Supported Operators

List of supported operators for tokensList of supported operators for tokens

Operator	Values
NUMERIC_OPERATORS	EQUALS, IN, NOT_EQUALS, GREATER, LESSER, GREATER_THAN_EQUAL, and LESS_THAN_EQUAL
NUMERIC_AND_NOT_EQUAL_OPERATORS	EQUALS, IN, GREATER, LESSER, GREATER_THAN_EQUAL, LESS_THAN_EQUAL
STRING_OPERATORS	CONTAINS, IN, EQUALS, and NOT_EQUALS
STRING_AND_NOT_EQUAL_OPERATORS	CONTAINS, IN, and EQUALS
DATE_OPERATORS	EQUALS, NOT_EQUALS, GREATER, LESSER, GREATER_THAN_EQUAL, and LESS_THAN_EQUAL
BOOLEAN_OPERATORS	EQUALS
ENUM_OPERATORS	EQUALS, NOT_EQUALS, and IN
UUID_OPERATORS	EQUALS and IN
IP_OPERATORS	EQUALS and IN

The following table lists different attributes with supported operators:

List of different attributes with supported operatorsList of different attributes with supported operators

Attribute	Operator
Asset Attributes
asset.assetID	NUMERIC_OPERATORS
asset.name	STRING_OPERATORS
asset.created	DATE_OPERATORS
asset.lastUpdated	DATE_OPERATORS
asset.type	ENUM_OPERATORS
asset.lastLoggedOnUser	STRING_OPERATORS
asset.totalMemory	NUMERIC_OPERATORS
asset.timezone	STRING_OPERATORS
asset.trackingMethod	ENUM_OPERATORS
asset.domainRole	ENUM_OPERATORS
asset.riskScore	ENUM_OPERATORS
asset.lastBoot	DATE_OPERATORS
asset.netbiosName	STRING_OPERATORS
asset.hostID	NUMERIC_OPERATORS
asset.isContainerHost	BOOLEAN_OPERATORS
asset.biosAssetTag	STRING_OPERATORS
asset.biosDescription	STRING_OPERATORS
asset.biosHardwareUUID	STRING_OPERATORS
asset.biosSerialNumber	STRING_OPERATORS
asset.agentID	UUID_OPERATORS
asset.criticalityScore	NUMERIC_OPERATORS
accounts.username	STRING_OPERATORS
provider	ENUM_OPERATORS
assetCategory	STRING_OPERATORS
isDockerHost	BOOLEAN_OPERATORS
Inventory Attributes
inventory.source	STRING_OPERATORS
inventory.created	DATE_OPERATORS
inventory.lastUpdated	DATE_OPERATORS
Processor Attributes
processors	STRING_AND_NOT_EQUAL_OPERATORS
processors.speed	NUMERIC_AND_NOT_EQUAL_OPERATORS
processors.coresPerSocket	NUMERIC_OPERATORSaccounts
processors.multithreadingStatus	BOOLEAN_OPERATORS
processors.numberofCpu	NUMERIC_OPERATORSaccounts
processors.numberofSockets	NUMERIC_OPERATORSaccounts
processors.threadsPerCore	NUMERIC_OPERATORSaccounts
Container Attributes
container.noOfContainers	NUMERIC_AND_NOT_EQUAL_OPERATORS
container.noOfImages	NUMERIC_AND_NOT_EQUAL_OPERATORS
container.version	STRING_AND_NOT_EQUAL_OPERATORS
container.hasSensor	BOOLEAN_OPERATORS
container.product	STRING_AND_NOT_EQUAL_OPERATORS
Interface Attributes
interfaces.hostname	STRING_AND_NOT_EQUAL_OPERATORS
interfaces.interfaceName	STRING_AND_NOT_EQUAL_OPERATORS
interfaces.macAddress	STRING_AND_NOT_EQUAL_OPERATORS
interfaces.manufacturer	STRING_AND_NOT_EQUAL_OPERATORS
interfaces.address	IP_OPERATORS
interfaces.dnsAddress	IP_OPERATORS
interfaces.gatewayAddress	IP_OPERATORS
interfaces.netmask	IP_OPERATORS
Open Ports Attributes
openPorts.description	STRING_AND_NOT_EQUAL_OPERATORS
openPorts.detectedService	STRING_AND_NOT_EQUAL_OPERATORS
openPorts.protocol	STRING_AND_NOT_EQUAL_OPERATORS
openPorts.port	NUMERIC_AND_NOT_EQUAL_OPERATORS
openPorts.firstFound	DATE_OPERATORS
openPorts.lastUpdated	DATE_OPERATORS
Services Attributes
services.description	STRING_AND_NOT_EQUAL_OPERATORS
services.name	STRING_AND_NOT_EQUAL_OPERATORS
services.status	STRING_AND_NOT_EQUAL_OPERATORS
Sensors Attributes
sensors.lastComplianceScan	DATE_OPERATORS
sensors.lastFullScan	DATE_OPERATORS
sensors.lastVmScan	DATE_OPERATORS
Tag Attributes
tags.name	EQUALS, IN, CONTAINS
tags.businessImpact	EQUALS, IN, CONTAINS
Volume Attributes
volumes.free	NUMERIC_AND_NOT_EQUAL_OPERATORS
volumes.size	NUMERIC_AND_NOT_EQUAL_OPERATORS
volumes.name	STRING_AND_NOT_EQUAL_OPERATORS
Agent Attributes
agent.version	NUMERIC_AND_NOT_EQUAL_OPERATORS
agent.connectedFrom	IP_OPERATORS
agent.errorStatus	BOOLEAN_OPERATORS
agent.lastActivity	DATE_OPERATORS
agent.lastCheckedIn	DATE_OPERATORS
Hardware Attributes
hardware	STRING_OPERATORS
hardware.category	STRING_OPERATORS
hardware.category1	STRING_OPERATORS
hardware.category2	STRING_OPERATORS
hardware.manufacturer	STRING_OPERATORS
hardware.model	STRING_OPERATORS
hardware.product	STRING_OPERATORS
hardware.lifecycle.stage	STRING_OPERATORS
hardware.lifecycle.eos	DATE_OPERATORS
hardware.lifecycle.ga	DATE_OPERATORS
hardware.lifecycle.intro	DATE_OPERATORS
hardware.lifecycle.obs	DATE_OPERATORS
Software Attributes
software.architecture	STRING_OPERATORS
software.category	STRING_OPERATORS
software.category1	STRING_OPERATORS
software.category2	STRING_OPERATORS
software.component	STRING_OPERATORS
software.edition	STRING_OPERATORS
software.marketVersion	STRING_OPERATORS
software.name	STRING_OPERATORS
software.product	STRING_OPERATORS
software.publisher	STRING_OPERATORS
software.supportStage	STRING_OPERATORS
software.version	STRING_OPERATORS
software.update	STRING_OPERATORS
software.isPackage	BOOLEAN_OPERATORS
software.isPackageComponent	BOOLEAN_OPERATORS
software.license.category	STRING_OPERATORS
software.license.subcategory	STRING_OPERATORS
software.lifecycle.stage	EQUALS and NOT_EQUALS
software.installDate	DATE_OPERATORS
software.lastUseDate	DATE_OPERATORS
software.lastUpdated	DATE_OPERATORS
software.lifecycle.eol	DATE_OPERATORS
software.lifecycle.eos	DATE_OPERATORS
software.lifecycle.ga	DATE_OPERATORS
software.authorization	EQUALS, NOT_EQUALS, and IN
Operating System Attributes
operatingSystem	STRING_OPERATORS
operatingSystem.category	STRING_OPERATORS
operatingSystem.category1	STRING_OPERATORS
operatingSystem.category2	STRING_OPERATORS
operatingSystem.architecture	STRING_OPERATORS
operatingSystem.component	STRING_OPERATORS
operatingSystem.edition	STRING_OPERATORS
operatingSystem.marketVersion	STRING_OPERATORS
operatingSystem.name	STRING_OPERATORS
operatingSystem.publisher	STRING_OPERATORS
operatingSystem.version	STRING_OPERATORS
operatingSystem.update	STRING_OPERATORS
operatingSystem.lifecycle.stage	STRING_OPERATORS
operatingSystem.installDate	DATE_OPERATORS
operatingSystem.lifecycle.eol	DATE_OPERATORS
operatingSystem.lifecycle.eos	DATE_OPERATORS
operatingSystem.lifecycle.ga	DATE_OPERATORS
AWS Attributes
aws.ec2.availabilityZone	STRING_OPERATORS
aws.ec2.instanceType	STRING_OPERATORS
aws.ec2.publicDNS	STRING_OPERATORS
aws.ec2.privateDNS	STRING_OPERATORS
aws.ec2.accountId	STRING_OPERATORS
aws.ec2.imageId	STRING_OPERATORS
aws.ec2.instanceId	STRING_OPERATORS
aws.ec2.instanceState	STRING_OPERATORS
aws.ec2.region.code	STRING_OPERATORS
aws.ec2.subnetId	STRING_OPERATORS
aws.ec2.vpcId	STRING_OPERATORS
aws.ec2.hostname	STRING_OPERATORS
aws.ec2.privateIpAddress	IP_OPERATORS
aws.ec2.publicIpAddress	IP_OPERATORS
aws.tags.key	STRING_OPERATORS
aws.tags.value	STRING_OPERATORS
aws.ec2.spotInstance	STRING_OPERATORS
aws.ec2.launchDate	DATE_OPERATORS
aws.ec2.hasAgent	BOOLEAN_OPERATORS
Azure Attributes
azure.vm.imageOffer	STRING_OPERATORS
azure.vm.imagePublisher	STRING_OPERATORS
azure.vm.imageVersion	STRING_OPERATORS
azure.vm.name	STRING_OPERATORS
azure.vm.size	STRING_OPERATORS
azure.vm.vmId	STRING_OPERATORS
azure.vm.resourceGroupName	STRING_OPERATORS
azure.vm.virtualNetwork	STRING_OPERATORS
azure.vm.state	STRING_OPERATORS
azure.vm.subnet	STRING_OPERATORS
azure.vm.subscriptionId	STRING_OPERATORS
azure.vm.location	STRING_OPERATORS
azure.vm.platform	STRING_OPERATORS
azure.vm.macAddress	STRING_OPERATORS
azure.tags.value	STRING_OPERATORS
azure.tags.name	STRING_OPERATORS
azure.vm.privateIpAddress	IP_OPERATORS
azure.vm.publicIpAddress	IP_OPERATORS
azure.vm.hasAgent	BOOLEAN_OPERATORS
GCP Attributes
gcp.compute.hostname	STRING_OPERATORS
gcp.compute.instanceId	STRING_OPERATORS
gcp.compute.machineType	STRING_OPERATORS
gcp.compute.network	STRING_OPERATORS
gcp.compute.projectId	STRING_OPERATORS
gcp.compute.projectNumber	STRING_OPERATORS
gcp.compute.macAddress	STRING_OPERATORS
gcp.compute.state	STRING_OPERATORS
gcp.compute.zone	STRING_OPERATORS
gcp.compute.privateIpAddres	IP_OPERATORS
gcp.compute.publicIpAddress	IP_OPERATORS
OCI Attributes
oci.compute.availabilityDomain	STRING_OPERATORS
oci.compute.canonicalRegionName	STRING_OPERATORS
oci.compute.compartmentId	STRING_OPERATORS
oci.compute.compartmentName	STRING_OPERATORS
oci.compute.displayName	STRING_OPERATORS
oci.compute.faultDomain	STRING_OPERATORS
oci.compute.hostName	STRING_OPERATORS
oci.compute.imageId	STRING_OPERATORS
oci.compute.ociId	STRING_OPERATORS
oci.compute.region	STRING_OPERATORS
oci.compute.shape	STRING_OPERATORS
oci.compute.state	STRING_OPERATORS
oci.compute.tenantId	STRING_OPERATORS
oci.compute.tenantName	STRING_OPERATORS
oci.compute.timeCreated	STRING_OPERATORS
oci.tags	STRING_OPERATORS
oci.tags.key	STRING_OPERATORS
oci.tags.namespace	STRING_OPERATORS
oci.tags.type	STRING_OPERATORS
oci.tags.value	STRING_OPERATORS
oci.vnic.macAddr	STRING_OPERATORS
oci.vnic.nicIndex	STRING_OPERATORS
oci.vnic.privateIp	IP_OPERATORS
oci.vnic.publicIp	IP_OPERATORS
oci.vnic.subnetCidrBlock	STRING_OPERATORS
oci.vnic.subnetId	STRING_OPERATORS
oci.vnic.subnetName	STRING_OPERATORS
oci.vnic.vcnId	STRING_OPERATORS
oci.vnic.vcnName	STRING_OPERATORS
oci.vnic.virtualRouterIp	STRING_OPERATORS
oci.vnic.vlanTag	STRING_OPERATORS
oci.vnic.vnicId	STRING_OPERATORS
IBM Cloud Attributes
ibm.tags	STRING_OPERATORS
ibm.tags.name	STRING_OPERATORS
ibm.tags.value	STRING_OPERATORS
ibm.virtualServer.datacenterId	STRING_OPERATORS
ibm.virtualServer.deviceName	STRING_OPERATORS
ibm.virtualServer.domain	STRING_OPERATORS
ibm.virtualServer.id	STRING_OPERATORS
ibm.virtualServer.location	STRING_OPERATORS
ibm.virtualServer.privateIpAddress	IP_OPERATORS
ibm.virtualServer.privateVlan	STRING_OPERATORS
ibm.virtualServer.publicIpAddress	IP_OPERATORS
ibm.virtualServer.publicVlan	STRING_OPERATORS
ibm.virtualServer.state	STRING_OPERATORS
Geo IP Attributes
asset.lastLocation	STRING_OPERATORS
asset.lastLocation.city	STRING_OPERATORS
asset.lastLocation.country	STRING_OPERATORS
asset.lastLocation.continent	STRING_OPERATORS
asset.lastLocation.postal	STRING_OPERATORS
asset.lastLocation.state	STRING_OPERATORS
Business Information Attributes
asset.org.company	STRING_OPERATORS
asset.org.department	STRING_OPERATORS
asset.ownedBy	STRING_OPERATORS
asset.managedBy	STRING_OPERATORS
asset.supportedBy	STRING_OPERATORS
asset.supportGroup	STRING_OPERATORS
asset.environment	STRING_OPERATORS
asset.operationalStatus	STRING_OPERATORS
asset.assignedLocation.name	STRING_OPERATORS
asset.assignedLocation.city	STRING_OPERATORS
asset.assignedLocation.state	STRING_OPERATORS
asset.assignedLocation.country	STRING_OPERATORS
businessApp.name	STRING_OPERATORS
businessApp.id	STRING_OPERATORS
businessApp.businessCriticality	STRING_OPERATORS
businessApp.ownedBy	STRING_OPERATORS
businessApp.supportGroup	STRING_OPERATORS
businessApp.operationalStatus	STRING_OPERATORS
businessApp.environment	STRING_OPERATORS
businessApp.managedBy	STRING_OPERATORS
businessApp.supportedBy	STRING_OPERATORS
External Attack Surface Management (EASM) Attributes
asset.org.name	STRING_OPERATORS
asset.asn	STRING_OPERATORS
asset.isp	STRING_OPERATORS
asset.domain	STRING_OPERATORS
asset.subdomain	STRING_OPERATORS
whoIs.creationDate	DATE_OPERATORS
whoIs.registrantOrg	STRING_OPERATORS
whoIs.registrantEmailId	STRING_OPERATORS
whoIs.registrar	STRING_OPERATORS
Custom Attributes
customAttributes.key	STRING_OPERATORS
customAttributes.value	STRING_OPERATORS
customAttributes.connectorId	NUMERIC_OPERATORS

Important to Know!

The following tokens are available only for CSAM License Subscriber: hardware.lifecycle.stage, hardware.lifecycle.eos, hardware.lifecycle.ga, hardware.lifecycle.intro, hardware.lifecycle.obs, software.authorization, software.license.category, software.license.subcategory, software.lifecycle.eol, software.lifecycle.eos, software.lifecycle.ga, software.lifecycle.stage, software.isPackage, software.isPackageComponent, operatingSystem.lifecycle.eol, operatingSystem.lifecycle.eos, operatingSystem.lifecycle.ga, operatingSystem.lifecycle.stage, customAttributes.key, customAttributes.value, and customAttributes.connectorId.
The External Attack Surface Management (EASM) is now GAed and all CSAM customers will be able to activate this feature from their home page.
The following tokens are available after the feature is activated: asset.org.name, asset.asn, asset.isp, asset.domain, asset.subdomain, whoIs.creationDate, whoIs.registrantOrg, whoIs.registrantEmailId, and whoIs.registrar.

Examples to Understand Supported operators by comparing QQL Tokens

The following are some examples to understand the different supported operators by comparing QQL(UI) tokens:

Example 1 - hardware.category1:ComputersExample 1 - hardware.category1:Computers

Request Body in XML

<FilterRequest>
    <filters>
        <Criteria field="hardware.category1" operator="CONTAINS">
            <value>Computers</value>
        </Criteria>
    </filters>
</FilterRequest>

Request Body in Json

{
   "filters":[
      {
         "field":"hardware.category1",
         "operator":"CONTAINS",
         "value":"Computers"
      }
   ]
}

Example 2 - hardware.manufacturer:`Apple` OR hardware.manufacturer:`HPE`Example 2 - hardware.manufacturer:`Apple` OR hardware.manufacturer:`HPE`

Request Body in XML

<FilterRequest>
    <filters>
        <Criteria field="hardware.manufacturer" operator="IN">
            <value>Apple,HPE</value>
        </Criteria>
    </filters>
</FilterRequest>

Example 3 - software:(product:Python and update:2.7.5)Example 3 - software:(product:Python and update:2.7.5)

Request Body in XML

<FilterRequest>
    <filters>
        <Criteria field="software.product" operator="CONTAINS">
            <value>Python</value>
        </Criteria>
        <Criteria field="software.update" operator="CONTAINS">
            <value>2.7.5</value>
        </Criteria>
    </filters>
</FilterRequest>

Example 4 - operatingSystem.category1:`Mac` and hardware.category:NotebookExample 4 - operatingSystem.category1:`Mac` and hardware.category:Notebook

Request Body in XML

<FilterRequest>
    <filters>
        <Criteria field="operatingSystem.category1" operator="EQUALS">
            <value>Mac</value>
        </Criteria>
        <Criteria field="hardware.category" operator="EQUALS">
            <value>Notebook</value>
        </Criteria>
    </filters>
</FilterRequest>

Example 5 - operatingSystem.category1:`Mac` or hardware.category:NotebookExample 5 - operatingSystem.category1:`Mac` or hardware.category:Notebook

Request Body in XML

<FilterRequest>
    <filters>
        <Criteria field="operatingSystem.category1" operator="EQUALS">
            <value>Mac</value>
        </Criteria>
        <Criteria field="hardware.category" operator="EQUALS">
            <value>Notebook</value>
        </Criteria>
    </filters>
    <operation>OR</operation>
</FilterRequest>

Request Body in Json

{
   "filters":[
      {
         "field":"operatingSystem.category1",
         "operator":"EQUALS",
         "value":"Mac"
      },
      {
         "field":"hardware.category",
         "operator":"EQUALS",
         "value":"Notebook"
      }
   ],
   "operation":"OR"
}

Example 6 - operatingSystem.category1:`Mac` and hardware.category:NotebookExample 6 - operatingSystem.category1:`Mac` and hardware.category:Notebook

Request Body in XML

<FilterRequest>
    <filters>
        <Criteria field="operatingSystem.category1" operator="EQUALS">
            <value>Mac</value>
        </Criteria>
        <Criteria field="hardware.category" operator="EQUALS">
            <value>Notebook</value>
        </Criteria>
    </filters>
    <operation>AND</operation>
</FilterRequest>