Search Tokens: Run Time Controls on Cloud Posture Tab
Use the search tokens below to search for controls being monitored. Looking for help with writing your query? click here
Use a text value ##### to show resources based on the unique account ID associated with the connector/ARN at the time of creation.
Example
Show findings with this account ID
account.id: 205767712438
Use a text value ##### to show resources based on the account alias associated with the connector/ARN at the time of creation.
Example
Show resources with this account alias
account.alias: Example_resource
subscriptionNamesubscriptionName
Use a text value ##### to find Azure connectors based on the subscription name associated with the connector at the time of creation.
Example
Show connectors with this subscription name
subscriptionName: Sample Cloud Subscription
Use a text value ##### to show controls based on the unique control ID associated with the control at the time of creation.
Example
Show controls with this ID
cid: 205767712438
control.criticalitycontrol.criticality
Select the control criticality (HIGH, MEDIUM, LOW) you're interested in.
Example
Show controls with High criticality
control.criticality: HIGH
Use values within quotes to help you find controls with a certain name.
Examples
Show findings with this name
control.name: Avoid the use of the root account
Show any findings that contain parts of name
control.name: "Avoid the use of the root account"
Select the control result you're interested in: PASS or FAIL.
Examples
Show controls that passed
control.result:PASS
Show controls that failed
control.result:FAIL
Use values within quotes to find a CIS or AWS policy by name.
Examples
Show findings with this name
policy.name: CIS Amazon Web Services Foundations Benchmark
Show any findings that contain parts of name
policy.name: "CIS Amazon Web Services Foundations Benchmark"
Select the name of the cloud service provider you're interested in. Select from names in the drop-down menu.
Example
Find resources synced from Amazon AWS
provider:AWS
Use a date range or specific date to find when the misconfigured or vulnerable resources were last fixed.
Examples
Show the misconfigured or vulnerable resources last fixed within certain dates
lastFixed: [2023-10-01 .. 2023-12-01]
Show the misconfigured or vulnerable resources last fixed starting 2023-01-01, ending 1 month ago
lastFixed: [2023-01-01 .. now-1m]
Show the misconfigured or vulnerable resources last fixed starting 2 weeks ago, ending 1 second ago
lastFixed: [now-2w .. now-1s]
Show the misconfigured or vulnerable resources last fixed on specific date
lastFixed: 2023-01-08
Use a date range or specific date to find when the misconfigured or vulnerable resources were last reopened.
Examples
Show the misconfigured or vulnerable resources last reopened within certain dates
lastReopened: [2023-10-01 .. 2023-12-01]
Show the misconfigured or vulnerable resources last reopened starting 2023-01-01, ending 1 month ago
lastReopened: [2023-01-01 .. now-1m]
Show the misconfigured or vulnerable resources last reopened starting 2 weeks ago, ending 1 second ago
lastReopened: [now-2w .. now-1s]
Show the misconfigured or vulnerable resources last reopened on specific date
lastReopened: 2023-01-08
Select the name of the region you're interested in. Select from names in the drop-down menu.
Example
Find resources in the Singapore region
region: Singapore, Singapore
Use a text value ##### to find resources by the unique ID assigned to the resource.
Example
Show resources with ID acl-8e5198f5
resource.id: acl-8e5198f5
Use a text value ##### to show OCI resources based on the unique tenant ID.
Example
Show findings with tenant ID
tenantId: ocid1.tenancy.oc1..aaaaaaaax2gwhq3hszjqhte5pgzijgyge6gvlsrqar6kxn7itwhk7keokamq
Select the type of resource you're interested in. Select from names in the drop-down menu.
Example
Show resources of type Instance
resource.type: Instance
resource.resultresource.result
Select the resource result (PASSE, PASS, FAIL) from control evaluation. Select status from the drop-down options.
Example
Show resources that have PASS result from control evaluation.
resource.result: PASS
Select the type of service you're interested in. Select from names in the drop-down menu.
Example
Show service type VPC
service.type: VPC
Use a date range or specific date to define when the resource was first discovered.
Examples
Show resources discovered within certain dates
evaluatedOn: [2018-01-01 .. 2018-03-01]
Show resources updated starting 2018-10-01, ending 1 month ago
evaluatedOn: [2018-01-01 .. now-1m]
Show resources updated starting 2 weeks ago, ending 1 second ago
evaluatedOn: [now-2w .. now-1s]
Show resources discovered on specific date
evaluatedOn: 2018-01-08
firstEvaluatedOnfirstEvaluatedOn
Use a date range or specific date to find when the resource was first evaluated.
Examples
Show the resources first evaluated within certain dates
firstEvaluatedOn: [2023-10-01 .. 2023-12-01]
Show the resources first evaluated starting 2023-01-01, ending 1 month ago
firstEvaluatedOn: [2023-01-01 .. now-1m]
Show the resources first evaluated starting 2 weeks ago, ending 1 second ago
firstEvaluatedOn: [now-2w .. now-1s]
Show the resources first evaluated on specific date
firstEvaluatedOn: 2023-01-08
lastEvaluatedOnlastEvaluatedOn
Use a date range or specific date to find when the resource was last evaluated.
Examples
Show the resources last evaluated within certain dates
lastEvaluatedOn: [2023-10-01 .. 2023-12-01]
Show resources last evaluated starting 2018-10-01, ending 1 month ago
lastEvaluatedOn: [2023-12-01 .. now-1m]
Show resources last evaluated starting 2 weeks ago, ending 1 second ago
lastEvaluatedOn: [now-2w .. now-1s]
Show resources last evaluated on specific date
lastEvaluatedOn: 2023-12-08
Use the name of mandate policy to view controls that belong to the specified mandate policy.
Examples
Show all the controls that belong to the Cloud Controls Matrix (CCM) mandate policy
mandate.name: Cloud Controls Matrix (CCM)
mandate.publishermandate.publisher
Use the name of mandate publisher to view controls that belong to the specified mandate policy.
Examples
Show all the controls that belong to the Cloud Security Alliance (CSA) mandate publisher
mandate.publisher: Cloud Security Alliance
requirement.sectionrequirement.section
Use the name of requirement section to view all the controls that belong to the specified requirement section.
Examples
Show all the controls that belong to the AIS requirement section
requirement.section: AIS
controlObjective.sectioncontrolObjective.section
Use the name of controlObjective section to view all the controls that belong to the specified section name.
Examples
Show all the controls that belong to the SC-7 control objective section
controlObjective.section: SC-7
controlObjective.commentscontrolObjective.comments
Use the name of control objective's comments to view all the controls that match the to the specified comment.
Examples
Show all the controls that match the control objective comment saying Boundary Protection
controlObjective.comments: Boundary Protection
Search the policy by providing a unique id to identify any policy.
Examples
Show the policy that belong to specified unique ID
policy.uuid:80313390-aa04-11e9-9596-45e2d51410b1
Search the type of policy you want to view. Select the types from the drop-down menu.
Examples
Show all policies that are defined by user
policyType:User Defined
Use a text value ##### to find Azure connectos based on the unique subscription ID associated with the connector at the time of creation.
Example
Show connectors with this subscription ID
subscriptionId: fbb9ea64-abda-452e-adfa-83442409
Use a text value ##### to find GCP connectors based on the unique project ID associated with the connectorat the time of creation.
Show connectors with this projectId
projectId: my-project-1513669048551
Use a text value ##### to find policies or controls modified by a user of interest.
Example
Show policies or controls modified by the specified user
updatedBy: user_john
Use values within quotes to help you find exceptions with a certain name.
Example
Show exceptions with this name
exception.name: Sample_exception
Use true to view the controls for which remediation is enabled.
Example
Show controls that are remediable
isRemediable: TRUE
remediationStatusremediationStatus
Select the remediation status ("Success", "Queued", "Error") to view controls with selected status. Select from names in the drop-down menu.
Example
Show controls with success as the remediation status
remediationStatus: Success
Use the values true | false to find controls that are customizable or not.
Example
Show controls that are customizable
isCustomizable: true
Use a text value ##### to show controls created from QFlow with specified QFlow id.
Example
Show controls with specific qflow id
qflow.id: 80313390-aa04-11e9-9596-45e2d51410b1
Use values within quotes or back-ticks to find controls created from QFlow with the specified name.
Examples
Show controls that are created from QFlow with a name that partially matches the specified QFlow name.
qflow.name: "Publicly accessible S3 buckets"
Show controls that are created from QFlow with a name that exactly matches the specified QFlow name.
qflow.name: `S3 buckets`
Use a boolean query to express your query using AND logic.
Example
Show findings with account ID 205767712438 and type Subnet
account.id: 205767712438 and resource.type: Subnet
Use a boolean query to express your query using NOT logic.
Example
Show findings that are not resource type Instance
not resource.type: Instance
Use a boolean query to express your query using OR logic.
Example
Show findings with one of these tag values
tag.value: Finance or tag.value: Accounting
requirement.commentsrequirement.comments
Use the name of requirement section to view all the controls that belong to the specified requirement section.
Examples
Show all the controls that belong to the Application & Interface Security requirement comment
requirement.comments: Application & Interface Security