Search & enrichment

Cross everything-without multiplying tools

CTI and SOC teams lose time copy-pasting across open sources, internal feeds, and tickets. CyberSec0x centralizes queries and adds an analysis layer so human review focuses on what matters.

Supported pivot types

Normalization rules apply before correlation. International phone formats and IDN domains are canonicalized automatically.

Type Input examples Enrichment
Person name Last / first / alias; UTF-8 supported. Phonetic match, common alias expansion, org linkage.
Email RFC-like local@domain Disposable domain flag, breach refs (where licensed).
Phone E.164 or regional formatting Carrier class (where available), VOIP hint.
URL / host HTTPS URL, hostname, IPv4/IPv6 Redirects, passive DNS summary, cert history.
Social @handle, profile URL Cross-pivot to email/phone when public metadata aligns.
File MD5 / SHA-1 / SHA-256 MIME, VT-style reputation (integration-dependent).

Query syntax (unified bar)

The unified search bar accepts free text and structured hints. Use quotes for exact tokens.

Pattern Meaning
"[email protected]" Force email interpretation (disables fuzzy name match).
phone:+33123456789 Explicit phone pivot (E.164 recommended).
url:https://… URL/host pivot; path preserved for reputation lookup.
sha256:<64 hex> File artifact; validates length before query fan-out.

Rate limits and licensed feeds are configured per tenant. Contact [email protected] for data-source add-ons.

Capability cards

Identity & contact

Last name, first name, aliases, email addresses, and phone numbers—normalized, deduplicated, with suggested related fields.

URL & infrastructure

Domains, paths, redirects, and aggregated reputation to place the indicator in your scope and third-party risk context.

Social media

Handles, pages, and public metadata crossed with other pivots to map external presence and impersonation risk.

Files & hashes

Fingerprints, MIME types, and historical sightings—link an artifact to campaigns or known leak corpora.

Correlation engine

Inputs merge into scored entities and an explorable graph. Analysts get a narrative summary—not a raw list—with likely relationship paths and explicit uncertainty where data is thin.

Ready to see it in the console?

The same dimensions feed the investigation view and exportable reports.

Open platform overview