Findings

When viewing findings, you can use the keywords in this section to search and filter.

Finding code

The finding code field is the unique identifier for a given finding. Use the syntax finding_code:<uuid> to filter by the code field.

finding_code:rz-finding-internet-exposed-database

Name

Use the syntax name:<text> to search by finding name.

name:"Internet Exposed Database"

Description

The Description field can be searched using the syntax description:<text>.

description:"indicated databases"

Solution

The Solution field can be searched using the syntax solution:<text>.

solution:"indicated databases"

Risk

The Risk / Risk Rank value can be searched using either numeric or keyword values. Risk rank is an integer from zero through four, where 0 is Info level risk and 4 indicates Critical risk.

risk:"Critical"

risk_rank:>2

Category

The finding Category field can be searched using the syntax category:<text>.

category:"End-of-Life"

Vulnerability instance count

The Instance field can be searched using the syntax vulnerability_count:<text>.

vulnerability_count:>0

Organization and site names

The names of organizations or sites affected can be searched using the following search terms:

• organization_name:<text>
• site_name:<text>

The IDs are unique and are written as UUIDs.

organization_id:0eacf412-6e69-11ec-88b9-f875a414a63a

Organization and site IDs

The IDs of organizations or sites affected can be searched using the following search terms:

• organization_id:<uuid>
• site_id:<uuid>

The IDs are unique and are written as UUIDs.

organization_id:0eacf412-6e69-11ec-88b9-f875a414a63a

Timestamps

Use the following syntaxes to search the finding timestamp fields (last_detected_at, created_at, updated_at):

• created_at:<term>
• updated_at:<term>
• last_detected_at:<term>

The term supports the standard runZero [time comparison syntax][time].

last_detected_at:>2weeks

created_at:<30minutes

updated_at:>1year

updated_at:<12hours