Work with Feed Scanner query results

New
  • Published on Apr 14, 2025
  • 2 minute(s) read

Results from scans run using either the Simple search or Advanced search appear in a collapsible Results table.

The default columns shown for all queries are:

  1. Indicator - A technical artifact or observable
  2. Indicator Type - The type of the observable (IP address, domain, URL)
  3. Feed - An online threat distributor that’s frequently updated
  4. Vendor - The name of the owner of the feed
  5. ASN - Numeric number assigned to the Autonomous System
  6. WHOIS Created Date - Date and time that the domain was registered with WHOIS
  7. SP Risk Score - Silent Push risk score associated with the indicator

Expanding on results and adding data to a query

Individual search results can be expanded upon from within the results table, providing additional data that can be added to the current query using an Operator:

  1. Execute a query and obtain a set of results
  2. Click Expand on the far right
  3. You'll now see a list of Field Names for the expanded result
  4. To add any of the expanded Field names to your current query, click any text that's colored blue and chose the relevant Operator
  5. The chosen Field name is added to the end of your query, which can be re-run with the new parameters

Including or excluding data from results

Results tables can be modified to only display certain data fields:

  1. Click the vertical line icon next to Total Results

Screenshot 2025-04-01 at 10.00.14.png

  1. Use the checkboxes to include or exclude certain Field name data
  2. Use a drag icon next to the name of the field to reorder your table column view
  3. click on the Save as default setting button to chosen columns and save their order

Copying the data

Outputted data can be utilised in a number of ways, using the buttons on the top left of the Results table:

Screenshot 2025-04-01 at 10.06.54.png

  1. Click Copy to copy all visible results to the clipboard, or use the checkboxes to copy selected results
  2. Click Select icon results and copy selection only

Viewing raw data

Screenshot 2025-04-01 at 10.07.02.png

  1. Click Basic Raw Data, in the table header, to view the raw data behind all results, and copy the data to the clipboard

Adding specific results to a feed

Feed Scanner results can be added to a feed or draft feed, or used to create a new feed.

  1. Click your chosen domain or IP from the results set
  2. Select `Save to'
  3. Select Existing or New

Adding bulk results to a feed

Bulk Feed Scanner results can be added to a feed or draft feed, or used to create a new feed.

  1. Select indicators clicking on the check boxes
  2. Select `Save to'
  3. Select Existing or New