Using Boolean operators (AND, OR, NOT) give you many ways to refine your search. Here's some things to know.
These queries show you how to use many robust search capabilities in one query.
vulnerabilities: (typeDetected: "Confirmed" AND firstFound
< now-1d AND lastFound:[now-1M ... now-1s])
vulnerabilities:(vulnerability.cveIds: (CVE-2016-0189 OR CVE-2016-0162
OR CVE-2016-7200 OR CVE-2016-7201 OR CVE-2016-0034 OR CVE-2015-3105 OR
CVE-2015-3113) AND lastFound:[now-10d ... now-1s]
Put the partial token key "vulnerabilities" first, followed by NOT and rest of vulnerability key using syntax shown
Show findings that have vulnerabilities not meeting criteria - Information Gathered
vulnerabilities: (not vulnerability.types: "INFORMATION")
Show findings that have vulnerabilities not meeting both criteria - Information Gathered and typeDetected confirmed
vulnerabilities: (not (vulnerability.types: "INFORMATION"
and typeDetected: "Confirmed" ))
Important - Using the syntax below is not valid
We've implemented controls in query parsing for queries containing the operators AND, OR. The maximum depth allowed for an AND/OR query cannot cross 1000 levels. If you run a query having more than 1000 levels of depth, an error is returned.
A simple query like this has level of depth 2
vulnerabilities.vulnerability: (patchAvailable: "true"
AND category: "CGI")
A more complex query like this has level of depth 5
(operatingSystem: windows OR operatingSystem: linux) AND (openPorts.port:
80 OR openPorts.port:8080) AND NOT updated <= "2018-01-20"