Dashboard Toolbox - Improving Dashboard Performance through Query Formatting

Document created by DMFezzaReed Employee on Jul 13, 2018Last modified by DMFezzaReed Employee on Jul 31, 2018
Version 8Show Document
  • View in full screen mode

Welcome to Dashboard Toolbox - Improving Dashboard Performance through Query Formatting

 

Here we will begin to collaboratively and constructively collect a list of query format choices that will help to improve the performance of your dashboard(s).  As new recommendations arise, they will be added to this page and to the scope of the technical publications when the dashboards move to GA.

dashboard_toolbox  dashboard_howto  vmdb_beta

 

Recommended Query Formatting for Performance

 

RecommendationInstead of this...Try this...
Try to reduce the use of range query, where possiblevulnerabilities.vulnerability.severity:[3..5]vulnerabilities.vulnerability.severity:[3,4,5]
Try to reduce, or eliminate, the use of the NOT within the querynot vulnerability.typeDetected:Informationvulnerability.typeDetected:[Confirmed,Potential]
Query for Operating System using the Asset token vs. the Vulnerability Token

vulnerabilities.hostOS:

operatingSystem:

New Jul 24,2018

Query for a Date Range 

To query "from this point in time to now" the GT (>) sign should be used vs. ...

  • Greater Than (>) is from a point in time forward (until now)

To select detections within that last 90 days:

lastVMScanDate:[now-90d .. now]

To select detections within that last 90 days:

lastVMScanDate > now-90d 

New Jul 24,2018

Query for a Date Range

To query "prior to this point in time" the LT (<) sign should be used vs. ...

  • Less Than (<) is from a point in time backwards

To select detections older than 90 days:

lastVMScanDate:[2012-01-01 .. now-90d]

To select detections older than 90 days:

lastVMScanDate < now-90d

New Jul 24,2018

NEW VM DASHBOARD BETA

VULNERABILITY query nesting within the New Vulnerability Management Dashboard BETA is no longer required.

[However, nesting is still required for the ASSET query within the New Vulnerability Management Dashboard BETA]

vulnerabilities: (vulnerability.severity:[3,4,5] and typeDetected:[Confirmed]) and vulnerabilities.vulnerability.vendors.vendorName:Cisco

vulnerabilities.vulnerability.severity:[3,4,5] and vulnerabilities.typeDetected:[Confirmed] and vulnerabilities.vulnerability.vendors.vendorName:Cisco

 

Please feel free to comment, ask questions, and make suggestions for content below.  DMFezzaReed will review and acknowledge both a minimum of once each week.

 

 

 

Back to Dashboard Toolbox - New Vulnerability Management (VM) Dashboard BETA 

Back to Dashboarding and Reporting 

Attachments

    Outcomes