Search Assets Tokens

activated

Use a text value ##### to find assets based on the activation status (True, False)

Example

Find assets with this activation status.

activated: True

activationDate

Use a text value ##### to find assets based on the activation date.

Example

Find assets that are activated within certain dates.

activationDate: [2020-10-05 .. 2020-10-10]

Find assets activated on specific date.

activationDate: '2020-10-05'

agentService.httpStatus

Use a text value ##### to find Linux assets based on http status.

Example

Find Linux assets with this http status.

agentService.httpStatus: null

agentService.osStatus

Use a text value ##### to find Linux assets based on the operating system (OS) status.

Example

Find Linux assets with this OS status.

agentService.osStatus: "Q_AuditChannelBusy"

agentService.status

Use a text value ##### to find assets based on the agent service status. (FIM_DRIVER_LOADED, FIM_DRIVER_LOADED_FAILURE, FIM_DRIVER_UNLOADED, FIM_DRIVER_UNLOADED_FAILURE, FIM_EVENTS_UPLOADED, FIM_EVENTS_UPLOADED_FAILURE, FIMC_RUNNING, FIMC_STOPPED).

Example

Find assets with this agent service status.

agentService.status: FIM_DRIVER_LOADED

agentService.statusCode

Use a text value ##### to find assets based on the agent service code. (2001, 2002, 2003, 2004, 2007, 2008, 2009, 2010).

Example

Find assets with this agent service code.

agentService.statusCode: 2001

agentService.updatedDate

Use a text value ##### to find assets based on the agent updated.

Example

Find assets with agent updated within certain dates.

agentService.updatedDate: [2020-10-05 .. 2020-10-10]

Find assets with this agent update date.

agentService.updatedDate: '2020-10-05'

agentUuid

Use an integer value ##### to find assets by agent UUID.

Example

Show assets with this agent UUID.

agentUuid: "0c16f8b0-9f3b-4fcf-a7d6-730017b1a4d3"

agentVersion

Use a text value ##### to find the assets with a agent version you're interested in.

Example

Show assets with this agent version.

agentVersion: 2.2.0

assetId

Use an integer value ##### to find assets by agent ID.

Example

Show assets with this agent ID.

assetId: 43227

assetType

Use a text value ##### to filter assets by the certain asset type.

Example

Show assets with this asset type.

assetType: HOST

created

Use a text value ##### to find assets based on the date created.

Example

Find assets created within certain dates.

created: [2020-10-05 .. 2020-10-10]

Find assets created on this date.

created: '2020-10-05'

netbiosName

Use a text value ##### to find assets based on the netbios name.

Example

Find assets with this netbios name.

netbiosName: null

ec2.region

Use a text value ##### to find assets based on the EC2 region.

Example

Find assets with this EC2 region.

ec2.region: "US East (N. Virginia)"

ec2.instanceId

Use a text value ##### to find assets based on the EC2 instance ID.

Example

Find assets with this EC2 instance ID.

ec2.instanceId: i-1234567890abcdef0

ec2.hostname

Use a text value ##### to find assets based on the EC2 hostname.

Example

Find assets with this EC2 hostname.

ec2.hostname: abc.qualys.com

ec2.availabilityZone

Use a text value ##### to find assets based on the EC2 availability zone of assets.

Example

Find assets with this EC2 availability zone of assets.

ec2.availabilityZone: us-east-1a

interfaces.macAddress

Use a text value #####to find assets with the MAC address you're interested in.

Example

Show the asset with this MAC address.

interfaces.macAddress: "00:0a:95:9d:68:16"

interfaces.address

Use a text value ##### to find assets with an IP address (IPv4 of IPv6) you're interested in.

Example

Find assets with this interfaces address.

interfaces.address: "10.115.106.169"

interfaces.hostname

Use a text value ##### to find assets with the hostname you're interested in.

Example

Find assets with this hostname.

interfaces.hostname: "WIN10-122.WORKGROUP"

interfaces.interfaceName

Use a text value ##### to find assets based on the interface name.

Example

Find assets with this interface name.

interfaces.interfaceName: "Intel(R) 82574L Gigabit Network Connection"

lastLoggedOnUser

Use a text value ##### to find assets based on the user last logged in user.

Example

Find assets with this last logged in user.

lastLoggedOnUser: "qualys_hs"

lastCheckedIn

Use a date range or specific date to find assets based on the last check-in.

Example

Find assets with last check in within a specific date range.

lastCheckedIn: [2020-01-01 .. 2020-01-10]

Find assets with last check in starting 2019-11-01, ending 1 month ago.

lastCheckedIn: [2019-11-01 .. now-1M]

Find assets with last check in starting 2 weeks ago, ending 1 second ago.

lastCheckedIn: [now-2w .. now-1s]

Find assets with last check in on a specific date.

lastCheckedIn: '2020-02-11'

Find assets with last check in before (older than) last 30 days.

lastCheckedIn: <now-30d

Note: In this case, we recommend not to use the NOT operator in your range search to form a query like NOT lastCheckedIn:[now-30d .. now-2s].

Find assets with last check in within last 30 days excluding day 30.

lastCheckedIn: >now-30d

Find assets with last check in within last 30 days including day 30.

lastCheckedIn: >=now-30d

Find assets with last check in which is older than last 30 days excluding day 30.

lastCheckedIn: <now-30d

Find assets with last check in which is older than last 30 days including day 30

lastCheckedIn: <=now-30d

operatingSystem

Use quotes or backticks within values to find assets based on the operating system.

Example

Show asset for operating system.

operatingSystem: windows

Show any asset that contain parts of operating system name.

operatingSystem: "windows"

Show asset that match exact value.

operatingSystem: `windows`

manifest.status

Use a text value ##### to find assets based on manifest status (FIM_ACTIVATION_REQUEST_RECEIVED, FIM_MANIFEST_DECOMMISSIONED, FIM_MANIFEST_ASSIGNED, FIM_MANIFEST_PUBLISHED, NO_FIM_MONITORING_PROFILE_FOUND, QUEUED_FOR_MANIFEST_GENERATION).

Example

Find assets with this manifest status.

manifest.status: FIM_ACTIVATION_REQUEST_RECEIVED

manifest.id

Use a text value ##### to find assets based on manifest ID.

Example

Find assets with this manifest ID.

manifest.id: 920e5b2f-546a-444f-b5e5-f13931597df9

manifest.updatedDate

Use a text value ##### to find assets based on manifest updated date.

Example

Find assets with manifest updated within certain dates.

manifest.updatedDate: [2020-10-05 .. 2020-10-10]

Find assets with this manifest update date.

manifest.updatedDate: '2020-10-05'

name

Use quotes or backticks with value to find assets with the name you're interested in.

Example

Show any asset related to name.

name: localhost

Show any asset that contain parts of name.

name: "localhost"

Show asset that match exact name.

name: `localhost`

system.boot

Use a text value ##### to find assets based on the last boot date.

Example

Find assets booted within certain dates.

system.boot: [2020-10-05 ... 2020-10-10]

Find assets with this last boot date.

system.boot: '2020-10-05'

tags.name

Use quotes or backticks within values to find assets based on the tag name.

Example

Find assets with tag name.

tags.name: cloud

Find assets that contain parts of tag name.

tags.name: "cloud"

Find assets that match exact value.

tags.name: `cloud`

and

Use a boolean query to express your query using AND logic.

Example

Show approved incidents in patching category

agentService.status: `FIMC_RUNNING` and operatingSystem: `linux`

not

Use a boolean query to express your query using NOT logic.

Example

Show incidents that were not pre-approved

agentService.status: `FIMC_RUNNING` not operatingSystem: `linux`

or

Use a boolean query to express your query using OR logic.

Example

Show incidents with one of these categories

agentService.status: `FIMC_RUNNING` or operatingSystem: `linux`