Here are a few examples of QQL queries for your reference:
1) Let’s create a query to find out, out of total vulnerabilities detection, how many vulnerabilities are confirmed.
Run the query, and note the difference in the total detection in the result.
Let’s further narrow down our search and look for confirmed vulnerabilities detected only on Rockwell Automation. Add another query for the vulnerability source index, and run the combined query.
2) Let’s go for a little more complex query. Let’s find out confirmed vulnerabilities detected only on the Rockwell Automations and with criticality as HIGH.
It is important to reason out what exactly we are looking for. It is then important to use each query as a building block, add operators correctly and enclose your values in parentheses accurately.
Let's build each individual query first and later join all to form a complex one.
What we are looking for |
Query |
confirmed vulnerabilities |
|
found on Rockwell Automation |
|
with HIGH critically |
|
Now that we have all the building blocks ready, let's create the single complex query by adding all these individual queries:
In the search bar for the Asset data source, add:
vulnerabilities.typeDetected:`Confirmed` and vulnerabilities.hardware.vendor:`Rockwell Automation` and vulnerabilities.vulnerability.criticality:`HIGH`
See Data Sources
Was this topic helpful?