Query Syntax & Entity types

Table of Contents #

Query Syntax #

When using the Silobreaker API, you will frequently send queries for documents and entities to retrieve relevant data.

The query syntax is exactly the same as for the Silobreaker UI. Familiarise yourself with the query syntax by using the Silobreaker UI and using the assists available in the form of auto-complete and Search Wizard.

Please refer to the Silobreaker User Manual and the topic Searching for more information.

Entity types #

When querying, you will frequently request results of a specific entity type, or query for documents containing certain entity types.

Below is a list of all entity types supported by Silobreaker.

Click the Try this links to see a sample of the entity type in action.

company A company
country A country according to UN
city A city
keyphrase A generic key phrase, like "Malware"
product A product, like "Adobe Flash Player"
organization An organisation, like "Red Cross"
person A uniquely identifiable person (in most cases)
place A physical location like an airport, plant, harbour, town square
continent One of the seven continents
province A province or part of a country
worldregion One of 29 world regions, like "The Balkans", "South-east asia", "Carribean"


username An @username, typically used on Twitter and other social media.
Try this: Usernames @-mentioned in tweets about "ransomware"
hashtag A hashtag, typically used on Twitter and Instagram.
Try this: Hashtags for "ransomware"


creditcard A credit card number of 13 to 17 digits.
Try this: Leaked credit cards on Pastebin
iin An IIN, issuer identification number, also often referred to as BIN - bank identiciation number. The IIN are the first 6 digits of a credit card and uniquely identifies card issuer and issuing bank.
Try this: Leaks containing IIN numbers


threatactor A person or a group of individuals that poses a cyber security threat, such as a hacktivist groups or state sponsored hackers.
Try this: Threat actors related to "Advanced Persistent Threat"
malware A piece of malicious code intended to perform malicious actions on a victim's computer or IT infrastructure.
Try this: Malware related to Internet of Things
vulnerability A known vulnerability that has been issued a CVE number.
Try this: Vulnerabilities mentioned by VulDB.com last 7 days
hash A 128, 160 or 256 bits hash (typically MD5, SHA1 or SHA256)
Try this: Hashes reported by Malc0de last 48 hours


IPv4 An IPv4 address.
Try this: IPv4 addresses reported by Malc0de last 48 hours
domain A domain that you can register with a registrar, comprised of a second-level domain (SLD) and a top-level domain (TLD). silobreaker.com is a domain, my.silobreaker.com is a subdomain and will yield silobreaker.com as domain
subdomain Any domain name that contains more domain levels than SLD and TLD. ns-1796.awsdns-32.co.uk is a subdomain, while awsdns-32.co.uk is domain.
Try this: Subdomains of the nasa.gov domain
emaildomain A domain attached to an email address. This differs from domain in that it is contextual and only extracted when also extracting email entities.
Try this: Leaked email addresses from the @nasa.gov domain
email An email address.
Try this: Leaked email addresses from the @nasa.gov domain
urlfull The full URL of a http resource.
Try this: Malicious URLs reported by Malc0de last week
forum Online forum or community, e.g. Reddit, 4chan

Documentation generated by mdoc.