Learn more about Nested Queries
Click here to see this page in full context


Learn more about Nested Queries

Best Practices

Use nested queries when tokens have a shared key, in this example "asset".

asset:(assetID:43954857 AND status:Enrolled)

Consider the intent of your query. Here's some examples.

Query 1: This will return findings having a certain agent ID and last logged on user. A finding is returned only when it matches both criteria.

asset:(assetID:123456789 AND lastSeen: '2018-10-10')

Query 2: This will return findings having a certain agent ID and/or a certain last logged on user. A finding is returned when it matches only one criteria.

asset.assetID:123456789 AND asset.lastSeen: '2018-10-10'