Search in Existing Data

8min

1Search in Existing data
At the top of the Events Page you'll find the search bar. 
This tool searches in Flare's ElasticSearch database. A search does not send requests to third-party services such as GitHub or Google to collect new data. To benefit from the full power of Flare, it is recommended to create identifiers, save them, and browse their results as described in Configuring Identifiers.
to search the criminal underground
to search for leaked credentials
to search for data related to existing Identifiers
In these examples, results can be displayed immediately since all the data is already collected and stored.
﻿
Using the double quote can be very useful when you are not sure about how we treat some special character. We recommend putting domains, keywords, etc., between double quote to ensure you get all the data we have.
﻿
Building Complex Queries
The search bar uses the Lucene Query Syntax, which supports, among other things, boolean operators and regexes.
Here are some more query examples:
Looking For
Search
The word "Bank" or the word "Fraud"
Bank Fraud
The word "Bank" and the word "Fraud"
Bank AND Fraud
The exact expression "Bank Fraud"
"Bank Fraud"
Any expression starting with "Bank of"
"Bank of *"
General bank fraud activity in Canada
(Canada Can) AND (bank logs)
The regex Ban[ck] +[1-9]
/Ban[ck] +[1-9]/
Searching in Specific Fields
It is possible to search for data present in specific data fields by specifying them in the search. More information is available about data fields here.
 Here are some query examples for common use cases. Any of these can be combined with additional filters using the AND keyword.
Looking For
Search
Subdomains of example.com
features.reversed_domains:com.example.*
The CVE 2018-15919
features.vulnerabilities:"CVE-2018-15919"
An IP address range
features.ip_addresses_cidr:"212.25.35.0/24"
Source code results that contain leaked secrets
is_secret_detection_rule_match:true
All commits from an email address
commit.committer_email:[email protected]
All commits from a domain
commit.committer_email:scatterholt.com
Hosts with a specific HTTP response
http_status:403
Searching with Regex
Regexes are intensive on the search engine and tend to timeout if they are used as-is without any other search terms.
We recommend searching in specific fields when using regexes as it lowers significantly the time required to run the search (e.g. features.domain:example.com AND /reg[ex]1/).
The search bar feature is only available to Intelligence license holders. If your license is Essentials, Leaks API or API , you will not be able to see it. Contact us for any questions about upgrades of usage!
Related Articles
Identifiers
﻿
Browse an Event Feed
﻿
Responding to Open Web Events
﻿
﻿

Looking For	Search
The word "Bank" or the word "Fraud"	Bank Fraud
The word "Bank" and the word "Fraud"	Bank AND Fraud
The exact expression "Bank Fraud"	"Bank Fraud"
Any expression starting with "Bank of"	"Bank of *"
General bank fraud activity in Canada	(Canada Can) AND (bank logs)
The regex Ban[ck] +[1-9]	/Ban[ck] +[1-9]/

Looking For	Search
Subdomains of example.com	features.reversed_domains:com.example.*
The CVE 2018-15919	features.vulnerabilities:"CVE-2018-15919"
An IP address range	features.ip_addresses_cidr:"212.25.35.0/24"
Source code results that contain leaked secrets	is_secret_detection_rule_match:true
All commits from an email address	commit.committer_email:[email protected]
All commits from a domain	commit.committer_email:scatterholt.com
Hosts with a specific HTTP response	http_status:403

Did this page help you?

Events

Advanced Search