Search for Remediation Activity
Use the search tokens below to search and filter remediation activities that have been triggered. You'll need to first choose Amazon Web Service or Microsoft Azure on the Resources tab to see the relevant tokens for your environment. Looking for help with writing your query? click here
AWS | Microsoft Azure | GCP
AWS
Select the type of resource you're interested in. Select from name of resource type from the drop-down menu.
Example
Show resources of type instance
resource.type: Instance
Use a text value ##### to find resources based on the unique resource ID assigned to the resource.
Example
Show resources that partially matches with the specified resource id ID acl-8e5198f5
resource.id: acl-8e5198f5
Show resources that exactly matches with the specified resource id ID acl-8e5198f5
resource.id: `acl-8e5198f5`
Use a text value ##### to show controls based on the unique control ID associated with the control at the time of creation.
Example
Show controls with this ID
cid: 205767712438
connector.name
Select the remediation activity status ("Sucess", "Queued", "Error") to view remediation activities with selected status. Select from names in the drop-down menu.
Example
Show remediation activities with success as the remediation activity status
status: Success
Select the type of remediation action from the drop-down options.
- AWS : Control Remediation, Stop Instance, Remove IAM
- Azure: Control Remediation
- GCP: Control Remediation
Example
Show remediation activities of specified type such as control remediation
action: Control Remediation
Use a text value ##### to show connectors based on the unique account ID associated with the connector/ARN at the time of creation.
Example
Show connectors associated with this account ID
account.id: 205767712438
Use a text value ##### to find remediation activities that were initiated by a user of interest.
Example
Show remediation activities that were triggered by the specified user
triggeredBy: user_john
Use a date range or specific date to define when the remediation activities was initiated.
Examples
Show remediation activities triggered within certain dates
triggeredOn: [2021-01-01 ... 2021-03-01]
Show remediation activities triggered starting 2021-10-01, ending 1 month ago
triggeredOn: [2021-01-01 ... now-1m]
Show remediation activities triggered starting 2 weeks ago, ending 1 second ago
triggeredOn: [now-2w ... now-1s]
Show remediation activities triggered on specific date
triggeredOn: 2021-01-08
Use values within quotes to help you find controls with a certain name.
Examples
Show findings with this name
control.name: Avoid the use of the root account
Show any findings that contain parts of name
control.name: "Avoid the use of the root account"
Use values within quotes to help you find connectors with a certain name.
Example
Show connectors with this name
connector.name: Sample_connector
Azure
Select the type of resource you're interested in. Select from name of resource type from the drop-down menu.
Example
Show resources of type instance
resource.type: Instance
Use a text value ##### to find resources based on the unique resource ID assigned to the resource.
Example
Show resources that partially matches with the specified resource id ID acl-8e5198f5
resource.id: acl-8e5198f5
Show resources that exactly matches with the specified resource id ID acl-8e5198f5
resource.id: `acl-8e5198f5`
Use a text value ##### to show controls based on the unique control ID associated with the control at the time of creation.
Example
Show controls with this ID
cid: 205767712438
Use values within quotes to help you find connectors with a certain name.
Example
Show connectors with this name
connector.name: Sample_connector
Select the remediation activity status ("Sucess", "Queued", "Error") to view remediation activities with selected status. Select from names in the drop-down menu.
Example
Show remediation activities with success as the remediation activity status
status: Success
Select the type of remediation action from the drop-down options.
- AWS : Control Remediation, Stop Instance, Remove IAM
- Azure: Control Remediation
- GCP: Control Remediation
Example
Show remediation activities of specified type such as control remediation
action: Control Remediation
Use a text value ##### to find Azure connectors based on the unique subscription ID associated with the connector at the time of creation.
Example
Show connectors with this subscription ID
subscriptionId: fbb9ea64-abda-452e-adfa-83442409
Use a text value ##### to find remediation activities that were initiated by a user of interest.
Example
Show remediation activities that were triggered by the specified user
triggeredBy: user_john
Use a date range or specific date to define when the remediation activities was initiated.
Examples
Show remediation activities triggered within certain dates
triggeredOn: [2021-01-01 ... 2021-03-01]
Show remediation activities triggered starting 2021-10-01, ending 1 month ago
triggeredOn: [2021-01-01 ... now-1m]
Show remediation activities triggered starting 2 weeks ago, ending 1 second ago
triggeredOn: [now-2w ... now-1s]
Show remediation activities triggered on specific date
triggeredOn: 2021-01-08
Use values within quotes to help you find controls with a certain name.
Examples
Show findings with this name
control.name: Avoid the use of the root account
Show any findings that contain parts of name
control.name: "Avoid the use of the root account"
GCP
Select the type of resource you're interested in. Select from name of resource type from the drop-down menu.
Example
Show resources of type instance
resource.type: Instance
Use a text value ##### to find resources based on the unique resource ID assigned to the resource.
Example
Show resources that partially matches with the specified resource id ID acl-8e5198f5
resource.id: acl-8e5198f5
Show resources that exactly matches with the specified resource id ID acl-8e5198f5
resource.id: `acl-8e5198f5`
Use a text value ##### to show controls based on the unique control ID associated with the control at the time of creation.
Example
Show controls with this ID
cid: 205767712438
Select the remediation activity status ("Sucess", "Queued", "Error") to view remediation activities with selected status. Select from names in the drop-down menu.
Example
Show remediation activities with success as the remediation activity status
status: Success
Select the type of remediation action from the drop-down options.
- AWS : Control Remediation, Stop Instance, Remove IAM
- Azure: Control Remediation
- GCP: Control Remediation
Example
Show remediation activities of specified type such as control remediation
action: Control Remediation
Use a text value ##### to find GCP connectors based on the unique project ID associated with the connector at the time of creation.
Example
Show connectors with this projectId
projectId: my-project-1513669048551
Use a text value ##### to find remediation activities that were initiated by a user of interest.
Example
Show remediation activities that were triggered by the specified user
triggeredBy: user_john
Use a date range or specific date to define when the remediation activities was initiated.
Examples
Show remediation activities triggered within certain dates
triggeredOn: [2021-01-01 ... 2021-03-01]
Show remediation activities triggered starting 2021-10-01, ending 1 month ago
triggeredOn: [2021-01-01 ... now-1m]
Show remediation activities triggered starting 2 weeks ago, ending 1 second ago
triggeredOn: [now-2w ... now-1s]
Show remediation activities triggered on specific date
triggeredOn: 2021-01-08
Use values within quotes to help you find controls with a certain name.
Examples
Show findings with this name
control.name: Avoid the use of the root account
Show any findings that contain parts of name
control.name: "Avoid the use of the root account"