Skip to content

Search Reference

See How Aurora Search Finds Proof, Answers Questions, and Powers Automation

Aurora search helps teams surface the right evidence fast, answer reviewer questions with confidence, and give builders a clean path into automation when a simple lookup is not enough.

Request a 15-Minute WalkthroughSee the API ReferenceBrowse Demo Hub

Updated 2026-02-15

Jump to what matters
Search overviewChoose a search pathKey endpointsDetailed referenceDemo hubAutomation playbookPricing

What buyers and builders can verify

What This Reference Helps You Evaluate

Use this page to confirm search coverage, access controls, query depth, and implementation fit before a deeper technical review.

Global search coverage
Every standard category, match fields, defaults, and access rules in one place.
AQL syntax and pipelines
Operators, filters, pipelines, and examples for advanced search and reporting.
Datasets and fields
Full list of AQL sources, searchable fields, defaults, and permissions.
Settings and limits
Org-level gates, query limits, queue behavior, and admin controls.

Start with the outcome you need

Choose the Search Path That Fits the Work

Use these paths to move from quick buyer questions to deeper automation or permission checks without digging through the entire reference.

Verify search coverage

See what Aurora indexes, how categories rank, and which permissions gate each result type before you depend on it.

Plan AQL-powered workflows

Review operators, filters, and queue behavior so your reporting and automation flows stay accurate and safe.

Choose the right endpoint

Pick between instant lookup, queued AQL jobs, status polling, and source discovery without guesswork.
Next step
Want to See Search Against Real Aurora Proof?
Walk through Aurora with us and see how search, evidence, and reviewer workflows connect in a live environment instead of a static spec.
Request a 15-Minute Walkthrough
Browse Demo Hub
15-minute walkthrough. No obligation. We'll map Aurora to your framework and show the exact outputs. (No compliance guarantees.)

API reference

Key Endpoints for Search, Retrieval, and Automation

These are the endpoint choices most teams need first when they are evaluating how Aurora search fits into support tooling, reporting, or automation.

GET/search.php
Global search lookup

Query category-based global search with per-type limits, recent mode, and optional category targeting.

Use when you need quick navigation results, search overlays, or a lightweight search API for support tooling.

POST/advanced-search.php?action=enqueue
Queue advanced search jobs

Submit heavier AQL queries asynchronously when the job is bigger than a standard lookup.

Best for reporting, automation, and admin workflows that need durable results without slowing the user experience.

GET/advanced-search.php?action=status
Check job status

Track queued AQL jobs until results are ready, then return cached output and execution details.

Best for progress states, retries, exports, and background workflows that need a predictable handoff.

GET / POST/advanced-search.php?action=sources|catalog|execute
Source discovery and direct execution

Inspect permitted sources, read catalog metadata, or run controlled direct queries for shorter operational tasks.

Best for query builders, admin tooling, and tightly scoped integrations that need source metadata on demand.

Full reference

Detailed Search, AQL, Dataset, and Troubleshooting Reference

Open the detailed sections below when you need exact source coverage, field behavior, permissions, limits, or troubleshooting detail.

Aurora search includes a global, category-based search and an advanced query language (AQL) for deep, dataset-specific queries.

Where search lives

See which Aurora surfaces use shared search and where teams encounter quick lookup versus deeper retrieval workflows.

  • Sidebar 'Find pages...' input filters the navigation only.
  • Global search overlay (Cmd/Ctrl+K) for quick navigation and lookup.
  • Global search page: /dashboard/search.
  • Help Center search: /dashboard/help.
  • Command knowledge base search: /dashboard/command/knowledge-base.
  • Most list pages include their own filter/search rows (scoped to that page).

Quick search overlay (Cmd/Ctrl+K)

  • Toggle with Cmd+K (macOS) or Ctrl+K (Windows/Linux).
  • Uses the same search backend for core categories (KB results appear on the full Search page), capped at 10 results per type.
  • Shows quick links when the query is empty.

Global search (basic)

Review category coverage, result ordering, query limits, and access behavior for the fast lookup experience buyers will test first.

Global search groups results by category and lets you toggle categories on/off. Searches are substring matches over the fields shown below (wildcards are escaped; % and _ are treated as literals).

Query rules and limits

  • Minimum query length: 2 characters (ignored when recent=true).
  • Maximum query length: 128 characters (longer queries return a validation error).
  • Default limit: 10 per type (max 20).
  • Results are capped per category (max 20 per category).
  • Queries shorter than the minimum return empty results plus min_query_length metadata.
  • The Search page starts at 60 per type and "Load more" adds 40 up to 240.
  • The API still clamps the per-type limit to 20.
  • recent=true returns the most recent items for a single type and requires type.
  • recent accepts true/false, 1/0, or yes/no (common truthy values: 1, true, yes).
  • If a type is explicitly requested and you lack module/permission access, the API returns 403 instead of a silent empty list.

Result ordering

  • Most categories sort by updated_at descending with created_at/id fallbacks (see per-category sort in the table below).
  • Knowledge base results sort by relevance for queries and by last_updated for recent mode.

Categories, filters, and defaults

CategoryMatches onDefault filterSort orderResult fieldsAccessNotes
Risks (risks)titlestatus NOT IN ('closed','accepted','deleted')updated_at desc (fallback created_at, id)id, title, scoremodule: risk_register
any of: view_risks, manage_risks, edit_risks		-
Remediations (remediations)titlestatus NOT IN ('completed','verified','closed','deleted')updated_at desc (fallback created_at, id)id, title, statusmodule: continuous_compliance
any of: view_remediation, manage_remediation		-
Evidence (evidence)titlestatus != 'archived'updated_at desc (fallback created_at, id)id, title, category, statusmodule: continuous_compliance
any of: view_evidence, upload_evidence, export_evidence, view_evidence_raw		-
Evidence requests (evidence_requests)titlestatus IN ('open','in_progress')due_date asc (fallback created_at, id)id, title, status, due_datemodule: continuous_compliance
any of: view_evidence, upload_evidence, export_evidence, view_evidence_raw		-
Vendors (vendors)namestatus != 'deleted'updated_at desc (fallback created_at, id)id, name, criticalitymodule: continuous_compliance
any of: view_vendors, view_compliance, manage_compliance		Returns risk_rating or criticality depending on schema.
Policies (policies)name(none)updated_at desc (fallback created_at, id)id, name, statusmodule: continuous_compliance
any of: view_policies, acknowledge_policies, approve_policies		-
Incidents (incidents)titlestatus != 'closed'updated_at desc (fallback created_at, id)id, title, status, incident_numbermodule: incident_response
any of: view_incidents, manage_incidents		-
Assessments (assessments)type, id, name, titlestatus NOT IN ('deleted','completed','archived')updated_at desc (fallback created_at, id)id, type, status, created_at, name, titlemodule: continuous_compliance
any of: view_assessments, manage_assessments, edit_assessments, edit_assigned_assessments		-
Support requests (tickets)subjectstatus NOT IN ('closed','deleted')updated_at desc (fallback created_at, id)id, subject, status, prioritymodule: tickets
any of: view_tickets, manage_tickets		If you do not have manage_tickets, results are limited to requests you created or are assigned to.
Command knowledge base (knowledge_base)id, title, tags, body(none)relevance (id > title > tags > body); recent mode sorts by last_updated descid, title, slug, excerpt, tags, last_updatedmodule: command
any of: command.read.kb		Results are scored by matches in id (highest), title, tags, then body text.
Compliance controls (compliance_controls)framework_code, control_code, titleis_active = 1framework_code asc, sort_order asc, control_code asc (AURORA appended)framework_code, code, title, categorymodule: continuous_compliance
any of: view_compliance, manage_compliance, view_frameworks, view_tests, view_standards		Also surfaces canonical AURORA controls (id prefixed with AURORA:).
Aurora controls (aurora_controls)control_key, title, description, domain, family, tags(none)control_key asccontrol_key, title, domain, family, severity_default, tagsmodule: continuous_compliance
any of: view_compliance, manage_compliance, view_frameworks, view_tests, view_standards		Searches the Aurora control library (AURORA.*).

Command knowledge base coverage

Command knowledge base results appear in global search when the Command module is licensed and you have the permission command.read.kb.
Knowledge base search scores matches as follows (highest to lowest): id, title, tags, then body text.

Help Center and Command KB search

  • Help Center search filters both built-in help articles and Command KB articles.
  • Help Center matches on title, description, and tags; topic filters are exposed via the tag query param.
  • Command KB search matches on title, id, slug, tags, and excerpt.
  • Command KB supports category chips (based on the slug prefix) plus sorting by Updated or Title.

Access requirements

Global search requires the view_search or view_dashboard permission. Each category also enforces module licensing plus the permissions listed above.

Advanced search (AQL)

Validate the query syntax, operators, pipelines, and admin controls behind deeper reporting and automation use cases.

Advanced search runs AQL against a single dataset at a time and is available in the Search page (Advanced toggle) and the Report Builder.

Access and availability

  • Permission required: advanced_search.
  • Admins can enable/disable and set limits in Settings -> Aurora -> Integrations -> Advanced Search.
  • If allowed_sources is set, only sources explicitly marked true are available.
  • AQL queries are queued by default; the UI shows queued/processing/completed status.

Filter syntax

Use explicit boolean operators (AND, OR, NOT) and parentheses for grouping.

OperatorBehavior
:Substring match (SQL LIKE). Use comparison operators for numeric/date fields.
=Exact match.
!=Not equal.
>Greater than (numbers/dates).
>=Greater than or equal (numbers/dates).
<Less than (numbers/dates).
<=Less than or equal (numbers/dates).

Additional filter notes:

  • Fieldless terms search across the dataset's searchable fields.
  • Use quotes for values with spaces (e.g., owner:"Jane Doe").
  • field:null matches null values. field:* matches any non-null value.
  • Boolean fields accept true/false or 1/0.

Pipeline commands

Pipeline commands are appended with | and run in order after the base filters.

CommandPurpose
search <expr>Apply an additional filter expression after the base query.
where <expr>Filter rows after eval is applied (same syntax as base filters).
fields a,b,cSelect output fields (alias: table).
sort fieldSort ascending by field. Use -field or 'desc' for descending.
limit NLimit rows (alias: head).
stats countAggregate results (count, sum(field), avg(field), min(field), max(field)).
stats count by fieldBreakdown by a single group-by field (only one field supported).
eval field=if(cond,then,else)Compute a field using if() (only if() is supported).

Pipeline notes:

  • search and where apply after eval (post-filtering the returned rows).
  • stats switches the output to KPI/breakdown mode and ignores fields, eval, and where.

Result modes

  • table: default mode. Returns rows and columns metadata.
  • kpi: stats count or aggregate without by. Returns metrics.value.
  • breakdown: stats ... by <field>. Returns rows of { label, value } plus meta.group_by.
  • All modes include meta with source, mode, query, limit, and execution_ms.

Examples

status:open AND severity:high | sort -updated_at | limit 25
owner:"Jane Doe" AND score>=7 | fields id,title,status,score,updated_at
framework_code:ISO27001 | stats count by category
title:"Access Review" | eval priority=if(score>=8,"High","Medium") | where priority:High

Settings and limits (defaults)

SettingDefaultRangeNotes
enabledtruetrue/falseMaster toggle for AQL (admin setting).
allow_pipestruetrue/falseEnables pipeline commands (| sort, | stats, etc).
allow_evaltruetrue/falseAllows eval with if().
require_filtertruetrue/falseBase query must include at least one filter.
max_query_length51264-4096Maximum query length (characters).
max_pipes61-25Maximum pipeline commands per query.
max_rows20025-2000Maximum rows returned per query.
max_group_by505-500Maximum rows returned for stats breakdowns.
max_fields123-50Maximum fields returned in table mode.
max_execution_ms1500200-10000Execution time budget (ms).
max_queue_depth41-50Maximum queued AQL jobs per org.
allowed_sourcesallsource keysOptional allow-list. If set, only sources marked true are available.

Advanced search datasets and fields

Inspect the available sources, searchable fields, and default metadata before building queries or integrations.

Each AQL source exposes the fields listed below. Fieldless terms use the dataset's searchable fields.

Risks (risks)

Module: risk_register
Any of: view_risks, manage_risks, edit_risks
Mode: sql
Table: risks
Org column: organization_id

Default filter: status NOT IN ('closed','accepted','deleted')
Default sort: updated_at desc
Searchable fields: title, description, category, owner
Default fields: id, title, status, score, owner, due_date, updated_at

FieldLabelTypeSearchable
idIDstring-
titleTitlestringyes
statusStatusstring-
categoryCategorystringyes
ownerOwnerstringyes
likelihoodLikelihoodstring-
impactImpactstring-
scoreScorenumber-
due_dateDue datedate-
created_atCreated atdate-
updated_atUpdated atdate-

Vendors (vendors)

Module: continuous_compliance
Any of: view_vendors, view_compliance, manage_compliance
Mode: sql
Table: vendors
Org column: organization_id

Default filter: status != 'deleted'
Default sort: updated_at desc
Searchable fields: name, category, subcategory, description, risk_rating
Default fields: id, name, status, risk_rating, category, next_review_date, updated_at

FieldLabelTypeSearchable
idIDstring-
nameNamestringyes
statusStatusstring-
categoryCategorystringyes
subcategorySubcategorystringyes
risk_ratingRisk ratingstringyes
is_critical_systemCriticalboolean-
contract_valueContract valuenumber-
next_review_dateNext reviewdate-
updated_atUpdated atdate-

Evidence (evidence)

Module: continuous_compliance
Any of: view_evidence, upload_evidence, export_evidence, view_evidence_raw
Mode: sql
Table: evidence_items
Org column: organization_id

Default filter: status != 'archived'
Default sort: updated_at desc
Searchable fields: title, category, description, filename
Default fields: id, title, category, status, valid_until, updated_at

FieldLabelTypeSearchable
idIDstring-
titleTitlestringyes
categoryCategorystringyes
statusStatusstring-
filenameFilenamestringyes
valid_fromValid fromdate-
valid_untilValid untildate-
updated_atUpdated atdate-

Evidence requests (evidence_requests)

Module: continuous_compliance
Any of: view_evidence, upload_evidence, export_evidence, view_evidence_raw
Mode: sql
Table: evidence_requests
Org column: organization_id

Default filter: status IN ('open','in_progress')
Default sort: due_date asc
Searchable fields: title, category, framework_code, control_code
Default fields: id, title, status, due_date, updated_at

FieldLabelTypeSearchable
idIDstring-
titleTitlestringyes
statusStatusstring-
categoryCategorystringyes
framework_codeFrameworkstringyes
control_codeControlstringyes
due_dateDue datedate-
updated_atUpdated atdate-

Policies (policies)

Module: continuous_compliance
Any of: view_policies, acknowledge_policies, approve_policies
Mode: sql
Table: organization_policies
Org column: organization_id

Default filter: -
Default sort: updated_at desc
Searchable fields: name, status
Default fields: id, name, status, review_date, updated_at

FieldLabelTypeSearchable
idIDstring-
nameNamestringyes
statusStatusstringyes
versionVersionnumber-
effective_dateEffective datedate-
review_dateReview datedate-
updated_atUpdated atdate-

Remediation items (remediations)

Module: continuous_compliance
Any of: view_remediation, manage_remediation
Mode: sql
Table: remediation_items
Org column: organization_id

Default filter: status NOT IN ('completed','verified','closed','deleted')
Default sort: updated_at desc
Searchable fields: title, description, severity, priority, status
Default fields: id, title, status, priority, assigned_to, due_date, updated_at

FieldLabelTypeSearchable
idIDstring-
titleTitlestringyes
statusStatusstringyes
severitySeveritystringyes
priorityPrioritystringyes
assigned_toAssigned tonumber-
due_dateDue datedate-
updated_atUpdated atdate-

Incidents (incidents)

Module: incident_response
Any of: view_incidents, manage_incidents
Mode: sql
Table: incidents
Org column: organization_id

Default filter: status != 'closed'
Default sort: updated_at desc
Searchable fields: title, incident_number, severity, status, event_type
Default fields: id, incident_number, title, status, severity, reported_at, updated_at

FieldLabelTypeSearchable
idIDstring-
incident_numberIncident #stringyes
titleTitlestringyes
statusStatusstringyes
severitySeveritystringyes
event_typeEvent typestringyes
reported_atReported atdate-
updated_atUpdated atdate-

Assessments (assessments)

Module: continuous_compliance
Any of: view_assessments, manage_assessments, edit_assessments, edit_assigned_assessments
Mode: sql
Table: assessments
Org column: organization_id

Default filter: status NOT IN ('deleted','completed','archived')
Default sort: updated_at desc
Searchable fields: type, assessment_type, status
Default fields: id, type, status, assessment_type, created_at, updated_at

FieldLabelTypeSearchable
idIDstring-
typeTypestringyes
assessment_typeAssessment typestringyes
statusStatusstringyes
scoreScorenumber-
created_atCreated atdate-
updated_atUpdated atdate-

Support tickets (tickets)

Module: tickets
Any of: view_tickets, manage_tickets
Mode: sql
Table: tickets
Org column: organization_id

Default filter: status NOT IN ('closed','deleted')
Default sort: updated_at desc
Searchable fields: subject, status, priority, category
Default fields: id, ticket_number, subject, status, priority, updated_at

FieldLabelTypeSearchable
idIDstring-
ticket_numberTicket #string-
subjectSubjectstringyes
statusStatusstringyes
priorityPrioritystringyes
categoryCategorystringyes
assigned_toAssigned tonumber-
created_atCreated atdate-
updated_atUpdated atdate-

Compliance controls (compliance_controls)

Module: continuous_compliance
Any of: view_compliance, manage_compliance, view_frameworks, view_tests, view_standards
Mode: sql
Table: compliance_controls

Default filter: -
Default sort: framework_code asc
Searchable fields: framework_code, control_code, title, category
Default fields: framework_code, control_code, title, category

FieldLabelTypeSearchable
framework_codeFrameworkstringyes
control_codeControl codestringyes
titleTitlestringyes
categoryCategorystringyes

Aurora controls (aurora_controls)

Module: continuous_compliance
Any of: view_compliance, manage_compliance, view_frameworks, view_tests, view_standards
Mode: memory

Default filter: -
Default sort: -
Searchable fields: control_key, title, description, domain, family, tags
Default fields: control_key, title, domain, family, severity_default

FieldLabelTypeSearchable
control_keyControl keystringyes
titleTitlestringyes
descriptionDescriptionstringyes
domainDomainstringyes
familyFamilystringyes
severity_defaultSeveritystring-
tagsTagsstringyes

Compliance frameworks (frameworks)

Module: continuous_compliance
Any of: view_frameworks, view_tests, view_standards, view_compliance, manage_compliance
Mode: memory

Default filter: -
Default sort: -
Searchable fields: framework_key, code, name, publisher, type, status, tags, industries, jurisdictions
Default fields: framework_key, code, name, version, publisher, status, requirements_count

FieldLabelTypeSearchable
idIDstring-
framework_keyFramework keystringyes
codeCodestringyes
nameNamestringyes
versionVersionstring-
publisherPublisherstringyes
typeTypestringyes
statusStatusstringyes
requirements_countRequirementsnumber-
tagsTagsstringyes
industriesIndustriesstringyes
jurisdictionsJurisdictionsstringyes
source_urlSource URLstring-
mapping_template_last_modifiedTemplate updateddate-

Compliance tests (tests)

Module: continuous_compliance
Any of: view_tests, view_frameworks, view_standards, view_compliance, manage_compliance
Mode: memory

Default filter: -
Default sort: -
Searchable fields: id, title, description, severity, category, category_label, resource_type, assertion_types, event_triggers
Default fields: id, title, severity, category_label, resource_type, schedule_interval

FieldLabelTypeSearchable
idTest IDstringyes
titleTitlestringyes
descriptionDescriptionstringyes
severitySeveritystringyes
categoryCategorystringyes
category_labelCategory labelstringyes
resource_typeResource typestringyes
modeModestring-
schedule_intervalSchedule intervalstring-
assertion_typesAssertion typesstringyes
event_triggersEvent triggersstringyes
evidence_artifact_typesEvidence artifactsstring-

Training modules (training_modules)

Module: practice
Any of: view_training, manage_training, assign_training
Mode: sql
Table: training_modules

Default filter: is_active = 1
Default sort: updated_at desc
Searchable fields: title, category, description
Default fields: id, title, category, duration_minutes, updated_at

FieldLabelTypeSearchable
idIDstring-
titleTitlestringyes
categoryCategorystringyes
duration_minutesDuration (min)number-
is_requiredRequiredboolean-
updated_atUpdated atdate-

User training (user_training)

Module: practice
Any of: view_training, manage_training, assign_training
Mode: sql
Table: user_training
Org column: organization_id

Default filter: -
Default sort: updated_at desc
Searchable fields: status
Default fields: id, user_id, module_id, status, completed_at, updated_at

FieldLabelTypeSearchable
idIDstring-
user_idUser IDnumber-
module_idModule IDstring-
statusStatusstringyes
completed_atCompleted atdate-
updated_atUpdated atdate-

Command devices (command_devices)

Module: command
Any of: command.read.devices, command.read.overview, command.read.coverage, command.read.telemetry
Mode: sql
Table: command_devices
Org column: organization_id

Default filter: -
Default sort: updated_at desc
Searchable fields: name, vendor, product, telemetry_status, data_quality_verdict
Default fields: id, name, telemetry_status, data_quality_verdict, updated_at

FieldLabelTypeSearchable
idIDstring-
nameNamestringyes
vendorVendorstringyes
productProductstringyes
telemetry_statusTelemetrystringyes
data_quality_verdictData qualitystringyes
discovery_statusDiscoverystring-
updated_atUpdated atdate-

Command collectors (command_collectors)

Module: command
Any of: command.read.collectors, command.read.overview, command.read.integrations
Mode: sql
Table: command_collectors
Org column: organization_id

Default filter: -
Default sort: updated_at desc
Searchable fields: name, status, collector_type
Default fields: id, name, collector_type, status, updated_at

FieldLabelTypeSearchable
idIDstring-
nameNamestringyes
collector_typeTypestringyes
statusStatusstringyes
updated_atUpdated atdate-

Command integrations (command_integrations)

Module: command
Any of: command.read.integrations, command.read.overview
Mode: sql
Table: command_integrations
Org column: organization_id

Default filter: -
Default sort: updated_at desc
Searchable fields: display_name, integration_type, status
Default fields: id, display_name, integration_type, status, updated_at

FieldLabelTypeSearchable
idIDstring-
display_nameNamestringyes
integration_typeTypestringyes
statusStatusstringyes
updated_atUpdated atdate-

Command knowledge base (knowledge_base)

Module: command
Any of: command.read.kb
Mode: memory

Default filter: -
Default sort: -
Searchable fields: id, title, slug, excerpt, tags, applicable_vendors, related_pages
Default fields: title, excerpt, tags, last_updated, slug

FieldLabelTypeSearchable
idIDstringyes
titleTitlestringyes
slugSlugstringyes
excerptExcerptstringyes
tagsTagsstringyes
last_updatedLast updateddate-
applicable_vendorsApplicable vendorsstringyes
related_pagesRelated pagesstringyes

Message threads (message_threads)

Module: messages
Any of: view_messages, manage_messages
Mode: sql
Table: message_threads
Org column: organization_id

Default filter: -
Default sort: last_message_at desc
Searchable fields: subject, thread_type
Default fields: id, subject, thread_type, last_message_at, created_at

FieldLabelTypeSearchable
idIDstring-
subjectSubjectstringyes
thread_typeThread typestringyes
created_byCreated bynumber-
last_message_atLast messagedate-
created_atCreated atdate-
updated_atUpdated atdate-

Aurora sessions (chat_sessions)

Module: talk_to_aurora
Any of: aurora.use
Mode: sql
Table: chat_sessions
Org column: organization_id

Default filter: created_by_viewer_id IS NULL
Default sort: updated_at desc
Searchable fields: title, scope_type
Default fields: id, title, scope_type, status, updated_at

FieldLabelTypeSearchable
idIDstring-
titleTitlestringyes
scope_typeScopestringyes
scope_idScope IDstring-
statusStatusstring-
created_by_user_idCreated bynumber-
created_atCreated atdate-
updated_atUpdated atdate-

Practice scenarios (practice_scenarios)

Module: practice
Any of: view_practice, manage_practice, facilitate_practice
Mode: sql
Table: practice_scenarios
Org column: organization_id

Default filter: -
Default sort: updated_at desc
Searchable fields: title, description, difficulty
Default fields: id, title, difficulty, status, updated_at

FieldLabelTypeSearchable
idIDstring-
titleTitlestringyes
descriptionDescriptionstringyes
difficultyDifficultystringyes
statusStatusstring-
created_atCreated atdate-
updated_atUpdated atdate-

Practice sessions (practice_sessions)

Module: practice
Any of: view_practice, manage_practice, facilitate_practice
Mode: sql
Table: practice_sessions
Org column: organization_id

Default filter: -
Default sort: scheduled_start_at desc
Searchable fields: status, scenario_id
Default fields: id, scenario_id, status, scheduled_start_at, scheduled_end_at

FieldLabelTypeSearchable
idIDstring-
scenario_idScenario IDstringyes
statusStatusstringyes
facilitator_user_idFacilitatornumber-
scheduled_start_atScheduled startdate-
scheduled_end_atScheduled enddate-
started_atStarted atdate-
ended_atEnded atdate-
created_atCreated atdate-
updated_atUpdated atdate-

Phishing campaigns (phish_campaigns)

Module: phishing
Any of: view_phishing, manage_phishing, launch_phishing
Mode: sql
Table: phish_campaigns
Org column: organization_id

Default filter: -
Default sort: created_at desc
Searchable fields: name, description, status
Default fields: id, name, status, start_at, end_at

FieldLabelTypeSearchable
idIDstring-
nameNamestringyes
descriptionDescriptionstringyes
statusStatusstringyes
start_atStartdate-
end_atEnddate-
created_atCreated atdate-
updated_atUpdated atdate-

Leaderboard stats (gamification_user_stats)

Module: leaderboard
Any of: view_gamification, manage_gamification
Mode: sql
Table: gamification_user_stats
Org column: organization_id

Default filter: -
Default sort: total_points desc
Searchable fields: -
Default fields: user_id, total_points, current_level, current_streak_days, longest_streak_days

FieldLabelTypeSearchable
user_idUser IDnumber-
total_pointsTotal pointsnumber-
current_levelLevelnumber-
current_streak_daysCurrent streaknumber-
longest_streak_daysLongest streaknumber-
last_activity_dateLast activitydate-
updated_atUpdated atdate-

Trust Center access requests (tc_access_requests)

Module: trust_center
Any of: trust_center:admin, trust_center:approve, trust_center:messages, trust_center:analytics_read, trust_center:legal_admin
Mode: sql
Table: tc_access_requests
Org column: organization_id

Default filter: -
Default sort: requested_at desc
Searchable fields: requester_email, requester_name, company, status
Default fields: id, requester_email, company, status, requested_at

FieldLabelTypeSearchable
idIDstring-
trust_center_idTrust Center IDstring-
requester_emailRequester emailstringyes
requester_nameRequester namestringyes
companyCompanystringyes
statusStatusstringyes
approval_sourceApproval sourcestring-
requested_atRequested atdate-
decided_atDecided atdate-
expires_atExpires atdate-
updated_atUpdated atdate-

Trust Center message threads (tc_message_threads)

Module: trust_center
Any of: trust_center:admin, trust_center:approve, trust_center:messages, trust_center:analytics_read, trust_center:legal_admin
Mode: sql
Table: tc_message_threads
Org column: organization_id

Default filter: -
Default sort: last_message_at desc
Searchable fields: subject, category, status, priority
Default fields: id, trust_center_id, subject, status, priority, last_message_at

FieldLabelTypeSearchable
idIDstring-
trust_center_idTrust Center IDstring-
viewer_idViewer IDstring-
subjectSubjectstringyes
categoryCategorystringyes
statusStatusstringyes
priorityPrioritystringyes
assigned_to_user_idAssigned tonumber-
last_message_atLast messagedate-
updated_atUpdated atdate-

API reference

Review the exact endpoints behind search lookup, queued AQL, job status polling, and source discovery.

These endpoints power the search UI:

GET /search.php?q=<query>&limit=<1-20>&type=<optional>&recent=<optional>
POST /advanced-search.php?action=enqueue { source, query, limit?, delay_seconds? }
GET /advanced-search.php?action=status&job_id=<id>
GET /advanced-search.php?action=sources
GET /advanced-search.php?action=catalog (admin only)
POST /advanced-search.php?action=execute { source, query, limit? }

Notes:

  • recent=true returns the most recent items for a single type and requires type.
  • Advanced search is rate-limited (30 requests per minute per user/org, when rate limiting is enabled).
  • Queued AQL jobs respect max queue depth and may return QUEUE_BUSY when saturated.
  • sources returns only licensed and permitted sources (and respects allowed_sources).
  • catalog includes policy/licensing metadata and requires manage_settings.
  • status returns cached results when available; completed jobs without cache return an expiry error.

Troubleshooting

Use the common failure modes to understand how search behaves under licensing, permissions, and query-validation constraints.

  • If you see 'Setup required' in Search, complete the Setup Guide and retry.
  • If a category is missing, check module licensing and permissions.
  • For compliance controls, search by control code (e.g., AURORA.AC.MFA) or framework code.
  • If AQL returns 'Query requires at least one filter', add a base filter or disable the requirement in settings.
Next step
Need a Technical Review with the Product in Front of You?
We can walk your team through the real search flows, show where the data comes from, and answer integration questions live.
Talk Through Your Technical Review
Browse Demo Hub
15-minute walkthrough. No obligation. We'll map Aurora to your framework and show the exact outputs. (No compliance guarantees.)