Simple Asset Queries

The following examples demonstrate simple Brinqa Query Language (BQL) queries for gaining insights into your unified asset inventory. These queries are classified as simple as they only involve one condition, such as the count of open findings on an asset, the name of the operating system running on a host, and etc. You can use the same syntax on other target data models and attributes.

Which assets are missing a specific agent (e.g., CrowdStrike)?

FIND Asset AS a
WHERE a.dataIntegrationTitles NOT CONTAINS ANY ["CrowdStrike"]

Which assets have a specific name?

FIND Asset AS a
WHERE a.name = "web-server-01"

Which devices are unmanaged?

FIND Asset AS a
THAT NOT OWNS Person AS p

Which assets were seen recently (ephemeral devices)?

FIND Asset AS a
WHERE a.lastSeen IN LAST 2 Days

Which assets have more than 100 open findings?

FIND Asset AS a
WHERE a.openFindingCount > 100

Which hosts have public IP addresses?

FIND Host AS h
WHERE h.publicIpAddresses IS NOT NULL

Which cloud instances are not being scanned?

FIND Host AS h
WHERE h.cloudInstanceID IS NOT NULL

Which assets have a risk score over 5?

FIND Asset AS a
WHERE a.riskScore > 5

Which assets are sourced from a specific connector?

FIND Asset AS a
WHERE a.connectorNames = "AWS EC2"

Which devices were last seen after a specific date?

FIND Device AS d
WHERE d.lastSeen SINCE 2020-11-31

Which devices are out of compliance?

FIND Device AS d
WHERE d.complianceStatus = "Non compliant"

Which hosts are running a specific operating system?

FIND Host AS h
WHERE h.os CONTAINS "Mac"

FIND Host AS h
WHERE h.os CONTAINS "Linux"

FIND Host AS h
WHERE h.os CONTAINS "Windows"

Which hosts have specific IP addresses?

FIND Host AS h
WHERE h.ipAddresses CONTAINS ANY ["198.51.100.102"]

FIND Host AS h
WHERE h.ipAddresses CONTAINS ANY ["192.168.100.200", "172.16.50.60"]

Which hosts are missing a name or have a name?

FIND Host AS h
WHERE h.name NOT EXISTS

FIND Host AS h
WHERE h.name EXISTS

Which users have not logged in during the last 7 days?

FIND User AS u
WHERE u.lastLogin NOT IN LAST 7 Days

What software is installed on assets?

FIND InstalledPackage AS s
THAT INSTALLED_ON Asset AS a

Which assets are missing a specific agent (e.g., CrowdStrike)?​

Which assets have a specific name?​

Which devices are unmanaged?​

Which assets were seen recently (ephemeral devices)?​

Which assets have more than 100 open findings?​

Which hosts have public IP addresses?​

Which cloud instances are not being scanned?​

Which assets have a risk score over 5?​

Which assets are sourced from a specific connector?​

Which devices were last seen after a specific date?​

Which devices are out of compliance?​

Which hosts are running a specific operating system?​

Which hosts have specific IP addresses?​

Which hosts are missing a name or have a name?​

Which users have not logged in during the last 7 days?​

What software is installed on assets?​