Simplified SysQL
Simplified SysQL provides a powerful yet easy-to-use query language for interacting with a graph database. Search queries are grouped by Risk, Posture, and Vulnerabilities.
How Does Simplified SysQL Work?
Sysdig stores your resource inventory together with the security findings (like events or vulnerabilities) in a graph database. This allows Sysdig to design queries that match complex paths through the connected data. Simplified SQL is available in a web user interface that helps designing the queries in an interactive way with the following widgets:
- Simplified SysQL builder: Enables you to build your query from scratch by defining entities.
- Simplified SysQL editor: Helps you to update your Simplified SysQL query, and add more entities.
Keywords
Simplified SysQL uses the following basic keywords to structure and filter queries:
| Keyword | Description |
|---|---|
MATCH | Defines the pattern to match in the graph |
OPTIONAL | Used with MATCH to specify optional patterns |
WHERE | Filters results based on specified criteria |
Invalid query examples
When using Simplified SysQL, certain queries may not return results or could be invalid. Following are a few examples:
| Query | Reason |
|---|---|
MATCH EC2Instance THAT IS AFFECTED BY Vulnerability THAT AFFECTS KubeWorkload | EC2Instances and KubeWorkloads are unrelated in your real infrastructure. They appear related in the graph only due to the vulnerability, but this does not reflect an actual relationship. |
MATCH KubeWorkload THAT IS AFFECTED BY Vulnerability THAT AFFECTS KubeWorkload | This query creates a cyclic traversal, leading to an empty result set. |
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.