CORE FEATURES
Threat Flow

Conversation Explorer

7min

What is Conversation Explorer?

Conversation Explorer is a powerful add-on feature to Threat Flow that enhances Dark Web browsing capabilities. It helps you explore cybercrime chatter with automated conversation summaries, transforming unstructured discussions into clear, structured insights for easier browsing and action.



For access to Conversation Explorer, contact your CSM.

Browsing

The left-hand panel shows summarized conversations from your searches, distilling multiple cybercrime interactions. Threat Flow identifies targeted organizations, discussed products (if any), mentioned locations, and other metadata.

Document image


Search Best Practices

Use Specific Terminology

Whenever possible, using specific terms when performing semantic searches can significantly improve the resulting discussions and or relevance of the topics being discussed. The following are some common suggestions.

Finance: Use specific terms such as bank credentials, BIN numbers, cryptocurrencies, or institution names.

Ransomware: Include terms similar to ransomware group, ransomware activities, ransomware recruitment, or known threat actors such as LockBit or Cl0p

Critical Infrastructure: Use terms like energy sector, telecommunications, internet providers, military, government" and transportation

Create Intel for Specific Topics of Interests

Avoid overly specific or "mixed-topic" queries for the most relevant results.

Include Specific TTPs, Vectors, and Vulnerabilities of interest

Some examples include phishing, VPN, brute force, reverse shell, orCVE-2024-XXX

Reading Threads

Conversation Explorer allows you to go directly to the source and read the relevant threads of discussion. Just click the Threads tab on any conversation.

Creating Intel

Explorer enables you to create Custom Intel within Threat Flow using the Custom Intel Builder, allowing you to select conversations relevant to your research and organize them in a dedicated section. This powerful feature helps you streamline and focus on critical information.

Intel Builder populated with 2 Conversations
Intel Builder populated with 2 Conversations

  1. Start with a Search
    • Use Explorer's Semantic Search to look for topics like "Healthcare Sensitive Data."
    • Apply filters, such as Date (Last 7 Days), to refine results.
  2. Select Conversations of Interest
    • Click the + next to a conversation to add it to your selection.
  3. Preview Your Intel
    • Click Build Custom Intel to review selected conversations.
    • Add more conversations through additional searches or remove them using the x.
  4. Create Your Intel
    • Click Create Custom Intel in the Build Custom Intel panel.
    • Name your Intel, and it will be automatically added to the Intel tab.
    • Processing takes a few minutes.

Your Intel will summarize all selected conversations, provide related discussions, and list relevant events, ensuring a structured and actionable view of cybercrime intelligence.

How Do I Save My Searches?

You can use Threat Flow's Saved Feeds feature to save different combinations of queries and filters for quick access. Read more about Saved Queries.