Build Inventory Queries Using Search Shortcuts in Exposure Management
Search shortcuts provide insights into the top values of interesting fields for inventory results while providing an easy way to build queries with a click.
Summarizing Your Inventory
On the Asset Inventory page, the Search Shortcuts side panel is located on the left. For each asset type, Search Shortcuts show the top values of commonly used fields for the assets returned by a query. These breakdowns are query-dependent, meaning the aggregations are recalculated for each new query submitted.
The top protocols (service names) that are observed on hosts given the results of a search.
Clicking a value adds key-value search criteria to the search bar query, leveraging the syntax from Censys’ Asset Schemas. The key-value pairs append to any criteria already provided in the query bar.
Add a NOT statement
Hovering over a value reveals an option to negate logic from a query. By clicking the minus button, the key-value pair appends to the query with an “AND NOT” statement, allowing for easy removal from results.
Example of a search with a negated statement
Friendly formatting helps summarize fields where there are an abundance of unique values or where logical grouping makes more sense than showing unique values. On the Search Shortcuts panel, fields like association date are grouped into buckets of last 24 hours, last 7 days, last 30 days, and last year.
When clicking one of those buckets, logic is appended to the query using the range syntax from Censys’ DSL that encompasses that time window.
Refining your query
Search Shortcuts are a quick way to start building effective queries which help in the exploration of attack surfaces. After logic is added to the query bar, it can easily be edited or refined to match a specific use case. For example, if you select an association date search shortcut from the example above but you need to see assets found on an exact date, you can edit the query logic to include the exact date needed.