3.5. Asset QueryΒΆ
You can search for Assets in your ASGARD with the Asset Query. This allows you to write more complex queries to search for assets.
| Operator | Example |
|---|---|
| Equals | hostname = "win10-dev" |
| Equals | cpu_count = 1 |
| Contains | hostname contains "win" |
| Begins With | hostname begins with "win" |
| Ends With | hostname ends with "dev" |
| Numerical Comparison | total_memory >= 4 GB |
| Numerical Comparison | last_seen < 3 days ago (assets that have not been seen since 3 days) |
| Numerical Comparison | last_seen > 1 hour ago (assets that have been seen in the last hour) |
| Numerical Comparison | last_scan_completed < 2022-08-17 (assets that have not been scanned since 2022-08-17) |
| Numerical Comparison | last_scan_completed < 2022-08-17 15:00:00 (assets that have not been scanned since 2022-08-17 15:00:00) |
| Numerical Comparison | last_scan_completed is never |
| Boolean | is_domain_controller is true |
| Not | not hostname contains "win" |
| Not | not hostname ends with "dev" |
| And | hostname contains "win" and not hostname ends with "dev" |
| Or | hostname begins with "dev" or hostname ends with "dev" |
| Nested | hostname ends with "dev" and (hostname contains "win" or hostname contains "lin") |
| Set / Not Set | labels is set (assets that have at least one label) |
| Set / Not Set | labels is not set (assets that have no labels) |
| Regular Expression | hostname matches "^[a-z0-9]{(0,6)}$" |
| Pattern | Use _ to match any single character and % to match an arbitrary number of characters, including zero characters. |
| Pattern | arch like "a__64" (matches amd64 and arm64, but not aarch64) |
| Pattern | arch like "%64" (all 64 bit systems, e.g. amd64, arm64, aarch64 or ppc64) |
| IP Range | interfaces = "172.28.30.1/24" |
Note
Optionally: You can also create group tasks with an asset query instead of labels
The following keys for the asset query are available:
| Key | Column Name |
|---|---|
| arch | Arch |
| client | Agent Version |
| client_sc | Service Controller Version |
| first_seen | First Seen |
| fqdn | FQDN |
| hostname | Hostname |
| id | ID |
| interfaces | Network Interfaces |
| is_domain_controller | DC |
| labels | Labels |
| last_scan_completed | Last Scan Completed |
| last_seen_agent | Last Seen Agent |
| last_seen | Last Seen |
| last_seen_sc | Last Seen Service Controller |
| nextping | Fast Poll |
| ping_interval | Poll Interval |
| system | OS |
| total_memory | Total Memory |
| uptime | Uptime |
| version | OS Version |