Searching for Control Evaluations
Use the search tokens below to search for control evaluations (click any control name on the Monitor > Cloud Posture tab). Looking for help with writing your query? click here
Use a text value ##### to show resources based on the unique account ID associated with the connector/ARN at the time of creation.
Example
Show findings with this account ID
aws.accountId: 205767712438
aws.account.statusaws.account.status
Use this is search AWS resources based on their account status.
Example
Show AWS resources with ACTIVE account status
aws.account.status:ACTIVE
Use values within quotes or backticks to find the list control evaluation of AWS connectors with the specified tag value.
Examples
Show control evaluations of AWS connectors with the specified tag value.
aws.account.tag.value: "Finance"
Show control evaluations of AWS connectors that match the exact specified tag value.
aws.account.tag.value: `B1 Finance`
aws.account.tag.keyaws.account.tag.key
Use values within quotes or backticks to find the list control evaluation of AWS connectors with the specified tag key.
Examples
Show control evaluations of AWS connectors with the specified tag key.
aws.account.tag.key: "Department"
Show control evaluations of AWS connectors that match the exact specified tag key.
aws.account.tag.key:`S3 Department`
cloud.resource.currentResult.startDatecloud.resource.currentResult.startDate
Specify a timeframe find the most recent time when the resource evaluation status was updated to its current state.
Example
Show findings with evaluation results changed within the last 24 hours.
cloud.resource.currentResult.startDate:
[now-24h..now]
cloud.resource.lastFixedDatecloud.resource.lastFixedDate
Use a date range or specific date to find when the misconfigured or vulnerable resources were last fixed.
Examples
Show the misconfigured or vulnerable resources last fixed within certain dates
cloud.resource.lastFixedDate: [2023-10-01 .. 2023-12-01]
Show the misconfigured or vulnerable resources last fixed starting 2023-01-01, ending 1 month ago
cloud.resource.lastFixedDate: [2023-01-01 .. now-1m]
Show the misconfigured or vulnerable resources last fixed starting 2 weeks ago, ending 1 second ago
cloud.resource.lastFixedDate: [now-2w .. now-1s]
Show the misconfigured or vulnerable resources last fixed on specific date
cloud.resource.lastFixedDate: 2023-01-08
cloud.resource.lastReopenedDatecloud.resource.lastReopenedDate
Use a date range or specific date to find when the misconfigured or vulnerable resources were last reopened.
Examples
Show the misconfigured or vulnerable resources last reopened within certain dates
cloud.resource.lastReopenedDate: [2023-10-01 .. 2023-12-01]
Show the misconfigured or vulnerable resources last reopened starting 2023-01-01, ending 1 month ago
cloud.resource.lastReopenedDate: [2023-01-01 .. now-1m]
Show the misconfigured or vulnerable resources last reopened starting 2 weeks ago, ending 1 second ago
cloud.resource.lastReopenedDate: [now-2w .. now-1s]
Show the misconfigured or vulnerable resources last reopened on specific date
cloud.resource.lastReopenedDate: 2023-01-08
cloud.resource.firstPassedDatecloud.resource.firstPassedDate
Specify a timeframe to filter resources based on the time frame of their first passed evaluation.
Example
Show findings that passed their first evaluation within the last 24 hours.
cloud.resource.firstPassedDate:
[now-24h..now]
cloud.resource.lastPassedDatecloud.resource.lastPassedDate
Specify a timeframe to filter resources based on the time frame of their last passed evaluation.
Example
Show findings that passed their last evaluation within the last 24 hours.
cloud.resource.lastPassedDate:
[now-24h..now]
cloud.resource.firstFailedDatecloud.resource.firstFailedDate
Specify a timeframe to filter resources based on the time frame of their first failed evaluation.
Example
Show findings that failed their first evaluation within the last 24 hours.
cloud.resource.firstFailedDate:
[now-24h..now]
cloud.resource.lastFailedDatecloud.resource.lastFailedDate
Specify a timeframe to filter resources based on the time frame of their last failed evaluation.
Example
Show findings that failed their last evaluation within the last 24 hours.
cloud.resource.lastFailedDate:
[now-24h..now]
aws.account.aliasaws.account.alias
Use a text value ##### to show resources based on the account alias associated with the connector/ARN at the time of creation.
Example
Show resources with this account alias
aws.account.alias: Example_account
azure.subscriptionNameazure.subscriptionName
Use a text value ##### to find Azure connectors based on the subscription name associated with the connector at the time of creation.
Example
Show connectors with this subscription name
azure.subscriptionName: Sample Cloud Subscription
Use a text value ##### to show controls based on the unique control ID associated with the control at the time of creation.
Example
Show controls with this ID
control.id: 205767712438
control.isCustomizablecontrol.isCustomizable
Use the values true | false to find controls that are customizable or not.
Example
Show controls that are customizable
control.isCustomizable: true
control.criticalitycontrol.criticality
Select the control criticality (HIGH, MEDIUM, LOW) you're interested in.
Example
Show controls with High criticality
control.criticality: HIGH
control.descriptioncontrol.description
Use values within quotes to help you find controls with a certain description.
Examples
Show controls with this description
control.description: my-description
Show controls that contain parts of description
control.description: "my-description"
cloud.resource.lastFixedDatecloud.resource.lastFixedDate
Use a date range or specific date to find when the misconfigured or vulnerable resources were last fixed.
Examples
Show the misconfigured or vulnerable resources last fixed within certain dates
cloud.resource.lastFixedDate: [2023-10-01 .. 2023-12-01]
Show the misconfigured or vulnerable resources last fixed starting 2023-01-01, ending 1 month ago
cloud.resource.lastFixedDate: [2023-01-01 .. now-1m]
Show the misconfigured or vulnerable resources last fixed starting 2 weeks ago, ending 1 second ago
cloud.resource.lastFixedDate: [now-2w .. now-1s]
Show the misconfigured or vulnerable resources last fixed on specific date
cloud.resource.lastFixedDate: 2023-01-08
cloud.resource.lastReopenedDatecloud.resource.lastReopenedDate
Use a date range or specific date to find when the misconfigured or vulnerable resources were last reopened.
Examples
Show the misconfigured or vulnerable resources last reopened within certain dates
cloud.resource.lastReopenedDate: [2023-10-01 .. 2023-12-01]
Show the misconfigured or vulnerable resources last reopened starting 2023-01-01, ending 1 month ago
cloud.resource.lastReopenedDate: [2023-01-01 .. now-1m]
Show the misconfigured or vulnerable resources last reopened starting 2 weeks ago, ending 1 second ago
cloud.resource.lastReopenedDate: [now-2w .. now-1s]
Show the misconfigured or vulnerable resources last reopened on specific date
cloud.resource.lastReopenedDate: 2023-01-08
Search for list of controls based on the control type. Select the control type from the drop-down: User Defined or System Defined.
Example
Show control that are User Defined
control.type: User Defined
Use values within quotes to help you find controls with a certain name.
Examples
Show findings with this name
control.name: Avoid the use of the root account
Show any findings that contain parts of name
control.name: "Avoid the use of the root account"
Select the control result you're interested in: PASS or FAIL.
Examples
Show controls that passed
control.result: PASS
Show controls that failed
control.result: FAIL
control.objective.sectioncontrol.objective.section
Use the name of controlObjective section to view all the controls that belong to the specified section name.
Examples
Show all the controls that belong to the SC-7 control objective section
control.objective.section: SC-7
cloud.resource.evaluatedDatecloud.resource.evaluatedDate
Use a date range or specific date to define when the resource was first discovered.
Examples
Show resources discovered within certain dates
cloud.resource.evaluatedDate: [2018-01-01 ... 2018-03-01]
Show resources updated starting 2018-10-01, ending 1 month ago
cloud.resource.evaluatedDate: [2018-01-01 ... now-1m]
Show resources updated starting 2 weeks ago, ending 1 second ago
cloud.resource.evaluatedDate: [now-2w ... now-1s]
Show resources discovered on specific date
cloud.resource.evaluatedDate: 2018-01-08
cloud.resource.firstEvaluatedDatecloud.resource.firstEvaluatedDate
Use a date range or specific date to find when the resource was first evaluated.
Examples
Show the resources first evaluated within certain dates
cloud.resource.firstEvaluatedDate: [2023-10-01 .. 2023-12-01]
Show the resources first evaluated starting 2023-01-01, ending 1 month ago
cloud.resource.firstEvaluatedDate: [2023-01-01 .. now-1m]
Show the resources first evaluated starting 2 weeks ago, ending 1 second ago
cloud.resource.firstEvaluatedDate: [now-2w .. now-1s]
Show the resources first evaluated on specific date
cloud.resource.firstEvaluatedDate: 2023-01-08
cloud.resource.lastEvaluatedDatecloud.resource.lastEvaluatedDate
Use a date range or specific date to find when the resource was last evaluated.
Examples
Show the resources last evaluated within certain dates
cloud.resource.lastEvaluatedDate: [2023-10-01 .. 2023-12-01]
Show resources last evaluated starting 2018-10-01, ending 1 month ago
cloud.resource.lastEvaluatedDate: [2023-12-01 .. now-1m]
Show resources last evaluated starting 2 weeks ago, ending 1 second ago
cloud.resource.lastEvaluatedDate: [now-2w .. now-1s]
Show resources last evaluated on specific date
cloud.resource.lastEvaluatedDate: 2023-12-08
Use values within quotes to find a CIS or AWS policy by name.
Examples
Show findings with this name
policy.name: CIS Amazon Web Services Foundations Benchmark
Show any findings that contain parts of name
policy.name: "CIS Amazon Web Services Foundations Benchmark"
Select the name of the cloud service provider you're interested in. Select from names in the drop-down menu.
Example
Find resources synced from Amazon AWS
cloud.provider: AWS
Select the name of the region you're interested in. Select from names in the drop-down menu.
Example
Find resources in the Singapore region
cloud.region: Singapore, Singapore
cloud.resource.idcloud.resource.id
Use a text value ##### to show resources based on the unique ID.
Example
Show findings with resource ID
cloud.resource.id: 2012438
cloud.resource.typecloud.resource.type
Select the type of resource you're interested in. Select from names in the drop-down menu.
Example
Show resources of type Instance
cloud.resource.type: Instance
Use a text value ##### to show OCI resources based on the unique tenant ID.
Example
Show findings with tenant ID
oci.tenantId: ocid1.tenancy.oc1..aaaaaaaax2gwhq3hszjqhte5pgzijgyge6gvlsrqar6kxn7itwhk7keokamq
resource.result resource.result
Select the resource result (PASSE, PASS, FAIL) from control evaluation. Select status from the drop-down options.
Example
Show resources that have PASS result from control evaluation.
resource.result: PASS
Select the type of service you're interested in. Select from names in the drop-down menu.
Example
Show service type VPC
service.type: VPC
Use values within quotes to help you find exceptions with a certain name.
Example
Show exceptions with this name
exception.name: Sample_exception
control.isRemediablecontrol.isRemediable
Use true to view the controls for which remediation is enabled.
Example
Show controls which remediation is enabled
control.isRemediable: TRUE
cloud.resource.remediationStatuscloud.resource.remediationStatus
Select the remediation status ("Sucess", "Queued", "Error") to view controls with selected status. Select from names in the drop-down menu.
Example
Show controls with success as the remediation status
cloud.resource.remediationStatus: Success
Use the name of mandate policy to view controls that belong to the specified mandate policy.
Examples
Show all the controls that belong to the Cloud Controls Matrix (CCM) mandate policy
mandate.name: Cloud Controls Matrix (CCM)
mandate.publishermandate.publisher
Use the name of mandate publisher to view controls that belong to the specified mandate policy.
Examples
Show all the controls that belong to the Cloud Security Alliance (CSA) mandate publisher
mandate.publisher: Cloud Security Alliance
Use a boolean query to express your query using AND logic.
Example
Show findings with account ID 205767712438 and type Subnet
account.id: 205767712438 and resource.type: Subnet
Use a boolean query to express your query using NOT logic.
Example
Show findings that are not resource type Instance
not resource.type: Instance
Use a boolean query to express your query using OR logic.
Example
Show findings with one of these tag values
tag.value: Finance or tag.value: Accounting
cloud.resource.prevResult.valuecloud.resource.prevResult.value
Use a boolean query to filter resources according to their prior control evaluation results.
Example
Show findings with prior control evaluation results as "FAIL"
cloud.resource.prevResult.value: FAIL
Use a text value ##### to find GCP resources with a certain project Id.
Example
Show resources with this projectId
gcp.projectId:my-project-1513669048551
cloud.resource.prevResult.startDatecloud.resource.prevResult.startDate
Specify a timeframe within which the evaluation status changed from pass to fail, or from fail to pass.
Example
Show resources for which the evaluation status changed from pass to fail, or from fail to pass within the last 30 hours.
cloud.resource.prevResult.startDate:
[now-30h..now]
control.controlObjective.sectioncontrol.controlObjective.section
Search for controls based on the section of the control objective to which they belong. Select the section name or identifier from the drop-down.
Example
Show controls mapped to Section 5.1 of a control objective
control.controlObjective.section: 5.1
requirement.commentsrequirement.comments
Search for controls based on evaluator comments added during control evaluation against cloud provider resources.
Example
Show controls where the evaluator commented that exceptions apply
requirement.comments: exception
requirement.sectionrequirement.section
Search for controls based on the requirement section under which the control is evaluated. Select the requirement section identifier or name from the drop-down.
Example
Show controls mapped under Requirement Section 3.2
requirement.section: 3.2
control.objective.commentscontrol.objective.comments
Use the name of control objective's comments to view all the controls that match the to the specified comment.
Examples
Show all the controls that match the control objective comment saying Boundary Protection
control.objective.comments: Boundary Protection