This guide is designed to help you get maximum value from the platform in your day-to-day work, whether you're rapidly validating suspicious indicators, hunting emerging threats with Indicators of Future Attack (IOFA), setting up long-term monitoring with alerts, or automating enrichment and response workflows. Built around the core actions you already see on screen, the sections below focus on practical "how-to" steps to help you move quickly and confidently from initial suspicion to an informed defense, leveraging Silent Push's proprietary datasets, real-time scans, curated TLP Amber reporting, and seamless integrations.
1. Top Search Bar – Your Everyday Starting Point
Use this large input field every time you have any indicator to investigate:
Domain, IP (IPv4/IPv6), URL, ASN, HTML title fragment, certificate hash, etc.
Type or paste, then click Search
Choose an option from the dropdown, or click Enter (which automatically takes you to Total View).
What happens next:
Shows connected infrastructure, passive DNS history, certificates, WHOIS changes, enrichment, and early attacker signals
Many results include a Monitor / Track changes option to set alerts for new linked assets, content changes, or registrations
Tip
Even when heading to one of the cards below, do a quick top-bar search first — it often reveals useful pivots and context instantly.
2. Getting Started With Reconnaissance
Create a Query
Click Start an Investigation when you want structured, deep hunting.
Build queries across domains, IPs, patterns, observables
Reveals linked infrastructure, enrichment (DNS, certs, hosting), behavioral clusters
Use for actor tracking, campaign mapping, or cluster analysis
Live Scan
Click Scan a Live URL (or IP) for instant real-time inspection.
Perfect for freshly seen phishing pages, C2 domains, and suspicious landing sites
Returns current page content, headers, TLS cert details, and immediate threat flags
Monitored Queries
Click View Monitors to manage ongoing surveillance.
Create from any search result or query
Get alerted on new findings: new IPs/domains, content changes, reg updates, etc.
Ideal for brand protection, actor infrastructure tracking, campaign evolution
3. Defend With Intelligence
Threat Check
Click Check an Indicator to quickly validate any domain/IP/URL.
Runs against all Silent Push threat feeds
Shows known malice, emerging signals, related IOCs/campaigns
Use before blocking, alerting, or reporting from logs/email/SIEM
View Latest IOFA
Click View IOFA to see Indicators of Future Attack.
Highlights pre-weaponized infrastructure (domains/IPs/URLs attackers prepare before use)
Block or monitor likely future phishing, C2, malware staging assets
One of the strongest proactive features on the platform
TLP Amber Reports
Click View Reports for finished, high-confidence intelligence.
TLP AMBER-classified reports (shareable inside your org/clients)
Covers campaigns, actor TTPs, infrastructure queries, IOC lists (Latrodectus, Panda Shop, Scattered Spider/Lapsus Hunters, GOBRAT, Keitaro C2, bulletproof hosting, etc.)
Use to tune detections, write rules, and brief leadership
4. Automate – Stop Doing Manual Work
Click into Start Connecting to set up integrations.
Typical uses:
Auto-enrich SIEM/XDR/SOAR alerts with reputation, history, and IOFA data
Trigger playbooks on new malicious findings
Feed threat-check / IOFA results into tickets, blocks, or notifications
Quick Reference
Suspicious indicator in log/email/SIEM → paste into top search bar
Need an instant live check? → Live Scan
Want to watch it long-term? → Create Monitored Query
Should I block this now? → Threat Check
Hunt tomorrow’s threats today → Latest IOFA + TLP Amber Reports
Too much manual repetition? → Set up Automate integrations