More on Boolean queries

Using Boolean operators (AND, OR, NOT) give you many ways to refine your search. Here's some things to know.

Note: The NOT operator can be used only with Asset search tokens. Vulnerability search tokens do not support the NOT operator.

More complex Boolean queries

These queries show you how to use many robust search capabilities in one query.

vulnerabilities: (typeDetected: "Confirmed" AND firstFound < now-1d AND lastFound:[now-1M ... now-1s])

vulnerabilities:(vulnerability.cveIds: (CVE-2016-0189 OR CVE-2016-0162 OR CVE-2016-7200 OR CVE-2016-7201 OR CVE-2016-0034 OR CVE-2015-3105 OR CVE-2015-3113) AND lastFound:[now-10d ... now-1s]

Good to Know - Max query depth

We've implemented controls in query parsing for queries containing the operators AND, OR. The maximum depth allowed for an AND/OR query cannot cross 1000 levels. If you run a query having more than 1000 levels of depth, an error is returned.

A simple query like this has level of depth 2

vulnerabilities.vulnerability: (patchAvailable: "true" AND category: "CGI")

A more complex query like this has level of depth 5

(operatingSystem: windows OR operatingSystem: linux) AND (openPorts.port: 80 OR openPorts.port:8080) AND NOT updated <= "2018-01-20"