Home

Searching for Containers

Use the search tokens below to search for containers. Looking for help with writing your query? click here

arguments

Use a text value ##### to define a command line argument of interest.

Example

Show containers run with this command argument

arguments: family

command

Use a text value ##### to define a command you're looking for.

Example

Show containers run with this command

command: /run.sh

containerId

Use a text value ##### to find a container ID.

Example

Show container with this ID

containerId: ed46df944e1c

created

Use a date range or specific date to define when containers were created.

Examples

Find containers created within certain dates

created: [2017-06-15 ... 2017-06-30]

Find containers created on specific date

created:'2017-08-15'

environment

Use a text value ##### to define an environment variable name you're interested in.

Example

Show containers with this environment variable

environment: "my-variable"

host.hostname

Use a text value ##### to define the hostname you're looking for.

Example

Show containers with this hostname

host.hostname: dockerhost07.mydomain.com

host.ipAddress

Use a text value ##### to define a host IP address you're interested in.

Example

Show container with this IP address

host.ipAddress: 10.44.92.127

imageId

Use a text value ##### to define a container image ID of interest.

Example

Show containers with this image ID

imageId: c2d1b73a90ec

imageSha

Use a text value ##### to define SHA 256 hash of container image.

Example

Show container image with this SHA value

imageSha: 163dc7f6b91a30bdaa867c28e7edc341e72da63b0f9056be497bd59a83bce695

ipv4

Use a text value ##### to define a container IPv4 address of interest.

Example

Show containers on this IPv4 address

ipv4: 172.17.0.2

ipv6

Use a text value ##### to define a container IPv6 address of interest.

Example

Show containers on this IPv6 address

ipv6: fe80:0:0:0:2502:b53c:4139:404b

isInstrumented

Use the values true | false to find containers spun from instrumented images.

Example

Show containers spun from instrumented images

isInstrumented: true

isDrift

Use the values true | false to find drift containers.

Example

Show drift containers

isDrift: true

isRoot

Use the values true | false to find containers running processes as root. It refers to the privilege the running container has been started with; containers inherit the privilege of the user/process starting the container unless explicitly changed.

Example

Show containers running processes as root

isRoot: true

drift.category

Use a text value ##### to find containers having drift software or vulnerabilities (Software or Vulnerability).

Example

Show containers with drift software

drift.category: Software

drift.reason

Use a text value ##### to find containers with specific state of drift software or vulnerabilities (Fixed, New, Removed, Varied).

Example

Show drift reason

drift.reason: Fixed

label.key

Use a text value ##### to find containers with a certain label name.

Example

Show containers with label name "vendor"

label.key: vendor

label.value

Use a text value ##### to find containers with a certain label value.

Example

Show containers with label value "CentOS"

label.value: CentOS

lastScanned

Use a date range or specific date to define when containers were last scanned.

Examples

Show containers last scanned within certain dates

lastScanned: [2017-01-01 ... 2017-03-31]

Show containers last scanned starting 2016-10-15, ending 1 month ago

lastScanned: [2016-10-15 ... now-1M]

Show containers last scanned starting 2 weeks ago, ending 1 second ago

lastScanned: [now-2w ... now-1s]

Show containers last scanned on specific date

lastScanned:'2017-02-18'

macAddress

Use a text value ##### to define a container MAC address you're interested in.

Example

Show container with this MAC address

macAddress: 00-50-56-A9-73-5A

name

Use a text value ##### to define the container name you're interested in.

Example

Show this container name

name: my-container

operatingSystem

Use quotes or backticks within values to help you find containers with an operating system you're interested in.

Examples

Show any containers with this OS name

operatingSystem: Windows 2012

Show any containers that have components of OS name

operatingSystem: "Windows 2012"

Show containers that match exact value "Windows 2012"

operatingSystem: `Windows 2012`

path

Use a text value ##### to define the container path you're looking for. Enclose the path in double quotes.

Example

Show containers installed at this path

path: "/usr/path/container/"

portMapping.hostIp

Use a text value ##### to define a port mapping host of interest.

Example

Show containers with this host mapping host IP

portMapping.hostIp: xxx.xxx.xxx.xxx

portMapping.hostPort

Use an integer value ##### to define a port mapping host port you're looking for.

Example

Show containers with this host mapping host port

portMapping.hostPort: xxxxx

portMapping.port

Use an integer value ##### to define a port number on the container that is bound to the host port.

Example

Show containers with this port mapping port

portMapping.port: xxxxx

portMapping.protocol

Use a text value ##### to define a port mapping protocol you're interested in.

Example

Show containers with this port mapping protocol

portMapping.protocol: UDP

privileged

Use the values true | false to find containers with privilege status true or false.

Example

Show containers whose privilege status is true

privileged: true

drift.software.name

Use a text value ##### to find drift software with certain software name.

Example

Show findings with software name

drift.software.name: my-app

drift.software.version

Use a text value ##### to find drift software with certain software version.

Example

Show findings with software version

drift.software.version: 8.0

drift.software.fixVersion

Use a text value ##### to find drift software with certain fix version.

Example

Show findings with certain fix version

drift.software.fixVersion: 8.0

drift.software.vulnerabilities.authType

Use a text value ##### to find drift software vulnerabilities with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc). See Authentication Types in online help for more options.

Example

Show findings with Windows auth type

drift.software.vulnerabilities.authType: "WINDOWS_AUTH"

drift.software.vulnerabilities.category

Use a text value ##### to find drift software vulnerabilities with a vulnerability category (CGI, Database, DNS, BIND, etc). See Vulnerability Categories in online help for category names.

Example

Show findings with category CGI

drift.software.vulnerabilities.category: "CGI"

drift.software.vulnerabilities.customerSeverity

Use an integer value ##### to find drift software vulnerabilities with this customer defined severity (1-5).

Examples

Show findings with customer-defined severity 4

drift.software.vulnerabilities.customerSeverity: "4"

Show findings with customer-defined severity 5 and category DNS

drift.software.vulnerabilities: (customerSeverity: "5" AND category: "DNS")

drift.software.vulnerabilities.cveids

Use a text value ##### to find drift software vulnerabilities with CVE Ids.

Example

Show findings with CVE Ids

drift.software.vulnerabilities.cveids: "CVE-2014-9999"

drift.software.vulnerabilities.cvssInfo.accessVector

Use a text value ##### to find drift software vulnerabilities with specific CVSS access vector.

Example

Show findings with CVSS access vector

drift.software.vulnerabilities.cvssInfo.accessVector: "Local"

drift.software.vulnerabilities.cvssInfo.baseScore

Use a integer value ##### to find drift software vulnerabilities with specific CVSS base score.

Example

Show findings with CVSS base score

drift.software.vulnerabilities.cvssInfo.baseScore: "7.2"

drift.software.vulnerabilities.cvssInfo.temporalScore

Use a integer value ##### to find drift software vulnerabilities with specific CVSS temporal score.

Example

Show findings with CVSS temporal score

drift.software.vulnerabilities.cvssInfo.temporalScore: "6.2"

drift.software.vulnerabilities.cvss3Info.baseScore

Use a integer value ##### to find drift software vulnerabilities with specific CVSS3 base score.

Example

Show findings with CVSS3 base score

drift.software.vulnerabilities.cvss3Info.baseScore: "4.3"

drift.software.vulnerabilities.cvss3Info.temporalScore

Use a integer value ##### to find drift software vulnerabilities with specific CVSS3 temporal score.

Example

Show findings with CVSS3 temporal score

drift.software.vulnerabilities.cvss3Info.temporalScore: "3.8"

drift.software.vulnerabilities.discoveryType

Use a text value ##### to find drift software vulnerabilities with a discovery type (REMOTE or AUTHENTICATED).

Example

Show findings with Remote discovery type

drift.software.vulnerabilities.discoveryType: "REMOTE"

drift.software.vulnerabilities.firstFound

Use a date range or specific date to find when drift software vulnerabilities were first found.

Examples

Show findings first found within certain dates

drift.software.vulnerabilities.firstFound: [2017-10-01 ... 2017-10-12]

Show findings first found starting 2017-10-01, ending 1 month ago

drift.software.vulnerabilities.firstFound: [2017-10-01 ... now-1M]

Show findings first found starting 2 weeks ago, ending 1 second ago

drift.software.vulnerabilities.firstFound: [now-2w ... now-1s]

Show findings first found on certain date

drift.software.vulnerabilities.firstFound:'2017-09-22'

Show findings first found in the past 10 days with severity 5

drift.software.vulnerabilities: (firstFound > now-10d AND severity: "5")

drift.software.vulnerabilities.fixed

Use a date range or specific date to find drift software vulnerabilities that are fixed.

Examples

Show findings first found within certain dates

drift.software.vulnerabilities.fixed: [2017-10-01 ... 2017-10-12]

Show findings first found starting 2017-10-01, ending 1 month ago

drift.software.vulnerabilities.fixed: [2017-10-01 ... now-1M]

Show findings first found starting 2 weeks ago, ending 1 second ago

drift.software.vulnerabilities.fixed: [now-2w ... now-1s]

Show findings first found on certain date

drift.software.vulnerabilities.fixed:'2017-09-22'

Show findings first found in the past 10 days with severity 5

drift.software.vulnerabilities: (fixed > now-10d AND severity: "5")

drift.software.vulnerabilities.lastFound

Use a date range or specific date to find when drift software vulnerabilities were last found.

Examples

Show findings last found within certain dates

drift.software.vulnerabilities.lastFound: [2017-10-02 ... 2017-10-15]

Show findings last found starting 2017-10-01, ending 1 month ago

drift.software.vulnerabilities.lastFound: [2017-10-01 ... now-1M]

Show findings last found starting 2 weeks ago, ending 1 second ago

drift.software.vulnerabilities.lastFound: [now-2w ... now-1s]

Show findings last found on certain date

drift.software.vulnerabilities.lastFound:'2017-10-11'

Show findings last found on 2017-10-12 and category CGI

drift.software.vulnerabilities: (lastFound: '2017-10-12' AND category: "CGI")

drift.software.vulnerabilities.result

Use a text value ##### to find drift software packages that have vulnerabilities. This is scan (QID) test result generated by signature.

Example

Show findings with libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4

drift.software.vulnerabilities.result: "libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4"

drift.software.vulnerabilities.risk

Use an integer value ##### to find drift software vulnerabilities having a certain risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.

Example

Show findings with risk 50

drift.software.vulnerabilities.risk: 50

drift.software.vulnerabilities.severity

Use an integer value ##### to find drift software vulnerabilities with this Qualys defined severity (1-5).

Examples

Show findings with severity 4

drift.software.vulnerabilities.severity: "4"

Show findings with severity 5 and category DNS

drift.software.vulnerabilities: (severity: "5" AND category: "DNS")

drift.software.vulnerabilities.status

Use a text value ##### to find drift software vulnerabilities with a vulnerability status (OPEN, FIXED or REOPENED).

Example

Show findings with this status

drift.software.vulnerabilities.status: "OPEN"

drift.software.vulnerabilities.supportedBy

Use a text value ##### to find drift software vulnerabilities that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows Agent, CA-Linux Agent, CA-Mac Agent).

Example

Show findings supported by VM

drift.software.vulnerabilities.supportedBy: "VM"

drift.software.vulnerabilities.threatIntel

Use a text value ##### to find drift software vulnerabilities that are exposed to real-time threats.

Examples

Show findings exposed to public exploit threats

drift.software.vulnerabilities.threatIntel: "publicExploit": true

Show findings exposed to multiple threats

drift.software.vulnerabilities.threatIntel: {"publicExploit" : true, "publicExploitNames" : ["Sambar Server 4.3/4.4 Beta 3 - Search CGI - The Exploit-DB Ref : 20223" ]}

drift.software.vulnerabilities.typeDetected

Use a text value ##### to find drift software vulnerabilities with a detection type (CONFIRMED or POTENTIAL).

Example

Show findings with this detection type

drift.software.vulnerabilities.typeDetected: "CONFIRMED"

drift.software.vulnerabilities.qid

Use an integer value ##### to provide a QID to find containers having vulnerabilities in certain drift software.

Example

Show findings with QID 90405

drift.software.vulnerabilities.qid: 90405

drift.software.vulnerabilities.title

Use an text value ##### to provide a title to find containers having vulnerabilities in certain drift software.

Example

Show findings with title

drift.software.vulnerabilities.title: title text

drift.software.vulnerabilities.software.name

Use a text value ##### to find vulnerabilities present in certain drift software.

Example

Show findings with software name

drift.software.vulnerabilities.software.name: my-app

drift.software.vulnerabilities.software.version

Use a text value ##### to find vulnerabilities present in certain version of a drift software.

Example

Show findings with software version

drift.software.vulnerabilities.software.version: 8.0

drift.software.vulnerabilities.software.fixVersion

Use a text value ##### to find vulnerabilities present in certain fix version of a drift software.

Example

Show findings with certain fix version

drift.software.vulnerabilities.software.fixVersion: 8.0

drift.software.vulnerabilities.source

Use a text value ##### to find drift software vulnerabilities from specific source (CONTAINER, IMAGE, BOTH).

Example

Show drift software from images

drift.software.vulnerabilities.source: IMAGE

drift.software.vulnerabilities.reason

Use a text value ##### to find drift software vulnerabilities with specific state (Fixed, New, Removed, Varied)

Example

Show drift software that is new

drift.software.vulnerabilities.reason: NEW

drift.software.vulnerabilities.threatIntel.activeAttacks

Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to active attacks.

Example

Show containers exposed to threats due to active attacks

drift.software.vulnerabilities.threatIntel.activeAttacks: true

drift.software.vulnerabilities.threatIntel.denialOfService

Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to denial of service.

Example

Show containers having threats due to denial of service

drift.software.vulnerabilities.threatIntel.denialOfService: true

drift.software.vulnerabilities.threatIntel.easyExploit

Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to easy exploit.

Example

Show containers exposed to threats due to easy exploit

drift.software.vulnerabilities.threatIntel.easyExploit: true

drift.software.vulnerabilities.threatIntel.highDataLoss

Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to high data loss.

Example

Show containers exposed to threats due to high data loss

drift.software.vulnerabilities.threatIntel.highDataLoss: true

drift.software.vulnerabilities.threatIntel.highLateralMovement

Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to high lateral movement.

Example

Show containers exposed to threats due to high lateral movement

drift.software.vulnerabilities.threatIntel.highLateralMovement: true

drift.software.vulnerabilities.threatIntel.malware

Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to malware.

Example

Show containers exposed to threats due to malware

drift.software.vulnerabilities.threatIntel.malware: true

drift.software.vulnerabilities.threatIntel.noPatch

Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to no patch available.

Example

Show containers exposed to threats due to no patch available

drift.software.vulnerabilities.threatIntel.noPatch: true

drift.software.vulnerabilities.threatIntel.publicExploit

Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to public exploit.

Example

Show containers exposed to threats due to public exploit

drift.software.vulnerabilities.threatIntel.publicExploit: true

drift.software.source

Use a text value ##### to find drift software from specific source (CONTAINER, IMAGE, BOTH).

Example

Show drift software from images

drift.software.source: IMAGE

drift.software.reason

Use a text value ##### to find drift software with specific state (Fixed, New, Removed, Varied)

Example

Show drift software that is new

drift.software.reason: NEW

drift.vulnerability.authType

Use a text value ##### to find drift vulnerabilities with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc). See Authentication Types in online help for more options.

Example

Show findings with Windows auth type

drift.vulnerability.authType: "WINDOWS_AUTH"

drift.vulnerability.category

Use a text value ##### to find drift vulnerabilities with a vulnerability category (CGI, Database, DNS, BIND, etc). See Vulnerability Categories in online help for category names.

Example

Show findings with category CGI

drift.vulnerability.category: "CGI"

drift.vulnerability.customerSeverity

Use an integer value ##### to find drift vulnerabilities with this customer defined severity (1-5).

Examples

Show findings with customer-defined severity 4

drift.vulnerability.customerSeverity: "4"

Show findings with customer-defined severity 5 and category DNS

drift.vulnerability: (customerSeverity: "5" AND category: "DNS")

drift.vulnerability.cveids

Use a text value ##### to find drift vulnerabilities with CVE Ids.

Example

Show findings with CVE Ids

drift.vulnerability.cveids: "CVE-2014-9999"

drift.vulnerability.cvssInfo.accessVector

Use a text value ##### to find drift vulnerabilities with specific CVSS access vector.

Example

Show findings with CVSS access vector

drift.vulnerability.cvssInfo.accessVector: "Local"

drift.vulnerability.cvssInfo.baseScore

Use a integer value ##### to find drift vulnerabilities with specific CVSS base score.

Example

Show findings with CVSS base score

drift.vulnerability.cvssInfo.baseScore: "7.2"

drift.vulnerability.cvssInfo.temporalScore

Use a integer value ##### to find drift vulnerabilities with specific CVSS temporal score.

Example

Show findings with CVSS temporal score

drift.vulnerability.cvssInfo.temporalScore: "6.2"

drift.vulnerability.cvss3Info.baseScore

Use a integer value ##### to find drift vulnerabilities with specific CVSS3 base score.

Example

Show findings with CVSS3 base score

drift.vulnerability.cvss3Info.baseScore: "4.3"

drift.vulnerability.cvss3Info.temporalScore

Use a integer value ##### to find drift vulnerabilities with specific CVSS3 temporal score.

Example

Show findings with CVSS3 temporal score

drift.vulnerability.cvss3Info.temporalScore: "3.8"

drift.vulnerability.discoveryType

Use a text value ##### to find drift vulnerabilities with a discovery type (REMOTE or AUTHENTICATED).

Example

Show findings with Remote discovery type

drift.vulnerability.discoveryType: "REMOTE"

drift.vulnerability.firstFound

Use a date range or specific date to find when drift vulnerabilities were first found.

Examples

Show findings first found within certain dates

drift.vulnerability.firstFound: [2017-10-01 ... 2017-10-12]

Show findings first found starting 2017-10-01, ending 1 month ago

drift.vulnerability.firstFound: [2017-10-01 ... now-1M]

Show findings first found starting 2 weeks ago, ending 1 second ago

drift.vulnerability.firstFound: [now-2w ... now-1s]

Show findings first found on certain date

drift.vulnerability.firstFound:'2017-09-22'

Show findings first found in the past 10 days with severity 5

drift.vulnerability: (firstFound > now-10d AND severity: "5")

drift.vulnerability.fixed

Use a date range or specific date to find fixed drift vulnerabilities.

Examples

Show findings first found within certain dates

drift.vulnerability.fixed: [2017-10-01 ... 2017-10-12]

Show findings first found starting 2017-10-01, ending 1 month ago

drift.vulnerability.fixed: [2017-10-01 ... now-1M]

Show findings first found starting 2 weeks ago, ending 1 second ago

drift.vulnerability.fixed: [now-2w ... now-1s]

Show findings first found on certain date

drift.vulnerability.fixed:'2017-09-22'

Show findings first found in the past 10 days with severity 5

drift.vulnerability: (fixed > now-10d AND severity: "5")

drift.vulnerability.lastFound

Use a date range or specific date to find when drift vulnerabilities were last found.

Examples

Show findings last found within certain dates

drift.vulnerability.lastFound: [2017-10-02 ... 2017-10-15]

Show findings last found starting 2017-10-01, ending 1 month ago

drift.vulnerability.lastFound: [2017-10-01 ... now-1M]

Show findings last found starting 2 weeks ago, ending 1 second ago

drift.vulnerability.lastFound: [now-2w ... now-1s]

Show findings last found on certain date

drift.vulnerability.lastFound:'2017-10-11'

Show findings last found on 2017-10-12 and category CGI

drift.vulnerability: (lastFound: '2017-10-12' AND category: "CGI")

drift.vulnerability.result

Use a text value ##### to find software packages that have drift vulnerabilities. This is scan (QID) test result generated by signature.

Example

Show findings with libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4

drift.vulnerability.result: "libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4"

drift.vulnerability.risk

Use an integer value ##### to find drift vulnerabilities having a certain risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.

Example

Show findings with risk 50

drift.vulnerability.risk: 50

drift.vulnerability.severity

Use an integer value ##### to find drift vulnerabilities with this Qualys defined severity (1-5).

Examples

Show findings with severity 4

drift.vulnerability.severity: "4"

Show findings with severity 5 and category DNS

drift.vulnerability: (severity: "5" AND category: "DNS")

drift.vulnerability.status

Use a text value ##### to find drift vulnerabilities with a vulnerability status (OPEN, FIXED or REOPENED).

Example

Show findings with this status

drift.vulnerability.status: "OPEN"

drift.vulnerability.supportedBy

Use a text value ##### to find drift vulnerabilities that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows Agent, CA-Linux Agent, CA-Mac Agent).

Example

Show findings supported by VM

drift.vulnerability.supportedBy: "VM"

drift.vulnerability.threatIntel

Use a text value ##### to find drift vulnerabilities that are exposed to real-time threats.

Examples

Show findings exposed to public exploit threats

drift.vulnerability.threatIntel: "publicExploit": true

Show findings exposed to multiple threats

drift.vulnerability.threatIntel: {"publicExploit" : true, "publicExploitNames" : ["Sambar Server 4.3/4.4 Beta 3 - Search CGI - The Exploit-DB Ref : 20223" ]}

drift.vulnerability.typeDetected

Use a text value ##### to find drift vulnerabilities with a detection type (CONFIRMED or POTENTIAL).

Example

Show findings with this detection type

drift.vulnerability.typeDetected: "CONFIRMED"

drift.vulnerability.qid

Use an integer value ##### to provide a QID to find containers with certain drift vulnerability.

Example

Show findings with QID 90405

drift.vulnerability.qid: 90405

drift.vulnerability.title

Use an text value ##### to provide a title to find containers with certain drift vulnerability.

Example

Show findings with title

drift.vulnerability.title: title text

drift.vulnerability.software.name

Use a text value ##### to find drift vulnerability present in certain software.

Example

Show findings with software name

drift.vulnerability.software.name: my-app

drift.vulnerability.software.version

Use a text value ##### to find drift vulnerability present in certain software version.

Example

Show findings with software version

drift.vulnerability.software.version: 8.0

drift.vulnerability.software.fixVersion

Use a text value ##### to find drift vulnerability present in certain software fix version.

Example

Show findings with certain fix version

drift.vulnerability.software.fixVersion: 8.0

drift.vulnerability.source

Use a text value ##### to find drift vulnerability from specific source (CONTAINER, IMAGE, BOTH).

Example

Show drift software from images

drift.vulnerability.source: IMAGE

drift.vulnerability.reason

Use a text value ##### to find drift vulnerability with specific state (Fixed, New, Removed, Varied)

Example

Show drift software that is new

drift.vulnerability.reason: NEW

drift.vulnerability.threatIntel.activeAttacks

Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to active attacks.

Example

Show containers exposed to threats due to active attacks

drift.vulnerability.threatIntel.activeAttacks: true

drift.vulnerability.threatIntel.denialOfService

Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to denial of service.

Example

Show containers having threats due to denial of service

drift.vulnerability.threatIntel.denialOfService: true

drift.vulnerability.threatIntel.easyExploit

Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to easy exploit.

Example

Show containers exposed to threats due to easy exploit

drift.vulnerability.threatIntel.easyExploit: true

drift.vulnerability.threatIntel.highDataLoss

Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to high data loss.

Example

Show containers exposed to threats due to high data loss

drift.vulnerability.threatIntel.highDataLoss: true

drift.vulnerability.threatIntel.highLateralMovement

Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to high lateral movement.

Example

Show containers exposed to threats due to high lateral movement

drift.vulnerability.threatIntel.highLateralMovement: true

drift.vulnerability.threatIntel.malware

Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to malware.

Example

Show containers exposed to threats due to malware

drift.vulnerability.threatIntel.malware: true

drift.vulnerability.threatIntel.noPatch

Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to no patch available.

Example

Show containers exposed to threats due to no patch available

drift.vulnerability.threatIntel.noPatch: true

drift.vulnerability.threatIntel.publicExploit

Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to public exploit.

Example

Show containers exposed to threats due to public exploit

drift.vulnerability.threatIntel.publicExploit: true

sha

Use a text value ##### to define SHA 256 hash of container image.

Example

Show findings with this SHA value

sha: 163dc7f6b91a30bdaa867c28e7edc341e72da63b0f9056be497bd59a83bce695

software.name

Use a text value ##### to find the software application name you're looking for.

Example

Show containers with this software name

software.name: MyApp

software.version

Use a text value ##### to find the software application version of interest.

Example

Show containers with this software version

software.version: 2.0.3

software.fixVersion

Use a text value ##### to find software with specific fix version.

Example

Show containers with this software version

software.fixVersion: 2.0.3

software.vulnerabilities.authType

Use a text value ##### to find software vulnerabilities with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc). See Authentication Types in online help for more options.

Example

Show findings with Windows auth type

software.vulnerabilities.authType: "WINDOWS_AUTH"

software.vulnerabilities.category

Use a text value ##### to find software vulnerabilities with a vulnerability category (CGI, Database, DNS, BIND, etc). See Vulnerability Categories in online help for category names.

Example

Show findings with category CGI

software.vulnerabilities.category: "CGI"

software.vulnerabilities.customerSeverity

Use an integer value ##### to find software vulnerabilities with this customer defined severity (1-5).

Examples

Show findings with customer-defined severity 4

software.vulnerabilities.customerSeverity: "4"

Show findings with customer-defined severity 5 and category DNS

software.vulnerabilities: (customerSeverity: "5" AND category: "DNS")

software.vulnerabilities.cveids

Use a text value ##### to find software vulnerabilities with CVE Ids.

Example

Show findings with CVE Ids

software.vulnerabilities.cveids: "CVE-2014-9999"

software.vulnerabilities.cvssInfo.accessVector

Use a text value ##### to find containers having software vulnerabilities with specific CVSS access vector.

Example

Show findings with CVSS access vector

software.vulnerabilities.cvssInfo.accessVector: "Local"

software.vulnerabilities.cvssInfo.baseScore

Use a integer value ##### to find containers having software vulnerabilities with specific CVSS base score.

Example

Show findings with CVSS base score

software.vulnerabilities.cvssInfo.baseScore: "7.2"

software.vulnerabilities.cvssInfo.temporalScore

Use a integer value ##### to find containers having software vulnerabilities with specific CVSS temporal score.

Example

Show findings with CVSS temporal score

software.vulnerabilities.cvssInfo.temporalScore: "6.2"

software.vulnerabilities.cvss3Info.baseScore

Use a integer value ##### to find containers having software vulnerabilities with specific CVSS3 base score.

Example

Show findings with CVSS3 base score

software.vulnerabilities.cvss3Info.baseScore: "4.3"

software.vulnerabilities.cvss3Info.temporalScore

Use a integer value ##### to find containers having software vulnerabilities with specific CVSS3 temporal score.

Example

Show findings with CVSS3 temporal score

software.vulnerabilities.cvss3Info.temporalScore: "3.8"

software.vulnerabilities.discoveryType

Use a text value ##### to find software vulnerabilities with a discovery type (REMOTE or AUTHENTICATED).

Example

Show findings with Remote discovery type

software.vulnerabilities.discoveryType: "REMOTE"

software.vulnerabilities.firstFound

Use a date range or specific date to find when software vulnerabilities were first found.

Examples

Show findings first found within certain dates

software.vulnerabilities.firstFound: [2017-10-01 ... 2017-10-12]

Show findings first found starting 2017-10-01, ending 1 month ago

software.vulnerabilities.firstFound: [2017-10-01 ... now-1M]

Show findings first found starting 2 weeks ago, ending 1 second ago

software.vulnerabilities.firstFound: [now-2w ... now-1s]

Show findings first found on certain date

software.vulnerabilities.firstFound:'2017-09-22'

Show findings first found in the past 10 days with severity 5

software.vulnerabilities: (firstFound > now-10d AND severity: "5")

software.vulnerabilities.fixed

Use a date range or specific date to find software with vulnerabilities that are fixed.

Examples

Show findings first found within certain dates

software.vulnerabilities.fixed: [2017-10-01 ... 2017-10-12]

Show findings first found starting 2017-10-01, ending 1 month ago

software.vulnerabilities.fixed: [2017-10-01 ... now-1M]

Show findings first found starting 2 weeks ago, ending 1 second ago

software.vulnerabilities.fixed: [now-2w ... now-1s]

Show findings first found on certain date

software.vulnerabilities.fixed:'2017-09-22'

Show findings first found in the past 10 days with severity 5

software.vulnerabilities: (fixed > now-10d AND severity: "5")

software.vulnerabilities.lastFound

Use a date range or specific date to find when software vulnerabilities were last found.

Examples

Show findings last found within certain dates

software.vulnerabilities.lastFound: [2017-10-02 ... 2017-10-15]

Show findings last found starting 2017-10-01, ending 1 month ago

software.vulnerabilities.lastFound: [2017-10-01 ... now-1M]

Show findings last found starting 2 weeks ago, ending 1 second ago

software.vulnerabilities.lastFound: [now-2w ... now-1s]

Show findings last found on certain date

software.vulnerabilities.lastFound:'2017-10-11'

Show findings last found on 2017-10-12 and category CGI

software.vulnerabilities: (lastFound: '2017-10-12' AND category: "CGI")

software.vulnerabilities.result

Use a text value ##### to find software packages that have vulnerabilities. This is scan (QID) test result generated by signature.

Example

Show findings with libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4

software.vulnerabilities.result: "libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4"

software.vulnerabilities.risk

Use an integer value ##### to find software vulnerabilities having a certain risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.

Example

Show findings with risk 50

software.vulnerabilities.risk: 50

software.vulnerabilities.severity

Use an integer value ##### to find software vulnerabilities with this Qualys defined severity (1-5).

Examples

Show findings with severity 4

software.vulnerabilities.severity: "4"

Show findings with severity 5 and category DNS

software.vulnerabilities: (severity: "5" AND category: "DNS")

software.vulnerabilities.status

Use a text value ##### to find software vulnerabilities with a vulnerability status (OPEN, FIXED or REOPENED).

Example

Show findings with this status

software.vulnerabilities.status: "OPEN"

software.vulnerabilities.supportedBy

Use a text value ##### to find software vulnerabilities that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows Agent, CA-Linux Agent, CA-Mac Agent).

Example

Show findings supported by VM

software.vulnerabilities.supportedBy: "VM"

software.vulnerabilities.threatIntel

Use a text value ##### to find software vulnerabilities that are exposed to real-time threats.

Examples

Show findings exposed to public exploit threats

software.vulnerabilities.threatIntel: "publicExploit": true

Show findings exposed to multiple threats

software.vulnerabilities.threatIntel: {"publicExploit" : true, "publicExploitNames" : ["Sambar Server 4.3/4.4 Beta 3 - Search CGI - The Exploit-DB Ref : 20223" ]}

software.vulnerabilities.typeDetected

Use a text value ##### to find software vulnerabilities with a detection type (CONFIRMED or POTENTIAL).

Example

Show findings with this detection type

software.vulnerabilities.typeDetected: "CONFIRMED"

software.vulnerabilities.qid

Use an integer value ##### to provide a QID to find containers with software having certain vulnerability.

Example

Show findings with QID 90405

software.vulnerabilities.qid: 90405

software.vulnerabilities.title

Use an text value ##### to provide a title to find containers with software having certain vulnerability.

Example

Show findings with title

software.vulnerabilities.title: title text

software.vulnerabilities.software.name

Use a text value ##### to find vulnerability present in certain software.

Example

Show findings with software name

software.vulnerabilities.software.name: my-app

software.vulnerabilities.software.version

Use a text value ##### to find vulnerability present in certain software version.

Example

Show findings with software version

software.vulnerabilities.software.version: 8.0

software.vulnerabilities.software.fixVersion

Use a text value ##### to find vulnerability present in certain software fix version.

Example

Show findings with certain fix version

software.vulnerabilities.software.fixVersion: 8.0

software.vulnerabilities.source

Use a text value ##### to find software vulnerability from specific source (CONTAINER, IMAGE, BOTH).

Example

Show software software from images

software.vulnerabilities.source: IMAGE

software.vulnerabilities.reason

Use a text value ##### to find software vulnerability with specific state (Fixed, New, Removed, Varied)

Example

Show software software that is new

software.vulnerabilities.reason: NEW

software.vulnerabilities.threatIntel.activeAttacks

Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to active attacks.

Example

Show containers exposed to threats due to active attacks

software.vulnerabilities.threatIntel.activeAttacks: true

software.vulnerabilities.threatIntel.denialOfService

Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to denial of service.

Example

Show containers having threats due to denial of service

software.vulnerabilities.threatIntel.denialOfService: true

software.vulnerabilities.threatIntel.easyExploit

Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to easy exploit.

Example

Show containers exposed to threats due to easy exploit

software.vulnerabilities.threatIntel.easyExploit: true

software.vulnerabilities.threatIntel.highDataLoss

Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to high data loss.

Example

Show containers exposed to threats due to high data loss

software.vulnerabilities.threatIntel.highDataLoss: true

software.vulnerabilities.threatIntel.highLateralMovement

Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to high lateral movement.

Example

Show containers exposed to threats due to high lateral movement

software.vulnerabilities.threatIntel.highLateralMovement: true

software.vulnerabilities.threatIntel.malware

Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to malware.

Example

Show containers exposed to threats due to malware

software.vulnerabilities.threatIntel.malware: true

software.vulnerabilities.threatIntel.noPatch

Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to no patch available.

Example

Show containers exposed to threats due to no patch available

software.vulnerabilities.threatIntel.noPatch: true

software.vulnerabilities.threatIntel.publicExploit

Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to public exploit.

Example

Show containers exposed to threats due to public exploit

software.vulnerabilities.threatIntel.publicExploit: true

source

Use a text value ##### to find containers from specific source (GENERAL, HOST).

Example

Show containers on host

source: HOST

state

Use a text value ##### to find containers in certain state (CREATED, RUNNING, STOPPED, PAUSED, DELETED, UNKNOWN).

Example

Show containers in a certain state

state: "Running"

stateChanged

Use a date range or specific date to define when containers changed state. When entering a date use YYYY-MM-DD format.

Examples

Show containers that changed state within certain dates

stateChanged: [2019-10-01 ... 2019-10-12]

Show containers that changed state starting October 1st and ending 1 month ago

stateChanged: [2019-10-01 ... now-1M]

Show containers that changed state starting 2 weeks ago, ending 1 second ago

stateChanged: [now-2w ... now-1s]

Show containers that changed state on certain date

stateChanged:'2019-09-22'

updated

Use a date range or specific date to define when containers were updated.

Examples

Find containers updated within certain dates

updated: [2019-06-15 ... 2019-06-30]

Find containers updated on specific date

updated:'2019-08-15'

users

Use a text value ##### to find a user name configured inside a container image/running-container. The user can be any container user: root or non-root.

Example

Show findings with this user name

users: asmith

vulnerabilities.authType

Use a text value ##### to find containers having vulnerabilities with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc). See Authentication Types in online help for more options.

Example

Show findings with Windows auth type

vulnerabilities.authType: "WINDOWS_AUTH"

vulnerabilities.category

Use a text value ##### to find containers with vulnerabilities having a vulnerability category (CGI, Database, DNS, BIND, etc). See Vulnerability Categories in online help for category names.

Example

Show findings with category CGI

vulnerabilities.category: "CGI"

vulnerabilities.customerSeverity

Use an integer value ##### to find containers having vulnerabilities with this customer defined severity (1-5).

Examples

Show findings with customer-defined severity 4

vulnerabilities.customerSeverity: "4"

Show findings with customer-defined severity 5 and category DNS

vulnerabilities: (customerSeverity: "5" AND category: "DNS")

vulnerabilities.cveids

Use a text value ##### to find the CVE name you're interested in.

Example

Show findings with CVE name CVE-2015-0313

vulnerabilities.cveids: CVE-2015-0313

vulnerabilities.cvssInfo.accessVector

Use a text value ##### to find containers having vulnerabilities with specific CVSS access vector.

Example

Show findings with CVSS access vector

vulnerabilities.cvssInfo.accessVector: "Local"

vulnerabilities.cvssInfo.baseScore

Use a integer value ##### to find containers having vulnerabilities with specific CVSS base score.

Example

Show findings with CVSS base score

vulnerabilities.cvssInfo.baseScore: "7.2"

vulnerabilities.cvssInfo.temporalScore

Use a integer value ##### to find containers having vulnerabilities with specific CVSS temporal score.

Example

Show findings with CVSS temporal score

vulnerabilities.cvssInfo.temporalScore: "6.2"

vulnerabilities.cvss3Info.baseScore

Use a integer value ##### to find containers having vulnerabilities with specific CVSS3 base score.

Example

Show findings with CVSS3 base score

vulnerabilities.cvss3Info.baseScore: "4.3"

vulnerabilities.cvss3Info.temporalScore

Use a integer value ##### to find containers having vulnerabilities with specific CVSS3 temporal score.

Example

Show findings with CVSS3 temporal score

vulnerabilities.cvss3Info.temporalScore: "3.8"

vulnerabilities.discoveryType

Use a text value ##### to find containers having vulnerabilities with a discovery type (REMOTE or AUTHENTICATED).

Example

Show findings with Remote discovery type

vulnerabilities.discoveryType: "REMOTE"

vulnerabilities.firstFound

Use a date range or specific date to define when vulnerabilities on container were first found.

Examples

Show findings first found within certain dates

vulnerabilities.firstFound: [2017-10-01 ... 2017-10-12]

Show findings first found starting 2017-10-01, ending 1 month ago

vulnerabilities.firstFound: [2017-10-01 ... now-1M]

Show findings first found starting 2 weeks ago, ending 1 second ago

vulnerabilities.firstFound: [now-2w ... now-1s]

Show findings first found on certain date

vulnerabilities.firstFound:'2017-09-22'

Show findings first found in the past 10 days with severity 5

vulnerabilities: (firstFound > now-10d AND severity: "5")

vulnerabilities.fixed

Use a date range or specific date to define when vulnerabilities on container were fixed.

Examples

Show findings fixed within certain dates

vulnerabilities.fixed: [2017-10-01 ... 2017-10-12]

Show findings fixed starting 2017-10-01, ending 1 month ago

vulnerabilities.fixed: [2017-10-01 ... now-1M]

Show findings fixed starting 2 weeks ago, ending 1 second ago

vulnerabilities.fixed: [now-2w ... now-1s]

Show findings fixed on certain date

vulnerabilities.fixed:'2017-09-22'

Show findings fixed in the past 10 days with severity 5

vulnerabilities: (fixed > now-10d AND severity: "5")

vulnerabilities.lastFound

Use a date range or specific date to define when vulnerabilities on container were last found.

Examples

Show findings last found within certain dates

vulnerabilities.lastFound: [2017-10-02 ... 2017-10-15]

Show findings last found starting 2017-10-01, ending 1 month ago

vulnerabilities.lastFound: [2017-10-01 ... now-1M]

Show findings last found starting 2 weeks ago, ending 1 second ago

vulnerabilities.lastFound: [now-2w ... now-1s]

Show findings last found on certain date

vulnerabilities.lastFound:'2017-10-11'

Show findings last found on 2017-10-12 and category CGI

vulnerabilities: (lastFound: '2017-10-12' AND category: "CGI")

vulnerabilities.product

Use a text value ##### to find containers having vulnerabilities on a certain vendor product (moodle, gnome, code-crafters, etc). See Product References in online help for vendor names.

Example

Show findings for this product

vulnerabilities.product: "moodle"

vulnerabilities.result

Use a text value ##### to find software packages that have vulnerabilities. This is scan (QID) test result generated by signature.

Example

Show findings with libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4

vulnerabilities.result: "libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4"

vulnerabilities.risk

Use an integer value ##### to find containers with vulnerabilities having a certain risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.

Example

Show findings with risk 50

vulnerabilities.risk: 50

vulnerabilities.severity

Use an integer value ##### to find containers having vulnerabilities with this Qualys defined severity (1-5).

Example

Show findings with severity 4

vulnerabilities.severity: "4"

Show findings with severity 5 and category DNS

vulnerabilities: (severity: "5" AND category: "DNS")

vulnerabilities.status

Use a text value ##### to find containers having vulnerabilities with a vulnerability status (OPEN, FIXED or REOPENED).

Example

Show findings with this status

vulnerabilities.status: "OPEN"

vulnerabilities.supportedBy

Use a text value ##### to find containers with vulnerabilities that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows Agent, CA-Linux Agent, CA-Mac Agent).

Example

Show findings supported by VM

vulnerabilities.supportedBy: "VM"

vulnerabilities.threatIntel.activeAttacks

Use the values true | false to find containers with vulnerabilities leading to real-time threats due to active attacks.

Example

Show containers exposed to threats due to active attacks

vulnerabilities.threatIntel.activeAttacks: true

vulnerabilities.threatIntel.denialOfService

Use the values true | false to find containers with vulnerabilities leading to real-time threats due to denial of service.

Example

Show containers having threats due to denial of service

vulnerabilities.threatIntel.denialOfService: true

vulnerabilities.threatIntel.easyExploit

Use the values true | false to find containers with vulnerabilities leading to real-time threats due to easy exploit.

Example

Show containers exposed to threats due to easy exploit

vulnerabilities.threatIntel.easyExploit: true

vulnerabilities.threatIntel.highDataLoss

Use the values true | false to find containers with vulnerabilities leading to real-time threats due to high data loss.

Example

Show containers exposed to threats due to high data loss

vulnerabilities.threatIntel.highDataLoss: true

vulnerabilities.threatIntel.highLateralMovement

Use the values true | false to find containers with vulnerabilities leading to real-time threats due to high lateral movement.

Example

Show containers exposed to threats due to high lateral movement

vulnerabilities.threatIntel.highLateralMovement: true

vulnerabilities.threatIntel.malware

Use the values true | false to find containers with vulnerabilities leading to real-time threats due to malware.

Example

Show containers exposed to threats due to malware

vulnerabilities.threatIntel.malware: true

vulnerabilities.threatIntel.noPatch

Use the values true | false to find containers with vulnerabilities leading to real-time threats due to no patch available.

Example

Show containers exposed to threats due to no patch available

vulnerabilities.threatIntel.noPatch: true

vulnerabilities.threatIntel.publicExploit

Use the values true | false to find containers with vulnerabilities leading to real-time threats due to public exploit.

Example

Show containers exposed to threats due to public exploit

vulnerabilities.threatIntel.publicExploit: true

vulnerabilities.typeDetected

Use a text value ##### to find containers having vulnerabilities with a detection type (CONFIRMED or POTENTIAL).

Example

Show findings with this detection type

vulnerabilities.typeDetected: "CONFIRMED"

vulnerabilities.vendor

Use a text value ##### to find containers having vulnerabilities on product from a certain vendor. See Vendor References in online help for vendor names.

Example

Show findings for this vendor

vulnerabilities.vendor: "vendor-name"

vulnerabilities.qid

Use an integer value ##### to provide a QID to find containers with certain vulnerability.

Example

Show findings with QID 90405

vulnerabilities.qid: 90405

vulnerabilities.title

Use an text value ##### to provide a title to find containers with certain vulnerability.

Example

Show findings with title

vulnerabilities.title: title text

vulnerabilities.software.name

Use a text value ##### to find vulnerability present in certain software.

Example

Show findings with software name

vulnerabilities.software.name: my-app

vulnerabilities.software.version

Use a text value ##### to find vulnerability present in certain software version.

Example

Show findings with software version

vulnerabilities.software.version: 8.0

vulnerabilities.software.fixVersion

Use a text value ##### to find vulnerability present in certain software fix version.

Example

Show findings with certain fix version

vulnerabilities.software.fixVersion: 8.0

services.name

Use a text value ##### to find containers with specific services running on them.

Example

Show findings with service name

services.name: sshd

services.description

Use a text value ##### to find containers with the description of specific services running on them.

Example

Show findings with service description

services.description: Secure Socket Shell

services.status

Use a text value ##### to find containers with the status of specific services running on them. Status could be RUNNING, STOPPED, etc.

Example

Show findings with service status

services.status: RUNNING