KUMA has two asset search modes. You can switch between the search modes using the buttons in the upper left part of the window:
You can select the check boxes next to the found assets to export their data to a CSV file.
Simple search
To find an asset using simple search:
The Search field is displayed at the top of the window.
The table displays the assets with the Name, FQDN, IP address, MAC address, and Owner settings matching the search criteria.
Advanced search
To find an asset using advanced search:
The asset filtering settings are displayed in the upper part of the window.
For details on asset filtering settings, see the table below.
The table displays the assets that meet the search criteria.
An advanced asset search is performed using the filtering conditions that can be specified in the upper part of the window:
Left operand |
Available operators |
Right operand |
Build number |
=, ilike |
An arbitrary value. |
OS |
=, ilike |
An arbitrary value. |
IP address |
inSubnet, inRange |
An arbitrary value or a range of values. The filtering condition for the inSubnet operator is met if the IP address in the left operand is included in the subnet that is specified in the right operand. For example, the subnet for the IP address 10.80.16.206 should be specified in the right operand using slash notation as follows: |
FQDN |
=, ilike |
An arbitrary value. |
CVE |
=, in |
An arbitrary value. |
CVSS |
>, >=, =, <=, < |
A number from 0 to 10 (possible severity levels of the asset's CVE vulnerability). Not applicable to vulnerabilities from Open Single Management Platform. |
CVE count |
>, >=, =, <=, < |
Number. The number of unique vulnerabilities with the CVE attribute for the asset. Vulnerabilities without CVEs do not count towards this figure. For searching by the number of CVEs of a certain severity level, you can use a combined condition. For example: CVE count >= 1 CVSS >= 6.5 |
Software |
=, ilike |
An arbitrary value. |
Software version |
=, ilike, in |
An arbitrary value. Version (build) number of the software installed on the asset. |
Asset source |
in |
|
in |
|
|
RAM (bytes) |
=, >, >=, <, <= |
Number. |
Number of disks |
=, >, >=, <, <= |
Number. |
Number of network cards |
=, >, >=, <, <= |
Number. |
Disk free bytes |
=, >, >=, <, <= |
Number. |
KSC group |
=, ilike |
An arbitrary value. Name of the Open Single Management Platform administration group in which the asset is placed. |
Anti-virus databases last updated |
>=, <= |
For search The time is specified as UTC time, and then converted in the KUMA interface to the local time zone set in the browser. You can specify the date and time for this operand in one of the following ways:
For details, see the Using time values subsection below. |
Last update of the information |
>=, <= |
For search The time is specified as UTC time, and then converted in the KUMA interface to the local time zone set in the browser. You can specify the date and time for this operand in one of the following ways:
For details, see the Using time values subsection below. |
Protection last updated |
>=, <= |
For search The time is specified as UTC time, and then converted in the KUMA interface to the local time zone set in the browser. You can specify the date and time for this operand in one of the following ways:
For details, see the Using time values subsection below. |
System last started |
>=, <= |
For search The time is specified as UTC time, and then converted in the KUMA interface to the local time zone set in the browser. You can specify the date and time for this operand in one of the following ways:
For details, see the Using time values subsection below. |
KSC extended status |
in |
|
Real-time protection status |
= |
|
Encryption status |
= |
|
Spam protection status |
= |
|
Anti-virus protection status of mail servers |
= |
|
Data Leakage Prevention status |
= |
|
KSC extended status ID |
= |
|
Endpoint Sensor status |
= |
|
Last visible |
>=, <= |
For search The time is specified as UTC time, and then converted in the KUMA interface to the local time zone set in the browser. You can specify the date and time for this operand in one of the following ways:
For details, see the Using time values subsection below. |
Score ML |
=, >, >=, <, <= |
Number. Asset score assigned by AI services. |
Status |
=, in |
Asset status assigned by AI services:
|
Custom asset field |
=, ilike |
An arbitrary value. Search custom fields of assets. |
Using time values
Some conditions, for example, Anti-virus databases last updated or System last started, use date and time as the operand value. For these conditions, you can use an exact date and time or a relative period.
To specify a date and time value:
By default, the current time is automatically added to the selected date, with millisecond precision. Changing the date in the calendar does not change the specified time. The date and time are displayed in the time zone of the browser. If necessary, you can edit the date and time in the field.
The period is calculated relative to the start time of the current search and takes into account asset information that is up-to-date at that moment. For example, for the condition Anti-virus databases last updated, you can select 1 hour and the >= operator to find those assets for which the anti-virus databases have not been updated for more than 1 hour.
You can enter an exact date and time in the DD.MM.YYYY HH:mm:ss.SSS format for the Russian localization and YYYY-MM-DD HH:mm:ss.SSS for the English localization or a relative period as a formula. You can also combine these methods if necessary.
If you do not specify milliseconds when entering the exact date, 000 is substituted automatically.
In the relative period formulas, you can use the now parameter for the current date and time and the interval parameterization language: +, -, / (rounding to the nearest), as well as time units: y (year), M (month), w (week), d (day), h (hour), m (minute), s (second).
For example, for the Information last updated condition, you can specify the value now-2d with the operator >= operator and the value now-1d with the >= operator to find assets whose information was updated during the day before the search was started; alternatively, you can specify the value now/w with the <= operator to find assets whose information was updated between the beginning of the first day of the current week (00:00:00:000 UTC) and now.
KUMA stores time values in UTC, but in the user interface time is converted to the time zone of your browser. This is relevant to the relative periods: Today, Yesterday, This week, and This month. For example, if the time zone in your browser is UTC+3, and you select Today as the period, the category will cover assets from 03:00:00.000 until now, not from 00:00:00.000 until now.
If you want to take your time zone into account when selecting a relative period, such as Today, Yesterday, This week, or This month, you need to manually add a time offset in the date and time field by adding or subtracting the correct number of hours. For example, if your browser's time zone is UTC+3 and you want the categorization to cover the Yesterday period, you need to change the value to now-1d/d-3h. If you want the categorization to cover the Today period, change the value to now/d-3h.