Supported search field names

Tables of valid search field names and types.

To find specific information you can use these field names and field values in the search box, in the format:

<fieldName>:<fieldValue>
For example: s3 AND isPublic:true
Table 1. Alerts

Field name

Field type

alertType

String

alertSummary

String

alertId

String

lastSeen

Date

score

Numeric

provider

String

policyTagName

String

level

String

state

String

tags.<tag-name>

String

AWS field names

Table 2. AWS - Hosts

Field name

Field type

instanceId

String

imageId

String

runningState

String

instanceType

String

region

String

availabilityZone

String

startTime

Date

launchedBy

String

subnetId

String

vpcId

String

isPublic

Boolean

isVulnerable

Boolean

hasContainerNodes

Boolean

tags.<tag-name>

String

patchStatus

String

outGoingIp

String

outGoingPort

String

_exists_:serverAgent

Not applicable

not _exists_:serverAgent

Not applicable

serverAgent.agentId

String

serverAgent.hostname

String

serverAgent.health:<value>

String

serverAgent.osName

String

serverAgent.lastSeenAt

Date
Note Allowed values for serverAgent.health are good, suspicious, bad, or unavailable. For example serverAgent.health:good.
Table 3. AWS - Clusters

Field name

Field type

instanceId

String

name

String

region

String

roleArn

String

version

String

createdAt

Date

status

String

vpcId

String

endpointPublicAccess

Boolean

endpointPrivateAccess

Boolean

isPublic

Boolean

isVulnerable

Boolean

tags.<tag-name>

String
Table 4. AWS - Node Groups

Field name

Field type

instanceId

String

name

String

region

String

createdTime

Date

desiredCapacity

Numeric

createdAt

Date

placementGroup

String

serviceLinkedRoleARN

String

status

String

subnets

String

launchConfiguration

String

tags.<tag-name>

String
Table 5. AWS - Nodes

Field name

Field type

instanceId

String

name

String

namespace

String

publicIp

String

vmId

String

podCIDR

String

startTime

Date

tags.<tag-name>

String
Table 6. AWS - Pods

Field name

Field type

instanceId

String

name

String

namespace

String

nodeName

String

status

String

startTime

Date

hostIP

String

isPublic

Boolean

isPrivileged

Boolean

tags.<tag-name>

String
Table 7. AWS - Containers

Field name

Field type

instanceId

String

name

String

image

String

imagePullPolicy

String

status

String

startedTime

Date

privileged

Boolean

kubeHost.nodeName

String

kubeHost.namespace

String

tags.<tag-name>

String
Table 8. AWS - Services

Field name

Field type

instanceId

String

name

String

image

String

imagePullPolicy

String

status

String

startTime

Date

privileged

Boolean

kubeHost.nodeName

String

kubeHost.namespace

String

tags.<tag-name>

String
Table 9. AWS - Ingress

Field name

Field type

instanceId

String

name

String

namespace

String

startTime

Date

tags.<tag-name>

String
Table 10. AWS - Network Policy

Field name

Field type

instanceId

String

name

String

namespace

String

startTime

Date

tags.<tag-name>

String
Table 11. AWS - RBAC Roles

Field name

Field type

instanceId

String

roleType

String

name

String

namespace

String

creationTime

Date

tags.<tag-name>

String
Table 12. AWS - VPCs

Field name

Field type

vpcId

String

region

String

cidrBlock

String

lastModifiedBy

String

evoNetworkACLS.aclId

String

tags.<tag-name>

String
Table 13. AWS - Security Groups

Field name

Field type

secgrpId

String

name

String

vpcId

String

region

String

isOpenGroup

Boolean

lastModifiedBy

String

isUnusedGroup

Boolean

isNestedGroup

Boolean

isOverlappedGroup

Boolean

_ingressRules.protocol

String

_ingressRules.toPort

Numeric

_ingressRules.fromPort

Numeric

_ingressRules.ipRange

String

_ingressRules.groupIdName

String

_egressRules.protocol

String

_egressRules.toPort

Numeric

_egressRules.fromPort

Numeric

_egressRules.ipRange

String

_egressRules.groupIdName

String

tags.<tag-name>

String
Table 14. AWS - S3 buckets

Field name

Field type

name

String

owner

String

region

String

creationDate

Date

isRestricted

Boolean

lastModifiedBy

String

policy

String

defaultEncryption

String

isPublic

Boolean

tags.<tag-name>

String
Table 15. AWS - RDS

Field name

Field type

name

String

region

String

identifierId

String

arn

String

availabilityZone

String

secondaryAvailabilityZone

String

instanceClass

String

status

String

engine

String

engineVersion

String

multiAZ

Boolean

storageType

String

vpcId

String

networkInterface

String

creationDate

Date

isPubliclyAccessible

Boolean

isStorageEncrypted

Boolean

tags.<tag-name>

String
Table 16. AWS - IAM Users

Field name

Field type

name

String

userId

String

createDate

Date

isMfaActive

Boolean

isOverPrivileged

Boolean

accessKeyAge

Date

groupList

String

isActive

Boolean

passwordLastChanged

Date

passwordLastUsed

Date

lastActivity

Date
Table 17. AWS - IAM Groups

Field name

Field type

roleName

String

createDate

Boolean

isOverPrivileged

Boolean
Table 18. AWS - IAM Roles

Field name

Field type

name

String

isOverPrivileged

Boolean
Table 19. AWS - IAM External Access

Field name

Field type

region

String

accessLevels

String

findingId

String
Table 20. AWS - AWS Lambda

Field name

Field type

region

String

accessLevels

String

findingId

String

resource

String

resourceType

String

status

String

updatedAt

Date

Azure field names

Table 21. Azure - Hosts

Field name

Field type

name

String

resourceGroup

String

vmId

String

image

String

runningState

String

instanceType

String

region

String

startTime

Date

subnetId

String

vnetId

String

osType

String

isPublic

Boolean

classicPublicIpAddress

String

hasContainerNodes

Boolean

provisioningState

String

privateIP

String

primarySecurityGroup

String

vmScaleSetId

String

vmScaleSet

String

tags.<tag-name>

String

outGoingIp

String

outGoingPort

String

_exists_:serverAgent

Not applicable

not _exists_:serverAgent

Not applicable

serverAgent.agentId

String

serverAgent.hostname

String

serverAgent.health

String

serverAgent.osName

String

serverAgent.lastSeenAt

Date
Note Allowed values for serverAgent.health are good, suspicious, bad, or unavailable. For example serverAgent.health:good.
Table 22. Azure - Clusters

Field name

Field type

name

String

resourceGroup

String

instanceId

String

region

String

nodeResourceGroup

String

rbacEnabled

Boolean

httpEnabled

Boolean

version

String

tags.<tag-name>

String
Table 23. Azure - Node Groups

Field name

Field type

instanceId

String

name

String

region

String

createdTime

Date

desiredCapacity

Numeric

createdAt

Date

placementGroup

String

serviceLinkedRoleARN

String

status

String

subnets

String

launchConfiguration

String

tags.<tag-name>

String
Table 24. Azure - Nodes

Field name

Field type

instanceId

String

name

String

namespace

String

publicIp

String

vmId

String

podCIDR

String

startTime

Date

tags.<tag-name>

String
Table 25. Azure - Pods

Field name

Field type

instanceId

String

name

String

namespace

String

nodeName

String

status

String

startTime

Date

hostIP

String

isPublic

Boolean

isPrivileged

Boolean

tags.<tag-name>

String
Table 26. Azure - Containers

Field name

Field type

instanceId

String

name

String

image

String

imagePullPolicy

String

status

String

startedTime

Date

privileged

Boolean

kubeHost.nodeName

String

kubeHost.namespace

String

tags.<tag-name>

String
Table 27. Azure - Services

Field name

Field type

instanceId

String

name

String

image

String

imagePullPolicy

String

status

String

startTime

Date

privileged

Boolean

kubeHost.nodeName

String

kubeHost.namespace

String

tags.<tag-name>

String
Table 28. Azure - Ingress

Field name

Field type

instanceId

String

name

String

namespace

String

startTime

Date

tags.<tag-name>

String
Table 29. Azure - Network Policy

Field name

Field type

instanceId

String

name

String

namespace

String

startTime

Date

tags.<tag-name>

String
Table 30. Azure - RBAC Roles

Field name

Field type

instanceId

String

roleType

String

name

String

namespace

String

creationTime

Date

tags.<tag-name>

String
Table 31. Azure - Network Security Groups

Field name

Field type

name

String

instanceId

String

region

String

resourceGroup

String

isOpenGroup

Boolean

isUnusedGroup

Boolean

isOverlappedGroup

Boolean

tags.<tag-name>

String
Table 32. Azure - Virtual Networks

Field name

Field type

name

String

instanceId

String

region

String

resourceGroup

String

addressSpaces

String

dnsServerIPs

String

isDdosProtectionEnabled

Boolean

isVmProtectionEnabled

Boolean

tags.<tag-name>

String
Table 33. Azure - Resource Group

Field name

Field type

name

String

instanceId

String

region

String

tags.<tag-name>

String
Table 34. Azure - IoT Hub

Field name

Field type

iotHubName

String

instanceId

String

region

String

minTlsVersion

String

enableFileUploadNotifications

Boolean

tags.<tag-name>

String
Table 35. Azure - Storage Account

Field name

Field type

name

String

instanceId

String

region

String

resourceGroup

String

creationTime

Date

skuType

String

isPublic

Boolean

kind

String

tags.<tag-name>

String
Table 36. Azure - SQL Servers

Field name

Field type

name

String

instanceId

String

region

String

resourceGroup

String

administratorLogin

String

isAdLoginEnabled

Boolean

isPublic

Boolean

kind

String

isManagedServiceIdentityEnabled

Boolean

tags.<tag-name>

String
Table 37. Azure - DBs

Field name

Field type

name

String

instanceId

String

region

String

resourceGroup

String

type

String

administratorLogin

String

storageMB

Numeric

geoRedundantBackup

String

sslEnforcement

String

isPublic

Boolean

tags.<tag-name>

String
Table 38. Azure - Cosmos DBs

Field name

Field type

name

String

instanceId

String

region

String

resourceGroup

String

accountOfferType

String

documentEndpoint

String

kind

String

isMultipleWriteLocationsEnabled

Boolean

isVnetEnabled

Boolean

isPublic

Boolean

isAutomaticFailoverEnabled

Boolean

tags.<tag-name>

String
Table 39. Azure - Users

Field name

Field type

name

String

instanceId

String

mail

String

mainNickname

String

signInName

String

isActive

Boolean

userType

String

source

String
Table 40. Azure - Groups

Field name

Field type

name

String

instanceId

String

mail

String
Table 41. Azure - Function Apps

Field name

Field type

name

String

instanceId

String

region

String

resourceGroup

String

alwaysOn

Boolean

appServicePlanId

String

clientCertEnabled

String

containerSize

Numeric

defaultHostName

String

enabled

Boolean

state

String

repositorySiteName

String

httpsOnly

Boolean

lastModifiedTime

Date

os

String

tags.<tag-name>

String
Table 42. Azure - Logic Apps

Field name

Field type

name

String

instanceId

String

region

String

resourceGroup

String

alwaysOn

Boolean

appServicePlanId

String

clientCertEnabled

String

containerSize

Numeric

defaultHostName

String

enabled

Boolean

state

String

repositorySiteName

String

httpsOnly

Boolean

lastModifiedTime

Date

os

String

tags.<tag-name>

String

GCP field names

Table 43. GCP - Host

Field name

Field type

name

String

vmId

String

startTime

Date

description

String

type

String

status

String

zone

String

privateIP

String

publicIP

String

canIpForward

Boolean

cpuPlatform

String

kind

String

isPublic

String

hasContainerNodes

Date

tags.<tag-name>

String

outGoingIp

String

outGoingPort

String
Table 44. GCP - Clusters

Field name

Field type

name

String

description

String

loggingService

String

monitoringService

String

network

String

clusterIpv4Cidr

String

subnetwork

String

location

String

zone

String

endpoint

String

currentMasterVersion

String

createTime

Date

status

String

statusMessage

String

servicesIpv4Cidr

String

isMasterAuthorizedNetworksEnabled

Boolean

isLegacyABACEnabled

Boolean

isbasicAuthEnabled

Boolean
Table 45. GCP - Node Groups

Field name

Field type

name

String

cluster

String

status

String

isAutoRepairEnabled

Boolean

isAutoUpgradeEnabled

Boolean

machineType

String

imageType

String

serviceAccount

String
Table 46. GCP - Nodes

Field name

Field type

instanceId

String

name

String

namespace

String

publicIp

String

vmId

String

podCIDR

String

startTime

Date

tags.<tag-name>

String
Table 47. GCP - Pods

Field name

Field type

instanceId

String

name

String

namespace

String

nodeName

String

status

String

startTime

Date

hostIP

String

isPublic

Boolean

isPrivileged

Boolean

tags.<tag-name>

String
Table 48. GCP - Containers

Field name

Field type

instanceId

String

name

String

image

String

imagePullPolicy

String

status

String

startedTime

Date

privileged

Boolean

kubeHost.nodeName

String

kubeHost.namespace

String

tags.<tag-name>

String
Table 49. GCP - Services

Field name

Field type

instanceId

String

name

String

image

String

imagePullPolicy

String

status

String

startTime

Date

privileged

Boolean

kubeHost.nodeName

String

kubeHost.namespace

String

tags.<tag-name>

String
Table 50. GCP - Ingress

Field name

Field type

instanceId

String

name

String

namespace

String

startTime

Date

tags.<tag-name>

String
Table 51. GCP - Network Policy

Field name

Field type

instanceId

String

name

String

namespace

String

startTime

Date

tags.<tag-name>

String
Table 52. GCP - RBAC Roles

Field name

Field type

instanceId

String

roleType

String

name

String

namespace

String

creationTime

Date

tags.<tag-name>

String
Table 53. GCP - Firewall

Field name

Field type

instanceId

String

network

String

name

String

priority

Numeric

isDisabled

Boolean

isOpen

Boolean

isUnused

Boolean

direction

String
Table 54. GCP - VPCs

Field name

Field type

instanceId

String

startTime

Date

name

String

IPv4Range

String

routingMode

String

autoCreateSubnetworks

Boolean
Table 55. GCP - Buckets

Field name

Field type

instanceId

String

startTime

Date

name

String

encryption

String

owner

String

location

String

versioning

String

isPublic

Boolean

storageClass

String

tags.<tag-name>

String
Table 56. GCP - SQLs

Field name

Field type

instanceId

String

startTime

Date

name

String

state

String

backendType

String

databaseVersion

String

region

String

primaryIP

String

masterInstanceName

String

serviceAccount

String

diskType

String

SSLEnabled

Boolean

isPublic

Boolean

privateNetwork

String

tags.<tag-name>

String
Table 57. GCP - Users

Field name

Field type

instanceId

String

name

String

primaryEmail

String

isAdmin

Boolean

isDelegatedAdmin

Boolean

lastLoginTime

Date

creationTime

Date

isEnrolledIn2Sv

Boolean
Table 58. GCP - Groups

Field name

Field type

instanceId

String

name

String

email

String
Table 59. GCP - Role Bindings

Field name

Field type

role

String

Native K8s field names

Table 60. Native K8s - Nodes

Field name

Field type

instanceId

String

name

String

namespace

String

publicIp

String

vmId

String

podCIDR

String

startTime

Date

tags.<tag-name>

String
Table 61. Native K8s - Pods

Field name

Field type

instanceId

String

name

String

namespace

String

nodeName

String

status

String

startTime

Date

hostIP

String

isPublic

Boolean

isPrivileged

Boolean

tags.<tag-name>

String
Table 62. Native K8s - Containers

Field name

Field type

instanceId

String

name

String

image

String

imagePullPolicy

String

status

String

startedTime

Date

privileged

Boolean

kubeHost.nodeName

String

kubeHost.namespace

String

tags.<tag-name>

String
Table 63. Native K8s - Services

Field name

Field type

instanceId

String

name

String

image

String

imagePullPolicy

String

status

String

startTime

Date

privileged

Boolean

kubeHost.nodeName

String

kubeHost.namespace

String

tags.<tag-name>

String
Table 64. Native K8s - Ingress

Field name

Field type

instanceId

String

name

String

namespace

String

startTime

Date

tags.<tag-name>

String
Table 65. Native K8s - Network Policy

Field name

Field type

instanceId

String

name

String

namespace

String

startTime

Date

tags.<tag-name>

String
Table 66. Native K8s - RBAC Roles

Field name

Field type

instanceId

String

roleType

String

name

String

namespace

String

creationTime

Date

tags.<tag-name>

String