feat(qql): overlaps POS-INF/PEA/TRA - exclusions vpexpat/bt/ar + vpsimaapi, POS-PEA vpsim->vpsimas (Diagnostic Khalid #22)
This commit is contained in:
parent
fcc0c34bca
commit
e3b0828005
Binary file not shown.
@ -35,6 +35,7 @@ Suivi des cas où la règle V3 produit un résultat incorrect (faux positif/nég
|
|||||||
| 19 | 2026-04-24 | `POS-DMZ` vs `TAG-SED`/`TAG-SEI` | 7 assets en désaccord audit DMZ | 3 en POS-DMZ sans SED/SEI + 4 avec SED/SEI hors POS-DMZ | Tags STAT manuels non synchronisés à la création/modif d'assets DMZ | **Trou audit sécurité** : assets DMZ non classifiés en exposition directe/indirecte → mauvaise priorisation patch/scan | Rectification finale 2026-04-25 : 3 ajouts à SED/SEI (`vppintaweb1` SED, `vppintaweb2` SED, `vrameased1` SEI) + 1 retrait `vpdecasas4` (n'aurait pas dû être en SEI) + 3 confirmés légitimement hors DMZ (LAN exposé via NAT : `vpdsiawsus1` SED, `vppeaabst3` SEI, `vpvpnaems1` SED Ubuntu). Total cohérent : POS-DMZ=48, SED+SEI=48 | 🟢 | 2026-04-25 |
|
| 19 | 2026-04-24 | `POS-DMZ` vs `TAG-SED`/`TAG-SEI` | 7 assets en désaccord audit DMZ | 3 en POS-DMZ sans SED/SEI + 4 avec SED/SEI hors POS-DMZ | Tags STAT manuels non synchronisés à la création/modif d'assets DMZ | **Trou audit sécurité** : assets DMZ non classifiés en exposition directe/indirecte → mauvaise priorisation patch/scan | Rectification finale 2026-04-25 : 3 ajouts à SED/SEI (`vppintaweb1` SED, `vppintaweb2` SED, `vrameased1` SEI) + 1 retrait `vpdecasas4` (n'aurait pas dû être en SEI) + 3 confirmés légitimement hors DMZ (LAN exposé via NAT : `vpdsiawsus1` SED, `vppeaabst3` SEI, `vpvpnaems1` SED Ubuntu). Total cohérent : POS-DMZ=48, SED+SEI=48 | 🟢 | 2026-04-25 |
|
||||||
| 20 | 2026-04-25 | `POS-INF` trop restrictif | 5 assets seulement | API Qualys live confirme 5 (vpbipamod1, vpsimasvp1, vraptbjup1, vraiiavid1/2) | **La rule active dans la console Qualys = `C:\Claude\sanef\inputs\pos-inf.txt`** (seulement 6 préfixes : vpsimas*, vpppear*, vpppeas*, vpbipa*, vraiia*, vraptb*) au lieu de la rule v3 cible **`C:\Claude\sanef\QL\inputs\dom_inf_rule_v2.txt`** (91 préfixes). Le brouillon initial des exclusions a été appliqué à la place de la vraie rule. | **Périmètre Infrastructure totalement faux** : 5 assets au lieu d'~80-100 attendus. DSI sous-estime largement la surface d'attaque infra. | Console Qualys : éditer POS-INF → coller la QQL complète de `dom_inf_rule_v2.txt` (91 préfixes + exclusions Gestion) → Re-evaluate. Vérifier aussi le rule_type (`Asset Inventory` = Asset Search). | 🔴 | À fixer (QQL console) |
|
| 20 | 2026-04-25 | `POS-INF` trop restrictif | 5 assets seulement | API Qualys live confirme 5 (vpbipamod1, vpsimasvp1, vraptbjup1, vraiiavid1/2) | **La rule active dans la console Qualys = `C:\Claude\sanef\inputs\pos-inf.txt`** (seulement 6 préfixes : vpsimas*, vpppear*, vpppeas*, vpbipa*, vraiia*, vraptb*) au lieu de la rule v3 cible **`C:\Claude\sanef\QL\inputs\dom_inf_rule_v2.txt`** (91 préfixes). Le brouillon initial des exclusions a été appliqué à la place de la vraie rule. | **Périmètre Infrastructure totalement faux** : 5 assets au lieu d'~80-100 attendus. DSI sous-estime largement la surface d'attaque infra. | Console Qualys : éditer POS-INF → coller la QQL complète de `dom_inf_rule_v2.txt` (91 préfixes + exclusions Gestion) → Re-evaluate. Vérifier aussi le rule_type (`Asset Inventory` = Asset Search). | 🔴 | À fixer (QQL console) |
|
||||||
| 21 | 2026-04-25 | Asset doublon Qualys | `vpameatra1.sanef.groupe` (2 entrées Qualys avec même hostname) | Le zombie : IP `10.43.192.17`, last updated **Feb 24, 2023** (≈3 ans sans contact), Asset ID `155999641`. Le vivant a une autre IP et check-in régulier. | Asset jamais nettoyé après changement IP/réinstallation/migration → reste en doublon dans Qualys. Aucune purge auto. | **Risque de double-comptage dans toutes les rules** matchant `vpameatra1` (POS-TRA, ENV-PRD, OS-LIN-SRV, etc.) → KPI gonflés artificiellement, et stats vuln peuvent être fausses (le zombie a des vulns figées 2023). | Exclure le zombie via IP dans les rules concernées : `and not asset.interface:(address:10.43.192.17)`. **Note** : `asset.hostID:X`, `asset.id:X` et `asset.lastUpdated:[date..now]` ne marchent PAS en Tag rule (uniquement en Asset Search interactive). À long terme, demander purge à Qualys ou retirer le Cloud Agent zombie. | 🟡 | Workaround par IP (à appliquer sur toutes les rules touchées) |
|
| 21 | 2026-04-25 | Asset doublon Qualys | `vpameatra1.sanef.groupe` (2 entrées Qualys avec même hostname) | Le zombie : IP `10.43.192.17`, last updated **Feb 24, 2023** (≈3 ans sans contact), Asset ID `155999641`. Le vivant a une autre IP et check-in régulier. | Asset jamais nettoyé après changement IP/réinstallation/migration → reste en doublon dans Qualys. Aucune purge auto. | **Risque de double-comptage dans toutes les rules** matchant `vpameatra1` (POS-TRA, ENV-PRD, OS-LIN-SRV, etc.) → KPI gonflés artificiellement, et stats vuln peuvent être fausses (le zombie a des vulns figées 2023). | Exclure le zombie via IP dans les rules concernées : `and not asset.interface:(address:10.43.192.17)`. **Note** : `asset.hostID:X`, `asset.id:X` et `asset.lastUpdated:[date..now]` ne marchent PAS en Tag rule (uniquement en Asset Search interactive). À long terme, demander purge à Qualys ou retirer le Cloud Agent zombie. | 🟡 | Workaround par IP (à appliquer sur toutes les rules touchées) |
|
||||||
|
| 22 | 2026-04-25 | Overlaps `POS-INF` ↔ `POS-PEA`/`POS-TRA` | 8 serveurs en double-tag : vpexpatex1/vpexpbtex1/vpexparep1 (POS-INF + POS-TRA), vpsimaexp1/vpsimaexp2 (POS-INF + POS-PEA), vpsimaxsr1 (POS-DMZ + POS-INF + POS-PEA), vpsimaapi1/2 (POS-INF + POS-PEA, obsolètes) | Diagnostic Khalid (`Diagnostic_overlaps_requetes_Qualys.xlsx`) : POS-INF inclut `vpexp*` sans exclure les sous-préfixes Trafic (vpexpat/bt/ar = TransExc + eReport) ; POS-PEA inclut `vpsim*` au lieu de `vpsimas*` (seul vrai Péage) | Pattern récurrent : préfixes courts (4-5 char) capturent trop large, sans discrimination 7-char fine. **8 serveurs mal classés → KPI POS-* faussés, mauvaise priorisation patch/audit** | **POS-INF** : ajouter exclusions `vpsimaapi*`, `vpexpat*`, `vpexpbt*`, `vpexpar*` (déjà appliqué dans `dom_inf_rule_v2.txt` et `gen_xlsx.py`). **POS-PEA** : remplacer `vpsim*` → `vpsimas*` (déjà appliqué dans `gen_xlsx.py`). **POS-DMZ** : retirer le doublon `not asset.interface:(address:10.43.192.17)` (cosmétique). À appliquer dans la console Qualys + Re-evaluate. Résultat attendu : POS-INF 437→432, overlaps INF+PEA 5→0, INF+TRA 3→0. | 🟡 | gen_xlsx fait, console Qualys à appliquer |
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -58,11 +58,11 @@ dyn_tags = [
|
|||||||
"Flux Libre - Free Flow (BOT/BOO/BOC), AFL, Supervision, BOOST peage, restreint Serveurs",
|
"Flux Libre - Free Flow (BOT/BOO/BOC), AFL, Supervision, BOOST peage, restreint Serveurs",
|
||||||
'(asset.name:vpbot* or asset.name:vrbot* or asset.name:vibot* or asset.name:vvbot* or asset.name:vdbot* or asset.name:vpboo* or asset.name:vrboo* or asset.name:viboo* or asset.name:vvboo* or asset.name:vdboo* or asset.name:spboo* or asset.name:siboo* or asset.name:svboo* or asset.name:vpboc* or asset.name:vrboc* or asset.name:viboc* or asset.name:vvboc* or asset.name:vdboc* or asset.name:spboc* or asset.name:siboc* or asset.name:vpafl* or asset.name:vrafl* or asset.name:viafl* or asset.name:vvafl* or asset.name:vdafl* or asset.name:vpsupa* or asset.name:vrsupa* or asset.name:visupa* or asset.name:vvsupa* or asset.name:vpsupb* or asset.name:vrsupb* or asset.name:vppeaab* or asset.name:vrpeaab* or asset.name:vipeaab* or asset.name:vvpeaab* or asset.name:vrpeaak* or asset.name:vppeab* or asset.name:vrpeab* or asset.name:vipeab* or asset.name:vvpeab* or asset.name:vppeah* or asset.name:vrpeah* or asset.name:vipeah* or asset.name:vvpeah* or asset.name:vpnit*) and operatingSystem.category2:"Server"'),
|
'(asset.name:vpbot* or asset.name:vrbot* or asset.name:vibot* or asset.name:vvbot* or asset.name:vdbot* or asset.name:vpboo* or asset.name:vrboo* or asset.name:viboo* or asset.name:vvboo* or asset.name:vdboo* or asset.name:spboo* or asset.name:siboo* or asset.name:svboo* or asset.name:vpboc* or asset.name:vrboc* or asset.name:viboc* or asset.name:vvboc* or asset.name:vdboc* or asset.name:spboc* or asset.name:siboc* or asset.name:vpafl* or asset.name:vrafl* or asset.name:viafl* or asset.name:vvafl* or asset.name:vdafl* or asset.name:vpsupa* or asset.name:vrsupa* or asset.name:visupa* or asset.name:vvsupa* or asset.name:vpsupb* or asset.name:vrsupb* or asset.name:vppeaab* or asset.name:vrpeaab* or asset.name:vipeaab* or asset.name:vvpeaab* or asset.name:vrpeaak* or asset.name:vppeab* or asset.name:vrpeab* or asset.name:vipeab* or asset.name:vvpeab* or asset.name:vppeah* or asset.name:vrpeah* or asset.name:vipeah* or asset.name:vvpeah* or asset.name:vpnit*) and operatingSystem.category2:"Server"'),
|
||||||
("POS-INF", "#3F51B5", "DYN", "Asset Inventory",
|
("POS-INF", "#3F51B5", "DYN", "Asset Inventory",
|
||||||
"Infrastructure DSI - 91 prefixes (DNS/AD/Sauvegarde/SCCM/Logs/etc.) avec exclusions Gestion (aiiat/dsiat) + restreint Serveurs",
|
"Infrastructure DSI - 91 prefixes (DNS/AD/Sauvegarde/SCCM/Logs/etc.) avec 16 exclusions (Gestion + Trafic vpexpat/bt/ar + obsoletes vpsimaapi) + restreint Serveurs",
|
||||||
"Voir fichier C:\\Claude\\sanef\\QL\\inputs\\dom_inf_rule_v2.txt (91 prefixes + exclusions). Forme : (BIG_OR) and not (asset.name:vpaiiat* or asset.name:vraiiat* or asset.name:vrdsiat*) and operatingSystem.category2:\"Server\""),
|
"Voir fichier C:\\Claude\\sanef\\QL\\inputs\\dom_inf_rule_v2.txt (91 prefixes + 16 exclusions). Forme : (BIG_OR) and operatingSystem.category2:\"Server\" and not (vpaiiat*/vrdsiat*/vpgesb*/vpechat*/vrechat*/vdechat*/vpsimas*/vpsimaapi*/vpppear*/vpppeas*/vpbipa*/vraiia*/vraptb*/vpexpat*/vpexpbt*/vpexpar*)"),
|
||||||
("POS-PEA", "#673AB7", "DYN", "Asset Inventory",
|
("POS-PEA", "#673AB7", "DYN", "Asset Inventory",
|
||||||
"Peage - sites geographiques (ls-*), OSAP, SVP sanef, ADV, RPA, RPN, restreint Serveurs",
|
"Peage - sites geographiques (ls-*), OSAP, SVP, ADV, RPA, RPN, BoE, FFB, GRS, BIP, ALB, BO + restreint Serveurs (vpsimas* uniquement, pas vpsim*)",
|
||||||
'(asset.name:ls-* or asset.name:lrpea* or asset.name:vdosa* or asset.name:viosa* or asset.name:vposa* or asset.name:vrosa* or asset.name:vpadv* or asset.name:vradv* or asset.name:vpsvp* or asset.name:vrsvp* or asset.name:vprpa* or asset.name:vrrpa* or asset.name:vprpn* or asset.name:vrrpn* or asset.name:vprps* or asset.name:vrrps* or asset.name:vpppe* or asset.name:vppeaaa* or asset.name:vppeaae* or asset.name:vppeaar* or asset.name:vpsimas* or asset.name:vraiia* or asset.name:vrboe* or asset.name:vrffb* or asset.name:vrgrs* or asset.name:vrpeaar*) and operatingSystem.category2:"Server"'),
|
'(asset.name:ls-* or asset.name:lrpea* or asset.name:vdosa* or asset.name:viosa* or asset.name:vpadv* or asset.name:vpalb* or asset.name:vpbipa* or asset.name:vpboe* or asset.name:vposa* or asset.name:vppbo* or asset.name:vppeaaa* or asset.name:vppeaae* or asset.name:vppeaar* or asset.name:vpppear* or asset.name:vpppeas* or asset.name:vprpa* or asset.name:vprpn* or asset.name:vprps* or asset.name:vpsimas* or asset.name:vradv* or asset.name:vraiia* or asset.name:vrboe* or asset.name:vrffb* or asset.name:vrgrs* or asset.name:vrosa* or asset.name:vrpeaar* or asset.name:vrrpa* or asset.name:vrrpn* or asset.name:vrrps* or asset.name:vrsvp*) and operatingSystem.category2:"Server"'),
|
||||||
("POS-TRA", "#E91E63", "DYN", "Asset Inventory",
|
("POS-TRA", "#E91E63", "DYN", "Asset Inventory",
|
||||||
"Trafic - AME/Sextan/Octan, Aquarius, Isis, RAU/ASUR, GDEPA, SIG, GMO + legacy vmam*, restreint Serveurs",
|
"Trafic - AME/Sextan/Octan, Aquarius, Isis, RAU/ASUR, GDEPA, SIG, GMO + legacy vmam*, restreint Serveurs",
|
||||||
'(asset.name:vpame* or asset.name:vrame* or asset.name:viame* or asset.name:vvame* or asset.name:vdame* or asset.name:vmame* or asset.name:vmamp* or asset.name:vmamr* or asset.name:vmamd* or asset.name:vpdai* or asset.name:vrdai* or asset.name:vidai* or asset.name:vppat* or asset.name:vrpat* or asset.name:vipat* or asset.name:vprau* or asset.name:vrrau* or asset.name:vpdep* or asset.name:vrdep* or asset.name:vpsig* or asset.name:vrsig* or asset.name:visig* or asset.name:vpair* or asset.name:vrair* or asset.name:vpexpa* or asset.name:vpexpb* or asset.name:vpgmo* or asset.name:vrgmo*) and not (asset.name:vpexpaxfb* or asset.name:vpexpbdech*) and operatingSystem.category2:"Server"'),
|
'(asset.name:vpame* or asset.name:vrame* or asset.name:viame* or asset.name:vvame* or asset.name:vdame* or asset.name:vmame* or asset.name:vmamp* or asset.name:vmamr* or asset.name:vmamd* or asset.name:vpdai* or asset.name:vrdai* or asset.name:vidai* or asset.name:vppat* or asset.name:vrpat* or asset.name:vipat* or asset.name:vprau* or asset.name:vrrau* or asset.name:vpdep* or asset.name:vrdep* or asset.name:vpsig* or asset.name:vrsig* or asset.name:visig* or asset.name:vpair* or asset.name:vrair* or asset.name:vpexpa* or asset.name:vpexpb* or asset.name:vpgmo* or asset.name:vrgmo*) and not (asset.name:vpexpaxfb* or asset.name:vpexpbdech*) and operatingSystem.category2:"Server"'),
|
||||||
|
|||||||
BIN
inputs/Diagnostic_overlaps_requetes_Qualys.xlsx
Normal file
BIN
inputs/Diagnostic_overlaps_requetes_Qualys.xlsx
Normal file
Binary file not shown.
@ -1 +1 @@
|
|||||||
(asset.name:lpges* or asset.name:lrdsi* or asset.name:nvr-s* or asset.name:rmilw* or asset.name:rsmiw* or asset.name:spbur* or asset.name:spcyb* or asset.name:specm* or asset.name:spemv* or asset.name:sppea* or asset.name:sptra* or asset.name:srcyb* or asset.name:srdsi* or asset.name:srlog* or asset.name:vburw* or asset.name:vdlab* or asset.name:vmpki* or asset.name:vmsym* or asset.name:vodsi* or asset.name:vpabn* or asset.name:vpabv* or asset.name:vpaii* or asset.name:vpaml* or asset.name:vpams* or asset.name:vpbck* or asset.name:vpbmt* or asset.name:vpbov* or asset.name:vpbur* or asset.name:vpccy* or asset.name:vpcht* or asset.name:vpcot* or asset.name:vpctv* or asset.name:vpcyb* or asset.name:vpdao* or asset.name:vpdsi* or asset.name:vpech* or asset.name:vpecm* or asset.name:vpemv* or asset.name:vpexp* or asset.name:vpflm* or asset.name:vpgaw* or asset.name:vpgeo* or asset.name:vpges* or asset.name:vpgtc* or asset.name:vphdn* or asset.name:vphrq* or asset.name:vpiad* or asset.name:vpisi* or asset.name:vplpe* or asset.name:vpmal* or asset.name:vpmet* or asset.name:vpnap* or asset.name:vpngw* or asset.name:vpoda* or asset.name:vporm* or asset.name:vppci* or asset.name:vppcm* or asset.name:vppix* or asset.name:vppmr* or asset.name:vpppe* or asset.name:vppwd* or asset.name:vpres* or asset.name:vpsaa* or asset.name:vpsam* or asset.name:vpsdt* or asset.name:vpsec* or asset.name:vpsic* or asset.name:vpsim* or asset.name:vpsro* or asset.name:vpssi* or asset.name:vpstq* or asset.name:vpthl* or asset.name:vptra* or asset.name:vptsy* or asset.name:vpvid* or asset.name:vpvpn* or asset.name:vpvsa* or asset.name:vraii* or asset.name:vrcyb* or asset.name:vrdsi* or asset.name:vrech* or asset.name:vrecm* or asset.name:vrgaw* or asset.name:vriad* or asset.name:vrlog* or asset.name:vrnms* or asset.name:vrpwd* or asset.name:vrres* or asset.name:vrsam* or asset.name:vrvid* or asset.name:vrvpn* or asset.name:vtdsi*) and not (asset.name:vpaiiat* or asset.name:vrdsiat* or asset.name:vpgesb* or asset.name:vpechat* or asset.name:vrechat* or asset.name:vdechat* or asset.name:vpsimas* or asset.name:vpppear* or asset.name:vpppeas* or asset.name:vpbipa* or asset.name:vraiia* or asset.name:vraptb*)
|
(asset.name:lpges* or asset.name:lrdsi* or asset.name:nvr-s* or asset.name:rmilw* or asset.name:rsmiw* or asset.name:spbur* or asset.name:spcyb* or asset.name:specm* or asset.name:spemv* or asset.name:sppea* or asset.name:sptra* or asset.name:srcyb* or asset.name:srdsi* or asset.name:srlog* or asset.name:vburw* or asset.name:vdlab* or asset.name:vmpki* or asset.name:vmsym* or asset.name:vodsi* or asset.name:vpabn* or asset.name:vpabv* or asset.name:vpaii* or asset.name:vpaml* or asset.name:vpams* or asset.name:vpbck* or asset.name:vpbmt* or asset.name:vpbov* or asset.name:vpbur* or asset.name:vpccy* or asset.name:vpcht* or asset.name:vpcot* or asset.name:vpctv* or asset.name:vpcyb* or asset.name:vpdao* or asset.name:vpdsi* or asset.name:vpech* or asset.name:vpecm* or asset.name:vpemv* or asset.name:vpexp* or asset.name:vpflm* or asset.name:vpgaw* or asset.name:vpgeo* or asset.name:vpges* or asset.name:vpgtc* or asset.name:vphdn* or asset.name:vphrq* or asset.name:vpiad* or asset.name:vpisi* or asset.name:vplpe* or asset.name:vpmal* or asset.name:vpmet* or asset.name:vpnap* or asset.name:vpngw* or asset.name:vpoda* or asset.name:vporm* or asset.name:vppci* or asset.name:vppcm* or asset.name:vppix* or asset.name:vppmr* or asset.name:vpppe* or asset.name:vppwd* or asset.name:vpres* or asset.name:vpsaa* or asset.name:vpsam* or asset.name:vpsdt* or asset.name:vpsec* or asset.name:vpsic* or asset.name:vpsim* or asset.name:vpsro* or asset.name:vpssi* or asset.name:vpstq* or asset.name:vpthl* or asset.name:vptra* or asset.name:vptsy* or asset.name:vpvid* or asset.name:vpvpn* or asset.name:vpvsa* or asset.name:vraii* or asset.name:vrcyb* or asset.name:vrdsi* or asset.name:vrech* or asset.name:vrecm* or asset.name:vrgaw* or asset.name:vriad* or asset.name:vrlog* or asset.name:vrnms* or asset.name:vrpwd* or asset.name:vrres* or asset.name:vrsam* or asset.name:vrvid* or asset.name:vrvpn* or asset.name:vtdsi*) and operatingSystem.category2:"Server" and not (asset.name:vpaiiat* or asset.name:vrdsiat* or asset.name:vpgesb* or asset.name:vpechat* or asset.name:vrechat* or asset.name:vdechat* or asset.name:vpsimas* or asset.name:vpsimaapi* or asset.name:vpppear* or asset.name:vpppeas* or asset.name:vpbipa* or asset.name:vraiia* or asset.name:vraptb* or asset.name:vpexpat* or asset.name:vpexpbt* or asset.name:vpexpar*)
|
||||||
|
|||||||
1
inputs/pos-inf-v3-ready.txt
Normal file
1
inputs/pos-inf-v3-ready.txt
Normal file
@ -0,0 +1 @@
|
|||||||
|
(asset.name:lpges* or asset.name:lrdsi* or asset.name:nvr-s* or asset.name:rmilw* or asset.name:rsmiw* or asset.name:spbur* or asset.name:spcyb* or asset.name:specm* or asset.name:spemv* or asset.name:sppea* or asset.name:sptra* or asset.name:srcyb* or asset.name:srdsi* or asset.name:srlog* or asset.name:vburw* or asset.name:vdlab* or asset.name:vmpki* or asset.name:vmsym* or asset.name:vodsi* or asset.name:vpabn* or asset.name:vpabv* or asset.name:vpaii* or asset.name:vpaml* or asset.name:vpams* or asset.name:vpbck* or asset.name:vpbmt* or asset.name:vpbov* or asset.name:vpbur* or asset.name:vpccy* or asset.name:vpcht* or asset.name:vpcot* or asset.name:vpctv* or asset.name:vpcyb* or asset.name:vpdao* or asset.name:vpdsi* or asset.name:vpech* or asset.name:vpecm* or asset.name:vpemv* or asset.name:vpexp* or asset.name:vpflm* or asset.name:vpgaw* or asset.name:vpgeo* or asset.name:vpges* or asset.name:vpgtc* or asset.name:vphdn* or asset.name:vphrq* or asset.name:vpiad* or asset.name:vpisi* or asset.name:vplpe* or asset.name:vpmal* or asset.name:vpmet* or asset.name:vpnap* or asset.name:vpngw* or asset.name:vpoda* or asset.name:vporm* or asset.name:vppci* or asset.name:vppcm* or asset.name:vppix* or asset.name:vppmr* or asset.name:vpppe* or asset.name:vppwd* or asset.name:vpres* or asset.name:vpsaa* or asset.name:vpsam* or asset.name:vpsdt* or asset.name:vpsec* or asset.name:vpsic* or asset.name:vpsim* or asset.name:vpsro* or asset.name:vpssi* or asset.name:vpstq* or asset.name:vpthl* or asset.name:vptra* or asset.name:vptsy* or asset.name:vpvid* or asset.name:vpvpn* or asset.name:vpvsa* or asset.name:vraii* or asset.name:vrcyb* or asset.name:vrdsi* or asset.name:vrech* or asset.name:vrecm* or asset.name:vrgaw* or asset.name:vriad* or asset.name:vrlog* or asset.name:vrnms* or asset.name:vrpwd* or asset.name:vrres* or asset.name:vrsam* or asset.name:vrvid* or asset.name:vrvpn* or asset.name:vtdsi*) and operatingSystem.category2:"Server" and not (asset.name:vpaiiat* or asset.name:vrdsiat* or asset.name:vpgesb* or asset.name:vpechat* or asset.name:vrechat* or asset.name:vdechat* or asset.name:vpsimas* or asset.name:vpsimaapi* or asset.name:vpppear* or asset.name:vpppeas* or asset.name:vpbipa* or asset.name:vraiia* or asset.name:vraptb* or asset.name:vpexpat* or asset.name:vpexpbt* or asset.name:vpexpar*)
|
||||||
Loading…
Reference in New Issue
Block a user