Conversation Explorer
Conversation Explorer is a powerful add-on feature to Threat Flow that enhances Dark Web browsing capabilities. It helps you explore cybercrime chatter with automated conversation summaries, transforming unstructured discussions into clear, structured insights for easier browsing and action.
For access to Conversation Explorer, contact your CSM.
The left-hand panel shows summarized conversations from your searches, distilling multiple cybercrime interactions. Threat Flow identifies targeted organizations, discussed products (if any), mentioned locations, and other metadata.

Whenever possible, using specific terms when performing semantic searches can significantly improve the resulting discussions and or relevance of the topics being discussed. The following are some common suggestions.
Finance: Use specific terms such as bank credentials, BIN numbers, cryptocurrencies, or institution names.
Ransomware: Include terms similar to ransomware group, ransomware activities, ransomware recruitment, or known threat actors such as LockBit or Cl0p
Critical Infrastructure: Use terms like energy sector, telecommunications, internet providers, military, government" and transportation
Avoid overly specific or "mixed-topic" queries for the most relevant results.
Some examples include phishing, VPN, brute force, reverse shell, orCVE-2024-XXX
Conversation Explorer allows you to go directly to the source and read the relevant threads of discussion. Just click the Threads tab on any conversation.
Explorer enables you to create Custom Intel within Threat Flow using the Custom Intel Builder, allowing you to select conversations relevant to your research and organize them in a dedicated section. This powerful feature helps you streamline and focus on critical information.

- Start with a Search
- Use Explorer's Semantic Search to look for topics like "Healthcare Sensitive Data."
- Apply filters, such as Date (Last 7 Days), to refine results.
- Select Conversations of Interest
- Click the + next to a conversation to add it to your selection.
- Preview Your Intel
- Click Build Custom Intel to review selected conversations.
- Add more conversations through additional searches or remove them using the x.
- Create Your Intel
- Click Create Custom Intel in the Build Custom Intel panel.
- Name your Intel, and it will be automatically added to the Intel tab.
- Processing takes a few minutes.
Your Intel will summarize all selected conversations, provide related discussions, and list relevant events, ensuring a structured and actionable view of cybercrime intelligence.
You can use Threat Flow's Saved Feeds feature to save different combinations of queries and filters for quick access. Read more about Saved Queries.