InsightVM

Query filter guide

Overview

Several program features rely on asset and vulnerability filtering in order to refine presented data or determine the scope of projects and triggers. To this end, InsightVM offers its own query language that you can use to filter your data in as broad or specific terms as you need. This guide explains the query filter building process.

Query filters are used with the following InsightVM features:

NOTE

This guide demonstrates how to build queries using the legacy query builder, which will be deprecated later this year.

Query layout

  1. Query Dictionary
    • Click the ? icon next to the query bar to open the Query Dictionary. This table lists all available parameters for your selected category, along with descriptions and data types. The Query Dictionary is sortable by column and searchable by parameter name.
  2. Query field
    • Enter your query filter here. Create your filter step by step through selection of suggested parameters and operators, or type your filter by hand.
  3. Remove query
    • If you need to start over, click this icon to clear all content in the query field.
  4. Apply
    • If you’re satisfied with your query, click Apply to filter your selected data category.

Operators

The following operators are available for use when building query filters.

NOTE

The list of usable operators shown will depend on which parameter you have selected beforehand.

Operator
Description

=

Equal To. Returns all records that equal the specified value.

!=

Not Equal To. Returns all records that are not equal to the specified value.

>

Greater Than. Returns all records that are greater than the specified value.

>=

Greater Than or Equal To. Returns all records that are greater than or equal to the specified value.

<

Less Than. Returns all records that are less than the specified value.

<=

Less Than or Equal To. Returns all records that are less than or equal to the specified value.

CONTAINS

Returns all records that contain the specified string.

STARTS WITH

Returns all records that start with the specified string.

ENDS WITH

Returns all records that end with the specified string.

LIKE

Works as a normal regular expression search as opposed to SQL regular expression search.

IS NULL

Returns all records whose specified value is NULL (contains the NULL value).

IS NOT NULL

Returns all records whose specified value is not NULL (does not contain the NULL value).

AND

The AND operator returns values when both conditions are true.

OR

The OR operator returns values when one of the conditions is true.

<=>

Used with parameters of the “Object” type.

Build a single query that specifies all desired sub-parameter matches that are contained within the main object parameter.

~>

Used with parameters of the “Object” type.

This operator will return the best match found among an object’s sub-parameters.

Data categories

Query filters are used to refine one of two data groups:

  • Assets
  • Vulnerabilities

As a result, all query parameters are either asset-based or vulnerability-based. One or both of these parameter groups may be available, depending on the type of filter being applied.

Build a query filter

  1. Click the query field to get started.
    • InsightVM will suggest a short list of available parameters. These suggestions will change as you type characters into the field.
    • Open the Query Dictionary for a full list of available parameters.
  2. Select your first parameter.
    • Click or type the parameter name in full to complete your selection.
    • A list of available operators will display once your selection is complete.
  3. Select an operator.
    • InsightVM will suggest applicable values if they are available, depending on the parameter.
    • Integer operators generally rely entirely on user input.
    • String operators will provide you with a set of double quotes where you can enter your string value.
    • Operators selected for “Date” parameters will display a calendar tool with clickable days.
  4. If desired, refine your query with an “AND” or “OR” operator.
    • These operators allow you to specify multiple conditions.
    • Repeat steps 2 and 3 to complete these additional conditions.
  5. Verify that your query is valid.
    • The status indicator will change from red to green once a valid query has been detected.
    • The Apply button will activate for valid queries only.
  6. Click Apply.

Query filter guide


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.