Home

Searching for Containers

Use the search tokens below to search for containers. Looking for help with writing your query? click here

arguments

Use a text value ##### to define a command line argument of interest.

Example

Show containers run with this command argument

arguments: family

command

Use a text value ##### to define a command you're looking for.

Example

Show containers run with this command

command: /run.sh

containerId

Use a text value ##### to find a container ID.

Example

Show container with this ID

containerId: ed46df944e1c

created

Use a date range or specific date to define when containers were created.

Examples

Find containers created within certain dates

created: [2017-06-15 ... 2017-06-30]

Find containers created on specific date

created:'2017-08-15'

environment

Use a text value ##### to define an environment variable name you're interested in.

Example

Show containers with this environment variable

environment: "my-variable"

host.hostname

Use a text value ##### to define the hostname you're looking for.

Example

Show containers with this hostname

host.hostname: dockerhost07.mydomain.com

host.ipAddress

Use a text value ##### to define a host IP address you're interested in.

Example

Show container with this IP address

host.ipAddress: 10.44.92.127

imageId

Use a text value ##### to define a container image ID of interest.

Example

Show containers with this image ID

imageId: c2d1b73a90ec

imageSha

Use a text value ##### to define SHA 256 hash of container image.

Example

Show container image with this SHA value

imageSha: 163dc7f6b91a30bdaa867c28e7edc341e72da63b0f9056be497bd59a83bce695

ipv4

Use a text value ##### to define a container IPv4 address of interest.

Example

Show containers on this IPv4 address

ipv4: 172.17.0.2

ipv6

Use a text value ##### to define a container IPv6 address of interest.

Example

Show containers on this IPv6 address

ipv6: fe80:0:0:0:2502:b53c:4139:404b

isInstrumented

Use the values true | false to find containers spun from instrumented images.

Example

Show containers spun from instrumented images

isInstrumented: true

isDrift

Use the values true | false to find drift containers.

Example

Show drift containers

isDrift: true

isRoot

Use the values true | false to find containers running processes as root. It refers to the privilege the running container has been started with; containers inherit the privilege of the user/process starting the container unless explicitly changed.

Example

Show containers running processes as root

isRoot: true

drift.category

Use a text value ##### to find containers having drift software or vulnerabilities (Software or Vulnerability).

Example

Show containers with drift software

drift.category: Software

drift.reason

Use a text value ##### to find containers with specific state of drift software or vulnerabilities (Fixed, New, Removed, Varied).

Example

Show drift reason

drift.reason: Fixed

label.key

Use a text value ##### to find containers with a certain label name.

Example

Show containers with label name "vendor"

label.key: vendor

label.value

Use a text value ##### to find containers with a certain label value.

Example

Show containers with label value "CentOS"

label.value: CentOS

lastScanned

Use a date range or specific date to define when containers were last scanned.

Examples

Show containers last scanned within certain dates

lastScanned: [2017-01-01 ... 2017-03-31]

Show containers last scanned starting 2016-10-15, ending 1 month ago

lastScanned: [2016-10-15 ... now-1M]

Show containers last scanned starting 2 weeks ago, ending 1 second ago

lastScanned: [now-2w ... now-1s]

Show containers last scanned on specific date

lastScanned:'2017-02-18'

macAddress

Use a text value ##### to define a container MAC address you're interested in.

Example

Show container with this MAC address

macAddress: 00-50-56-A9-73-5A

name

Use a text value ##### to define the container name you're interested in.

Example

Show this container name

name: my-container

operatingSystem

Use values within quotes or backticks to help you find containers with an operating system you're interested in.

Examples

Show any containers with this OS name

operatingSystem: Windows 2012

Show any containers that have components of OS name

operatingSystem: "Windows 2012"

Show containers that match exact value "Windows 2012"

operatingSystem: `Windows 2012`

path

Use a text value ##### to define the container path you're looking for. Enclose the path in double quotes.

Example

Show containers installed at this path

path: "/usr/path/container/"

portMapping.hostIp

Use a text value ##### to define a port mapping host of interest.

Example

Show containers with this host mapping host IP

portMapping.hostIp: xxx.xxx.xxx.xxx

portMapping.hostPort

Use an integer value ##### to define a port mapping host port you're looking for.

Example

Show containers with this host mapping host port

portMapping.hostPort: xxxxx

portMapping.port

Use an integer value ##### to define a port number on the container that is bound to the host port.

Example

Show containers with this port mapping port

portMapping.port: xxxxx

portMapping.protocol

Use a text value ##### to define a port mapping protocol you're interested in.

Example

Show containers with this port mapping protocol

portMapping.protocol: UDP

privileged

Use the values true | false to find containers with privilege status true or false.

Example

Show containers whose privilege status is true

privileged: true

drift.software.name

Use a text value ##### to find drift software with certain software name.

Example

Show findings with software name

drift.software.name: my-app

drift.software.version

Use a text value ##### to find drift software with certain software version.

Example

Show findings with software version

drift.software.version: 8.0

drift.software.fixVersion

Use a text value ##### to find drift software with certain fix version.

Example

Show findings with certain fix version

drift.software.fixVersion: 8.0

drift.software.vulnerabilities.authType

Use a text value ##### to find drift software vulnerabilities with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc). See Authentication Types in online help for more options.

Example

Show findings with Windows auth type

drift.software.vulnerabilities.authType: "WINDOWS_AUTH"

drift.software.vulnerabilities.category

Use a text value ##### to find drift software vulnerabilities with a vulnerability category (CGI, Database, DNS, BIND, etc). See Vulnerability Categories in online help for category names.

Example

Show findings with category CGI

drift.software.vulnerabilities.category: "CGI"

drift.software.vulnerabilities.customerSeverity

Use an integer value ##### to find drift software vulnerabilities with this customer defined severity (1-5).

Examples

Show findings with customer-defined severity 4

drift.software.vulnerabilities.customerSeverity: "4"

Show findings with customer-defined severity 5 and category DNS

drift.software.vulnerabilities: (customerSeverity: "5" AND category: "DNS")

drift.software.vulnerabilities.cveids

Use a text value ##### to find drift software vulnerabilities with CVE Ids.

Example

Show findings with CVE Ids

drift.software.vulnerabilities.cveids: "CVE-2014-9999"

drift.software.vulnerabilities.cvssInfo.accessVector

Use a text value ##### to find drift software vulnerabilities with specific CVSS access vector.

Example

Show findings with CVSS access vector

drift.software.vulnerabilities.cvssInfo.accessVector: "Local"

drift.software.vulnerabilities.cvssInfo.baseScore

Use a integer value ##### to find drift software vulnerabilities with specific CVSS base score.

Example

Show findings with CVSS base score

drift.software.vulnerabilities.cvssInfo.baseScore: "7.2"

drift.software.vulnerabilities.cvssInfo.temporalScore

Use a integer value ##### to find drift software vulnerabilities with specific CVSS temporal score.

Example

Show findings with CVSS temporal score

drift.software.vulnerabilities.cvssInfo.temporalScore: "6.2"

drift.software.vulnerabilities.cvss3Info.baseScore

Use a integer value ##### to find drift software vulnerabilities with specific CVSS3 base score.

Example

Show findings with CVSS3 base score

drift.software.vulnerabilities.cvss3Info.baseScore: "4.3"

drift.software.vulnerabilities.cvss3Info.temporalScore

Use a integer value ##### to find drift software vulnerabilities with specific CVSS3 temporal score.

Example

Show findings with CVSS3 temporal score

drift.software.vulnerabilities.cvss3Info.temporalScore: "3.8"

drift.software.vulnerabilities.discoveryType

Use a text value ##### to find drift software vulnerabilities with a discovery type (REMOTE or AUTHENTICATED).

Example

Show findings with Remote discovery type

drift.software.vulnerabilities.discoveryType: "REMOTE"

drift.software.vulnerabilities.firstFound

Use a date range or specific date to find when drift software vulnerabilities were first found.

Examples

Show findings first found within certain dates

drift.software.vulnerabilities.firstFound: [2017-10-01 ... 2017-10-12]

Show findings first found starting 2017-10-01, ending 1 month ago

drift.software.vulnerabilities.firstFound: [2017-10-01 ... now-1M]

Show findings first found starting 2 weeks ago, ending 1 second ago

drift.software.vulnerabilities.firstFound: [now-2w ... now-1s]

Show findings first found on certain date

drift.software.vulnerabilities.firstFound:'2017-09-22'

Show findings first found in the past 10 days with severity 5

drift.software.vulnerabilities: (firstFound > now-10d AND severity: "5")

drift.software.vulnerabilities.fixed

Use a date range or specific date to find drift software vulnerabilities that are fixed.

Examples

Show findings first found within certain dates

drift.software.vulnerabilities.fixed: [2017-10-01 ... 2017-10-12]

Show findings first found starting 2017-10-01, ending 1 month ago

drift.software.vulnerabilities.fixed: [2017-10-01 ... now-1M]

Show findings first found starting 2 weeks ago, ending 1 second ago

drift.software.vulnerabilities.fixed: [now-2w ... now-1s]

Show findings first found on certain date

drift.software.vulnerabilities.fixed:'2017-09-22'

Show findings first found in the past 10 days with severity 5

drift.software.vulnerabilities: (fixed > now-10d AND severity: "5")

drift.software.vulnerabilities.lastFound

Use a date range or specific date to find when drift software vulnerabilities were last found.

Examples

Show findings last found within certain dates

drift.software.vulnerabilities.lastFound: [2017-10-02 ... 2017-10-15]

Show findings last found starting 2017-10-01, ending 1 month ago

drift.software.vulnerabilities.lastFound: [2017-10-01 ... now-1M]

Show findings last found starting 2 weeks ago, ending 1 second ago

drift.software.vulnerabilities.lastFound: [now-2w ... now-1s]

Show findings last found on certain date

drift.software.vulnerabilities.lastFound:'2017-10-11'

Show findings last found on 2017-10-12 and category CGI

drift.software.vulnerabilities: (lastFound: '2017-10-12' AND category: "CGI")

drift.software.vulnerabilities.result

Use a text value ##### to find drift software packages that have vulnerabilities. This is scan (QID) test result generated by signature.

Example

Show findings with libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4

drift.software.vulnerabilities.result: "libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4"

drift.software.vulnerabilities.risk

Use an integer value ##### to find drift software vulnerabilities having a certain risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.

Example

Show findings with risk 50

drift.software.vulnerabilities.risk: 50

drift.software.vulnerabilities.severity

Use an integer value ##### to find drift software vulnerabilities with this Qualys defined severity (1-5).

Examples

Show findings with severity 4

drift.software.vulnerabilities.severity: "4"

Show findings with severity 5 and category DNS

drift.software.vulnerabilities: (severity: "5" AND category: "DNS")

drift.software.vulnerabilities.status

Use a text value ##### to find drift software vulnerabilities with a vulnerability status (OPEN, FIXED or REOPENED).

Example

Show findings with this status

drift.software.vulnerabilities.status: "OPEN"

drift.software.vulnerabilities.supportedBy

Use a text value ##### to find drift software vulnerabilities that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows Agent, CA-Linux Agent, CA-Mac Agent).

Example

Show findings supported by VM

drift.software.vulnerabilities.supportedBy: "VM"

drift.software.vulnerabilities.threatIntel

Use a text value ##### to find drift software vulnerabilities that are exposed to real-time threats.

Examples

Show findings exposed to public exploit threats

drift.software.vulnerabilities.threatIntel: "publicExploit": true

Show findings exposed to multiple threats

drift.software.vulnerabilities.threatIntel: {"publicExploit" : true, "publicExploitNames" : ["Sambar Server 4.3/4.4 Beta 3 - Search CGI - The Exploit-DB Ref : 20223" ]}

drift.software.vulnerabilities.typeDetected

Use a text value ##### to find drift software vulnerabilities with a detection type (CONFIRMED or POTENTIAL).

Example

Show findings with this detection type

drift.software.vulnerabilities.typeDetected: "CONFIRMED"

drift.software.vulnerabilities.qid

Use an integer value ##### to provide a QID to find containers having vulnerabilities in certain drift software.

Example

Show findings with QID 90405

drift.software.vulnerabilities.qid: 90405

drift.software.vulnerabilities.title

Use an text value ##### to provide a title to find containers having vulnerabilities in certain drift software.

Example

Show findings with title

drift.software.vulnerabilities.title: title text

drift.software.vulnerabilities.software.name

Use a text value ##### to find vulnerabilities present in certain drift software.

Example

Show findings with software name

drift.software.vulnerabilities.software.name: my-app

drift.software.vulnerabilities.software.version

Use a text value ##### to find vulnerabilities present in certain version of a drift software.

Example

Show findings with software version

drift.software.vulnerabilities.software.version: 8.0

drift.software.vulnerabilities.software.fixVersion

Use a text value ##### to find vulnerabilities present in certain fix version of a drift software.

Example

Show findings with certain fix version

drift.software.vulnerabilities.software.fixVersion: 8.0

drift.software.vulnerabilities.source

Use a text value ##### to find drift software vulnerabilities from specific source (CONTAINER, IMAGE, BOTH).

Example

Show drift software from images

drift.software.vulnerabilities.source: IMAGE

drift.software.vulnerabilities.reason

Use a text value ##### to find drift software vulnerabilities with specific state (Fixed, New, Removed, Varied)

Example

Show drift software that is new

drift.software.vulnerabilities.reason: NEW

drift.software.vulnerabilities.threatIntel.activeAttacks

Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to active attacks.

Example

Show containers exposed to threats due to active attacks

drift.software.vulnerabilities.threatIntel.activeAttacks: true

drift.software.vulnerabilities.threatIntel.denialOfService

Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to denial of service.

Example

Show containers having threats due to denial of service

drift.software.vulnerabilities.threatIntel.denialOfService: true

drift.software.vulnerabilities.threatIntel.easyExploit

Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to easy exploit.

Example

Show containers exposed to threats due to easy exploit

drift.software.vulnerabilities.threatIntel.easyExploit: true

drift.software.vulnerabilities.threatIntel.highDataLoss

Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to high data loss.

Example

Show containers exposed to threats due to high data loss

drift.software.vulnerabilities.threatIntel.highDataLoss: true

drift.software.vulnerabilities.threatIntel.highLateralMovement

Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to high lateral movement.

Example

Show containers exposed to threats due to high lateral movement

drift.software.vulnerabilities.threatIntel.highLateralMovement: true

drift.software.vulnerabilities.threatIntel.malware

Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to malware.

Example

Show containers exposed to threats due to malware

drift.software.vulnerabilities.threatIntel.malware: true

drift.software.vulnerabilities.threatIntel.noPatch

Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to no patch available.

Example

Show containers exposed to threats due to no patch available

drift.software.vulnerabilities.threatIntel.noPatch: true

drift.software.vulnerabilities.threatIntel.publicExploit

Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to public exploit.

Example

Show containers exposed to threats due to public exploit

drift.software.vulnerabilities.threatIntel.publicExploit: true

drift.software.source

Use a text value ##### to find drift software from specific source (CONTAINER, IMAGE, BOTH).

Example

Show drift software from images

drift.software.source: IMAGE

drift.software.reason

Use a text value ##### to find drift software with specific state (Fixed, New, Removed, Varied)

Example

Show drift software that is new

drift.software.reason: NEW

drift.vulnerability.authType

Use a text value ##### to find drift vulnerabilities with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc). See Authentication Types in online help for more options.

Example

Show findings with Windows auth type

drift.vulnerability.authType: "WINDOWS_AUTH"

drift.vulnerability.category

Use a text value ##### to find drift vulnerabilities with a vulnerability category (CGI, Database, DNS, BIND, etc). See Vulnerability Categories in online help for category names.

Example

Show findings with category CGI

drift.vulnerability.category: "CGI"

drift.vulnerability.customerSeverity

Use an integer value ##### to find drift vulnerabilities with this customer defined severity (1-5).

Examples

Show findings with customer-defined severity 4

drift.vulnerability.customerSeverity: "4"

Show findings with customer-defined severity 5 and category DNS

drift.vulnerability: (customerSeverity: "5" AND category: "DNS")

drift.vulnerability.cveids

Use a text value ##### to find drift vulnerabilities with CVE Ids.

Example

Show findings with CVE Ids

drift.vulnerability.cveids: "CVE-2014-9999"

drift.vulnerability.cvssInfo.accessVector

Use a text value ##### to find drift vulnerabilities with specific CVSS access vector.

Example

Show findings with CVSS access vector

drift.vulnerability.cvssInfo.accessVector: "Local"

drift.vulnerability.cvssInfo.baseScore

Use a integer value ##### to find drift vulnerabilities with specific CVSS base score.

Example

Show findings with CVSS base score

drift.vulnerability.cvssInfo.baseScore: "7.2"

drift.vulnerability.cvssInfo.temporalScore

Use a integer value ##### to find drift vulnerabilities with specific CVSS temporal score.

Example

Show findings with CVSS temporal score

drift.vulnerability.cvssInfo.temporalScore: "6.2"

drift.vulnerability.cvss3Info.baseScore

Use a integer value ##### to find drift vulnerabilities with specific CVSS3 base score.

Example

Show findings with CVSS3 base score

drift.vulnerability.cvss3Info.baseScore: "4.3"

drift.vulnerability.cvss3Info.temporalScore

Use a integer value ##### to find drift vulnerabilities with specific CVSS3 temporal score.

Example

Show findings with CVSS3 temporal score

drift.vulnerability.cvss3Info.temporalScore: "3.8"

drift.vulnerability.discoveryType

Use a text value ##### to find drift vulnerabilities with a discovery type (REMOTE or AUTHENTICATED).

Example

Show findings with Remote discovery type

drift.vulnerability.discoveryType: "REMOTE"

drift.vulnerability.firstFound

Use a date range or specific date to find when drift vulnerabilities were first found.

Examples

Show findings first found within certain dates

drift.vulnerability.firstFound: [2017-10-01 ... 2017-10-12]

Show findings first found starting 2017-10-01, ending 1 month ago

drift.vulnerability.firstFound: [2017-10-01 ... now-1M]

Show findings first found starting 2 weeks ago, ending 1 second ago

drift.vulnerability.firstFound: [now-2w ... now-1s]

Show findings first found on certain date

drift.vulnerability.firstFound:'2017-09-22'

Show findings first found in the past 10 days with severity 5

drift.vulnerability: (firstFound > now-10d AND severity: "5")

drift.vulnerability.fixed

Use a date range or specific date to find fixed drift vulnerabilities.

Examples

Show findings first found within certain dates

drift.vulnerability.fixed: [2017-10-01 ... 2017-10-12]

Show findings first found starting 2017-10-01, ending 1 month ago

drift.vulnerability.fixed: [2017-10-01 ... now-1M]

Show findings first found starting 2 weeks ago, ending 1 second ago

drift.vulnerability.fixed: [now-2w ... now-1s]

Show findings first found on certain date

drift.vulnerability.fixed:'2017-09-22'

Show findings first found in the past 10 days with severity 5

drift.vulnerability: (fixed > now-10d AND severity: "5")

drift.vulnerability.lastFound

Use a date range or specific date to find when drift vulnerabilities were last found.

Examples

Show findings last found within certain dates

drift.vulnerability.lastFound: [2017-10-02 ... 2017-10-15]

Show findings last found starting 2017-10-01, ending 1 month ago

drift.vulnerability.lastFound: [2017-10-01 ... now-1M]

Show findings last found starting 2 weeks ago, ending 1 second ago

drift.vulnerability.lastFound: [now-2w ... now-1s]

Show findings last found on certain date

drift.vulnerability.lastFound:'2017-10-11'

Show findings last found on 2017-10-12 and category CGI

drift.vulnerability: (lastFound: '2017-10-12' AND category: "CGI")

drift.vulnerability.result

Use a text value ##### to find software packages that have drift vulnerabilities. This is scan (QID) test result generated by signature.

Example

Show findings with libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4

drift.vulnerability.result: "libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4"

drift.vulnerability.risk

Use an integer value ##### to find drift vulnerabilities having a certain risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.

Example

Show findings with risk 50

drift.vulnerability.risk: 50

drift.vulnerability.severity

Use an integer value ##### to find drift vulnerabilities with this Qualys defined severity (1-5).

Examples

Show findings with severity 4

drift.vulnerability.severity: "4"

Show findings with severity 5 and category DNS

drift.vulnerability: (severity: "5" AND category: "DNS")

drift.vulnerability.status

Use a text value ##### to find drift vulnerabilities with a vulnerability status (OPEN, FIXED or REOPENED).

Example

Show findings with this status

drift.vulnerability.status: "OPEN"

drift.vulnerability.supportedBy

Use a text value ##### to find drift vulnerabilities that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows Agent, CA-Linux Agent, CA-Mac Agent).

Example

Show findings supported by VM

drift.vulnerability.supportedBy: "VM"

drift.vulnerability.threatIntel

Use a text value ##### to find drift vulnerabilities that are exposed to real-time threats.

Examples

Show findings exposed to public exploit threats

drift.vulnerability.threatIntel: "publicExploit": true

Show findings exposed to multiple threats

drift.vulnerability.threatIntel: {"publicExploit" : true, "publicExploitNames" : ["Sambar Server 4.3/4.4 Beta 3 - Search CGI - The Exploit-DB Ref : 20223" ]}

drift.vulnerability.typeDetected

Use a text value ##### to find drift vulnerabilities with a detection type (CONFIRMED or POTENTIAL).

Example

Show findings with this detection type

drift.vulnerability.typeDetected: "CONFIRMED"

drift.vulnerability.qid

Use an integer value ##### to provide a QID to find containers with certain drift vulnerability.

Example

Show findings with QID 90405

drift.vulnerability.qid: 90405

drift.vulnerability.title

Use an text value ##### to provide a title to find containers with certain drift vulnerability.

Example

Show findings with title

drift.vulnerability.title: title text

drift.vulnerability.software.name

Use a text value ##### to find drift vulnerability present in certain software.

Example

Show findings with software name

drift.vulnerability.software.name: my-app

drift.vulnerability.software.version

Use a text value ##### to find drift vulnerability present in certain software version.

Example

Show findings with software version

drift.vulnerability.software.version: 8.0

drift.vulnerability.software.fixVersion

Use a text value ##### to find drift vulnerability present in certain software fix version.

Example

Show findings with certain fix version

drift.vulnerability.software.fixVersion: 8.0

drift.vulnerability.source

Use a text value ##### to find drift vulnerability from specific source (CONTAINER, IMAGE, BOTH).

Example

Show drift software from images

drift.vulnerability.source: IMAGE

drift.vulnerability.reason

Use a text value ##### to find drift vulnerability with specific state (Fixed, New, Removed, Varied)

Example

Show drift software that is new

drift.vulnerability.reason: NEW

drift.vulnerability.threatIntel.activeAttacks

Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to active attacks.

Example

Show containers exposed to threats due to active attacks

drift.vulnerability.threatIntel.activeAttacks: true

drift.vulnerability.threatIntel.denialOfService

Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to denial of service.

Example

Show containers having threats due to denial of service

drift.vulnerability.threatIntel.denialOfService: true

drift.vulnerability.threatIntel.easyExploit

Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to easy exploit.

Example

Show containers exposed to threats due to easy exploit

drift.vulnerability.threatIntel.easyExploit: true

drift.vulnerability.threatIntel.highDataLoss

Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to high data loss.

Example

Show containers exposed to threats due to high data loss

drift.vulnerability.threatIntel.highDataLoss: true

drift.vulnerability.threatIntel.highLateralMovement

Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to high lateral movement.

Example

Show containers exposed to threats due to high lateral movement

drift.vulnerability.threatIntel.highLateralMovement: true

drift.vulnerability.threatIntel.malware

Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to malware.

Example

Show containers exposed to threats due to malware

drift.vulnerability.threatIntel.malware: true

drift.vulnerability.threatIntel.noPatch

Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to no patch available.

Example

Show containers exposed to threats due to no patch available

drift.vulnerability.threatIntel.noPatch: true

drift.vulnerability.threatIntel.publicExploit

Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to public exploit.

Example

Show containers exposed to threats due to public exploit

drift.vulnerability.threatIntel.publicExploit: true

sha

Use a text value ##### to define SHA 256 hash of container image.

Example

Show findings with this SHA value

sha: 163dc7f6b91a30bdaa867c28e7edc341e72da63b0f9056be497bd59a83bce695

software.name

Use a text value ##### to find the software application name you're looking for.

Example

Show containers with this software name

software.name: MyApp

software.version

Use a text value ##### to find the software application version of interest.

Example

Show containers with this software version

software.version: 2.0.3

software.fixVersion

Use a text value ##### to find software with specific fix version.

Example

Show containers with this software version

software.fixVersion: 2.0.3

software.vulnerabilities.authType

Use a text value ##### to find software vulnerabilities with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc). See Authentication Types in online help for more options.

Example

Show findings with Windows auth type

software.vulnerabilities.authType: "WINDOWS_AUTH"

software.vulnerabilities.category

Use a text value ##### to find software vulnerabilities with a vulnerability category (CGI, Database, DNS, BIND, etc). See Vulnerability Categories in online help for category names.

Example

Show findings with category CGI

software.vulnerabilities.category: "CGI"

software.vulnerabilities.customerSeverity

Use an integer value ##### to find software vulnerabilities with this customer defined severity (1-5).

Examples

Show findings with customer-defined severity 4

software.vulnerabilities.customerSeverity: "4"

Show findings with customer-defined severity 5 and category DNS

software.vulnerabilities: (customerSeverity: "5" AND category: "DNS")

software.vulnerabilities.cveids

Use a text value ##### to find software vulnerabilities with CVE Ids.

Example

Show findings with CVE Ids

software.vulnerabilities.cveids: "CVE-2014-9999"

software.vulnerabilities.cvssInfo.accessVector

Use a text value ##### to find containers having software vulnerabilities with specific CVSS access vector.

Example

Show findings with CVSS access vector

software.vulnerabilities.cvssInfo.accessVector: "Local"

software.vulnerabilities.cvssInfo.baseScore

Use a integer value ##### to find containers having software vulnerabilities with specific CVSS base score.

Example

Show findings with CVSS base score

software.vulnerabilities.cvssInfo.baseScore: "7.2"

software.vulnerabilities.cvssInfo.temporalScore

Use a integer value ##### to find containers having software vulnerabilities with specific CVSS temporal score.

Example

Show findings with CVSS temporal score

software.vulnerabilities.cvssInfo.temporalScore: "6.2"

software.vulnerabilities.cvss3Info.baseScore

Use a integer value ##### to find containers having software vulnerabilities with specific CVSS3 base score.

Example

Show findings with CVSS3 base score

software.vulnerabilities.cvss3Info.baseScore: "4.3"

software.vulnerabilities.cvss3Info.temporalScore

Use a integer value ##### to find containers having software vulnerabilities with specific CVSS3 temporal score.

Example

Show findings with CVSS3 temporal score

software.vulnerabilities.cvss3Info.temporalScore: "3.8"

software.vulnerabilities.discoveryType

Use a text value ##### to find software vulnerabilities with a discovery type (REMOTE or AUTHENTICATED).

Example

Show findings with Remote discovery type

software.vulnerabilities.discoveryType: "REMOTE"

software.vulnerabilities.firstFound

Use a date range or specific date to find when software vulnerabilities were first found.

Examples

Show findings first found within certain dates

software.vulnerabilities.firstFound: [2017-10-01 ... 2017-10-12]

Show findings first found starting 2017-10-01, ending 1 month ago

software.vulnerabilities.firstFound: [2017-10-01 ... now-1M]

Show findings first found starting 2 weeks ago, ending 1 second ago

software.vulnerabilities.firstFound: [now-2w ... now-1s]

Show findings first found on certain date

software.vulnerabilities.firstFound:'2017-09-22'

Show findings first found in the past 10 days with severity 5

software.vulnerabilities: (firstFound > now-10d AND severity: "5")

software.vulnerabilities.fixed

Use a date range or specific date to find software with vulnerabilities that are fixed.

Examples

Show findings first found within certain dates

software.vulnerabilities.fixed: [2017-10-01 ... 2017-10-12]

Show findings first found starting 2017-10-01, ending 1 month ago

software.vulnerabilities.fixed: [2017-10-01 ... now-1M]

Show findings first found starting 2 weeks ago, ending 1 second ago

software.vulnerabilities.fixed: [now-2w ... now-1s]

Show findings first found on certain date

software.vulnerabilities.fixed:'2017-09-22'

Show findings first found in the past 10 days with severity 5

software.vulnerabilities: (fixed > now-10d AND severity: "5")

software.vulnerabilities.lastFound

Use a date range or specific date to find when software vulnerabilities were last found.

Examples

Show findings last found within certain dates

software.vulnerabilities.lastFound: [2017-10-02 ... 2017-10-15]

Show findings last found starting 2017-10-01, ending 1 month ago

software.vulnerabilities.lastFound: [2017-10-01 ... now-1M]

Show findings last found starting 2 weeks ago, ending 1 second ago

software.vulnerabilities.lastFound: [now-2w ... now-1s]

Show findings last found on certain date

software.vulnerabilities.lastFound:'2017-10-11'

Show findings last found on 2017-10-12 and category CGI

software.vulnerabilities: (lastFound: '2017-10-12' AND category: "CGI")

software.vulnerabilities.result

Use a text value ##### to find software packages that have vulnerabilities. This is scan (QID) test result generated by signature.

Example

Show findings with libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4

software.vulnerabilities.result: "libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4"

software.vulnerabilities.risk

Use an integer value ##### to find software vulnerabilities having a certain risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.

Example

Show findings with risk 50

software.vulnerabilities.risk: 50

software.vulnerabilities.severity

Use an integer value ##### to find software vulnerabilities with this Qualys defined severity (1-5).

Examples

Show findings with severity 4

software.vulnerabilities.severity: "4"

Show findings with severity 5 and category DNS

software.vulnerabilities: (severity: "5" AND category: "DNS")

software.vulnerabilities.status

Use a text value ##### to find software vulnerabilities with a vulnerability status (OPEN, FIXED or REOPENED).

Example

Show findings with this status

software.vulnerabilities.status: "OPEN"

software.vulnerabilities.supportedBy

Use a text value ##### to find software vulnerabilities that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows Agent, CA-Linux Agent, CA-Mac Agent).

Example

Show findings supported by VM

software.vulnerabilities.supportedBy: "VM"

software.vulnerabilities.threatIntel

Use a text value ##### to find software vulnerabilities that are exposed to real-time threats.

Examples

Show findings exposed to public exploit threats

software.vulnerabilities.threatIntel: "publicExploit": true

Show findings exposed to multiple threats

software.vulnerabilities.threatIntel: {"publicExploit" : true, "publicExploitNames" : ["Sambar Server 4.3/4.4 Beta 3 - Search CGI - The Exploit-DB Ref : 20223" ]}

software.vulnerabilities.typeDetected

Use a text value ##### to find software vulnerabilities with a detection type (CONFIRMED or POTENTIAL).

Example

Show findings with this detection type

software.vulnerabilities.typeDetected: "CONFIRMED"

software.vulnerabilities.qid

Use an integer value ##### to provide a QID to find containers with software having certain vulnerability.

Example

Show findings with QID 90405

software.vulnerabilities.qid: 90405

software.vulnerabilities.title

Use an text value ##### to provide a title to find containers with software having certain vulnerability.

Example

Show findings with title

software.vulnerabilities.title: title text

software.vulnerabilities.software.name

Use a text value ##### to find vulnerability present in certain software.

Example

Show findings with software name

software.vulnerabilities.software.name: my-app

software.vulnerabilities.software.version

Use a text value ##### to find vulnerability present in certain software version.

Example

Show findings with software version

software.vulnerabilities.software.version: 8.0

software.vulnerabilities.software.fixVersion

Use a text value ##### to find vulnerability present in certain software fix version.

Example

Show findings with certain fix version

software.vulnerabilities.software.fixVersion: 8.0

software.vulnerabilities.source

Use a text value ##### to find software vulnerability from specific source (CONTAINER, IMAGE, BOTH).

Example

Show software software from images

software.vulnerabilities.source: IMAGE

software.vulnerabilities.reason

Use a text value ##### to find software vulnerability with specific state (Fixed, New, Removed, Varied)

Example

Show software software that is new

software.vulnerabilities.reason: NEW

software.vulnerabilities.threatIntel.activeAttacks

Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to active attacks.

Example

Show containers exposed to threats due to active attacks

software.vulnerabilities.threatIntel.activeAttacks: true

software.vulnerabilities.threatIntel.denialOfService

Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to denial of service.

Example

Show containers having threats due to denial of service

software.vulnerabilities.threatIntel.denialOfService: true

software.vulnerabilities.threatIntel.easyExploit

Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to easy exploit.

Example

Show containers exposed to threats due to easy exploit

software.vulnerabilities.threatIntel.easyExploit: true

software.vulnerabilities.threatIntel.highDataLoss

Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to high data loss.

Example

Show containers exposed to threats due to high data loss

software.vulnerabilities.threatIntel.highDataLoss: true

software.vulnerabilities.threatIntel.highLateralMovement

Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to high lateral movement.

Example

Show containers exposed to threats due to high lateral movement

software.vulnerabilities.threatIntel.highLateralMovement: true

software.vulnerabilities.threatIntel.malware

Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to malware.

Example

Show containers exposed to threats due to malware

software.vulnerabilities.threatIntel.malware: true

software.vulnerabilities.threatIntel.noPatch

Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to no patch available.

Example

Show containers exposed to threats due to no patch available

software.vulnerabilities.threatIntel.noPatch: true

software.vulnerabilities.threatIntel.publicExploit

Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to public exploit.

Example

Show containers exposed to threats due to public exploit

software.vulnerabilities.threatIntel.publicExploit: true

source

Use a text value ##### to find containers from specific source (GENERAL, HOST).

Example

Show containers on host

source: HOST

state

Use a text value ##### to find containers in certain state (CREATED, RUNNING, STOPPED, PAUSED, DELETED, UNKNOWN).

Example

Show containers in a certain state

state: "Running"

stateChanged

Use a date range or specific date to define when containers changed state. When entering a date use YYYY-MM-DD format.

Examples

Show containers that changed state within certain dates

stateChanged: [2019-10-01 ... 2019-10-12]

Show containers that changed state starting October 1st and ending 1 month ago

stateChanged: [2019-10-01 ... now-1M]

Show containers that changed state starting 2 weeks ago, ending 1 second ago

stateChanged: [now-2w ... now-1s]

Show containers that changed state on certain date

stateChanged:'2019-09-22'

updated

Use a date range or specific date to define when containers were updated. The updated date is modified with each event on the container, and with vulnerability report processing for the container.

Examples

Find containers updated within certain dates

updated: [2019-06-15 ... 2019-06-30]

Find containers updated on specific date

updated:'2019-08-15'

users

Use a text value ##### to find a user name configured inside a container image/running-container. The user can be any container user: root or non-root.

Example

Show findings with this user name

users: asmith

vulnerabilities.authType

Use a text value ##### to find containers having vulnerabilities with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc). See Authentication Types in online help for more options.

Example

Show findings with Windows auth type

vulnerabilities.authType: "WINDOWS_AUTH"

vulnerabilities.category

Use a text value ##### to find containers with vulnerabilities having a vulnerability category (CGI, Database, DNS, BIND, etc). See Vulnerability Categories in online help for category names.

Example

Show findings with category CGI

vulnerabilities.category: "CGI"

vulnerabilities.customerSeverity

Use an integer value ##### to find containers having vulnerabilities with this customer defined severity (1-5).

Examples

Show findings with customer-defined severity 4

vulnerabilities.customerSeverity: "4"

Show findings with customer-defined severity 5 and category DNS

vulnerabilities: (customerSeverity: "5" AND category: "DNS")

vulnerabilities.cveids

Use a text value ##### to find the CVE name you're interested in.

Example

Show findings with CVE name CVE-2015-0313

vulnerabilities.cveids: CVE-2015-0313

vulnerabilities.cvssInfo.accessVector

Use a text value ##### to find containers having vulnerabilities with specific CVSS access vector.

Example

Show findings with CVSS access vector

vulnerabilities.cvssInfo.accessVector: "Local"

vulnerabilities.cvssInfo.baseScore

Use a integer value ##### to find containers having vulnerabilities with specific CVSS base score.

Example

Show findings with CVSS base score

vulnerabilities.cvssInfo.baseScore: "7.2"

vulnerabilities.cvssInfo.temporalScore

Use a integer value ##### to find containers having vulnerabilities with specific CVSS temporal score.

Example

Show findings with CVSS temporal score

vulnerabilities.cvssInfo.temporalScore: "6.2"

vulnerabilities.cvss3Info.baseScore

Use a integer value ##### to find containers having vulnerabilities with specific CVSS3 base score.

Example

Show findings with CVSS3 base score

vulnerabilities.cvss3Info.baseScore: "4.3"

vulnerabilities.cvss3Info.temporalScore

Use a integer value ##### to find containers having vulnerabilities with specific CVSS3 temporal score.

Example

Show findings with CVSS3 temporal score

vulnerabilities.cvss3Info.temporalScore: "3.8"

vulnerabilities.discoveryType

Use a text value ##### to find containers having vulnerabilities with a discovery type (REMOTE or AUTHENTICATED).

Example

Show findings with Remote discovery type

vulnerabilities.discoveryType: "REMOTE"

vulnerabilities.firstFound

Use a date range or specific date to define when vulnerabilities on container were first found.

Examples

Show findings first found within certain dates

vulnerabilities.firstFound: [2017-10-01 ... 2017-10-12]

Show findings first found starting 2017-10-01, ending 1 month ago

vulnerabilities.firstFound: [2017-10-01 ... now-1M]

Show findings first found starting 2 weeks ago, ending 1 second ago

vulnerabilities.firstFound: [now-2w ... now-1s]

Show findings first found on certain date

vulnerabilities.firstFound:'2017-09-22'

Show findings first found in the past 10 days with severity 5

vulnerabilities: (firstFound > now-10d AND severity: "5")

vulnerabilities.fixed

Use a date range or specific date to define when vulnerabilities on container were fixed.

Examples

Show findings fixed within certain dates

vulnerabilities.fixed: [2017-10-01 ... 2017-10-12]

Show findings fixed starting 2017-10-01, ending 1 month ago

vulnerabilities.fixed: [2017-10-01 ... now-1M]

Show findings fixed starting 2 weeks ago, ending 1 second ago

vulnerabilities.fixed: [now-2w ... now-1s]

Show findings fixed on certain date

vulnerabilities.fixed:'2017-09-22'

Show findings fixed in the past 10 days with severity 5

vulnerabilities: (fixed > now-10d AND severity: "5")

vulnerabilities.lastFound

Use a date range or specific date to define when vulnerabilities on container were last found.

Examples

Show findings last found within certain dates

vulnerabilities.lastFound: [2017-10-02 ... 2017-10-15]

Show findings last found starting 2017-10-01, ending 1 month ago

vulnerabilities.lastFound: [2017-10-01 ... now-1M]

Show findings last found starting 2 weeks ago, ending 1 second ago

vulnerabilities.lastFound: [now-2w ... now-1s]

Show findings last found on certain date

vulnerabilities.lastFound:'2017-10-11'

Show findings last found on 2017-10-12 and category CGI

vulnerabilities: (lastFound: '2017-10-12' AND category: "CGI")

vulnerabilities.product

Use a text value ##### to find containers having vulnerabilities on a certain vendor product (moodle, gnome, code-crafters, etc). See Product References in online help for vendor names.

Example

Show findings for this product

vulnerabilities.product: "moodle"

vulnerabilities.result

Use a text value ##### to find software packages that have vulnerabilities. This is scan (QID) test result generated by signature.

Example

Show findings with libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4

vulnerabilities.result: "libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4"

vulnerabilities.risk

Use an integer value ##### to find containers with vulnerabilities having a certain risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.

Example

Show findings with risk 50

vulnerabilities.risk: 50

vulnerabilities.severity

Use an integer value ##### to find containers having vulnerabilities with this Qualys defined severity (1-5).

Example

Show findings with severity 4

vulnerabilities.severity: "4"

Show findings with severity 5 and category DNS

vulnerabilities: (severity: "5" AND category: "DNS")

vulnerabilities.status

Use a text value ##### to find containers having vulnerabilities with a vulnerability status (OPEN, FIXED or REOPENED).

Example

Show findings with this status

vulnerabilities.status: "OPEN"

vulnerabilities.supportedBy

Use a text value ##### to find containers with vulnerabilities that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows Agent, CA-Linux Agent, CA-Mac Agent).

Example

Show findings supported by VM

vulnerabilities.supportedBy: "VM"

vulnerabilities.threatIntel.activeAttacks

Use the values true | false to find containers with vulnerabilities leading to real-time threats due to active attacks.

Example

Show containers exposed to threats due to active attacks

vulnerabilities.threatIntel.activeAttacks: true

vulnerabilities.threatIntel.denialOfService

Use the values true | false to find containers with vulnerabilities leading to real-time threats due to denial of service.

Example

Show containers having threats due to denial of service

vulnerabilities.threatIntel.denialOfService: true

vulnerabilities.threatIntel.easyExploit

Use the values true | false to find containers with vulnerabilities leading to real-time threats due to easy exploit.

Example

Show containers exposed to threats due to easy exploit

vulnerabilities.threatIntel.easyExploit: true

vulnerabilities.threatIntel.highDataLoss

Use the values true | false to find containers with vulnerabilities leading to real-time threats due to high data loss.

Example

Show containers exposed to threats due to high data loss

vulnerabilities.threatIntel.highDataLoss: true

vulnerabilities.threatIntel.highLateralMovement

Use the values true | false to find containers with vulnerabilities leading to real-time threats due to high lateral movement.

Example

Show containers exposed to threats due to high lateral movement

vulnerabilities.threatIntel.highLateralMovement: true

vulnerabilities.threatIntel.malware

Use the values true | false to find containers with vulnerabilities leading to real-time threats due to malware.

Example

Show containers exposed to threats due to malware

vulnerabilities.threatIntel.malware: true

vulnerabilities.threatIntel.noPatch

Use the values true | false to find containers with vulnerabilities leading to real-time threats due to no patch available.

Example

Show containers exposed to threats due to no patch available

vulnerabilities.threatIntel.noPatch: true

vulnerabilities.threatIntel.publicExploit

Use the values true | false to find containers with vulnerabilities leading to real-time threats due to public exploit.

Example

Show containers exposed to threats due to public exploit

vulnerabilities.threatIntel.publicExploit: true

vulnerabilities.typeDetected

Use a text value ##### to find containers having vulnerabilities with a detection type (CONFIRMED or POTENTIAL).

Example

Show findings with this detection type

vulnerabilities.typeDetected: "CONFIRMED"

vulnerabilities.vendor

Use a text value ##### to find containers having vulnerabilities on product from a certain vendor. See Vendor References in online help for vendor names.

Example

Show findings for this vendor

vulnerabilities.vendor: "vendor-name"

vulnerabilities.qid

Use an integer value ##### to provide a QID to find containers with certain vulnerability.

Example

Show findings with QID 90405

vulnerabilities.qid: 90405

vulnerabilities.title

Use an text value ##### to provide a title to find containers with certain vulnerability.

Example

Show findings with title

vulnerabilities.title: title text

vulnerabilities.software.name

Use a text value ##### to find vulnerability present in certain software.

Example

Show findings with software name

vulnerabilities.software.name: my-app

vulnerabilities.software.version

Use a text value ##### to find vulnerability present in certain software version.

Example

Show findings with software version

vulnerabilities.software.version: 8.0

vulnerabilities.software.fixVersion

Use a text value ##### to find vulnerability present in certain software fix version.

Example

Show findings with certain fix version

vulnerabilities.software.fixVersion: 8.0

services.name

Use a text value ##### to find containers with specific services running on them.

Example

Show findings with service name

services.name: sshd

services.description

Use a text value ##### to find containers with the description of specific services running on them.

Example

Show findings with service description

services.description: Secure Socket Shell

services.status

Use a text value ##### to find containers with the status of specific services running on them. Status could be RUNNING, STOPPED, etc.

Example

Show findings with service status

services.status: RUNNING