- Full-text search conditions
- Search by data type
- The number of shown results
- General search parameters
- Additional search parameters
Full-text search conditions
The program can perform full-text search with various search conditions: search of documents that have all specified words in the query, a specific word or phrase or any of specified words entered. Also, excluding the documents that contain certain words from the search is possible.
These conditions are applied if the field with the corresponding condition is filled with a word or phrase for the search request. For example, to search the document that contains the exact phrase, you should enter this phrase in the this exact wording or phrase field.
- Find documents with all words from the query
- Find documents with the exact word or phrase
- Find documents with any words from the query
- Find documents with absence of words from the query
- Find documents of a specific user
- Find documents by date of data interception
Search by data type
To specify the search context, select one or several types of data which should be searched (search within email data, instant messengers, visited webpages, transferred files) by selecting the check boxes related to the data sources in the Search in section.
- For email: search for emails transferred via POP3, SMTP, IMAP, MAPI protocols (these options include mail sent and received by using email client applications and captured by using centralized interception or by agents at endpoints), other mail (this option includes mail captured by the SecureTower Mail Processing Server by integration with corporate mail servers), or search for email attachments;
- For messengers: search for correspondence via ICQ (OSCAR protocol), Skype,Telegram, SIP, XMPP (Jabber), Viber, Mail.Ru Agent, Yahoo, Microsoft Lync, WhatsApp, Hangouts, Slack, web messengers or social network chats or search for files transmitted over messengers;
- For Web (HTTP): search for visited webpages, search queries, sent requests (this option includes web mail, posts in blogs, web forms filled, etc.), webcommunications (web-mail, blog posts, forum posts, social network posts and comments), net activity via web browsers or search for files downloaded or uploaded via HTTP;
- For other information types: search for files transferred over FTP protocol, copied to external devices, cloud storage or network shares, printed on local/network printers, user desktop screenshots, as well as desktop activity and devices usage statistics, keylogger data and clipboard content, and matches with files from files hashes bank detection (Workstation indexer).
The number of shown results
By default, the program provides 500 most relevant search results.
In order to set another limit for the number of search results provided by the program select the desired value from one of the available options in the Results limit list.
General search parameters
- Time of data interception
- Document size (in KB)
- Client IP address
- Server port
Additional search parameters
- Files and processes
- Search by the sender address;
- Search by the recipient address;
- Search by subject;
- Search by other header data;
- Find mail with attachments;
- Find mail without attachments;
- Find mail with specific file names in the attachment.
In order to set additional parameters for searches within messengers intercepted data go to Messengers area of Information search tab and follow the recommendations listed below.
- Search by sender account;
- Search by receiver account;
- Find text conversations only;
- Find voice conversations only;
- Find conversations with a certain number of messages.
In order to set additional parameters for searches within intercepted web-traffic go to Web area of Information search tab and follow the recommendations listed below.
- Find websites recognized by templates;
- Find web mail communications;
- Find social networks publications.
Files and processes
In order to set additional search parameters for files and processes searches go to Files and processes area of Information search tab and follow the recommendations listed below.
- Search by file name;
- Search by received files;
- Search by sent files;
- Search by process name;
- Search by activity type.