Queries

When viewing saved queries, you can use the keywords in this section to search and filter.

Name

The Name field can be searched using the syntax name:<text>.

name:"smb2"

Description

The Description field can be searched using the syntax description:<text>.

description:"smb version 1"

description:"wep"

Type

The Type field can be searched using the syntax type:<term> .

type:"services"

Category

The Category field can be searched using the syntax category:<term>.

category:"security"

category:"audit"

Severity

The Severity field can be searched using the syntax severity:<term>.

severity:"info"

severity:"critical"

Created by

The Created By field can be searched using the syntax created_by:<term>.

created_by:"runzero"

Timestamps (created at, updated at)

The timestamp fields, created_at and updated_at, can be searched using the syntax created_at:<term> and updated_at:<term>. The term supports the standard runZero [time comparison syntax][time].

created_at:>2weeks

created_at:<30minutes

updated_at:>1month

updated_at:2hours
Updated
Previous: Credentials Next: Events