Search Tokens for Control Evaluation (IaC)
Use the search tokens below to search for control evaluations (click any control name on the Monitor > IaC Posture tab). Looking for help with writing your query? click here
Use a text value ##### to show controls based on the unique control ID associated with the control at the time of creation.
Example
Show controls with this ID
cid: 205767712438
control.criticalitycontrol.criticality
Select the control criticality (HIGH, MEDIUM, LOW) you're interested in.
Example
Show controls with High criticality
control.criticality: HIGH
Use values within quotes to help you find controls with a certain name.
Examples
Show findings with this name
control.name: Avoid the use of the root account
Show any findings that contain parts of name
control.name: "Avoid the use of the root account"
Select the control result you're interested in: PASS or FAIL.
Examples
Show controls that passed
control.result: PASS
Show controls that failed
control.result: FAIL
Use values within quotes to find a CIS or AWS policy by name.
Examples
Show findings with this name
policy.name: CIS Amazon Web Services Foundations Benchmark
Show any findings that contain parts of name
policy.name: "CIS Amazon Web Services Foundations Benchmark"
Use a text value ##### to show resources based on the unique ID.
Example
Show findings with resource ID
resource.id: 2012438
Select the type of resource you're interested in. Select from names in the drop-down menu.
Example
Show resources of type Instance
resource.type: IAM
resource.resultresource.result
Select the resource result (SKIP, PASS, FAIL) from control evaluation. Select status from the drop-down options.
Example
Show resources that have PASS result from control evaluation.
resource.result: PASS
Select the type of service you're interested in. Select from names in the drop-down menu.
Example
Show service type VPC
service.type: VPC
Select the source type for IaC templates you're interested in. Select from names in the drop-down menu.
Example
Show all source files from GitHub
iac.source: GitHub
iac.template.typeiac.template.type
Select the type of IaC templates you're interested in. Select from names in the drop-down menu.
Example
Show all ARM templates
iac.template.type: ARM
Use a text value ##### to view resources based on the unique IaC scan ID.
Example
Show all resources that were detected during a scan with specific ID.
iac.scan.id:
43e92a2d-1234-43fb-b13e-e4ae50825835
Use a text value ##### to show resources based on the unique scan name.
Example
Show all resources that were detected during a scan with specific name.
iac.scan.name: sample_scan_name
Use a text value ##### to show resources belonging to a particular Git repository.
Example
Show all resources that were detected from a specific Git repository.
git.reponame: sample_repository_name
Use a text value ##### to show resources belonging to a particular branch of the Git repository.
Example
Show all resources that were detected from a specific branch of theGit repository.
git.branch: Sample_branch
Use a date range or specific date to define when the resource was first discovered.
Examples
Show resources discovered within certain dates
evaluatedOn: [2018-01-01 ... 2018-03-01]
Show resources updated starting 2018-10-01, ending 1 month ago
evaluatedOn: [2018-01-01 ... now-1m]
Show resources updated starting 2 weeks ago, ending 1 second ago
evaluatedOn: [now-2w ... now-1s]
Show resources discovered on specific date
evaluatedOn: 2018-01-08
Use the name of mandate policy to view controls that belong to the specified mandate policy.
Example
Show all the controls that belong to the Cloud Controls Matrix (CCM) mandate policy
mandate.name: Cloud Controls Matrix (CCM)
mandate.publishermandate.publisher
Use the name of mandate publisher to view controls that belong to the specified mandate policy.
Example
Show all the controls that belong to the Cloud Security Alliance (CSA) mandate publisher
mandate.publisher: Cloud Security Alliance
Use a boolean query to express your query using AND logic.
Example
Show findings with account ID 205767712438 and type Subnet
account.id: 205767712438 and resource.type: Subnet
Use a boolean query to express your query using NOT logic.
Example
Show findings that are not resource type Instance
not resource.type: Instance
Use a boolean query to express your query using OR logic.
Example
Show findings with one of these tag values
tag.value: Finance or tag.value: Accounting