-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
4 changed files
with
16 additions
and
334 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -6,354 +6,36 @@ description: Search for assets in your Mondoo inventory | |
| image: /img/featured_img/mondoo-feature.jpg | ||
| --- | ||
|
|
||
| You can quickly search an entire organization from the Mondoo Console's top navigation bar. Find assets by name, platform, and more. | ||
| You can quickly search an entire organization from the Mondoo Console's top navigation bar. Full-text search allows you to find a text string in every asset name, resource, and field where it occurs. | ||
|
|
||
| Mondoo's inventory search is straightforward but powerful. Specialized search predicates that are unique to Mondoo provide capabilities beyond a simple text search. | ||
| Examples: | ||
|
|
||
| - Searching for the Google Cloud project ID `luna-discovery` can return not only the project asset itself but also storage buckets with that project ID and a Terraform file with the name `luna-discovery-backend`. | ||
|
|
||
| - You can search for `[email protected]` to see all assets in your organization that contain Stella's email in any resource field. | ||
|
|
||
| - Search for `terraform` across an entire organization to find all Terraform assets in all spaces in the organization. | ||
|
|
||
| ## Search for assets | ||
|
|
||
| 1. In the Mondoo Console, [navigate](/platform/start/navigate/) to the organization or space where you want to search. | ||
|
|
||
| 2. Locate the search box in the top-left corner of the Mondoo Console. | ||
| 2. Locate the search box in the top-right corner of the Mondoo Console. | ||
|
|
||
|  | ||
|
|
||
| 3. Enter search parameters in the search box and press **Enter**. To learn about search syntax and capabilities, read the section below. | ||
|
|
||
|  | ||
| 3. Enter search parameters in the search box and press **Enter**. | ||
|
|
||
| 4. Use the drop-down in the top-right corner to change the scope of the search: | ||
|
|
||
| - To limit your search to the current space, select **IN SPACE**. (This option is available only if you're currently working in a space.) | ||
|  | ||
|
|
||
| - To limit your search to the current space, select **Search in Space**. (This option is available only if you're currently working in a space.) | ||
|
|
||
| - To extend your search to the entire current organization, select **IN ORGANIZATION**. | ||
| - To extend your search to the entire current organization, select **Search in Organization**. | ||
|
|
||
| 5. From the results list, select the asset you want to view. | ||
|
|
||
| To cancel the search, press **Esc** or select the **x** on the right side of the search box. | ||
|
|
||
| ## Mondoo inventory search syntax and predicates | ||
|
|
||
| Mondoo search supports text matching, partial text matching, and Boolean operators. It includes specialized predicates to help you refine your search. | ||
|
|
||
| ### Text matching and partial matching | ||
|
|
||
| Enter a number or word to find assets with names containing that number or word. Text search is not case sensitive. | ||
|
|
||
| For example, if you search for `luna`, the results include assets named: | ||
|
|
||
| - gcr.io/luna-store/currencyservice@bd0fa063169b | ||
|
|
||
| - AltaLuna44005 | ||
|
|
||
| - AWS Account lunalectric-prod (69892234400) | ||
|
|
||
| Enter multiple words and/or numbers separated by a space to find assets with names containing both. | ||
|
|
||
| For example, if you search for `luna AWS`, the results include assets named: | ||
|
|
||
| - AltaLuna44005AWS4 | ||
|
|
||
| - AWS Account lunalectric-prod (69892234400) | ||
|
|
||
| - 11440075 Calluna AWS | ||
|
|
||
| Mondoo treats the aws in the search text as a Boolean AND. If you prefer, you can type `luna AND aws` for the same result. | ||
|
|
||
| Mondoo also supports the OR operator. The search `luna OR aws` returns assets named: | ||
|
|
||
| - AltaLuna44005AWS4 | ||
|
|
||
| - AWS Account lunalectric-prod (69892234400) | ||
|
|
||
| - 11440075 Calluna AWS | ||
|
|
||
| - lunalectric-gke-001 | ||
|
|
||
| - AWS Account marsrover-prod (69892234499) | ||
|
|
||
| For a text match that includes a space, put the search terms in quotes: Of the results above, only `11440075 Calluna AWS` shows up in a search for `"luna aws"`. | ||
|
|
||
| ### Specialized predicates | ||
|
|
||
| By default, Mondoo searches based on the asset name. However, Mondoo's specialized search predicates let you target a different attribute, such as hostname or annotation. For example, enter `platform:redhat` to find all Red Hat assets. | ||
|
|
||
| Mondoo supports these search predicates: | ||
|
|
||
| - [`platform`](#platform) | ||
|
|
||
| - [`kind`](#kind) | ||
|
|
||
| - [`annotation`](#annotation) | ||
|
|
||
| - [`name`](#name) | ||
|
|
||
| #### platform | ||
|
|
||
| The `platform` predicate lets you limit search results by the asset platform. For example, enter `platform:windows` to find Windows assets. | ||
|
|
||
| The Boolean operators, text matching, and partial text matching guidelines described above apply to the `platform` predicate. For example: | ||
|
|
||
| - `platform:win` finds Windows assets. | ||
|
|
||
| - `platform:k8s` finds assets with the `platform` value `k8s-node`, `k8s-pod`, `k8s-admission`, and so on. | ||
|
|
||
| - `platform:alpine OR amazonlinux` finds assets that have either `alpine` or `amazonlinux` as their `platform` value. | ||
|
|
||
| <details> | ||
| <summary>Show or hide a list of <code>platform</code> values.</summary> | ||
|
|
||
| - `alpine` | ||
|
|
||
| - `amazonlinux` | ||
|
|
||
| - `arch` | ||
|
|
||
| - `arista-eos` | ||
|
|
||
| - `aws` | ||
|
|
||
| - `aws-cloudtrail-trail` | ||
|
|
||
| - `aws-cloudwatch-loggroup` | ||
|
|
||
| - `aws-dynamodb-table` | ||
|
|
||
| - `aws-ebs-snapshot` | ||
|
|
||
| - `aws-ebs-volume` | ||
|
|
||
| - `aws-ecs-instance` | ||
|
|
||
| - `aws-iam-group` | ||
|
|
||
| - `aws-iam-user` | ||
|
|
||
| - `aws-kms-key` | ||
|
|
||
| - `aws-lambda-function` | ||
|
|
||
| - `aws-rds-dbinstance` | ||
|
|
||
| - `aws-rds-dbcluster` | ||
|
|
||
| - `aws-s3-bucket` | ||
|
|
||
| - `aws-security-group` | ||
|
|
||
| - `aws-vpc` | ||
|
|
||
| - `azure` | ||
|
|
||
| - `azure-compute-vm` | ||
|
|
||
| - `azure-mysql-server` | ||
|
|
||
| - `azure-network-security-group` | ||
|
|
||
| - `busybox` | ||
|
|
||
| - `centos` | ||
|
|
||
| - `clear-linux-os` | ||
|
|
||
| - `cloudlinux` | ||
|
|
||
| - `cos` | ||
|
|
||
| - `debian` | ||
|
|
||
| - `docker-image` | ||
|
|
||
| - `euleros` | ||
|
|
||
| - `fedora` | ||
|
|
||
| - `gcp-bigquery-dataset` | ||
|
|
||
| - `gcp-compute-firewall` | ||
|
|
||
| - `gcp-compute-image` | ||
|
|
||
| - `gcp-compute-instance` | ||
|
|
||
| - `gcp-compute-network` | ||
|
|
||
| - `gcp-compute-subnetwork` | ||
|
|
||
| - `gcp-folder` | ||
|
|
||
| - `gcp-gke-cluster` | ||
|
|
||
| - `gcp-org` | ||
|
|
||
| - `gcp-organization` | ||
|
|
||
| - `gcp-project` | ||
|
|
||
| - `gcp-storage-bucket` | ||
|
|
||
| - `gentoo` | ||
|
|
||
| - `github-org` | ||
|
|
||
| - `github-repo` | ||
|
|
||
| - `github-user` | ||
|
|
||
| - `gitlab` | ||
|
|
||
| - `google-workspace` | ||
|
|
||
| - `k8s-admission` | ||
|
|
||
| - `k8s-cluster` | ||
|
|
||
| - `k8s-cronjob` | ||
|
|
||
| - `k8s-daemonset` | ||
|
|
||
| - `k8s-deployment` | ||
|
|
||
| - `k8s-ingress` | ||
|
|
||
| - `k8s-job` | ||
|
|
||
| - `k8s-manifest` | ||
|
|
||
| - `k8s-namespace` | ||
|
|
||
| - `k8s-node` | ||
|
|
||
| - `k8s-pod` | ||
|
|
||
| - `k8s-replicaset` | ||
|
|
||
| - `k8s-statefulset` | ||
|
|
||
| - `kali` | ||
|
|
||
| - `linuxmint` | ||
|
|
||
| - `macos` | ||
|
|
||
| - `manjaro-arm` | ||
|
|
||
| - `mariner` | ||
|
|
||
| - `microsoft365` | ||
|
|
||
| - `oci` | ||
|
|
||
| - `okta-org` | ||
|
|
||
| - `opensuse-leap` | ||
|
|
||
| - `oraclelinux` | ||
|
|
||
| - `parrot` | ||
|
|
||
| - `photon` | ||
|
|
||
| - `pop` | ||
|
|
||
| - `raspbian` | ||
|
|
||
| - `redhat` | ||
|
|
||
| - `rhcos` | ||
|
|
||
| - `rockylinux` | ||
|
|
||
| - `scratch` | ||
|
|
||
| - `slack-team` | ||
|
|
||
| - `sles` | ||
|
|
||
| - `terraform-hcl` | ||
|
|
||
| - `terraform-plan` | ||
|
|
||
| - `terraform-state` | ||
|
|
||
| - `ubuntu` | ||
|
|
||
| - `vmware-esxi` | ||
|
|
||
| - `vmware-vsphere` | ||
|
|
||
| - `windows` | ||
|
|
||
| If you need to search for a platform that you don't see in this list, please ask us about it in the [Mondoo Community Slack Channel](https://mondoo.link/slack). | ||
|
|
||
| </details> | ||
|
|
||
| #### kind | ||
|
|
||
| The `kind` predicate lets you limit search results by their type or kind, which is a categorization unique to Mondoo. | ||
|
|
||
| <details> | ||
| <summary>Show or hide a list of <code>kind</code> values.</summary> | ||
|
|
||
| - `api` | ||
|
|
||
| - `aws_object` | ||
|
|
||
| - `azure_object` | ||
|
|
||
| - `bare_metal` | ||
|
|
||
| - `code` | ||
|
|
||
| - `container` | ||
|
|
||
| - `container_image` | ||
|
|
||
| - `gcp_object` | ||
|
|
||
| - `k8s_object` | ||
|
|
||
| - `network` | ||
|
|
||
| - `package` | ||
|
|
||
| - `process` | ||
|
|
||
| - `unknown` | ||
|
|
||
| - `virtual_machine` | ||
|
|
||
| - `virtual_machine_image` | ||
|
|
||
| </details> | ||
|
|
||
| #### annotation | ||
|
|
||
| Mondoo annotations are metadata you can add to assets. They're key-value pairs containing any text you want. To learn more, read [Annotate (Tag) Assets](/platform/intel/annotations). | ||
|
|
||
| You can search for assets that have a certain key-value pair or you can search for assets that have any value for a certain key. These are examples: | ||
|
|
||
| - `annotation:[email protected]` finds assets that have the "owner" annotation with "[email protected]" in the value. This is a fast way to find assets belonging to one user. | ||
|
|
||
| - `annotation:project` finds all assets that have the "project" annotation with any value. | ||
|
|
||
| - `annotation:project=rover` finds all assets that have the "project" annotation with "rover" in the value. This search finds assets that belong to the Mars Rover and Moon Rover projects. | ||
|
|
||
| #### name | ||
|
|
||
| `name` is the default predicate for an asset search, so you don't need to specify `name` if you _only_ want to search asset names. For example, a search for `southwest` is the same as a search for `name:southwest`. | ||
|
|
||
| When you combine predicates in a single search, you don't have to include `name` if it's the first predicate in the search. For example this search finds only assets that have both `southwest` in their name and have the type `azure_object`: | ||
|
|
||
| `southwest AND platform=aws-ec2-snapshot` | ||
|
|
||
| However, if the `name` predicate in a search comes after another predicate, you must include the `name` predicate. For example, this search fails because it tries to find assets that have both `aws-ec2-snapshot` and `southwest` in the platform: | ||
|
|
||
| `platform=aws-ec2-snapshot AND southwest` | ||
|
|
||
| If you add the `name` predicate, then you search for assets that have both `aws-ec2-snapshot` in their platform and `southwest` in the name: | ||
|
|
||
| `platform=aws-ec2-snapshot AND name:southwest` | ||
|
|
||
| --- | ||
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file not shown.