on Jul 13, 2018Welcome to Dashboard Toolbox - Improving Dashboard Performance through Query Formatting
Here we will begin to collaboratively and constructively collect a list of query format choices that will help to improve the performance of your dashboard(s). As new recommendations arise, they will be added to this page and to the scope of the technical publications when the dashboards move to GA.
dashboard_toolbox dashboard_howto vmdb_beta
Maximum Character Limits (including alphanumeric, special characters and spaces) Added Oct 18, 2018
- Query Tokens: 256 characters
- Query String: 4096 characters
New VM Dashboard BETA Annotations, Suggestions and Recommendations
- AssetView contains NEW, ACTIVE and REOPENED vulnerabilities. The new VM Dashboard contains NEW, ACTIVE, REOPENED and FIXED vulnerabilities.
- When working in the new dashboard, one needs to stipulate which vulnerabilities.status:[NEW, ACTIVE,REOPENED,FIXED] you want to see.
- When working in the new dashboard, nesting within a query is only required for ASSET, not for VULNERABILITY.
- It's important to frequently review this page through-out the beta for the best way to format your queries: Dashboard Toolbox - Improving Dashboard Performance through Query Formatting
Query Operators
| Brackets and Parenthesis | Greater Than Greater Than or Equal | Less Than Less Than or Equal |
|---|---|---|
token:[5 .. 10] returns 5,6,7,8,9,10
token:(5 .. 10] returns,6,7,8,9, 10 | token > 5 returns 6+ token >= 5 returns 5+ | token < 5 returns 0 thru 4 token <= 5 returns 0 thru 5 |
(NO) QUOTATION MARKS New | Grave Accent (`) for Exact Match New |
|
Finding Related Items - No Quotations Marks: token:xxxxxxxx
Contains - Double Quotes: token:"xxxxxxxx"
|
token:`xxxxxx`
|
Recommended Query Formatting for Performance
| Recommendation | Instead of this... | Try this... |
|---|---|---|
| Try to reduce the use of range query, where possible | vulnerabilities.vulnerability.severity:[3..5] | vulnerabilities.vulnerability.severity:[3,4,5] |
| Try to reduce, or eliminate, the use of the NOT within the query | not vulnerability.typeDetected:Information
| vulnerability.typeDetected:[Confirmed,Potential] |
| Query for Operating System using the Asset token vs. the Vulnerability Token |
vulnerabilities.hostOS: |
operatingSystem: |
New Jul 24,2018 Query for a Date Range To query "from this point in time to now" the GT (>) sign should be used vs. ...
| To select detections within that last 90 days: lastVMScanDate:[now-90d .. now] | To select detections within that last 90 days: lastVMScanDate > now-90d
If you want to include day 90: lastVMScanDate >= now-90d |
New Jul 24,2018 Query for a Date Range To query "prior to this point in time" the LT (<) sign should be used vs. ...
| To select detections older than 90 days: lastVMScanDate:[2012-01-01 .. now-90d] | To select detections older than 90 days: lastVMScanDate < now-90d |
New Jul 24,2018 NEW VM DASHBOARD BETA VULNERABILITY query nesting within the New Vulnerability Management Dashboard BETA is no longer required. [However, nesting is still required for the ASSET query within the New Vulnerability Management Dashboard BETA] | vulnerabilities: (vulnerability.severity:[3,4,5] and typeDetected:[Confirmed]) and vulnerabilities.vulnerability.vendors.vendorName:Cisco | vulnerabilities.vulnerability.severity:[3,4,5] and vulnerabilities.typeDetected:[Confirmed] and vulnerabilities.vulnerability.vendors.vendorName:Cisco |
Please feel free to comment, ask questions, and make suggestions for content below. DMFezzaReed will review and acknowledge both a minimum of once each week.
Back to Dashboard Toolbox - New Vulnerability Management (VM) Dashboard BETA