Search Tokens for Rules

Syntax help displayed in UI for tokens. Click each token to learn more about it.

Alerting use-cases support limited search tokens, since alerts flag incidents other than the normal or beyond the defined threshold. Only tokens that help in asset scoping OR directly related to the alert evaluation are supported for alerting rule creation. 

asset.created

asset.lastLoggedOnUser

asset.lastUpdated

asset.lastLocation.country

sensors.lastVmScan

asset.name

asset.netbiosName

asset.trackingMethod

asset.lastLocation

asset.criticalityScore

asset.riskScore

asset.assetID

asset.operationalStatus

asset.environment

asset.ownedBy

asset.managedBy

asset.supportedBy

asset.supportGroup

asset.org.company

asset.assignedLocation.city

asset.assignedLocation.country

asset.lastLocation.state

asset.hasMissingSoftware

missingSoftware.category1

missingSoftware.category2

missingSoftware.publisher

missingSoftware.product

businessApp.name

businessApp.businessCriticality

businessApp.ownedBy

businessApp.managedBy

businessApp.supportedBy

businessApp.supportGroup

hardware

hardware.category

hardware.category1

hardware.category2

hardware.lifecycle.eos

hardware.lifecycle.obs

hardware.lifecycle.stage

hardware.manufacturer

hardware.model

hardware.product

interfaces.address

interfaces.gatewayAddress

inventory.created

inventory.lastUpdated

inventory.source

openPorts.firstFound

openPorts.lastUpdated

openPorts.port

operatingSystem

operatingSystem.architecture

operatingSystem.category

operatingSystem.category1

operatingSystem.category2

operatingSystem.edition

operatingSystem.installDate

operatingSystem.lifecycle.eol

operatingSystem.lifecycle.eos

operatingSystem.lifecycle.stage

operatingSystem.marketVersion

operatingSystem.name

operatingSystem.publisher

operatingSystem.update

operatingSystem.version

software.architecture

software.category

software.category1

software.category2

software.edition

software.installDate

software.lastUpdated

software.lastUseDate

software.license.category

software.lifecycle.eol

software.lifecycle.eos

software.lifecycle.stage

software.marketVersion

software.name

software.product

software.authorization

software.publisher

software.update

software.version

software.component

software.firstFound

software.isPCSupported

software.hasRunningInstance

tags.name

volumes.free

provider

aws.ec2.availabilityZone

aws.ec2.imageId

aws.ec2.instanceState

aws.ec2.instanceId

aws.ec2.accountId

aws.ec2.instanceType

aws.ec2.launchDate

aws.ec2.privateIpAddress

aws.ec2.publicIpAddress

aws.ec2.region.code

aws.ec2.subnetId

aws.ec2.vpcId

azure.vm.location

azure.vm.name

azure.vm.privateIpAddress

azure.vm.publicIpAddress

azure.vm.resourceGroupName

azure.vm.size

azure.vm.state

azure.vm.subnet

azure.vm.subscriptionId

azure.vm.vmId

gcp.compute.hostname

gcp.compute.machineType

gcp.compute.network

gcp.compute.privateIpAddress

gcp.compute.projectId

gcp.compute.projectNumber

gcp.compute.publicIpAddress

gcp.compute.state

gcp.compute.zone

gcp.compute.instanceId

gcp.labels.name

gcp.labels.value

oci.compute.availabilityDomain

oci.compute.compartmentId

oci.compute.compartmentName

oci.compute.faultDomain

oci.compute.imageId

oci.compute.ociId

oci.compute.region

oci.compute.shape

oci.compute.state

oci.compute.tenantId

oci.compute.tenantName

oci.compute.timeCreated

oci.tags.key

oci.tags.namespace

oci.tags.type

oci.tags.value

oci.vnic.macAddr

oci.vnic.nicIndex

oci.vnic.privateIp

oci.vnic.publicIp

oci.vnic.subnetCidrBlock

oci.vnic.subnetId

oci.vnic.subnetName

oci.vnic.vcnId

oci.vnic.vcnName

oci.vnic.virtualRouterIp

oci.vnic.vlanTag

oci.vnic.vnicId

ibm.tags.name

ibm.tags.value

ibm.virtualServer.datacenterId

ibm.virtualServer.deviceName

ibm.virtualServer.domain

ibm.virtualServer.id

ibm.virtualServer.location

ibm.virtualServer.privateIpAddress

ibm.virtualServer.publicIpAddress

ibm.virtualServer.state

 

Supported Boolean Operators

The Qualys Query Language (QQL) supports the following logical or Boolean query operators. Use these operators in your queries to narrow down or broaden your search.

and

not

or