Kenna Simple Search Syntax Examples

This contains a number of example searches, based on our supported search terms.

For complex search examples that must combine Asset and Vulnerability terms with OR condition statements, see our complex search examples. 

To use an examples, copy its entire "Example" search string below and paste it into the "SEARCH" text bar, immediately below the Risk Meter on your Kenna Home page:

General Tips

  • To search for multiple values under a single search term use parenthesis - ip:(10.0.1.43 OR 172.3.45.6) / fix_title:("*Java*" AND "*Script*") 
  • Use + sign in strings to represent a single space of any value. Find SSL/TSL - cve_description:"*TLS+SSL*"
  • To "not" a search parameter use a - sign. To find non-server windows devices - os:"*Windows*" AND -os:"*Server*"

Asset Search Samples

Asset Locators


Example Description
-ip:([10.0.0.0 TO 10.255.255.255] OR [172.16.0.0 TO 172.31.255.255] OR [192.168.0.0 TO 192.168.255.255]) AND _exists_:ip Assets with externally-routable IP addresses.
ip:([10.0.0.0 TO 10.255.255.255] OR [172.16.0.0 TO 172.31.255.255] OR [192.168.0.0 TO 192.168.255.255]) Assets with internally-routable IP addresses.
ip:(10.0.0.1 OR 10.0.9.12 OR 10.0.23.6) Search for multiple distinct IP addresses.

Asset Scores

Example Description
asset_score:>660 Assets with high risk scores.
asset_score:>330 AND asset_score:<=660 Assets with medium risk scores.
asset_score:<=330 Assets with low risk scores.
vulnerability_score:>66 Vulnerabilities with high risk scores.
vulnerability_score:>33 AND vulnerability_score:<=66 Vulnerabilities with medium risk scores.
vulnerability_score:<=33 Vulnerabilities with low risk scores.

Asset Dates

Example Description
asset_last_seen:<now-30d Assets that haven't been seen in the last 30 days.

Combined Asset Elements

Example Description
tag:"*Windows*" AND asset_score:>660 Assets that are high risk and having a tag containing "Windows"
os:("*Linux*" OR "*Ubuntu*") AND asset_last_seen:>now-30d Linux or Ubuntu assets seen in the last 30 days 
tag:"Corporate External Network" AND -os:"Windows*"  Assets tagged "Corporate External Network" that do not have an OS string starting with "Windows".

 


 

 

Vulnerability Search Samples

Vulnerability Scores

Example Description
asset_score:>660 Assets with high risk scores.
asset_score:>330 AND asset_score:<=660 Assets with medium risk scores.
asset_score:<=330 Assets with low risk scores.
vulnerability_score:>66 Vulnerabilities with high risk scores.
vulnerability_score:>33 AND vulnerability_score:<=66 Vulnerabilities with medium risk scores.
vulnerability_score:<=33 Vulnerabilities with low risk scores.

 

Vulnerability Dates

Example Description
due_date:<now+30d AND due_date:>=now Vulnerabilities due in the next 30 days.
due_date:<now Vulnerabilities past due.

Combined Vulnerability Elements

Example Description
vulnerability_score:>66 AND fix_published:>now-30d High risk vulnerabilities with fixes published in the last 30 days
vulnerability_score:<67 AND vulnerability_score:>33 AND cve_description:"java" Medium risk java vulnerabilities 
due_date:<now AND cve:2010-0842 Open vulnerabilities for CVE-2010-0842 that are past due

 

Powered by Zendesk