Many asset fields containing text allow you to use full text search. Quickly find data of interest, combining advanced search capabilities to better interpret your question.
Let's take a look at the search field tags.name. There are many ways you can search this field.
Show any findings that contain "network" and "blue" in tag name
tags.name: "network blue"
Show any findings that contain "Network" or "Blue" in tag name (another method)
tags.name: "network" OR tags.name "blue"
Show any findings that match exact value
tags.name: `Cloud Agent`
In some cases, field values are split into tokens that can be searched individually. Let's consider some scenarios for searching field values with additional search capabilities.
Example: field contains the value "10,125" or "10.134".
In this case, the value is not split into tokens. Only exact or prefix matching on the full value is supported.
Matching:
tags.name: "10,1"
tags.name: "10"
tags.name: "10.134"
Non-matching:
tags.name: "125"
tags.name: "13"
Example: field contains the value "qualys.corp.com".
In this case, the value is not split into tokens. Only exact or prefix matching on the full value is supported.
Matching:
tags.name: "qual"
tags.name: "qualys.corp"
tags.name: "qualys.corp.com"
Non-matching:
tags.name: "corp"
tags.name: "com"
Example: field contains the value "102354.qualys" or "qualys,25576.13".
The value "102354.qualys" is split into 2 tokens: "102354" and "qualys". Prefix search on each token is supported.
Matching:
tags.name: "1023"
tags.name: "qualy"
Non-matching:
tags.name: "354"
tags.name: "lys"
Value contains a comma (,) dash (-), semicolon (;), line separator, paragraph separator (space/tab), carriage return, line feed, brackets ( ( [ { } ] ) ) or other special characters (? @ $ % & / \)
Example: field contains the value "qualys-corp"
The value "qualys-corp" is split into 2 tokens: "qualys" and "corp". Prefix search on each token is supported.
Matching:
tags.name: "qua"
tags.name: "cor"
Non-matching:
tags.name: "alys"
tags.name: "orp"
Example: field has value "OpenSSH Xauth Command Injection Vulnerability"
The value is split into 5 tokens: "OpenSSH", "Xauth", "Command", "Injection" and "Vulnerability". We will perform complete case insensitive matching on each token in your search string and perform a prefix match on the last token in your search string.
Matching:
tags.name: "openssh xauth com"
The "openssh" and "xauth" tokens match completely and "com" matches the prefix search for "command".
tags.name: "injection vuln"
The "injection" token matches completely and "vuln" matches the prefix search for "vulnerability".
tags.name: "xauth command injection"
All 3 tokens "xauth", "command" and "injection" match completely.
Non-matching:
tags.name: "open comm"
The "open" token is leading and it does not match completely so this search would not return a match.
tags.name: "inject vuln"
The "inject" token is leading and it does not match completely so this search would not return a match.
tags.name: "xauth command ssh"
The "ssh" token is the last token and it does not match completely nor does it match a prefix search.
Tell me about related findings