Search Tokens for TruLens
You can use the search tokens for TruLens tab to refine your search results. We have broadly classified the tokens as CVEs and Threat Actors. Click each token to learn more about it.
CVEs Tab
Use these tokens to define search criteria for CVEs.
finding.accessVectorfinding.accessVector
Use the token value from the dropdown as an attack vector to search for findings, such as the CVSS vector string that describes how the vulnerability can be exploited. The options are ADJACENT_NETWORK, LOCAL_ACCESS, NETWORK, or PHYSICAL.
Example
Show findings associated with the attack vector.
finding.accessVector: ADJACENT_NETWORK
finding.cveDescriptionfinding.cveDescription
Use quotes or backticks within token values to search for the finding with a matching description of CVE.
Example
Show findings with the specified description
finding.cveDescription: PX4 autopilot is a flight control solution for drones.
Use a text value to search for findings based on the CVE ID of the vulnerability.
Example
Show findings with the specified CVE ID
finding.cveId:CVE-2026-32705
finding.cvePublishedDatefinding.cvePublishedDate
Search findings by specifying a date or date range corresponding to when CVE ID was published.
Examples
Show findings related to duration when CVE was published within certain dates
finding.cvePublishedDate: [2025-08-25 .. 2021-01-15]
Show findings related to duration when CVE was published starting 2024-01-01, ending 1 month ago
finding.cvePublishedDate: [2024-01-01 .. now-1M]
Show findings related to duration when CVE was published starting 2 weeks ago, ending 1 second ago
finding.cvePublishedDate: [now-2w .. now-1s]
Show findings related to duration when CVE was published on a certain date
finding.cvePublishedDate: '2025-01-11'
Show findings related to duration when CVE was published within a certain number of days
finding.cvePublishedDate: [91..180]
finding.cveStatusfinding.cveStatus
Select a CVE status from the drop-down menu to search for findings with current lifecycle CVE statuses. Options are Analyzed, Awaiting Analysis, Deferred, Modified, Received, Rejected, or Undergoing Analysis.
Example
Show findings with the Rejected CVE status
finding.cveStatus: Rejected
finding.cveTitlefinding.cveTitle
Use quotes or backticks within values to find the CVE details using the title.
Example
Show findings with the specified CVE Title
finding.cveTitle: CVE-2026-32705
finding.cvss3BaseScorefinding.cvss3BaseScore
Provide a numeric value (0.0 to 10.0) to find vulnerabilities with a specific CVSS 3.0 Base score.
Example
Find vulnerabilities with CVSS 3.0 Base score of 9.1
finding.cvss3BaseScore: 9.1
finding.cvss4BaseScorefinding.cvss4BaseScore
Provide a numeric value (0.0 to 10.0) to find vulnerabilities with a specific CVSS 4.0 Base score.
Example
Find vulnerabilities with CVSS 4.0 Base score of 5.1
finding.cvss4BaseScore: 5.1
finding.isPatchAvailablefinding.isPatchAvailable
Select the token value as TRUE or FALSE to find vulnerabilities for which patches are available.
Example
Show vulnerabilities for which patches are available
finding.isPatchAvailable: TRUE
finding.isQualysPatchablefinding.isQualysPatchable
Select TRUE | FALSE to find vulnerabilities that are patchable via Qualys.
Example
Show vulnerabilities that are patchable via Qualys
finding.isQualysPatchable: TRUE
Use an integer value (0-10) to search for vulnerabilities based on a specific detection score.
Examples
Show vulnerabilities with detection score 8:
finding.qvss: 8
Show vulnerabilities with detection score greater than 8:
finding.qvss > 8
finding.riskFactor.exploitCodeMaturityfinding.riskFactor.exploitCodeMaturity
Select from the drop-down menu (poc, weaponized) to search vulnerabilities based on the maturity level of their exploit code.
Example
Show vulnerabilities with Functional exploit code maturity
finding.riskFactor.exploitCodeMaturity: poc
finding.riskFactor.isActivelyExploitedfinding.riskFactor.isActivelyExploited
Select TRUE | FALSE to identify whether the vulnerability is currently being exploited in the wild.
Example
Show the vulnerabilities that are currently being exploited
finding.riskFactor.isActivelyExploited:TRUE
finding.riskFactor.isCisaKnownExploitfinding.riskFactor.isCisaKnownExploit
Select TRUE | FALSE to search vulnerabilities that are listed in CISA's Known Exploited Vulnerabilities Catalog.
Example
Show vulnerabilities listed in CISA's Known Exploited Vulnerabilities Catalog
finding.riskFactor.isCisaKnownExploit: TRUE
finding.riskFactor.rtifinding.riskFactor.rti
Use the token value from the dropdown menu to find vulnerabilities based on Real-time Threat Indicators. Available tokens are Exploit_Public, Active_Attacks, Easy_Exploit, Remote_Code_Execution, Privilege_Escalation, or Predicted_High_Risk and many more
Example
Show findings related to Easy_Exploit
finding.riskFactor.rti: Easy_Exploit
finding.truConfirm.isApplicablefinding.truConfirm.isApplicable
Select the token value as TRUE | FALSE to identify whether a TruConfirm assessment can be launched for the given CVE ID.
- TRUE indicates that the TruConfirm assessment can be initiated because the CVE exists in the CTDB knowledge base.
- FALSE indicates that the assessment cannot be initiated.
Example
finding.truConfirm.isApplicable: TRUE
Threat Actors Tab
Use these tokens to define search criteria for Threat Actors.
finding.mitre.attack.tactic.namefinding.mitre.attack.tactic.name
Use the MITRE ATT&CK tactic name as a token to search findings assocoated with MITRE ATT&CK.
Example
Show the findings based on the method used to detect the findings
finding.mitre.attack.tactic.name: Impact
finding.riskFactor.threatActorAliasfinding.riskFactor.threatActorAlias
Use quotes or backticks within values to search for a threat actor using any of its alternate names.
Example
Show the findings based on the alias
finding.riskFactor.threatActorAlias:Nobelium
finding.riskFactor.threatActorDescriptionfinding.riskFactor.threatActorDescription
Use quotes or backticks within values to search for details about the threat actor’s background, behavior, and known campaigns.
Example
Show the findings based on the description
finding.riskFactor.threatActorDescription:MuddyWater is an Iranian threat group that has primarily targeted Middle Eastern nations
finding.riskFactor.threatActorIncidentTypefinding.riskFactor.threatActorIncidentType
Use quotes or backticks within values to search for a threat actor based on its primary motivation or incident type.
Examples
Show the findings based on the incident type
finding.riskFactor.threatActorIncidentType:espionage
Show the findings based on the incident type
finding.riskFactor.threatActorIncidentType:sabotage
Show the findings based on the incident type
finding.riskFactor.threatActorIncidentType:financial gain
finding.riskFactor.threatActorIndustryfinding.riskFactor.threatActorIndustry
Use quotes or backticks within values to search for threat actors based on the industry sectors they commonly target.
Examples
Show the findings based on industry
finding.riskFactor.threatActorIndustry:Healthcare
Show the findings based on industry
finding.riskFactor.threatActorIndustry:Fianance
Show the findings based on industry
finding.riskFactor.threatActorIndustry:Deefense
Common Tokens Available for CVEs and Threat Actors
Following is the list of common tokens to search for findings in the CVE and Threat Actors tab.
finding.mitre.attack.technique.idfinding.mitre.attack.technique.id
Use the MITRE ATT&CK technique ID name as a token to search findings associated with MITRE ATT&CK.
Example
Show findings with MITRE ATT&CK technique ID
finding.mitre.attack.technique.id: T1490
finding.mitre.attack.technique.namefinding.mitre.attack.technique.name
Use the MITRE ATT&CK technique name as a token to search findings assocoated with MITRE ATT&CK.
Example
Show findings with MITRE ATT&CK technique name
finding.mitre.attack.technique.name: Password Cracking
finding.riskFactor.threatActorNamefinding.riskFactor.threatActorName
Use quotes or backticks within values to search for a threat actor by its primary, canonical name.
Example
Find vulnerabilities associated with the threat actor "APT29"
finding.riskFactor.threatActorName: APT29
Boolean Operators
Use keywords and, or, not to narrow or broaden your search. Click the link below for info on max query depth, using NOT with vulnerability queries.
Use a Boolean query to express your query using AND logic.
Example
Show the findings with the threat actor and for which you can launch TruConfirm assessment
finding.truConfirm.isApplicable: TRUE and finding.riskFactor.threatActorName:sparklinggoblin
Use a Boolean query to express your query using NOT logic.
Example
Show the findings with all the CVE Status actors except Rejected, and those that are listed in CISA's Known Exploited Vulnerabilities Catalog.
not finding.cveStatus: Rejected and finding.riskFactor.isCisaKnownExploit:TRUE
Use a boolean query to express your query using OR logic.
Example
tShow the findings that are listed in CISA's Known Exploited Vulnerabilities Catalog and for which you can launch TruConfirm assessment.
finding.truConfirm.isApplicable: TRUE or finding.riskFactor.rti: Cisa_Known_Exploited_Vulns