ShadowTrackr

Log in >
RSS feed

New query keyword: IN

03 April 2022
Query based reports are here, and query based alerts are underway. To fully use this, queries should be easy. That is why you can now use IN () and NOT IN () as keyword.

Say you want a report of all websites that do not return a 201, 403 or 404 HTTP code. The old way (which still works) would be:

index=websites https_status!=201 AND https_status!=403 
  AND https_status!=404

The more values you want to select or exclude, the longer the query becomes. With the new keyword this query can be rewritten as:

index=websites https_status NOT IN(201, 403, 404)

Much better right?
Older posts >

Resources
API
Blog
Documentation
Integrations
Shodan
OpenCTI