Searching for Sensors
Use the search tokens below to search for sensors. Looking for help with writing your query? click here
sensor.activationUuidsensor.activationUuid
Use a text value ##### to find sensors having an activation UUID.
Example
Show findings with this activation UUID
sensor.activationUuid: ed46df944e1c
sensor.architecturesensor.architecture
Use a text value ##### to find sensors by the host sensor.architecture (amd64, arm64, x86_64).
Example
Show findings with arm64 host sensor.architecture
sensor.architecture: arm64
sensor.cluster.k8s.node.isMastersensor.cluster.k8s.node.isMaster
Use the values true | false to find sensors running on the master node.
Example
Show sensors running on the master node
sensor.cluster.k8s.node.isMaster: true
sensor.cluster.k8s.node.namesensor.cluster.k8s.node.name
Use a text value ##### to find sensors by the Kubernetes cluster node name.
Example
Show sensors with this node sensor.name
sensor.cluster.k8s.node.name: my-node
sensor.cluster.k8s.pod.controller.namesensor.cluster.k8s.pod.controller.name
Use a text value ##### to find sensors by the Kubernetes cluster pod controller name.
Example
Show sensors with this pod controller sensor.name
sensor.cluster.k8s.pod.controller.name: my-controller
sensor.cluster.k8s.pod.controller.typesensor.cluster.k8s.pod.controller.type
Use a text value ##### to find sensors by the Kubernetes cluster pod controller type (DaemonSet).
Example
Show sensors with this pod controller type
sensor.cluster.k8s.pod.controller.type: DaemonSet
sensor.cluster.k8s.pod.controller.uuidsensor.cluster.k8s.pod.controller.uuid
Use a text value ##### to find sensors by the Kubernetes cluster pod controller uuid.
Example
Show sensors with this pod controller sensor.uuid
sensor.cluster.k8s.pod.controller.uuid: 01234567-89ab-cdef-0123-456789abcdef
sensor.cluster.k8s.pod.label.keysensor.cluster.k8s.pod.label.key
Use a text value ##### to find containers by a label sensor.name (key) assigned to the Kubernetes cluster pod.
Example
Show containers with this pod label sensor.name
sensor.cluster.k8s.pod.label.key: environment
sensor.cluster.k8s.pod.label.valuesensor.cluster.k8s.pod.label.value
Use a text value ##### to find containers by a label value assigned to the Kubernetes cluster pod.
Example
Show containers with this pod label value
sensor.cluster.k8s.pod.label.value: production
sensor.cluster.k8s.pod.namesensor.cluster.k8s.pod.name
Use a text value ##### to find sensors by the Kubernetes cluster pod name.
Example
Show sensors with this pod sensor.name
sensor.cluster.k8s.pod.name: my-pod
sensor.cluster.k8s.pod.namespacesensor.cluster.k8s.pod.namespace
Use a text value ##### to find sensors by the Kubernetes cluster pod namespace.
Example
Show sensors with this pod namespace
sensor.cluster.k8s.pod.namespace: my.namespace.example.com
sensor.cluster.k8s.pod.uuidsensor.cluster.k8s.pod.uuid
Use a text value ##### to find sensors by the Kubernetes cluster pod uuid.
Example
Show sensors with this pod sensor.uuid
sensor.cluster.k8s.pod.uuid: 01234567-89ab-cdef-0123-456789abcdef
sensor.cluster.k8s.projectsensor.cluster.k8s.project
Use a text value ##### to find sensors by the Kubernetes cluster project name.
Example
Show sensors with this Kubernetes cluster project
sensor.cluster.k8s.project: my-project
sensor.cluster.typesensor.cluster.type
Use a text value ##### to find sensors by the cluster type (KUBERNETES).
Example
Show sensors with the Kubernetes cluster type
sensor.cluster.type: KUBERNETES
sensor.containerIpv4sensor.containerIpv4
Use a text value ##### to define a container IPv4 address of interest.
Example
Show containers on this IPv4 address
sensor.containerIpv4: 172.17.0.2
sensor.containerIpv6sensor.containerIpv6
Use a text value ##### to define a container IPv6 address of interest.
Example
Show containers on this IPv6 address
sensor.containerIpv6: fe80:0:0:0:2502:b53c:4139:404b
sensor.containerMacAddresssensor.containerMacAddress
Use a text value ##### to define a container MAC address you're interested in.
Example
Show container with this MAC address
sensor.containerMacAddress: 00-50-56-A9-73-5A
sensor.containerRuntimesensor.containerRuntime
Use a text value ##### to find a container based on Runtime type (DOCKER, CONTAINERD, CRI-O).
Example
Show container with this Runtime type
sensor.containerRuntime: DOCKER
sensor.containerRuntimeVersionsensor.containerRuntimeVersion
Use a text value ##### to find the Runtime version you're interested in.
Example
Show container with this Runtime version
sensor.containerRuntimeVersion: 1.3
sensor.createdDatesensor.createdDate
Use a date range or specific date to define when sensors were created.
Examples
Find sensors sensor.createdDate within certain dates
sensor.createdDate: [2017-06-15 ... 2017-06-30]
Find sensors sensor.createdDate on specific date
sensor.createdDate:'2017-08-15'
sensor.dockerVersionsensor.dockerVersion
Use a text value ##### to find Docker version you're interested in.
Example
Show sensors with this Docker version
sensor.dockerVersion: 1.3
sensor.hostnamesensor.hostname
Use a text value ##### to define the sensor sensor.hostname you're looking for.
Example
Show sensors with this sensor.hostname
sensor.hostname: dockerhost07.mydomain.com
sensor.imageIdsensor.imageId
Use a text value ##### to define a sensor image ID of interest.
Example
Show sensors with this image ID
sensor.imageId: c2d1b73a90ec
sensor.imageShasensor.imageSha
Use a text value ##### to define SHA 256 hash of sensor image.
Example
Show container image with this SHA value
sensor.imageSha: 163dc7f6b91a30bdaa867c28e7edc341e72da63b0f9056be497bd59a83bce695
sensor.ipAddresssensor.ipAddress
Use a text value ##### to define a sensor IPv4 address of interest.
Example
Show sensors on this IPv4 address
sensor.ipAddress: 172.17.0.2
sensor.ipV6Addresssensor.ipV6Address
Use a text value ##### to define a sensor IPv6 address of interest.
Example
Show sensors on this IPv6 address
sensor.ipV6Address: fe80:0:0:0:2502:b53c:4139:404b
sensor.label.keysensor.label.key
Use a text value ##### to find sensors with a certain label name.
Example
Show sensors with label sensor.name "vendor"
sensor.label.key: "vendor"
sensor.label.valuesensor.label.value
Use a text value ##### to find sensors with a certain label value.
Example
Show sensors with label value "CentOS"
sensor.label.value: "CentOS"
sensor.lastCheckedInDatesensor.lastCheckedInDate
Use a date range or specific date to define when sensors last checked in.
Examples
Find sensors with last checkin within certain dates
sensor.lastCheckedInDate: [2017-06-15 ... 2017-06-30]
Find sensors with last checkin on specific date
sensor.lastCheckedInDate:'2017-08-15'
sensor.macAddresssensor.macAddress
Use a text value ##### to define a sensor MAC address you're interested in.
Example
Show sensor with this MAC address
sensor.macAddress: 00-50-56-A9-73-5A
sensor.namesensor.name
Use a text value ##### to define the sensor sensor.name you're interested in.
Example
Show this sensor sensor.name
sensor.name: "my-sensor"
sensor.ossensor.os
Use values within quotes or backticks to help you find sensors on an operating system you're interested in.
Examples
Show any sensors on this OS sensor.name
sensor.os: Windows 2012
Show any sensors contain components of OS sensor.name
sensor.os: "Windows 2012"
Show sensors that match exact value "Windows 2012"
sensor.os: `Windows 2012`
sensor.isPrivilegedsensor.isPrivileged
Use the values true | false to find sensor.isPrivileged sensors.
Example
Show sensor.isPrivileged sensors
sensor.isPrivileged: true
sensor.registrysensor.registry
Use a text value ##### to find sensors having a sensor.registry sensor.name you're interested in.
Example
Show findings with this sensor.registry sensor.name
sensor.registry: "registry-name"
sensor.idsensor.id
Use a text value ##### to find a sensor ID.
Example
Show sensor with this ID
sensor.id: ed46df944e1c
sensor.typesensor.type
Use a text value ##### to find sensors by type (CICD, GENERAL, REGISTRY, SERVERLESS_FARGATE).
Example
Show sensor.registry sensors
sensor.type: REGISTRY
sensor.versionsensor.version
Use a text value ##### to find sensor version you're interested in.
Example
Show sensors with this version
sensor.version: 1.3
sensor.shasensor.sha
Use a text value ##### to define SHA 256 hash of container image.
Example
Show findings with this SHA value
sensor.sha: 163dc7f6b91a30bdaa867c28e7edc341e72da63b0f9056be497bd59a83bce695
sensor.statussensor.status
Use a text value ##### to define sensors with a certain sensor.status (Running or Unknown).
Example
Show sensors with running sensor.status
sensor.status: "Running"
sensor.tag.namesensor.tag.name
Use a text value ##### to define sensors with a certain sensor.status (Running or Unknown).
Example
Show sensors with running sensor.status
sensor.tag.name: "Running"
sensor.uuidsensor.uuid
Use a text value ##### to define a sensor UUID of interest.
Example
Show sensor for this UUID
sensor.uuid: c7d66569-5c17-47f6-a8b9-f640cfe71cec
sensor.activityCodesensor.activityCode
Use a text value ##### to define a sensor UUID of interest.
Example
Show sensor for this UUID
sensor.activityCode: c7d66569-5c17-47f6-a8b9-f640cfe71cec
aws.ec2.instanceIdaws.ec2.instanceId
Use a text value ##### to define a sensor UUID of interest.
Example
Show sensor for this UUID
aws.ec2.instanceId: c7d66569-5c17-47f6-a8b9-f640cfe71cec
andand
Use a boolean query to express your query using AND logic.
Example
Show sensors with Docker runtime and with runtime version 19
sensor.containerRuntime: DOCKER and sensor.containerRuntimeVersion: 19
notnot
Use a boolean query to express your query using NOT logic.
Example
Show sensors that don't have sensor type Registry
not sensor.type: REGISTRY
oror
Use a boolean query to express your query using OR logic.
Example
Show sensors with one of these sensor types
sensor.type: GENERAL or sensor.type: REGISTRY