Advanced Search
The following are advanced searches that can be used in CloudSIEM SearchEverything
Time Range Search
Searching a specific time range. The @timestamp field format yyyyMMdd’T’HHmmss.
NOTE: Date and time sections are separated by T
Example:
@timestamp:[2017-04-10T00:00:00 TO 2017-04-11T00:00:00]
Text AND/OR/NOT Operators
NOTE: Operators such as AND, OR, and NOT must be uppercase.
AND Operator
Separate two search terms with AND, search will only return entries that contain both search terms.
Example:
SearchTerm1 AND SearchTerm2
OR Operator
Separate two search terms with OR, search will return entreis that include either search term.
Example:
SearchTerm1 OR SearchTerm2
NOT Operator
Using the NOT operator before a search term will exclude results containing the term
NOT SearchTerm1
Nested Operators
Nest each Function with ( ) and apply AND/OR/NOT Operators between nested searches
Example:
(SearchTerm1 AND SearchTerm2) OR (SearchTermA AND SearchTermB)
Nested Functions with Time Range
Adding AND @timestamp search to nested search
Example:
(SearchTerm1 AND SearchTerm2) OR (SearchTermA AND SearchTermB) AND @timestamp:[2017-04-10T00:00:00 TO 2017-04-11T00:00:00]