How to create advanced search queries

cybernality is powered by the Apache Lucene indexing and search library.

Terms

A query is broken up into terms and operators. There are two types of terms: Single Terms and Phrases.

A Single Term is a single word such as "cisco" or "firepower".

A Phrase is a group of words surrounded by double quotes such as "cisco firepower".

Multiple terms can be combined together with Boolean operators to form a more complex query (see below).

Wildcard searches

We support the use of the Lucene wildcard search. Lucene supports single and multiple character wildcard searches within single terms (not within phrase queries).

To perform a single character wildcard search use the "?" symbol.

To perform a multiple character wildcard search use the "*" symbol.

The single character wildcard search looks for terms that match that with the single character replaced. For example, to search for "iPadOS" or "IP" you can use the search:

iPa?OS

Multiple character wildcard searches looks for 0 or more characters. For example, to search for test, tests or tester, you can use the search:

iPa*

You can also use the wildcard searches in the middle of a term.

iP*dOS

Note: You cannot use a * or ? symbol as the first character of a search.

Fuzzy searches

We support the use of the Lucene fuzzy search. Lucene fuzzy searches is based on the Levenshtein Distance, or Edit Distance algorithm. To do a fuzzy search use the tilde, "~", symbol at the end of a Single word Term. For example to search for a term similar in spelling to "iPatOS" use the fuzzy search:

iPatOS~

This search will find terms like iPadOS etc.

An additional (optional) parameter can specify the required similarity. The value is between 0 and 1, with a value closer to 1 only terms with a higher similarity will be matched. For example:

iPatOS~0.8

Proximity searches

We support the use of the Lucene proximity search.

The default that is used if the parameter is not given is 0.5. Lucene supports finding words that are within a specific distance away. To do a proximity search use the tilde, "~", symbol at the end of a Phrase. For example to search for a "ciso" and "firepower" within 3 words of each other in a document use the search:

“cisco firepower"~3

Boolean operators

Query strings also support the use of the Lucene boolean operators.

• AND: The AND operator matches documents where both terms exist anywhere in the text of a single document. This is equivalent to an intersection using sets. The symbol && can be used in place of the word AND.

  

• OR: The OR operator is the default conjunction operator. This means that if there is no Boolean operator between two terms, the OR operator is used. The OR operator links two terms and finds a matching document if either of the terms exist in a document. This is equivalent to a union using sets. The symbol || can be used in place of the word OR.

  

• NOT: The NOT operator excludes documents that contain the term after NOT. This is equivalent to a difference using sets. The symbol ! can be used in place of the word NOT.

  

• +: The "+" or required operator requires that the term after the "+" symbol exist somewhere in a the field of a single document.

  

• -: The "-" or prohibit operator excludes documents that contain the term after the "-" symbol.

  

Grouping

Lucene supports using parentheses to group clauses to form sub queries. This can be very useful if you want to control the boolean logic for a query.

To search for either "jakarta" or "apache" and "website" use the query:

(cisco OR aruba) AND switch

Search in properties

It is possible to limit the search to specific properties, by prefixing <propertyName>: to the query string. The following properties can be used:

• title

  

• summary

  

• product_vendor

  

• vendor_severity

  

• vulnerable_products

  

Property grouping

Lucene supports using parentheses to group multiple clauses to a single property.

To search for a title that contains both the word "attack" and the phrase "gorgon group" use the query:

title:(+attack +"gorgon group")

Escaping special characters

Lucene supports escaping special characters that are part of the query syntax. The current list special characters are

+ - && || ! ( ) { } [ ] ^ " ~ * ? : \

To escape these character use the \ before the character.