With years of experience in the cybersecurity market, Axur has extensive knowledge of tools for scanning the surface web. Now, with the inclusion of the SERP source in search engine bots, you are in complete control.
The SERP (Search Engine Results Page) tool allows users to create intelligent collections by searching on sites known by Axur as malicious and act quickly to identify fraud, phishing, and leaks.
How to create a SERP bot
First, on the Search Engine Bots page, click on Add Bot:
Next, look for SERP in our list of sources.
Our team of experts, with decades of technical expertise in examining the internet, has created over 60 ready-made templates for you to start exploring various types of frauds and leaks. Each template has its specific search criteria based on the type of detection you are configuring.
By using templates, you gain more speed and efficiency. The collections generated by the templates have been meticulously examined by our experts to ensure precision. However, if you prefer, you can edit the options (more details below) or create a SERP bot from scratch.
This is also a quick and easy way to set up a bot with more controls. During the creation, you will be guided through these steps:
Which source will this bot scan?
Here, you select where the bots should monitor. In this case, we want to configure SERP bots - once again, we need to select this source from our list.
What threat type will this bot find?
At this step, you choose the threat type our bot will be searching for. In SERP, we have seven possibilities. Remember to properly associate what you are searching for with the threat type you are willing to scan. For instance, we are not going to be able to reach fake social media profiles looking at leaked documents repositories or counterfeit products on app download websites.
What asset is this bot working for?
Here you select to what asset the detected events will be created as tickets in the Platform. That does not mean the name or the information in the asset will be detected, since you have the power to search for anything in the next field. Besides, SERP scans all the Surface Web (not specific sites or directories) and that is powerful!
What to search for?
Where all the technology happens: you can select your asset libraries (groups of information such as brand name and variations, web domains, and other asset information), keyword libraries (created/edited on your page — learn more about libraries by clicking here), or even enter anything in plain text. Yes, anything. In SERP, we also allow users to configure operators that direct the search to be even more precise.
Below, check out this example in which we direct the collection to identify users or channels on YouTube:
Intitle is applied: In the HTML title, we will be searching for the brand name and variations — in quotes to prevent compound names from not being grouped.
Using AND we condition that in the HTML it should also search for a suggested keyword library for fraud on YouTube. It is important to note that your keywords should be up-to-date. The accuracy of searches also depends on the effort to feed and edit them with important terms.
We added parentheses () because the search will be grouped, i.e., we will be searching for the brand name AND the terms.
To specifically search on the site www.youtube.com, we use the operator site.
Inurl: To ensure that we are scanning channels and users, it will still be restricted that in the URL, we will only search for what is a channel OR user.
In the search, specify:
SERP also allows you to direct the search by country and language to prevent irrelevant threats from reaching our inspections. This configuration is mandatory.
Before creating a ticket, filter by:
Use these conditions to further specify what should be detected after the search results (called signals). Only signals that pass through the filter rules you configured will become tickets in your workspaces. We strongly recommend using this to prevent comprehensive collections from generating many false positives.
In this case, we will filter to ensure that the page content (i.e., the inspected HTML) exactly contains the brand name.
Generated collections
where you check all possible combinations for your search. This field is not editable, but if you add more asset libraries or keywords, more collections will be generated. If you remove them, fewer collections will be generated.
Bot Title
Where you create a name that helps identify the origin of detections. You have complete freedom to create a name that best suits your organization, or you can leave it blank. Our templates already come with suggested names.
This is the final view of your bot. When ready, click on Save bot.
Frequently asked questions
How to prevent my bot from generating a great number of tickets?
That might happen given the power you have with Search bots. Check out some best practices to avoid surprises in detection.
Check the number of generated collections.
Check the pattern of generated collections (is there any collection using a word that is too broad? You might reconsider it.) It is important to always update your libraries so that the terms are as accurate as possible.
Use double quotation marks on keywords whenever it is possible to be applied (you may view the Operators modal if you have any doubts about their usage).
Use filters to narrow the search by creating a bot.
And what if that generates a great number of tickets even though?
With big power comes great responsibility. If you already have a great number of tickets opened, remind yourself you can perform actions in batches on the ticket lists and predict those operations using Automations.
If you have any questions, feel free to reach out at [email protected] 😊