Supported search field names

To find specific information you can use these field names and field values in the search box, in the format:

<fieldName>:<fieldValue>

Table 1. Alerts
Field name	Field type
alertType	String
alertSummary	String
alertId	String
lastSeen	Date
score	Numeric
provider	String
policyTagName	String
level	String
state	String
tags.<tag-name>	String

AWS field names

Table 2. AWS: Hosts
Field name	Field type
instanceId	String
imageId	String
runningState	String
instanceType	String
region	String
availabilityZone	String
startTime	Date
launchedBy	String
subnetId	String
vpcId	String
isPublic	Boolean
isVulnerable	Boolean
hasContainerNodes	Boolean
tags.<tag-name>	String
patchStatus	String
outGoingIp	String
outGoingPort	String
_exists_:serverAgent	Not applicable
not _exists_:serverAgent	Not applicable
serverAgent.agentId	String
serverAgent.hostname	String
serverAgent.health:<value>	String
serverAgent.osName	String
serverAgent.lastSeenAt	Date

Note Allowed values for serverAgent.health are good, suspicious, bad, or unavailable. For example serverAgent.health:good.

Table 3. AWS: Clusters
Field name	Field type
instanceId	String
name	String
region	String
roleArn	String
version	String
createdAt	Date
status	String
vpcId	String
endpointPublicAccess	Boolean
endpointPrivateAccess	Boolean
isPublic	Boolean
isVulnerable	Boolean
tags.<tag-name>	String

Table 4. AWS: Node Groups
Field name	Field type
instanceId	String
name	String
region	String
createdTime	Date
desiredCapacity	Numeric
createdAt	Date
placementGroup	String
serviceLinkedRoleARN	String
status	String
subnets	String
launchConfiguration	String
tags.<tag-name>	String

Table 5. AWS: Nodes
Field name	Field type
instanceId	String
name	String
namespace	String
publicIp	String
vmId	String
podCIDR	String
startTime	Date
tags.<tag-name>	String

Table 6. AWS: Pods
Field name	Field type
instanceId	String
name	String
namespace	String
nodeName	String
status	String
startTime	Date
hostIP	String
isPublic	Boolean
isPrivileged	Boolean
tags.<tag-name>	String

Table 7. AWS: Containers
Field name	Field type
instanceId	String
name	String
image	String
imagePullPolicy	String
status	String
startedTime	Date
privileged	Boolean
kubeHost.nodeName	String
kubeHost.namespace	String
tags.<tag-name>	String

Table 8. AWS: Services
Field name	Field type
instanceId	String
name	String
image	String
imagePullPolicy	String
status	String
startTime	Date
privileged	Boolean
kubeHost.nodeName	String
kubeHost.namespace	String
tags.<tag-name>	String

Table 9. AWS: Ingress
Field name	Field type
instanceId	String
name	String
namespace	String
startTime	Date
tags.<tag-name>	String

Table 10. AWS: Network Policy
Field name	Field type
instanceId	String
name	String
namespace	String
startTime	Date
tags.<tag-name>	String

Table 11. AWS: RBAC Roles
Field name	Field type
instanceId	String
roleType	String
name	String
namespace	String
creationTime	Date
tags.<tag-name>	String

Table 12. AWS: VPCs
Field name	Field type
vpcId	String
region	String
cidrBlock	String
lastModifiedBy	String
evoNetworkACLS.aclId	String
tags.<tag-name>	String

Table 13. AWS: Security Groups
Field name	Field type
secgrpId	String
name	String
vpcId	String
region	String
isOpenGroup	Boolean
lastModifiedBy	String
isUnusedGroup	Boolean
isNestedGroup	Boolean
isOverlappedGroup	Boolean
_ingressRules.protocol	String
_ingressRules.toPort	Numeric
_ingressRules.fromPort	Numeric
_ingressRules.ipRange	String
_ingressRules.groupIdName	String
_egressRules.protocol	String
_egressRules.toPort	Numeric
_egressRules.fromPort	Numeric
_egressRules.ipRange	String
_egressRules.groupIdName	String
tags.<tag-name>	String

Table 14. AWS: S3 buckets
Field name	Field type
name	String
owner	String
region	String
creationDate	Date
isRestricted	Boolean
lastModifiedBy	String
policy	String
defaultEncryption	String
isPublic	Boolean
tags.<tag-name>	String

Table 15. AWS: RDS
Field name	Field type
name	String
region	String
identifierId	String
arn	String
availabilityZone	String
secondaryAvailabilityZone	String
instanceClass	String
status	String
engine	String
engineVersion	String
multiAZ	Boolean
storageType	String
vpcId	String
networkInterface	String
creationDate	Date
isPubliclyAccessible	Boolean
isStorageEncrypted	Boolean
tags.<tag-name>	String

Table 16. AWS: IAM Users
Field name	Field type
name	String
userId	String
createDate	Date
isMfaActive	Boolean
isOverPrivileged	Boolean
accessKeyAge	Date
groupList	String
isActive	Boolean
passwordLastChanged	Date
passwordLastUsed	Date
lastActivity	Date

Table 17. AWS: IAM Groups
Field name	Field type
roleName	String
createDate	Boolean
isOverPrivileged	Boolean

Table 18. AWS: IAM Roles
Field name	Field type
name	String
isOverPrivileged	Boolean

Table 19. AWS: IAM External Access
Field name	Field type
region	String
accessLevels	String
findingId	String

Table 20. AWS: AWS Lambda
Field name	Field type
region	String
accessLevels	String
findingId	String
resource	String
resourceType	String
status	String
updatedAt	Date

Table 21. AWS: Outbound Traffic
Field Name	Field Type
srcAddr	String
dstAddr	String
dstPort	Numeric
protocol	Numeric
time	Date

Table 22. AWS: Inbound Traffic
Field Name	Field Type
dstAddr	String
dstPort	Numeric
protocol	Numeric
time	Date

Azure field names

Table 23. Azure: Hosts
Field name	Field type
name	String
resourceGroup	String
vmId	String
image	String
runningState	String
instanceType	String
region	String
startTime	Date
subnetId	String
vnetId	String
osType	String
isPublic	Boolean
classicPublicIpAddress	String
hasContainerNodes	Boolean
provisioningState	String
privateIP	String
primarySecurityGroup	String
vmScaleSetId	String
vmScaleSet	String
tags.<tag-name>	String
outGoingIp	String
outGoingPort	String
_exists_:serverAgent	Not applicable
not _exists_:serverAgent	Not applicable
serverAgent.agentId	String
serverAgent.hostname	String
serverAgent.health	String
serverAgent.osName	String
serverAgent.lastSeenAt	Date

Note Allowed values for serverAgent.health are good, suspicious, bad, or unavailable. For example serverAgent.health:good.

Table 24. Azure: Clusters
Field name	Field type
name	String
resourceGroup	String
instanceId	String
region	String
nodeResourceGroup	String
rbacEnabled	Boolean
httpEnabled	Boolean
version	String
tags.<tag-name>	String

Table 25. Azure: Node Groups
Field name	Field type
instanceId	String
name	String
region	String
createdTime	Date
desiredCapacity	Numeric
createdAt	Date
placementGroup	String
serviceLinkedRoleARN	String
status	String
subnets	String
launchConfiguration	String
tags.<tag-name>	String

Table 26. Azure: Nodes
Field name	Field type
instanceId	String
name	String
namespace	String
publicIp	String
vmId	String
podCIDR	String
startTime	Date
tags.<tag-name>	String

Table 27. Azure: Pods
Field name	Field type
instanceId	String
name	String
namespace	String
nodeName	String
status	String
startTime	Date
hostIP	String
isPublic	Boolean
isPrivileged	Boolean
tags.<tag-name>	String

Table 28. Azure: Containers
Field name	Field type
instanceId	String
name	String
image	String
imagePullPolicy	String
status	String
startedTime	Date
privileged	Boolean
kubeHost.nodeName	String
kubeHost.namespace	String
tags.<tag-name>	String

Table 29. Azure: Services
Field name	Field type
instanceId	String
name	String
image	String
imagePullPolicy	String
status	String
startTime	Date
privileged	Boolean
kubeHost.nodeName	String
kubeHost.namespace	String
tags.<tag-name>	String

Table 30. Azure: Ingress
Field name	Field type
instanceId	String
name	String
namespace	String
startTime	Date
tags.<tag-name>	String

Table 31. Azure: Network Policy
Field name	Field type
instanceId	String
name	String
namespace	String
startTime	Date
tags.<tag-name>	String

Table 32. Azure: RBAC Roles
Field name	Field type
instanceId	String
roleType	String
name	String
namespace	String
creationTime	Date
tags.<tag-name>	String

Table 33. Azure: Network Security Groups
Field name	Field type
name	String
instanceId	String
region	String
resourceGroup	String
isOpenGroup	Boolean
isUnusedGroup	Boolean
isOverlappedGroup	Boolean
tags.<tag-name>	String

Table 34. Azure: Virtual Networks
Field name	Field type
name	String
instanceId	String
region	String
resourceGroup	String
addressSpaces	String
dnsServerIPs	String
isDdosProtectionEnabled	Boolean
isVmProtectionEnabled	Boolean
tags.<tag-name>	String

Table 35. Azure: Resource Group
Field name	Field type
name	String
instanceId	String
region	String
tags.<tag-name>	String

Table 36. Azure: IoT Hub
Field name	Field type
iotHubName	String
instanceId	String
region	String
minTlsVersion	String
enableFileUploadNotifications	Boolean
tags.<tag-name>	String

Table 37. Azure: Storage Account
Field name	Field type
name	String
instanceId	String
region	String
resourceGroup	String
creationTime	Date
skuType	String
isPublic	Boolean
kind	String
tags.<tag-name>	String

Table 38. Azure: SQL Servers
Field name	Field type
name	String
instanceId	String
region	String
resourceGroup	String
administratorLogin	String
isAdLoginEnabled	Boolean
isPublic	Boolean
kind	String
isManagedServiceIdentityEnabled	Boolean
tags.<tag-name>	String

Table 39. Azure: DBs
Field name	Field type
name	String
instanceId	String
region	String
resourceGroup	String
type	String
administratorLogin	String
storageMB	Numeric
geoRedundantBackup	String
sslEnforcement	String
isPublic	Boolean
tags.<tag-name>	String

Table 40. Azure: Cosmos DBs
Field name	Field type
name	String
instanceId	String
region	String
resourceGroup	String
accountOfferType	String
documentEndpoint	String
kind	String
isMultipleWriteLocationsEnabled	Boolean
isVnetEnabled	Boolean
isPublic	Boolean
isAutomaticFailoverEnabled	Boolean
tags.<tag-name>	String

Table 41. Azure: Users
Field name	Field type
name	String
instanceId	String
mail	String
mainNickname	String
signInName	String
isActive	Boolean
userType	String
source	String

Table 42. Azure: Groups
Field name	Field type
name	String
instanceId	String
mail	String

Table 43. Azure: Function Apps
Field name	Field type
name	String
instanceId	String
region	String
resourceGroup	String
alwaysOn	Boolean
appServicePlanId	String
clientCertEnabled	String
containerSize	Numeric
defaultHostName	String
enabled	Boolean
state	String
repositorySiteName	String
httpsOnly	Boolean
lastModifiedTime	Date
os	String
tags.<tag-name>	String

Table 44. Azure: Apps Services
Field name	Field type
name	String
kind	String
instanceId	String
location	String
resourceGroup	String
alwaysOn	Boolean
clientCertEnabled	String
enabled	Boolean
state	String
httpsOnly	Boolean
lastModifiedTime	Date
tags.<tag-name>	String

Table 45. Azure: Logic Apps
Field name	Field type
name	String
instanceId	String
region	String
resourceGroup	String
alwaysOn	Boolean
appServicePlanId	String
clientCertEnabled	String
containerSize	Numeric
defaultHostName	String
enabled	Boolean
state	String
repositorySiteName	String
httpsOnly	Boolean
lastModifiedTime	Date
os	String
tags.<tag-name>	String

Table 46. Azure: Outbound Traffic
Field name	Field type
srcAddr	String
dstAddr	String
dstPort	Numeric
protocol	Numeric
time	Date

Table 47. Azure: Inbound Traffic
Field name	Field type
dstAddr	String
dstPort	Numeric
protocol	Numeric
time	Date

GCP field names

Table 48. GCP: Host
Field name	Field type
name	String
vmId	String
startTime	Date
description	String
type	String
status	String
zone	String
privateIP	String
publicIP	String
canIpForward	Boolean
cpuPlatform	String
kind	String
isPublic	String
hasContainerNodes	Date
tags.<tag-name>	String
outGoingIp	String
outGoingPort	String

Table 49. GCP: Clusters
Field name	Field type
name	String
description	String
loggingService	String
monitoringService	String
network	String
clusterIpv4Cidr	String
subnetwork	String
location	String
zone	String
endpoint	String
currentMasterVersion	String
createTime	Date
status	String
statusMessage	String
servicesIpv4Cidr	String
isMasterAuthorizedNetworksEnabled	Boolean
isLegacyABACEnabled	Boolean
isbasicAuthEnabled	Boolean

Table 50. GCP: Node Groups
Field name	Field type
name	String
cluster	String
status	String
isAutoRepairEnabled	Boolean
isAutoUpgradeEnabled	Boolean
machineType	String
imageType	String
serviceAccount	String

Table 51. GCP: Nodes
Field name	Field type
instanceId	String
name	String
namespace	String
publicIp	String
vmId	String
podCIDR	String
startTime	Date
tags.<tag-name>	String

Table 52. GCP: Pods
Field name	Field type
instanceId	String
name	String
namespace	String
nodeName	String
status	String
startTime	Date
hostIP	String
isPublic	Boolean
isPrivileged	Boolean
tags.<tag-name>	String

Table 53. GCP: Containers
Field name	Field type
instanceId	String
name	String
image	String
imagePullPolicy	String
status	String
startedTime	Date
privileged	Boolean
kubeHost.nodeName	String
kubeHost.namespace	String
tags.<tag-name>	String

Table 54. GCP: Services
Field name	Field type
instanceId	String
name	String
image	String
imagePullPolicy	String
status	String
startTime	Date
privileged	Boolean
kubeHost.nodeName	String
kubeHost.namespace	String
tags.<tag-name>	String

Table 55. GCP: Ingress
Field name	Field type
instanceId	String
name	String
namespace	String
startTime	Date
tags.<tag-name>	String

Table 56. GCP: Network Policy
Field name	Field type
instanceId	String
name	String
namespace	String
startTime	Date
tags.<tag-name>	String

Table 57. GCP: RBAC Roles
Field name	Field type
instanceId	String
roleType	String
name	String
namespace	String
creationTime	Date
tags.<tag-name>	String

Table 58. GCP: Firewall
Field name	Field type
instanceId	String
network	String
name	String
priority	Numeric
isDisabled	Boolean
isOpen	Boolean
isUnused	Boolean
direction	String

Table 59. GCP: VPCs
Field name	Field type
instanceId	String
startTime	Date
name	String
IPv4Range	String
routingMode	String
autoCreateSubnetworks	Boolean

Table 60. GCP: Buckets
Field name	Field type
instanceId	String
startTime	Date
name	String
encryption	String
owner	String
location	String
versioning	String
isPublic	Boolean
storageClass	String
tags.<tag-name>	String

Table 61. GCP: SQLs
Field name	Field type
instanceId	String
startTime	Date
name	String
state	String
backendType	String
databaseVersion	String
region	String
primaryIP	String
masterInstanceName	String
serviceAccount	String
diskType	String
SSLEnabled	Boolean
isPublic	Boolean
privateNetwork	String
tags.<tag-name>	String

Table 62. GCP: Users
Field name	Field type
instanceId	String
name	String
primaryEmail	String
isAdmin	Boolean
isDelegatedAdmin	Boolean
lastLoginTime	Date
creationTime	Date
isEnrolledIn2Sv	Boolean

Table 63. GCP: Groups
Field name	Field type
instanceId	String
name	String
email	String

Table 64. GCP: Role Bindings
Field name	Field type
role	String

Table 65. GCP: Outbound Traffic
Field name	Field type
srcAddr	String
dstAddr	String
dstPort	Numeric
protocol	Numeric
time	Date

Table 66. GCP: Inbound Traffic
Field name	Field type
dstAddr	String
dstPort	Numeric
protocol	Numeric
time	Date

Native K8s field names

Table 67. Native K8s: Nodes
Field name	Field type
instanceId	String
name	String
namespace	String
publicIp	String
vmId	String
podCIDR	String
startTime	Date
tags.<tag-name>	String

Table 68. Native K8s: Pods
Field name	Field type
instanceId	String
name	String
namespace	String
nodeName	String
status	String
startTime	Date
hostIP	String
isPublic	Boolean
isPrivileged	Boolean
tags.<tag-name>	String

Table 69. Native K8s: Containers
Field name	Field type
instanceId	String
name	String
image	String
imagePullPolicy	String
status	String
startedTime	Date
privileged	Boolean
kubeHost.nodeName	String
kubeHost.namespace	String
tags.<tag-name>	String

Table 70. Native K8s: Services
Field name	Field type
instanceId	String
name	String
image	String
imagePullPolicy	String
status	String
startTime	Date
privileged	Boolean
kubeHost.nodeName	String
kubeHost.namespace	String
tags.<tag-name>	String

Table 71. Native K8s: Ingress
Field name	Field type
instanceId	String
name	String
namespace	String
startTime	Date
tags.<tag-name>	String

Table 72. Native K8s: Network Policy
Field name	Field type
instanceId	String
name	String
namespace	String
startTime	Date
tags.<tag-name>	String

Table 73. Native K8s: RBAC Roles
Field name	Field type
instanceId	String
roleType	String
name	String
namespace	String
creationTime	Date
tags.<tag-name>	String

Supported search field names

AWS field names

Azure field names

GCP field names

Native K8s field names

Machine translation disclaimer