Supported search field names
Tables of valid search field names and types.
To find specific information you can use these field names and field values in the search box, in the format:
<fieldName>:<fieldValue>
Field name |
Field type |
---|---|
alertType |
String |
alertSummary |
String |
alertId |
String |
lastSeen |
Date |
score |
Numeric |
provider |
String |
policyTagName |
String |
level |
String |
state |
String |
tags.<tag-name> |
String |
AWS field names
Field name |
Field type |
---|---|
instanceId |
String |
imageId |
String |
runningState |
String |
instanceType |
String |
region |
String |
availabilityZone |
String |
startTime |
Date |
launchedBy |
String |
subnetId |
String |
vpcId |
String |
isPublic |
Boolean |
isVulnerable |
Boolean |
hasContainerNodes |
Boolean |
tags.<tag-name> |
String |
patchStatus |
String |
outGoingIp |
String |
outGoingPort |
String |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
region |
String |
roleArn |
String |
version |
String |
createdAt |
Date |
status |
String |
vpcId |
String |
endpointPublicAccess |
Boolean |
endpointPrivateAccess |
Boolean |
isPublic |
Boolean |
isVulnerable |
Boolean |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
region |
String |
createdTime |
Date |
desiredCapacity |
Numeric |
createdAt |
Date |
placementGroup |
String |
serviceLinkedRoleARN |
String |
status |
String |
subnets |
String |
launchConfiguration |
String |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
namespace |
String |
publicIp |
String |
vmId |
String |
podCIDR |
String |
startTime |
Date |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
namespace |
String |
nodeName |
String |
status |
String |
startTime |
Date |
hostIP |
String |
isPublic |
Boolean |
isPrivileged |
Boolean |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
image |
String |
imagePullPolicy |
String |
status |
String |
startedTime |
Date |
privileged |
Boolean |
kubeHost.nodeName |
String |
kubeHost.namespace |
String |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
image |
String |
imagePullPolicy |
String |
status |
String |
startTime |
Date |
privileged |
Boolean |
kubeHost.nodeName |
String |
kubeHost.namespace |
String |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
namespace |
String |
startTime |
Date |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
namespace |
String |
startTime |
Date |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
roleType |
String |
name |
String |
namespace |
String |
creationTime |
Date |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
vpcId |
String |
region |
String |
cidrBlock |
String |
lastModifiedBy |
String |
evoNetworkACLS.aclId |
String |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
secgrpId |
String |
name |
String |
vpcId |
String |
region |
String |
isOpenGroup |
Boolean |
lastModifiedBy |
String |
isUnusedGroup |
Boolean |
isNestedGroup |
Boolean |
isOverlappedGroup |
Boolean |
_ingressRules.protocol |
String |
_ingressRules.toPort |
Numeric |
_ingressRules.fromPort |
Numeric |
_ingressRules.ipRange |
String |
_ingressRules.groupIdName |
String |
_egressRules.protocol |
String |
_egressRules.toPort |
Numeric |
_egressRules.fromPort |
Numeric |
_egressRules.ipRange |
String |
_egressRules.groupIdName |
String |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
name |
String |
owner |
String |
region |
String |
creationDate |
Date |
isRestricted |
Boolean |
lastModifiedBy |
String |
policy |
String |
defaultEncryption |
String |
isPublic |
Boolean |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
name |
String |
region |
String |
identifierId |
String |
arn |
String |
availabilityZone |
String |
secondaryAvailabilityZone |
String |
instanceClass |
String |
status |
String |
engine |
String |
engineVersion |
String |
multiAZ |
Boolean |
storageType |
String |
vpcId |
String |
networkInterface |
String |
creationDate |
Date |
isPubliclyAccessible |
Boolean |
isStorageEncrypted |
Boolean |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
name |
String |
userId |
String |
createDate |
Date |
isMfaActive |
Boolean |
isOverPrivileged |
Boolean |
accessKeyAge |
Date |
groupList |
String |
isActive |
Boolean |
passwordLastChanged |
Date |
passwordLastUsed |
Date |
lastActivity |
Date |
Field name |
Field type |
---|---|
roleName |
String |
createDate |
Boolean |
isOverPrivileged |
Boolean |
Field name |
Field type |
---|---|
name |
String |
isOverPrivileged |
Boolean |
Field name |
Field type |
---|---|
region |
String |
accessLevels |
String |
findingId |
String |
Field name |
Field type |
---|---|
region |
String |
accessLevels |
String |
findingId |
String |
resource |
String |
resourceType |
String |
status |
String |
updatedAt |
Date |
Azure field names
Field name |
Field type |
---|---|
name |
String |
resourceGroup |
String |
vmId |
String |
image |
String |
runningState |
String |
instanceType |
String |
region |
String |
startTime |
Date |
subnetId |
String |
vnetId |
String |
osType |
String |
isPublic |
Boolean |
classicPublicIpAddress |
String |
hasContainerNodes |
Boolean |
provisioningState |
String |
privateIP |
String |
primarySecurityGroup |
String |
vmScaleSetId |
String |
vmScaleSet |
String |
tags.<tag-name> |
String |
outGoingIp |
String |
outGoingPort |
String |
Field name |
Field type |
---|---|
name |
String |
resourceGroup |
String |
instanceId |
String |
region |
String |
nodeResourceGroup |
String |
rbacEnabled |
Boolean |
httpEnabled |
Boolean |
version |
String |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
region |
String |
createdTime |
Date |
desiredCapacity |
Numeric |
createdAt |
Date |
placementGroup |
String |
serviceLinkedRoleARN |
String |
status |
String |
subnets |
String |
launchConfiguration |
String |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
namespace |
String |
publicIp |
String |
vmId |
String |
podCIDR |
String |
startTime |
Date |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
namespace |
String |
nodeName |
String |
status |
String |
startTime |
Date |
hostIP |
String |
isPublic |
Boolean |
isPrivileged |
Boolean |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
image |
String |
imagePullPolicy |
String |
status |
String |
startedTime |
Date |
privileged |
Boolean |
kubeHost.nodeName |
String |
kubeHost.namespace |
String |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
image |
String |
imagePullPolicy |
String |
status |
String |
startTime |
Date |
privileged |
Boolean |
kubeHost.nodeName |
String |
kubeHost.namespace |
String |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
namespace |
String |
startTime |
Date |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
namespace |
String |
startTime |
Date |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
roleType |
String |
name |
String |
namespace |
String |
creationTime |
Date |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
name |
String |
instanceId |
String |
region |
String |
resourceGroup |
String |
isOpenGroup |
Boolean |
isUnusedGroup |
Boolean |
isOverlappedGroup |
Boolean |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
name |
String |
instanceId |
String |
region |
String |
resourceGroup |
String |
addressSpaces |
String |
dnsServerIPs |
String |
isDdosProtectionEnabled |
Boolean |
isVmProtectionEnabled |
Boolean |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
name |
String |
instanceId |
String |
region |
String |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
iotHubName |
String |
instanceId |
String |
region |
String |
minTlsVersion |
String |
enableFileUploadNotifications |
Boolean |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
name |
String |
instanceId |
String |
region |
String |
resourceGroup |
String |
creationTime |
Date |
skuType |
String |
isPublic |
Boolean |
kind |
String |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
name |
String |
instanceId |
String |
region |
String |
resourceGroup |
String |
administratorLogin |
String |
isAdLoginEnabled |
Boolean |
isPublic |
Boolean |
kind |
String |
isManagedServiceIdentityEnabled |
Boolean |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
name |
String |
instanceId |
String |
region |
String |
resourceGroup |
String |
type |
String |
administratorLogin |
String |
storageMB |
Numeric |
geoRedundantBackup |
String |
sslEnforcement |
String |
isPublic |
Boolean |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
name |
String |
instanceId |
String |
region |
String |
resourceGroup |
String |
accountOfferType |
String |
documentEndpoint |
String |
kind |
String |
isMultipleWriteLocationsEnabled |
Boolean |
isVnetEnabled |
Boolean |
isPublic |
Boolean |
isAutomaticFailoverEnabled |
Boolean |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
name |
String |
instanceId |
String |
|
String |
mainNickname |
String |
signInName |
String |
isActive |
Boolean |
userType |
String |
source |
String |
Field name |
Field type |
---|---|
name |
String |
instanceId |
String |
|
String |
Field name |
Field type |
---|---|
name |
String |
instanceId |
String |
region |
String |
resourceGroup |
String |
alwaysOn |
Boolean |
appServicePlanId |
String |
clientCertEnabled |
String |
containerSize |
Numeric |
defaultHostName |
String |
enabled |
Boolean |
state |
String |
repositorySiteName |
String |
httpsOnly |
Boolean |
lastModifiedTime |
Date |
os |
String |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
name |
String |
instanceId |
String |
region |
String |
resourceGroup |
String |
alwaysOn |
Boolean |
appServicePlanId |
String |
clientCertEnabled |
String |
containerSize |
Numeric |
defaultHostName |
String |
enabled |
Boolean |
state |
String |
repositorySiteName |
String |
httpsOnly |
Boolean |
lastModifiedTime |
Date |
os |
String |
tags.<tag-name> |
String |
GCP field names
Field name |
Field type |
---|---|
name |
String |
vmId |
String |
startTime |
Date |
description |
String |
type |
String |
status |
String |
zone |
String |
privateIP |
String |
publicIP |
String |
canIpForward |
Boolean |
cpuPlatform |
String |
kind |
String |
isPublic |
String |
hasContainerNodes |
Date |
tags.<tag-name> |
String |
outGoingIp |
String |
outGoingPort |
String |
Field name |
Field type |
---|---|
name |
String |
description |
String |
loggingService |
String |
monitoringService |
String |
network |
String |
clusterIpv4Cidr |
String |
subnetwork |
String |
location |
String |
zone |
String |
endpoint |
String |
currentMasterVersion |
String |
createTime |
Date |
status |
String |
statusMessage |
String |
servicesIpv4Cidr |
String |
isMasterAuthorizedNetworksEnabled |
Boolean |
isLegacyABACEnabled |
Boolean |
isbasicAuthEnabled |
Boolean |
Field name |
Field type |
---|---|
name |
String |
cluster |
String |
status |
String |
isAutoRepairEnabled |
Boolean |
isAutoUpgradeEnabled |
Boolean |
machineType |
String |
imageType |
String |
serviceAccount |
String |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
namespace |
String |
publicIp |
String |
vmId |
String |
podCIDR |
String |
startTime |
Date |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
namespace |
String |
nodeName |
String |
status |
String |
startTime |
Date |
hostIP |
String |
isPublic |
Boolean |
isPrivileged |
Boolean |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
image |
String |
imagePullPolicy |
String |
status |
String |
startedTime |
Date |
privileged |
Boolean |
kubeHost.nodeName |
String |
kubeHost.namespace |
String |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
image |
String |
imagePullPolicy |
String |
status |
String |
startTime |
Date |
privileged |
Boolean |
kubeHost.nodeName |
String |
kubeHost.namespace |
String |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
namespace |
String |
startTime |
Date |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
namespace |
String |
startTime |
Date |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
roleType |
String |
name |
String |
namespace |
String |
creationTime |
Date |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
network |
String |
name |
String |
priority |
Numeric |
isDisabled |
Boolean |
isOpen |
Boolean |
isUnused |
Boolean |
direction |
String |
Field name |
Field type |
---|---|
instanceId |
String |
startTime |
Date |
name |
String |
IPv4Range |
String |
routingMode |
String |
autoCreateSubnetworks |
Boolean |
Field name |
Field type |
---|---|
instanceId |
String |
startTime |
Date |
name |
String |
encryption |
String |
owner |
String |
location |
String |
versioning |
String |
isPublic |
Boolean |
storageClass |
String |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
startTime |
Date |
name |
String |
state |
String |
backendType |
String |
databaseVersion |
String |
region |
String |
primaryIP |
String |
masterInstanceName |
String |
serviceAccount |
String |
diskType |
String |
SSLEnabled |
Boolean |
isPublic |
Boolean |
privateNetwork |
String |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
primaryEmail |
String |
isAdmin |
Boolean |
isDelegatedAdmin |
Boolean |
lastLoginTime |
Date |
creationTime |
Date |
isEnrolledIn2Sv |
Boolean |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
|
String |
Field name |
Field type |
---|---|
role |
String |
Native K8s field names
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
namespace |
String |
publicIp |
String |
vmId |
String |
podCIDR |
String |
startTime |
Date |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
namespace |
String |
nodeName |
String |
status |
String |
startTime |
Date |
hostIP |
String |
isPublic |
Boolean |
isPrivileged |
Boolean |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
image |
String |
imagePullPolicy |
String |
status |
String |
startedTime |
Date |
privileged |
Boolean |
kubeHost.nodeName |
String |
kubeHost.namespace |
String |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
image |
String |
imagePullPolicy |
String |
status |
String |
startTime |
Date |
privileged |
Boolean |
kubeHost.nodeName |
String |
kubeHost.namespace |
String |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
namespace |
String |
startTime |
Date |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
name |
String |
namespace |
String |
startTime |
Date |
tags.<tag-name> |
String |
Field name |
Field type |
---|---|
instanceId |
String |
roleType |
String |
name |
String |
namespace |
String |
creationTime |
Date |
tags.<tag-name> |
String |