![]() ![]() Then, this query will pull all messages that are NOT sent from your domain: Replace with your organization's domain. Tags: "threat" AND (subject: "urgent" OR "immediately") This query will pull all messages tagged as a threat with "urgent" or "immediately" in the subject line: ![]() Below are example query strings you may customize and run in your PhishER inbox. Query strings will vary depending on the intended goal of your search. ![]() Then, type your query string in the Search. To run a query in PhishER, navigate to PhishER > Inbox. Use this field to filter queries by the first and last name of a user that initiated a PhishRIP. Use this field to filter messages by the date the query was created. Use this field to search for an individual PhishRIP query. Note: You can view the message in the PhishER inbox by going to the following URL: Use this field to filter queries by the PhishER message used to initiate PhishRIP. Use this field to filter messages by URLs found in the message. Use this field to filter messages by the email address the message was originally sent to. Use this field to filter messages by the tags attached to it. Use this field to filter messages by the subject line of the message. See reported_at for the acceptable date format. Use this field to filter messages by the date it was sent to the reporter. Use this field to filter messages by the name of the reporter. Use this field to filter messages by the email address of the reporter. Use this field name to search for messages reported on a specific date. Use this field to filter messages by the hostname(s) tied to the message. Use this field to filter messages by an email address that was copied on the original message.Ĭc: this field to filter messages by the sender name tied to the original message. Use this field to filter messages by file name or extension type. The field referred to in your string must match a field acknowledged in the database you are running a query against.īelow is a table of all the fields you may reference when filtering your PhishER inbox or PhishRIP queries. Below is an example of how a Lucene query string is constructed:įield_name: "This is the phrase I want to search for!" AND "This" To create a query, you can use the field, term, and operator/modifier to form a string. Note: This is a condensed list of operators and modifiers. ![]() Wildcard that is a placeholder for a single character. This wildcard cannot be used as a placeholder for the first character of a string. Wildcard that is a placeholder for multiple characters. NOT can also be represented using the ( - ) symbol.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |