Skip to content


You can run searches from the search bar in most pages in Sophos Cloud Optix.

To save, run, view, edit, and delete searches, go to Search. In Search Super Admins can configure saved searches to cause alerts. See Search capabilities.

You can do the following:

  • Simple searches. For example you can enter an AWS EC2 name to find alerts related to that instance.
  • Combine different search terms for advanced queries.
  • Search all your inventory data or restrict your search to specific areas, for example Alerts or Containers.

    To do this in the search bar, use the drop-down list. If you're in a specific section of Sophos Cloud Optix, for example Storage - AWS, the search defaults to that section. You can override this using the drop-down list.

  • Use the logical operators NOT, AND, and OR. They're not case sensitive.

  • Specify date ranges.
  • Combine different query terms in queries using logical operator precedence. You can use ellipses to modify the order expressions are used in.

S3Bucket and (* or isPublic:true)

For examples of complex searches, see Search examples.