Silent Push's Web Search (via Web Search and Live Scan) enables precise control over query time frames, allowing users to focus on recent threats or historical trends. This article details supported date/time formats, parameters, and best practices for efficient investigations.
Time filtering in Web Scanner queries uses SPQL syntax in the Command Line interface or UI Constructor. Filters apply to data sources, such as clearnet/Dark Web scans, ensuring results align with your timeframe (e.g., the Last 24 hours for emerging risks).
Supported Date/Time Formats and Operators
SPQL supports flexible temporal operators for granularity:
Operators:
since: – Results from this date onward (inclusive).until: – Results up to this date (exclusive).last_24_hours– Pre-built for immediate recency.within_time:Xd– Relative (e.g., 7d for past week).
Formats:
YYYY-MM-DD (e.g., since:`2025-09-01` for September 1, 2025 onward).
YYYY-MM-DDTHH:MM:SS (ISO 8601, e.g., until:2025-09-29T12:00:00 for noon today).
Relative: Xd/Y/M/H (days/years/months/hours, e.g., since:30d).
UTC Default: All times in UTC; no timezone offsets supported yet.
Combine with fields like last_seen or date_added for source-specific filtering.
Examples
Basic Recent Scan:
domain:example.com since:2025-09-22– Web content from the past week.Precise Window:
favicon_hash:abc123 until:2025-09-29T00:00:00 since:2025-09-01T00:00:00– Impersonation checks in September.Live Scan Relative: In UI, toggle “Last 24 hours” for real-time URL analysis.
API Query:
GET /webscan?query="ip:192.0.2.1 within_time:1d"– IPs active today.
Tips
Performance: Narrow frames (e.g., 7d) speed up large scans; broad ones (e.g., all-time) may queue.
Live Scan Limitation: Real-time only; no historical filters; use Web Search for archives.
Validation: Test in Constructor mode for syntax errors.