Search Keywords

Updated 9/2/2022

This section explains keywords and their value types. For each keyword, the Epiphany module that it operates on is specified.

Keyword Key

Keyword Definitions

Active Directory

Page: Identity Tools > Active Directory
Keywords:

network_id:TEXT, domain:TEXT, info_type:TEXT, order:NUM

Footholds

Page: Attack Path Tools > Vulnerabilities, select Footholds
Keywords:

type:TEXT, cve_id:TEXT, affected:TEXT, devices_names:TEXT

Card Paths

Page: Attack Path Tools > Path Finder (Attack Path Screen)
Keywords:

card_id:TEXT, order:NUM, target_id:TEXT, target:TEXT, foothold:TEXT,
host:TEXT, identity:TEXT, prize:TEXT, criticality:TEXT, bim:TEXT, os:TEXT

For information on the unique keywords that can be used within the Path Finder, see

Path Finder Search Strings

Threat Actors

Page: Attack Path Tools > Vulnerabilities, select Threat Actors
Keywords:

name:TEXT, goal:TEXT, targeting:TEXT, origin:TEXT, exploiting:TEXT,
alias:TEXT

Devices

Used in two pages:
- Asset Tools > Inventory
- Asset Tools > Search
Keywords:

eipid:TEXT, ip_address:TEXT, hostname:TEXT, fqdn:TEXT, bim:TEXT,
os:TEXT, sources:TEXT, total_risks:TEXT, entry_points:TEXT, device_family:TEXT,
device_type:TEXT, primary_group:TEXT, cves:TEXT, banner:TEXT, users:TEXT,
users:TEXT, apps:TEXT, status:TEXT, risk_score:TEXT, in_attack:TEXT

Tickets

Tickets in Ticket Screen
Keywords:

status:text, human_id:TEXT, title:TEXT, description:TEXT, resolution:index, 
ticket_type:text, platform_area:text, creator:UUID, assigned_to:UUDI, reporter:UUID,
created_at:UTC, changed:UTC, start_date:URC, due_date:UTC, 
jira:ID:TEXT, jira_last_sync:UTC, priority:index, jira_id:text

Status - open, closed)

Priority - low, medium, high, critical

Ticket Types - change_request, investigation, Informational, report_generation, task, data_request, system_reccomendation

Vulnerabilities

Vulnerabilities Screen
Keywords:

target_type:TEXT, cve_id:TEXT, cisa:TEXT, short_description:TEXT, os:TEXT,
exploitable:TEXT, exploit_discovered_date:TEXT, actively_used:TEXT, category:TEXT
devices_in_paths:NUM, affected_devices:NUM, epiphany_score:NUM, cvss_v3_score:NUM
cvss_v2_score:NUM, patch_available:TEXT, threat_actors:TEXT, is_in_path:TEXT,
score_name:TEXT

The "is_in_path" keyword maps to "devices_in_paths: > 0 AND epiphany_score: > 8 AND cisa: True AND exploitable: True"

Rogue

The Rogue query builder does not support customer keywords at this time.

PreviousComplex Epiphany Queries NextOther Resources

Last updated 2 months ago