Use Advanced Search Expressions

Perform a more detailed search of incidents on Aperture using advanced search expressions.
In some cases, a faceted search will not provide you enough detail to find high priority incidents. To isolate important problems, it can help to match more than one rule or to ignore the incidents that match rules but that are not important to you. For these cases, you can perform an advanced search. Advanced search provides the same filters as a basic faceted search, but gives you more options to apply connectors and operators.
For example, if you have a company policy that considers social security numbers, tax information numbers, and credit card numbers to be sensitive data, you may need to search for all assets that contain any of these numbers and notify the owners.
An advanced search expression is composed of a set of supported fields, operators, and connectors. Fields and field values can include:
  • item.attached_to_name—Attached asset name of an item.
  • item.creator—Name of the creator of an item. The name can be partial.
  • item.creator_email—Email of the creator of an item. The email address must be complete.
  •—Name of file or folder.
  • item.owner—Name of the owner of an item. The name can be partial.
  • item.owner_email—Email of the owner of an item. The email address must be complete.
  • item.container_name—Name of the container.
  • item.account—Account ID of the container.
  • shared.with_domain—Any domain name.
  • file.type—File format supported by Aperture. (See Aperture Service—Supported File Types for details.)
  • email.sent—If email has been sent to the user the value is true or false.
  •—Name of a policy rule.
  • exposurePublic, External, Internal, Company, or hasCustomURL.
  •—Name of any application instance.
  •—Name of the data pattern.
  • file_modified_in—File modification date with date format YYYY-MM-DD.
  • file_sha256—sha256 of file or folder.
  • shared_with—Shared with trusted users, untrusted users, or anyone not trusted users.
Operators define the relationship between a field and a value. Operators can include:
  • eq—equals.
  • neq—not equal.
  • is_present—included (partial match).
  • in—included.
  • not_in—not included.
Connectors define the logic associated with groups of items. Connectors can include:
  • and—logical AND operation.
  • or—logical OR operation.
  • and_not—AND is not.
  • or_not—OR is not.
Combine fields, operators, and connectors based on the following syntax rules:
Syntax Rule
Use parentheses to group items in an expression.
(item.owner neq '')
Include field values in single quotes.
(file.type eq 'PDF')
Aperture-recognized keywords and logical operators do not need quotes.
(exposure eq public)
Use comma-separated lists for multiple values.
(file.type not_in 'PDF','PPT')
The following are examples of advanced search expressions:
To Search for
  • Any asset owned by a user named msmith.
(item.owner eq 'msmith')
  • Any asset with Public, External, or Company exposure that caused an email alert.
(exposure neg internal) and (email.sent is true)
  • A file named “apple vs samsung.pdf” John T Smith or Jane Smith does not own.
( eq 'apple vs samsung.pdf') and ((owner neq 'John T Smith') or (owner neq 'Jane Smith'))
  • Any asset that includes a credit card number and share on or has Public or External exposure. Do not include assets with credit card numbers that have Internal or Company exposure.
( eq 'credit card number') and not ((exposure eq internal) or (exposure eq company)) or (shared.with eq '')

Related Documentation