How to Search in VMDR OT
Click to view navigation pane


Home

How to Search in VMDR OT

Search by Field | String Matching | Full Text Search | Boolean Operators | Is Null Queries | Range Searches | Date Searches

Search by Field

Enter the field name, then a colon, then your query. Nested fields are dot separated.

Examples:

asset.name: PR_HOST_11

vulnerabiliites.firmware: 30.1

asset.risk: 9

file.vendor: Siemens

There are many fields you can search within each resource type. Start by clicking on the resource type in List View. Then enter "and" followed by the field name and value.

Examples:

vulnerabilities.severity:`3` and vulnerabilities.typeDetected:`Confirmed`

vulnerabilities.vulnerability.criticality:`CRITICAL` and vulnerabilities.vulnerability.threatIntel:`Easy Exploit`

String Matching

Use single quotes or double quotes around your query to match a string. Your results will include any match that contains the string.

Examples:

asset.orderid: '6ES7412-3HJ14-0AB0'

asset.serialnumber: '0x00991222'

Full Text Search

Some fields containing strings of text (like names, descriptions) allow you to use full text search and advanced search capabilities. Full text search fields do not support exact matching.

Learn more >>

Examples:

Show the Confirmed (case insensitive) detected vulnerability

vulnerabilities.typeDetected: Confirmed

Show the assets that have Dell or Latitude, or both in their hardware model name

hardware.model: "Dell Latitude"

Boolean Operators

Use keywords AND, OR, NOT to narrow or broaden your search.

Examples:

hardware.manufacturer:`Siemens` and hardware.category2:`Programmable Logic Controller (PLC)`

hardware.category1:`Field Instruments` or hardware.category2:`Robots` not vulnerabilities.vulnerability.criticality:`MEDIUM`

Learn more >>

Is Null Queries

Want to match an empty/null value for a field? You'll need to remove the colon and then write "is null". For example, assets for which Purdue level is not defined or mapped.

Example:

purdue.level is null

Range Searches

Ranges can be specified with the [lower .. upper] syntax using () and/or [] as follows. This is supported for numeric and date fields.

Examples:

Show the assets last modified by the user on a specified date

asset.lastModified: '2022-01-01'

Show the assets last modified by the user within the past 90 days (excluding day 90)

asset.lastModified > now-90d

Show the assets last modified by the user within past 90 days (including day 90)

asset.lastModified >= now-90d

Show the assets last modified by the user before past 90 days (excluding day 90)

asset.lastModified < now-90d

Show the assets last modified by the user before past 90 days (including day 90)

asset.lastModified <= now-90d

Show the assets last modified by the user within the specified date range

asset.lastModified: [2021-01-01 .. 2022-01-01]

Show the assets last modified by the user from two weeks ago till a second ago

asset.lastModified: [now-2w .. now-1s]

Date Searches

Use a date range [start date .. end date] or a specific date. Several date variables are also available.

Learn more >>

Examples:

asset.lastUpdated: '2020-01-08'

asset.lastUpdated > now-90d/

asset.lastUpdated: [2020-01-01 .. 2020-01-10]

asset.lastUpdated < now-90d

asset.lastUpdated >= now-90d