This contains a number of example searches, based on our supported search terms.
For complex search examples that must combine Asset and Vulnerability terms with OR condition statements, see our complex search examples.
To use an examples, copy its entire "Example" search string below and paste it into the "SEARCH" text bar, immediately below the Risk Meter on your Kenna Home page:
General Tips
- To search for multiple values under a single search term use parenthesis - ip:(10.0.1.43 OR 172.3.45.6) / fix_title:("*Java*" AND "*Script*")
- Use + sign in strings to represent a single space of any value. Find SSL/TSL - cve_description:"*TLS+SSL*"
- To "not" a search parameter use a - sign. To find non-server windows devices - os:"*Windows*" AND -os:"*Server*"
Asset Search Samples
Asset Locators
| Example | Description |
|---|---|
-ip:([10.0.0.0 TO 10.255.255.255] OR [172.16.0.0 TO 172.31.255.255] OR [192.168.0.0 TO 192.168.255.255]) AND _exists_:ip |
Assets with externally-routable IP addresses. |
ip:([10.0.0.0 TO 10.255.255.255] OR [172.16.0.0 TO 172.31.255.255] OR [192.168.0.0 TO 192.168.255.255]) |
Assets with internally-routable IP addresses. |
| ip:(10.0.0.1 OR 10.0.9.12 OR 10.0.23.6) | Search for multiple distinct IP addresses. |
Asset Scores
| Example | Description |
|---|---|
asset_score:>660 |
Assets with high risk scores. |
asset_score:>330 AND asset_score:<=660 |
Assets with medium risk scores. |
asset_score:<=330 |
Assets with low risk scores. |
vulnerability_score:>66 |
Vulnerabilities with high risk scores. |
vulnerability_score:>33 AND vulnerability_score:<=66 |
Vulnerabilities with medium risk scores. |
vulnerability_score:<=33 |
Vulnerabilities with low risk scores. |
Asset Dates
| Example | Description |
|---|---|
| asset_last_seen:<now-30d | Assets that haven't been seen in the last 30 days. |
Combined Asset Elements
| Example | Description |
|---|---|
| tag:"*Windows*" AND asset_score:>660 | Assets that are high risk and having a tag containing "Windows" |
| os:("*Linux*" OR "*Ubuntu*") AND asset_last_seen:>now-30d | Linux or Ubuntu assets seen in the last 30 days |
| tag:"Corporate External Network" AND -os:"Windows*" | Assets tagged "Corporate External Network" that do not have an OS string starting with "Windows". |
Vulnerability Search Samples
Vulnerability Scores
| Example | Description |
|---|---|
asset_score:>660 |
Assets with high risk scores. |
asset_score:>330 AND asset_score:<=660 |
Assets with medium risk scores. |
asset_score:<=330 |
Assets with low risk scores. |
vulnerability_score:>66 |
Vulnerabilities with high risk scores. |
vulnerability_score:>33 AND vulnerability_score:<=66 |
Vulnerabilities with medium risk scores. |
vulnerability_score:<=33 |
Vulnerabilities with low risk scores. |
Vulnerability Dates
| Example | Description |
|---|---|
due_date:<now+30d AND due_date:>=now |
Vulnerabilities due in the next 30 days. |
due_date:<now |
Vulnerabilities past due. |
Combined Vulnerability Elements
| Example | Description |
|---|---|
| vulnerability_score:>66 AND fix_published:>now-30d | High risk vulnerabilities with fixes published in the last 30 days |
| vulnerability_score:<67 AND vulnerability_score:>33 AND cve_description:"java" | Medium risk java vulnerabilities |
| due_date:<now AND cve:2010-0842 | Open vulnerabilities for CVE-2010-0842 that are past due |