Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Search Page

High Level Overview

This page allows analysts to search through any session activity gathered by Spec. You can use this page as a launching point to find trends in user activity, save searches, download datasets, and continue to further investigate patterns made by fraudsters.

Columns

ColumnExplanation
Session ID:Unique identifier for a session. Value hyperlinks to the User Session Assessment Page, where you can further investigate information gathered, events that occurred, and actions taken by Spec during the session.
Session UTC:When the session was created. Can filter the result set by Date by using the date-picker input. Can further filter the results by clicking on the filter icon on the column, the right-most icon.
Session Risk Rating:Risk rating for the session. Can be one of "Normal Session", "Suspicious Session", or "Malicious Session".
# Events:Total number of events that took place during a session.
# Labels:Total number of labels that were placed on a session.
Duration:How long a session took place for.
Country:Country a session took place in. Based on IP location.
City:Identifying string for the device involved in a session.
IP Address:IP address collected for a session.

To run a search, change the input values at the top of the page and click "Search". These inputs allow you to search on a Spec element over a period of time and with any amount of values for the element separated by commas.

As an example let's say you only want to investigate malicious sessions within the past two weeks. You can do that by doing the following:

  1. In the "field type" input, choose the element type you want to search for (in this case, Session Risk Rating).
  2. In the "dates" input, choose a date range you'd want to limit your results to.
  3. In the "value" input, choose "Malicious Session".

Now you may want to see the malicious session with the most events involved. You can do this by clicking the sort button on the "# Events" column:

You can also filter your results even further if you click on the filter icon on a column. Continuing the example we've been using, I can copy the IP Address on the top row and filter results down to only the sessions where that IP was seen.

Saved Search And Insights Tabs

You have the ability to save any search you make. These searches will be listed under the "saved search" tab. To display the results of a saved search, click on a row and you'll be directed to the search tab with a list of the results.

The same goes for the insights tab. Click on an insight on the table and you'll be directed to the search tab with the results.

Once you find the dataset you're after, you can download that data as a CSV. Click the download arrow on the top right corner of the table:

Digging into a Session

Clicking on a link under the "Session ID" column will take you to the User Session Assessment Page, where you can find more details on a specific session. Go to that page to read more.