Searching for Software
Click to view navigation pane


Home

Searching for Software

Use the search tokens below to search installed software within Container and Image details. Looking for help with writing your query? click here

fixVersion

Use a text value ##### to find software with specific fix version.

Example

Show containers with this software version

fixVersion: 2.0.3

name

Use a text value ##### to find the software application name you're looking for.

Example

Show containers with this software name

name: MyApp

scanType

Use a text value ##### to find software based on the type of scan (STATIC, DYNAMIC, SCA) used to detect the software. (Only supported when searching Image Details.)

Example

Show software detected by SCA scan type

scanType: SCA

version

Use a text value ##### to find the software application version of interest.

Example

Show containers with this software version

version: 2.0.3

vulnerabilities.authType

Use a text value ##### to find software vulnerabilities with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc). See Authentication Types in online help for more options.

Example

Show findings with Windows auth type

vulnerabilities.authType: "WINDOWS_AUTH"

vulnerabilities.category

Use a text value ##### to find software vulnerabilities with a vulnerability category (CGI, Database, DNS, BIND, etc). See Vulnerability Categories in online help for category names.

Example

Show findings with category CGI

vulnerabilities.category: "CGI"

vulnerabilities.customerSeverity

Use an integer value ##### to find software vulnerabilities with this customer defined severity (1-5).

Examples

Show findings with customer-defined severity 4

vulnerabilities.customerSeverity: "4"

Show findings with customer-defined severity 5 and category DNS

vulnerabilities: (customerSeverity: "5" AND category: "DNS")

vulnerabilities.cveids

Use a text value ##### to find software vulnerabilities with CVE Ids.

Example

Show findings with CVE Ids

vulnerabilities.cveids: "CVE-2014-9999"

vulnerabilities.cvssInfo.accessVector

Use a text value ##### to find containers having software vulnerabilities with specific CVSS access vector.

Example

Show findings with CVSS access vector

vulnerabilities.cvssInfo.accessVector: "Local"

vulnerabilities.cvssInfo.baseScore

Use a integer value ##### to find containers having software vulnerabilities with specific CVSS base score.

Example

Show findings with CVSS base score

vulnerabilities.cvssInfo.baseScore: "7.2"

vulnerabilities.cvssInfo.temporalScore

Use a integer value ##### to find containers having software vulnerabilities with specific CVSS temporal score.

Example

Show findings with CVSS temporal score

vulnerabilities.cvssInfo.temporalScore: "6.2"

vulnerabilities.cvss3Info.baseScore

Use a integer value ##### to find containers having software vulnerabilities with specific CVSS3 base score.

Example

Show findings with CVSS3 base score

vulnerabilities.cvss3Info.baseScore: "4.3"

vulnerabilities.cvss3Info.temporalScore

Use a integer value ##### to find containers having software vulnerabilities with specific CVSS3 temporal score.

Example

Show findings with CVSS3 temporal score

vulnerabilities.cvss3Info.temporalScore: "3.8"

vulnerabilities.discoveryType

Use a text value ##### to find software vulnerabilities with a discovery type (REMOTE or AUTHENTICATED).

Example

Show findings with Remote discovery type

vulnerabilities.discoveryType: "REMOTE"

vulnerabilities.firstFound

Use a date range or specific date to find when software vulnerabilities were first found.

Examples

Show findings first found within certain dates

vulnerabilities.firstFound: [2017-10-01 ... 2017-10-12]

Show findings first found starting 2017-10-01, ending 1 month ago

vulnerabilities.firstFound: [2017-10-01 ... now-1M]

Show findings first found starting 2 weeks ago, ending 1 second ago

vulnerabilities.firstFound: [now-2w ... now-1s]

Show findings first found on certain date

vulnerabilities.firstFound:'2017-09-22'

Show findings first found in the past 10 days with severity 5

vulnerabilities: (firstFound > now-10d AND severity: "5")

vulnerabilities.fixed

Use a date range or specific date to find software with vulnerabilities that are fixed.

Examples

Show findings first found within certain dates

vulnerabilities.fixed: [2017-10-01 ... 2017-10-12]

Show findings first found starting 2017-10-01, ending 1 month ago

vulnerabilities.fixed: [2017-10-01 ... now-1M]

Show findings first found starting 2 weeks ago, ending 1 second ago

vulnerabilities.fixed: [now-2w ... now-1s]

Show findings first found on certain date

vulnerabilities.fixed:'2017-09-22'

Show findings first found in the past 10 days with severity 5

vulnerabilities: (fixed > now-10d AND severity: "5")

vulnerabilities.lastFound

Use a date range or specific date to find when software vulnerabilities were last found.

Examples

Show findings last found within certain dates

vulnerabilities.lastFound: [2017-10-02 ... 2017-10-15]

Show findings last found starting 2017-10-01, ending 1 month ago

vulnerabilities.lastFound: [2017-10-01 ... now-1M]

Show findings last found starting 2 weeks ago, ending 1 second ago

vulnerabilities.lastFound: [now-2w ... now-1s]

Show findings last found on certain date

vulnerabilities.lastFound:'2017-10-11'

Show findings last found on 2017-10-12 and category CGI

vulnerabilities: (lastFound: '2017-10-12' AND category: "CGI")

vulnerabilities.result

Use a text value ##### to find software packages that have vulnerabilities. This is scan (QID) test result generated by signature.

Example

Show findings with libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4

vulnerabilities.result: "libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4"

vulnerabilities.risk

Use an integer value ##### to find software vulnerabilities having a certain risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.

Example

Show findings with risk 50

vulnerabilities.risk: 50

vulnerabilities.severity

Use an integer value ##### to find software vulnerabilities with this Qualys defined severity (1-5).

Examples

Show findings with severity 4

vulnerabilities.severity: "4"

Show findings with severity 5 and category DNS

vulnerabilities: (severity: "5" AND category: "DNS")

vulnerabilities.supportedBy

Use a text value ##### to find software vulnerabilities that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows Agent, CA-Linux Agent, CA-Mac Agent).

Example

Show findings supported by VM

vulnerabilities.supportedBy: "VM"

vulnerabilities.threatIntel

Use a text value ##### to find software vulnerabilities that are exposed to real-time threats.

Examples

Show findings exposed to public exploit threats

vulnerabilities.threatIntel: "publicExploit": true

Show findings exposed to multiple threats

vulnerabilities.threatIntel: {"publicExploit" : true, "publicExploitNames" : ["Sambar Server 4.3/4.4 Beta 3 - Search CGI - The Exploit-DB Ref : 20223" ]}

vulnerabilities.typeDetected

Use a text value ##### to find software vulnerabilities with a detection type (CONFIRMED or POTENTIAL).

Example

Show findings with this detection type

vulnerabilities.typeDetected: "CONFIRMED"

vulnerabilities.qid

Use an integer value ##### to provide a QID to find containers with software having certain vulnerability.

Example

Show findings with QID 90405

vulnerabilities.qid: 90405

vulnerabilities.title

Use an text value ##### to provide a title to find containers with software having certain vulnerability.

Example

Show findings with title

vulnerabilities.title: title text

vulnerabilities.source

Use a text value ##### to find software vulnerability from specific source (CONTAINER, IMAGE, BOTH).

Example

Show software software from images

vulnerabilities.source: IMAGE

vulnerabilities.reason

Use a text value ##### to find software vulnerability with specific state (Fixed, New, Removed, Varied)

Example

Show software software that is new

vulnerabilities.reason: NEW

vulnerabilities.threatIntel.activeAttacks

Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to active attacks.

Example

Show containers exposed to threats due to active attacks

vulnerabilities.threatIntel.activeAttacks: true

vulnerabilities.threatIntel.denialOfService

Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to denial of service.

Example

Show containers having threats due to denial of service

vulnerabilities.threatIntel.denialOfService: true

vulnerabilities.threatIntel.easyExploit

Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to easy exploit.

Example

Show containers exposed to threats due to easy exploit

vulnerabilities.threatIntel.easyExploit: true

vulnerabilities.threatIntel.highDataLoss

Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to high data loss.

Example

Show containers exposed to threats due to high data loss

vulnerabilities.threatIntel.highDataLoss: true

vulnerabilities.threatIntel.highLateralMovement

Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to high lateral movement.

Example

Show containers exposed to threats due to high lateral movement

vulnerabilities.threatIntel.highLateralMovement: true

vulnerabilities.threatIntel.malware

Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to malware.

Example

Show containers exposed to threats due to malware

vulnerabilities.threatIntel.malware: true

vulnerabilities.threatIntel.noPatch

Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to no patch available.

Example

Show containers exposed to threats due to no patch available

vulnerabilities.threatIntel.noPatch: true

vulnerabilities.threatIntel.publicExploit

Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to public exploit.

Example

Show containers exposed to threats due to public exploit

vulnerabilities.threatIntel.publicExploit: true

and

Use a boolean query to express your query using AND logic.

Example

Show findings with detection type Confirmed and severity 5

vulnerabilities.typeDetected: CONFIRMED and vulnerabilities.severity: 5

not

Use a boolean query to express your query using NOT logic.

Example

Show findings that don't have Remote discovery type

not vulnerabilities.discoveryType: REMOTE

or

Use a boolean query to express your query using OR logic.

Example

Show findings with one of severity levels

vulnerabilities.severity: 5 or vulnerabilities.severity: 4