|
| 1 | +--- |
| 2 | +sidebar_position: 11 |
| 3 | +--- |
| 4 | + |
| 5 | +# Search Documentation |
| 6 | + |
| 7 | +Here you can find the Extended Search Documentation! |
| 8 | + |
| 9 | +## Keywords |
| 10 | + |
| 11 | +| **Keyword** | **Description** | |
| 12 | +| -------------- | ----------------------------------------------------------- | |
| 13 | +| `FILENAME` | Name of the file, including extensions (e.g., `.exe`) | |
| 14 | +| `UID` | Unique identifier for a file or user | |
| 15 | +| `SHA256` | SHA-256 cryptographic hash of the file | |
| 16 | +| `MD5` | MD5 hash value of the file | |
| 17 | +| `SHA1` | SHA-1 hash value of the file | |
| 18 | +| `FILETYPE` | File type or format | |
| 19 | +| `SIGNER` | Entity that signed the file, if applicable | |
| 20 | +| `VERDICT` | Security verdict or analysis result | |
| 21 | +| `USER` | User linked to the file | |
| 22 | +| `PACKER` | Packer or compression method used | |
| 23 | +| `SSDEEP` | Fuzzy hash (ssdeep) for similarity detection | |
| 24 | +| `MAGIC` | File signature or magic number | |
| 25 | +| `TLSH` | Trend Micro Locality Sensitive Hash (TLSH) value | |
| 26 | +| `AUTHENTIHASH` | Authenticode hash for verifying file authenticity | |
| 27 | +| `TYPETAG` | Tag indicating file type or category | |
| 28 | +| `PASSWORD` | Password related to the file, if present | |
| 29 | +| `HASH` | General hash value of the file | |
| 30 | +| `PENDING` | Indicates files awaiting processing or analysis | |
| 31 | +| `QUEUED` | Files that are in the processing queue | |
| 32 | +| `ENCRYPTED` | Shows if the file is encrypted | |
| 33 | +| `SCORE` | Security score or risk rating | |
| 34 | +| `REPUTATION` | Reputation status or score of the file | |
| 35 | +| `VOTE` | User’s vote (`DOWNVOTE`, `NEUTRAL`, `UPVOTE`) | |
| 36 | +| `VOTELABEL` | Label assigned by user (`MALWARE`, `CLEAN`, etc.) | |
| 37 | +| `VOTEFAMILY` | Malware family specified by user (`Redline`, `DCRAT`, etc.) | |
| 38 | +| `COMMENT` | Search within user vote comments | |
| 39 | +| `TAG` | Tag from analysis or metadata | |
| 40 | +| `FAMILY` | Specific malware family name | |
| 41 | +| `CONTENT` | Search within extracted file content | |
| 42 | +| `VTSCORE` | VirusTotal detection score | |
| 43 | +| `FILESIZE` | File size in bytes | |
| 44 | + |
| 45 | +## Operators |
| 46 | + |
| 47 | +| **Operator** | **Description** | |
| 48 | +| ------------ | -------------------------------------------------------- | |
| 49 | +| `OR` | Returns results that match any of the specified criteria | |
| 50 | +| `AND` | Returns results that match all of the specified criteria | |
| 51 | +| `NOT` | Excludes results that match the specified criteria | |
| 52 | + |
| 53 | +## Examples |
| 54 | + |
| 55 | +Here are some example queries to help you get started: |
| 56 | + |
| 57 | +```sql |
| 58 | +filename:solara.exe AND score:100 |
| 59 | + |
| 60 | +family:lumma OR tag:stealer AND score:100 |
| 61 | + |
| 62 | +encrypted:true OR password:infected OR filetype:.zip |
| 63 | + |
| 64 | +filesize:10mb OR filesize:>10mb OR filesize:10mb-20mb |
| 65 | +``` |
| 66 | + |
| 67 | +You can combine keywords and operators to create powerful search queries. |
| 68 | + |
| 69 | +**Tip:** Use uppercase (`AND`, `OR`, `NOT`) for operators. |
| 70 | + |
| 71 | +## Specials |
| 72 | + |
| 73 | +### File Size Search |
| 74 | + |
| 75 | +You can filter files by their size using the `filesize` keyword. Supported formats include bytes (`b`), kilobytes (`kb`), megabytes (`mb`). Here are some examples: |
| 76 | + |
| 77 | +- Files exactly 10MB: |
| 78 | + `filesize:10mb` |
| 79 | +- Files larger than 10MB: |
| 80 | + `filesize:>10mb` |
| 81 | +- Files 10MB or larger: |
| 82 | + `filesize:>=10mb` |
| 83 | +- Files smaller than 10MB: |
| 84 | + `filesize:<10mb` |
| 85 | +- Files 10MB or smaller: |
| 86 | + `filesize:<=10mb` |
| 87 | +- Files between 10MB and 20MB: |
| 88 | + `filesize:10mb-20mb` |
| 89 | + |
| 90 | +You can use these filters in combination with other keywords and operators for advanced searches. |
0 commit comments