Search tips for tokens

Syntax help displayed in UI for tokens.

Note: Following tokens are not available for ITAM (Free) License Subscriber.
operatingSystem.lifecycle.stage, operatingSystem.lifecycle.ga, operatingSystem.lifecycle.eol, operatingSystem.lifecycle.eos, hardware.lifecycle.stage, hardware.lifecycle.ga, hardware.lifecycle.eos, hardware.lifecycle.obs, software.lifecycle.stage, software.lifecycle.ga, software.lifecycle.eol, software.lifecycle.eos, software.license.category, software.license.subcategory

Asset Inventory and Passive Scanner

accounts.username

Use a text value ##### to help you find an account username you're looking for.

Example

Show findings with username administrator

accounts.username:administrator

agent.activations.key

Use a text value ##### to define the agent activation key you're interested in.

Example

Show assets with agents activated using this key

agent.activations.key: 057cc48a-8d84-48eb-add4-97a605d0567d

agent.activations.status

Select the agent activation status (ACTIVE, INACTIVE, UNSUPPORTED) you're interested in. Select from names in the drop-down menu.

Example

Show assets with active agents

agent.activations.status: ACTIVE

agent.agentID

Use a text value ##### to help you find systems with a Qualys agent ID of interest.

Example

Show findings with this agent ID

asset.agentID:f0c8e682-e9cc-4e7d-b92a-0c905d81ec74

agent.configurationProfile

Use quotes or backticks within values to help you find the agent configuration profile you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings related to profile name

agent.configurationProfile: Initial Profile

Show any findings that contain parts of the name

agent.configurationProfile: "Initial Profile"

Show any findings that match exact value

agent.configurationProfile: `Initial Profile`

agent.connectedFrom

Use a text value ##### to define the external IP address a cloud agent connected from.

Example

Show findings for an external IP address that an agent connected from

agent.connectedFrom: 10.0.100.11

asset.isContainerHost

Use the values true | false to define assets hosting containers.

Example

Show assets that host containers

asset.isContainerHost: "true"

agent.lastActivity

Use a date range or specific date to define when last agent activity occurred.

Examples

Show last agent activity within certain dates

agent.lastActivity:[2019-01-01 ... 2019-01-15]

Show last agent activity starting 2019-01-15, ending 1 month ago

agent.lastActivity:[2019-01-15 ... now-1M]

Show last agent activity starting 2 weeks ago, ending 1 second ago

agent.lastActivity:[now-2w ... now-1s]

Show last agent activity on a specific date

agent.lastActivity:'2019-03-18'

agent.lastCheckedIn

Use a date range or specific date to define when last agent check-in occurred.

Examples

Show last agent check-in within certain dates

agent.lastCheckedIn:[2019-01-01 ... 2019-01-15]

Show last agent check-in starting 2019-01-15, ending 1 month ago

agent.lastCheckedIn:[2019-01-15 ... now-1M]

Show last agent check-in starting 2 weeks ago, ending 1 second ago

agent.lastCheckedIn:[now-2w ... now-1s]

Show last agent check-in on a specific date

agent.lastCheckedIn:'2019-03-18'

agent.lastInventory

Use a date range or specific date to define when last inventory scan was performed.

Examples

Show last inventory scan within certain dates

agent.lastInventory:[2019-01-01 ... 2019-01-15]

Show last inventory scan starting 2019-01-15, ending 1 month ago

agent.lastInventory:[2019-01-15 ... now-1M]

Show last inventory scan starting 2 weeks ago, ending 1 second ago

agent.lastInventory:[now-2w ... now-1s]

Show last inventory scan on a specific date

agent.lastInventory:'2019-03-18'

agent.udcManifestAssigned

Use the values true | false to find assets with PC agents assigned a UDC manifest. Assets are found when agents have the PC module enabled and one or more user defined controls have been added to your subscription.

Examples

Show assets with agents assigned a UDC manfest

agent.udcManifestAssigned: "true"

Show assets with agents not assigned a UDC manifest

agent.udcManifestAssigned: "false"

agent.version

Use a text value ##### to help you find agents with certain version number.

Example

Show agents of this version

asset.version:1.3.2.0

asset.agentID

Use an integer value ##### to help you find systems with a cloud agent ID you're looking for.

Example

Show findings with this agent ID

asset.agentID:12345679

asset.assetID

Use an integer value ##### to help you find systems with a Qualys asset ID of interest.

Example

Show findings with this asset ID

asset.assetID:122855563

asset.biosAssetTag

Use quotes or backticks within values to help you find assets with a certain BIOS asset tag.

Examples

Show any findings that contain this BIOS asset tag

asset.biosAssetTag:113632

Show any findings that contain parts of BIOS asset tag

asset.biosAssetTag:"113632"

Show any findings that match exact value

asset.biosAssetTag:`113632`

asset.biosDescription

Use quotes or backticks within values to help you find the BIOS description you're looking for.

Examples

Show any findings that contain parts of description

asset.biosDescription:"American Megatrends Inc."

Show any findings that match exact value "American Megatrends Inc."

asset.biosDescription:`American Megatrends Inc.`

asset.biosSerialNumber

Use a text value ##### to help you find assets with a certain BIOS Serial Number

Example

Show findings with this BIOS Serial Number

asset.biosSerialNumber:C02S50JDFVH8

asset.cpuCount

Use an integer value ##### to help you find assets with some number of CPUs.

Example

Show assets that have 2 CPUs

asset.cpuCount:2

asset.created

Use a date range or specific date to define when assets were created.

Examples

Show assets created within certain dates

asset.created:[2019-01-01 ... 2019-01-15]

Show assets created starting 2019-01-15, ending 1 month ago

asset.created:[2019-01-15 ... now-1M]

Show assets created starting 2 weeks ago, ending 1 second ago

asset.created:[now-2w ... now-1s]

Show assets created on a specific date

asset.created:'2019-03-18'

asset.biosHardwareUUID

Use a text value ##### to help you find assets with a certain bios hardware UUID

Example

Show findings with this bios hardware UUID

asset.biosHardwareUUID:152FBCC6-641B-5661-9E68-DEF35D8C4B51

asset.hostID

Use an integer value ##### to help you find the asset with a certain Qualys host ID (UUID), assigned by an agent or a scanner appliance when Agentless Tracking is used.

Example

Show assets having this host ID

asset.hostID:43954857

asset.lastBoot

Use a date range or specific date to define when assets were last booted.

Examples

Show assets last booted within certain dates

asset.lastBoot:[2019-01-01 ... 2019-01-15]

Show assets last booted starting 2019-01-15, ending 1 month ago

asset.lastBoot:[2019-01-15 ... now-1M]

Show assets last booted starting 2 weeks ago, ending 1 second ago

asset.lastBoot:[now-2w ... now-1s]

Show assets last booted on a specific date

asset.lastBoot:'2019-03-18'

asset.lastLoggedOnUser

Use a text value ##### to help you find assets last logged into by a user of interest.

Examples

Show assets with last logon by user asmith

asset.lastLoggedOnUser:asmith

asset.lastUpdated

Use a date range or specific date to define when assets were last updated.

Examples

Show assets last updated within certain dates

asset.lastUpdated:[2019-01-01 ... 2019-01-15]

Show assets last updated starting 2019-01-15, ending 1 month ago

asset.lastUpdated:[2019-01-15 ... now-1M]

Show assets last updated starting 2 weeks ago, ending 1 second ago

asset.lastUpdated:[now-2w ... now-1s]

Show assets last updated on a specific date

asset.lastUpdated:'2019-03-18'

asset.mostFrequentUser

Use a text value ##### to help you find assets most frequently logged into by a user of interest.

Examples

Show assets most frequently logged into by user irodny

asset.mostFrequentUser:irodny

asset.name

Use quotes or backticks within values to help you find the asset name you're looking for.

Examples

Show any findings that contain parts of name

asset.name:"ACMENVT7"

Show any findings that match exact value "ACMENVT7"

asset.name:`ACMENVT7`

asset.netbiosName

Use a text value ##### to define the asset NetBIOS name you're interested in.

Examples

Show the asset with this name

asset.netbiosName:ACMENVT7

asset.timezone

Use a text value ##### in quotes to find assets with a certain timezone set.

Example

Show assets with this timezone

asset.timezone:"-08:00"

asset.totalMemory

Use an integer value ##### to help you find assets with a certain total system memory (MB).

Example

Show assets with this total system memory

asset.totalMemory:1024

asset.trackingMethod

Find assets with certain tracking method (e.g. QAGENT, IP, DNS, etc). Select from values in the drop-down menu.

Example

Find assets with this tracking method

asset.trackingMethod: QAGENT

asset.type

Find assets of a certain type (container host, hypervisor, virtual machine). Select from the asset types in the drop-down menu.

Example

Find assets of type hypervisor

asset.type: hypervisor

asset.lastLocation

Use a text value ##### to help you find assets based on last location.

Example

Show assets with last location as Redwood City, California - United States

asset.lastLocation: 'Redwood City, California - United States'

Example

Show assets with last location with exact string

asset.lastLocation: `Redwood City, California - United States`

asset.lastLocation.continent

Use a text value ##### to help you find assets based on continent of the last location.

Example

Show assets with last location continent as North America

asset.lastLocation.continent: North America

asset.lastLocation.country

Use a text value ##### to help you find assets based on country of the last location.

Example

Show assets with last location country as United States

asset.lastLocation.country: United States

asset.lastLocation.state

Use a text value ##### to help you find assets based on state of the last location.

Example

Show assets with last location state as California

asset.lastLocation.state: California

asset.lastLocation.city

Use a text value ##### to help you find assets based on city of the last location.

Example

Show assets with last location city as Redwood City

asset.lastLocation.city: Redwood City

asset.lastLocation.postal

Use an integer value ##### to help you find the assets based on postal of the last location.

Example

Show assets with last location postal as 94065

asset.lastLocation.postal: 94065

connectors.connector.firstSeen

Use a date range or specific date to define when a connector was first seen.

Examples

Show connectors first seen within certain dates

connectors.connector.firstSeen:[2019-01-01 ... 2019-01-15]

Show connectors first seen starting 2019-01-15, ending 1 month ago

connectors.connector.firstSeen:[2019-01-15 ... now-1M]

Show connectors first seen starting 2 weeks ago, ending 1 second ago

connectors.connector.firstSeen:[now-2w ... now-1s]

Show connectors first seen on a specific date

connectors.connector.firstSeen:'2019-03-18'

connectors.connector.lastSeen

Use a date range or specific date to define when a connector was last seen.

Examples

Show connectors last seen within certain dates

connectors.connector.lastSeen:[2019-01-01 ... 2019-01-15]

Show connectors last seen starting 2019-01-15, ending 1 month ago

connectors.connector.lastSeen:[2019-01-15 ... now-1M]

Show connectors last seen starting 2 weeks ago, ending 1 second ago

connectors.connector.lastSeen:[now-2w ... now-1s]

Show connectors last seen on a specific date

connectors.connector.lastSeen:'2019-03-18'

connectors.connector.name

Use a text value ##### to define the connector name you're interested in.

Example

Show findings detected by connector name myec2

connectors.connector.name: myec2

connectors.connector.type

Find connectors of a certain type (EC2, AZURE, GCP). Select from the sensor types in the drop-down menu.

Example

Find EC2 connectors

connectors.connector.type: EC2

container.product

Use a text value ##### to define the container product.

Example

Show Docker containers

container.product: Docker

container.version

Use a text value ##### to help you find containers with certain version number.

Example

Show containers of this version

container.version:1.6

container.noOfContainers

Use an integer value ##### to help you find assets with some number of Docker containers. The value is displayed only for VM scan or Agent scan (and not for sensors).

Example

Show findings with 2 Docker containers

container.noOfContainers:2

container.noOfImages

Use an integer value ##### to help you find assets with some number of Docker images. The value is displayed only for VM scan or Agent scan (and not for sensors).

Example

Show findings with 5 Docker images

container.noOfImages:5

hardware

Use quotes or backticks within values to help you find the hardware name you're looking for.

Examples

Show any findings that contain parts of name

hardware:"Dell Latitude e7470"

Show any findings that match exact value

hardware:`Dell Latitude e7470`

hardware.category

Use quotes or backticks within values to help you find the hardware category you're looking for.

Examples

Show any findings that match exact value

hardware.category:Printers/Laser

hardware.category1

Use text value ##### to find assets with hardware category 1 value.

Example

If you are searching for assets that are laser printers, then category1 is Printers and category2 is Laser.

Show any findings that match exact value

hardware.category1:Printers

hardware.category2

Use text value ##### to find assets with hardware category 2 value.

Example

If you are searching for assets that are laser printers, then category1 is Printers and category2 is Laser.

Show any findings that match exact value

hardware.category2:Laser

hardware.lifecycle.ga

Use a date range or specific date to define a hardware general availability date of interest.

Examples

Show findings with hardware GA date in this date range

hardware.lifecycle.ga:[2019-01-01 ... 2019-01-15]

Show findings with hardware GA date starting 2019-01-15, ending 1 month ago

hardware.lifecycle.ga:[2019-01-15 ... now-1M]

Show findings with hardware GA date starting 2 weeks ago, ending 1 second ago

hardware.lifecycle.ga:[now-2w ... now-1s]

Show findings with this hardware GA date

hardware.lifecycle.ga:'2019-03-18'

hardware.lifecycle.intro

Use a date range or specific date to define a hardware introduction date of interest.

Examples

Show findings with hardware introduction date in this date range

hardware.lifecycle.intro:[2019-01-01 ... 2019-01-15]

Show findings with hardware introduction date starting 2019-01-15, ending 1 month ago

hardware.lifecycle.intro:[2019-01-15 ... now-1M]

Show findings with hardware introduction date starting 2 weeks ago, ending 1 second ago

hardware.lifecycle.intro:[now-2w ... now-1s]

Show findings with this hardware introduction date

hardware.lifecycle.intro:'2019-03-18'

hardware.lifecycle.eos

Use a date range or specific date to define a hardware End-of-Sale date of interest.

Examples

Show findings with hardware End-of-Sale date in this date range

hardware.lifecycle.eos:[2019-01-01 ... 2019-01-15]

Show findings with hardware End-of-Sale date starting 2019-01-15, ending 1 month ago

hardware.lifecycle.eos:[2019-01-15 ... now-1M]

Show findings with hardware End-of-Sale date starting 2 weeks ago, ending 1 second ago

hardware.lifecycle.eos:[now-2w ... now-1s]

Show findings with this hardware End-of-Sale date

hardware.lifecycle.eos:'2019-03-18'

hardware.lifecycle.obs

Use a date range or specific date to define a hardware obsolete date of interest.

Examples

Show findings with hardware obsolete date in this date range

hardware.lifecycle.obs:[2019-01-01 ... 2019-01-15]

Show findings with hardware obsolete date starting 2019-01-15, ending 1 month ago

hardware.lifecycle.obs:[2019-01-15 ... now-1M]

Show findings with hardware obsolete date starting 2 weeks ago, ending 1 second ago

hardware.lifecycle.obs:[now-2w ... now-1s]

Show findings with this hardware obsolete date

hardware.lifecycle.obs:'2019-03-18'

hardware.lifecycle.stage

Use a text value ##### in quotes to define the hardware lifecycle stage (INTRO, GA, EOS, OBS)

Example

Show End-of-Sale hardware

hardware.lifecycle.stage:"EOS"

hardware.manufacturer

Use quotes or backticks within values to find assets having a certain hardware manufacturer.

Example

Show any findings that match exact value "Dell"

hardware.manufacturer:`Dell`

hardware.model

Use quotes or backticks within values to find assets having a certain hardware model.

Example

Show any findings that match exact value "e7470"

hardware.model:`De7470`

hardware.product

Use quotes or backticks within values to find assets having a certain hardware product.

Example

Show any findings that match exact value "Latitude"

hardware.product:`Latitude`

interfaces.address

Use a text value ##### to define an IP address you're interested in.

Examples

Show this IP address

interfaces.address:10.10.100.20

interfaces.dnsAddress

Use a text value ##### to define a DNS address you're interested in.

Example

Show the asset with DNS address 10.0.100.11

interfaces.dnsAddress:10.0.100.11

interfaces.gatewayAddress

Use a text value ##### to help you find assets with a certain default gateway address.

Example

Show assets with this default gateway address

interfaces.gatewayAddress:10.11.65.1

interfaces.hostname

Use quotes or backticks within values to help you find the hostname you're looking for.

Examples

Show any findings related to name

interfaces.hostname: xpsp2-jp-26-111

Show any findings that contain parts of name

interfaces.hostname: "xpsp2-jp-26-111"

Show any findings that match exact value "xpsp2-jp-26-111"

interfaces.hostname: `xpsp2-jp-26-111`

Show any findings related to name (we'll match super domains)

interfaces.hostname: qcentos71sqp3.rdlab.acme.com

Show any findings that match exact value "qcentos71sqp3.rdlab.acme.com"

interfaces.hostname: `qcentos71sqp3.rdlab.acme.com`

interfaces.interfaceName

Use a text value ##### to help you find a certain interface name.

Example

Show the asset with name PRO/1000

interfaces.interfaceName:PRO/1000

interfaces.lastUpdated

Use a date range or specific date to define when interfaces were last updated.

Examples

Show interfaces updated within certain dates

interfaces.lastUpdated: [2019-01-01 ... 2019-01-15]

Show interfaces updated starting 2019-01-15, ending 3 months ago

interfaces.lastUpdated: [2019-01-15 ... now-3M]

Show interfaces updated starting 2 weeks ago, ending 1 second ago

interfaces.lastUpdated: [now-2w ... now-1s]

Show interfaces updated on a specific date

interfaces.lastUpdated:'2019-03-18'

interfaces.macAddress

Use quotes within values to help you find a MAC address you're interested in.

Example

Show the asset with this MAC address

interfaces.macAddress:"00-50-56-A9-73-5A"

interfaces.manufacturer

Use quotes within values to help you find the interface hardware manufacturer you're interested in.

Example

Show the asset with interface hardware manufacturer

interfaces.manufacturer:"Apple"

inventory.created

Use a date range or specific date to define when assets were created (i.e. when first scanned by a scanner appliance, or when agent was installed).

Examples

Show assets created within certain dates

inventory.created:[2019-01-01 ... 2019-01-15]

Show assets created starting 2019-01-15, ending 1 month ago

inventory.created:[2019-01-15 ... now-1M]

Show assets created starting 2 weeks ago, ending 1 second ago

inventory.created:[now-2w ... now-1s]

Show assets created on specific date

inventory.created:'2019-03-18'

inventory.lastUpdated

Use a date range or specific date to define when assets were updated (i.e. when re-scanned by a scanner appliance, or when host data uploaded to the cloud platform by an agent).

Examples

Show assets updated within certain dates

inventory.lastUpdated: [2019-01-01 ... 2019-01-15]

Show assets updated starting 2019-01-15, ending 3 months ago

inventory.lastUpdated: [2019-01-15 ... now-3M]

Show assets updated starting 2 weeks ago, ending 1 second ago

inventory.lastUpdated: [now-2w ... now-1s]

Show assets updated on a specific date

inventory.lastUpdated:'2019-03-18'

inventory.sensorLocation

Use a text value ##### to help you find assets based on specific sensor location.

Examples

Show assets with sensor location (appliance location label) as SanJose1

inventory.sensorLocation:SanJose1

inventory.source

Use a text value ##### to help you find assets from a certain Qualys source, i.e. CloudAgent (QAGENT), IP, etc.

Example

Show findings from cloud agents

inventory.source:QAGENT

openPorts.description

Use quotes or backticks within values to help you find the service description detected on an open port.

Examples

Show any findings with this description

openPorts.description: Windows Remote Desktop

Show any findings that contain parts of description

openPorts.description: "Windows Remote Desktop"

Show any findings that match exact value "Windows Remote Desktop"

openPorts.description: `Windows Remote Desktop`

openPorts.detectedService

Use quotes or backticks within values to help you find the detected service you're looking for.

Examples

Show any findings with this service name

openPorts.detectedService: win_remote_desktop

Show any findings that contain parts of name

openPorts.detectedService: "win_remote_desktop"

Show any findings that match exact value "win_remote_desktop"

openPorts.detectedService: `win_remote_desktop`

openPorts.firstFound

Use a date range or specific date to define when open ports were first found.

Examples

Show open ports found within certain dates

openPorts.firstFound: [2019-01-01 ... 2019-01-15]

Show open ports found starting 2019-01-15, ending 3 months ago

openPorts.firstFound: [2019-01-15 ... now-3M]

Show open ports found starting 2 weeks ago, ending 1 second ago

openPorts.firstFound: [now-2w ... now-1s]

Show open ports found on a specific date

openPorts.firstFound:'2019-03-18'

openPorts.lastUpdated

Use a date range or specific date to define when open ports were last updated.

Examples

Show open ports last updated within certain dates

openPorts.lastUpdated:[2019-01-01 ... 2019-01-15]

Show open ports last updated starting 2019-01-15, ending 1 month ago

openPorts.lastUpdated:[2019-01-15 ... now-1M]

Show open ports last updated starting 2 weeks ago, ending 1 second ago

openPorts.lastUpdated:[now-2w ... now-1s]

Show open ports last updated on a specific date

openPorts.lastUpdated:'2019-03-18'

openPorts.port

Use an integer value ##### to help you find assets with some open port.

Example

Show assets with open port 80

openPorts.port:80

openPorts.protocol

Use a text value ##### (UDP or TCP) to define the port protocol you're interested in.

Examples

Show findings found on TCP

openPorts.protocol: TCP

Show findings found on port 80 and TCP

openPorts:(port: 80 AND protocol: TCP)

operatingSystem

Use quotes or backticks within values to help you find the full operating system name you're looking for.

Examples

Show any findings that contain components of OS name

operatingSystem:"Windows 7 SP2 Enterprise"

Show any findings that match exact value

operatingSystem:`Windows 7 SP2 Enterprise`

operatingSystem.architecture

Use text value ##### to help you find the operating system architecture you're looking for, i.e. 32-Bit or 64-Bit.

Example

Show any findings that match exact value

operatingSystem.architecture:64-Bit

operatingSystem.category

Use text value ##### to help you find the full operating system category name you're looking for, i.e. Windows, Unix, Linux, Mac and more.

Example

Show any findings that match exact value

operatingSystem.category:Windows/Embedded

operatingSystem.category1

Use text value ##### to help you find the operating system category 1 value you're looking for.

Example

Show any findings that match exact value

If you are searching for assets with Windows Embedded operating system, then category1 is Windows and category2 is Embedded.

operatingSystem.category1:Windows

operatingSystem.category2

Use quotes or backticks to help you find the operating system category 1 value you're looking for.

Example

If you are searching for assets with Windows Embedded operating system, then category1 is Windows and category2 is Embedded.

Show any findings that match exact value

operatingSystem.category2:Embedded

operatingSystem.edition

Use text value ##### to help you find the operating system edition you're looking for.

Example

Show any findings that match exact value

operatingSystem.edition:Enterprise

operatingSystem.installDate

Use a date range or specific date to define an operating system install date of interest.

Examples

Show findings with operating system install date in this date range

operatingSystem.installDate:[2019-01-01 ... 2019-01-15]

Show findings with operating system install date starting 2019-01-15, ending 1 month ago

operatingSystem.installDate:[2019-01-15 ... now-1M]

Show findings with operating system install date starting 2 weeks ago, ending 1 second ago

operatingSystem.installDate:[now-2w ... now-1s]

Show findings with this operating system install date

operatingSystem.installDate:'2019-03-18'

operatingSystem.lifecycle.ga

Use a date range or specific date to define an OS general availability date of interest.

Examples

Show findings with OS GA date in this date range

operatingSystem.lifecycle.ga:[2019-01-01 ... 2019-01-15]

Show findings with OS GA date starting 2019-01-15, ending 1 month ago

operatingSystem.lifecycle.ga:[2019-01-15 ... now-1M]

Show findings with OS GA date starting 2 weeks ago, ending 1 second ago

operatingSystem.lifecycle.ga:[now-2w ... now-1s]

Show findings with this OS GA date

operatingSystem.lifecycle.ga:'2019-03-18'

operatingSystem.lifecycle.eol

Use a date range or specific date to define an operating system End-of-Life date of interest.

Examples

Show findings with operating system End-of-Life date in this date range

operatingSystem.lifecycle.eol:[2019-01-01 ... 2019-01-15]

Show findings with operating system End-of-Life date starting 2019-01-15, ending 1 month ago

operatingSystem.lifecycle.eol:[2019-01-15 ... now-1M]

Show findings with operating system End-of-Life date starting 2 weeks ago, ending 1 second ago

operatingSystem.lifecycle.eol:[now-2w ... now-1s]

Show findings with this operating system End-of-Life date

operatingSystem.lifecycle.eol:'2019-03-18'

operatingSystem.lifecycle.eos

Use a date range or specific date to define an operating system End-of-Support date of interest.

Examples

Show findings with operating system End-of-Support date in this date range

operatingSystem.lifecycle.eos:[2019-01-01 ... 2019-01-15]

Show findings with operating system End-of-Support date starting 2019-01-15, ending 1 month ago

operatingSystem.lifecycle.eos:[2019-01-15 ... now-1M]

Show findings with operating system End-of-Support date starting 2 weeks ago, ending 1 second ago

operatingSystem.lifecycle.eos:[now-2w ... now-1s]

Show findings with this operating system End-of-Support date

operatingSystem.lifecycle.eos:'2019-03-18'

operatingSystem.lifecycle.stage

Use a text value ##### to define an OS lifecycle stage you're looking for, i.e. active, eol, obsolete.

Examples

Show findings having this OS lifecycle stage

operatingSystem.lifecycle.stage:eol

Show findings with OS category Windows and OS lifecycle stage "active"

operatingSystem:(category:Windows AND lifecycle.stage:eol)

operatingSystem.marketVersion

Use text value ##### to help you find the operating system market version, e.g. Windows OS.

Example

Show any findings that match exact value

operatingSystem.marketVersion:7

operatingSystem.name

Use text value ##### to help you find the operating system brand name you're looking for, e.g. Windows OS.

Example

Show any findings that match exact value

operatingSystem.name:Windows 10

operatingSystem.publisher

Use a text value ##### to define an operating system manufacturer you're looking for.

Example

Show findings with this exact software publisher

operatingSystem.publisher:Microsoft

operatingSystem.update

Use a text value ##### to define an OS update version of interest.

Example

Show findings with this exact OS update version

operatingSystem.update:SP2

operatingSystem.version

Use a text value ##### to define the OS version you're interested in.

Example

Show findings with this exact OS version

operatingSystem.version:16.1

processors

Use quotes or backticks within values to help you find the full processor name you're looking for.

Examples

Show any findings that contain parts of name

processors:"iIntel Xwon® CPU ES-2673 v3"

Show any findings that match exact value

processors:`Intel Xwon® CPU ES-2673 v3`

processors.speed

Use an integer value ##### to help you find assets with a certain processor speed (MHz).

Example

Show assets with this processor speed

processors.speed:2394

provider

Find assets synced from a certain cloud provider (AWS, AZURE, GCP). Select from names in the drop-down menu.

Examples

Show assets synced from Amazon AWS

provider: "AWS"

sensors.activatedForModules

Select the name ##### of an activated module you're interested in. Select from names in the drop-down menu.

Examples

Show sensors activated for VM

sensors.activatedForModules: "VM"

Show sensors activated for VM and PC

sensors.activatedForModules: "VM" AND sensors.activatedForModules: "PC"

sensors.errorStatus

Use the values true | false to define sensors with or without error status.

Example

Show sensors with error status

sensors.errorStatus: "true"

sensors.lastComplianceScan

Use a date range or specific date to define when last compliance scan was performed.

Examples

Show last compliance scan within certain dates

sensors.lastComplianceScan:[2019-01-01 ... 2019-01-15]

Show last compliance scan starting 2019-01-15, ending 1 month ago

sensors.lastComplianceScan:[2019-01-15 ... now-1M]

Show last compliance scan starting 2 weeks ago, ending 1 second ago

sensors.lastComplianceScan:[now-2w ... now-1s]

Show last compliance scan on a specific date

sensors.lastComplianceScan:'2019-03-18'

sensors.lastFullScan

Use a date range or specific date to define when last full scan was performed.

Examples

Show last full scan within certain dates

sensors.lastFullScan:[2019-01-01 ... 2019-01-15]

Show last full scan starting 2019-01-15, ending 1 month ago

sensors.lastFullScan:[2019-01-15 ... now-1M]

Show last full scan starting 2 weeks ago, ending 1 second ago

sensors.lastFullScan:[now-2w ... now-1s]

Show last full scan on a specific date

sensors.lastFullScan:'2019-03-18'

sensors.lastVmScan

Use a date range or specific date to define when last VM scan was performed.

Examples

Show last VM scan within certain dates

sensors.lastVmScan:[2019-01-01 ... 2019-01-15]

Show last VM scan starting 2019-01-15, ending 1 month ago

sensors.lastVmScan:[2019-01-15 ... now-1M]

Show last VM scan starting 2 weeks ago, ending 1 second ago

sensors.lastVmScan:[now-2w ... now-1s]

Show last VM scan on a specific date

sensors.lastVmScan:'2019-03-18'

sensors.pendingActivationForModules

Select the name ##### of a module that's pending activation. Select from names in the drop-down menu.

Examples

Show sensors pending activation for VM

sensors.pendingActivationForModules: "VM"

Show sensors pending activation for VM and FIM

sensors.pendingActivationForModules: "VM" AND sensors.pendingActivationForModules: "FIM"

sensors.sensor.firstSeen

Use a date range or specific date to define when a sensor was first seen.

Examples

Show sensor first seen within certain dates

sensors.sensor.firstSeen:[2019-01-01 ... 2019-01-15]

Show sensor first seen starting 2019-01-15, ending 1 month ago

sensors.sensor.firstSeen:[2019-01-15 ... now-1M]

Show sensor first seen starting 2 weeks ago, ending 1 second ago

sensors.sensor.firstSeen:[now-2w ... now-1s]

Show sensor first seen on a specific date

sensors.sensor.firstSeen:'2019-03-18'

sensors.sensor.lastSeen

Use a date range or specific date to define when a sensor was last seen.

Examples

Show sensor last seen within certain dates

sensors.sensor.lastSeen:[2019-01-01 ... 2019-01-15]

Show sensor last seen starting 2019-01-15, ending 1 month ago

sensors.sensor.lastSeen:[2019-01-15 ... now-1M]

Show sensor last seen starting 2 weeks ago, ending 1 second ago

sensors.sensor.lastSeen:[now-2w ... now-1s]

Show sensor last seen on a specific date

sensors.sensor.lastSeen:'2019-03-18'

sensors.sensor.name

Use quotes or backticks within values to help you find sensors with their name.

Examples

Show any sensors that contain this name

sensors.sensor.name:IP Scanner

Show any sensors that contain parts of this name

sensors.sensor.name:"IP Scanner"

Show any sensors that match exact value

sensors.sensor.name:`IP Scanner`

sensors.sensor.type

Find sensors of a certain type (Network Scanner, Cloud Agent, Passive Sensor). Select from the sensor types in the drop-down menu.

Example

Find sensors of type Network Scanner

sensors.sensor.type: Network Scanner

services.description

Use quotes or backticks within values to help you find assets with a service description you're looking for.

Examples

Show any findings that contain parts of description

services.description:"Certificate Propagation"

Show any findings that match exact value "Windows Event Log"

services.description:`Certificate Propagation`

services.name

Use text value ##### within values to help you find assets with a service name you're looking for.

Example

Show any findings that match exact value

services.name:CertPropSvc

services.status

Use text value ##### within values to help you find the service status you're looking for.

Example

Show any findings that match exact value

services.status:RUNNING

software

Use quotes or backticks within values to help you find the full software name you're looking for.

Examples

Show any findings that contain parts of name

software:"Microsoft Office 2016 (16.0.1.2) Professional"

Show any findings that match exact value

software:`Microsoft Office 2016 (16.0.1.2) Professional`

software.architecture

Use text value ##### to help you find the software architecture you're looking for, i.e 32-Bit or 64-Bit.

Example

Show any findings that match exact value

software:(architecture:64-Bit)

software.category

Use quotes or backticks within values to help you find a software category.

Example

Show any findings that match exact value

software:(category:`Application Development/Testing`)

software.category1

Use text value ##### to help you find the software category 1 value you're looking for.

Example

If you are searching for assets having testing software, then category1 is Application Development and category2 is Testing.

Show any findings that match exact value

software:(category1:Application Development)

software.category2

Use text value ##### to help you find the software category 2 value you're looking for.

Example

If you are searching for assets having testing software, then category1 is Application Development and category2 is Testing.

Show any findings that match exact value

software:(category2:Testing)

software.edition

Use text value ##### to help you find the software edition you're looking for.

Example

Show any findings that match exact value

software:(edition:Professional)

software.installDate

Use a date range or specific date to define when software was installed.

Examples

Show software installed within certain dates

software:(installDate:[2019-01-01 ... 2019-01-15])

Show software installed starting 2019-01-15, ending 1 month ago

software:(installDate:[2019-01-15 ... now-1M])

Show software installed starting 2 weeks ago, ending 1 second ago

software:(installDate:[now-2w ... now-1s])

Show software installed on a specific date

software:(installDate:'2019-03-18')

software.installPath

Use a text value ##### to define a software install path you're looking for.

Example

Show findings with this exact software install path

software:(installPath:C:\Program Files\)

software.isPackage

Use the values true | false to define whether software is a package.

Example

Show software that is a package

software:(isPackage: "true")

software.isPackageComponent

Use the values true | false to define whether software is a package component.

Example

Show software that is a package component

software:(isPackageComponent: "true")

software.lastUpdated

Use a date range or specific date to define when a software was last updated.

Examples

Show software last updated within certain dates

software:(lastUpdated:[2019-01-01 ... 2019-01-15])

Show software last updated starting 2019-01-15, ending 1 month ago

software:(lastUpdated:[2019-01-15 ... now-1M])

Show software last updated starting 2 weeks ago, ending 1 second ago

software:(lastUpdated:[now-2w ... now-1s])

Show software last updated on a specific date

software:(lastUpdated:'2019-03-18')

software.lastUseDate

Use a date range or specific date to define when a software was last used.

Examples

Show software last used within certain dates

software:(lastUseDate:[2019-01-01 ... 2019-01-15])

Show software last used starting 2019-01-15, ending 1 month ago

software:(lastUseDate:[2019-01-15 ... now-1M])

Show software last used starting 2 weeks ago, ending 1 second ago

software:(lastUseDate:[now-2w ... now-1s])

Show software last used on a specific date

software:(lastUseDate:'2019-03-18')

software.license.category

Use text value ##### to help you find a software license category, i.e. Open Source, Commercial.

Example

Show any findings that match exact value

software:(license.category:`Open Source`)

software.license.subcategory

Use text value ##### to help you find a software license subcategory, i.e. GPL, Apache 2.0, BSD.

Example

Show any findings that match exact value

software:(license.subcategory:Apache 2.0)

software.lifecycle.ga

Use a date range or specific date to define a software general availability date of interest.

Examples

Show findings with software GA date in this date range

software:(lifecycle.ga:[2019-01-01 ... 2019-01-15])

Show findings with woftware GA date starting 2019-01-15, ending 1 month ago

software:(lifecycle.ga:[2019-01-15 ... now-1M])

Show findings with software GA date starting 2 weeks ago, ending 1 second ago

software:(lifecycle.ga:[now-2w ... now-1s])

Show findings with this software GA date

software:(lifecycle.ga:'2019-03-18')

software.lifecycle.eol

Use a date range or specific date to define an software End-of-Life date of interest.

Examples

Show findings with software End-of-Life date in this date range

software:(lifecycle.eol:[2019-01-01 ... 2019-01-15])

Show findings with software End-of-Life date starting 2019-01-15, ending 1 month ago

software:(lifecycle.eol:[2019-01-15 ... now-1M])

Show findings with software End-of-Life date starting 2 weeks ago, ending 1 second ago

software:(lifecycle.eol:[now-2w ... now-1s])

Show findings with this software End-of-Life date

software:(lifecycle.eol:'2019-03-18')

software.lifecycle.eos

Use a date range or specific date to define an software End-of-Support date of interest.

Examples

Show findings with software End-of-Support date in this date range

software:(lifecycle.eos:[2019-01-01 ... 2019-01-15])

Show findings with software End-of-Support date starting 2019-01-15, ending 1 month ago

software:(lifecycle.eos:[2019-01-15 ... now-1M])

Show findings with software End-of-Support date starting 2 weeks ago, ending 1 second ago

software:(lifecycle.eos:[now-2w ... now-1s])

Show findings with this software End-of-Support date

software:(lifecycle.eos:'2019-03-18')

software.lifecycle.stage

Use a text value ##### to define a software lifecycle stage you're looking for, i.e. active, eol, obsolete.

Examples

Show findings having this software lifecycle stage

software:(lifecycle.stage:eol)

Show findings having software category Windows and software lifecycle stage "active"

software:(category:Windows AND lifecycle.stage:eol)

software.marketVersion

Use text value ##### to help you find a software market version, e.g. Windows OS.

Example

Show any findings that match exact value

software:(marketVersion:7)

software.name

Use quotes or backticks within values to help you find the software name you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings with this name

software:(name: VMware Tools)

Show any findings that contain parts of name

software:(name: "VMware Tools")

Show any findings that match exact value

software:(name: `VMware Tools`)

Find assets with certain tag and software installed

tags.name: `Cloud Agent` AND software: (name: `Cisco AnyConnect Secure Mobility Client` AND version: `3.1.12345`)

software.product

Use a text value ##### to define a software product name you're looking for.

Example

Show findings with this exact product name

software:(product:Office)

software.publisher

Use a text value ##### to define a software manufacturer you're looking for.

Example

Show findings with this exact software publisher

software:(publisher:Microsoft)

software.supportStage

Use a text value ##### to define the software support stage.

Example

Show software having premium support

software:(supportStage: Premium Support)

software.type

Use a text value ##### to define a software type of interest.

Example

Show findings having this software type

software:(type:Installer Package)

software.update

Use a text value ##### to define a software update version of interest.

Example

Show findings with this exact software update version

software:(update:16.0.1.2)

software.version

Use a text value ##### to define the software version you're interested in.

Example

Show findings with this exact software version

software:(version:16.0)

software.component

Use a value Client, Server or " " (empty field) to identify the software component.

Example

Show findings with Client software component

software:(component:Client)

tags.businessImpact

Find assets with certain business impact (HIGH, MINOR, LOW, MEDIUM, CRITICAL). Select from tag values in the drop-down menu.

Example

Find assets with high business impact

tags.businessImpact: HIGH

tags.name

Use quotes or backticks within values to help you find the asset tag you're looking for.

Examples

Show any findings that contain "network" and "blue" in name

tags.name: "network blue"

Show any findings that contain "network" or "blue" in name (another method)

tags.name: "network" OR tags.name: blue"

Show any findings that match exact value "Cloud Agent"

tags.name: `Cloud Agent`

volumes.free

Use an integer value ##### to help you find assets with a certain free volume space (GB).

Example

Show findings with this free volume space

volumes.free:65

volumes.free

Use an integer value ##### to help you find assets with a certain volume name.

Example

Show findings with this volume name

volumes.name:D:

volumes.size

Use an integer value ##### to help you find assets with a certain volume size (GB).

Example

Show findings with this volume size

volumes.size:70

AWS EC2

Use these tokens when searching your AWS EC2 assets on the Assets list.

- Your results may return Terminated instances. It's recommended you include aws.ec2instanceState in your query to reduce the number of results.

- The syntax is different when writing queries for tag rules than when searching assets in the Assets list. Be sure to follow the syntax tips in the drop-down when writing your query.

aws.ec2.accountId

Use a text value ##### to find EC2 instances with a certain account ID.

Examples

Find EC2 instances that match this account ID

aws.ec2.accountId: 123456789012

Find EC2 instances with account ID starting "12345"

aws.ec2.accountId: 12345*

Find EC2 instances where account ID is null (remove the colon)

aws.ec2.accountId is null

aws.ec2.availabilityZone

Use a text value ##### to find EC2 instances by the availability zone in which the instance launched.

Example

Find EC2 instances in the us-east-1a availability zone

aws.ec2.availabilityZone: us-east-1a

aws.ec2.hasAgent

Use the values true | false to define whether the EC2 asset has a cloud agent.

Examples

Show findings with a cloud agent

aws.ec2.hasAgent: true

Show findings without a cloud agent

aws.ec2.hasAgent: false

aws.ec2.hostname

Use a text value ##### to find the EC2 hostname you're looking for.

Examples

Find instances related to name

aws.ec2.hostname: abc.qualys.com

Find instances that match exact value

aws.ec2.hostname: `abc.qualys.com`

aws.ec2.imageId

Use a text value ##### to find EC2 instances with a certain Image (AMI) ID.

Examples

Find instances related to the Image ID

aws.ec2.imageId: ami-2ea83347

Find instances that match exact value

aws.ec2.imageId: `ami-2ea83347`

aws.ec2.instanceId

Use a text value ##### to find EC2 instances by the instance ID.

Example

Find EC2 instances with this ID

aws.ec2.instanceId: i-1234567890abcdef0

aws.ec2.instanceState

Select the name of the instance state (e.g. PENDING, RUNNING, TERMINATED, STOPPED, etc) you're interested in. Select from names in the drop-down menu.

Example

Find running EC2 instances

aws.ec2.instanceState: RUNNING

aws.ec2.instanceType

Select the type of instance you're interested in. Select from names in the drop-down menu.

Example

Find EC2 instances with instance type t2.micro

aws.ec2.instanceType: t2.micro

aws.ec2.isQualysScanner

Use the values true | false to define whether the EC2 asset is a Qualys scanner.

Examples

Show findings where assets are scanners

aws.ec2.isQualysScanner: true

Show findings where assets are not scanners

aws.ec2.isQualysScanner: false

aws.ec2.kernelId

Use a text value ##### to find EC2 instances by kernel ID (AKI).

Example

Find EC2 instances with this kernel ID

aws.ec2.kernelId: aki-70ab0c10

aws.ec2.launchDate

Use a date range or specific date to define when the EC2 instance launched. Enter dates in yyyy-mm-dd format.

Examples

Find EC2 instances launched within certain dates

aws.ec2.launchDate: [2017-06-15 ... 2017-06-30]

Find EC2 instances launched on specific date

aws.ec2.launchDate:'2017-08-15'

aws.ec2.privateDNS

Use a text value ##### to define a private DNS address you're interested in.

Example

Find the EC2 instance with this private DNS address

aws.ec2.privateDNS: ip-10-90-2-85.ec2.internal

aws.ec2.privateIpAddress

Use a text value ##### to define a private IPv4 address or range of IPs you're interested in.

Examples

Find EC2 instances with this private IP address

aws.ec2.privateIpAddress: 10.90.0.119

Find EC2 instances within this IP range

aws.ec2.privateIpAddress: [10.1.78.23 ... 10.100.78.235]

aws.ec2.publicDNS

Use a text value ##### to define a public DNS address you're interested in.

Example

Find the EC2 instance with this public DNS address

aws.ec2.publicDNS: ec2-52-70-141-154.compute-1.amazonaws.com

aws.ec2.publicIpAddress

Use a text value ##### to define a public IPv4 address or range of IPs you're interested in.

Examples

Find EC2 instances with this public IP address

aws.ec2.publicIpAddress: 52.70.141.154

Find EC2 instances within this IP range

aws.ec2.publicIpAddress: [52.70.141.154 ... 52.70.141.164]

aws.ec2.region.code

Select the code of the region you're interested in. Select from codes in the drop-down menu.

Example

Find EC2 instances in the us-east-1 region

aws.ec2.region.code: us-east-1

aws.ec2.region.name

Select the name of the region you're interested in. Select from names in the drop-down menu.

Example

Find EC2 instances in the US East (N. Virginia) region

aws.ec2.region.name: US East (N. Virginia)

aws.ec2.spotInstance

Use the values true | false to define whether your EC2 instance is a Spot instance.

Examples

Show EC2 Spot instances

aws.ec2.spotInstance: "true"

Show EC2 instances that are not Spot instances

aws.ec2.spotInstance: "false"

aws.ec2.subnetId

Use a text value ##### to find EC2 instances by the ID of the subnet in which the interface resides.

Example

Find EC2 instances with this subnet ID

aws.ec2.subnetId: subnet-bc02c0d4

aws.ec2.vpcId

Use a text value ##### to find EC2 instances by the ID of the VPC in which the interface resides.

Example

Find EC2 instances with this VPC ID

aws.ec2.vpcId: vpc-1e37cd76

aws.tags

Use a text value ##### to find EC2 instances with a certain AWS tag key and value (both are case insensitive).

Example

Find EC2 instances with an AWS tag with key "abc" and value "xyz"

aws.tags: (key:abc and value:xyz)

aws.tags.key

Use a text value ##### to find EC2 instances with a certain AWS tag key/name (case insensitive).

Examples

Find EC2 instances with key "devops"

aws.tags.key: devops

Find EC2 instances with key starting "dev"

aws.tags.key: dev*

Find EC2 instances with key ending "ops"

aws.tags.key: *ops

aws.tags.value

Use a text value ##### to find EC2 instances with a certain AWS tag value (case insensitive).

Examples

Find EC2 instances with tag value "dailybuild"

aws.tags.value: dailybuild

Find EC2 instances with tag value starting "daily"

aws.tags.value: daily*

Find EC2 instances with tag value ending "build"

aws.tags.value: *build

 

Microsoft Azure

Use these tokens when searching Microsoft Azure assets on the Assets list.

azure.tags

Use a text value ##### to find Azure instances with a certain tag name and value. Both are case insensitive.

Example

Find Azure instances with a tag with name "abc" and value "xyz"

azure.tags: (name:abc and value:xyz)

azure.tags.name

Use a text value ##### to find Azure instances with a certain tag name (case insensitive).

Examples

Find Azure instances with name "devops"

azure.tags.name: devops

Find Azure instances with name starting "dev"

azure.tags.name: dev*

Find Azure instances with name ending "ops"

azure.tags.name: *ops

azure.tags.value

Use a text value ##### to find Azure instances with a certain tag value (case insensitive).

Examples

Find Azure instances with tag value "dailybuild"

azure.tags.value: dailybuild

Find Azure instances with tag value starting "daily"

azure.tags.value: daily*

Find Azure instances with tag value ending "build"

azure.tags.value: *build

azure.vm.imageOffer

Use a text value ##### to define the image offer name (i.e. UbuntuServer or WindowsServer) for images deployed from the Azure image gallery.

Examples

Find Azure instances related to name

azure.vm.imageOffer: UbuntuServer

Find Azure instances that match exact value

azure.vm.imageOffer: `UbuntuServer`

azure.vm.imagePublisher

Use a text value ##### to define the name of the Azure virtual machine image publisher (i.e. Canonical or MicrosoftWindowsServer).

Examples

Find Azure instances related to name

azure.vm.imagePublisher: Canonical

Find Azure instances that match exact value

azure.vm.imagePublisher: `Canonical`

azure.vm.imageVersion

Use a text value ##### to define the version of the Azure virtual machine image sku you're interested in.

Example

Find Azure instances with this sku version

azure.vm.imageVersion: 16.04.201708030

azure.vm.location

Use a text value ##### to define the region you're interested in.

Example

Find Azure instances in this location

azure.vm.location: westus

azure.vm.macAddress

Use a text value ##### to define the MAC address you're interested in.

Example

Find Azure instances with this MAC address

azure.vm.macAddress: '000D3A36DDED'

azure.vm.name

Use a text value ##### to find the Azure virtual machine name you're looking for.

Examples

Find Azure instances related to name

azure.vm.name: avset2

Find Azure instances that match exact value

azure.vm.name: `avset2`

azure.vm.platform

Use a text value ##### to define the operating system platform (Linux or Windows) of the Azure virtual machine.

Example

Find Azure instances on Windows platform

azure.vm.platform: Windows

azure.vm.privateIpAddress

Use a text value ##### to define a private IPv4 address or range of IPs you're interested in.

Examples

Find Azure instances with this private IP

azure.vm.privateIpAddress: 10.1.2.5

Find Azure instances within this IP range

azure.vm.privateIpAddress: [10.1.2.5 ... 10.1.2.33]

azure.vm.publicIpAddress

Use a text value ##### to define a public IPv4 address or range of IPs you're interested in.

Examples

Find Azure instances with this public IP

azure.vm.publicIpAddress: 13.126.125.189

Find Azure instances within this IP range

azure.vm.publicIpAddress: [13.126.125.180 ... 13.126.125.255]

azure.vm.resourceGroupName

Use a text value ##### to define the name of the resource group you're interested in.

Examples

Find Azure instances related to name

azure.vm.resourceGroupName: my-eastus-rg

Find Azure instances that match exact value

azure.vm.resourceGroupName: `my-eastus-rg`

azure.vm.size

Use a text value ##### to help you find Azure VM instances with a certain virtual machine size.

Example

Find Azure instances with this size

azure.vm.size: Standard_D1

azure.vm.state

Select the name of the instance state (e.g. DEALLOCATED, RUNNING, STOPPED, etc) you're interested in. Select from names in the drop-down menu.

Example

Find running Azure instances

azure.vm.state: RUNNING

azure.vm.subnet

Use a text value ##### to define the Azure virtual machine subnet you're interested in.

Example

Find Azure instances with this subnet

azure.vm.subnet: 10.1.2.0

azure.vm.subscriptionId

Use a text value ##### to define the subscription ID of the Azure virtual machine subscription.

Example

Find Azure instances with this subscription ID

azure.vm.subscriptionId: fbb9ea64-abda-452e-adfa-83442409

azure.vm.vmId

Use a text value ##### to define the Azure virtual machine ID you're looking for.

Example

Find Azure instances with this ID

azure.vm.vmId: 13f56399-bd52-4150-9748-7190aae1ff21

 

Google Cloud Platform

Use these tokens when searching Google Cloud Platform assets on the Assets list.

gcp.compute.hostname

Use a text value ##### to define the hostname you're looking for.

Examples

Find GCP instances related to name

gcp.compute.hostname: instance-5.c.qvsa-dev.internal

Find GCP instances that match exact value

gcp.compute.hostname: `instance-5.c.qvsa-dev.internal`

gcp.compute.instanceId

Use a text value ##### to define the Google Compute instance ID you're looking for.

Example

Find GCP instances with this ID

gcp.compute.instanceId: 4392196237934605253

gcp.compute.macAddress

Use a text value ##### to define the MAC address you're interested in.

Example

Find GCP instances with this MAC address

gcp.compute.macAddress: '000D3A36DDED'

gcp.compute.machineType

Use a text value ##### to define the machine type of the virtual machine instance you're interested in.

Examples

Find GCP instances related to name

gcp.compute.machineType: n1-standard-1

Find GCP instances that match exact value

gcp.compute.machineType: `n1-standard-1`

gcp.compute.network

Use a text value ##### to find GCP instances by the VPC network the instance belongs to.

Example

Find GCP instances with this network

gcp.compute.network: 000D3A36DDED

gcp.compute.privateIpAddress

Use a text value ##### to define a private IPv4 address or range of IPs you're interested in.

Examples

Find GCP instances with this private IP

gcp.compute.privateIpAddress: 10.240.0.7

Find GCP instances with this private IP range

gcp.compute.privateIpAddress: [10.240.0.7 ... 10.240.0.30]

gcp.compute.projectId

Use a text value ##### to define the project ID assigned to the GCP Console project the instance belongs to.

Examples

Find GCP instances related to ID

gcp.compute.projectId: qvsa-dev

Find GCP instances that match exact value

gcp.compute.projectId: `qvsa-dev`

gcp.compute.projectNumber

Use an integer value ##### to define the project number assigned to the GCP Console project the instance belongs to.

Examples

Find GCP instances related to this number

gcp.compute.projectNumber: 1035365309337

Find GCP instances that match exact value

gcp.compute.projectNumber: `1035365309337`

gcp.compute.publicIpAddress

Use a text value ##### to define a public IPv4 address or range of IPs you're interested in.

Examples

Find GCP instances with this public IP

gcp.compute.publicIpAddress: 104.196.57.216

Find GCP instances within this IP range

gcp.compute.publicIpAddress: [104.196.57.216 ... 104.196.57.218]

gcp.compute.state

Select the name of the instance state (e.g. PENDING, RUNNING, STOPPED, etc) you're interested in. Select from names in the drop-down menu.

Example

Find running GCP instances

gcp.compute.state: RUNNING

gcp.compute.zone

Use a text value ##### to define the zone of the GCP instance you're looking for

Examples

Find GCP instances related to name

gcp.compute.zone: us-east1-d

Find GCP instances that match exact value

gcp.compute.zone: `us-east1-d`

 

Passive Scanner only

asset.fqdn

Use a text value ##### to define the asset FQDN name you're looking for.

Example

Show the asset with this FQDN

asset.fqdn:ACMENVT7.acme.com

hardware.typingConfidence

Use a text value ##### to define the hardware typing confidence you're looking for, i.e. HIGH, MEDIUM, LOW.

Example

Show this hardware typing confidence

hardware.typingConfidence:HIGH

inventory.sensorID

Use an integer value ##### to help you find assets sensed by a certain sensor ID.

Example

Show this sensor ID

inventory.sensorID:"345678892"

inventory.sensorName

Use a text value ##### to help you find assets based on specific sensor name.

Examples

Show assets with sensor name as ITCorp-appliance

inventory.sensorName:ITCorp-appliance

openPorts.lastFound

Use a date range or specific date to define when open ports were last found.

Examples

Show open ports found within certain dates

openPorts.lastFound: [2019-01-01 ... 2019-01-15]

Show open ports found starting 2019-01-15, ending 3 months ago

openPorts.lastFound: [2019-01-15 ... now-3M]

Show open ports found starting 2 weeks ago, ending 1 second ago

openPorts.lastFound: [now-2w ... now-1s]

Show open ports found on a specific date

openPorts.lastFound:'2019-03-18'

openPort.lastUpdated

Use a date range or specific date to define when ports on assets were last updated (i.e. when re-scanned by a scanner appliance, or when host data uploaded to the cloud platform by an agent).

Examples

Show ports updated within certain dates

openPort.lastUpdated: [2019-01-01 ... 2019-01-15]

Show ports updated starting 2019-01-15, ending 3 months ago

openPort.lastUpdated: [2019-01-15 ... now-3M]

Show ports updated starting 2 weeks ago, ending 1 second ago

openPort.lastUpdated: [now-2w ... now-1s]

Show ports updated on a specific date

openPort.lastUpdated:'2019-03-18'

operatingSystem.typingConfidence

Use a text value ##### to define the OS typing confidence you're interested in, i.e. HIGH, MEDIUM, LOW.

Example

Show this OS typing confidence

operatingSystem.typingConfidence:MEDIUM

traffic.timestamp

Use a date range or specific date to find assets as per traffic timestamp.

Examples

Show assets with traffic timestamp 2019-03-18

traffic.timestamp:'2019-03-18'

Show assets with traffic timestamp within certain dates

traffic.timestamp:[2019-01-01 ... 2019-01-15]

Show assets with traffic timestamp starting 2019-01-15, ending 1 month ago

traffic.timestamp:[2019-01-15 ... now-1M]

Show assets with traffic timestamp starting 2 weeks ago, ending 1 second ago

traffic.timestamp:[now-2w ... now-1s]

traffic.total

Use an integer value ##### to find assets having specific amount of total traffic in MBs (both ingress and egress).

Example

Show assets with 100 MB total traffic

traffic.total:100

traffic.ingress

Use an integer value ##### to find assets having specific amount of ingress traffic in MBs.

Example

Show assets with 60 MB ingress traffic

traffic.ingress:60

traffic.egress

Use an integer value ##### to find assets having specific amount of egress traffic in MBs.

Example

Show assets with 40 MB egress traffic

traffic.egress:40

traffic.protocol

Use a text value ##### to find assets with traffic over specific protocol.

Example

Show assets with traffic over TCP

traffic.protocol:tcp

traffic.port

Use a integer value ##### to find assets with traffic over specific port.

Example

Show assets with traffic over port 80

traffic.port:80

traffic.type

Use a text value ##### to find assets with traffic of a specific type (client or server).

Example

Show assets with client traffic

traffic.type:client

traffic.family

Use a text value ##### to find assets with traffic of a specific family.

Example

Show assets with peer to peer traffic

traffic.family:Peer to Peer

traffic.application

Use a text value ##### to find assets with traffic from a specific application.

Example

Show assets with traffic from BitTorrent

traffic.application:BitTorrent

traffic.service

Use a text value ##### to find assets with traffic from a specific service.

Example

Show assets with traffic from HTTP

traffic.service:http

inventory.scannerID

Use an integer value ##### to find traffic based on scanner ID.

Example

Show traffic with this scanner ID

inventory.scannerID:345678892

inventory.scannerName

Use quotes or backticks within values to help you find traffic based on the scanner name.

Examples

Show any traffic that contain parts of name

inventory.scannerName:"acme-ps-001"

Show any traffic that match exact value "acme-ps-001"

inventory.scannerName:`acme-ps-001`

inventory.scannerLocation

Use a text value ##### to help you find traffic based on scanner location.

Example

Show traffic with scanner location as Pune 10th floor States

inventory.scannerLocation: Pune 10th floor

client.type

Find traffic based on client type (Managed, Unmanaged, Internal, External). Select from the client types in the drop-down menu.

Example

Find traffic of client type Managed

client.type: Managed

client.assetID

Use an integer value ##### to help you find traffic based on client asset ID.

Example

Show traffic with this client asset ID

client.assetID:122855563

client.name

Use quotes or backticks within values to help you find traffic based on client name.

Examples

Show any traffic that contain parts of name

client.name:"ACMENVT7"

Show any traffic that match exact value "ACMENVT7"

client.name:`ACMENVT7`

client.lastLoggedOnUser

Use a text value ##### to help you find traffic based on last logged into by a user of interest.

Examples

Show traffic with last logon by user jdoe

client.lastLoggedOnUser:jdoe

client.tags.name

Use quotes or backticks within values to help you find the traffic based on tag name.

Examples

Show any traffic that contain "rouge" and "BYOD" in name

client.tags.name: "rouge, BYOD"

Show any traffic that contain "rouge" or "BYOD" in name (another method)

client.tags.name: "rouge" OR client.tags.name: BYOD"

Show any traffic that match exact value "rouge, BYOD"

client.tags.name: `rouge, BYOD`

client.hardware.category

Use quotes or backticks within values to help you find the traffic based on client hardware category.

Examples

Show any traffic that match exact value

client.hardware.category:Computer/Server

client.hardware

Use quotes or backticks within values to help you find the traffic based on client hardware name.

Examples

Show any traffic that contain parts of name

client.hardware:"Dell Latitude e7470"

Show any traffic that match exact value

client.hardware:`Dell Latitude e7470`

client.operatingSystem.category

Use text value ##### to help you find the traffic based on client operating system category name.

Example

Show any traffic that match exact value

client.operatingSystem.category:Windows/Client

client.operatingSystem

Use quotes or backticks within values to help you find the traffic based on client operating system name.

Examples

Show any traffic that contain components of OS name

client.operatingSystem:"Windows 7 Enterprise (6.1 SP2) 64Bit"

Show any traffic that match exact value

client.operatingSystem:`Windows 7 Enterprise (6.1 SP2) 64Bit`

client.interfaces.macAddress

Use quotes within values to help you find traffic based on MAC address.

Example

Show the traffic with this MAC address

client.interfaces.macAddress:"00:0D:3A:27:15:BA"

client.interfaces.address

Use a text value ##### to find traffic based on an IP address.

Examples

Show traffic for this IP address

client.interfaces.address:10.20.0.5

server.type

Find traffic for a server type (Managed, Unmanaged, Internal, External). Select from the asset types in the drop-down menu.

Example

Find traffic for server type Internal

server.type: Internal

server.assetID

Use an integer value ##### to help you find traffic based on server asset ID.

Example

Show traffic for this asset ID

server.assetID:122855563

server.name

Use quotes or backticks within values to help you find the traffic with server name.

Examples

Show any traffic that contain parts of name

server.name:"ACMENVT7"

Show any traffic that match exact value "ACMENVT7"

server.name:`ACMENVT7`

server.lastLoggedOnUser

Use a text value ##### to help you find traffic based on last logged into by a user of interest.

Examples

Show traffic with last logon by user jdoe

server.lastLoggedOnUser:jdoe

server.tags.name

Use quotes or backticks within values to help you find the traffic based on tag name.

Examples

Show any traffic that contain "rouge" and "BYOD" in name

server.tags.name: "rouge, BYOD"

Show any traffic that contain "rouge" or "BYOD" in name (another method)

server.tags.name: "rouge" OR server.tags.name: BYOD"

Show any traffic that match exact value "rouge, BYOD"

server.tags.name: `rouge, BYOD`

server.hardware.category

Use quotes or backticks within values to help you find the traffic based on server hardware category.

Examples

Show any traffic that match exact value

server.hardware.category:Computer/Server

server.hardware

Use quotes or backticks within values to help you find the traffic based on server hardware name.

Examples

Show any traffic that contain parts of name

server.hardware:"Dell Latitude e7470"

Show any traffic that match exact value

server.hardware:`Dell Latitude e7470`

server.operatingSystem.category

Use text value ##### to help you find the traffic based on server operating system category name.

Example

Show any traffic that match exact value

server.operatingSystem.category:Windows/Client

server.operatingSystem

Use quotes or backticks within values to help you find the traffic based on server operating system name.

Examples

Show any traffic that contain components of OS name

server.operatingSystem:"Windows 7 Enterprise (6.1 SP2) 64Bit"

Show any traffic that match exact value

server.operatingSystem:`Windows 7 Enterprise (6.1 SP2) 64Bit`

server.interfaces.macAddress

Use quotes within values to help you find traffic based on MAC address.

Example

Show the traffic with this MAC address

server.interfaces.macAddress:"00:0D:3A:27:15:BA"

server.interfaces.address

Use a text value ##### to find traffic based on an IP address.

Examples

Show traffic for this IP address

server.interfaces.address:10.20.0.5

traffic.serverPort

Use an integer value ##### to help you find traffic with server port.

Example

Show traffic with server port 80

traffic.serverPort:80

traffic.stc.volume

Use an integer value ##### to help you find traffic with Server-to-Client traffic volume (B).

Examples

Show Server-to-Client traffic greater than 60B volume

traffic.stc.volume > 60

Show Server-to-Client traffic less than 100B volume

traffic.stc.volume < 100

traffic.cts.volume

Use an integer value ##### to help you find traffic with Client-to-Server traffic volume (B).

Examples

Show Client-to-Server traffic greater than 80B volume

traffic.cts.volume > 80

Show Client-to-Server traffic less than 20B volume

traffic.cts.volume < 20

traffic.total.volume

Use an integer value ##### to help you find traffic with total traffic volume (B).

Examples

Show total traffic greater than 100B volume

traffic.total.volume > 100

Show total traffic less than 30B volume

traffic.total.volume < 30

traffic.reportingStartTime

Use a specific date to find traffic with traffic reporting interval start time.

Example

Show traffic with reporting start time

traffic.reportingStartTime > '2020-07-01'

traffic.reportingEndTime

Use a specific date to find traffic with traffic reporting interval end time.

Example

Show traffic with reporting end time

traffic.reportingEndTime < '2020-07-01'