Post Filters
| Use case | Query |
|---|---|
| Search for posts written by a threat actor | author:lockbitsupp |
| Search for content in a specific language | language:russian |
| Search for content that was published in a certain time frame | (published:>1596240000000 published:<1599550000000) |
Site Filters
| Use case | Query |
|---|---|
| Filter by site domain | site.domain:xss.is |
| Filter by site name | site.name:"xss" |
| Searching for websites related to financial crime | site.category:financial_crime |
| Searching for hacking forums | site.category:cyber_threat_intelligence AND site.type:discussions |
| Searching for radical chat channels | site.type:chat AND enriched.category:extremism |
| Searching for gaming chat channels | site.type:chat AND enriched.category:gaming |
| Searching for drug trafficking | site.type:(market OR chat OR discussions) AND enriched.category:drugs |
Thread Filters
| Use case | Query |
|---|---|
| Searching for a Telegram channel | thread.url:"https://t.me/Fullz" |
| Searching for posts from a specific section in the site | thread.site_section:"https://raidforums.com/Forum-Databases" |
| Searching for a thread with a specific topic and a minimum count of participants and comments | thread.title:"openbullet" AND thread.participants_count:>5 AND thread.replies_count:>10 |
Extended Filters
| Use case | Query |
|---|---|
| Searching for mentioned external links with specific suffixes | extended.external_link:*.onion |
| Searching for login-protected websites | extended.required_login:true |
| Filter by network | extended.network:telegram |
Enriched Filters
| Use case | Query |
|---|---|
| Filter by category | enriched.category:hacking |
| Searching for high-risk indicators of exposed PII and data breaches | enriched.category:data_breach AND enriched.cyber_risk.value:>6 |
| Searching for leaked data published online by ransomware gangs | enriched.category:(data_breach AND ransomware) |
| Searching for mentions of emails from a specific domain | enriched.email.value:*@acme.com |
| Searching for specific phone values | enriched.phone.value:*15159992896 |
| Searching for credit card leaks | enriched.credit_card.count:>0 |
| Searching for posts that include routers' default gateway IP (might indicate a cyber risk ) | enriched.ip.value:(127.0.0.1 OR 192.168.0.1 OR 10.0.0.1) |