AMA: Query that can pull all "High" or "Critical" findings


J1_Ambassador Hunter @2x

"Is there an API or JupiterOne query that will pull all 'Critical' findings, all 'High' findings etc?"

--Question from Jason on the J1 Community Slack


Answer from J1 Champion, Adam

Hi Jason.

If you want to actually use the words "critical" and "high", you can use something like this (where you should account for the different possible versions:

FIND Finding
severity = (
"critical" OR
"high" OR
"Critical" OR
"High" OR


However, many entities in the Finding class have a numericSeverity property that you can use instead, like:

FIND Finding WITH numericSeverity >= 2
But be aware that not all types in theFinding class support this. Depending on your use case, instead of searching by class (i.e. Finding) you can search by type (e.g. hackerone_report or aws_guardduty_finding). Since the properties of those entities are more uniform, you are more likely to be able customize your query better.
-- Adam
AMA is an ongoing series published each Thursday, highlighting questions the community has asked in our support and how-to channels on Slack. If you haven't already done so, please join us on Slack 

Articles in this series

  1. AMA: JupiterOne and PagerDuty WebHooks
  2. AMA: Export YAML Files for Vendors Pulled from SSO Providers
  3. AMA: Map Controls and Frameworks Relationships
  4. AMA: How to Track Professional Associations, Security Forums, and Threat Intel Sources
  5. AMA: Find AWS Instances by their Private IP Address
  6. AMA: SSO Integrated Authentication, Move to Another Role
  7. AMA: send-mail action to map two properties
  8. AMA: Setup the Policy Accept Button
  9. AMA: Match a blank field in J1QL
  10. AMA: Track and Alert Using Firewall Rules Matrix
  11. AMA: AWS Roles not used for 90 days, and date related queries
  12. AMA: Manage Alerts for Jira through J1 Terraform Provider
  13. AMA: Filter Results from Specific AWS Accounts
  14. AMA: Iterate and return total count of iam users per account
  15. AMA: Search for security groups by tag
  16. AMA: Identify S3 Buckets Open to Cross-Account Attacks
  17. AMA: Resources for J1 DevOps Use Cases
  18. AMA: Sub-Queries in J1QL
  19. AMA: What permissions are needed for AWS
  20. AMA: How to disable a policy

Resources for this AMA


Posted By JupiterOne Team

The JupiterOne Team is a diverse set of engineers and developers who are working on the next generation of cyber asset visibility and monitoring.

To hear more from the JupiterOne Team, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.


cyber-security 1

Ad Title Placeholder

Lorem ipsum dolor sit amet, consectetur adipiscing elit.