Advanced Search

Updated 2 weeks ago by Beatriz Datangel

TruSTAR's Advanced Search allows users to utilize operators like AND, OR, NOT and precedence as part of their match criteria. This capability is accessible through the Search bar in Station. You can learn more about our basic search capability here.

Supported Query Strings

With advanced search, you can find reports that contain the specific keywords. After logging into TruSTAR you will see the search bar at the top of the application. You can use Filter feature to apply enclave, date, tags and IOC type filters. 

We utilize Elasticsearch's Search Query String format. Check this Elasticsearch support article for more information.
To utilize advanced search, you must type /tsquery before the query string.

Click in the search box, type in /tsquery followed by the search query string for the desired search terms, and press enter. Results are separated by IOCs and Reports and you can see how many hits you got for each.

Supported Operators

Search For Reports that...

Search Type


Specify a specific word in the report title


/tsquery title:<keyword1>

Have keywords, using the AND operator


 /tsquery keyword1 + keyword2

Have keywords, using the OR operator


/tsquery keyword1 | keyword2

Exclude the specified keyword


/tsquery keyword1 +- keyword2

Have multiple keywords, using multiple operands and apply a precedence logic to the results


/tsquery keyword1 + ( keyword2 | keyword 3)

Specify a specific word in the report body


/tsquery body: <keyword1>

For more about filtering and sorting, see our Search support article.

How Did We Do?