urlscan Pro
/
Saved Searches
Last updated

Saved Searches

Saved Searches are a powerful tool for bookmarking interesting search queries and sharing them with the rest of the team. Together with Subscriptions, Saved Searches can be used to trigger notifications and set up automatic monitoring via the urlscan Observe module.

Saved Searches are executed inline against new scans, hostnames, and domains entering our feeds. Whenever urlscan performs a new scan or finds a new domain, it is executed against various types of stored rules in two passes:

  • During the first pass, urlscan applies its own block-and-delete rules, its brand-and-phishing detections, and its new System Labels (see next paragraph).
  • During the second pass, we execute the thousands of Saved Searches by our customers. Matching searches are recorded in a special meta field in our search index. Customers can then query this meta field with the ID of the search (or subscription) they want to retrieve new results for.

Saved Searches - Inline Matching New inline matching pipeline

As part of a saved search, customers can also apply their own custom tags to matching items. These tags can be arbitrary, and customers can control the visibility of these tags within the urlscan Pro platform. User-supplied tags will appear in the usertags fields in Search API and Result API responses.

Executing and matching rules inline has a couple of interesting implications:

  • Customers can query for all items that match multiple specific searches, or that match one search but don’t match another one.
  • Customers can query for all items that match any search within a specific subscription with a single query term, or any of their searches period.
  • When looking at search results, customers can determine whether any particular result matched any of their saved searches.
  • Customers can use labels from the first matching pass in their saved Searches, e.g., to filter by system labels or brand detections.
  • Customers can share results of their saved searches with other users on the urlscan Pro platform without exposing their actual search terms.
  • Complex queries could easily take multiple seconds to execute. With inline matching, the expensive matching step is done during ingestion and the customer can run a very efficient keyword query to retrieve all results.
  • Visual searches can also be run inline, making them much more efficient and instant. Inline visual searches will be more accurate than using the Visual Search API which relies on approximate nearest-neighbor searches.

Screenshot

Saved Searches UI

Previous page
Next page