Search in Existing Data

search in existing data at the top of the events page you'll find the search bar this tool searches in flare's elasticsearch database a search does not send requests to third party services such as github or google to collect new data to benefit from the full power of flare, it is recommended to create identifiers , save them, and browse their results as described in configuring identifiers to search the criminal underground to search for leaked credentials to search for data related to existing identifiers in these examples, results can be displayed immediately since all the data is already collected and stored using the double quote can be very useful when you are not sure about how we treat some special character we recommend putting domains, keywords, etc , between double quote to ensure you get all the data we have building complex queries the search bar uses the lucene query syntax , which supports, among other things, boolean operators and regexes here are some more query examples looking for search the word "bank" or the word "fraud" bank fraud the word "bank" and the word "fraud" bank and fraud the exact expression "bank fraud" "bank fraud" any expression starting with "bank of" "bank of " general bank fraud activity in canada (canada can) and (bank logs) the regex ban\[ck] +\[1 9] /ban\[ck] +\[1 9]/ searching in specific fields it is possible to search for data present in specific data fields by specifying them in the search more information is available about data fields here here are some query examples for common use cases any of these can be combined with additional filters using the and keyword looking for search subdomains of example com features reversed domains\ com example the cve 2018 15919 features vulnerabilities "cve 2018 15919" an ip address range features ip addresses cidr "212 25 35 0/24" source code results that contain leaked secrets is secret detection rule match\ true all commits from an email address commit committer email\ patrick\@scatterholt com all commits from a domain commit committer email\ scatterholt com hosts with a specific http response http status 403 searching with regex regexes are intensive on the search engine and tend to timeout if they are used as is without any other search terms we recommend searching in specific fields when using regexes as it lowers significantly the time required to run the search (e g features domain\ example com and /reg\[ex]1/) regexes in flare support the elasticsearch regex syntax more information about that syntax is available here the search bar feature is only available to intelligence license holders if your license is essentials, leaks api or api , you will not be able to see it contact us for any questions about upgrades of usage! searching for special characters or words in non latin scripts to look for any non latin script you need to put each word between /\<your term>/ example if you search in russian for accesses that are sold by initial access brokers on the xss forum metadata source ”xss is” and /доступ / and /цена/ related articles