Home

Search Tokens: Run Time Controls on Cloud Posture Tab

Use the search tokens below to search for controls being monitored. Looking for help with writing your query? click here

account.idaccount.id

Use a text value ##### to show resources based on the unique account ID associated with the connector/ARN at the time of creation.

Example

Show findings with this account ID

account.id: 205767712438

account.aliasaccount.alias

Use a text value ##### to show resources based on the account alias associated with the connector/ARN at the time of creation.

Example

Show resources with this account alias

account.alias: Example_resource

subscriptionNamesubscriptionName

Use a text value ##### to find Azure connectors based on the subscription name associated with the connector at the time of creation.

Example

Show connectors with this subscription name

subscriptionName: Sample Cloud Subscription

cidcid

Use a text value ##### to show controls based on the unique control ID associated with the control at the time of creation.

Example

Show controls with this ID

cid: 205767712438

control.criticalitycontrol.criticality

Select the control criticality (HIGH, MEDIUM, LOW) you're interested in.

Example

Show controls with High criticality

control.criticality: HIGH

control.namecontrol.name

Use values within quotes to help you find controls with a certain name.

Examples

Show findings with this name

control.name: Avoid the use of the root account

Show any findings that contain parts of name

control.name: "Avoid the use of the root account"

control.resultcontrol.result

Select the control result you're interested in: PASS or FAIL.

Examples

Show controls that passed

control.result:PASS

Show controls that failed

control.result:FAIL

policy.namepolicy.name

Use values within quotes to find a CIS or AWS policy by name.

Examples

Show findings with this name

policy.name: CIS Amazon Web Services Foundations Benchmark

Show any findings that contain parts of name

policy.name: "CIS Amazon Web Services Foundations Benchmark"

providerprovider

Select the name of the cloud service provider you're interested in. Select from names in the drop-down menu.

Example

Find resources synced from Amazon AWS

provider:AWS

lastFixedlastFixed

Use a date range or specific date to find when the misconfigured or vulnerable resources were last fixed.

Examples

Show the misconfigured or vulnerable resources last fixed within certain dates

lastFixed: [2023-10-01 .. 2023-12-01]

Show the misconfigured or vulnerable resources last fixed starting 2023-01-01, ending 1 month ago

lastFixed: [2023-01-01 .. now-1m]

Show the misconfigured or vulnerable resources last fixed starting 2 weeks ago, ending 1 second ago

lastFixed: [now-2w .. now-1s]

Show the misconfigured or vulnerable resources last fixed on specific date

lastFixed: 2023-01-08

lastReopenedlastReopened

Use a date range or specific date to find when the misconfigured or vulnerable resources were last reopened.

Examples

Show the misconfigured or vulnerable resources last reopened within certain dates

lastReopened: [2023-10-01 .. 2023-12-01]

Show the misconfigured or vulnerable resources last reopened starting 2023-01-01, ending 1 month ago

lastReopened: [2023-01-01 .. now-1m]

Show the misconfigured or vulnerable resources last reopened starting 2 weeks ago, ending 1 second ago

lastReopened: [now-2w .. now-1s]

Show the misconfigured or vulnerable resources last reopened on specific date

lastReopened: 2023-01-08

aws.account.tags.keyaws.account.tags.key

Use values within quotes or backticks to find the list control evaluation of AWS connectors with the specified tag key.

Examples

Show control evaluations of AWS connectors with the specified tag key.

aws.account.tags.key: "Department"

Show control evaluations of AWS connectors that match the exact specified tag key.

aws.account.tags.key: `S3 Department`

aws.account.tags.valueaws.account.tags.value

Use values within quotes or backticks to find the list control evaluation of AWS connectors with the specified tag value.

Examples

Show control evaluations of AWS connectors with the specified tag value.

aws.account.tags.value: "Finance"

Show control evaluations of AWS connectors that match the exact specified tag value.

aws.account.tags.value: `B1 Finance`

regionregion

Select the name of the region you're interested in. Select from names in the drop-down menu.

Example

Find resources in the Singapore region

region: Singapore, Singapore

resource.idresource.id

Use a text value ##### to find resources by the unique ID assigned to the resource.

Example

Show resources with ID acl-8e5198f5

resource.id: acl-8e5198f5

tenantIdtenantId

Use a text value ##### to show OCI resources based on the unique tenant ID.

Example

Show findings with tenant ID

tenantId: ocid1.tenancy.oc1..aaaaaaaax2gwhq3hszjqhte5pgzijgyge6gvlsrqar6kxn7itwhk7keokamq

resource.typeresource.type

Select the type of resource you're interested in. Select from names in the drop-down menu.

Example

Show resources of type Instance

resource.type: Instance

resource.resultresource.result

Select the resource result (PASSE, PASS, FAIL) from control evaluation. Select status from the drop-down options.

Example

Show resources that have PASS result from control evaluation.

resource.result: PASS

service.typeservice.type

Select the type of service you're interested in. Select from names in the drop-down menu.

Example

Show service type VPC

service.type: VPC

evaluatedOnevaluatedOn

Use a date range or specific date to define when the resource was first discovered.

Examples

Show resources discovered within certain dates

evaluatedOn: [2018-01-01 .. 2018-03-01]

Show resources updated starting 2018-10-01, ending 1 month ago

evaluatedOn: [2018-01-01 .. now-1m]

Show resources updated starting 2 weeks ago, ending 1 second ago

evaluatedOn: [now-2w .. now-1s]

Show resources discovered on specific date

evaluatedOn: 2018-01-08

firstEvaluatedOnfirstEvaluatedOn

Use a date range or specific date to find when the resource was first evaluated.

Examples

Show the resources first evaluated within certain dates

firstEvaluatedOn: [2023-10-01 .. 2023-12-01]

Show the resources first evaluated starting 2023-01-01, ending 1 month ago

firstEvaluatedOn: [2023-01-01 .. now-1m]

Show the resources first evaluated starting 2 weeks ago, ending 1 second ago

firstEvaluatedOn: [now-2w .. now-1s]

Show the resources first evaluated on specific date

firstEvaluatedOn: 2023-01-08

lastEvaluatedOnlastEvaluatedOn

Use a date range or specific date to find when the resource was last evaluated.

Examples

Show the resources last evaluated within certain dates

lastEvaluatedOn: [2023-10-01 .. 2023-12-01]

Show resources last evaluated starting 2018-10-01, ending 1 month ago

lastEvaluatedOn: [2023-12-01 .. now-1m]

Show resources last evaluated starting 2 weeks ago, ending 1 second ago

lastEvaluatedOn: [now-2w .. now-1s]

Show resources last evaluated on specific date

lastEvaluatedOn: 2023-12-08

mandate.namemandate.name

Use the name of mandate policy to view controls that belong to the specified mandate policy.

Examples

Show all the controls that belong to the Cloud Controls Matrix (CCM) mandate policy

mandate.name: Cloud Controls Matrix (CCM)

mandate.publishermandate.publisher

Use the name of mandate publisher to view controls that belong to the specified mandate policy.

Examples

Show all the controls that belong to the Cloud Security Alliance (CSA) mandate publisher

mandate.publisher: Cloud Security Alliance

requirement.sectionrequirement.section

Use the name of requirement section to view all the controls that belong to the specified requirement section.

Examples

Show all the controls that belong to the AIS requirement section

requirement.section: AIS

requirement.commentsrequirement.comments

Use the name of requirement section to view all the controls that belong to the specified requirement section.

Examples

Show all the controls that belong to the Application & Interface Security requirement comment

requirement.comments: Application & Interface Security

controlObjective.sectioncontrolObjective.section

Use the name of controlObjective section to view all the controls that belong to the specified section name.

Examples

Show all the controls that belong to the SC-7 control objective section

controlObjective.section: SC-7

controlObjective.commentscontrolObjective.comments

Use the name of control objective's comments to view all the controls that match the to the specified comment.

Examples

Show all the controls that match the control objective comment saying Boundary Protection

controlObjective.comments: Boundary Protection

policy.uuidpolicy.uuid

Search the policy by providing a unique id to identify any policy.

Examples

Show the policy that belong to specified unique ID

policy.uuid:80313390-aa04-11e9-9596-45e2d51410b1

policyTypepolicyType

Search the type of policy you want to view. Select the types from the drop-down menu.

Examples

Show all policies that are defined by user

policyType:User Defined

subscriptionIdsubscriptionId

Use a text value ##### to find Azure connectos based on the unique subscription ID associated with the connector at the time of creation.

Example

Show connectors with this subscription ID

subscriptionId: fbb9ea64-abda-452e-adfa-83442409

projectIdprojectId

Use a text value ##### to find GCP connectors based on the unique project ID associated with the connectorat the time of creation.

Show connectors with this projectId

projectId: my-project-1513669048551

updatedByupdatedBy

Use a text value ##### to find policies or controls modified by a user of interest.

Example

Show policies or controls modified by the specified user

updatedBy: user_john

exception.nameexception.name

Use values within quotes to help you find exceptions with a certain name.

Example

Show exceptions with this name

exception.name: Sample_exception

isRemediableisRemediable

Use true to view the controls for which remediation is enabled.

Example

Show controls that are remediable

isRemediable: TRUE

remediationStatusremediationStatus

Select the remediation status ("Success", "Queued", "Error") to view controls with selected status. Select from names in the drop-down menu.

Example

Show controls with success as the remediation status

remediationStatus: Success

isCustomizableisCustomizable

Use the values true | false to find controls that are customizable or not.

Example

Show controls that are customizable

isCustomizable: true

qflow.idqflow.id

Use a text value ##### to show controls created from QFlow with specified QFlow id.

Example

Show controls with specific qflow id

qflow.id: 80313390-aa04-11e9-9596-45e2d51410b1

qflow.nameqflow.name

Use values within quotes or back-ticks to find controls created from QFlow with the specified name.

Examples

Show controls that are created from QFlow with a name that partially matches the specified QFlow name.

qflow.name: "Publicly accessible S3 buckets"

Show controls that are created from QFlow with a name that exactly matches the specified QFlow name.

qflow.name: `S3 buckets`

tags.nametags.name

Use values within quotes or backticks to help you find the resources with the specified tag you're looking for.

Example

Show any findings that contain "network" and "blue" in name

tags.name: "network blue"

Show any findings that contain "network" or "blue" in name (another method)

tags.name: "network" OR tags.name: "blue"

Show any findings that match exact value "Cloud Agent"

tags.name: "Cloud Agent"

andand

Use a boolean query to express your query using AND logic.

Example

Show findings with account ID 205767712438 and type Subnet

account.id: 205767712438 and resource.type: Subnet

notnot

Use a boolean query to express your query using NOT logic.

Example

Show findings that are not resource type Instance

not resource.type: Instance

oror

Use a boolean query to express your query using OR logic.

Example

Show findings with one of these tag values

tag.value: Finance or tag.value: Accounting