TOC & Recently Viewed

Recently Viewed Topics

Queries

The queries screen displays a list of queries available for use. The information provided includes Name, Type, Group, Owner, and the Last Modified time. Utilizing the filters the list may be narrowed by any of the provided columns except Last Modified and may additionally be filtered by the user’s access to the filter. The number next to the filter icon indicates how many filters are currently applied to the list.

Clicking Add in the top right will open a screen to allow for creating a new Query. Queries may be created for Vulnerabilities, Events, Mobile, Users, Tickets, or Alerts. The available Tools and Filters will adjust based on the type of Query being added.

Clicking on the Query Name will display an edit screen, if sufficient permissions exist, and allow for modifying the selected query.

Query Options

Queries provide the ability to save custom views of vulnerability, event, ticket, user, and alert data for repeated access. For building queries against the Vulnerability, Event, and Mobile data types, see their previous sections for details on the filter options. Building User, Ticket, and Alert queries are described in the following tables.

Option Description

Name

The name used to describe the query.

Description

Descriptive text for the query.

Tag A logical grouping for created asset objects. This reduces lengthy lists of assets with no logical grouping. Tags can be reused as desired and previously created tags will display in the tag field when subsequent assets are added. Objects shared with new users will retain the tag specified by the creator.

Type

This option specifies whether the query will use vulnerability, mobile, event, ticket, user, or alert data.

Ticket queries are a useful way of determining what tickets to alert against. For example, if you want to be alerted when a user named Joe is assigned a ticket, you could create a query with a ticket filter based on the Assignee value of “Joe”. You could then create an alert to email you when Joe was assigned a ticket. The table below contains a list of the ticket query options.

Option Description

Analysis Tool Filter

Analysis Tool

Chooses the analysis tool used by the query.

Ticket Filters

Name

Ticket name to filter against

Status

Ticket status to filter against.

Classification

The ticket classification to filter against.

Owner

The manager (owner) of the ticket assignee.

Assignee

The ticket assignee to filter against.

Created Timeframe

Ticket creation date/time to filter against. Either specify an explicit timeframe, including the start and end time or choose one of the predefined periods (e.g., last 15 minutes, last hour, etc.)

Assigned Timeframe

Ticket assigned date/time to filter against. Either specify an explicit timeframe, including the start and end time or choose one of the predefined periods (e.g., last 15 minutes, last hour, etc.)

Modified Timeframe

Ticket modified date/time to filter against. Either specify an explicit timeframe, including the start and end time or choose one of the predefined periods (e.g., last 15 minutes, last hour, etc.)

Resolved Timeframe

Ticket resolution date/time to filter against. Either specify an explicit timeframe, including the start and end time or choose one of the predefined periods (e.g., last 15 minutes, last hour, etc.)

Closed Timeframe

Ticket closed date/time to filter against. Either specify an explicit timeframe, including the start and end time or choose one of the predefined periods (e.g., last 15 minutes, last hour, etc.)

User queries are useful for reporting, dashboards and alerts based on user actions. For example, it can be used for tracking and alerting on user logins and locked accounts. It could also be used to track user logins from accounts not authorized on the monitored systems.

Option Description

Analysis Tool Filter

Analysis Tool

Chooses the analysis tool used by the query.

User Filters

First Name

User first name to filter against.

Last Name

User last name to filter against.

Username

Actual username to filter against.

Group

Filter against the group the user(s) belong to.

Role

Filters against users who have the specified role.

Email

Filters against users based on their email address.

Last Login Timeframe

Filters against users whose last login was that the timeframe specified. Either specify an explicit timeframe, including the start and end time or choose one of the predefined periods (e.g., last 15 minutes, last hour, etc.).

Account State

Filters against the user account state (locked vs. unlocked).

The Alert query is useful for reporting, dashboards and alerting when an alert has triggered. This is useful for situations where a report, dashboard element or conditional alert is required after the specified alert filter conditions have been met. For example, a daily report could be scheduled containing a query of all active alerts and their details.

Option Description

Analysis Tool Filter

Analysis Tool

Chooses the analysis tool used by the filter.

Alert Filters

Name

Filter against alerts with the specified name.

Description

Filter against alerts with the specified description.

State

Choose from “All”, “Triggered”, or “Not Triggered”.

Created Timeframe

Filters against the alert creation timeframe specified. Either specify an explicit timeframe, including the start and end time or choose one of the predefined periods (e.g., last 15 minutes, last hour, etc.).

Modified Timeframe

Filters against the most recent alert modification timeframe specified. Either specify an explicit timeframe, including the start and end time or choose one of the predefined periods (e.g., last 15 minutes, last hour, etc.).

Last Triggered Timeframe

Filters against the most recent alert trigger timeframe specified. Either specify an explicit timeframe, including the start and end time or choose one of the predefined periods (e.g., last 15 minutes, last hour, etc.).

Last Evaluated Timeframe

Filters against the most recent alert evaluation timeframe specified. Either specify an explicit timeframe, including the start and end time or choose one of the predefined periods (e.g., last 15 minutes, last hour, etc.).

Copyright 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.