vulnerabilities.vulnerability:(patchAvailable:"TRUE" AND authTypes:"WINDOWS_AUTH")
Query 1: This will return findings having vulnerabilities with CVSS base score 7.8 and category CGI. A finding is returned only when it matches both criteria.
vulnerabilities.vulnerability:(cvssInfo.baseScore:"7.8" AND category:"CGI")
Query 2: This will return findings having vulnerabilities with CVSS base score 7.8 and/or findings having vulnerabilities with category CGI. A finding is returned when it matches only one criteria.
vulnerabilities.vulnerability.cvssInfo.baseScore:"7.8" AND vulnerabilities.vulnerability.category:"CGI"
Query 1: Entire shared key is "vulnerabilities.vulnerability" (preferred format)
vulnerabilities.vulnerability:(discoveryTypes:"REMOTE" AND patchAvailable:"TRUE")
Query 2: Partial shared key is "vulnerability"
vulnerabilities:(vulnerability.discoveryTypes:"REMOTE" AND vulnerability.patchAvailable:"TRUE")
Query 1: This returns findings having confirmed vulnerabilities which have a patch available
vulnerabilities:(typeDetected:"Confirmed" and vulnerability.patchAvailable:"TRUE")
Query 2: This returns findings having PCI flagged vulnerabilities which were first found in past 3 days
vulnerabilities:(vulnerability.flags:"PCI_RELATED" AND firstFound > now-3d)
Show assets with the tag "Cloud Agent" and certain software installed. This will return assets that have 1) the tag Cloud Agent, and 2) certain software installed (both name and version).
tags.name:`Cloud Agent` AND software:(name:`Cisco AnyConnect Secure Mobility Client` and version: `3.1.14018`)
Show findings that match both criteria: vulnerabilities last found on 2017-01-12 and vulnerabilities that have a patch available.
vulnerabilities:(lastFound:'2017-01-12' AND vulnerability.patchAvailable:"TRUE")
Show findings with vulnerabilities that match both criteria: vulnerabilities first found in the past 10 days and vulnerabilities that have CVSS Base score 7.8.
vulnerabilities:(firstFound > now-10d AND vulnerability.cvssInfo.baseScore: 7.8)