Query operators
Overview
Several program features rely on asset and vulnerability filtering in order to refine presented data or determine the scope of projects and triggers. To this end, InsightVM offers its own query language that you can use to filter your data in as broad or specific terms as you need. This guide explains the query building process using the Query Builder, a cloud-based InsightVM feature.
Queries are used with the following InsightVM features:
Operators
The following operators are available for use when building queries in Standard or Expert mode in the Query Builder.
NOTE
The list of usable operators shown will depend on which parameter you have selected beforehand.
Standard Mode
Use these operators in Standard mode.
Operator | Description |
---|---|
= | Equal to - returns all records that equal the specified value. |
!= | Not Equal to - returns all records that are not equal to the specified value. |
CONTAINS | Returns all records that include the specified string. |
DOES NOT CONTAIN | Returns all records that do not include the specified string. |
STARTS WITH | Returns all records that start with the specified string. |
ENDS WITH | Returns all records that end with the specified string. |
LIKE | Returns all records that match a search pattern defined by a regular expression.Returns all records that contain the specified string. |
IS | Returns all records whose specified value is NULL (contains the NULL value). |
IS NOT | Returns all records whose specified value is not NULL (contains the NULL value). |
AND | The AND operator returns values when both conditions are true. |
OR | The OR operator returns values when one of the conditions is true. |
~> | Returns any object with any field that matches the specified string. |
Expert Mode
Use these operators in Expert mode.
Operator | Description |
---|---|
= | Equal to - returns all records that equal the specified value. |
!= | Not equal to - returns all records that are not equal to the specified value. |
> | Greater than - returns all records that are greater than the specified value. |
>= | Greater than or equal to - returns all records that are greater than or equal to the specified value. |
< | Less than - returns all records that are less than the specified value. |
<= | Less than or equal to - returns all records that are less than or equal to the specified value. |
CONTAINS | Returns all records that contain the specified string. |
DOES NOT CONTAIN | Returns all records that do not include the specified string. |
STARTS WITH | Returns all records that start with the specified string. |
ENDS WITH | Returns all records that end with the specified string. |
LIKE | Returns all records that match a search pattern defined by a regular expression. |
IS | Returns all records whose specified value is NULL (contains the NULL value). |
IS NOT | Returns all records whose specified value is not NULL (contains the NULL value). |
AND | The AND operator returns values when both conditions are true. |
OR | The OR operator returns values when one of the conditions is true. |
<=> | Used with parameters of the Object type. |
~> | Returns any object with any field that matches the specified string. |
Data categories
In Expert mode, queries are used to refine one of three data groups:
- Assets
- Vulnerabilities
- Findings
As a result, all query parameters are either asset-based, vulnerability-based, or finding-based. One or more of these parameter groups may be available, depending on the type of filter being applied.
Advanced query logic
In some scenarios, it is more useful to create a query based on is not desired. Using advanced query logic can accomplish this.
For example, if the universe is food and a type is fruit the following query will surface all foods except fruits that are apples.
!(food.fruit = apples)
We set the entire query to false.
Another example is wanting to query for all fruits except apples. This is accomplished by setting the value of the query to false.
food.fruit != apples
Joining two indexes of different types
You can combine two indexes of two different types.
asset.software.vendor = 'Rapid7`' AND asset.software.version = 'foo'
In this example, the queries return a set containing all assets with Rapid7 products and any assets with a product of version 'foo' (Rapid7 or not).