Full Text Search on Certain Fields
Many asset fields containing text allow you to use full text search. Quickly find data of interest, combining advanced search capabilities to better interpret your question.
How to Search - The Basics
Let's take a look at the search field vulnerability.title. There are many ways you can search this field.
Show any findings with this name
vulnerability.title: Shellshock Apache Injection
Show any findings that contain parts of the title
vulnerability.title:"Shellshock Apache"
Show any findings that match exact value
vulnerability.title:`Shellshock Apache Injection`
Additional Search Capabilities
In some cases, field values are split into tokens that can be searched individually. Let's consider some scenarios for searching field values with additional search capabilities.
1) Field value contains a comma (,) or period (.) between numbers
Example: field contains the value "10,125" or "10.134".
In this case, the value is not split into tokens. Only exact or prefix matching on the full value is supported.
Matching:
asset.name: "10,1"
asset.name: "10"
asset.name: "10.134"
Non-matching:
asset.name: "125"
asset.name: "13"
2) Field value contains a period (.) between text
Example: field contains the value "qualys.corp.com".
In this case, the value is not split into tokens. Only exact or prefix matching on the full value is supported.
Matching:
webapp.url: "qual"
webapp.url: "qualys.corp"
webapp.url: "qualys.corp.com"
Non-matching:
webapp.url:"corp"
webapp.url:"com"
3) Field value contains an underscore (_) between text
Example: field contains the value "qualys_corp".
In this case, the value is not split into tokens. Only exact or prefix matching on the full value is supported.
Matching:
webapp.url: "qual"
webapp.url: "qualys_corp"
Non-matching:
webapp.url:"corp"
webapp.url:"lys"
4) Field value contains a comma (,) or period (.) between a number and text
Example: name field contains the value "102354.qualys" or " qualys,25576.13".
The value "102354.qualys" is split into 2 tokens: "102354" and " qualys". Prefix search on each token is supported.
Matching:
asset.name: "1023"
asset.name: "qualy"
Non-matching:
asset.name: "354"
asset.name: "lys"
5) Field value contains special characters and line/paragraph separators
Value contains a comma (,) dash (-), semicolon (;), line separator, paragraph separator (space/tab), carriage return, line feed, brackets ( ( [ { } ] ) ) or other special characters (? @ $ % & / \)
Example: name field contains the value " qualys-corp"
The value " qualys-corp" is split into 2 tokens: " qualys" and "corp". Prefix search on each token is supported.
Matching:
asset.name: "qua"
asset.name: "cor"
Non-matching:
asset.name: "alys"
asset.name: "orp"
6) Field value contains a phrase with a space, tab or new line
Example: vulnerabilities.vulnerability.title field has value "Slow HTTP POST vulnerability"
The value is split into 4 tokens: "Slow", "HTTP", "POST", and "Vulnerability". We will perform complete case- insensitive matching on each token in your search string and perform a prefix match on the last token in your search string.
Matching:
vulnerability.title: "Slow HTTP PO"
The "Slow" and "HTTP" tokens match completely and "PO" matches the prefix search for "command".
vulnerability.title: "POST Vuln"
The "POST" token matches completely and "vuln" matches the prefix search for "vulnerability".
vulnerability.title: "HTTP POST vulnerability"
All 3 tokens "HTTP ", "POST" and "vulnerability" match completely.
Non-matching:
vulnerability.title: "Slo pos"
The "pos" token is leading and it does not match completely so this search would not return a match.
vulnerability.title: "HTT Vuln"
The "vuln" token is leading and it does not match completely so this search would not return a match.
7) Field value contains NOT
When the field value contains the word Not, use single quotation marks with the value. Example: application.lastScanStatus field has value 'SCANNER NOT AVAILABLE
Matching:
application.lastScanStatus: 'SCANNER NOT AVAILABLE'
Non-matching:
application.lastScanStatus: SCANNER NOT AVAILABLE
Looking for something else?
Tell me about related findings
This actually broadens your search in many cases which can be helpful for finding what you're interested in. These searches can return more than what you might expect.
Analysis - The field value you enter is analyzed against an index of the field value on the platform. This index is created by removing punctuation, lowercase alphabets, expanding to synonyms, and other logical matches.
Results - Searches of the field index will return results that may not match casing or the exact words you enter and results may include related terms or synonyms.
Not using backticks?
If you're not using backticks we'll strip punctuation (including quotes) and match the words in any order, case and in most cases prefix.
I want case sensitive matches
Be sure to use backticks within your search value if you want to find exact matches.