Still can't find what you're looking for?Search Monitored Nodes
The search bar in the Monitored tab (
Note: By default, Guardian searches for results in the 'All Nodes' node group. If you want to search for content that belongs to a different node group, select a group from the Node Groups drop-down menu and proceed as described below.
Tip: As of V3.57.0 of the Guardian web application, you can now search for monitored nodes within the Environments and Connection Manager Groups drop-down menus, as well as the Node Groups drop-down menu. This functionality was introduced in the July 2025 Quarterly Release.
Basic Search
Basic search functionality denotes using key words to search for content within the selected node group. After entering your search query, you can simply press Enter and Guardian returns a list of items that match the attributes defined in your search query.
Alternatively, to narrow down the number of results displayed, you can select an option from the drop-down list that is displayed while using the search bar. The options displayed in this list represent the first level of a node's scan categories discovered during node scans. For example, when searching for 'windows' nodes, you are prompted to filter results for 'Packages', 'Files', 'Services' or 'Anywhere' within the 'All Nodes' node group.
Selecting an option from the drop-down list automatically enables Expression Mode, which is a way to filter your results according to configuration items and attributes. For more information on how to use expression mode, see below.
Expression Mode
Expression mode is a feature that enables you to filter your results down to the granular level, in order to retrieve more accurate results. Besides using the aforementioned drop-down list to enable expression mode, you can trigger this feature by entering a colon character. Enter the scan category you want to search for results, followed by a colon, and the key word(s) you want to search for. In the example below, the user entered 'packages:windows' to search for content containing 'windows' within the 'packages' scan category.
You can also see all of the scan categories available to search for by entering a single colon in the search bar. This displays a list of the scan categories. Select an option to start filtering your results and complete the search query with the key word(s) you want to search for.
Tip: If you only want to see results that are an exact match for the query you entered, you can append the word 'EXACT' to the end of the search query. For example: 'packages:windows EXACT'. Otherwise, Guardian will also return results that are similar to the query you provided.
The search results can also be further constrained based on the value of an attribute defined in your search query. The syntax can contain any attribute value within a scan category, such as the version number, checksum, or name. To append one or more attribute values to your search query, use the connector 'with'. In the example below, the query has been set to 'packages:windows with version:1'. That means Guardian will search for content that contains 'windows' with a 'version' attribute containing '1' within the 'packages' scan category. For more examples on how to use expression mode, see Examples.
Note: The syntax used here is the same as a dynamic group query. For more information, see Dynamic Group Queries.
If any results are returned, they are displayed within the Matches column. For more information on how to utilize the Matches column, see below.
Search Results
Using expression mode displays the results in columns that become available one by one once you click an option from the Matches column. For example, in the image below, if you click an option from the Matches column, the Versions column is displayed with information related to the application's version. If you click the Versions column, the On Nodes column is displayed and so on and so forth. By doing so, you'll get to a single node that matches with all of the options you previously clicked. For more information on the content contained within each column, refer to the table below.
Each column provides different information, according to the descriptions below:
Note: By default, the Matches column is always displayed. The next columns and each information present will vary depending on the option you select from the Matches column.
|
Column |
Description |
|---|---|
| Matches |
A list of results that match the search query you entered. For example, a list of applications, nodes or files found. |
| Versions (Only displayed if the search query contains the 'version' attribute.) |
If the search query is appended with the 'version' attribute', a list of the versions compatible with the option you selected in the Matches list is displayed. |
| On Nodes |
A list of nodes that match the option and version you selected in the previous headings. Note: By clicking the menu icon next to the On Nodes heading, you access the Search Results page to see all of the matching groups and their scan details. |
| Node Name |
The node name that matches all of the previous criteria. Click the View button to go to the node scan results page. Note: You can also select the node name to populate the search bar with that name and see results that match the exact case and spelling term. |
Examples
Using expression mode is a quick and effective way to search for and analyze results, whereas basic search only returns a list of results that match the text you entered. There are several attributes within a scan category that you can use to define the syntax used in your search. For example:
Note: For more information on how to analyze a node's scan results and each of the configuration items present, see Node Scan Results.
-
'files:system.ini with checksum:286a9edb379dc3423a528b0864a0f111'.
-
'files:microsoft with name:net'.
-
'services:activeX with state:stopped'.
-
'services:virtual with enabled:manual'.
-
'packages:cyrus-sasl-lib with version:2.1'.
-
'packages:usermode with status:installed'.
These are only some examples of the many possible combinations you can create to filter your search results. In addition, once you perform a search, you can click the Examples button to display the following examples.
