blog post cover

Introducing Free Text Search for Free Form Queries

Table of contents

We’ve recently rolled out a major product feature; Free Text Search. Beforehand, you had to write an SQL query with SQL statements such as SELECT * FROM WHERE to answer your security questions on your Resmo Search page. 

Now, you also have the option to query a term, keyword, or unique identifier in free text format to find all related resources containing that term. Let’s get you more acquainted with this powerful feature.

What is free text search?

The free text search feature enables you to type any terms, keywords, phrases, IDs, or environment variables and query for relevant results across all your cloud and SaaS environments in milliseconds. 

Previously, Resmo users had to type basic SQL statements such as SELECT * FROM in order to query their resources. But now, you can select Free Text Search to run free-form text queries. Whether you want to search all resources that contain a specific name, domain name, or even a phrase in your repository description, you can leverage Free Text Search to accelerate your operations. 

Free Text Search examples

In the simplest terms, you can type a name or user into the free text search box and query all resources containing that name. You can search even phone numbers if they are enlisted as contact numbers for any of your account users. It’s typically challenging to find too specific data like these across multiple accounts. 

While SQL can bring a group of information, free text search digs deeper and narrow down the results to resources containing a given keyword. Other examples that you can query using free text search include the following:

  • Domains
  • Phone numbers if they are in contact numbers
  • Any unique identifiers within logs
  • Something in the description (repo description, for example)
  • Device type (i.e., iOS)

The advantage of Free Text Search is that you can find all related results to a given keyword in free form without the restrictions of SQL statements. On the other hand, SQL is more advantageous for more detailed results and complex queries. Each has its own best-case scenarios.

How to query with Free Text Search on Resmo

Step #1: Sign up or sign in to your Resmo account.

Step #2: On your Search page, click the Free Text Search from the top right.

  • You can easily switch between SQL and Free Text Search for each query tab whenever you like. 
free text search button on Resmo

Step #3: Type a term, keyword, phrase, ID, or any unique identifier. Then, hit the Run Query button. For instance, in the example below, we typed a domain to look for every resource that contains it. As easy as that! 

doman query example on Resmo

Use cases for Free Text Search

There are many cases in that your team can leverage the Free Text Search. Here are some but not limited to the following.

1. Incident response

Identifying security incidents across your attack surface divides into two parts. The first part is identifying potential security threats so that you can develop an incident response plan to carry out when it happens. The second part is using appropriate tools to continuously monitor and deal with active threats in real time. 

However, identifying potential threats is not always as easy as it sounds. While you can use Resmo to get notified about rule violations in real time, we’ll focus on a different subsidiary method here. For example, you can use Free text search in your security gap identification and incident response process to:

  • Find a specific IP address and all related information connected to it.
  • Assess a threat radius. For instance, if an account is breached, you can find all resources that can be affected and take necessary actions. 
  • Identify all DNS records related to a domain name. 
  • List all resources matched with a user in a specific environment (i.e., typing a user name and cloud service name “Sergei AWS” )

Suggested article: Track Resource Changes on The Changes Page

2. Employee offboarding

Employees come and go; it’s natural. What’s not-so-natural would be a malicious threat actor taking advantage of a former employee’s account that you forgot to wipe out. Even worse, it might turn into an insider threat. 

Per the 2022 Cost of Insider Threats: Global Report, insider threats have increased 44 percent over the past two years.

A former employee could access and leak your company’s sensitive data since they might know your security weaknesses. These incidents occur even in the most prestigious companies. That’s why employee offboarding is a critical process for security. 

username query example on Resmo

The ability to look up inactive users in your cloud and SaaS environments is not something new on Resmo. However, with the Free Text Search, you can query specific users and dig out every single crumb left related to that user. 

  • Look up a specific username, name, email, or other account information
  • Detect all accounts belonging to that user
  • Revoke access, reset passwords, and delete accounts; complete the clear offboarding process effectively

You might also like our article; Why Cybersecurity Asset Management Matters?

3. Find a specific piece of information

As we mentioned before, unlike SQL queries, Free text search is more like point-shot results. If there’s a specific keyword, IP, ID, name, domain, log, or any other keyword you want to look for, just search it in free form. 

For example, you can even find a keyword that one of your repositories contains in its description. That means you can type “hacked,” and the results list all resources containing that specific term. 

term query example on Resmo

Try it out for yourself

Now that you know everything about the Free Text Search, it’s time you give it a try. Find more use cases to elevate your company’s security posture and your security and developer teams’ day-to-day operations. If you’d like to be the first to know about all new features like this, you can also check out our changelog

Continue Reading

next article

17 Best SIEM Tools to Try in 2024

Sign up for our Newsletter