MicroCTI

Welcome to the microblog cyber threat intelligence search engine. Just use the search and follow links.

FAQ

Q: How does this work?

A: This service periodically ingests data from a few selected microblogging platforms through official APIs or services. On the background, it filters for posts only regarding cybersecurity and tries to remove anything else. When you use the search, only a snippet of the post is shown and you are more than encouranged to visit the original source yourself.

Q: How do I use the search?

A: Enter your search query to the input box, just as with classical search engine.

Q: Is there advanced search?

A: Yes! Try e.g. !strict !from:2024-12-24 !min_score:85 !count:2 (vulnerability AND source:mastodon) OR ("vuln exploit" AND user:username123)

Q: Are there any integrations?

A: Yes! You can access the results as RSS feed by replacing /search/ with /rss/ in the URL. For example, /rss/?q=ransomware will give you an RSS feed of the latest posts regarding ransomware.

Q: What if my query is very large or slow?

A: Use the /search/dynamic/ endpoint for dynamic search mode. This loads results incrementally and is suitable for large or slow queries. For example, /search/dynamic/?q=ransomware.

Q: Can I get results in JSON for programmatic use?

A: Yes! Use the /api/search endpoint to get search results in JSON format. For example, /api/search?q=ransomware.

Q: Can I ingest IoCs?

A: Yes! The system automatically parses indicators of compromise (IoCs) from posts. You can export them in multiple formats by replacing /search/ with /ioc/ in the URL:

JSON format: Replace /search/ with /ioc/json/. For example, /ioc/json/?q=ransomware.
CSV format: Replace /search/ with /ioc/csv/. For example, /ioc/csv/?q=ransomware.
MISP feed: Replace /search/ with /ioc/misp/. For example, /ioc/misp/?q=ransomware.

Q: How much does this cost?

A: You? Enjoy the free threat intelligence. Me? Right now, a few bucks per month.

Q: Can you add/remove my posts?

A: Sure! Just write me a mail/ping me at [email protected].

Q: Is there a source code available?

A: Yes! All source code is available at GitHub.

Available commands for advanced search mode

Command	Param	Description
!strict	-	Strict search. Only exact matches are returned (e.g. from quotation).
!from:YYYY-MM-DD	YYYY-MM-DD	Only return posts since this date inclusive.
!to:YYYY-MM-DD	YYYY-MM-DD	Only return posts until this date inclusive.
!min_score:0-100	0-100	Only return posts with a score higher or equal than this.
!debug	-	Enables debug mode.
!distinct[:0-100]	0–100 (optional)	Filters similar posts based on the specified threshold.
!distinct_age:number_of_days	Any positive integer	Applies an additional penalty to older posts during distinct filtering.
!count:1-100	1–100	Limits the maximum number of returned posts.
!age:number_of_days	Any positive integer	Retrieves posts from the last specified number of days.
a AND b	-	Use AND to combine multiple words.
a OR b	-	Use OR to include at least one of the words.
( parentheses )	-	Group search terms within parentheses for precedence.
+word	-	Require a word to appear in results.
-word	-	Exclude a word from results.
"quotation"	-	Search for an exact phrase.