# Search Keywords This section explains keywords and their value types. For each keyword, the Epiphany module that it operates on is specified. ### Keyword Key \:\, \:\ ### Keyword Definitions #### Active Directory * Page: **Identity Tools** > **Active Directory** * Keywords: ``` network_id:TEXT, domain:TEXT, info_type:TEXT, order:NUM ``` #### Footholds * Page: **Attack Path Tools** > **Vulnerabilities**, select **Footholds** * Keywords: ``` type:TEXT, cve_id:TEXT, affected:TEXT, devices_names:TEXT ``` #### Card Paths * Page: **Attack Path Tools** > **Path Finder** (Attack Path Screen) * Keywords: ``` card_id:TEXT, order:NUM, target_id:TEXT, target:TEXT, foothold:TEXT, host:TEXT, identity:TEXT, prize:TEXT, criticality:TEXT, bim:TEXT, os:TEXT ``` {% hint style="info" %} For information on the unique keywords that can be used within the Path Finder, see [path-finder-search-strings](https://docs.reveald.com/technical-documentation/admin-guides/epiphany-intelligence-platform-administrator-guide/epiphany-tools/path-finder/path-finder-search-strings "mention") {% endhint %} #### Threat Actors * Page: **Attack Path Tools** > **Vulnerabilities**, select **Threat Actors** * Keywords: ``` name:TEXT, goal:TEXT, targeting:TEXT, origin:TEXT, exploiting:TEXT, alias:TEXT ``` #### Devices * Used in two pages: * **Asset Tools** > **Inventory** * **Asset Tools** > **Search** * Keywords: ``` eipid:TEXT, ip_address:TEXT, hostname:TEXT, fqdn:TEXT, bim:TEXT, os:TEXT, sources:TEXT, total_risks:TEXT, entry_points:TEXT, device_family:TEXT, device_type:TEXT, primary_group:TEXT, cves:TEXT, banner:TEXT, users:TEXT, users:TEXT, apps:TEXT, status:TEXT, risk_score:TEXT, in_attack:TEXT ``` #### Tickets * Tickets in Ticket Screen * Keywords: ``` status:text, human_id:TEXT, title:TEXT, description:TEXT, resolution:index, ticket_type:text, platform_area:text, creator:UUID, assigned_to:UUDI, reporter:UUID, created_at:UTC, changed:UTC, start_date:URC, due_date:UTC, jira:ID:TEXT, jira_last_sync:UTC, priority:index, jira_id:text ``` Status - open, closed) Priority - low, medium, high, critical Ticket Types - change\_request, investigation, Informational, report\_generation, task, data\_request, system\_reccomendation #### Vulnerabilities * Vulnerabilities Screen * Keywords: ``` target_type:TEXT, cve_id:TEXT, cisa:TEXT, short_description:TEXT, os:TEXT, exploitable:TEXT, exploit_discovered_date:TEXT, actively_used:TEXT, category:TEXT devices_in_paths:NUM, affected_devices:NUM, epiphany_score:NUM, cvss_v3_score:NUM cvss_v2_score:NUM, patch_available:TEXT, threat_actors:TEXT, is_in_path:TEXT, score_name:TEXT ``` {% hint style="info" %} The "is\_in\_path" keyword maps to "devices\_in\_paths: > 0 AND epiphany\_score: > 8 AND cisa: True AND exploitable: True" {% endhint %} #### Rogue The Rogue query builder does not support customer keywords at this time.