Searching for Clusters and PODs

This topic covers Qualys Query Language (QQL) tokens associated with the Cluster Sensor. To know more about types of Searches, refer to How to Search in Container Security.

To know about Cluster Sensor QQLs, refer to

  • Searching for Clusters
  • Searching for PODs

Searching for Clusters

Use the search tokens below to search for Clusters.

clusterNameclusterName

Enter the cluster name.

Example

Show cluster details based on the name.

clusterName: GCP-2

clusterUidclusterUid

Enter the UID of your cluster.

Example

Show cluster details based on the specified clusterUid.

clusterUid: 22d6c554-****-4f0e-a***-59bc7****668

statusstatus

Enter the status of your cluster (ACTIVE, UNKOWN).

Example

Find clusters having status as 'Active'.

status: ACTIVE

providerprovider

Enter the provider name (AWS, AZURE, GCP, OCI, SELF_MANAGED_K8S).

Example

Show clusters based on the Cloud provider.

provider: AWS

AWS.arnAWS.arn

Enter the AWS ARN to search clusters.

Example

Show AWS Cluster details based on the passed AWS ARN (Amazon Resource Name) - 'arn:aws:eks:us-east-1:362******442:cluster/DJ-test-ekstest'.

AWS.arn:'arn:aws:eks:us-east-1:362******442:cluster/DJ-test-ekstest'

AZURE.idAZURE.id

Enter the Azure ID of your cluster.

Example

Show Azure cluster details based on the given Azure ID - 5a8*****-af14-4***a10-bfa0-*****979cb16.

AZURE.id: 5a8*****-af14-4***a10-bfa0-*****979cb16

OCI.ocidOCI.ocid

Enter the Oracle Cloud (OC) ID of your cluster.

Example

Show OC cluster details based on the given OCI ID - ocid1.cluster.oc1.***.qbcs.

OCI.ocid: ocid1.cluster.oc1.***.qbcs

GCP.krnGCP.krn

Enter the GCP KRN of your cluster.

Example

Show GCP cluster details based on the GCP KRN - projects/xxxxxx/location/us-1/clusters/zonal-cluster.

GCP.krn: projects/xxxxxx/location/us-1/clusters/zonal-cluster

 

Searching for PODs

Use the search tokens below to search for PODs.

containerscontainers

Enter the count of the containers you want to search.

Example

Show workloads which has a container count of 2.

containers: 2

annotationsannotations

Enter the annotation of your POD.

Example

Show workloads based on the given annotation - ios_delta.

annotations: ios_delta

labelslabels

Enter the label of your POD.

Example

Show workloads based on the given label - application-2.

labels: application-2

namename

Enter the name of the POD.

Example

Show workloads based on the POD name.

name: docker.io

statusstatus

Enter the status of the POD.

Example

Show RUNNING workloads.

status: RUNNING

clusterUidclusterUid

Enter the UID of the cluster.

Example

Show workloads based on the cluster UID - *****554-365d-4f0e-a171-59b****d668.

clusterUid: *****554-365d-4f0e-a171-59b****d668