Focus

AutoFocus™ Administrator’s Guide

Search Operators and Values

Table of Contents

Search Operators and Values

Search operators refine the results that are returned to you when you perform a search. Operators determine which results to display based on the value you select or enter for an artifact type. You can have up to 10,000 values in a single search with multiple search conditions. Refer to the following table when you Work with the Search Editor to set up a search.

Operator	When to Use It	Possible Values
is	Find samples or sessions that contain the exact value you enter.	Number Option—Select a value from the drop-down. String—Type an exact value (not case-sensitive).
is not	Find samples or sessions that do not contain the exact value you enter.	Number Option—Select a value from the drop-down. String—Type an exact value (not case-sensitive).
has no value	Exclude samples or sessions with reported values for the artifact type from the search results.	No value required
has any value	Find samples or sessions that have reported values for the artifact type, including values such as 0, unknown, or Not Found.	No value required
is in the list	Find samples or sessions with artifacts that match at least one of the values from a list. You can have up to 1,000 values in your list.	Option—Select more than one value from the drop-down. String—Type more than one value (not case-sensitive). Press Enter to separate one value from another. The values must be exact.

is not in the list	Exclude samples or sessions that do not have at least one value from a list. You can have up to 1,000 values in your list.	Option—Select more than one value from the drop-down. String—Type more than one value (not case-sensitive). Press Enter to separate one value from another. The values must be exact.
contains	Find samples or sessions that contain the partial value you enter. Use the contains operator if you don’t know the exact value of an artifact.	String—Type a partial value (not case-sensitive). Learn more about the Guidelines for Partial Searches.

does not contain	Find samples or sessions that do not have the partial value you enter.	String—Type a partial value (not case-sensitive). Learn more about the Guidelines for Partial Searches.
proximity	Perform a single search for two or more values. Use the proximity operator with Analysis Artifacts to look for multiple artifacts that can appear in the WildFire analysis of a sample.	String—Type partial values if you don’t know the exact value (not case-sensitive). You can enter the values in any order. Learn more about the Guidelines for Partial Searches.

is in the range	Find values within a date or numerical range.	Date and Time Range—Select the earliest and latest possible date and time that a value can be, or choose from a drop-down of relative dates, such as Yesterday, Last Month, or Last 90 days. Number Range—Select a minimum and maximum number that a value can be.

greater than	Find values that are more than the number you enter.	Number
greater than or equal	Find values that are more than or equal to the number you enter.	Number
less than	Find values that are less than the number you enter.	Number
less than or equal	Find values that are less than or equal to the number you enter.	Number
is after	Find date and time values that occur after a specific date.	Date and Time—Select a date and time, or choose from a drop-down of relative dates such as Yesterday, Last Month, or Last 90 days.

is before	Find date and time values that occur before a specific date.	Date and Time—Select a date and time, or choose from a drop-down of relative dates such as Yesterday, Last Month, or Last 90 days.

Android Artifacts

Guidelines for Partial Searches