Many asset fields containing text allow you to use full text search. Quickly find data of interest, combining advanced search capabilities to better interpret your question.
Let's take a look at the search field vulnerabilities.vulnerability.title. There are many ways you can search this field.
Show any findings related to this title
vulnerabilities.vulnerability.title: Remote Code Execution
Show any findings that contain "Remote" or "Code" in title
vulnerabilities.vulnerability.title: "Remote Code"
Show any findings that match exact value "Remote Code"
vulnerabilities.vulnerability.title: `Remote Code`
Show any findings that match nested query. Both sub fields must match in order for an asset to be returned.
vulnerabilities.vulnerability: (title: `Remote Code` AND patchAvailable:
"true")
In some cases, field values are split into tokens that can be searched individually. Let's consider some scenarios for searching field values with additional search capabilities.
Example: name field contains the value "10,125" or "10.134".
In this case, the value is not split into tokens. Only exact or prefix matching on the full value is supported.
Matching:
name: "10,1"
name: "10"
name: "10.134"
Non-matching:
name: "125"
name: "13"
Example: name field contains the value "qualys.corp.com".
In this case, the value is not split into tokens. Only exact or prefix matching on the full value is supported.
Matching:
name: "qual"
name: "qualys.corp"
name: "qualys.corp.com"
Non-matching:
name: "corp"
name: "com"
Example: name field contains the value "102354.qualys" or "qualys,25576.13".
The value "102354.qualys" is split into 2 tokens: "102354" and "qualys". Prefix search on each token is supported.
Matching:
name: "1023"
name: "qualy"
Non-matching:
name: "354"
name: "lys"
Value contains a comma (,) dash (-), semicolon (;), line separator, paragraph separator (space/tab), carriage return, line feed, brackets ( ( [ { } ] ) ) or other special characters (? @ $ % & / \)
Example: name field contains the value "qualys-corp"
The value "qualys-corp" is split into 2 tokens: "qualys" and "corp". Prefix search on each token is supported.
Matching:
name: "qua"
name: "cor"
Non-matching:
name: "alys"
name: "orp"
Example: vulnerabilities.vulnerability.title field has value "OpenSSH Xauth Command Injection Vulnerability"
The value is split into 5 tokens: "OpenSSH", "Xauth", "Command", "Injection" and "Vulnerability". We will perform complete case insensitive matching on each token in your search string and perform a prefix match on the last token in your search string.
Matching:
vulnerabilities.vulnerability.title: "openssh xauth com"
The "openssh" and "xauth" tokens match completely and "com" matches the prefix search for "command".
vulnerabilities.vulnerability.title: "injection vuln"
The "injection" token matches completely and "vuln" matches the prefix search for "vulnerability".
vulnerabilities.vulnerability.title: "xauth command injection"
All 3 tokens "xauth", "command" and "injection" match completely.
Non-matching:
vulnerabilities.vulnerability.title: "open comm"
The "open" token is leading and it does not match completely so this search would not return a match.
vulnerabilities.vulnerability.title: "inject vuln"
The "inject" token is leading and it does not match completely so this search would not return a match.
vulnerabilities.vulnerability.title: "xauth command ssh"
The "ssh" token is the last token and it does not match completely nor does it match a prefix search.
Tell me more about related findings
I want to find case sensitive matches
.