|
| 1 | +--- |
| 2 | +title: Advanced Search |
| 3 | +description: Learn how to use advanced search features in CrowdSec's Cyber Threat Intelligence (CTI) platform. |
| 4 | +--- |
| 5 | + |
| 6 | +# Advanced Search |
| 7 | + |
| 8 | +The **Advanced Search Page** in **CrowdSec CTI** allows you to dynamically and precisely explore CrowdSec’s threat intelligence database. You will be able to refine your searches, analyze specific IPs, and discover detailed information using **Lucene queries**. |
| 9 | + |
| 10 | + |
| 11 | + |
| 12 | +> Example in the screenshot: [`classifications.classifications.name:"crowdsec:ai_vpn_proxy" AND (reputation:malicious OR reputation:suspicious)](<https://app.crowdsec.net/cti?q=classifications.classifications.name:%22crowdsec:ai_vpn_proxy%22+AND+(reputation:malicious+OR+reputation:suspicious)&page=1>) |
| 13 | +
|
| 14 | +## **Key Features** |
| 15 | + |
| 16 | +#### 1. Faceted Search |
| 17 | + |
| 18 | +On the left side of the page, you will find a **dynamic filter panel**. These filters adapt based on your search query. You will be able to: |
| 19 | + |
| 20 | +- Filter results by **reputation** (malicious, suspicious, safe, etc.). |
| 21 | +- Select specific **Autonomous Systems (AS)** to view IPs associated with particular providers or network operators. |
| 22 | +- Refine your results by **country** |
| 23 | +- And more metadata depending on your current search query (Behaviors, Classifications, etc.). |
| 24 | + |
| 25 | +#### 2. Results in Card Format |
| 26 | + |
| 27 | +The main section of the page displays results as individual cards. You will be able to see: |
| 28 | + |
| 29 | +- The **IP address**. |
| 30 | +- Its **status** (e.g., malicious, suspicious, safe). |
| 31 | +- Its **classifications** (e.g., brute force attacker, port scanner). |
| 32 | +- The **country** associated with the IP. |
| 33 | +- The last time the IP was **seen**. |
| 34 | +- Additional metadata to support your analysis. |
| 35 | + |
| 36 | +#### 3. Real-Time Updates |
| 37 | + |
| 38 | +As you adjust filters or modify your Lucene query, the results and facets dynamically update, providing a seamless and intuitive experience. |
| 39 | + |
| 40 | +--- |
| 41 | + |
| 42 | +## **How to Use the Advanced Search** |
| 43 | + |
| 44 | +1. **Perform a Lucene Query** |
| 45 | + Enter a query in the search bar on the home page (e.g., [`reputation:malicious AND location.country:"FR"`](https://app.crowdsec.net/cti?q=reputation:malicious+AND+location.country:%22FR%22&page=1)) and press Enter. |
| 46 | + You can find more information about Lucene queries [here](https://docs.crowdsec.net/u/cti_api/search_queries/). |
| 47 | + |
| 48 | +2. **Use Faceted Filters** |
| 49 | + Once on the Advanced Search Page, apply filters via the left-hand panel to refine your results. |
| 50 | + |
| 51 | +3. **Analyze Results** |
| 52 | + Click on a card to view detailed information about a specific IP. |
| 53 | + |
| 54 | +4. **Explore Future Features** |
| 55 | + Be prepared to use your queries to create custom blocklists in upcoming versions. |
| 56 | + |
| 57 | +--- |
| 58 | + |
| 59 | +This page enables you to leverage CrowdSec’s extensive database for tailored searches, offering real-time insights and control over your cybersecurity strategy. |
| 60 | + |
| 61 | +> Start exploring the Advanced Search Page [here](https://app.crowdsec.net/cti?q=reputation:malicious+AND+location.country:%22FR%22). |
0 commit comments