Fields¶
These elements stand for a context-specific chunk of information in the database; they narrow down the search results. There are four types of field elements: CVEMatch, firmware, issue, and file.
For example, to search for all issues that have a high severity field, use:
Different field types have different types of information stored in the system. For example, firmware related items do not have a severity field, so the above query would be invalid for a firmware-related search, and would result in an error.
Info
The field element must be followed by a compatible operator, which in turn defines the value type. For example, the CONTAINS operator can only be preceded by a vector field and the type of the value has to match the vector's type.
List of fields¶
CVEMatch¶
| Field name | Type |
|---|---|
| component.key | String |
| component.licenseExplanation | String |
| component.name | String |
| component.tags (vector field) |
Symbol (CRYPTOGRAPHY,BOOTLOADER,OS,JAR,JAVASCRIPT,PYTHON,GO,DISTRIBUTION,LIBRARY,AUTOSAR) |
| component.update | String |
| component.version | String |
| cve.cvss2.baseScore | Float |
| cve.cvss2.exploitabilityScore | Float |
| cve.cvss2.impactScore | Float |
| cve.cvss2.vector | String |
| cve.cvss3.baseScore | Float |
| cve.cvss3.exploitabilityScore | Float |
| cve.cvss3.impactScore | Float |
| cve.cvss3.vector | String |
| cve.description | String |
| cve.epssPercentile | Float |
| cve.epssProbability | Float |
| cve.exploitMaturity | Symbol (HIGH, FUNCTIONAL, POC, NOT_DEFINED, UNPROVEN) |
| cve.id | String |
| cve.name | String |
| cve.references.name | String |
| cve.references.source | String |
| cve.references.tags (vector field) |
String |
| cve.references.url | String |
| cve.severity | Symbol (CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL) |
| id | UUID |
| score | Integer |
| stableKey | String |
| status | Symbol (ACCEPTED_RISK, DEFERRED, FALSE_POSITIVE, FIXED, FOCUS, NONE) |
Firmware¶
| Field name | Type |
|---|---|
| binary.md5 | String |
| binary.originalFilename | String |
| binary.sha1 | String |
| binary.sha256 | String |
| binary.uploadSize | Integer |
| enableMonitoring | Boolean |
| id | UUID |
| labels (vector field) |
String |
| name | String |
| notes | String |
| product.category | String |
| product.id | UUID |
| product.name | String |
| product.vendor | String |
| uploader | String |
| version | String |
Issue¶
| Field name | Type |
|---|---|
| certificate.fingerprintSha1 | String |
| certificate.fingerprintSha256 | String |
| certificate.issuer | String |
| certificate.signatureAlgorithmOid | String |
| certificate.subject | String |
| commands (vector field) |
String |
| confidence | Symbol (HIGH, MODERATE, LOW) |
| credentialType | Symbol (AWS_CREDENTIALS,CURL_COMMAND,JSON_FILE,OPENSSL_COMMAND,PYTHON_FILE,SSHPASS_COMMAND,WGETRC_FILE,WGET_COMMAND,BASIC_AUTH) |
| description | String |
| error | String |
| exponent | Integer |
| file.category | String |
| file.magic | String |
| file.magicMime | String |
| file.md5 | String |
| file.meanEntropy | Float |
| file.name | String |
| file.path | String |
| file.sha1 | String |
| file.sha256 | String |
| file.size | Integer |
| file.stableKey | String |
| file.target | String |
| hash | String |
| hashType | Symbol (APACHE_MD5, DES_CRYPT, MD5_CRYPT, SHA256_CRYPT, SHA512_CRYPT) |
| host | String |
| hosts (vector field) |
String |
| id | UUID |
| info | String |
| keyLength | Integer |
| keyType | String |
| line | String |
| md5Fingerprint | String |
| missmatchType | Symbol (PUBKEY_CHANGED, RENEWED, SIGNATURE_CHANGED, UNKNOWN) |
| name | String |
| originalFilename | String |
| password | String |
| passwordType | Symbol (CHPASSWD_COMMAND, EMPTY_PASSWORD, HASHED_PASSWORD, HTACCESS_FILE) |
| privateKey.keySize | Integer |
| privateKey.keyType | String |
| privateKey.publicKey | String |
| privateKey.sshFingerprintMd5 | String |
| privateKey.sshFingerprintSha256 | String |
| privateKey.sshPublicKey | String |
| severity | Symbol (CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL) |
| sha256Fingerprint | String |
| signatureName | String |
| signatureOid | String |
| stableKey | String |
| status | Symbol (ACCEPTED_RISK, DEFERRED, FALSE_POSITIVE, FIXED, FOCUS, NONE) |
| targetUsers (vector field) |
String |
| type | Symbol (AndroidConfigurationPropertyIssue,AuthorizedKeyIssue,BinaryStartDangerousServiceIssue,CertificateCAVerificationFailedIssue,CertificateExpiredIssue,CertificateKeyLengthIssue,CertificateRSAPublicExponentIssue,CertificateSignatureIssue,CertificateTrustedCAMissmatchIssue,CertificateVerificationFailedIssue,CertificateVersionIssue,CodeInjectionIssue,CommandInjectionIssue,CustomIssue,DropbearCLIArgumentIssue,ELFMissingCanaryIssue,ELFMissingFullRelROIssue,ELFMissingNXIssue,ELFNonPICIssue,ELFNonStrippedIssue,FileInclusionIssue,FormatStringIssue,HardcodedAccountPasswordIssue,HardcodedCredentialIssue,HardcodedPrivateKeyCertificateIssue,HardcodedSSHHostKeyIssue,HeaderInjectionIssue,InformationLeakageDSStoreIssue,InformationLeakagePHPInfoIssue,InformationLeakageSVNIssue,InformationLeakageVIMSwapIssue,InsecureDeserializationIssue,InsecureManagementProtocolIssue,InvalidCertificateIssue,LooseEqualityIssue,MaliciousSoftwareIssue,MissingPeerVerificationIssue,ObjectInstantiationIssue,ObsoleteProtocolIssue,OpenSSHDaemonOptionIssue,PathTraversalIssue,PlaintextCommunicationIssue,PrivateKeyIssue,PrivilegeEscalationIssue,ScriptMissingPeerVerificationIssue,ScriptPlaintextCommunicationIssue,SQLInjectionIssue,StackBufferOverflowIssue,StartDangerousServiceIssue,TestIssue,UnwantedSoftwareIssue,VulnerabilityPatternIssue,WeakCipherIssue,WeakCryptoIssue) |
| user | String |
| users (vector field) |
String |
| verificationError | Symbol (AKID_ISSUER_SERIAL_MISMATCH,AKID_SKID_MISMATCH,CHAIN_TOO_LONG,DIFFERENT_CRL_SCOPE,EXCLUDED_VIOLATION,EXPIRED,INVALID_CA,INVALID_EXTENSION,INVALID_NON_CA,INVALID_POLICY_EXTENSION,KEYUSAGE_NO_CERTSIGN,KEYUSAGE_NO_CRL_SIGN,KEYUSAGE_NO_DIGITAL_SIGNATURE,LOCAL_VERIFED,MISSING_ISSUER,MISSING_NOT_AFTER,MISSING_NOT_BEFORE,NO_EXPLICIT_POLICY,PERMITTED_VIOLATION,PROXY_CERTIFICATES_NOT_ALLOWED,PROXY_PATH_LENGTH_EXCEEDED,SELF_SIGNED,SIGNATURE_FAILURE,SUBJECT_ISSUER_MISMATCH,SUBTREE_MINMAX,UNABLE_TO_GET_CRL_ISSUER,UNHANDLED_CRITICAL_CRL_EXTENSION,UNHANDLED_CRITICAL_EXTENSION,UNKNOWN_ISSUER,UNNESTED_RESOURCE,UNSUPPORTED_EXTENSION_FEATURE) |
| version | String |
| vimVersion | String |
File¶
| Field name | Type |
|---|---|
| category | String |
| elf.bits | Integer |
| elf.canary | Boolean |
| elf.compiler | String |
| elf.cpuFamily | String |
| elf.endian | Symbol (BIG, LITTLE) |
| elf.interpreter | String |
| elf.loadAddress | Integer |
| elf.machine | String |
| elf.neededLibraries (vector field) |
String |
| elf.nx | Boolean |
| elf.pic | Boolean |
| elf.relro | Symbol (FULL, PARTIAL, NO) |
| elf.rpath | String |
| elf.static | Boolean |
| elf.stripped | Boolean |
| entropy.blockSize | Integer |
| entropy.highest | Float |
| entropy.lowest | Float |
| entropy.mean | Float |
| magic | String |
| magicMime | String |
| md5 | String |
| meanEntropy | Float |
| name | String |
| path | String |
| sha1 | String |
| sha256 | String |
| size | Integer |
| stableKey | String |
| target | String |