Search - 1.0 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Assess User Guide

Creation date
Last date published
User Guide

Services includes a variety of search options including:

  • Content Search—The default search mode and allows you to search across the widest set of data. Fields covered by content search include:

    • Service ID

    • Service type

    • Service classifications

    • Port number

    • Recent IPs

    • Recent domains

    • Provider

    • Certificate serial number

    • Certificate subject name

    • Certificate common name

    • TLS versions, such as TLS 1.0

    • TLS cipher suites

    • Tags

  • Domain Search—Domain searches are meant to be targeted searches. Specify the complete domain, such as, if possible. The domain search does not use boolean, such as AND, OR, or NOT, or wildcard, such as "?” or “*”, operators.

  • IP / CIDR Search—Cortex Xpanse expects a valid IP/CIDR address ( or You may also search on an IP Address range, such as –, or you may use a wildcard, such as 1.1.1.*.

  • Port Number Search—For a port search, you can specify one port, such as 80, or a set of ports, such as 80, 443, 8080. Cortex Expanse does not search on a range of port numbers, such as 80 – 100, or support wildcards, such as 80*.