Validin has launched a redesigned Advanced Search experience powered by a new Validin Query Language (VQL) that supports structured queries across services, DNS, and registration data with features like autocomplete, real-time validation, Quick Pivots, and same-observation matching. The beta is available to enterprise customers and includes improved Pivot History and Search Sessions to track and revisit investigative workflows #Validin #VQL
Keypoints
- Validin released a redesigned Advanced Search interface built on a new query engine and the Validin Query Language (VQL).
- VQL supports structured queries across three data groups (services, DNS, registration) using group prefixes and parenthesized conditions.
- Grouped conditions are evaluated within the same observation window to reduce false positives for time-bound observations.
- New query construction aids include autocomplete for fields/values, real-time syntax validation, and inline guidance.
- Suggested Quick Pivots (e.g., Similar Registrations) pre-populate advanced queries to speed analyst workflows.
- Pivot History has been improved and Search Sessions were introduced to group and revisit related searches and pivots.
MITRE Techniques
- [None ] No MITRE ATT&CK techniques mentioned β βThe article does not reference specific MITRE ATT&CK techniques.β
Indicators of Compromise
- [Domain ] Example domains mentioned in query contexts β app.validin.com, brad.ns.cloudflare.com
- [Domain ] Example nameserver domain β emma.ns.cloudflare.com
- [Registrar ] Registration metadata used for pivots β NameCheap, Inc.
- [Registration Timestamp ] Example registration time used in Quick Pivot β 2015-02-04T18:06:26Z (~30m)
Read more: https://www.validin.com/blog/validin_introduces_advanced_search/