Filtering Threats

The threats table can quickly fill up as Selki is ingesting millions of records per day. The more watchers you have the more threats will be uncovered. Use the filter to find exactly what you're looking for.

The filter has eight sections:

• Watcher - The domain(s) you are monitoring
• URL - The URL that was accessed by the compromised credential
• Domain - The website where the compromised credential was found
• Username - The account holders' username
• Email - The account holders' email address
• Password - The password used to access the account
• IP Address - The IP address of the device used to log into the domain
• Family - The infostealer family

Selecting one of the above filter allows you to find the data you need by selecting a "where" statement. For each filter, you can select the following "where" statement:

• Watcher - Matches, Does Not Match all domains
• URL - Contains, Does Not Contain, Is Exactly, Starts With, Ends With: Enter desired text
• Domain - Contains, Does Not Contain, Is Exactly, Starts With, Ends With: Enter desired text
• Username - Contains, Does Not Contain, Is Exactly, Starts With, Ends With: Enter desired text
• Email - Contains, Does Not Contain, Is Exactly, Starts With, Ends With: Enter desired text
• Password - Contains, Does Not Contain, Is Exactly, Starts With, Ends With: Enter desired text
• IP Address - Contains, Does Not Contain, Is Exactly, Starts With, Ends With: Enter desired text
• Family - Contains, Does Not Contain, Is Exactly, Starts With, Ends With: Enter desired text

The example below shows the Usernam filter being selected and searching for an exact username:

Once you have selected the desired filter, a pill showing the filter will be displayed above the table. Simply click the "X" to remove it and start over, or add more filters.

Updated on: 07/08/2025