Home
Searching for Containers
Use the search tokens below to search for containers.
Looking for help with writing your query? click
here
arguments
Use a text value ##### to define a command line
argument of interest.
Example
Show containers run with this command argument
arguments: family
cloudProvider.aws.ecs.accountId
Use a text value ##### to find AWS Fargate containers
by the AWS ECS account ID.
Example
Show AWS Fargate containers with this AWS ECS account ID
cloudProvider.aws.ecs.accountId: 123456789012
cloudProvider.aws.ecs.clusterName
Use a text value ##### to find AWS Fargate containers
by the cluster name.
Example
Show AWS Fargate containers with this cluster name
cloudProvider.aws.ecs.clusterName: my-cluster
cloudProvider.aws.ecs.container.id
Use a text value ##### to find AWS Fargate containers
by the container ID.
Example
Show AWS Fargate containers with this container ID
cloudProvider.aws.ecs.container.id: 1234bafa-d5ac-6789-0ae1-23b4d5f67baa
cloudProvider.aws.ecs.container.macAddress
Use a text value ##### to find AWS Fargate containers
by the container MAC address.
Example
Show AWS Fargate containers with this container MAC address
cloudProvider.aws.ecs.container.macAddress: 01:2d:a3:45:67:d8
cloudProvider.aws.ecs.container.subnetId
Use a text value ##### to find AWS Fargate containers
by the container subnet ID.
Example
Show AWS Fargate containers with this container subnet ID
cloudProvider.aws.ecs.container.subnetId: subnet-0b12c3a456fdaab78
cloudProvider.aws.ecs.region.code
Use a text value ##### to find AWS Fargate containers
by the region code.
Example
Show AWS Fargate containers with this region code
cloudProvider.aws.ecs.region.code: us-west-2
cluster.k8s.node.isMaster
Use the values true | false to find containers running on the master
node.
Example
Show containers running on master node
cluster.k8s.node.isMaster: true
cluster.k8s.node.name
Use a text value ##### to find containers by the
Kubernetes cluster node name.
Example
Show containers with this node name
cluster.k8s.node.name: my-node
cluster.k8s.pod.controller.name
Use a text value ##### to find containers by the
Kubernetes cluster pod controller name.
Example
Show containers with this pod controller name
cluster.k8s.pod.controller.name: my-controller
cluster.k8s.pod.controller.type
Use a text value ##### to find containers by the
Kubernetes cluster pod controller type (CronJob, DaemonSet, Deployment,
Job, Node, ReplicaSet, ReplicationController, StatefulSet).
Example
Show containers with this pod controller type
cluster.k8s.pod.controller.type: ReplicationController
cluster.k8s.pod.controller.uuid
Use a text value ##### to find containers by the
Kubernetes cluster pod controller uuid.
Example
Show containers with this pod controller uuid
cluster.k8s.pod.controller.uuid: 01234567-89ab-cdef-0123-456789abcdef
cluster.k8s.pod.label.key
Use a text value ##### to find containers by a
label name (key) assigned to the Kubernetes cluster pod.
Example
Show containers with this pod label name
cluster.k8s.pod.label.key: environment
cluster.k8s.pod.label.value
Use a text value ##### to find containers by a
label value assigned to the Kubernetes cluster pod.
Example
Show containers with this pod label value
cluster.k8s.pod.label.value: production
cluster.k8s.pod.name
Use a text value ##### to find containers by the
Kubernetes cluster pod name.
Example
Show containers with this pod name
cluster.k8s.pod.name: my-pod
cluster.k8s.pod.namespace
Use a text value ##### to find containers by the
Kubernetes cluster pod namespace.
Example
Show containers with this pod namespace
cluster.k8s.pod.namespace: my.namespace.example.com
cluster.k8s.pod.uuid
Use a text value ##### to find containers by the
Kubernetes cluster pod uuid.
Example
Show containers with this pod uuid
cluster.k8s.pod.uuid: 01234567-89ab-cdef-0123-456789abcdef
cluster.k8s.project
Use a text value ##### to find containers by the
Kubernetes cluster project name.
Example
Show containers with this Kubernetes cluster project
cluster.k8s.project: my-project
cluster.type
Use a text value ##### to find containers by the
cluster type (KUBERNETES).
Example
Show containers with the Kubernetes cluster type
cluster.type: KUBERNETES
command
Use a text value ##### to define a command you're
looking for.
Example
Show containers run with this command
command: /run.sh
containerId
Use a text value ##### to find a container ID.
Example
Show container with this ID
containerId: ed46df944e1c
controls.controlId
Use a text value ##### to find controls by control
ID.
Example
Show containers with this control ID
controls.controlId: 10826
controls.criticality
Use a text value ##### to find controls by criticality
level (MINIMAL, MEDIUM, SERIOUS, CRITICAL, URGENT).
Example
Show containers with URGENT controls
controls.criticality: "URGENT"
controls.posture
Use a text value ##### to find controls by compliance
posture (PASS, FAIL).
Example
Show containers with failed controls
controls.posture: "FAIL"
created
Use a date range or specific date to define when
containers were created.
Examples
Find containers created within certain dates
created: [2017-06-15 ... 2017-06-30]
Find containers created on specific date
created:'2017-08-15'
environment
Use a text value ##### to define an environment
variable name you're interested in.
Example
Show containers with this environment variable
environment: "my-variable"
hostArchitecture
Use a text value ##### to find containers based
on the host architecture (amd64, arm64, x86_64).
Example
Show findings with arm64 host architecture
hostArchitecture: arm64
host.hostname
Use a text value ##### to define the hostname
you're looking for.
Example
Show containers with this hostname
host.hostname: dockerhost07.mydomain.com
host.ipAddress
Use a text value ##### to define a host IP address
you're interested in.
Example
Show container with this IP address
host.ipAddress: 10.44.92.127
imageId
Use a text value ##### to define a container image
ID of interest.
Example
Show containers with this image ID
imageId: c2d1b73a90ec
imageSha
Use a text value ##### to define SHA 256 hash
of container image.
Example
Show container image with this SHA value
imageSha: 163dc7f6b91a30bdaa867c28e7edc341e72da63b0f9056be497bd59a83bce695
ipv4
Use a text value ##### to define a container IPv4
address of interest.
Example
Show containers on this IPv4 address
ipv4: 172.17.0.2
ipv6
Use a text value ##### to define a container IPv6
address of interest.
Example
Show containers on this IPv6 address
ipv6: fe80:0:0:0:2502:b53c:4139:404b
isInstrumented
Use the values true | false to
find containers spun from instrumented images.
Example
Show containers spun from instrumented images
isInstrumented: true
isDrift
Use the values true | false to
find drift containers.
Example
Show drift containers
isDrift: true
isRoot
Use the values true | false to find containers running processes
as root. It refers to the privilege the running container has been
started with; containers inherit the privilege of the user/process
starting the container unless explicitly changed.
Example
Show containers running processes as root
isRoot: true
drift.category
Use a text value ##### to find containers having
drift software or vulnerabilities (Software or Vulnerability).
Example
Show containers with drift software
drift.category: Software
drift.reason
Use a text value ##### to find containers with
specific state of drift software or vulnerabilities (Fixed, New, Removed,
Varied).
Example
Show drift reason
drift.reason: Fixed
label.key
Use a text value ##### to find containers with
a certain label name.
Example
Show containers with label name "vendor"
label.key: vendor
label.value
Use a text value ##### to find containers with
a certain label value.
Example
Show containers with label value "CentOS"
label.value: CentOS
lastComplianceScanDate
Use a date range or specific date to define when
containers were last scanned for compliance.
Examples
Show containers with last compliance scan within certain dates
lastComplianceScanDate: [2021-01-01 ... 2021-01-30]
Show containers with last compliance scan starting 2020-10-15, ending
1 month ago
lastComplianceScanDate: [2020-10-15 ... now-1M]
Show containers with last compliance scan starting 2 weeks ago,
ending 1 second ago
lastComplianceScanDate: [now-2w ... now-1s]
Show containers with last compliance scan on specific date
lastComplianceScanDate:'2021-01-18'
lastVmScanDate
Use a date range or specific date to define when
containers were last scanned for vulnerabilities.
Examples
Show containers last scanned within certain dates
lastVmScanDate: [2021-01-01 ... 2021-01-30]
Show containers last scanned starting 2020-10-15, ending 1 month
ago
lastVmScanDate: [2020-10-15 ... now-1M]
Show containers last scanned starting 2 weeks ago, ending 1 second
ago
lastVmScanDate: [now-2w ... now-1s]
Show containers last scanned on specific date
lastVmScanDate:'2021-01-18'
macAddress
Use a text value ##### to define a container MAC
address you're interested in.
Example
Show container with this MAC address
macAddress: 00-50-56-A9-73-5A
name
Use a text value ##### to define the container
name you're interested in.
Example
Show this container name
name: my-container
operatingSystem
Use values within quotes or backticks to help
you find containers with an operating system you're interested in.
Examples
Show any containers with this OS name
operatingSystem: Windows 2012
Show any containers that have components of OS name
operatingSystem: "Windows 2012"
Show containers that match exact value "Windows 2012"
operatingSystem: `Windows 2012`
path
Use a text value ##### to define the container
path you're looking for. Enclose the path in double quotes.
Example
Show containers installed at this path
path: "/usr/path/container/"
portMapping.hostIp
Use a text value ##### to define a port mapping
host of interest.
Example
Show containers with this host mapping host IP
portMapping.hostIp: xxx.xxx.xxx.xxx
portMapping.hostPort
Use an integer value ##### to define a port mapping
host port you're looking for.
Example
Show containers with this host mapping host port
portMapping.hostPort: xxxxx
portMapping.port
Use an integer value ##### to define a port number
on the container that is bound to the host port.
Example
Show containers with this port mapping port
portMapping.port: xxxxx
portMapping.protocol
Use a text value ##### to define a port mapping
protocol you're interested in.
Example
Show containers with this port mapping protocol
portMapping.protocol: UDP
privileged
Use the values true | false to
find containers with privilege status true or false.
Example
Show containers whose privilege status is true
privileged: true
drift.software.name
Use a text value ##### to find drift software
with certain software name.
Example
Show findings with software name
drift.software.name: my-app
drift.software.version
Use a text value ##### to find drift software
with certain software version.
Example
Show findings with software version
drift.software.version: 8.0
drift.software.fixVersion
Use a text value ##### to find drift software
with certain fix version.
Example
Show findings with certain fix version
drift.software.fixVersion: 8.0
drift.software.vulnerabilities.authType
Use a text value ##### to find drift software
vulnerabilities with an authentication type (WINDOWS_AUTH, UNIX_AUTH,
ORACLE_AUTH, etc). See Authentication Types in online help for more
options.
Example
Show findings with Windows auth type
drift.software.vulnerabilities.authType: "WINDOWS_AUTH"
drift.software.vulnerabilities.category
Use a text value ##### to find drift software
vulnerabilities with a vulnerability category (CGI, Database, DNS,
BIND, etc). See Vulnerability Categories in online help for category
names.
Example
Show findings with category CGI
drift.software.vulnerabilities.category: "CGI"
drift.software.vulnerabilities.customerSeverity
Use an integer value ##### to find drift software
vulnerabilities with this customer defined severity (1-5).
Examples
Show findings with customer-defined severity 4
drift.software.vulnerabilities.customerSeverity: "4"
Show findings with customer-defined severity 5 and category DNS
drift.software.vulnerabilities: (customerSeverity: "5"
AND category: "DNS")
drift.software.vulnerabilities.cveids
Use a text value ##### to find drift software
vulnerabilities with CVE Ids.
Example
Show findings with CVE Ids
drift.software.vulnerabilities.cveids: "CVE-2014-9999"
drift.software.vulnerabilities.cvssInfo.accessVector
Use a text value ##### to find drift software
vulnerabilities with specific CVSS access vector.
Example
Show findings with CVSS access vector
drift.software.vulnerabilities.cvssInfo.accessVector: "Local"
drift.software.vulnerabilities.cvssInfo.baseScore
Use a integer value ##### to find drift software
vulnerabilities with specific CVSS base score.
Example
Show findings with CVSS base score
drift.software.vulnerabilities.cvssInfo.baseScore: "7.2"
drift.software.vulnerabilities.cvssInfo.temporalScore
Use a integer value ##### to find drift software
vulnerabilities with specific CVSS temporal score.
Example
Show findings with CVSS temporal score
drift.software.vulnerabilities.cvssInfo.temporalScore: "6.2"
drift.software.vulnerabilities.cvss3Info.baseScore
Use a integer value ##### to find drift software
vulnerabilities with specific CVSS3 base score.
Example
Show findings with CVSS3 base score
drift.software.vulnerabilities.cvss3Info.baseScore: "4.3"
drift.software.vulnerabilities.cvss3Info.temporalScore
Use a integer value ##### to find drift software
vulnerabilities with specific CVSS3 temporal score.
Example
Show findings with CVSS3 temporal score
drift.software.vulnerabilities.cvss3Info.temporalScore: "3.8"
drift.software.vulnerabilities.discoveryType
Use a text value ##### to find drift software
vulnerabilities with a discovery type (REMOTE or AUTHENTICATED).
Example
Show findings with Remote discovery type
drift.software.vulnerabilities.discoveryType: "REMOTE"
drift.software.vulnerabilities.firstFound
Use a date range or specific date to find when
drift software vulnerabilities were first found.
Examples
Show findings first found within certain dates
drift.software.vulnerabilities.firstFound: [2017-10-01
... 2017-10-12]
Show findings first found starting 2017-10-01, ending 1 month ago
drift.software.vulnerabilities.firstFound: [2017-10-01
... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second
ago
drift.software.vulnerabilities.firstFound: [now-2w
... now-1s]
Show findings first found on certain date
drift.software.vulnerabilities.firstFound:'2017-09-22'
Show findings first found in the past 10 days with severity 5
drift.software.vulnerabilities: (firstFound > now-10d
AND severity: "5")
drift.software.vulnerabilities.fixed
Use a date range or specific date to find drift
software vulnerabilities that are fixed.
Examples
Show findings first found within certain dates
drift.software.vulnerabilities.fixed: [2017-10-01
... 2017-10-12]
Show findings first found starting 2017-10-01, ending 1 month ago
drift.software.vulnerabilities.fixed: [2017-10-01
... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second
ago
drift.software.vulnerabilities.fixed: [now-2w ...
now-1s]
Show findings first found on certain date
drift.software.vulnerabilities.fixed:'2017-09-22'
Show findings first found in the past 10 days with severity 5
drift.software.vulnerabilities: (fixed > now-10d
AND severity: "5")
drift.software.vulnerabilities.lastFound
Use a date range or specific date to find when
drift software vulnerabilities were last found.
Examples
Show findings last found within certain dates
drift.software.vulnerabilities.lastFound: [2017-10-02
... 2017-10-15]
Show findings last found starting 2017-10-01, ending 1 month ago
drift.software.vulnerabilities.lastFound: [2017-10-01
... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
drift.software.vulnerabilities.lastFound: [now-2w
... now-1s]
Show findings last found on certain date
drift.software.vulnerabilities.lastFound:'2017-10-11'
Show findings last found on 2017-10-12 and category CGI
drift.software.vulnerabilities: (lastFound: '2017-10-12'
AND category: "CGI")
drift.software.vulnerabilities.result
Use a text value ##### to find drift software
packages that have vulnerabilities. This is scan (QID) test result
generated by signature.
Example
Show findings with libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4
drift.software.vulnerabilities.result: "libexpat1
2.1.0-6+deb8u3 2.1.0-6+deb8u4"
drift.software.vulnerabilities.risk
Use an integer value ##### to find drift software
vulnerabilities having a certain risk rating. For confirmed and potential
issues risk is 10 times severity, for information gathered it is severity.
Example
Show findings with risk 50
drift.software.vulnerabilities.risk: 50
drift.software.vulnerabilities.severity
Use an integer value ##### to find drift software
vulnerabilities with this Qualys defined severity (1-5).
Examples
Show findings with severity 4
drift.software.vulnerabilities.severity: "4"
Show findings with severity 5 and category DNS
drift.software.vulnerabilities: (severity: "5"
AND category: "DNS")
drift.software.vulnerabilities.supportedBy
Use a text value ##### to find drift software
vulnerabilities that are supported by a Qualys product (VM, WAS, MD,
WAF, CA-Windows Agent, CA-Linux Agent, CA-Mac Agent).
Example
Show findings supported by VM
drift.software.vulnerabilities.supportedBy: "VM"
drift.software.vulnerabilities.threatIntel
Use a text value ##### to find drift software
vulnerabilities that are exposed to real-time threats.
Examples
Show findings exposed to public exploit threats
drift.software.vulnerabilities.threatIntel: "publicExploit":
true
Show findings exposed to multiple threats
drift.software.vulnerabilities.threatIntel: {"publicExploit"
: true, "publicExploitNames" : ["Sambar Server 4.3/4.4
Beta 3 - Search CGI - The Exploit-DB Ref : 20223" ]}
drift.software.vulnerabilities.typeDetected
Use a text value ##### to find drift software
vulnerabilities with a detection type (CONFIRMED or POTENTIAL).
Example
Show findings with this detection type
drift.software.vulnerabilities.typeDetected: "CONFIRMED"
drift.software.vulnerabilities.qid
Use an integer value ##### to provide a QID to
find containers having vulnerabilities in certain drift software.
Example
Show findings with QID 90405
drift.software.vulnerabilities.qid: 90405
drift.software.vulnerabilities.title
Use an text value ##### to provide a title to
find containers having vulnerabilities in certain drift software.
Example
Show findings with title
drift.software.vulnerabilities.title: title text
drift.software.vulnerabilities.software.name
Use a text value ##### to find vulnerabilities
present in certain drift software.
Example
Show findings with software name
drift.software.vulnerabilities.software.name: my-app
drift.software.vulnerabilities.software.version
Use a text value ##### to find vulnerabilities
present in certain version of a drift software.
Example
Show findings with software version
drift.software.vulnerabilities.software.version: 8.0
drift.software.vulnerabilities.software.fixVersion
Use a text value ##### to find vulnerabilities
present in certain fix version of a drift software.
Example
Show findings with certain fix version
drift.software.vulnerabilities.software.fixVersion: 8.0
drift.software.vulnerabilities.source
Use a text value ##### to find drift software
vulnerabilities from specific source (CONTAINER, IMAGE, BOTH).
Example
Show drift software from images
drift.software.vulnerabilities.source: IMAGE
drift.software.vulnerabilities.reason
Use a text value ##### to find drift software
vulnerabilities with specific state (Fixed, New, Removed, Varied)
Example
Show drift software that is new
drift.software.vulnerabilities.reason: NEW
drift.software.vulnerabilities.threatIntel.activeAttacks
Use the values true | false to
find containers with drift software having vulnerabilities leading
to real-time threats due to active attacks.
Example
Show containers exposed to threats due to active attacks
drift.software.vulnerabilities.threatIntel.activeAttacks:
true
drift.software.vulnerabilities.threatIntel.denialOfService
Use the values true | false to
find containers with drift software having vulnerabilities leading
to real-time threats due to denial of service.
Example
Show containers having threats due to denial of service
drift.software.vulnerabilities.threatIntel.denialOfService:
true
drift.software.vulnerabilities.threatIntel.easyExploit
Use the values true | false to
find containers with drift software having vulnerabilities leading
to real-time threats due to easy exploit.
Example
Show containers exposed to threats due to easy exploit
drift.software.vulnerabilities.threatIntel.easyExploit: true
drift.software.vulnerabilities.threatIntel.highDataLoss
Use the values true | false to
find containers with drift software having vulnerabilities leading
to real-time threats due to high data loss.
Example
Show containers exposed to threats due to high data loss
drift.software.vulnerabilities.threatIntel.highDataLoss: true
drift.software.vulnerabilities.threatIntel.highLateralMovement
Use the values true | false to
find containers with drift software having vulnerabilities leading
to real-time threats due to high lateral movement.
Example
Show containers exposed to threats due to high lateral movement
drift.software.vulnerabilities.threatIntel.highLateralMovement:
true
drift.software.vulnerabilities.threatIntel.malware
Use the values true | false to
find containers with drift software having vulnerabilities leading
to real-time threats due to malware.
Example
Show containers exposed to threats due to malware
drift.software.vulnerabilities.threatIntel.malware: true
drift.software.vulnerabilities.threatIntel.noPatch
Use the values true | false to
find containers with drift software having vulnerabilities leading
to real-time threats due to no patch available.
Example
Show containers exposed to threats due to no patch available
drift.software.vulnerabilities.threatIntel.noPatch: true
drift.software.vulnerabilities.threatIntel.publicExploit
Use the values true | false to
find containers with drift software having vulnerabilities leading
to real-time threats due to public exploit.
Example
Show containers exposed to threats due to public exploit
drift.software.vulnerabilities.threatIntel.publicExploit:
true
drift.software.source
Use a text value ##### to find drift software
from specific source (CONTAINER, IMAGE, BOTH).
Example
Show drift software from images
drift.software.source: IMAGE
drift.software.reason
Use a text value ##### to find drift software
with specific state (Fixed, New, Removed, Varied)
Example
Show drift software that is new
drift.software.reason: NEW
drift.vulnerability.authType
Use a text value ##### to find drift vulnerabilities
with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH,
etc). See Authentication Types in online help for more options.
Example
Show findings with Windows auth type
drift.vulnerability.authType: "WINDOWS_AUTH"
drift.vulnerability.category
Use a text value ##### to find drift vulnerabilities
with a vulnerability category (CGI, Database, DNS, BIND, etc). See
Vulnerability Categories in online help for category names.
Example
Show findings with category CGI
drift.vulnerability.category: "CGI"
drift.vulnerability.customerSeverity
Use an integer value ##### to find drift vulnerabilities
with this customer defined severity (1-5).
Examples
Show findings with customer-defined severity 4
drift.vulnerability.customerSeverity: "4"
Show findings with customer-defined severity 5 and category DNS
drift.vulnerability: (customerSeverity: "5"
AND category: "DNS")
drift.vulnerability.cveids
Use a text value ##### to find drift vulnerabilities
with CVE Ids.
Example
Show findings with CVE Ids
drift.vulnerability.cveids: "CVE-2014-9999"
drift.vulnerability.cvssInfo.accessVector
Use a text value ##### to find drift vulnerabilities
with specific CVSS access vector.
Example
Show findings with CVSS access vector
drift.vulnerability.cvssInfo.accessVector: "Local"
drift.vulnerability.cvssInfo.baseScore
Use a integer value ##### to find drift vulnerabilities
with specific CVSS base score.
Example
Show findings with CVSS base score
drift.vulnerability.cvssInfo.baseScore: "7.2"
drift.vulnerability.cvssInfo.temporalScore
Use a integer value ##### to find drift vulnerabilities
with specific CVSS temporal score.
Example
Show findings with CVSS temporal score
drift.vulnerability.cvssInfo.temporalScore: "6.2"
drift.vulnerability.cvss3Info.baseScore
Use a integer value ##### to find drift vulnerabilities
with specific CVSS3 base score.
Example
Show findings with CVSS3 base score
drift.vulnerability.cvss3Info.baseScore: "4.3"
drift.vulnerability.cvss3Info.temporalScore
Use a integer value ##### to find drift vulnerabilities
with specific CVSS3 temporal score.
Example
Show findings with CVSS3 temporal score
drift.vulnerability.cvss3Info.temporalScore: "3.8"
drift.vulnerability.discoveryType
Use a text value ##### to find drift vulnerabilities
with a discovery type (REMOTE or AUTHENTICATED).
Example
Show findings with Remote discovery type
drift.vulnerability.discoveryType: "REMOTE"
drift.vulnerability.firstFound
Use a date range or specific date to find when
drift vulnerabilities were first found.
Examples
Show findings first found within certain dates
drift.vulnerability.firstFound: [2017-10-01 ... 2017-10-12]
Show findings first found starting 2017-10-01, ending 1 month ago
drift.vulnerability.firstFound: [2017-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second
ago
drift.vulnerability.firstFound: [now-2w ... now-1s]
Show findings first found on certain date
drift.vulnerability.firstFound:'2017-09-22'
Show findings first found in the past 10 days with severity 5
drift.vulnerability: (firstFound > now-10d
AND severity: "5")
drift.vulnerability.fixed
Use a date range or specific date to find fixed
drift vulnerabilities.
Examples
Show findings first found within certain dates
drift.vulnerability.fixed: [2017-10-01 ... 2017-10-12]
Show findings first found starting 2017-10-01, ending 1 month ago
drift.vulnerability.fixed: [2017-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second
ago
drift.vulnerability.fixed: [now-2w ... now-1s]
Show findings first found on certain date
drift.vulnerability.fixed:'2017-09-22'
Show findings first found in the past 10 days with severity 5
drift.vulnerability: (fixed > now-10d
AND severity: "5")
drift.vulnerability.lastFound
Use a date range or specific date to find when
drift vulnerabilities were last found.
Examples
Show findings last found within certain dates
drift.vulnerability.lastFound: [2017-10-02 ... 2017-10-15]
Show findings last found starting 2017-10-01, ending 1 month ago
drift.vulnerability.lastFound: [2017-10-01 ... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
drift.vulnerability.lastFound: [now-2w ... now-1s]
Show findings last found on certain date
drift.vulnerability.lastFound:'2017-10-11'
Show findings last found on 2017-10-12 and category CGI
drift.vulnerability: (lastFound: '2017-10-12'
AND category: "CGI")
drift.vulnerability.result
Use a text value ##### to find software packages
that have drift vulnerabilities. This is scan (QID) test result generated
by signature.
Example
Show findings with libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4
drift.vulnerability.result: "libexpat1 2.1.0-6+deb8u3
2.1.0-6+deb8u4"
drift.vulnerability.risk
Use an integer value ##### to find drift vulnerabilities
having a certain risk rating. For confirmed and potential issues risk
is 10 times severity, for information gathered it is severity.
Example
Show findings with risk 50
drift.vulnerability.risk: 50
drift.vulnerability.severity
Use an integer value ##### to find drift vulnerabilities
with this Qualys defined severity (1-5).
Examples
Show findings with severity 4
drift.vulnerability.severity: "4"
Show findings with severity 5 and category DNS
drift.vulnerability: (severity: "5"
AND category: "DNS")
drift.vulnerability.status
Use a text value ##### to find drift vulnerabilities
with a vulnerability status (OPEN, FIXED or REOPENED).
Example
Show findings with this status
drift.vulnerability.status: "OPEN"
drift.vulnerability.supportedBy
Use a text value ##### to find drift vulnerabilities
that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows
Agent, CA-Linux Agent, CA-Mac Agent).
Example
Show findings supported by VM
drift.vulnerability.supportedBy: "VM"
drift.vulnerability.threatIntel
Use a text value ##### to find drift vulnerabilities
that are exposed to real-time threats.
Examples
Show findings exposed to public exploit threats
drift.vulnerability.threatIntel: "publicExploit":
true
Show findings exposed to multiple threats
drift.vulnerability.threatIntel: {"publicExploit"
: true, "publicExploitNames" : ["Sambar Server 4.3/4.4
Beta 3 - Search CGI - The Exploit-DB Ref : 20223" ]}
drift.vulnerability.typeDetected
Use a text value ##### to find drift vulnerabilities
with a detection type (CONFIRMED or POTENTIAL).
Example
Show findings with this detection type
drift.vulnerability.typeDetected: "CONFIRMED"
drift.vulnerability.qid
Use an integer value ##### to provide a QID to
find containers with certain drift vulnerability.
Example
Show findings with QID 90405
drift.vulnerability.qid: 90405
drift.vulnerability.title
Use an text value ##### to provide a title to
find containers with certain drift vulnerability.
Example
Show findings with title
drift.vulnerability.title: title text
drift.vulnerability.software.name
Use a text value ##### to find drift vulnerability
present in certain software.
Example
Show findings with software name
drift.vulnerability.software.name: my-app
drift.vulnerability.software.version
Use a text value ##### to find drift vulnerability
present in certain software version.
Example
Show findings with software version
drift.vulnerability.software.version: 8.0
drift.vulnerability.software.fixVersion
Use a text value ##### to find drift vulnerability
present in certain software fix version.
Example
Show findings with certain fix version
drift.vulnerability.software.fixVersion: 8.0
drift.vulnerability.source
Use a text value ##### to find drift vulnerability
from specific source (CONTAINER, IMAGE, BOTH).
Example
Show drift software from images
drift.vulnerability.source: IMAGE
drift.vulnerability.reason
Use a text value ##### to find drift vulnerability
with specific state (Fixed, New, Removed, Varied)
Example
Show drift software that is new
drift.vulnerability.reason: NEW
drift.vulnerability.threatIntel.activeAttacks
Use the values true | false to
find containers with drift vulnerabilities leading to real-time threats
due to active attacks.
Example
Show containers exposed to threats due to active attacks
drift.vulnerability.threatIntel.activeAttacks: true
drift.vulnerability.threatIntel.denialOfService
Use the values true | false to
find containers with drift vulnerabilities leading to real-time threats
due to denial of service.
Example
Show containers having threats due to denial of service
drift.vulnerability.threatIntel.denialOfService: true
drift.vulnerability.threatIntel.easyExploit
Use the values true | false to
find containers with drift vulnerabilities leading to real-time threats
due to easy exploit.
Example
Show containers exposed to threats due to easy exploit
drift.vulnerability.threatIntel.easyExploit: true
drift.vulnerability.threatIntel.highDataLoss
Use the values true | false to
find containers with drift vulnerabilities leading to real-time threats
due to high data loss.
Example
Show containers exposed to threats due to high data loss
drift.vulnerability.threatIntel.highDataLoss: true
drift.vulnerability.threatIntel.highLateralMovement
Use the values true | false to
find containers with drift vulnerabilities leading to real-time threats
due to high lateral movement.
Example
Show containers exposed to threats due to high lateral movement
drift.vulnerability.threatIntel.highLateralMovement: true
drift.vulnerability.threatIntel.malware
Use the values true | false to
find containers with drift vulnerabilities leading to real-time threats
due to malware.
Example
Show containers exposed to threats due to malware
drift.vulnerability.threatIntel.malware: true
drift.vulnerability.threatIntel.noPatch
Use the values true | false to
find containers with drift vulnerabilities leading to real-time threats
due to no patch available.
Example
Show containers exposed to threats due to no patch available
drift.vulnerability.threatIntel.noPatch: true
drift.vulnerability.threatIntel.publicExploit
Use the values true | false to
find containers with drift vulnerabilities leading to real-time threats
due to public exploit.
Example
Show containers exposed to threats due to public exploit
drift.vulnerability.threatIntel.publicExploit: true
sha
Use a text value ##### to define SHA 256 hash
of container image.
Example
Show findings with this SHA value
sha: 163dc7f6b91a30bdaa867c28e7edc341e72da63b0f9056be497bd59a83bce695
software.name
Use a text value ##### to find the software application
name you're looking for.
Example
Show containers with this software name
software.name: MyApp
software.version
Use a text value ##### to find the software application
version of interest.
Example
Show containers with this software version
software.version: 2.0.3
software.fixVersion
Use a text value ##### to find software with specific
fix version.
Example
Show containers with this software version
software.fixVersion: 2.0.3
software.vulnerabilities.authType
Use a text value ##### to find software vulnerabilities
with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH,
etc). See Authentication Types in online help for more options.
Example
Show findings with Windows auth type
software.vulnerabilities.authType: "WINDOWS_AUTH"
software.vulnerabilities.category
Use a text value ##### to find software vulnerabilities
with a vulnerability category (CGI, Database, DNS, BIND, etc). See
Vulnerability Categories in online help for category names.
Example
Show findings with category CGI
software.vulnerabilities.category: "CGI"
software.vulnerabilities.customerSeverity
Use an integer value ##### to find software vulnerabilities
with this customer defined severity (1-5).
Examples
Show findings with customer-defined severity 4
software.vulnerabilities.customerSeverity: "4"
Show findings with customer-defined severity 5 and category DNS
software.vulnerabilities: (customerSeverity: "5"
AND category: "DNS")
software.vulnerabilities.cveids
Use a text value ##### to find software vulnerabilities
with CVE Ids.
Example
Show findings with CVE Ids
software.vulnerabilities.cveids: "CVE-2014-9999"
software.vulnerabilities.cvssInfo.accessVector
Use a text value ##### to find containers having
software vulnerabilities with specific CVSS access vector.
Example
Show findings with CVSS access vector
software.vulnerabilities.cvssInfo.accessVector: "Local"
software.vulnerabilities.cvssInfo.baseScore
Use a integer value ##### to find containers having
software vulnerabilities with specific CVSS base score.
Example
Show findings with CVSS base score
software.vulnerabilities.cvssInfo.baseScore: "7.2"
software.vulnerabilities.cvssInfo.temporalScore
Use a integer value ##### to find containers having
software vulnerabilities with specific CVSS temporal score.
Example
Show findings with CVSS temporal score
software.vulnerabilities.cvssInfo.temporalScore: "6.2"
software.vulnerabilities.cvss3Info.baseScore
Use a integer value ##### to find containers having
software vulnerabilities with specific CVSS3 base score.
Example
Show findings with CVSS3 base score
software.vulnerabilities.cvss3Info.baseScore: "4.3"
software.vulnerabilities.cvss3Info.temporalScore
Use a integer value ##### to find containers having
software vulnerabilities with specific CVSS3 temporal score.
Example
Show findings with CVSS3 temporal score
software.vulnerabilities.cvss3Info.temporalScore: "3.8"
software.vulnerabilities.discoveryType
Use a text value ##### to find software vulnerabilities
with a discovery type (REMOTE or AUTHENTICATED).
Example
Show findings with Remote discovery type
software.vulnerabilities.discoveryType: "REMOTE"
software.vulnerabilities.firstFound
Use a date range or specific date to find when
software vulnerabilities were first found.
Examples
Show findings first found within certain dates
software.vulnerabilities.firstFound: [2017-10-01 ...
2017-10-12]
Show findings first found starting 2017-10-01, ending 1 month ago
software.vulnerabilities.firstFound: [2017-10-01 ...
now-1M]
Show findings first found starting 2 weeks ago, ending 1 second
ago
software.vulnerabilities.firstFound: [now-2w ... now-1s]
Show findings first found on certain date
software.vulnerabilities.firstFound:'2017-09-22'
Show findings first found in the past 10 days with severity 5
software.vulnerabilities: (firstFound > now-10d
AND severity: "5")
software.vulnerabilities.fixed
Use a date range or specific date to find software
with vulnerabilities that are fixed.
Examples
Show findings first found within certain dates
software.vulnerabilities.fixed: [2017-10-01 ... 2017-10-12]
Show findings first found starting 2017-10-01, ending 1 month ago
software.vulnerabilities.fixed: [2017-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second
ago
software.vulnerabilities.fixed: [now-2w ... now-1s]
Show findings first found on certain date
software.vulnerabilities.fixed:'2017-09-22'
Show findings first found in the past 10 days with severity 5
software.vulnerabilities: (fixed > now-10d
AND severity: "5")
software.vulnerabilities.lastFound
Use a date range or specific date to find when
software vulnerabilities were last found.
Examples
Show findings last found within certain dates
software.vulnerabilities.lastFound: [2017-10-02 ...
2017-10-15]
Show findings last found starting 2017-10-01, ending 1 month ago
software.vulnerabilities.lastFound: [2017-10-01 ...
now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
software.vulnerabilities.lastFound: [now-2w ... now-1s]
Show findings last found on certain date
software.vulnerabilities.lastFound:'2017-10-11'
Show findings last found on 2017-10-12 and category CGI
software.vulnerabilities: (lastFound: '2017-10-12'
AND category: "CGI")
software.vulnerabilities.result
Use a text value ##### to find software packages
that have vulnerabilities. This is scan (QID) test result generated
by signature.
Example
Show findings with libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4
software.vulnerabilities.result: "libexpat1 2.1.0-6+deb8u3
2.1.0-6+deb8u4"
software.vulnerabilities.risk
Use an integer value ##### to find software vulnerabilities
having a certain risk rating. For confirmed and potential issues risk
is 10 times severity, for information gathered it is severity.
Example
Show findings with risk 50
software.vulnerabilities.risk: 50
software.vulnerabilities.severity
Use an integer value ##### to find software vulnerabilities
with this Qualys defined severity (1-5).
Examples
Show findings with severity 4
software.vulnerabilities.severity: "4"
Show findings with severity 5 and category DNS
software.vulnerabilities: (severity: "5"
AND category: "DNS")
software.vulnerabilities.supportedBy
Use a text value ##### to find software vulnerabilities
that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows
Agent, CA-Linux Agent, CA-Mac Agent).
Example
Show findings supported by VM
software.vulnerabilities.supportedBy: "VM"
software.vulnerabilities.threatIntel
Use a text value ##### to find software vulnerabilities
that are exposed to real-time threats.
Examples
Show findings exposed to public exploit threats
software.vulnerabilities.threatIntel: "publicExploit":
true
Show findings exposed to multiple threats
software.vulnerabilities.threatIntel: {"publicExploit"
: true, "publicExploitNames" : ["Sambar Server 4.3/4.4
Beta 3 - Search CGI - The Exploit-DB Ref : 20223" ]}
software.vulnerabilities.typeDetected
Use a text value ##### to find software vulnerabilities
with a detection type (CONFIRMED or POTENTIAL).
Example
Show findings with this detection type
software.vulnerabilities.typeDetected: "CONFIRMED"
software.vulnerabilities.qid
Use an integer value ##### to provide a QID to
find containers with software having certain vulnerability.
Example
Show findings with QID 90405
software.vulnerabilities.qid: 90405
software.vulnerabilities.title
Use an text value ##### to provide a title to
find containers with software having certain vulnerability.
Example
Show findings with title
software.vulnerabilities.title: title text
software.vulnerabilities.software.name
Use a text value ##### to find vulnerability present
in certain software.
Example
Show findings with software name
software.vulnerabilities.software.name: my-app
software.vulnerabilities.software.version
Use a text value ##### to find vulnerability present
in certain software version.
Example
Show findings with software version
software.vulnerabilities.software.version: 8.0
software.vulnerabilities.software.fixVersion
Use a text value ##### to find vulnerability present
in certain software fix version.
Example
Show findings with certain fix version
software.vulnerabilities.software.fixVersion: 8.0
software.vulnerabilities.source
Use a text value ##### to find software vulnerability
from specific source (CONTAINER, IMAGE, BOTH).
Example
Show software software from images
software.vulnerabilities.source: IMAGE
software.vulnerabilities.reason
Use a text value ##### to find software vulnerability
with specific state (Fixed, New, Removed, Varied)
Example
Show software software that is new
software.vulnerabilities.reason: NEW
software.vulnerabilities.threatIntel.activeAttacks
Use the values true | false to
find containers with software vulnerabilities leading to real-time
threats due to active attacks.
Example
Show containers exposed to threats due to active attacks
software.vulnerabilities.threatIntel.activeAttacks: true
software.vulnerabilities.threatIntel.denialOfService
Use the values true | false to
find containers with software vulnerabilities leading to real-time
threats due to denial of service.
Example
Show containers having threats due to denial of service
software.vulnerabilities.threatIntel.denialOfService: true
software.vulnerabilities.threatIntel.easyExploit
Use the values true | false to
find containers with software vulnerabilities leading to real-time
threats due to easy exploit.
Example
Show containers exposed to threats due to easy exploit
software.vulnerabilities.threatIntel.easyExploit: true
software.vulnerabilities.threatIntel.highDataLoss
Use the values true | false to
find containers with software vulnerabilities leading to real-time
threats due to high data loss.
Example
Show containers exposed to threats due to high data loss
software.vulnerabilities.threatIntel.highDataLoss: true
software.vulnerabilities.threatIntel.highLateralMovement
Use the values true | false to
find containers with software vulnerabilities leading to real-time
threats due to high lateral movement.
Example
Show containers exposed to threats due to high lateral movement
software.vulnerabilities.threatIntel.highLateralMovement:
true
software.vulnerabilities.threatIntel.malware
Use the values true | false to
find containers with software vulnerabilities leading to real-time
threats due to malware.
Example
Show containers exposed to threats due to malware
software.vulnerabilities.threatIntel.malware: true
software.vulnerabilities.threatIntel.noPatch
Use the values true | false to
find containers with software vulnerabilities leading to real-time
threats due to no patch available.
Example
Show containers exposed to threats due to no patch available
software.vulnerabilities.threatIntel.noPatch: true
software.vulnerabilities.threatIntel.publicExploit
Use the values true | false to
find containers with software vulnerabilities leading to real-time
threats due to public exploit.
Example
Show containers exposed to threats due to public exploit
software.vulnerabilities.threatIntel.publicExploit: true
source
Use a text value ##### to find containers from
specific source (GENERAL, HOST, SERVERLESS_FARGATE).
Example
Show containers on host
source: HOST
state
Use a text value ##### to find containers in certain
state (CREATED, RUNNING, STOPPED, PAUSED, DELETED).
Example
Show containers in a certain state
state: "Running"
stateChanged
Use a date range or specific date to define when
containers changed state. When entering a date use YYYY-MM-DD format.
Examples
Show containers that changed state within certain dates
stateChanged: [2019-10-01 ... 2019-10-12]
Show containers that changed state starting October 1st and ending
1 month ago
stateChanged: [2019-10-01 ... now-1M]
Show containers that changed state starting 2 weeks ago, ending
1 second ago
stateChanged: [now-2w ... now-1s]
Show containers that changed state on certain date
stateChanged:'2019-09-22'
updated
Use a date range or specific date to define when
containers were updated. The updated date is modified with each event
on the container, and with vulnerability report processing for the
container.
Examples
Find containers updated within certain dates
updated: [2019-06-15 ... 2019-06-30]
Find containers updated on specific date
updated:'2019-08-15'
users
Use a text value ##### to find a user name configured inside
a container image/running-container. The user can be any container
user: root or non-root.
Example
Show findings with this user name
users: asmith
vulnerabilities.authType
Use a text value ##### to find containers having
vulnerabilities with an authentication type (WINDOWS_AUTH, UNIX_AUTH,
ORACLE_AUTH, etc). See Authentication Types in online help for more
options.
Example
Show findings with Windows auth type
vulnerabilities.authType: "WINDOWS_AUTH"
vulnerabilities.category
Use a text value ##### to find containers with
vulnerabilities having a vulnerability category (CGI, Database, DNS,
BIND, etc). See Vulnerability Categories in online help for category
names.
Example
Show findings with category CGI
vulnerabilities.category: "CGI"
vulnerabilities.customerSeverity
Use an integer value ##### to find containers
having vulnerabilities with this customer defined severity (1-5).
Examples
Show findings with customer-defined severity 4
vulnerabilities.customerSeverity: "4"
Show findings with customer-defined severity 5 and category DNS
vulnerabilities: (customerSeverity: "5"
AND category: "DNS")
vulnerabilities.cveids
Use a text value ##### to find the CVE name you're
interested in.
Example
Show findings with CVE name CVE-2015-0313
vulnerabilities.cveids: CVE-2015-0313
vulnerabilities.cvssInfo.accessVector
Use a text value ##### to find containers having
vulnerabilities with specific CVSS access vector.
Example
Show findings with CVSS access vector
vulnerabilities.cvssInfo.accessVector: "Local"
vulnerabilities.cvssInfo.baseScore
Use a integer value ##### to find containers having
vulnerabilities with specific CVSS base score.
Example
Show findings with CVSS base score
vulnerabilities.cvssInfo.baseScore: "7.2"
vulnerabilities.cvssInfo.temporalScore
Use a integer value ##### to find containers having
vulnerabilities with specific CVSS temporal score.
Example
Show findings with CVSS temporal score
vulnerabilities.cvssInfo.temporalScore: "6.2"
vulnerabilities.cvss3Info.baseScore
Use a integer value ##### to find containers having
vulnerabilities with specific CVSS3 base score.
Example
Show findings with CVSS3 base score
vulnerabilities.cvss3Info.baseScore: "4.3"
vulnerabilities.cvss3Info.temporalScore
Use a integer value ##### to find containers having
vulnerabilities with specific CVSS3 temporal score.
Example
Show findings with CVSS3 temporal score
vulnerabilities.cvss3Info.temporalScore: "3.8"
vulnerabilities.discoveryType
Use a text value ##### to find containers having
vulnerabilities with a discovery type (REMOTE or AUTHENTICATED).
Example
Show findings with Remote discovery type
vulnerabilities.discoveryType: "REMOTE"
vulnerabilities.firstFound
Use a date range or specific date to define when
vulnerabilities on container were first found.
Examples
Show findings first found within certain dates
vulnerabilities.firstFound: [2017-10-01 ... 2017-10-12]
Show findings first found starting 2017-10-01, ending 1 month ago
vulnerabilities.firstFound: [2017-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second
ago
vulnerabilities.firstFound: [now-2w ... now-1s]
Show findings first found on certain date
vulnerabilities.firstFound:'2017-09-22'
Show findings first found in the past 10 days with severity 5
vulnerabilities: (firstFound > now-10d
AND severity: "5")
vulnerabilities.fixed
Use a date range or specific date to define when
vulnerabilities on container were fixed.
Examples
Show findings fixed within certain dates
vulnerabilities.fixed: [2017-10-01 ... 2017-10-12]
Show findings fixed starting 2017-10-01, ending 1 month ago
vulnerabilities.fixed: [2017-10-01 ... now-1M]
Show findings fixed starting 2 weeks ago, ending 1 second ago
vulnerabilities.fixed: [now-2w ... now-1s]
Show findings fixed on certain date
vulnerabilities.fixed:'2017-09-22'
Show findings fixed in the past 10 days with severity 5
vulnerabilities: (fixed > now-10d AND
severity: "5")
vulnerabilities.lastFound
Use a date range or specific date to define when
vulnerabilities on container were last found.
Examples
Show findings last found within certain dates
vulnerabilities.lastFound: [2017-10-02 ... 2017-10-15]
Show findings last found starting 2017-10-01, ending 1 month ago
vulnerabilities.lastFound: [2017-10-01 ... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
vulnerabilities.lastFound: [now-2w ... now-1s]
Show findings last found on certain date
vulnerabilities.lastFound:'2017-10-11'
Show findings last found on 2017-10-12 and category CGI
vulnerabilities: (lastFound: '2017-10-12'
AND category: "CGI")
vulnerabilities.product
Use a text value ##### to find containers having
vulnerabilities on a certain vendor product (moodle, gnome, code-crafters,
etc). See Product References in online help for vendor names.
Example
Show findings for this product
vulnerabilities.product: "moodle"
vulnerabilities.result
Use a text value ##### to find software packages
that have vulnerabilities. This is scan (QID) test result generated
by signature.
Example
Show findings with libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4
vulnerabilities.result: "libexpat1 2.1.0-6+deb8u3
2.1.0-6+deb8u4"
vulnerabilities.risk
Use an integer value ##### to find containers
with vulnerabilities having a certain risk rating. For confirmed and
potential issues risk is 10 times severity, for information gathered
it is severity.
Example
Show findings with risk 50
vulnerabilities.risk: 50
vulnerabilities.severity
Use an integer value ##### to find containers
having vulnerabilities with this Qualys defined severity (1-5).
Example
Show findings with severity 4
vulnerabilities.severity: "4"
Show findings with severity 5 and category DNS
vulnerabilities: (severity: "5"
AND category: "DNS")
vulnerabilities.status
Use a text value ##### to find containers having
vulnerabilities with a vulnerability status (OPEN, FIXED or REOPENED).
Example
Show findings with this status
vulnerabilities.status: "OPEN"
vulnerabilities.supportedBy
Use a text value ##### to find containers with
vulnerabilities that are supported by a Qualys product (VM, WAS, MD,
WAF, CA-Windows Agent, CA-Linux Agent, CA-Mac Agent).
Example
Show findings supported by VM
vulnerabilities.supportedBy: "VM"
vulnerabilities.threatIntel.activeAttacks
Use the values true | false to
find containers with vulnerabilities leading to real-time threats
due to active attacks.
Example
Show containers exposed to threats due to active attacks
vulnerabilities.threatIntel.activeAttacks: true
vulnerabilities.threatIntel.denialOfService
Use the values true | false to
find containers with vulnerabilities leading to real-time threats
due to denial of service.
Example
Show containers having threats due to denial of service
vulnerabilities.threatIntel.denialOfService: true
vulnerabilities.threatIntel.easyExploit
Use the values true | false to
find containers with vulnerabilities leading to real-time threats
due to easy exploit.
Example
Show containers exposed to threats due to easy exploit
vulnerabilities.threatIntel.easyExploit: true
vulnerabilities.threatIntel.highDataLoss
Use the values true | false to
find containers with vulnerabilities leading to real-time threats
due to high data loss.
Example
Show containers exposed to threats due to high data loss
vulnerabilities.threatIntel.highDataLoss: true
vulnerabilities.threatIntel.highLateralMovement
Use the values true | false to
find containers with vulnerabilities leading to real-time threats
due to high lateral movement.
Example
Show containers exposed to threats due to high lateral movement
vulnerabilities.threatIntel.highLateralMovement: true
vulnerabilities.threatIntel.malware
Use the values true | false to
find containers with vulnerabilities leading to real-time threats
due to malware.
Example
Show containers exposed to threats due to malware
vulnerabilities.threatIntel.malware: true
vulnerabilities.threatIntel.noPatch
Use the values true | false to
find containers with vulnerabilities leading to real-time threats
due to no patch available.
Example
Show containers exposed to threats due to no patch available
vulnerabilities.threatIntel.noPatch: true
vulnerabilities.threatIntel.publicExploit
Use the values true | false to
find containers with vulnerabilities leading to real-time threats
due to public exploit.
Example
Show containers exposed to threats due to public exploit
vulnerabilities.threatIntel.publicExploit: true
vulnerabilities.typeDetected
Use a text value ##### to find containers having
vulnerabilities with a detection type (CONFIRMED or POTENTIAL).
Example
Show findings with this detection type
vulnerabilities.typeDetected: "CONFIRMED"
vulnerabilities.vendor
Use a text value ##### to find containers having
vulnerabilities on product from a certain vendor. See Vendor References
in online help for vendor names.
Example
Show findings for this vendor
vulnerabilities.vendor: "vendor-name"
vulnerabilities.qid
Use an integer value ##### to provide a QID to
find containers with certain vulnerability.
Example
Show findings with QID 90405
vulnerabilities.qid: 90405
vulnerabilities.title
Use an text value ##### to provide a title to
find containers with certain vulnerability.
Example
Show findings with title
vulnerabilities.title: title text
vulnerabilities.software.name
Use a text value ##### to find vulnerability present
in certain software.
Example
Show findings with software name
vulnerabilities.software.name: my-app
vulnerabilities.software.version
Use a text value ##### to find vulnerability present
in certain software version.
Example
Show findings with software version
vulnerabilities.software.version: 8.0
vulnerabilities.software.fixVersion
Use a text value ##### to find vulnerability present
in certain software fix version.
Example
Show findings with certain fix version
vulnerabilities.software.fixVersion: 8.0
services.name
Use a text value ##### to find containers with
specific services running on them.
Example
Show findings with service name
services.name: sshd
services.description
Use a text value ##### to find containers with
the description of specific services running on them.
Example
Show findings with service description
services.description: Secure Socket Shell
services.status
Use a text value ##### to find containers with
the status of specific services running on them. Status could be RUNNING,
STOPPED, etc.
Example
Show findings with service status
services.status: RUNNING
and
Use a boolean query to express your query using
AND logic.
Example
Show containers in Running state and running processes as root
state: RUNNING and isRoot: true
not
Use a boolean query to express your query using
NOT logic.
Example
Show containers that are not in Running state
not state: RUNNING
or
Use a boolean query to express your query using
OR logic.
Example
Show containers that are in one of these states
state: DELETED or state: UNKNOWN