Skip to content

docs: add common MongoDB query reference (closes #76)#95

Open
Mrsandeep27 wants to merge 1 commit intoPhonePe:mainfrom
Mrsandeep27:docs/common-db-queries
Open

docs: add common MongoDB query reference (closes #76)#95
Mrsandeep27 wants to merge 1 commit intoPhonePe:mainfrom
Mrsandeep27:docs/common-db-queries

Conversation

@Mrsandeep27
Copy link
Copy Markdown

Summary

Closes #76. Adds docs/common-db-queries.md — a quick-reference playbook of the MongoDB queries Mantis users most frequently need, grouped by collection.

Directly covers the three examples called out in the issue:

  • Extract all TLDs under an orgList every TLD under an organisation
  • List all subdomains for a given TLDAll subdomains for a given TLD
  • High and Critical security issues for an orgHigh and Critical severity issues for an organisation

…and adds ~20 more queries that tend to come up in practice.

What's in the doc

Assets

  • List every TLD under an org
  • TLD count grouped by org
  • All subdomains for a given TLD (with regex-escape note)
  • Subdomain count per TLD (aggregation)
  • Assets behind a CDN (Cloudflare etc.)
  • Assets protected by a WAF
  • Assets exposing specific ports (SSH, MySQL, Redis example)
  • Assets by ASN / hosting provider (AWS example)
  • Stale (decommissioned) assets
  • Recently discovered assets (last 7 days)
  • Technology usage breakdown for an org

Findings

  • High/Critical severity issues (excludes false-positives + closed)
  • Open findings grouped by severity
  • Findings by type (vulnerability / secret / phishing / misconfiguration)
  • All findings for a specific host
  • Findings by CVE
  • Top 10 affected hosts by finding count
  • Top tools by findings reported
  • New findings in the last 24 hours
  • Phishing domains discovered
  • Findings filtered by application (sub-scope)

Extended assets

  • Verified URLs
  • Extended assets discovered in the last week

Cross-collection

  • Hosts with at least one Critical finding + their tech stack

Extras

  • Using the queries from Python / Motor (re-uses mantis/db/database.py so creds stay out of scripts)
  • Indexing hints for the filter combinations the queries use most (org + asset_type, org + severity + status, cve_id, host, etc.)
  • "Contributing" footer inviting the community to add more

Verification

  • Schemas sourced directly from mantis/db/db_models.pyAssets, Findings, Extended — so every field used in a query actually exists on the model.
  • asset_type values ("TLD", "subdomain", "ip", "certificate", "third_party_integration") taken from mantis/constants.py so they match what the pipeline writes.
  • Severity / type literals match the Findings model (Literal['vulnerability', 'misconfiguration', 'secret', 'phishing', 'informational']).
  • Query examples checked by eye against each schema field; no fields are invented.
  • Linked from the README's "Join / documentation" block so it's discoverable.

Test plan

  • mongosh mantis --eval "load('docs/example-queries.js')" isn't required since the doc is standalone reference — but each query is copy-paste runnable in mongosh, Compass, Studio 3T, or Motor.
  • Maintainer spot-check the 3 flagship queries from the issue against a real scan dataset to confirm the expected shape of results.

No code changed. Docs-only.

🤖 Generated with Claude Code

Adds `docs/common-db-queries.md` — a playbook of frequently-needed MongoDB
queries against Mantis' three main collections (`assets_collection`,
`extended_assets_collection`, `findings_collection`). Covers the use-cases
called out in the issue (TLDs under an org, subdomains for a TLD, High/
Critical findings for an org) plus related queries users reach for in
practice: asset counts, CDN / WAF / ASN / tech breakdown, finding type
grouping, new-in-last-24h, cross-collection joins, a Python/Motor snippet,
and indexing hints.

Linked from the README "Join" section so it's discoverable.

Closes PhonePe#76

Co-Authored-By: Claude <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Document DB queries for common/frequent use-cases

1 participant