically trigger alerts when results match specific query criteria.

Mention information:

TitleThe title of the article, post, or comment in which the mention was found.
DateSource date: The date the mention was published in the source. Found date: The date when the mention was found. If there is no source date, this date is presented.
Source typeIn which source type the mention was found. You can select to show only mentions found in the dark web.
IndicationsIf a post is tagged (for example as Product for Sale, Credit card, SSN), the tags are displayed.
Source URLThe URL (if applicable) where the mention was found. You can click the URL to go to the source or click test to copy the URL.
AuthorThe name of the author of the mention. You can click the Author name to show all mentions by this author.
PreviewThe mention is displayed in English, regardless of the source language (translated, if necessary). To revert to the original language, click Show original. If the full mention cannot be displayed, click ...Read more. The full mention is displayed with the relevant text highlighted.

You can pinpoint search results by using search options and you can save those search queries.

The Mentions graph shows the number of mentions on a timeline:
temporary placeholder

The graph shows the mentions from all sources over the time range of the report.  Mentions are a very strong sign of a potential threat, and a good way to view trending. You can click on a peak to show all results in the designated time frame.

For additional filter and query options, see Filter and search IntelliFind results.