Explore Search provides a high-level overview of your cloud resources based on the criteria you put in. Here's a quick example of what a typical cloud account might look like.
Use the cloud account selector to specify the scope of your search. You can select all accounts, accounts by provider or choose accounts individually. By default, all accounts are selected.
To select all accounts from a given cloud provider, perform the following steps:
To select individual cloud accounts, perform the following steps:
The search query input box presents contextual suggestions that guide you when building your searches. Let's say we want to create a search for unencrypted EC2 Volumes that are not in region us-east-1:
To easily get started with the different query types use, refer to the Example queries panel to view the supported search types and see an example of each for the different cloud providers. You can easily copy and paste a query into the input box and run it, but please keep in mind that it may or may not produce results for your organization.
Explore search supports several search types, depending on the output you can receive
The list search returns a set of result objects in a tabular format. Use it to get a list of resource types that match certain criteria.
|AWS.EC2.Instance has region = us-east-2 and pn(PublicIpAddress)||Get a list of EC2 Instances from a specific region that have a Public IP Address property configured.|
The aggregation search counts the number of results of a list search based on a tag or property and provides the number of results for each of the values of the aggregation property or tag.
|AWS.EC2.Instance has pn(PublicIpAddress) count(region)||Count the number of EC2 Instances with a Public IP Address in each region|
The relationship search displays the relationship between resource types and lets you understand the security impact in the context of the related objects.
|AWS.IAM.User → AWS.IAM.AccessKey HAS AccessKeyLastUsedDate ⇐ monthsAgo(1)||Users with access keys that haven't been used in the last month|
|AWS.IAM.User !-> AWS.IAM.AccessKey||Find IAM Users without an access key|
Note: To run a relationship search, you need to select a single account.
The global text search tries to match the query keyword to all property names, property values, tag names and tag values. It returns partial matches, unless the keyword has been surrounded by double quotes. For example:
Different result views are supported based on the search type.
The list view presents data in a tabular format. It is used to display the results of list, aggregation and global text searches. Click on the double arrow in the first column to see additional information about the result:
For list searches you can also modify the visible columns from the column chooser in the bottom left section of the grid. The exact set of columns for list searches is dynamically adjusted based on the filter criteria. Both with list and aggregation searches, you can export the search results to CSV.
The graph view is available for both list and relationship searches. It presents results as chains of connected objects. The graph view is a powerful exploration tool that supports the following capabilities:
Resource models provide a more intuitive, visual way to understand what resources, properties, and values are available in Explore Search. You can use resource models to:
To get started, select Resource models from the Explore page. Select any provider and service to start exploring available resources. You can click the Show resource count in your inventory checkbox in the upper right corner at any time to see how many of a given entity are in your organization.
Use these directions to build a query for a property or tag through resource models:
From the Explore page, select Resource models.
Choose a provider from the list on the left.
Select the service you'd like to build a query for.
Choose a property or tag, then select one of the following options as available:
You can add more properties, values, and tags if necessary. The updated query should appear in your search bar each time you select Add to query (note that it also appends to your browser URL).
You can also use resource models to create a relationship query between multiple resources. Follow these directions to build a sample query for EC2 instances with active security group rules:
Your final query should be AWS.EC2.Instance → AWS.EC2.SecurityGroup → AWS.EC2.SecurityGroupRule. You can run this query as-is, or you can navigate to the AWS.EC2.SecurityGroupRule details page to add specific properties and values to query rules for specific ports, IP addresses, and so on. More relationships, properties, and tags can be added to any query by following these guides and making your own selections based on what you want to find.
There are several ways to clear your data while building a query, or after running one:
You can use the saved searches functionality to easily run a search query has been created and saved by you or another member of your organization. Saved searches can be either personal (visible only for their creator) or shared (visible for all users in the organization)
To access the list of saved searches available for you, navigate to the three-dot menu next to the "Save" button and choose the "See all saved searches" option. You will be able to see both personal and shared searches.
To run a saved search, simply click on the name of the search from the list. It will be executed against the cloud account used when saving the search.
To create a saved search, perform the following steps:
Note: If you save the query in the organization scope:
To modify a saved search just click on the editing icon from the list of saved searches. Please note that:
To delete a saved search, use the bin icon. Permissions for deleting saved searches are the same as for modification. The operation cannot be reversed.