Advanced Search

Updated 2 months ago by Beatriz Datangel

TruSTAR's Advanced Search allows users to utilize operators like AND, OR, NOT and precedence as part of their match criteria. This capability is accessible through the Search bar in Station. You can learn more about our basic search capability here.

Supported Query Strings

With advanced search, you can find reports that contain the specific keywords. After logging into TruSTAR you will see the search bar at the top of the application. You can use Filter feature to apply enclave, date, tags and IOC type filters. 

We utilize Elasticsearch's Search Query String format. Check this Elasticsearch support article for more information.
To utilize advanced search, you must type /tsquery before the query string.

Click in the search box, type in /tsquery followed by the search query string for the desired search terms, and press enter. Results are separated by IOCs and Reports and you can see how many hits you got for each.

Supported Operators

Search For Reports that...

Search Type

Syntax

Specify a specific word in the report title

title-search

/tsquery title:<keyword1>

Have keywords, using the AND operator

and-search

 /tsquery keyword1 + keyword2

Have keywords, using the OR operator

or-search

/tsquery keyword1 | keyword2

Exclude the specified keyword

not-search

/tsquery keyword1 +- keyword2

Have multiple keywords, using multiple operands and apply a precedence logic to the results

precedence-search

  /tsquery keyword1 + ( keyword2 | keyword 3)

For more about filtering and sorting, see our Search support article.


How Did We Do?