New search syntax with autocomplete

The last update of this year contains a bunch of bug fixes, server upgrades, better cloud tracking and renewed search and export options. Those last two are definitely worth discussing in more detail.

The search options have grown organically over time and ended up being messy. In the early days you could use grade:B to search for all TLS certificates with that grade (based on SSL Labs scores). Then came website security grades (based on Mozilla observatory scores) and grade: became ambiguous. The quick fix was splitting it in the rather ugly certgrade: and webgrade:. Since you could only search a few entities (certificates, hosts and websites) and fields, collisions were rare. It only happened with grade.

Now, as more entities and fields become searchable, collisions are more likely. To fix that, the search syntax is now redesigned based on Lucene search syntax. So, to search for all websites running on apache having a website security grade B you use:

website.grade:B AND website.software:apache

To search for all certificates with grade A that were issued by Comodo, you do:

certificate.grade:A AND certificate.issuer:Comodo

Much better right? And the search bar on every page now has autocomplete. It shows you which entities are searchable (currently: certificate, website, host, whois and dns) and which fields are available. It also autocompletes your known urls and ip addresses. You can use either the mouse or the up/down arrow keys and tab to complete your search text. Have a look a these search examples .

The other big change is in how we track things in the cloud. We see that more and more assets of our customers end up at big cloudproviders and CDNs. So far, we’d just list the name of the cloud instead of the ip. That was a bit incomplete to say the least, and now we track both the cloud and current ip. This allows for better scanning and better graphs, and opens up the way to new functionality.

Note that you might find some rediscovered cloud assets on your timeline. This is all part of the automatic migration and doesn’t cause any trouble. It can clutter your timeline though, so we’ll do our best to clean it up as much as possible. Still finding trouble? Please let us know and we’ll fix it for you.

Start fixing your assets by mailing reports

This update had a lot in it, but the most useful I think is the option to mail reports. You can now directly email all data you see to an email address of your choice. This works for websites, certificates, hosts and domains. You’ll find the option mail report at the top of the menu under the triple dots (right top).

Using your own product is a good way to find out what is working and what not. I found myself typing quite a few emails to the persons who needed to fix things. Insecure certificate? Write an email. Insecure port open? Write an email. Insecure headers on a website? Write an email. Of course including screenshots helped, but this forces the receiver to re-retype everything that should have been a convenient copy-paste. That’s fixed now. So, go ahead and start chasing your security problems by mailing reports.

The graph on the url page has also improved. Links between your assets are shown more clearly. Related assets that are not yours are shown in grey, and you can easily add them by clicking. There’s more little improvements, check out the graphs for your more complex assets and you’ll see.

Next stop is improving the weekly pdf report.

iPhone and Android app updates

After the new user interface for the desktop the apps had to follow off course. The changes are similar as the update to the desktop, but the biggest change is the menu icons at the bottom. I noticed that my thumb had to move to the upper part of the screen to access the menu and with current smartphone sizes this is quit annoying.

Have a look at the screenshots in the App Store and Play Store, and try the app if you haven’t done so already. I gives you instant push messages for your security problems (and you can permanently switch them of during the night)


Next stop is fixing the most annoying messages on the timeline. If you have messages of message storms that you find particularly unuseful please send them in!