Search examples
Fix Security's search syntax is quite powerful and has many features. We suggest trying some of the following searches to get a feel for Fix Security's capabilities:
Search for resources with property value 'foo'
"foo"
Get number of all collected resources
all | count
Get number of all collected resources by kind
all | count kind
List compute instances
is(instance)
List compute instances with more than two CPU cores
is(instance) and
instance_cores > 2
List volumes that are not in use, larger than 10GB, older than 30 days, and with no I/O during the past 7 days
is(volume) and
volume_status != in-use and
volume_size > 10 and
age > 30d and
last_access > 7d
Count the number of EC2 instances by account ID
is(aws_ec2_instance) |
count /ancestors.account.reported.id
Aggregate RAM usage (bytes) data grouped by cloud, account, region, and instance type
is(instance) and instance_status == running |
aggregate
/ancestors.cloud.reported.name as cloud,
/ancestors.account.reported.name as account,
/ancestors.region.reported.name as region,
instance_type as type:
sum(instance_memory * 1024 * 1024 * 1024) as memory_bytes
Aggregate hourly instance cost grouped by cloud, account, region, and type from the cost information associated with the instance_type higher up in the graph
is(instance) and instance_status == running |
aggregate
/ancestors.cloud.reported.name as cloud,
/ancestors.account.reported.name as account,
/ancestors.region.reported.name as region,
instance_type as type:
sum(/ancestors.instance_type.reported.ondemand_cost) as instances_hourly_cost_estimate
Find orphaned load balancers that have no active backend
is(aws_alb) and
age > 7d and
backends==[] with(
empty, <-- is(aws_alb_target_group) and
target_type = instance and
age > 7d with(
empty, <-- is(aws_ec2_instance) and
instance_status != terminated
)
) <-[0:1]- is(aws_alb_target_group) or
is(aws_alb)
Ensure there is only one active access key available for any single IAM user
is(access_key) and access_key_status = "Active" |
aggregate user_name as user: sum(1) as number_of_keys
Find expired SSL certificates
is(certificate) and expires < @UTC@
Find current quota consumption to prevent service interruptions
is(quota) and usage > 0
Find unused AWS volumes older than 30 days with no I/O in the past 7 days
is(aws_ec2_volume) and
age > 30d and
last_access > 7d and
last_update > 7d and
volume_status = available