Search Tokens: Build Time Controls on IaC Posture tab

Use the search tokens below to search for control evaluations (click on any control name on the Monitor > IaC Posture tab). Looking for help with writing your query? click here

Use a text value ##### to show controls based on the unique control ID associated with the control at the time of creation.

Example

Show controls with this ID

cid: 205767712438

control.criticality

Select the control criticality (HIGH, MEDIUM, LOW) you're interested in.

Example

Show controls with High criticality

control.criticality: HIGH

control.name

Use values within quotes to help you find controls with a certain name.

Examples

Show findings with this name

control.name: Avoid the use of the root account

Show any findings that contain parts of name

control.name: "Avoid the use of the root account"

control.result

Select the control result you're interested in: PASS or FAIL.

Examples

Show controls that passed

control.result: PASS

Show controls that failed

control.result: FAIL

policy.name

Use values within quotes to find a CIS or AWS policy by name.

Examples

Show findings with this name

policy.name: CIS Amazon Web Services Foundations Benchmark

Show any findings that contain parts of name

policy.name: "CIS Amazon Web Services Foundations Benchmark"

resource.id

Use a text value ##### to show resources based on the unique ID.

Example

Show findings with resource ID

resource.id: 43e92a2d-1234-43fb-b13e-e4ae50825835

resource.type

Select the type of resource you're interested in. Select from names in the drop-down menu.

Example

Show resources of type Instance

resource.type: VPC

resource.result

Select the resource result (SKIP, PASS, FAIL) from control evaluation. Select status from the drop-down options.

Example

Show resources that have PASS result from control evaluation.

resource.result: PASS

service.type

Select the type of service you're interested in. Select from names in the drop-down menu.

Example

Show service type VPC

service.type: VPC

iac.source

Select the source type for IaC templates you're interested in. Select from names in the drop-down menu.

Example

Show all source files from GitHub

iac.source: GitHub

iac.template.type

Select the type of IaC templates you're interested in. Select from names in the drop-down menu.

Example

Show all ARM templates

iac.template.type: ARM

evaluatedOn

Use a date range or specific date to define when the resource was first discovered.

Examples

Show resources discovered within certain dates

evaluatedOn: [2018-01-01 ... 2018-03-01]

Show resources updated starting 2018-10-01, ending 1 month ago

evaluatedOn: [2018-01-01 ... now-1m]

Show resources updated starting 2 weeks ago, ending 1 second ago

evaluatedOn: [now-2w ... now-1s]

Show resources discovered on specific date

evaluatedOn: 2018-01-08

and

Use a boolean query to express your query using AND logic.

Example

Show findings with account ID 205767712438 and type Subnet

account.id: 205767712438 and resource.type: Subnet

not

Use a boolean query to express your query using NOT logic.

Example

Show findings that are not resource type Instance

not resource.type: Instance

or

Use a boolean query to express your query using OR logic.

Example

Show findings with one of these tag values

tag.value: Finance or tag.value: Accounting