Expression that defines the filter to apply across findings.
The expression is a list of one or more restrictions combined via logical
operators AND and OR.
Parentheses are supported, and OR has higher precedence than AND.
Restrictions have the form <field> <operator> <value> and may have a -
character in front of them to indicate negation. Examples include:
name
security_marks.marks.marka
The supported operators are:
= for all value types.
>, <, >=, <= for integer values.
:, meaning substring matching, for strings.
The supported value types are:
string literals in quotes.
integer literals without quotes.
boolean literals true and false without quotes.
The following field and operator combinations are supported:
name: =
parent: =, :
resource_name: =, :
state: =, :
category: =, :
external_uri: =, :
event_time: =, >, <, >=, <=
Usage: This should be milliseconds since epoch or an RFC3339 string.
Examples:
event_time = "2019-06-10T16:07:18-07:00"event_time = 1560208038000
Expression that defines the filter to apply across findings.
The expression is a list of one or more restrictions combined via logical
operators AND and OR.
Parentheses are supported, and OR has higher precedence than AND.
Restrictions have the form <field> <operator> <value> and may have a -
character in front of them to indicate negation. Examples include:
name
security_marks.marks.marka
The supported operators are:
= for all value types.
>, <, >=, <= for integer values.
:, meaning substring matching, for strings.
The supported value types are:
string literals in quotes.
integer literals without quotes.
boolean literals true and false without quotes.
The following field and operator combinations are supported:
name: =
parent: =, :
resource_name: =, :
state: =, :
category: =, :
external_uri: =, :
event_time: =, >, <, >=, <=
Usage: This should be milliseconds since epoch or an RFC3339 string.
Examples:
event_time = "2019-06-10T16:07:18-07:00"event_time = 1560208038000
Required. Expression that defines what assets fields to use for grouping.
The string value should follow SQL syntax: comma separated list of fields.
For example: "parent,resource_name".
Required. Expression that defines what assets fields to use for grouping.
The string value should follow SQL syntax: comma separated list of fields.
For example: "parent,resource_name".
The value returned by the last GroupFindingsResponse; indicates
that this is a continuation of a prior GroupFindings call, and
that the system should return the next page of data.
The value returned by the last GroupFindingsResponse; indicates
that this is a continuation of a prior GroupFindings call, and
that the system should return the next page of data.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-01-28 UTC."],[],[]]
