USM Anywhere includes several filters displayed by default. These filters enable you to search for your items of interest. You can either filter your search, or enter what you are looking for in the search field, which is in the lower-left corner of the page.
You can configure more filters and change which filters display by clicking the Configure filters link, which is located in the upper-left corner of the page.
Note: Keep in mind that the "Enter search phrase" box and the "Asset Grouping" filter make the search in the asset groups. The rest of the filters make the search in the members of the asset group. So long as a member of the asset group matches the selected filter, USM Anywhere will display the asset group, even if there is only a member matching that filter.
The number between brackets displayed by each filter indicates the number of items that matches the filter. You can also use the filter controls to provide a method of organizing your search and filtered results. These are the icons next to each filter title:
|
Sort the filters alphabetically. |
|
Sort the filters by the number of items that matches them. |
In the upper-left side of the page, you can see any filters you have applied. Remove filters by clicking the icon next to the filter. Or clear all filters by clicking Reset.
Note: When applying filters, the search uses the logical AND operator if the used filters are different. However, when the filter is of the same type, the search uses the logical OR operator.
Those filters that have more than ten options include a Filter Value search field for writing text and making the search easier.
USM Anywhere enables you to toggle the mode of search. The available modes are Standard and Advanced. You can change from one mode to the other by clicking the icon or clicking the
icon located in the upper left corner of the page.
Standard Mode
This mode enables you to select one value per filter at the same time, and then the search is automatically performed. This mode is ON by default.
To activate the Standard Mode when the Advanced Mode is ON
- Go to Environment > Asset Groups.
- In the upper-left corner of the page, click the
icon.
- This turns the
icon gray.
Note: If you exit the advanced mode and the selected filters are not compatible with the Standard Mode, a warning dialog box displays to inform you the current filters will be removed.
Advanced Mode
Advanced mode enables you to select more than one value per filter at the same time. This mode is off by default.
To activate the advanced mode
- Go to Environment > Asset Groups.
- In the upper-left corner of the page, click the
icon to activate the advanced mode.
This turns the icon green.
To perform a search in the advanced mode
- Go to Environment > Asset Groups.
- In the upper-left corner of the page, click the
icon to activate the advanced mode.
- Click the filters that you want to select.
The selected filters display inside a dashed rectangle.
- In the lower-left corner of the page, click Apply Filters. Or in the upper side of the page, click Apply.
This turns the icon green.
The result of your search displays.
To search using the NOT operator
- Go to Environment > Asset Groups.
- In the upper-left corner of the page, click the
icon to activate the advanced mode.
- Click the filter that you want to exclude.
- In the filter group, click Not.
Important: This operator is not available when you have selected the title.
Note: The selected filter displays this icon and the filter chiclet is labeled in red.
To search all values of a filter
- Go to Environment > Asset Groups.
- In the upper-left corner of the page, click the
icon to activate the advanced mode.
- Select a filter title to select all filters below that title.
Searching Asset Groups by Using the Search Field
Use the search field to enter queries and refine your search. You can enter free text, use wildcards, and use advanced search syntax. When searching, keep in mind the information in this table:
Type of Query | Meaning | Example |
---|---|---|
Standard query with a blank space between terms | By default, a space between query terms is considered an implicit “OR”. | blacklist malicious |
Literal, using double quotes | Matches entries that contains the exact terms. | "blacklist malicious" |
Boolean operators, using parentheses | They are AND, OR, and NOT. Parentheses can be used to group terms for precedence. Parentheses are also used to designate subsearches. |
(http OR tcp) AND ftp |
Wildcards, asterisk (*) |
Matches any number of characters. Cannot be used at the beginning of a search query. |
instance* |
Wildcards, question mark (?) |
Matches a single letter in a specific position. Cannot be use at the beginning of a search query. |
qu?ck |
Regexp, using /expression/ |
Regular expression inside forward slash characters. A dialog box opens to confirm the search. Note: The characters ", *, ?, (, and ) are special characters included in expressions. If you want to search by these characters, you need to manually escape them by preceding them with a backslash. |
/Describe.*Instances/ |
pulse:ID | Pulses are collections of IOCs. You need to insert the word pulse followed by a colon and the pulse | pulse:59432536c1970e343ce61bf0 |
Any characters may be used in a query, but certain characters are reserved and must be escaped. The reserved characters are these:
+ - = & | > < ! { } [ ] ^ " ~ : \ /
Use a backslash (for example, "\>") to escape any reserved character (including a backslash).
To search
- Enter your query in the search field.
- Click the
icon.
If you want to search for an exact phrase having two or more words, you need to put quotation marks around the words in the phrase. This includes email addresses (for example, "bob@mycompany.com").
Note: Keep in mind that wildcard characters are considered as literals.
The result of your search displays with the items identified.
Advanced Search Filter on Asset Groups
The Advanced Search filter enables you to enter a search value on a selected field.
Filter Name | Meaning |
---|---|
Name | Filter |
Description | Filter |
UUID | Filter |
IP/CIDR | Filter |
FQDN |
Filter |
Asset Type | Filter |
Instance Type | Filter |
Region | Filter |
Operating System | Filter |
Service | Filter |
Software | Filter |
Associated Plugin | Filter |
Alarm Counter | Filter |
Event Counter | Filter |
Vulnerability Counter | Filter |
Configuration Issue Counter | Filter |
PCI Asset | Filter |
HIPAA Asset | Filter |
Custom User Fields | Filter |
Note: The result of a search when you use the Alarm Counter filter or the Event Counter filter depends on if an alarm or an event can identify the source or destination as an asset in the inventory. Your environment can have alarms or events associated with assets both included in the inventory and those not included in the inventory.
Operator | Meaning |
---|---|
> | Greater than. |
>= | Greater than or equal to. |
< | Less than. |
<= | Less than or equal to. |
Equal | Equal to. |
IP Range | Range of IP addresses. |
Is Empty | Include assets with no IP addresses. This operator is available only for IP/CIDR. |
Is Not Empty | Include assets with IP addresses. This operator is available only for IP/CIDR. |
Like | Search for the specified pattern. |
Not Equal | Not equal to. |
Not Like | Not true. |
To search
- Go to Environment > Asset Groups.
- Below Advanced Search filter, click Add Filter.
- Select a field from the drop-down list.
- Select an operator from the drop-down list.
- Enter the search value.
- Click the
icon.
- Click Add Filter if you want to add a new search.
- Click the
icon.
- Click Apply.
If you want to search for an exact phrase having two or more words, you need to put quotation marks around the words in the phrase. This includes email addresses (for example, "bob@mycompany.com").
The result of your search displays with the assets identified.