CORE FEATURES
Events
Search in Existing Data
9 min
search bar the search bar at the top of the https //app flare io/#/events allows searching in flare's database a search does not send requests to third party services such as github or google to collect new data to benefit from the full power of flare and actively monitor for threats on an ongoing basis, it is recommended to create identifiers, save them, and browse their results as described in docid\ dgkccvrbcbeyxleadwamu the tenant feed section will search within events collected that match your identifiers’ parameters the global search section (available depending on your subscription level) allows searching in all of flare’s database available filters a search is composed of a search query in the input field, as well as multiple filters to control the scope of the search show determines whether new, remediated, and ignored results are displayed or not severity determines which event severity levels are displayed date determines the date range of displayed results categories determines which source categories will be searched tags filters displayed results according to the tags that have been applied on events attributes filters displayed results whether they have notes or a modified severity score building advanced queries for more precise results, you can leverage advanced queries to target specific fields and attributes the search bar accepts the https //lucene apache org/core/2 9 4/queryparsersyntax html , which allows to leverage boolean operators and https //www elastic co/guide/en/elasticsearch/reference/current/regexp syntax html as you interact with the search bar, a search query assistant will appear to suggest fields that can be used to access flare’s data models as you type, suggestions among fields, terms, and operators will be highlighted to match your input you can use the keyboard or your mouse pointer to select the suggested items and apply them to your search query syntax and boolean logic here are some more query examples looking for search the word "bank" or the word "fraud" bank fraud the word "bank" and the word "fraud" bank and fraud the exact expression "bank fraud" "bank fraud" any expression starting with "bank of" "bank of " general bank fraud activity in canada (canada can) and (bank logs) the regex ban\[ck] +\[1 9] /ban\[ck] +\[1 9]/ searching in specific fields it is possible to search for data present in specific data fields by specifying them in the search more information is available about data fields https //docs flare io/data fields here are some query examples for common situations any of these can be combined with additional filters using the and keyword looking for search subdomains of example com features reversed domains\ com example the cve 2018 15919 features vulnerabilities "cve 2018 15919" an ip address range features ip addresses cidr "212 25 35 0/24" source code results that contain leaked secrets contains secrets\ true all commits from an email address commit committer email\ patrick\@scatterholt com all commits from a domain commit committer email\ scatterholt com hosts with a specific http response http status 403 searching with regex regexes are intensive on the search engine and tend to timeout if they are used as is without any other search terms we recommend searching in specific fields when using regexes as it lowers significantly the time required to run the search (e g features domain\ example com and /reg\[ex]1/) regexes in flare support the elasticsearch regex syntax more information about that syntax is available https //www elastic co/guide/en/elasticsearch/reference/current/regexp syntax html searching for special characters or words in non latin scripts to look for any non latin script you need to put each word between /\<your term>/ example if you search in russian for accesses that are sold by initial access brokers on the xss forum metadata source ”xss is” and /доступ / and /цена/ related articles