Full Text Search on Certain Fields
Click to view navigation pane

Home

Full Text Search on Certain Fields

Many asset fields containing text allow you to use full text search. Quickly find data of interest, combining advanced search capabilities to better interpret your question.

How to Search - The Basics

Let's take a look at the search field vulnerability.title. There are many ways you can search this field.

Show any findings with this name

vulnerability.title: Shellshock Apache Injection

Show any findings that contain parts of the title

vulnerability.title:"Shellshock Apache"

Show any findings that match exact value

vulnerability.title:`Shellshock Apache Injection`

Additional Search Capabilities

In some cases, field values are split into tokens that can be searched individually. Let's consider some scenarios for searching field values with additional search capabilities.

1) Field value contains a comma (,) or period (.) between numbers

Example: field contains the value "10,125" or "10.134".

In this case, the value is not split into tokens. Only exact or prefix matching on the full value is supported.

Matching:

asset.name: "10,1"

asset.name: "10"

asset.name: "10.134"

Non-matching:

asset.name: "125"

asset.name: "13"

2) Field value contains a period (.) between text

Example: field contains the value "qualys.corp.com".

In this case, the value is not split into tokens. Only exact or prefix matching on the full value is supported.

Matching:

webapp.url: "qual"

webapp.url: "qualys.corp"

webapp.url: "qualys.corp.com"

Non-matching:

webapp.url:"corp"

webapp.url:"com"

3) Field value contains an underscore (_) between text

Example: field contains the value "qualys_corp".

In this case, the value is not split into tokens. Only exact or prefix matching on the full value is supported.

Matching:

webapp.url: "qual"

webapp.url: "qualys_corp"

Non-matching:

webapp.url:"corp"

webapp.url:"lys"

4) Field value contains a comma (,) or period (.) between a number and text

Example: name field contains the value "102354.qualys" or " qualys,25576.13".

The value "102354.qualys" is split into 2 tokens: "102354" and " qualys". Prefix search on each token is supported.

Matching:

asset.name: "1023"

asset.name: "qualy"

Non-matching:

asset.name: "354"

asset.name: "lys"

5) Field value contains special characters and line/paragraph separators

Value contains a comma (,) dash (-), semicolon (;), line separator, paragraph separator (space/tab), carriage return, line feed, brackets ( ( [ { } ] ) ) or other special characters (? @ $ % & / \)

Example: name field contains the value " qualys-corp"

The value " qualys-corp" is split into 2 tokens: " qualys" and "corp". Prefix search on each token is supported.

Matching:

asset.name: "qua"

asset.name: "cor"

Non-matching:

asset.name: "alys"

asset.name: "orp"

6) Field value contains a phrase with a space, tab or new line

Example: vulnerabilities.vulnerability.title field has value "Slow HTTP POST vulnerability"

The value is split into 4 tokens: "Slow", "HTTP", "POST", and "Vulnerability". We will perform complete case- insensitive matching on each token in your search string and perform a prefix match on the last token in your search string.

Matching:

vulnerability.title: "Slow HTTP PO"

The "Slow" and "HTTP" tokens match completely and "PO" matches the prefix search for "command".

vulnerability.title: "POST Vuln"

The "POST" token matches completely and "vuln" matches the prefix search for "vulnerability".

vulnerability.title: "HTTP POST vulnerability"

All 3 tokens "HTTP ", "POST" and "vulnerability" match completely.

Non-matching:

vulnerability.title: "Slo pos"

The "pos" token is leading and it does not match completely so this search would not return a match.

vulnerability.title: "HTT Vuln"

The "vuln" token is leading and it does not match completely so this search would not return a match.

7) Field value contains NOT

When the field value contains the word Not, use single quotation marks with the value. Example: application.lastScanStatus field has value 'SCANNER NOT AVAILABLE

Matching:

application.lastScanStatus: 'SCANNER NOT AVAILABLE'

Non-matching:

application.lastScanStatus: SCANNER NOT AVAILABLE

Looking for something else?

Tell me about related findings

This actually broadens your search in many cases which can be helpful for finding what you're interested in. These searches can return more than what you might expect.

Analysis - The field value you enter is analyzed against an index of the field value on the platform. This index is created by removing punctuation, lowercase alphabets, expanding to synonyms, and other logical matches.

Results - Searches of the field index will return results that may not match casing or the exact words you enter and results may include related terms or synonyms.

Not using backticks?

If you're not using backticks we'll strip punctuation (including quotes) and match the words in any order, case and in most cases prefix.

I want case sensitive matches

Be sure to use backticks within your search value if you want to find exact matches.

Step by step search tutorial