Boolean Queries

Using Boolean operators (AND, OR, NOT) gives you many ways to refine your search. Here are some things to know.

More complex Boolean queries

These queries show you how to use many robust search capabilities in one query.

vulnerabilities: (typeDetected: "Confirmed" AND firstFound < now-1d AND lastFound:[now-1M ... now-1s])

vulnerabilities:(vulnerability.cveIds: (CVE-2016-0189 OR CVE-2016-0162 OR CVE-2016-7200 OR CVE-2016-7201 OR CVE-2016-0034 OR CVE-2015-3105 OR CVE-2015-3113) AND lastFound:[now-10d ... now-1s]

Good to Know - Max query depth

We've implemented controls in query parsing for queries containing the operators AND, OR. The maximum depth allowed for an AND/OR query cannot cross 1000 levels. If you run a query having more than 1000 levels of depth, an error is returned.

A simple query like this has level of depth 2

vulnerabilities.vulnerability: (patchAvailable: "true" AND category: "CGI")

A more complex query like this has level of depth 5

(operatingSystem: windows OR operatingSystem: linux) AND (openPorts.port: 80 OR openPorts.port: 8080) AND NOT updated <= "2018-01-20"