Advanced Search

Updated 3 weeks ago by Beatriz Datangel

TruSTAR's Advanced Search allows users to utilize operators like AND, OR, NOT and precedence as part of their match criteria. This capability is accessible through the existing Search bar in Station. You can learn more about our basic search capability here.

Supported Query Strings

With advanced search you can find Reports that contain the specific keywords you're investigating. After logging into TruSTAR you will see the search bar at the top of the application. You can use Filter feature to apply enclave, date, tags and IOC type filters. 

We utilize Elasticsearch's Search Query String format. Please see Elasticsearch support article for more information.
To utilize advanced search you have to type /tsquery before the query string.

Click in the search box, type in /tsquery followed by the search query string for the desired search terms, and press enter. Results are separated by IOCs and Reports and you can see how many hits you got for each.

Supported Operators

Search Intention

Search Type

Syntax

I want to search for reports that have a specific word only in the title of the report

title-search

/tsquery title:<keyword1>

I want to search for reports using the AND operator

and-search

 /tsquery keyword1 + keyword2

I want to search for reports using the OR operator

or-search

/tsquery keyword1 | keyword2

I want to search for reports that exclude the specified keyword

not-search

/tsquery keyword1 +- keyword2

I want to search for reports using multiple operands and apply a precedence logic to the results

precedence-search

  /tsquery keyword1 + ( keyword2 | keyword 3)

For more about filtering and sorting, please see our Search support article.


How Did We Do?