Wilcard query not working

I’m new to Rapid7. I’m trying to list all all exploit name using query exploits.name and using a wildcard value of * but it’s not working. How do I do a wildcard query to show all?

Hi Opan,

Just to make sure I understand your requirement and expectations, the query builder won’t list all exploits (as far as i know) - it will only list associated assets, vulns, solutions, services and software (as seen along the top of the results table). To get a list of all the exploits you may need to use the reporting with a SQL query\export (something like SELECT * FROM dim_vulnerability_exploit).

If you actually are trying to list all assets (or vulns etc) with exploits, then one way of doing this would be to use exploit.name != and then mash the keyboard to create an exploit name that doesn’t exist. That will then give a list of all assets with one or more exploits without that name. You still won’t see the exploits though, although exporting the CSV results will show the count of exploits per system.

I know this doesn’t exactly answer your question but it should give the same result assuming you do need ‘all’. If this doesn’t help then let me know, with a use case and i’ll see if i can help further.

If I go to query builder and click add and enter “exploits.name !=” on the search box without anything, it will output just assets. Same thing when I mash the keyboard.

Hi Opan,

As I said in my previous post, the query builder will not output exploits. That’s not how it works - think of it as a list of ALL your assets and any criteria you add are then used to restrict the list.

For example, if you enter software.publisher = Adobe it will show all assets that contain Adobe software. If you enter exploits.name != asdogjfiheioheog it will then show all assets that don’t have an exploit with that name (i.e. all of them).

What exactly do you want to retrieve? Is it literally just a list of all the exploits, or do you want a list of all your assets with related exploits for example or something different?

To get data out of insightVM I use the SQL Export reports rather than the query builder - the problem with that is there’s a bit of a learning curve depending on how your SQL experience is, but i’ll try to help where i can.

1 Like

Appreciate the help talford. I think I understand now. I’ll reach out in case I need more help.