Search Tokens for Control Evaluation (IaC)

Use the search tokens below to search for control evaluations (click any control name on the Monitor >  IaC Posture tab). Looking for help with writing your query? click here

cidcid

Use a text value ##### to show controls based on the unique control ID associated with the control at the time of creation.

Example

Show controls with this ID

cid: 205767712438

control.criticalitycontrol.criticality

Select the control criticality (HIGH, MEDIUM, LOW) you're interested in.

Example

Show controls with High criticality

control.criticality: HIGH

control.namecontrol.name

Use values within quotes to help you find controls with a certain name.

Examples

Show findings with this name

control.name: Avoid the use of the root account

Show any findings that contain parts of name

control.name: "Avoid the use of the root account"

control.resultcontrol.result

Select the control result you're interested in: PASS or FAIL.

Examples

Show controls that passed

control.result: PASS

Show controls that failed

control.result: FAIL

policy.namepolicy.name

Use values within quotes to find a CIS or AWS policy by name.

Examples

Show findings with this name

policy.name: CIS Amazon Web Services Foundations Benchmark

Show any findings that contain parts of name

policy.name: "CIS Amazon Web Services Foundations Benchmark"

resource.idresource.id

Use a text value ##### to show resources based on the unique ID.

Example

Show findings with resource ID

resource.id: 2012438

resource.typeresource.type

Select the type of resource you're interested in. Select from names in the drop-down menu.

Example

Show resources of type Instance

resource.type: IAM

resource.resultresource.result

Select the resource result (SKIP, PASS, FAIL) from control evaluation. Select status from the drop-down options.

Example

Show resources that have PASS result from control evaluation.

resource.result: PASS

service.typeservice.type

Select the type of service you're interested in. Select from names in the drop-down menu.

Example

Show service type VPC

service.type: VPC

iac.sourceiac.source

Select the source type for IaC templates you're interested in. Select from names in the drop-down menu.

Example

Show all source files from GitHub

iac.source: GitHub

iac.template.typeiac.template.type

Select the type of IaC templates you're interested in. Select from names in the drop-down menu.

Example

Show all ARM templates

iac.template.type: ARM

iac.scan.idiac.scan.id

Use a text value ##### to view resources based on the unique IaC scan ID.

Example

Show all resources that were detected during a scan with specific ID.

iac.scan.id: 43e92a2d-1234-43fb-b13e-e4ae50825835

iac.scan.nameiac.scan.name

Use a text value ##### to show resources based on the unique scan name.

Example

Show all resources that were detected during a scan with specific name.

iac.scan.name: sample_scan_name

git.reponamegit.reponame

Use a text value ##### to show resources belonging to a particular Git repository.

Example

Show all resources that were detected from a specific Git repository.

git.reponame: sample_repository_name

git.branchgit.branch

Use a text value ##### to show resources belonging to a particular branch of the Git repository.

Example

Show all resources that were detected from a specific branch of theGit repository.

git.branch: Sample_branch

evaluatedOnevaluatedOn

Use a date range or specific date to define when the resource was first discovered.

Examples

Show resources discovered within certain dates

evaluatedOn: [2018-01-01 ... 2018-03-01]

Show resources updated starting 2018-10-01, ending 1 month ago

evaluatedOn: [2018-01-01 ... now-1m]

Show resources updated starting 2 weeks ago, ending 1 second ago

evaluatedOn: [now-2w ... now-1s]

Show resources discovered on specific date

evaluatedOn: 2018-01-08

mandate.namemandate.name

Use the name of mandate policy to view controls that belong to the specified mandate policy.

Example

Show all the controls that belong to the Cloud Controls Matrix (CCM) mandate policy

mandate.name: Cloud Controls Matrix (CCM)

mandate.publishermandate.publisher

Use the name of mandate publisher to view controls that belong to the specified mandate policy.

Example

Show all the controls that belong to the Cloud Security Alliance (CSA) mandate publisher

mandate.publisher: Cloud Security Alliance

andand

Use a boolean query to express your query using AND logic.

Example

Show findings with account ID 205767712438 and type Subnet

account.id: 205767712438 and resource.type: Subnet

notnot

Use a boolean query to express your query using NOT logic.

Example

Show findings that are not resource type Instance

not resource.type: Instance

oror

Use a boolean query to express your query using OR logic.

Example

Show findings with one of these tag values

tag.value: Finance or tag.value: Accounting