AnsweredAssumed Answered

How to search within QID results for specific users (by regex if poss)?

Question asked by qsw on Aug 8, 2018
Latest reply on Aug 9, 2018 by qsw

Hi,

Context: I want to identify *Nix systems with specific users

 

Info:

1. users are locally defined, and always called oXXXXXX[X], where X is always a digit, that is: o[[:digit:]]{6,7}

2. QID 105085 Unix Use List contains local users

 

First step, I thought this *should* work in Asset Search:

vulnerabilities.vulnerability:( qid: 105085 and results: o1234567)

 

...but it returns no results, even when I know that user o1234567 is listed on one box, with the results for QID 105085.

 

In fact, this fails also

vulnerabilities.vulnerability:( qid: 105085 and results: root)

 

Syntax error, or not possible even in principle?

TIA,

QSW

Outcomes