Query Evaluation

The query evaluation of the QQL is based on the indexing. Asset indexing stores the asset related information such as, host id, asset id, softwares, and much more. Similarly, the vulnerabilities indexing stores vulnerabilities related information. Each application has different search indexing context.

For example, the Vulnerability Management application lists all the detections for the assets that are activated for this application. If there are 200 assets with 4000 detections, the asset query search will include all the indexing criterias added in the asset indexing. Similarly, vulnerabilities search query will list down the detections on those 200 assets. 

Following screenshot displays:
Asset Query : tags.name:'Cloud Agent' and vulnerabilities.severity : 4 
Display results : 246 Vulnerability

Asset Query

Following screenshot displays:
Asset Query : tags.name:'Cloud Agent' 
Vulnerability Query :  vulnerabilities.severity : 4 
Display results : 194 Vulnerability

Vulnerability Query

As the query evaluation of the QQL is based on the indexing, the result depends on the way you write the Query.





Was this topic helpful?

success Thank you! We're glad to hear that this topic was useful.
failed We appreciate your feedback. We'll work to make this topic better for you in the future.