This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
MarcEsc
Explorer
Monday

Saved Query Optimization

Hi!

We have a saved query for a client for their application. The goal is to generate alerts for the client regarding their application for any mentions/attacks on the deep+dark+surface. The question is, how can we optimize the search so that there should be less noise, currently it generates a lot of false positives.

Thank you!

Labels
0 Kudos
1 Reply
NoaPeleg
Employee
Employee
yesterday

Hi Marc, thank you for your inquiry.

There are various parameters you can apply to reduce false positives and noise for most queries:

1. Ensure your query includes a textual string, where any 2 words or more are preceded by a + (plus) and are inside quotation marks. For example, if the app name is Fantastic Mobile, you should type +"Fantastic Mobile" in the free text field, otherwise you'll get all results for "Fantastic", "Mobile", and their combination, leading to a lot of false positives. To reduce further, you can use different operators to combine with other search terms such as "attack". Click the [i] next to the search field to view a list of available operators.

2. Filter by Source Category, and select the categories that best fit your query, such as App Store, Forum etc.

3. Filter by Source, if you'd like to limit the search to specific stores, forums etc. For example, type "apk" under Source to view suggested stores. Note: this can considerably limit results.

4. Filter by Assets: if the app is a configured asset, search for it. For example, if the asset is an apk name with format com.brand.appname, e.g., com.azure.authenticator, start typing "com." under Assets, and if it's configured, it displays. Select it. If it's not configured, type it in the search field instead in this format +"com.azure.authenticator"

5. Limit the timeframe under Created or Published if you'd only like to see items from the Last Week, Last Month etc. 

If this still doesn't reduce false positives and you need further assistance with your query, kindly open a ticket with Check Point Support and select the Threat Intelligence Request to consult an ERM expert. In some cases the service might consume coins, and you will be advised accordingly.

Hope this helps. 

Noa Peleg
Knowledge & Enablement Lead

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events