Build Inventory Queries Using Search Shortcuts in ASM
Search shortcuts provide insights into the top values of interesting fields for inventory results while providing an easy way to build queries with a click.
On the Asset Inventory page, the Search Shortcuts side panel is located on the left. For each asset type, Search Shortcuts show the top values of commonly used fields for the assets returned by a query. These breakdowns are query-dependent, meaning the aggregations are recalculated for each new query submitted.
The top protocols (service names) that are observed on hosts given the results of a search.
Clicking a value adds key-value search criteria to the search bar query, leveraging the syntax from the Censys Asset Schemas. The key-value pairs append to any criteria already provided in the query bar.
Friendly formatting helps summarize fields where there are an abundance of unique values or where logical grouping makes more sense than showing unique values. On the Search Shortcuts panel, fields like association date are grouped into buckets of last 24 hours, last 7 days, last 30 days, and last year.
When clicking one of those buckets, logic is appended to the query using the range syntax from the Censys DSL that encompasses that time window.
Search Shortcuts are a quick way to start building effective queries which help in the exploration of attack surfaces. After logic is added to the query bar, it can easily be edited or refined to match a specific use case. For example, if you select an association date search shortcut from the example above but you need to see assets found on an exact date, you can edit the query logic to include the exact date needed.
Comments
0 comments
Please sign in to leave a comment.