Scope and Filter Language
- 09 Apr 2024
- Print
- DarkLight
- PDF
Scope and Filter Language
- Updated on 09 Apr 2024
- Print
- DarkLight
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
Overview
Scopes and Filters are the backbone of Seemplicity's Platform. To make it easier to set them up, review the possible fields, conditions, and their values in the tables below.
NOTE
The Like condition checks if the written string is present in a string at any position.
Adding an asterisk (*) before or after a string creates a wildcard pattern match. The asterisk can be any string of characters and the string it adjoins must be as written in the search. For example,
- XXX* will begin with XXX and end with any other characters.
- A string where the asterisk is at the start, will end with XXX.
- A string that includes asterisks on both sides will include the string somewhere in the middle with any other combination of characters on both sides.
You can create an OverlapLike list that looks at two lists and checks whether some items match based on the like condition above. For example, entering *application:iris will require that the string will end with "iris".
Scope Options
Main
| Field | Conditions | Values |
|---|---|---|
| Cloud Provider | Like, Not Like, =, != | AWS, AZURE, Code Repository, Datacenter, GCP, Manual, auto-populates* |
| Cloud Account | Like, Not Like, =, != | auto-populates* as a series of numbers |
| Resource Name | Like, Not Like, =, != | auto-populates* |
| Resource Type | Like, Not Like, =, != | ACCESS_ROLE, ACM, API_GATEWAY, API_GATEWAY_ENDPOINT, ASSET, BUCKET, CERTIFICATE, CLOUDTRAIL, CLOUD_LOG_CONFIGURATION, COMPUTE_INSTANCE_GROUP, CONTAINER, CONTAINER_IMAGE, CONTAINER_REGISTRY, CONTAINER_SERVICE, CloudAccount, CloudFormation, CloudFront, CloudTrail, Computers, Config, DATABASE, DB/EU, DEPENDENCY_FILE, DEPLOYMENT, DISK, DOMAIN, Domain, EC2, ELBv2, ENCRYPTION_KEY, FIREWALL, FIREWALL_RULE, FUNCTION, GATEWAY, GLUE_DATA_CATALOG, GcpGkeCluster, Handhelds, IAM, IAM_GROUP, IAM_POLICY, K8sDaemonSet, KEY_VAULT, KMS, KUBERNETES_CLUSTER, KUBERNETES_NODE, LOAD_BALANCER, MESSAGING_SERVICE, NETWORK_INTERFACE, NewDomain, Other, ROLE_ASSIGNMENT, Route53, S3, SECURITY_GROUP, SERVERLESS, SERVICE_ACCOUNT, SES, SNAPSHOT, SNS, SOURCE_CODE_FILE, STORAGE_ACCOUNT, SUBNET, SUBSCRIPTION, Simulator, Subdomain, Subscription |
| Tags Key Values | Like, Not Like, Like*, I-Like, Not I-Like | auto-populates* |
| Tags | =, !=, Like, Not Like, I-Like, Not I-Like | All Hosts, All Linux, Amazon, Billing, CentOS Linux, CentOS Linux 7.9.2009, Chromiumos, CloudGoat, CloudOps, CloudOpsTools, Computers, Core (SQL), Automation, AWS, containerImage, auto-populates* |
Filter Options
Status
In addition to default values, you can add customized status fields: Go to Settings > Risk Customization - Sub-Statuses.
| Field | Conditions | Value | Sub-values |
|---|---|---|---|
| Status | = | Fixed | Resolved |
| Ignored | False positive, Inactive, Blocked, Exception | ||
| Open | New, Reviewed |
Main
| Field | Conditions | Values |
|---|---|---|
| Age | < | 7 Days, 30 Days, 90 Days, Custom |
| Category | Like, Not Like, = != | APPSEC, CSPM, DSPM, VM |
| Discovered Time | =, Before, After | Today, Last 7 Days, Last 30 Days, Last 90 Days, Custom |
| Is Aggregated | = | T/F |
| Last Reported Time | =, Before, After | Last 7 Days, Last 30 Days, Last 90 Days, Custom |
| Original Score | =, !=, <, <=, >, >= | Enter value |
| Original Severity | =, != | CRITICAL, HIGH, LOW, MEDIUM, MODERATE, NONE, UNKNOWN, +user-created values |
| Original Status | =, != | CONFIRMED, DETECTED, DISMISSED, +user-created values |
| Priority | =, != | auto-populates*, (default) P0-P5 |
| Score | =, <, <=, >, >= | Enter value |
| SLA | =, != | No Due Date, In Time, Due Soon, Overdue |
| SLA Remaining Time | <, <=, >, >= | 7 Days, 30 Days, 90 Days, Custom Days |
| Source | =, != | auto-populates* |
| Sub Category | Like, Not Like, =, != | Authentication, Best practices, Brute force, CVE-2002-1976, CVE-2004-0230, CVE-2004-0971, CVE-2005-0406 |
| Title | Like, Not Like | Enter value |
Ticket
| Field | Value | Conditions | Sub-values |
|---|---|---|---|
| Ticket | Ticket Due Date Status | =, != | No Ticket Due Date, Upcoming, Past Due |
| Ticket External Id | Like, Not Like | Enter value | |
| Ticket Status | =, != | Backlog, Scheduled, In Progress, Done, Rejected |
Package
| Field | Value | Conditions | Sub-values |
|---|---|---|---|
| Package | Fixed Versions | =, != | auto-populates* |
| Package | =, !=, Like, Not Like | auto-populates* | |
| Package Version | Like, Not Like | Enter value | |
| Vulnerable Versions | =, != | auto-populates* |
Vulnerability
| Field | Value | Conditions | Sub-values |
|---|---|---|---|
| Vulnerability | CISA KEV | =, != | T/F |
| CVE | Like, Not Like | Enter value | |
| CVSS V2 Store | =, !=, <, <=, >, >= | Enter value | |
| CVSS V2 Temporal Score | =, !=, <, <=, >, >= | Enter value | |
| CVSS V3 Score | =, !=, <, <=, >, >= | Enter value | |
| CVSS V3 Vector | Like, Not Like | Enter value | |
| CWE | Like, Not Like | Enter value | |
| EPSS Percentile | <, <=, >, >= | Enter value | |
| Exploit Maturity | =, != | Exploitable, Exploited in the Wild, POC, Unknown | |
| RCE | = | T/F | |
| VulnCheck KEV | =, != | T/F |
Additional Data
| Field | Value | Conditions | Sub-values |
|---|---|---|---|
| Additional Data | Has Scoring Rule | = | T/F |
| Is Fixable | =, != | T/F | |
| Is Public | =, != | T/F | |
| Operating System | =, !=, Like, Not Like | auto-populates* | |
| Original Finding ID | =, Like, Not Like | auto-populates* | |
| Plugin Text | Like | Enter value | |
| Resource Count | =, !=, <, <=, >, >= | Enter value | |
| Result | =, != | auto-populates* | |
| Score Manual Override | + | T/F |
NOTE
- Values you've added during the customization of your integration setup auto-populate after entering three characters (e.g. aft, not af), in addition to default values provided by Seemplicity.