We've implemented controls in query parsing for queries containing the operators “AND” and “OR”. The maximum depth allowed for an AND/OR query cannot exceed 1000 levels. If you run a query having more than 1000 levels of depth, you see an error.
A simple query like this has a level of depth 2
hardware.manufacturer:`Rockwell Automation` and inventory.source:`Passive Sensor`
A more complex query like this has level of depth 3
vulnerabilities.hardware.vendor:`Siemens` and vulnerabilities.vulnerability.threatIntel:`Active Attacks` and not vulnerabilities.vulnerability.criticality:[`HIGH`, `MEDIUM`]
Was this topic helpful?