# Search Keywords This section explains keywords and their value types. For each keyword, the Epiphany module that it operates on is specified. ### Keyword Key \:\, \:\ ### Keyword Definitions #### Active Directory * Page: **Identity Tools** > **Active Directory** * Keywords: ``` network_id:TEXT, domain:TEXT, info_type:TEXT, order:NUM ``` #### Footholds * Page: **Attack Path Tools** > **Vulnerabilities**, select **Footholds** * Keywords: ``` type:TEXT, cve_id:TEXT, affected:TEXT, devices_names:TEXT ``` #### Card Paths * Page: **Attack Path Tools** > **Path Finder** (Attack Path Screen) * Keywords: ``` card_id:TEXT, order:NUM, target_id:TEXT, target:TEXT, foothold:TEXT, host:TEXT, identity:TEXT, prize:TEXT, criticality:TEXT, bim:TEXT, os:TEXT ``` {% hint style="info" %} For information on the unique keywords that can be used within the Path Finder, see [Path Finder Search Strings](/technical-documentation/admin-guides/epiphany-intelligence-platform-administrator-guide/epiphany-tools/path-finder/path-finder-search-strings.md) {% endhint %} #### Threat Actors * Page: **Attack Path Tools** > **Vulnerabilities**, select **Threat Actors** * Keywords: ``` name:TEXT, goal:TEXT, targeting:TEXT, origin:TEXT, exploiting:TEXT, alias:TEXT ``` #### Devices * Used in two pages: * **Asset Tools** > **Inventory** * **Asset Tools** > **Search** * Keywords: ``` eipid:TEXT, ip_address:TEXT, hostname:TEXT, fqdn:TEXT, bim:TEXT, os:TEXT, sources:TEXT, total_risks:TEXT, entry_points:TEXT, device_family:TEXT, device_type:TEXT, primary_group:TEXT, cves:TEXT, banner:TEXT, users:TEXT, users:TEXT, apps:TEXT, status:TEXT, risk_score:TEXT, in_attack:TEXT ``` #### Tickets * Tickets in Ticket Screen * Keywords: ``` status:text, human_id:TEXT, title:TEXT, description:TEXT, resolution:index, ticket_type:text, platform_area:text, creator:UUID, assigned_to:UUDI, reporter:UUID, created_at:UTC, changed:UTC, start_date:URC, due_date:UTC, jira:ID:TEXT, jira_last_sync:UTC, priority:index, jira_id:text ``` Status - open, closed) Priority - low, medium, high, critical Ticket Types - change\_request, investigation, Informational, report\_generation, task, data\_request, system\_reccomendation #### Vulnerabilities * Vulnerabilities Screen * Keywords: ``` target_type:TEXT, cve_id:TEXT, cisa:TEXT, short_description:TEXT, os:TEXT, exploitable:TEXT, exploit_discovered_date:TEXT, actively_used:TEXT, category:TEXT devices_in_paths:NUM, affected_devices:NUM, epiphany_score:NUM, cvss_v3_score:NUM cvss_v2_score:NUM, patch_available:TEXT, threat_actors:TEXT, is_in_path:TEXT, score_name:TEXT ``` {% hint style="info" %} The "is\_in\_path" keyword maps to "devices\_in\_paths: > 0 AND epiphany\_score: > 8 AND cisa: True AND exploitable: True" {% endhint %} #### Rogue The Rogue query builder does not support customer keywords at this time. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.reveald.com/technical-documentation/admin-guides/epiphany-intelligence-platform-administrator-guide/search-and-query-guidelines/search-keywords.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.