NopSec Platform 101
      Back to home
      1. Knowledge Base
      2. NopSec Platform 101

      How are Query Results Summaries calculated?

      Query result summaries are the total number of records returned for the specific query filtered to only what the specific user can see (RBAC).

      Last Updated: 10/25/2023

      Overview

      When users submit a query the system takes the full query string seen in the Query Builder and then appends the specific list of Data Access Queries the user is associated with (Team membership) like so:

      • <user query> AND (<data access query 1> OR <data access query 2>)
      • Ex. 
        • instance.status in ["Open"] and instance.severity in ["Critical"] and (tags.name == "Application : NopSec" or tags.name == "Application : Security")

      Query Results

      Data may be different between users

      Since each query is unique to a specific user's RBAC the results could be different between users running the same query. This means leaders within the organization looking to gather specific metrics should consider who they task to gather information as different users may see different totals based on their RBAC.

      Query Summary vs Report Table results

      The report table will be constrained to only display up to 10,000 rows. Users can select how many rows are displayed per page between 10, 20, 50, or 100 rows which translates to 1,000, 500, 200, or 100 pages respectively. 

      Through user feedback and feature tracking we believe showing hundreds and potentially thousands of pages is not helpful to users as most users will never paginate through thousands of pages. Instead, we believe the core use case for the report table is to visualize the items that have been filtered down from the overall dataset. 

      We strongly encourage users to leverage our filtering and sorting capabilities to hone in on the data that is most important to view within the UI. The most common use cases and best practices are as follows:

      • instance.status = Users should filter down their vuln instances based on their current status, this could filter out thousands of items.
      • instance.in_plan = This filters out all vuln instances that are in approved Exception Plans, and in Remediation Plans. This helps filter out items already being worked on by someone else.
      • instance.severity = Filtering down to the specific severities prioritized by NopSec as either Critical or High will also filter down the results drastically.
      • Sorting by Instance Score
        • desc = Sorting the results by NopSec's risk scores is extremely helpful. 
        • asc = A common use case is to see the last items in the result set so typically users may click on the last page to do that, however, because of the 10k row limitation users should instead sort by Ascending to see all results at the end of the list. Sorting triggers a new query to be sent to the database so the results are accurate and not just a resorting of the available data in the table.

      Viewing ALL of your data

      Users can download their results as a CSV file and then analyze that data within Excel, Google Sheets, Apple Numbers, or some other tools. Note those tools may also have limitations on how much data they can visualize. 

      1. Click the "select all" checkbox (the first checkbox at the top left of the table)
      2. Click Download CSV
      3. Click Max #### rows depending on how many rows you'd like download or select All rows
      4. Click Download