Vulnerabilities Query Filters
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude

This document provides details on the filters supported by each provider for each API operation. Filters can be used to restrict the results of an API operation, such as filtering by a specific field or value. If a provider or operation does not support filters, it will not be listed here.

They are used in conjunction with the filter query parameter in the API request.

CrowdStrike Falcon® Spotlight filters for `query_assets`

Field	Operators	Supported Values
device.hostname	eq	string
device.ip	eq	string
device.last_seen_time	gte, lte	datetime
device.mac	eq	string

Microsoft Defender for Endpoint filters for `query_assets`

Field	Operators	Supported Values
device.hostname	eq, ne, like, in	string
device.ip	eq, ne, in	string
device.last_seen_time	gt, gte, lt, lte	datetime
device.os.name	eq, ne, like, in	string
device.risk_level	eq, ne, in	Info, Low, Medium, High
device.uid	eq, ne, in	string
metadata.labels	eq	string
status_code	eq, ne, in	string

Nucleus VM filters for `query_assets`

Field	Operators	Supported Values
device.hostname	eq	string
device.ip	eq	string

Qualys VMDR filters for `query_assets`

Field	Operators	Supported Values
device.hostname	eq	string
device.ip	eq	string
device.last_seen_time	gte	datetime
device.mac	eq	string
device.uid	eq, in	string

Rapid7 InsightVM filters for `query_assets`

Field	Operators	Supported Values
device.hostname	eq, in	string
device.ip	eq, in	string
device.last_seen_time	gte, lte	datetime
device.mac	eq, in	string

ServiceNow Vulnerability Response filters for `query_assets`

Field	Operators	Supported Values
device.hostname	eq	string
device.ip	eq	string
device.last_seen_time	gte	datetime
device.mac	eq	string
device.name	eq	string

Tanium VM filters for `query_assets`

Field	Operators	Supported Values
device.hostname	eq, in	string
device.ip	eq, in	string
device.last_seen_time	gte	datetime
device.mac	eq, in	string

Tenable VM filters for `query_assets`

Field	Operators	Supported Values
device.hostname	eq	string
device.ip	eq	string
device.last_seen_time	gte	datetime
device.mac	eq	string

[MOCK] Qualys VMDR filters for `query_assets`

Field	Operators	Supported Values
device.hostname	eq	string
device.ip	eq	string
device.last_seen_time	gte	datetime
device.mac	eq	string

[MOCK] Rapid7 InsightVM Cloud filters for `query_assets`

Field	Operators	Supported Values
device.hostname	eq, in	string
device.ip	eq, in	string
device.last_seen_time	gte, lte	datetime
device.mac	eq, in	string

[MOCK] Tanium Vulnerability Management filters for `query_assets`

Field	Operators	Supported Values
device.hostname	eq	string
device.ip	eq	string
device.last_seen_time	gte	datetime
device.mac	eq	string

[Mock] CrowdStrike Falcon® Spotlight filters for `query_assets`

Field	Operators	Supported Values
device.hostname	eq	string
device.ip	eq	string
device.last_seen_time	gte, lte	datetime
device.mac	eq	string

Amazon Inspector filters for `query_findings`

Field	Operators	Supported Values
finding.first_seen_time	gte, lte	datetime
finding.last_seen_time	gte, lte	datetime
severity	eq, in	Critical, High, Medium, Low, Informational

CrowdStrike Falcon® Spotlight filters for `query_findings`

Field	Operators	Supported Values
finding.first_seen_time	gte, lte	datetime
finding.last_seen_time	gte, lte	datetime
severity	eq, in	critical, high, medium, low, info

Microsoft Defender for Endpoint filters for `query_findings`

Field	Operators	Supported Values
finding.desc	eq, like	string
finding.first_seen_time	gt, gte, lt, lte	datetime
finding.last_seen_time	gt, gte, lt, lte	datetime
finding.title	eq, like	string
finding.uid	eq, in, like	string
resources.name	eq, ne, like, in	string
severity	eq, ne, in	Critical, High, Medium, Low, Informational

Nucleus VM filters for `query_findings`

Field	Operators	Supported Values
resources.ip	eq	string
resources.name	eq	string
severity	eq	critical, high, medium, low, info

Qualys VMDR filters for `query_findings`

Field	Operators	Supported Values
finding.first_seen_time	gte, lte	datetime
finding.last_seen_time	gte, lte	datetime
resources.ip	eq, in	string
resources.labels	eq, in	string
severity	eq, in	critical, high, medium, low, info

Rapid7 InsightVM filters for `query_findings`

Field	Operators	Supported Values
finding.first_seen_time	gte, lte	datetime
finding.last_seen_time	gte, lte	datetime
finding.uid	eq, in, like	string
resources.ip	eq, in	string
resources.last_seen_time	gte, lte	datetime
resources.name	eq, in, like	string
severity	eq, in	critical, high, medium, low, info

ServiceNow Vulnerability Response filters for `query_findings`

Field	Operators	Supported Values
finding.first_seen_time	gte, lte	datetime
finding.last_seen_time	gte, lte	datetime
finding.uid	eq, in, like	string
resources.ip	eq, in	string
resources.last_seen_time	gte, lte	datetime
resources.mac	eq, in	string
resources.name	eq, in	string
severity	eq, in	critical, high, medium, low, info

Tanium VM filters for `query_findings`

Field	Operators	Supported Values
finding.desc	eq, like	string
finding.first_seen_time	gte, lte	datetime
finding.last_seen_time	gte, lte	datetime
finding.title	eq, like	string
finding.uid	eq, in, like	string
resources.ip	eq, in	string
resources.last_seen_time	gte	datetime
resources.mac	eq, in	string
resources.name	eq, in	string
resources.os_type	eq, in	string
severity	eq, in	critical, high, medium, low, info, unknown

Tenable VM filters for `query_findings`

Field	Operators	Supported Values
finding.first_seen_time	gte	datetime
finding.last_seen_time	gte	datetime
finding.uid	eq, in	string
severity	eq, in	critical, high, medium, low, info

[MOCK] Qualys VMDR filters for `query_findings`

Field	Operators	Supported Values
finding.first_seen_time	gte, lte	datetime
finding.last_seen_time	gte, lte	datetime
severity	eq, in	critical, high, medium, low, info

[MOCK] Rapid7 InsightVM Cloud filters for `query_findings`

Field	Operators	Supported Values
finding.first_seen_time	gte, lte	datetime
finding.last_seen_time	gte, lte	datetime
finding.uid	eq, in, like	string
resources.ip	eq, in	string
resources.last_seen_time	gte, lte	datetime
resources.name	eq, in, like	string
severity	eq, in	critical, high, medium, low, info

[MOCK] Tanium Vulnerability Management filters for `query_findings`

Field	Operators	Supported Values
finding.desc	eq, like	string
finding.first_seen_time	gte, lte	datetime
finding.last_seen_time	gte, lte	datetime
finding.title	eq, like	string
finding.uid	eq, in, like	string
resources.ip	eq, in	string
resources.last_seen_time	gte	datetime
resources.mac	eq, in	string
resources.name	eq, in	string
resources.os_type	eq, in	string
severity	eq, in	critical, high, medium, low, info, unknown

[Mock] CrowdStrike Falcon® Spotlight filters for `query_findings`

Field	Operators	Supported Values
finding.first_seen_time	gte, lte	datetime
finding.last_seen_time	gte, lte	datetime
severity	eq, in	critical, high, medium, low, info

Vulnerabilities Query FiltersCopyCopy for LLMCopy page as Markdown for LLMsView as MarkdownOpen this page as MarkdownOpen in ChatGPTGet insights from ChatGPTOpen in ClaudeGet insights from Claude

CrowdStrike Falcon® Spotlight filters for query_assets

Microsoft Defender for Endpoint filters for query_assets

Nucleus VM filters for query_assets

Qualys VMDR filters for query_assets

Rapid7 InsightVM filters for query_assets

ServiceNow Vulnerability Response filters for query_assets

Tanium VM filters for query_assets

Tenable VM filters for query_assets

[MOCK] Qualys VMDR filters for query_assets

[MOCK] Rapid7 InsightVM Cloud filters for query_assets

[MOCK] Tanium Vulnerability Management filters for query_assets

[Mock] CrowdStrike Falcon® Spotlight filters for query_assets

Amazon Inspector filters for query_findings

CrowdStrike Falcon® Spotlight filters for query_findings

Microsoft Defender for Endpoint filters for query_findings

Nucleus VM filters for query_findings

Qualys VMDR filters for query_findings

Rapid7 InsightVM filters for query_findings

ServiceNow Vulnerability Response filters for query_findings

Tanium VM filters for query_findings

Tenable VM filters for query_findings

[MOCK] Qualys VMDR filters for query_findings

[MOCK] Rapid7 InsightVM Cloud filters for query_findings

[MOCK] Tanium Vulnerability Management filters for query_findings

[Mock] CrowdStrike Falcon® Spotlight filters for query_findings

Was this helpful?