ASM: Asset Inventory Example Queries
For information on query language syntax, see Asset Inventory Search Language in Attack Surface Management.
General Queries
Action |
Command |
Try it link |
---|---|---|
Find assets with risk |
|
|
List assets with a tag |
|
|
Find all assets with a useful keyword in their name |
|
Try it out |
Host Queries
Action |
Command |
Try it link |
---|---|---|
Find hosts whose IP address is within a range, written using CIDR notation or using initial and terminal values in brackets |
|
|
OR
|
||
Find SSH services running on non-standard ports |
|
|
Find hosts that support SSLv3, TLSv1.0, and TLSv1.1 |
|
|
Find web entities that support SSLv3, TLSv1.0, and TLSv1.1 |
|
Web Entity Queries
Action |
Command |
Try it link |
---|---|---|
Find web entities that are serving one of the following HTTP applications |
|
|
Find web entities that are redirecting to another location |
|
|
Find web entities that are using a plain HTTP connection |
|
Vulnerability and Risk Queries
Action |
Command |
Try it link |
---|---|---|
Web entities with high-severity risks |
|
|
Identify services with executables presenting in the HTTP body |
|
|
List assets with a recently detected risk |
|
|
Find potentially unknown assets with severe risks |
|
|
Find newly discovered assets with a risk |
|
|
Find hosts presenting a self-signed certificate |
|
|
Find hosts presenting a certificate whose trust status is revoked |
|
|
Potential Shadow Cloud
Action |
Command |
Try it link |
---|---|---|
Search for hosts located in data centers outside of your sanctioned clouds |
|
|
Search for potentially unknown hosts in major Cloud Providers |
|
Comments
0 comments
Please sign in to leave a comment.