Using Boolean operators (AND, OR, NOT) give you many ways to refine your search. Here's some things to know.
These queries show you how to use many robust search capabilities in one query.
hardware.type:`Programmable Logic Controller (PLC)` and hardware.type:`router`
and interfaces.protocol:`bacnet` and interfaces.transport.protocol:`udp`
vulnerabilities.hardware.vendor:`Rockwell Automation` and vulnerabilities.vulnerability.threatIntel:`Easy
Exploit` and vulnerabilities.vulnerability.criticality:[`CRITICAL`,`HIGH`]
Put the NOT followed by vulnerability key using syntax shown
Show findings that have vulnerabilities not meeting criteria - Information Gathered
vulnerabilities.hardware.vendor:[`Rockwell Automation`, `Omron`]
and not vulnerabilities.vulnerability.threatIntel:EasyExlpoit and vulnerabilities.vulnerability.threatIntel:`High
Data Loss`
Show findings that have vulnerabilities not meeting both criteria - Information Gathered and typeDetected confirmed
vulnerabilities.hardware.vendor:[`Rockwell Automation`, `Siemens`]
and not vulnerabilities.status:`ACTIVE` and vulnerabilities.vulnerability.criticality:[`HIGH`,
`MEDIUM`]
We've implemented controls in query parsing for queries containing the operators AND, OR. The maximum depth allowed for an AND/OR query cannot cross 1000 levels. If you run a query having more than 1000 levels of depth, an error is returned.
A simple query like this has level of depth 2
hardware.manufacturer:`Rockwell Automation` and inventory.source:`Passive
Sensor`
A more complex query like this has level of depth 3
vulnerabilities.hardware.vendor:`Siemens` and vulnerabilities.vulnerability.threatIntel:`Active
Attacks` and not vulnerabilities.vulnerability.criticality:[`HIGH`, `MEDIUM`]