How to Search in VMDR Mobile

Search by Field

Enter the field name, then a colon, then your query. Nested fields are dot separated.

Examples:

asset.status: Enrolled

user.username: .\Administrator

asset.assetID: 43954857

String matching

Use single quotes or double quotes around your query to match a string.

Examples:

auditLogs.operation:"Upload"

vulnerabilities.vulnerability.title:"Security Patch Missing"

Example using wildcard: If you want to search for exact count you should use asterisk (*). For example to find users with name starting with admin use this query:

user.username:admin*

Exact matching

Use backticks to exactly match a string. Your results will include any asset with the EXACT value returned.

Examples:

hardware.model:`SM-G935F`

vulnerabilities.vulnerability.title:`Google Pixel Android March 2021 Security Patch Missing`

Full Text Search

Many asset fields containing text allow you to use full text search and advanced search capabilities.

Learn more >>

Examples:

Show any findings with this vulnerability title

vulnerabilities.vulnerability.title:Chrome

Show any findings that contain components of vulnerability title

vulnerabilities.vulnerability.title:"Security Patch Missing"

Show any findings that match exact title "Google Pixel Android March 2021 Security Patch Missing"

vulnerabilities.vulnerability.title:`Google Pixel Android March 2021 Security Patch Missing`

Is Null Queries

Want to match an empty/null value for a field? You'll need to remove the colon and then write "is null". For example, quickly find assets where the OS has not been identified.

Examples:

operatingSystem.version is null

asset.bluetoothMAC is null

hardware.model is null

Range searches

Ranges can be specified with the [lower .. upper] syntax using () and/or [] as follows. This is supported for numeric and date fields.

Example:

inventory.created: [2018-08-01 .. 2018-09-01] // Between August 1st and September 1st 2018

Range options:

inventory.created:(date1 .. date2) // Greater than but not equal to date1 and less than but not equal to date2

inventory.created:(date1 .. date2] // Greater than but not equal to date1 and less than or equal to date2

inventory.created:[date1.. date2) // Greater than or equal to date1 and less than but not equal to date2

inventory.created:[date1 .. date2] // Greater than but or equal to date1 and less than or equal to date2

inventory.created > date1 // Greater than date1

inventory.created >= date1 // Greater than or equal to date1

inventory.created < date1 // Less than date1

inventory.created <= date1 // Less than or equal to date1

Date searches

Use a date range [start date .. end date] or a specific date. Several date variables are also available.

Learn more >>

Examples:

asset.lastSeen: "2018-10-20"

asset.lastSeen <= "2018-11-20"

asset.lastSeen: ["2018-10-20" .. "2018-10-24"]

asset.lastSeen: [now-3d .. now-1s]

Match multiple values

Use to match values "In" or "Not In" fields. Available for all fields except analyzed fields (i.e. full text search fields).

Examples:

Find assets not last seen on date: 2018-08-31 or 2018-09-12

NOT asset.lastSeen: ["2018-08-31","2018-09-12"]

Supported date formats:

YYYY example: asset.lastSeen:["2017","2018"] // in 2017 or 2018

YYYY-MM example: asset.lastSeen:["2018-08","2018-09"] // in month of Aug or Sept

YYYY-MM-DD example: asset.lastSeen:["2018-10-30","2018-11-05"] // on one of exact dates

Find assets with at least one of these two operating systems:

operatingSystem.name:[Android, Chrome]

Boolean Operators

Use keywords AND, OR, NOT to narrow or broaden your search. Click the link below for info on max query depth, using NOT with vulnerability queries.

Learn more >>

Examples:

Show findings that have one of these operating systems:

operatingSystem.name: `Android` or operatingSystem.name: `iOS`

Show assets not created on or before date:

AND NOT inventory.created <= "2018-11-05"

Nested Queries

Use a single nested query, using parentheses, to include multiple fields in your query. This is supported only for certain tokens like "asset", "hardware", "interfaces", etc.

Example:

asset: (lastSeen: '2018-10-10' AND status: Enrolled)