Use Advanced Search Expressions
Perform a more detailed search of incidents on Aperture using advanced search expressions.
In some cases, a faceted search will not provide you enough detail to find high priority incidents. To isolate important problems, it can help to match more than one rule or to ignore the incidents that match rules but that are not important to you. For these cases, you can perform an advanced search. Advanced search provides the same filters as a basic faceted search, but gives you more options to apply connectors and operators.
For example, if you have a company policy that considers social security numbers, tax information numbers, and credit card numbers to be sensitive data, you may need to search for all assets that contain any of these numbers and notify the owners.
An advanced search expression is composed of a set of supported fields, operators, and connectors. Fields and field values can include:
- item.attached_to_name—Attached asset name of an item.
- item.creator—Name of the creator of an item. The name can be partial.
- item.creator_email—Email of the creator of an item. The email address must be complete.
- item.name—Name of file or folder.
- item.owner—Name of the owner of an item. The name can be partial.
- item.owner_email—Email of the owner of an item. The email address must be complete.
- item.container_name—Name of the container.
- item.account—Account ID of the container.
- shared.with_domain—Any domain name.
- file.type—File format supported by Aperture. (See Aperture Service—Supported File Types for details.)
- email.sent—If email has been sent to the user the value is true or false.
- policy.name—Name of a policy rule.
- exposure—Public, External, Internal, Company, or hasCustomURL.
- app.name—Name of any application instance.
- data_pattern.name—Name of the data pattern.
- file_modified_in—File modification date with date format YYYY-MM-DD.
- file_sha256—sha256 of file or folder.
- shared_with—Shared with trusted users, untrusted users, or anyone not trusted users.
Operators define the relationship between a field and a value. Operators can include:
- neq—not equal.
- is_present—included (partial match).
- not_in—not included.
Connectors define the logic associated with groups of items. Connectors can include:
- and—logical AND operation.
- or—logical OR operation.
- and_not—AND is not.
- or_not—OR is not.
Combine fields, operators, and connectors based on the following syntax rules:
Use parentheses to group items in an expression.
(item.owner neq 'firstname.lastname@example.org')
Include field values in single quotes.
(file.type eq 'PDF')
Aperture-recognized keywords and logical operators do not need quotes.
(exposure eq public)
Use comma-separated lists for multiple values.
(file.type not_in 'PDF','PPT')
The following are examples of advanced search expressions:
To Search for
(item.owner eq 'msmith')
(exposure neg internal) and (email.sent is true)
(item.name eq 'apple vs samsung.pdf') and ((owner neq 'John T Smith') or (owner neq 'Jane Smith'))
(policy.name eq 'credit card number') and not ((exposure eq internal) or (exposure eq company)) or (shared.with eq 'gmail.com')
Use Faceted Search to Filter Assets
Learn how to use faceted search on Aperture to investigate and view details about incidents discovered when scanning your SaaS applications. ...
Use Advanced Search
Use Advanced Search To perform an advanced search: Show the assets. Select Explore Assets . Select Advanced to start an advanced search. Create your Use ...
Secure Cloud Apps
Use the Aperture service to have visibility into and control over how your users are accessing and sharing data across SaaS applications. ...
New Features Introduced in October 2016
New Features Introduced in October 2016 The following table provides a snapshot of new features introduced for Aperture™ in October 2016. Refer to the Aperture ...
PAN-OS 6.0 Administrator's Guide
PAN-OS® Administrator’s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 http://www.paloaltonetworks.com/contact/contact/ About this Guide ...
PAN-OS 4.0 Administrator's Guide
Palo Alto Networks Administrator’s Guide Release 4.0 2/6/12 Third/Final Review Draft - Palo Alto Networks COMPANY CONFIDENTIAL Palo Alto Networks, Inc. www.paloaltonetworks.com © 2007-2011 ...
PAN-OS 6.1 Administrator's Guide
PAN-OS® Administrator’s Guide Version 6.1 Contact Information Corporate Headquarters: Palo Alto Networks 3000 Tannery Way Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-support About this Guide This ...
PAN-OS 7.0 Web Interface Help
Palo Alto Networks Web Interface Reference Guide Version 7.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 ...
Work with the Search Editor
Work with the Search Editor Use the search editor to perform both simple and complex searches based on one or more artifacts. The search editor ...