Last updated at Mon, 13 Jan 2020 21:20:00 GMT
Security professionals responsible for vulnerability risk management are required to perform data querying and analysis on a regular basis to gain insights on the status of risk in their environments. The process of gathering the right data, digesting it, and deriving actionable insights from it is often a painful, time-consuming process.
With that in mind, here’s some exciting news for you: Query Builder is now available in InsightVM, which means gone are the days of relying solely on complex query languages like SQL or third-party tools.
Introducing the Query Builder in InsightVM
The Query Builder is a cloud-based feature that helps you distill asset and vulnerability data using custom-built queries in InsightVM. These queries are composed of “pills,” which are individual criteria that filter your data based on an array of unique parameters. These pills display and define the fields, operators, and values as the query is built.
Here’s what an asset and vulnerability filter used to look like in InsightVM:
You’ll now use the Query Builder to refine your data. The Query Builder looks like this:
You can create a query, save it, and then take action on it. To take action, you can apply the Query Builder data to the expanded dashboard card view, Remediation Projects, Automation, Notifications, and Goals and SLAs. For more information on the Query Builder interface and how to use it, see our Query Builder help page.
User benefits of the Query Builder
Query Builder is more intuitive and easier to use than previous asset and vulnerability filters in InsightVM. With Query Builder, you can do the following:
- Quickly pivot between asset, vulnerability, service, and software results using the same query
- Simplify the way you narrow down your data
- Easily export queried data to a CSV file
Most popular Query Builder workflows being used today
Common workflows used by customers today include searching assets or vulnerabilities by name, tag, or group, as well as searching for scan time/duration. Specifically, customers are looking at:
- Riskiest Assets and Vulnerabilities: View the assets and vulnerabilities that should be remediated by the top solutions. This provides quick visibility into highest-risk assets and vulnerabilities so you know what needs to be immediately prioritized.
- Assets That Haven’t Been Scanned Recently: Find recently unassessed assets; filter on assets that haven't been assessed in X days/weeks/months. Know which assets need to be scanned ASAP to check for risk in your environment.
- Credential Success Status: This indicates if credential authentication was successful. Know which assets are not being fully scanned with credentials so that you can fix/redirect those scan engines. Credentialed scans provide you with the best and most accurate information about assets, enabling you to make more informed decisions.
- Untagged Assets: Filter on asset tag names or asset tag types. Determine which assets still need tags so that you can more easily group assets.
- Asset Groups: View a collection of assets that have been grouped based on certain characteristics or criteria.
Query Builder FAQs:
Below are some frequently asked questions from customers to help you start out on the right foot with the Query Builder:
- How does the Query Builder affect my InsightVM experience?
Here’s what has changed:
- Input fields for asset and vulnerability filters are replaced with the Query Builder in the expanded dashboard card view, Goals and SLAs, Automation, and Remediation Project features.
- All existing filters will be migrated as queries. Nested filters, which contain parenthesis, or mix “and” or “or” operators, will be editable in expert mode.
- You will not be able to edit or delete queries that are in use by other InsightVM features to define scope or criteria. These InsightVM features include Goals and SLAs, Remediation Projects, and Automation.
- You can still edit queries used by Dashboard Cards.
- The Filters tab on the Management page will be removed.
- The “Exploit Count” and “Malware Count” columns will be removed from the expanded view of the “Most Common Solutions” dashboard card.
2. How does the Query Builder affect my CSV file export?
Dates in CSV files exported from the Query Builder are in epoch format (in milliseconds). To convert these epoch dates into a standard date format, use the following formula in Google Sheets or Microsoft Excel:
Substitute the example K2 cell with the cell of the epoch data you want to convert.
In addition, more related data (in columns) will be added to CSV file exports to increase versatility and value.
3. Where can I find more information about the Query Builder?
See our Query Builder help page to learn more about this feature.
4. Who can I contact if I have more questions that are not addressed in this announcement?
Contact your Customer Success Manager, or contact Rapid7 Support.