Dashboard Toolbox - Token Use Cases

Document created by DMFezzaReed Employee on Dec 5, 2019Last modified by DMFezzaReed Employee on Dec 5, 2019
Version 3Show Document
  • View in full screen mode

Welcome to Dashboard Toolbox - Token Use Cases

 

One of the main topics of discussions I participated in while at QSC 2019 in Las Vegas was about QQL tokens, how they can be used, what is/are the limitations, etc..  In response, I am starting this page to help the community at large find answers through use cases I see, and those shared with me.

 

I've said it before, sharing is caring.  If you have a use case you would like to have added to this document, add it.  Keep the content constructive, do your best to clearly outline the use case, and provide your recommendations.  I've left a few boxes for you to fill-in should the mood sway you

 

Here we will begin to collaboratively and constructively collect a list of query format use cases that will help to improve our ability to understand when and how to leverage the tools at our disposal.  As new use cases/recommendations arise, they will be added to this page and to the scope of the technical publications when the dashboards move to GA.  dashboard_toolbox  dashboard_howto  vmdb_beta

 

Related Resource: Dashboard Toolbox - Improving Dashboard Performance through Query Formatting and Filters 

 

Qualys Support Use Case -  Does AssetView token name support contains? 

The question is that the customer would like to validate the information shown in the tag directly searching in AV. The tag customer is using works on the Asset Name tag rule engine with regex filters asset name containing VDI. The customer would like to confirm would it be possible with the current functionality of the AV token. If not, Is there any way to get such information?

Please note, searching with the below example does not yield expected results of ~1K:

  1. name:*vdi -> 0
  2. name:vdi -> 87
  3. name:vdi* -> 87

 

Qualys Response: There is no way to search for a "contains," but name should support prefix/suffix as evidenced in examples 1 and 3 above. My guess is that they don't have assets that end with "vdi" and only have 87 that begin with "vdi", but they have a bunch with "vdi" in the middle. In oder to search "contains", we'd have to have much much larger indices, and index n-grams, which we just can't do right now. 

 

Qualys Recommendation:  The tagging solution is best

 

dashboard_assetview tagging_qql

 

 

 

Customer Use Case: 

 

Customer Response:

 

Customer Recommendation:

 

 

Customer Use Case: 

 

Customer Response:

 

Customer Recommendation:

 

 

 

Customer Use Case: 

 

Customer Response:

 

Customer Recommendation:

 

 

Please feel free to comment, ask questions, and make suggestions for the content below.  DMFezzaReed will review and acknowledge both a minimum of once each week.

 

 

Back to Dashboard Toolbox - New Vulnerability Management (VM) Dashboard BETA 

Back to Dashboards and Reporting Resources - Start Here 

Attachments

    Outcomes