The search function allows you to query the database for information. The same query structure is used in multiple locations within the Keyfactor Command Management Portal.
When you first open the page, you will see the simple search option. To execute a search, select the field and comparison operators in the dropdowns and type something on which to search in the value field (if applicable). If you select an is null or is not null comparison operator, the value field will be grayed out. Click the Search button to execute the query.
Each query consists of three parts:
Query Field
The available fields for querying vary depending on the area of the Management Portal in which the search is used. On this page, the queries can be done on the following built-in fields:
ActingUser
The user who performed the audited action, in the format DOMAIN\username for Active Directory authentication or typically just the username for an identity provider other than Active Directory. For actions initiated by the Keyfactor Command Service, this will be Timer Service. Supports the %ME% token (see Advanced Searches).
Level
The logging level of the message:
- Information
A successful operation that changes the state of the data in the application - Warning
Notification of a possible malicious access attempt (e.g. an unauthorized user attempting to access a web page) - Failure
Notification that a user was denied access to an activity (this can be used to alert to a possible internal role security issue)
Timestamp
The time at which an action took place. Supports the %TODAY% token (see Advanced Searches).
Category
The area of the product in which the auditable activity occurred. This list is built dynamically to show only those categories that are actually in your audit log. Select a category (e.g. Template A certificate template defines the policies and rules that a CA uses when a request for a certificate is received.) and for most categories an optional subsearch field (e.g. Template Defaults for templates) to find entries related to that category and optional subsearch field (e.g. any changes made to template default settings). See Audit Log Categories for a complete list of possible categories.
Name
The name of the object being audited. The name of the object is related to the category of auditable activity. If the category is template, the name will be the template name. If the category is SSH The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption. user, the name will be the username of the user owning the SSH key. If the category is expiration alert, the name will be the expiration alert name. Some category to name relationships are more clear than others.
For example, in the following audit message for a certificate enrollment Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA)., the name is the DN A distinguished name (DN) is the name that uniquely identifies an object in a directory. In the context of Keyfactor Command, this directory is generally Active Directory. A DN is made up of attribute=value pairs, separated by commas. Any of the attributes defined in the directory schema can be used to make up a DN. of the certificate:
In the following workflow A workflow is a series of steps necessary to complete a process. In Keyfactor Command, it refers to the workflow builder, which allows you to automate event-driven tasks such as when a certificate is requested, revoked or found in a certificate store. instance message, the name is the entire title of the workflow instance:
In the following certificate collection The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports). message, the name is the name of the certificate collection that was created:
When you open the details for an audit log record, the name appears at the top of the details dialog as the second part of the dialog title (see View: Audit Log Details).
Operation
The type of operation performed. See Audit Log Operations for a complete list of the available operations.
Comparison Operator
The query comparison operators vary depending on the type of field selected and the specific properties of the field. The list below shows the dropdown list comparison operators, as well as the equivalent query language syntax (in parentheses).
Most string fields (the vast majority of the built-in fields) support:
- Is equal to (-eq)
- Is not equal to (-ne)
- Contains (-contains)
- Does not contain (-notcontains)
- Starts with (-startswith)
- Ends with (-endswith)
- Is null (-eq NULL)
- Is not null (-ne NULL)
Most date and integer fields support:
- Is equal to (-eq)
- Is not equal to (-ne)
- Is less than (-lt)
- Is less than or equal to (-le)
- Is greater than (-gt)
- Is greater than or equal to (-ge)
- Is null (-eq NULL)
- Is not null (-ne NULL)
Most Boolean (true/false) fields support:
- Is equal to (-eq)
- Is not equal to (-ne)
- Is null (-eq NULL)
- Is not null (-ne NULL)
Comparison Value
The value you enter for comparison must match the field type. For example, integer fields only support numerical values. String fields support all alphanumeric characters. Boolean fields only support True or False. The value field is not case sensitive. Date fields support only properly formatted dates and will initially display as mm/dd/yyyy. You can choose to populate the date field by:
- Clicking in a date Value field to open a pop-up calendar to select a date that will populate the field.
- Clicking in a segment of the date format (i.e., mm/dd/yyyy) and entering a value. As you continue to type in any one segment, the cursor will keep moving onto the next segment.
The results that match your search criteria will be displayed in the results grid below the search selection options.
When you select Category in the query field, a fourth dropdown will appear. This Property Field allows you to further refine the search. The options available in this field vary depending on the selection made in the comparison value. Select Any to display all of the results for the selected category search combination. Select a specific value in the property field to display all the audit records that had changes to the selected field.
Advanced Searches
On any search page you can click Advanced to the right of the Search button to display the advanced search options. Click Simple to close the advanced search options again.
Multiple Criteria
Using the advanced search options, you can build a query based on multiple criteria using AND/OR logic. As with a simple search, you select a field and comparison operator in the drop-downs and then enter a comparison value, if applicable. Click Insert to add the search criteria to the query field below the selection fields. Use the selection fields to build multiple search criteria. Each time you click the insert button, an AND is added between the previous search criteria and the newly added one. You can change the AND to an OR if desired. You can use parentheses around portions of the query along with AND/OR to change the query meaning.
For example, for certificate searches:
This query will return all the certificates issued on or after January 1, 2022 with the string appsrvr in the CN A common name (CN) is the component of a distinguished name (DN) that represents the primary name of the object. The value varies depending on the type of object. For a user object, this would be the user's name (e.g. CN=John Smith). For SSL certificates, the CN is typically the fully qualified domain name (FQDN) of the host where the SSL certificate will reside (e.g. servername.keyexample.com or www.keyexample.com). and also all certificates issued at any time with the string appsrvr in the CN using a template referencing web. When you have entered all the desired search criteria, click Search to execute the query. If you wish to clear the query field and start over, click the Clear button.
In addition to the options available in the query builder, several special values can be used in selected searches by typing them in directly:
-
%TODAY%
Use the TODAY special value in place of a specific date in date queries. This option supports math operations, so you can use TODAY-10 or TODAY+30. The built-in Certificates Expiring in 7 Days collection uses this special value (see Certificate Collection Management).
-
%ME%
Use the ME special value in place of a specific domain\user name in queries that match a domain\user name. The built-in My Certificates collection uses this special value (see Certificate Collection Management).
-
%ME-AN%
Use the ME-AN special value in place of a specific user name excluding the domain. This is beneficial in environments with multiple domains where there is a desire to query for a user's certificates even if they were requested across multiple domains.
-
%ROLES%
Use the ROLES special value in place of a specific security role in Owner Role Name queries to return all the certificates that are either marked as owned by a role of which the querying user is a member or not marked as owned by a role of which the querying user is a member. This option can be used only with the -in and -notin operators.