Searching Data from Juniper X-Force Exchange with Advanced Search Criteria

For complex queries, you can search and filter data from X-Force Exchange by using Advanced Search expressions.

Advanced searches return data from the Log Activity or the Network Activity tab in JSA.

URL searches cannot be returned from the Network Activity tab because the URL information is provided by the event data.

Type an AQL query expression.

Note:

The following table describes some common search expressions.

Table 1: X-Force Advanced Search Expressions
Description	Example
Searches for source IP addresses that have a confidence factor above 50.	select * from events where XFORCE_IP_CONFIDENCE(’Spam’,sourceip)>50
Searches associated with a URL.	select url, XFORCE_URL_CATEGORY(url) as myCategories from events where XFORCE_URL_CATEGORY(url) IS NOT NULL
Searches associated with a source IP address.	select sourceip, XFORCE_IP_CATEGORY(sourceip) as IPcategories from events where XFORCE_IP_CATEGORY(sourceip) IS NOT NULL

Table 1: X-Force Advanced Search Expressions

Description

Example

Searches for source IP addresses that have a confidence factor above 50.

select * from events where
XFORCE_IP_CONFIDENCE(’Spam’,sourceip)>50

Searches associated with a URL.

select url,
XFORCE_URL_CATEGORY(url)
as myCategories from events where
XFORCE_URL_CATEGORY(url) IS NOT NULL

Searches associated with a source IP address.

select sourceip,
XFORCE_IP_CATEGORY(sourceip)
as IPcategories from events where
XFORCE_IP_CATEGORY(sourceip) IS NOT NULL