CloudSecurity Query Filters

This document provides details on the filters supported by each provider for each API operation. Filters can be used to restrict the results of an API operation, such as filtering by a specific field or value.

They are used in conjunction with the filter query parameter in the API request.

CrowdStrike Cloud Security filters for `query_cloud_resource_inventory`

Field	Operators	Supported Values
cloud.account.name	eq, ne, gt, gte, lt, lte, in, not_in, like, not_like	string
cloud.account.type	eq, ne, gt, gte, lt, lte, in, not_in, like, not_like	string
cloud.account.uid	eq, ne, gt, gte, lt, lte, in, not_in, like, not_like	string
cloud.provider	eq, ne, gt, gte, lt, lte, in, not_in, like, not_like	string
cloud.region	eq, ne, gt, gte, lt, lte, in, not_in, like, not_like	string
resource.name	eq, ne, gt, gte, lt, lte, in, not_in, like, not_like	string
resource.type	eq, ne, gt, gte, lt, lte, in, not_in, like, not_like	string
resource.uid	eq, ne, gt, gte, lt, lte, in, not_in, like, not_like	string

Microsoft Defender for Cloud filters for `query_cloud_resource_inventory`

Field	Operators	Supported Values

CrowdStrike Cloud Security filters for `query_compliance_findings`

Field	Operators	Supported Values
actor.authorizations.policy.is_applied	eq, ne, gt, gte, lt, lte, in, not_in, like, not_like	string
actor.authorizations.policy.name	eq, ne, gt, gte, lt, lte, in, not_in, like, not_like	string
actor.authorizations.policy.uid	eq, ne, gt, gte, lt, lte, in, not_in, like, not_like	string
cloud.account.name	eq, ne, gt, gte, lt, lte, in, not_in, like, not_like	string
cloud.account.uid	eq, ne, gt, gte, lt, lte, in, not_in, like, not_like	string
cloud.provider	eq, ne, gt, gte, lt, lte, in, not_in, like, not_like	string
cloud.region	eq, ne, gt, gte, lt, lte, in, not_in, like, not_like	string
compliance.standards	eq, ne, gt, gte, lt, lte, in, not_in, like, not_like	string
compliance.status	eq, ne, gt, gte, lt, lte, in, not_in, like, not_like	string
finding_info.title	eq, ne, gt, gte, lt, lte, in, not_in, like, not_like	string
finding_info.uid	eq, ne, gt, gte, lt, lte, in, not_in, like, not_like	string
resource.name	eq, ne, gt, gte, lt, lte, in, not_in, like, not_like	string
resource.type	eq, ne, gt, gte, lt, lte, in, not_in, like, not_like	string
resource.uid	eq, ne, gt, gte, lt, lte, in, not_in, like, not_like	string
severity	eq, ne, gt, gte, lt, lte, in, not_in, like, not_like	string
severity_id	eq, ne, gt, gte, lt, lte, in, not_in, like, not_like	string
time	gt, gte, lt, lte	datetime

Microsoft Defender for Cloud filters for `query_compliance_findings`

Field	Operators	Supported Values
compliance.control	eq	string
compliance.requirements	eq	string
compliance.standards	eq	string

CloudSecurity Query Filters

CrowdStrike Cloud Security filters for query_cloud_resource_inventory

Microsoft Defender for Cloud filters for query_cloud_resource_inventory

CrowdStrike Cloud Security filters for query_compliance_findings

Microsoft Defender for Cloud filters for query_compliance_findings

Was this helpful?

CrowdStrike Cloud Security filters for `query_cloud_resource_inventory`

Microsoft Defender for Cloud filters for `query_cloud_resource_inventory`

CrowdStrike Cloud Security filters for `query_compliance_findings`

Microsoft Defender for Cloud filters for `query_compliance_findings`