Requires at least one application scanner integration such as Veracode or WhiteHat.
Find (Application|CodeRepo) as app that has (Finding|Vulnerability) as vuln return app._type, app.displayName, vuln._type, vuln.displayName, vuln.severity, vuln.numericSeverity
Requires enabling AWS Inspector, GuardDuty, Tenable or similar integration.
Find (Host|Workload|DataStore) as system that has (Finding|Vulnerability) as vuln return system._type, system.displayName, vuln._type, vuln.displayName, vuln.severity, vuln.numericSeverity
Find (Finding|Vulnerability) with open=true
This is best viewed in the Alerts app under Open Findings tab.
Similar, you can query for vulnerability findings that are resolved/suppressed or marked as exception:
Find (Finding|Vulnerability) with open=false or suppressed=true or exception=true
Requires integration with Okta or OneLogin or similar SSO identity provider.
This returns data that is derived from a SSO application:
Find Application as app that CONNECTS Account that RELATES TO Vendor as v return app.displayName as app, v.name as vendor, v.linkToSLA, v.linkToMSA
Or in a more generic way:
Find Application that RELATES TO (Vendor|Account)
Returns all applications that does not have a vendor or vendor account associated:
Find Application that !RELATES TO (Vendor|Account)
Find images that have been updated within 6 months:
Find Image with createdOn > date.now - 6 months
Find images that have not be updated within 6 months:
Find Image with createdOn < date.now - 6 months
Find private images or the ones that have been specifically approved:
Find Image with public=false or approved=true
This is best viewed in the Asset Inventory app by selecting the Vendor class from the quick filter.