NOT from_name: your-organization-domain.This topic is for advanced users who use command-line queries in the Query Builder, macros, widget scripts, or in API usage. Then, this query will pull all messages that are NOT sent from your domain: ![]() Replace with your organization's domain. Tags: "threat" AND (subject: "urgent" OR "immediately") This query will pull all messages tagged as a threat with "urgent" or "immediately" in the subject line: Below are example query strings you may customize and run in your PhishER inbox. Query strings will vary depending on the intended goal of your search. Then, type your query string in the Search. To run a query in PhishER, navigate to PhishER > Inbox. Use this field to filter queries by the first and last name of a user that initiated a PhishRIP. Use this field to filter messages by the date the query was created. Use this field to search for an individual PhishRIP query. Note: You can view the message in the PhishER inbox by going to the following URL: Use this field to filter queries by the PhishER message used to initiate PhishRIP. Use this field to filter messages by URLs found in the message. Use this field to filter messages by the email address the message was originally sent to. Use this field to filter messages by the tags attached to it. Use this field to filter messages by the subject line of the message. See reported_at for the acceptable date format. Use this field to filter messages by the date it was sent to the reporter. Use this field to filter messages by the name of the reporter. Use this field to filter messages by the email address of the reporter. Use this field name to search for messages reported on a specific date. Use this field to filter messages by the hostname(s) tied to the message. Use this field to filter messages by an email address that was copied on the original message.Ĭc: this field to filter messages by the sender name tied to the original message. Use this field to filter messages by file name or extension type. The field referred to in your string must match a field acknowledged in the database you are running a query against.īelow is a table of all the fields you may reference when filtering your PhishER inbox or PhishRIP queries. Below is an example of how a Lucene query string is constructed:įield_name: "This is the phrase I want to search for!" AND "This" To create a query, you can use the field, term, and operator/modifier to form a string. Note: This is a condensed list of operators and modifiers. Wildcard that is a placeholder for a single character. This wildcard cannot be used as a placeholder for the first character of a string. ![]() Wildcard that is a placeholder for multiple characters. NOT can also be represented using the ( - ) symbol. Operators/Modifiers A symbol or keyword used to denote a logical operation.Īt least one input parameter returns TRUE.A term does not have to be enclosed in quotation marks. You can search for Single Terms ("Hello") and Phrases ("Hello world"). Terms Items you would like to search for in a database.If a field is referenced in a query string, a colon ( : ) must follow the field name. Field The ID or name of a specific container of information in a database.A query written in Lucene can be broken down into three parts: Lucene is a query language that can be used to filter messages in your PhishER inbox.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |