Querying with dynamic search

Use the dynamic search API to search for data that involves aggregated functions, such as COUNT, SUM, MAX, and AVG. For example, you can count the number of asset IDs per asset hostname by using the COUNT_PER function.

About this task

You can build your query on the following data sources:
  • Assets
  • Offenses
  • Vulninstances

You can add a field without a function as a simple field, or you can add a field with a function as a complex field to build columns. You can also add conditions to filter your data.

Procedure

  1. Click the Admin tab.
  2. In the Dynamic Search section, click Dynamic Search.
  3. Select a Data Source.
  4. Complete the Available Columns and Available Filters sections.
  5. To add a name, description, range of the search, retention period, or search type to your query, enable one or more Extra Search Properties.
  6. To copy your JSON script, click Generate JSON.
    Your results appear in the JSON generated by your query section. Click Copy to Clipboard to copy your JSON script.
  7. To reset your selections, click Reset.
  8. Click Run Query.

Results

The results of your query are listed in plain text or link format. For example, if you chose to query the ASSET_ID field, you can click the results to view the Asset Summary window for each asset ID.