Query Filters help you refine search results by specifying the conditions InsightCloudSec searches for when identifying matching resources.
Query filters contribute to other functionality that helps you understand your risk and automate your actions:
- Insights combine Query Filters, scope, and reporting.
- Bots take action based on the output of Query Filters, scope, and Insights.
Go to Security > Query Filters to get started.
Refining query filters
Because we are continually updating the filtering toolset in response to cloud providers' newly released capabilities as well as customer requests, the list of filters is long. It is recommended that you refine your view by identifying the filters relevant to your needs and focusing on higher priority resources.
You can narrow your view of using the search bar to find a specific Query Filter with keywords or terms, by scoping by supporting clouds or resource type, or by looking through specific versions of InsightCloudSec. Custom Query Filters are also included in the full listing and can be access by toggling the "Owner" option at the top of the page.
Search query filters
- In InsightCloudSec, go to Security > Query Filters.
- On the Query Filters page, in the Search field, enter a search term.
- (Optional) Select the Owner and Select Version.
- Review the results.
Search by Supporting Clouds or Resource Types
You can further narrow the search by using the "Cloud Support" and "Supported Resources" options:
- Cloud Support. You can search for only those Query Filters supported by selected cloud providers, e.g., Amazon Web Services, Amazon Web Services Gov Cloud, Amazon Web Services China, Google Compute Engine, Microsoft Azure, Kubernetes, and Alibaba Cloud.
- Supported Resource. You can search for only those Query Filters which are supported by the selected resource type, Instance, Volume, etc. A full list of all InsightCloudSec resource types is found on the Resource Type Definitions page.
Using Versions and Toggling Columns
Query Filters can also be focused using their Release Version, using the "Select Version" button. You can also choose which columns should appear in your results. Options here include number of Insights with which this Query Filter is associated, number of Bots with which this Query Filter is associated, date created, owner, etc.
Inspecting Your Query Filters
To inspect the Query Filters in the results, click on the filter name (in blue) to view the SQL query associated with this Query Filter:
After identifying your necessary Query Filters, you can learn details about the filter, such as description, supported clouds, supported resources, and configuration requirements. You can also view the underlying code to understand how a given Query Filter works.
Filtering Bots with Query Filters
Query Filters are also used in the creation of Bots.
- For detailed step by step instructions check out Creating Bots.
- You can also view Working with Bots (Best Practices & Examples) if you want to review some examples
Notes about Query Filters vs. Bot filtering
The Resource Type you select in Step 2 of Bot creation will limit the Query Filters you can select in Step 3.
In the example below, a resource type of Instance is selected. The Query Filters specifying the filters for the Bot are limited to only those associated with Instance as a resource type.
Using Query Filters With Resources
Query Filters are also found on the Resources page. In the example below, Query Filters can be used as one criteria to further narrow a specific resource type, Instance.
Check out additional information on the Resources documentation.