Full text search on certain fields

Many asset fields containing text allow you to use full text search. Quickly find data of interest, combining advanced search capabilities to better interpret your question.

How to Search - The Basics

Let's take a look at the search field tags.name. There are many ways you can search this field.

tags.name: "network blue"

tags.name: "network" OR tags.name "blue"

tags.name: `Cloud Agent`

Additional Search Capabilities

In some cases, field values are split into tokens that can be searched individually. Let's consider some scenarios for searching field values with additional search capabilities.

1) Field value contains a comma (,) or period (.) between numbers

In this case, the value is not split into tokens. Only exact or prefix matching on the full value is supported.

tags.name: "10,1"

tags.name: "10"

tags.name: "10.134"

tags.name: "125"

tags.name: "13"

2) Field value contains a period (.) between text

In this case, the value is not split into tokens. Only exact or prefix matching on the full value is supported.

tags.name: "qual"

tags.name: "qualys.corp"

tags.name: "qualys.corp.com"

tags.name: "corp"

tags.name: "com"

3) Field value contains a comma (,) or period (.) between a number and text

The value "102354.qualys" is split into 2 tokens: "102354" and "qualys". Prefix search on each token is supported.

tags.name: "1023"

tags.name: "qualy"

tags.name: "354"

tags.name: "lys"

4) Field value contains special characters and line/paragraph separators

Value contains a comma (,) dash (-), semicolon (;), line separator, paragraph separator (space/tab), carriage return, line feed, brackets ( ( [ { } ] ) ) or other special characters (? @ $ % & / \)

The value "qualys-corp" is split into 2 tokens: "qualys" and "corp". Prefix search on each token is supported.

tags.name: "qua"

tags.name: "cor"

tags.name: "alys"

tags.name: "orp"

5) Field value contains a phrase with a space, tab or new line

The value is split into 5 tokens: "OpenSSH", "Xauth", "Command", "Injection" and "Vulnerability". We will perform complete case insensitive matching on each token in your search string and perform a prefix match on the last token in your search string.

tags.name: "openssh xauth com"

The "openssh" and "xauth" tokens match completely and "com" matches the prefix search for "command".

tags.name: "injection vuln"

The "injection" token matches completely and "vuln" matches the prefix search for "vulnerability".

tags.name: "xauth command injection"

tags.name: "open comm"

The "open" token is leading and it does not match completely so this search would not return a match.

tags.name: "inject vuln"

The "inject" token is leading and it does not match completely so this search would not return a match.

tags.name: "xauth command ssh"

The "ssh" token is the last token and it does not match completely nor does it match a prefix search.

Get more information

This actually broadens your search in many cases which can be helpful for finding what you're interested in. These searches can return more than what you might expect.

Analysis - The field value you enter is analyzed against an index of the field value on the platform. This index is created by removing punctuation, lowercasing, expanding to synonyms and other logical matches.

Results - Searches of the field index will return results that may not match casing or the exact words you enter and results may include related terms or synonyms.

If you're not using backticks we'll strip punctuation (including quotes) and match the words in any order, case and in most cases prefix.