Magic Search and Filters

Learn all about Vulcan's search and filtering tool for precise information retrieval.

Updated over a week ago

About

Vulcan's Magic Search is designed to elevate the search and filtering experience with new and empowered capabilities. Use the new Filter capabilities to efficiently retrieve the information that matters most. Here's a glimpse of what you can expect.

  • Create Complex queries with groups of AND / OR combinations.

  • Save Searches to recall complex queries, ensuring you can quickly access valuable information whenever needed.

  • Apply exact and partial match Options using "Is" or "Is Not", or apply "Contains" and "Does Not Contain" criteria to zero in on the information that meets your requirements.

  • Search for empty or populated values by applying the "Is not empty" and "Is empty" parameters.

  • Perform relative comparison using "Greater Than" and "Less Than" options to isolate data points that fall within specific numeric ranges.

Availability and Support

Magic Search will be available on the following pages in the Vulcan Platform:

  • All Asset tabes (Hosts, Code Projects, Websites, Images, and Cloud Resources)

  • All Vulnerability tabs (Unique Vulnerabilities, Software Clusters, and CVE Clusters)

Query Examples

Single Queries

Single queries are your straightforward, go-to tool for refining search results. With the option to choose between "Or" or "And" conditions, single queries allow you to filter your results based on a single set of criteria.

  • Use the "Or" condition to broaden your search scope and retrieve results that meet any of the specified criteria

  • Use the "And" condition to create a narrower focus by demanding all criteria to be met. This option is ideal for quick, precise searches.

For example:

Grouped Queries (Complex Queries)

Complex or grouped queries let you navigate between multiple sets of criteria, using "And" and "Or" conditions within the same search scope.

  • Create query groups (AKA, several Single Queries), each with its own rules and conditions, to perform intricate searches.

  • Perform more nuanced searches, combining various factors to uncover specific insights.

  1. Start by specifying your first condition.

  2. Click the three dots next to the condition and select "Create Group." A visual group box is created. Within the box, click the "+Add Rule" button to add more rules and conditions to this specific group query.

  3. Create your first group of conditions using either "And" or "Or". For example:

  4. To create another group, click the "+Add Rule" outside of the first group box borders.

  5. Create the second group of conditions. For example:

  6. You can keep creating as many groups as you wish.

Differences between "And" and "Or" in Grouped Queries

By default, the "And" condition is automatically selected when creating a group, but you can change it to "Or" as needed. Each logic choice leads to different search results, as illustrated below:

Using the "And" Logic

When using "And" logic to combine results between different query groups, it means that each result must meet the conditions of every query group. For example, if we are searching for vulnerabilities that contain "2022" or "OpenSSL" in their name (Query Group A) and have a CVSS score greater than 9 (Query Group B), each search result must fulfill both conditions.

Using the "Or" Logic

When using the "Or" condition to combine results between different query groups, it means that each result must satisfy the conditions in either Query Group A or Query Group B (and so on). For instance, if we want to find vulnerabilities with an Exploitable threat tag and were last seen in the past 14 days (Group Query A), and also retrieve vulnerabilities with a CVSS score greater than 9 and are patchable using the "Or" condition, each result must meet at least one of these criteria.

Parameters, Operators, and Input Type

The following tables contain the supported parameters, operators, and input type per category.

Vulnerability Parameters

Parameter

Operator

Input type

Name

  • is

  • is not

  • contains

  • does not contain

  • Free text

Source (Connector)

  • is

  • is not

  • Free text autocomplete

  • Multi-choice dropdown menu

CVE

  • is

  • is not

  • contains

  • does not contain

  • is empty

  • is not empty

  • Free text autocomplete

  • Single-choice dropdown menu

CWE

  • is

  • is not

  • contains

  • does not contain

  • is empty

  • is not empty

  • Free text

CVSS

  • is

  • is not

  • greater than

  • less than

  • is empty

  • is not empty

  • Free text

EPSS

  • is

  • is not

  • greater than

  • less than

  • is empty

  • is not empty

  • Free text

Fix Type

  • is

  • is not

  • Any fix (is not empty)

  • No Fix (is empty)

  • Free text autocomplete

  • Multi-choice dropdown menu

Patchable

  • is true

  • is false

NA

Published Date

  • between

  • before

  • after

  • In the last

  • Calendar date range selector

  • Specific date selector

  • Numeric (number of days)

Last Seen

  • between

  • before

  • after

  • In the last

  • In less than

  • Calendar date range selector

  • Specific date selector

  • Numeric (number of days)

First Seen

  • between

  • before

  • after

  • in the last

  • in less than

  • Calendar date range selector

  • Specific date selector

  • Numeric (number of days)

Modified on

  • between

  • before

  • after

  • in the last

  • in less than

  • Calendar date range selector

  • Specific date selector

  • Numeric (number of days)

Fixed On

(Fixed date as reported by the connector. Fallback: Vulcan's fix date)

  • between

  • before

  • after

  • in the last

  • Calendar date range selector

  • Specific date selector

  • Numeric (number of days)

Threats Tag

  • is

  • is not

  • contains

  • does not contain

  • is empty

  • is not empty

  • Free text autocomplete

  • Multi-choice dropdown menu

Vulnerability Tag

  • is

  • is not

  • contains

  • does not contain

  • is empty

  • is not empty

  • Free text autocomplete

  • Multi-choice dropdown menu

Affected Package

  • is

  • is not

  • Free text

Affected Vendor

  • is

  • is not

  • contains

  • does not contain

  • Free text autocomplete

  • Multi-choice dropdown menu

Status

  • is

  • is not

  • Free text autocomplete

  • Multi-choice dropdown menu

Asset Parameters

Parameter

Operator

Input type

Name

  • contains

  • does not contain

  • is

  • is not

  • is empty

  • is not empty

  • Free text

Type

  • is

  • is not

  • Free text autocomplete

  • Multi-choice dropdown menu

Connector (Source)

  • is

  • is not

  • Free text autocomplete

  • Multi-choice dropdown menu

Business Group

  • is

  • is not

  • is empty

  • is not empty

  • Free text autocomplete

  • Multi-choice dropdown menu

Asset Tag

  • is

  • is not

  • is empty

  • is not empty

  • Free text autocomplete

  • Multi-choice dropdown menu

OS

  • is

  • is not

  • Free text autocomplete

  • Multi-choice dropdown menu

OS and Version

  • is

  • is not

  • contains

  • does not contain

  • Free text autocomplete

  • Multi-choice dropdown menu

OS End of Life

  • reached

  • did not reach

  • will reach within

  • in more than

  • Numeric (number of days)

Cloud Instance ID

  • contains

  • does not contain

  • is

  • is not

  • is empty

  • is not empty

  • Free text

Last Seen

  • between

  • before

  • after

  • in the last

  • in less than

  • Calendar date range selector

  • Specific date selector

  • Numeric (number of days)

First Seen

  • between

  • before

  • after

  • in the last

  • in less than

  • Calendar date range selector

  • Specific date selector

  • Numeric (number of days)

SLA

  • Exceeding

  • Compliant

  • [exceeded] in the last

  • [exceeding] in less than

  • [exceeding] in more than

  • Numeric (number of days)

IP

  • is

  • is not

  • contains

  • does not contain

  • Numeric (IP format; x.x.x.x)

Port

  • is

  • is not

  • contains

  • does not contain

  • Numeric (range: 0-65535)

Scan Coverage

  • is true

  • is false

NA

Repo Name

  • contains

  • does not contain

  • is

  • is not

  • Free text

Dynamic property (previously known as "Ownership Property")

  • is

  • is not

  • contains

  • does not exist

  • exists

  • Free text

Risk Parameters

Parameter

Operator

Input type

Score

  • is

  • is not

  • greater than

  • less than

  • Numeric (range: 0-100)

Level

  • is

  • is not

  • Free text autocomplete

  • Multi-choice dropdown menu of risk levels (Critical, High, Medium, Low, and None)

SPR Threshold

  • above

  • below

NA

Connectors Parameters

Parameter

Operator

Input type

Tenablesc Pluginid

  • contains

  • does not contain

  • is empty

  • is not empty

  • Free text

Tenablesc Pluginid

  • contains

  • does not contain

  • is empty

  • is not empty

  • Free text

Aqua Results

  • is

  • is not

  • Results selector

HackerOne Assigned to

  • is

  • is not

  • contains

  • does not contain

  • Assignee selector

HackerOne State

  • is

  • is not

  • contains

  • does not contain

  • State selector

HackerOne Affected Asset

  • is

  • is not

  • contains

  • does not contain

  • Affected asset selector

Prismacloud Vuln. Type

  • contains

  • does not contain

  • Free text

Qualys Vuln. QID

  • is

  • is not

  • contains

  • does not contain

  • ID selector

Qualys Vuln. Type

  • contains

  • does not contain

  • Free text

AWS Account ID

  • is

  • is not

  • contains

  • does not contain

  • Account ID selector

Did this answer your question?