Cloud Posture offers multiple filters when
viewing rules and checks on available reporting tools.
You can view the filtered results by Rule,
Resource, or Standards or Frameworks.
Using the filter, you can take several actions such as configuring each rule
according to your requirements, resolving failures, viewing only suppressed
or unsuppressed checks, Resource id,
message, only show checks,
generating a report.
Contents 
Filter tags
Filter tags Exact Match
Enter the Filter tags to filter checks by resource tags with their exact
match.
An "exact matc"h on resource tags (key::value) means:
Procedure
- The input filter tags value matches the key of one of the resource tags of a check
- The input filter tags value matches the value of one of the resource tags of a check
- The input filter tags value matches the full string of one of the resource tags of a check
What to do next
Example: Given a check with a resource tag
environment::dev|
filterTag
|
Match
|
No match
|
|
dev
|
 |
 |
|
environment
|
|
|
|
environment::dev
|
|
|
|
Environment
|
|
|
|
DEV
|
|
|
|
envirONment::DEv
|
|
|
|
devops
|
|
|
|
environmental
|
|
|
|
environ
|
|
|
Filter tags Partial Match
Enter the filter tags to filter checks with resource tags by partial
matching.
Partial matching means checking if the input is a substring of any one of the
resource tags of a check.
Example: Given a check with a resource tag
environment::dev|
filterTag
|
Match
|
No match
|
|
dev
|
|
|
|
environment
|
|
|
|
environment::dev
|
|
|
|
Environment
|
|
|
|
DEV
|
|
|
|
envirONment::DEv
|
|
|
|
devops
|
|
|
|
environmental
|
|
|
|
environ
|
|
|
 |
NoteBoth Exact and Partial Match fields are case insensitive and you can
separate multiple search tags by adding a comma or pressing enter.
|
Resource Id syntax
Regular expression syntax
A regular
expression is a way to match patterns in data using placeholder
characters, called operators.
Cloud Posture browsers All checks uses
Apache Lucene's regular expression engine to parse these
queries.
Reserved characters
Lucene’s regular expression engine supports all Unicode characters. However, the
following characters are reserved as operators:
. ? + * | { } [ ] ( ) " \
To use one of these characters literally, escape it with a preceding backslash or
surround it with double-quotes. For example:
\@ # renders as a literal '@'
\\ # renders as a literal '\'
"john@smith.com" # renders as 'john@smith.com'
Anchor operators, such as ^ (beginning of line) or $ (end of line) are
not supported. To match a term, the regular expression must
match the entire string.
Standard operators
Lucene’s regular expression engine does not use the Perl Compatible Regular Expressions (PCRE) library, but it does
support the following standard operators.
.
Matches any character. For example:
ab. # matches 'aba', 'abb', 'abz', etc.
?
Repeat the preceding character zero or one times. Often used to make the
preceding character optional. For example:
abc? # matches 'ab' and 'abc'
+
Repeat the preceding character one or more times. For example:
ab+ # matches 'ab', 'abb', 'abbb', etc.
*
Repeat the preceding character zero or more times. For example:
ab* # matches 'a', 'ab', 'abb', 'abbb', etc.
{}
Minimum and maximum number of times the preceding character can repeat. For
example:
a{2} # matches 'aa'
a{2,4} # matches 'aa', 'aaa', and 'aaaa'
a{2,} # matches 'a` repeated two or more times
|
OR operator. The match will succeed if the longest pattern on either the left
side OR the right side matches. For example:
abc|xyz # matches 'abc' and 'xyz'
( … )
Forms a group. You can use a group to treat part of the expression as a single
character. For example:
abc(def)? # matches 'abc' and 'abcdef' but not 'abcd'
[ … ]
Match one of the characters in the brackets. For example:
[abc] # matches 'a', 'b', 'c'
Inside the brackets, - indicates a range unless - is the first character or
escaped. For example:
[a-c] # matches 'a', 'b', or 'c'
[-abc] # '-' is first character. Matches '-', 'a', 'b', or 'c'
[abc\-] # Escapes '-'. Matches 'a', 'b', 'c', or '-'
A ^ before a character in the brackets negates the character or range. For
example:
[^abc] # matches any character except 'a', 'b', or 'c'
[^a-c] # matches any character except 'a', 'b', or 'c'
[^-abc] # matches any character except '-', 'a', 'b', or 'c'
[^abc\-] # matches any character except 'a', 'b', 'c', or '-'
Wildcard syntax
Wildcard syntax supports two wildcard operators:
- '?', Question Mark : which matches any single character
- ''*'' Star : which can match zero or more characters, including an empty one Example: "sg-*" // finds all resources starting with "sg" and ending with any number of characters "sg-?s" // finds all resources starting with "sg" and ending with any one character+ the letter “s”
Only show checks
Only show checks
The Older than and Newer than range enables you to view
all checks generated for a selected number of days in the past.
- Older than X days ago: select a value to display all checks older than (before) the entered number of days from today.
- Newer than X days ago: select a value to display all checks newer than (after) the required number of days up to today.
- Older than X days ago AND Newer than X days ago: Enter values for both Older than and Newer than to display checks for the required date range i.e from the newer than to the older than date.
How it works
The filter converts the values entered in Older than and Newer
than fields to the date of check creation and assigned a status, or
the change of status from "Success" to "Failure", or from
"Failure" to "Success".
Today is the 10th November.
- If you enter "2" for Older than days ago, then
The date calculated = 2 days from today = Nov 8. And you can view all checks that
are older than (before) November 8.
- If you enter "3" for Newer than days ago, then
The date calculated = 3 days from today = Nov 7. Only checks newer than
(after)7 November upto today will display.
- If you enter values in both the fields i.e. 2 for Older than AND 3 for Newer than, then the date range to display checks will be from 7th -8th November.
|
NoteThe availability of options on filter depends on the functionality that you
are accessing.
|