STEALSEEK
USER GUIDE
Welcome to the StealSeek User Guide. This comprehensive guide will walk you through how to effectively use our powerful search functionality.
1. Basic Search Process
Follow these steps to perform a basic search:

Choose the appropriate table from the dropdown menu in the top-left of the search box (ULP is the default)

Type your search term in the main input field. You can search for domains, email addresses, usernames, passwords, etc.

In the Search Options modal that appears, select the specific column you want to search in:
- You must specify exactly what type of data you're searching for (Password, Domain, Email, TLD, etc.)
- Look for the "i" icons next to each column name
- Hover over any "i" icon to see examples of that data type
- Click "Apply" to proceed with your search

2. Advanced Search Features
Access advanced search options by clicking the settings (gear) icon next to the search box:
Configure your search with powerful options:
- Display Columns: Control which columns appear in your results
- Partial Match: Find results containing your search term (not just exact matches)
- Just Stealer: Limit results to only stealer logs
- Enable Total Count: Shows exact total number of matching records
- Enable Small Count: Shows counts up to 5000 results
- Date Range: Filter results to a specific time period
- Results Control: Adjust limit (10-30000) and offset for pagination

3. Using Search Results
Learn how to effectively work with your search results:
Right-click on any cell in the results table to access these options:
- Inspect Log: View detailed information about the entire log file
- Download Log: Save the original log file to your computer
- Copy: Copy cell content to clipboard
- Copy All Row: Copy entire row data
- Search: Start a new search using the selected value

Use the filter panel to narrow down your search results:
- Click the "Filters" button in the results toolbar
- Create filter rules to match specific criteria
- Choose between "ALL rules" or "ANY rule" matching
- Apply filters to see refined results

For entries with "stealer" leak type, you can inspect and download the complete log file:
Inspect Log
View detailed information about the entire log file:
- Right-click on any cell in a stealer log entry
- Select "Inspect Log" from the context menu
- A modal window will open showing all data from the log
- Browse through different sections of the log (ULP, Autofills, Cookies, etc.)
- Use the search function within the log to find specific information

Download Log
Save the complete log file to your computer:
- Right-click on any cell in a stealer log entry
- Select "Download Log" from the context menu
- The log file will be downloaded in zip format
- You can then analyze the complete log data offline

4. Setting Up Alarms
StealSeek's Alarms module allows you to monitor specific assets for new leaks automatically. When a new leak is detected, you'll receive both an in-app notification and an email alert.

To add a new asset for monitoring:
- Click the "Add Asset" button
- Select the appropriate asset type from the dropdown
- Enter the asset value in the input field
- Click "Add Asset" to save
You can set up alarms for the following asset types:
- ULP Domain: Monitor specific domains for leaks
- Example: example.com
- ULP Full Domain: Track complete domain information
- Example: subdomain.example.com
- ULP Email: Monitor specific email addresses
- Example: [email protected]
- Example: [email protected]
- ULP Email Domain: Track email domains
- Example: example.com
- Example: company.com
- ULP IP: Monitor specific IP addresses
- Example: 192.168.1.1
- Computer HWID: Track hardware IDs
- Example: 12345678-1234-1234-1234-123456789012
- Example: ABCD1234-5678-90EF-1234-567890ABCDEF
- Computer Name: Monitor computer names
- Example: DESKTOP-ABC123
- Example: LAPTOP-XYZ789
- Client IP: Track client IP addresses
- Example: 10.0.0.1
- Example: 172.16.0.1
- Computer User: Monitor computer usernames
- Example: john.doe
- Example: admin
The Alert History page allows you to manage and review your alarm notifications:
- View all triggered alarms in chronological order
- Mark alerts as "Seen" to track which ones you've reviewed
- Use the "View Details" button to examine the specific leak data

When a new leak is detected, you'll receive an email notification containing:
- The type of asset that was compromised
- The specific value that was found in the leak
- Timestamp of when the leak was detected
