Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    Home FortiRecon 25.1.a User Guide
    25.1.a
    25.1.a
    25.1.0
    24.4.b
    24.4.a
    24.4.0
    24.3.a
    24.3.0
    24.2.b
    24.2.a
    24.2.0
    24.1.b
    24.1.a
    24.1.0
    23.4.a
    23.4.0
    23.3.a
    23.3.0
    23.2.b
    23.2.a
    23.2.0
    23.1.b
    23.1.a
    23.1.0
    22.4.a
    22.4.0
    22.3.0
    22.2.0

    Search Results

    Search Results

    Once you run either a system or a custom search query, the filtered results are displayed. The default display period for the results is 1 year. There are two sections available for viewing search results.

    To modify the result period, click date drop-down menu and choose the desired time period.

    Overview

    The overview section provides the cumulative count of the following fields discovered in the search.

    • Cyber-Crime Forums Posts

    • Ransomware Posts

    • Telegram Messages

    • Leaked Documents

    • Cyber-Crime Forums Posts Old

    • Paste Site Posts

    • Defacement Websites

    • OSINT- Cyber Stores

    The overview section also includes the following chart widgets:

    • Top Cyber-Crime Forums: Displays the top 5 forums from Darknet posts.

    • Top Threat Actors: Displays the top 5 threat actors contributing to Darknet posts.

    • Top Ransomware Groups: Displays the top 5 groups from Ransomware posts.

    • Telegram Users: Displays the top 10 users with Telegram posts.

    • Telegram Channels: Displays the top 10 channels with Telegram posts.

    Detailed Results

    The detailed results section displays the detailed information of the discovered search results. The following data is displayed for each source. Use Sort by dropdown to sort data based on Collection Date, Posted Date, or Updated Date.

    Intelligence Source Fields Displayed
    Cyber-Crime Forum Posts

    • Collection Date

    • Posted Date

    • Forum Name

    • Actor Name

    • Posts Title

    • Post Content

    Click View Full Text or Entity type to view the full content. The extracted entities if any including domain, URL, CVE, email, or IP are displayed in the full content window.

    Ransomware Posts

    • Posted Date

      Updated Date

    • Ransomware

    • Name

    • Title

    • Victim Company

    • Victim Country

    • Victim Sector

    • Posts Content

    Click View Full Text or Entity type to view the full content. The extracted entities if any including domain, URL, CVE, email, or IP are displayed in the full content window.

    Telegram Messages

    • Collection Date

    • Posted Date

    • Username

    • Channel

    • Message

    Leaked Documents

    • Collection Date

    • Posted Date

    • Leak Name

    • File Name

    • File Data

    Click View Full Text to view the full content.
    Cyber-Crime Forum Posts Old

    • Collection Date

    • Posted Date

    • Forum

    • Name

    • Actor Name

    • Posts Title

    • Posts Content

    Click View Full Text or Entity type to view the full content. The extracted entities if any including domain, URL, CVE, email, or IP are displayed in the full content window.

    Paste Site Posts

    • Collection Date

    • Posted Date

    • Author Name

    • Title

    • Content

    Click View Full Text to view the full content. Click link icon to view the site posts in detail.
    Defaced Websites

    • Collection Date

    • Posted Date

    • Source

    • Notifier

    • Domain

    Click link icon to view the website.

    OSINT - Cyber Stories

    • Collection Date

    • Posted Date

    • Title

    • Content

    Click View Full Text or Entity type to view the full content. The extracted entities if any including domain, URL, CVE, email, or IP are displayed in the full content window.

    Click link icon to read the full article.

    Previous
    Next

    Search Results

    Search Results

    Once you run either a system or a custom search query, the filtered results are displayed. The default display period for the results is 1 year. There are two sections available for viewing search results.

    To modify the result period, click date drop-down menu and choose the desired time period.

    Overview

    The overview section provides the cumulative count of the following fields discovered in the search.

    • Cyber-Crime Forums Posts

    • Ransomware Posts

    • Telegram Messages

    • Leaked Documents

    • Cyber-Crime Forums Posts Old

    • Paste Site Posts

    • Defacement Websites

    • OSINT- Cyber Stores

    The overview section also includes the following chart widgets:

    • Top Cyber-Crime Forums: Displays the top 5 forums from Darknet posts.

    • Top Threat Actors: Displays the top 5 threat actors contributing to Darknet posts.

    • Top Ransomware Groups: Displays the top 5 groups from Ransomware posts.

    • Telegram Users: Displays the top 10 users with Telegram posts.

    • Telegram Channels: Displays the top 10 channels with Telegram posts.

    Detailed Results

    The detailed results section displays the detailed information of the discovered search results. The following data is displayed for each source. Use Sort by dropdown to sort data based on Collection Date, Posted Date, or Updated Date.

    Intelligence Source Fields Displayed
    Cyber-Crime Forum Posts

    • Collection Date

    • Posted Date

    • Forum Name

    • Actor Name

    • Posts Title

    • Post Content

    Click View Full Text or Entity type to view the full content. The extracted entities if any including domain, URL, CVE, email, or IP are displayed in the full content window.

    Ransomware Posts

    • Posted Date

      Updated Date

    • Ransomware

    • Name

    • Title

    • Victim Company

    • Victim Country

    • Victim Sector

    • Posts Content

    Click View Full Text or Entity type to view the full content. The extracted entities if any including domain, URL, CVE, email, or IP are displayed in the full content window.

    Telegram Messages

    • Collection Date

    • Posted Date

    • Username

    • Channel

    • Message

    Leaked Documents

    • Collection Date

    • Posted Date

    • Leak Name

    • File Name

    • File Data

    Click View Full Text to view the full content.
    Cyber-Crime Forum Posts Old

    • Collection Date

    • Posted Date

    • Forum

    • Name

    • Actor Name

    • Posts Title

    • Posts Content

    Click View Full Text or Entity type to view the full content. The extracted entities if any including domain, URL, CVE, email, or IP are displayed in the full content window.

    Paste Site Posts

    • Collection Date

    • Posted Date

    • Author Name

    • Title

    • Content

    Click View Full Text to view the full content. Click link icon to view the site posts in detail.
    Defaced Websites

    • Collection Date

    • Posted Date

    • Source

    • Notifier

    • Domain

    Click link icon to view the website.

    OSINT - Cyber Stories

    • Collection Date

    • Posted Date

    • Title

    • Content

    Click View Full Text or Entity type to view the full content. The extracted entities if any including domain, URL, CVE, email, or IP are displayed in the full content window.

    Click link icon to read the full article.

    Previous
    Next