This contains a number of example searches, based on our supported search terms.
To use any examples, copy the entire "Example" search string below and paste it into the "SEARCH" text bar, immediately below the Risk Meter on your Kenna Explore page.
Note: Complex searches that cross Asset and Vulnerability terms with OR condition statements are not supported in the UI search box. If you are having issues building the search you want, contact Support for assistance. Some queries can be implemented on the back end to support more complex queries.
General Tips
- To search for multiple values under a single search term use parenthesis - ip:(10.0.1.43 OR 172.3.45.6) / fix_title:("*Java*" AND "*Script*")
- Use ? sign in strings to represent a single space of any value.
- Find SSL/TLS - cve_description:"*TLS?SSL*"
- To "not" a search parameter use a - sign. To find non-server windows devices - os:"*Windows*" AND -os:"*Server*"
Asset Search Samples
Asset Locators
| Example | Description |
|---|---|
-ip:([10.0.0.0 TO 10.255.255.255] OR [172.16.0.0 TO 172.31.255.255] OR [192.168.0.0 TO 192.168.255.255]) AND _exists_:ip |
Assets with externally-routable IP addresses. |
ip:([10.0.0.0 TO 10.255.255.255] OR [172.16.0.0 TO 172.31.255.255] OR [192.168.0.0 TO 192.168.255.255]) |
Assets with internally-routable IP addresses. |
| ip:(10.0.0.1 OR 10.0.9.12 OR 10.0.23.6) | Search for multiple distinct IP addresses. |
Asset Scores
| Example | Description |
|---|---|
asset_score:>660 |
Assets with high risk scores. |
asset_score:>330 AND asset_score:<=660 |
Assets with medium risk scores. |
asset_score:<=330 |
Assets with low risk scores. |
vulnerability_score:>66 |
Vulnerabilities with high risk scores. |
vulnerability_score:>33 AND vulnerability_score:<=66 |
Vulnerabilities with medium risk scores. |
vulnerability_score:<=33 |
Vulnerabilities with low risk scores. |
Asset Dates
| Example | Description |
|---|---|
| asset_last_seen:<now-30d | Assets that haven't been seen in the last 30 days. |
Combined Asset Elements
| Example | Description |
|---|---|
| tag:"*Windows*" AND asset_score:>660 | Assets that are high risk and having a tag containing "Windows" |
| os:("*Linux*" OR "*Ubuntu*") AND asset_last_seen:>now-30d | Linux or Ubuntu assets seen in the last 30 days |
| tag:"Corporate External Network" AND -os:"Windows*" | Assets tagged "Corporate External Network" that do not have an OS string starting with "Windows". |
Vulnerability Search Samples
Vulnerability Scores
| Example | Description |
|---|---|
asset_score:>660 |
Assets with high risk scores. |
asset_score:>330 AND asset_score:<=660 |
Assets with medium risk scores. |
asset_score:<=330 |
Assets with low risk scores. |
vulnerability_score:>66 |
Vulnerabilities with high risk scores. |
vulnerability_score:>33 AND vulnerability_score:<=66 |
Vulnerabilities with medium risk scores. |
vulnerability_score:<=33 |
Vulnerabilities with low risk scores. |
Vulnerability Dates
| Example | Description |
|---|---|
due_date:<now+30d AND due_date:>=now |
Vulnerabilities due in the next 30 days. |
due_date:<now |
Vulnerabilities past due. |
Vulnerability Fixes
| Example | Description |
|---|---|
fix_title:Java |
Search vulnerabilities by fix title keywords that are case insensitive and do not need any wildcards. |
fix_title:"*MS20??-*" |
Vulnerabilities with a MS patch issued in 2000 and after. |
fix_category:Database |
Vulnerabilities with a fix that has the category Database |
Combined Vulnerability Elements
| Example | Description |
|---|---|
| vulnerability_score:>66 AND fix_published:>now-30d | High risk vulnerabilities with fixes published in the last 30 days |
| vulnerability_score:<67 AND vulnerability_score:>33 AND cve_description:"java" | Medium risk java vulnerabilities |
| due_date:<now AND cve:2010-0842 | Open vulnerabilities for CVE-2010-0842 that are past due |