Home

Using Vulnerability Tokens to Create Windows Job

Use these tokens to define criteria to create a QQL-based Windows deployment job. Looking for help with writing your query? click here

Vulnerability Tokens

Use these tokens to define search criteria for vulnerabilities. You must have a subscription to VMDR app to use these tokens.

vulnerabilities.firstFoundvulnerabilities.firstFound

Use a date range or specific date to define when findings were first found.

Examples

Show findings first found within certain dates

vulnerabilities.firstFound:[2017-10-21 ... 2017-10-30]

Show findings first found starting 2015-10-01, ending 1 month ago

vulnerabilities.firstFound:[2015-10-01 ... now-1M]

Show findings first found starting 2 weeks ago, ending 1 second ago

vulnerabilities.firstFound:[now-2w ... now-1s]

Show findings first found on certain date

vulnerabilities.firstFound:'2016-11-11'

vulnerabilities.hostAssetNamevulnerabilities.hostAssetName

Use quotes or backticks within values to help you find the host asset name you're looking for.

Examples

Show any findings related to name

vulnerabilities.hostAssetName:QK2K12QP3-65-53

Show any findings that contain parts of name

vulnerabilities.hostAssetName:"QK2K12QP3-65-53"

Show any findings that match exact value "QK2K12QP3-65-53"

vulnerabilities.hostAssetName:`QK2K12QP3-65-53`

vulnerabilities.hostOSvulnerabilities.hostOS

Use quotes or backticks within values to help you find the host operating system you're interested in.

Examples

Show any findings with this OS name

vulnerabilities.hostOS:Windows 2012

Show any findings that contain components of OS name

vulnerabilities.hostOS:"Windows 2012"

Show any findings that match exact value "Windows 2012"

vulnerabilities.hostOS:`Windows 2012`

vulnerabilities.foundvulnerabilities.found

Use the values true | false to define vulnerabilities are detected or not on the assets.

Examples

Show findings with vulnerabilities detected

vulnerabilities.found:TRUE

vulnerabilities.detectionScorevulnerabilities.detectionScore

Use an integer value (0-100) to help you find vulnerabilities based on specific detection score.

Examples

Show vulnerabilities with detection score 80

vulnerabilities.detectionScore:80

Show vulnerabilities with detection score 25

vulnerabilities.detectionScore:25

vulnerabilities.disabledvulnerabilities.disabled

Use the values true | false to define vulnerabilities are disabled or enabled.

Examples

Show findings with vulnerabilities disabled

vulnerabilities.disabled:TRUE

vulnerabilities.lastFixedvulnerabilities.lastFixed

Use a date range or specific date to define when findings were last fixed.

Examples

Show findings last fixed within certain dates

vulnerabilities.lastFixed:[2015-10-21 ... 2016-01-15]

Show findings last fixed starting 2016-01-01, ending 1 month ago

vulnerabilities.lastFixed:[2016-01-01 ... now-1M]

Show findings last fixed starting 2 weeks ago, ending 1 second ago

vulnerabilities.lastFixed:[now-2w ... now-1s]

Show findings last fixed on certain date

vulnerabilities.lastFixed:'2016-01-11'

Show findings last fixed within certain number of days

vulnerabilities.lastFixed: [91..180]

vulnerabilities.lastFoundvulnerabilities.lastFound

Use a date range or specific date to define when findings were last found.

Examples

Show findings last found within certain dates

vulnerabilities.lastFound:[2015-10-21 ... 2016-01-15]

Show findings last found starting 2016-01-01, ending 1 month ago

vulnerabilities.lastFound:[2016-01-01 ... now-1M]

Show findings last found starting 2 weeks ago, ending 1 second ago

vulnerabilities.lastFound:[now-2w ... now-1s]

Show findings last found on certain date

vulnerabilities.lastFound:'2016-01-11'

Show findings last found within certain number of days

vulnerabilities.lastFound: [91..180]

Show findings last found on 2017-01-12 with patch available

vulnerabilities: (lastFound:'2017-01-12' AND vulnerability.patchAvailable:TRUE)

vulnerabilities: (lastFound: AND vulnerability.patchAvailable:TRUE)

 

vulnerabilities.nonExploitableConfigvulnerabilities.nonExploitableConfig

Use the values true | false to define vulnerabilities with non-exploitable configurations.

Examples

Show findings with non exploitable configurations

vulnerabilities.nonExploitableConfig:TRUE

Show findings with exploitable configurations

vulnerabilities.nonExploitableConfig:FALSE

vulnerabilities.nonRunningKernelvulnerabilities.nonRunningKernel

Use the values true | false to view vulnerabilities found on non-running kernels.

Examples

Show detections found on non-running Kernal

vulnerabilities.nonRunningKernel:TRUE

Show detections found on running Kernal

vulnerabilities.nonRunningKernel:FALSE

vulnerabilities.sslvulnerabilities.ssl

Use the values true | false to define vulnerabilities found on secure socket layer (SSL).

Examples

Show vulnerabilities associated with SSL

vulnerabilities.ssl:TRUE

vulnerabilities.portvulnerabilities.port

Use an integer value ##### to help you find vulnerabilities found on a certain port.

Example

Show vulnerabilities found on this port

vulnerabilities.port:443

vulnerabilities.protocolvulnerabilities.protocol

Use a text value ##### (UDP or TCP) to define the port protocol you're interested in.

Example

Show vulnerabilities found on TCP protocol

vulnerabilities.protocol:TCP

vulnerabilities.ignoredvulnerabilities.ignored

Use an integer value ##### to help you find vulnerabilities that have been marked as ignored.

Example

Show vulnerabilities that are marked as ignored

vulnerabilities.ignored:TRUE

vulnerabilities.instancevulnerabilities.instance

Use an integer value ##### to help you find vulnerabilities found on a certain instance.

Example

Show vulnerabilities found on this instance  

vulnerabilities.instance: 354216

vulnerabilities.runningServicevulnerabilities.runningService

Use the values true | false to define vulnerabilities found on a running port/service.

Example

Show vulnerabilities found on running service

vulnerabilities.runningService:TRUE

Show vulnerabilities found on non-running service

vulnerabilities.runningService:FALSE

vulnerabilities.severityvulnerabilities.severity

Select a severity (1-5) to find assets having vulnerabilities with this severity. Select from values in the drop-down menu.

Example

Show findings with severity 5

vulnerabilities.severity:5

vulnerabilities.statusvulnerabilities.status

Select a status (e.g. Active, Fixed, New, Reopened) to find vulnerabilities with certain status. Select from names in the drop-down menu.

If you select the status as Fixed, the list will only show vulnerabilities that are fixed in the last 365 days.

Example

Show vulnerabilities with New status

vulnerabilities.status:NEW

 

vulnerabilities.typeDetectedvulnerabilities.typeDetected

Select a detection type (e.g. Confirmed, Potential, Information) to find assets with vulnerabilities of this type. Select from names in the drop-down menu.

Example

Show findings with this type

vulnerabilities.typeDetected:Confirmed

vulnerabilities.vulnerability.authTypesvulnerabilities.vulnerability.authTypes

Select the name (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc) of an authentication type you're interested in. Select from names in the drop-down menu.

Example

Show findings with Windows auth type

vulnerabilities.vulnerability.authTypes:WINDOWS_AUTH

vulnerabilities.vulnerability.bugTraqIdsvulnerabilities.vulnerability.bugTraqIds

Use a text value ##### to find a BugTraq number you're interested in.

Example

Show findings with BugTraq ID 22211

vulnerabilities.vulnerability.bugTraqIds:22211

vulnerabilities.vulnerability.categoryvulnerabilities.vulnerability.category

Select a category (CGI, Database, DNS, BIND, etc) to find vulnerabilities with this category. Select from names in the drop-down menu.

Example

Show findings with category CGI

vulnerabilities.vulnerability.category:CGI

vulnerabilities.vulnerability.compliance.descriptionvulnerabilities.vulnerability.compliance.description

Use quotes or backticks within values to help you find the compliance description you're looking for.

Examples

Show any findings related to this description

vulnerabilities.vulnerability.compliance.description:malicious software

Show any findings that contain "malicious" or "software" in description

vulnerabilities.vulnerability.compliance.description:"malicious software"

Show any findings that match exact value "malicious software"

vulnerabilities.vulnerability.compliance.description:`malicious software`

vulnerabilities.vulnerability.compliance.sectionvulnerabilities.vulnerability.compliance.section

Use quotes or backticks within values to help you find the compliance section you're looking for.

Examples

Show any findings related to this section

vulnerabilities.vulnerability.compliance.section:164.308

Show any findings that contain parts of section

vulnerabilities.vulnerability.compliance.section:"164.308"

Show any findings that match exact value "164.308"

vulnerabilities.vulnerability.compliance.section:`164.308`

vulnerabilities.vulnerability.compliance.typevulnerabilities.vulnerability.compliance.type

Select the name ##### of a compliance type you're interested in (e.g. COBIT, HIPAA, GLBA, SOX). Select from names in the drop-down menu.

Example

Show findings with the compliance type HIPAA

vulnerabilities.vulnerability.compliance.type:HIPAA

vulnerabilities.vulnerability.impactvulnerabilities.vulnerability.impact

Use quotes or backticks within values to help you find the impact you're looking for.

Example

Show any findings related to impact

vulnerabilities.vulnerability.impact:sensitive information

Show any findings that contain "sensitive" or "information" in consequence

vulnerabilities.vulnerability.impact:"sensitive information"

Show any findings that match exact value "sensitive information"

vulnerabilities.vulnerability.impact:'sensitive information'

vulnerabilities.vulnerability.consequencevulnerabilities.vulnerability.consequence

Use quotes or backticks within values to help you find the consequence you're looking for.

Examples

Show any findings related to consequence

vulnerabilities.vulnerability.consequence:sensitive information

Show any findings that contain "sensitive" or "information" in consequence

vulnerabilities.vulnerability.consequence:"sensitive information"

Show any findings that match exact value "sensitive information"

vulnerabilities.vulnerability.consequence:`sensitive information`

vulnerabilities.vulnerability.cveIdsvulnerabilities.vulnerability.cveIds

Use a text value ##### to find the CVE name you're interested in.

Example

Show findings with CVE name CVE-2015-0313

vulnerabilities.vulnerability.cveIds:CVE-2015-0313

vulnerabilities.vulnerability.cvss3Info.basescorevulnerabilities.vulnerability.cvss3Info.basescore

Use an integer value ##### to help you find the CVSSv3 base score you're interested in.

Example

Show assets with this score

vulnerabilities.vulnerability.cvss3Info.basescore:7.8

vulnerabilities.vulnerability.cvss3Info.temporalScorevulnerabilities.vulnerability.cvss3Info.temporalScore

Use an integer value ##### to help you find the CVSSv3 temporal score you're interested in.

Example

Show assets with this score

vulnerabilities.vulnerability.cvss3Info.temporalScore:6.4

vulnerabilities.vulnerability.cvss2Info.accessVectorvulnerabilities.vulnerability.cvss2Info.accessVector

Select the name ##### of a CVSS2 access vector you'd like to find (e.g. UNDEFINED, LOCAL_ACCESS, ADJACENT_NETWORK, NETWORK). Select from names in the drop-down menu.

Example

Show findings with this name

vulnerabilities.vulnerability.cvss2Info.accessVector:NETWORK

vulnerabilities.vulnerability.cvss2Info.baseScorevulnerabilities.vulnerability.cvss2Info.baseScore

Use an integer value ##### to help you find the CVSS2 base score you're interested in.

Example

Show assets with this score

vulnerabilities.vulnerability.cvss2Info.baseScore:7.8

vulnerabilities.vulnerability.cvss2Info.temporalScorevulnerabilities.vulnerability.cvss2Info.temporalScore

Use an integer value ##### to help you find the CVSS2 temporal score you're interested in.

Example

Show assets with this score

vulnerabilities.vulnerability.cvss2Info.temporalScore:6.4

vulnerabilities.vulnerability.discoveryTypesvulnerabilities.vulnerability.discoveryTypes

Select a discovery type (Remote or Authenticated) to find assets with vulnerabilities having this discovery type. Select from names in the drop-down menu.

Example

Show findings with Remote discovery type

vulnerabilities.vulnerability.discoveryTypes:REMOTE

vulnerabilities.vulnerability.exploitabilityvulnerabilities.vulnerability.exploitability

Use quotes or backticks within values to help you find known exploit description you're looking for.

Examples

Show any findings related to this description

vulnerabilities.vulnerability.exploitability:GIF Parser Heap

Show any findings that contain "GIF", "Parser" or "Heap" in description

vulnerabilities.vulnerability.exploitability:"GIF Parser Heap"

Show any findings that match exact value "GIF Parser Heap"

vulnerabilities.vulnerability.exploitability:`GIF Parser Heap`

vulnerabilities.vulnerability.flagsvulnerabilities.vulnerability.flags

Use a text value ##### to find the Qualys defined vulnerability property of interest (e.g. REMOTE, WINDOWS_AUTH, UNIX_AUTH, PCI_RELATED etc).

Example

Show findings with this flag

vulnerabilities.vulnerability.flags:PCI_RELATED

vulnerabilities.vulnerability.osvulnerabilities.vulnerability.os

Use quotes or backticks within values to help you find the operating system vulnerabilities were detected on.

Examples

Show any findings related to this OS value

vulnerabilities.vulnerability.os:windows

Show any findings that contain parts of OS value

vulnerabilities.vulnerability.os:"windows"

Show any findings that match exact value "windows"

vulnerabilities.vulnerability.os:`windows`

vulnerabilities.vulnerability.patchAvailablevulnerabilities.vulnerability.patchAvailable

Use the values true | false to define vulnerabilities with patch available.

Examples

Show findings with patch available

vulnerabilities.vulnerability.patchAvailable:TRUE

Show findings with no patch available

vulnerabilities.vulnerability.patchAvailable:FALSE

vulnerabilities.vulnerability.pcivulnerabilities.vulnerability.pci

Use the values true | false to find vulnerabilities that must be fixed for PCI Compliance (per PCI DSS).

Examples

Show PCI vulnerabilities

vulnerabilities.vulnerability.pci:TRUE

Do not show PCI vulnerabilities

vulnerabilities.vulnerability.pci:FALSE

vulnerabilities.vulnerability.rebootRequiredvulnerabilities.vulnerability.rebootRequired

Use the values true | false to find vulnerabilities that need reboot.

Examples

Show vulnerabilities that need reboot.

vulnerabilities.vulnerability.rebootRequired: TRUE

vulnerabilities.vulnerability.qidvulnerabilities.vulnerability.qid

Use an integer value ##### to define the QID in question.

Example

Show findings with QID 90405

vulnerabilities.vulnerability.qid: 90405

vulnerabilities.vulnerability.sans20Categoriesvulnerabilities.vulnerability.sans20Categories

Use a text value ##### to find vulnerabilities in the SANS 20 category you're interested in (e.g. Anti-virus Software, Backup Software, etc).

Example

Show findings with this category name

vulnerabilities.vulnerability.sans20Categories:Media Players

vulnerabilities.vulnerability.solutionvulnerabilities.vulnerability.solution

Use quotes or backticks within values to help you find the solution you're looking for.

Examples

Show any findings related to this solution

vulnerabilities.vulnerability.solution:Bulletin MS10-006

Show any findings that contain parts of solution

vulnerabilities.vulnerability.solution:"Bulletin MS10-006"

Show any findings that match exact value "Bulletin MS10-006"

vulnerabilities.vulnerability.solution:`Bulletin MS10-006`

vulnerabilities.vulnerability.supportedByvulnerabilities.vulnerability.supportedBy

Select a Qualys service (VM, Agent type, etc) to show vulnerabilities that can be detected by this service. Select from names in the drop-down menu.

Example

Show vulnerabilities supported by Linux Agent

vulnerabilities.vulnerability.supportedBy:LINUX_AGENT

vulnerabilities.vulnerability.titlevulnerabilities.vulnerability.title

Use quotes or backticks within values to help you find the title you're looking for.

Examples

Show any findings related to this title

vulnerabilities.vulnerability.title:Remote Code Execution

Show any findings that contain "Remote" or "Code" in title

vulnerabilities.vulnerability.title:"Remote Code"

Show any findings that match exact value "Remote Code"

vulnerabilities.vulnerability.title:`Remote Code`

vulnerabilities.vulnerability.typesvulnerabilities.vulnerability.types

Select a detection type (e.g. Vulnerability, Potential, Information) to find assets with vulnerabilities of this type. Select from names in the drop-down menu.

Example

Show findings with this type

vulnerabilities.vulnerability.types:VULNERABILITY

vulnerabilities.vulnerability.vendorRefsvulnerabilities.vulnerability.vendorRefs

Use a text value ##### to find the vendor reference you're interested in.

Example

Show this vendor reference

vulnerabilities.vulnerability.vendorRefs:KB3021953

vulnerabilities.vulnerability.vendors.productNamevulnerabilities.vulnerability.vendors.productName

Use a text value ##### to find the vendor product name you're interested in.

Example

Show findings with this vendor product name

vulnerabilities.vulnerability.vendors.productName:Windows

vulnerabilities.vulnerability.vendors.vendorNamevulnerabilities.vulnerability.vendors.vendorName

Use a text value ##### to find the vendor name you're interested in.

Example

Show findings with this vendor name

vulnerabilities.vulnerability.vendors.vendorName:Adobe

vulnerabilities.nonExploitableKernelvulnerabilities.nonExploitableKernel

Use the values true | false to define vulnerabilities that exist on non exploitable kernels.

Examples

Show findings on non-exploitable kernels

vulnerabilities.nonExploitableKernel:TRUE

vulnerabilities.nonExploitableServicevulnerabilities.nonExploitableService

`Use the values true | false to define vulnerabilities that exist on non exploitable services.

Examples

Show findings on non-exploitable services

vulnerabilities.nonExploitableService:TRUE

vulnerabilities.vulnerability.patchReleasedvulnerabilities.vulnerability.patchReleased

Use a date range or specific date to define when patch was available.

Examples

Show findings last found within certain dates

vulnerabilities.vulnerability.patchReleased:[2018-10-21 ... 2019-01-15]

Show findings last found starting 2020-01-01, ending 1 month ago

vulnerabilities.vulnerability.patchReleased:[2020-01-01 ... now-1M]

Show findings last found starting 2 weeks ago, ending 1 second ago

vulnerabilities.vulnerability.patchReleased:[now-2w ... now-1s]

Show findings last found on certain date

vulnerabilities.vulnerability.patchReleased:'2020-01-02'

vulnerabilities.timesFoundvulnerabilities.timesFound

Show findings that were detected for the specified number of times.

Examples

Show findings last found 3 times

vulnerabilities.timesFound:3

vulnerabilities.vulnerability.kbAgevulnerabilities.vulnerability.kbAge

Select the number of days from the range (00..30, 31..60, 61..90, 91..180,180..+) since the vulnerability was disclosed. Select the number of days from the drop-down menu.

Example

Show findings that were disclosed in the last 30 days

vulnerabilities.vulnerability.kbAge:[00..30]

vulnerabilities.detectionAgevulnerabilities.detectionAge

Select the number of days from the range (00..30, 31..60, 61..90, 91..180,180..+) since the vulnerability was first detected (by a scanner or cloud agent) on the asset. Select the number of days from the drop-down menu.

Example

Show findings that were detected in the last 30 days.

vulnerabilities.detectionAge:[00..30]

vulnerabilities.vulnerability.descriptionvulnerabilities.vulnerability.description

Use quotes or backticks within values to help you find the vulnerability description you're looking for.

Examples

Show any findings related to description

vulnerabilities.vulnerability.description:remote code execution

Show any findings that contain "remote" or "code" in description

vulnerabilities.vulnerability.description:"remote code execution"

Show any findings that match exact value "remote code execution"

vulnerabilities.vulnerability.description:`remote code execution`

vulnerabilities.vulnerability.listsvulnerabilities.vulnerability.lists

Use a text value ##### to find the vulnerability list of interest (e.g. SANS_20, QUALYS_20, QUALYS_INT_10, QUALYS_EXT_10).

Example

Show findings with vulnerabilities in SANS Top 20

vulnerabilities.vulnerability.lists:SANS_20

vulnerabilities.vulnerability.patchesvulnerabilities.vulnerability.patches

Use an integer value ##### to help you find the patch QID you're interested in.

Example

Show assets with this patch QID

vulnerabilities.vulnerability.patches:90753

vulnerabilities.vulnerability.publishedvulnerabilities.vulnerability.published

Use a date range or specific date to define when vulnerabilities were first published in the KnowledgeBase.

Examples

Show findings for vulnerabilities published within certain dates

vulnerabilities.vulnerability.published:[2015-10-21 ... 2016-01-15]

Show findings for vulnerabilities published starting 2017-01-01, ending 1 month ago

vulnerabilities.vulnerability.published:[2017-01-01 ... now-1M]

Show findings for vulnerabilities published starting 2 weeks ago, ending 1 second ago

vulnerabilities.vulnerability.published:[now-2w ... now-1s]

Show findings for vulnerabilities published on certain date

vulnerabilities.vulnerability.published:'2018-01-15'

vulnerabilities.vulnerability.ransomware.namevulnerabilities.vulnerability.ransomware.name

Use quotes or backticks within values to help you find the ransomware name you're looking for. Quotes can be used when the value has more than one word.

Example

Show findings with this name

vulnerabilities.vulnerability.ransomware.name: Locky

Show findings that match exact value

vulnerabilities.vulnerability.ransomware.name: Locky

vulnerabilities.vulnerability.riskvulnerabilities.vulnerability.risk

Use an integer value ##### to define the vulnerability risk rating you're interested in. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.

Example

Show findings with risk 50

vulnerabilities.vulnerability.risk:50

vulnerabilities.vulnerability.qualysPatchablevulnerabilities.vulnerability.qualysPatchable

Use the valuesvulnerabilities  true | false to define that can be patched at Qualys.

Examples

Show vulnerabilities with patch available at Qualys

vulnerabilities.vulnerability.qualysPatchable: "true"

Show vulnerabilities with patch not available at Qualys

vulnerabilities.vulnerability.qualysPatchable: "false"

vulnerabilities.vulnerability.criticalityvulnerabilities.vulnerability.criticality

Select a criticality (e.g. "CRITICAL","HIGH","MEDIUM","LOW","NONE") to find assets with vulnerabilities of this type. Select from names in the drop-down menu.

Examples

Show vulnerabilities with HIGH criticality

vulnerabilities.vulnerability.criticality: "HIGH"

vulnerabilities.vulnerability.updatedvulnerabilities.vulnerability.updated

Use a date range or specific date to define when vulnerabilities were updated in the KnowledgeBase.

Examples

Show vulnerabilities updated within certain dates

vulnerabilities.vulnerability.updated:[2017-10-21 ... 2017-10-30]

Show vulnerabilities updated starting 2017-11-01, ending 1 month ago

vulnerabilities.vulnerability.updated:[2017-11-01 ... now-1M]

Show vulnerabilities updated stating 2 weeks ago, ending 1 second ago

vulnerabilities.vulnerability.updated:[now-2w ... now-1s]

Show vulnerabilities updated on certain date

vulnerabilities.vulnerability.updated:'2018-03-08'

 

RTIs

Use these tokens for searching Real-Time Threat Indicator (RTI) related vulnerabilities. You must have a subscription to Threat Protection app to use these tokens. 



vulnerabilities.vulnerability.threatIntel.activeAttacksvulnerabilities.vulnerability.threatIntel.activeAttacks

Use the values true | false to define real-time threats due to active attacks.

Examples

Show assets with threats due to active attacks

vulnerabilities.vulnerability.threatIntel.activeAttacks: true

Show assets that don't have threats due to active attacks

vulnerabilities.vulnerability.threatIntel.activeAttacks: false

vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulnsvulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns

Use the values true | false to define real-time threats due to CISA Exploits.

Examples

Show assets with threats due to CISA exploit

vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns: true

Show assets that don't have threats due to CISA exploit

vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns: false

vulnerabilities.vulnerability.threatIntel.denialOfServicevulnerabilities.vulnerability.threatIntel.denialOfService

Use the values true | false to define real-time threats due to denial of service.

Examples

Show assets with threats due to denial of service

vulnerabilities.vulnerability.threatIntel.denialOfService: true

Show assets that don't have threats due to denial of service

vulnerabilities.vulnerability.threatIntel.denialOfService: false

vulnerabilities.vulnerability.threatIntel.easyExploitvulnerabilities.vulnerability.threatIntel.easyExploit

Use the values true | false to define real-time threats due to easy exploit.

Examples

Show assets with threats due to easy exploit

vulnerabilities.vulnerability.threatIntel.easyExploit: true

Show assets that don't have threats due to easy exploit

vulnerabilities.vulnerability.threatIntel.easyExploit: false

vulnerabilities.vulnerability.threatIntel.exploitKitvulnerabilities.vulnerability.threatIntel.exploitKit

Use the values true | false to define real-time threats due to exploit kit.

Examples

Show assets with threats due to exploit kit

vulnerabilities.vulnerability.threatIntel.exploitKit: true

Show assets that don't have threats due to exploit kit

vulnerabilities.vulnerability.threatIntel.exploitKit: false

vulnerabilities.vulnerability.threatIntel.exploitKitNamevulnerabilities.vulnerability.threatIntel.exploitKitName

Use quotes or backticks within values to help you find the exploit kit name you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings with this name

vulnerabilities.vulnerability.threatIntel.exploitKitName: Angler

Show any findings that match exact value

vulnerabilities.vulnerability.threatIntel.exploitKitName: `Angler`

vulnerabilities.vulnerability.threatIntel.highDataLossvulnerabilities.vulnerability.threatIntel.highDataLoss

Use the values true | false to define real-time threats due to high data loss.

Examples

Show assets with threats due to high data loss

vulnerabilities.vulnerability.threatIntel.highDataLoss: true

Show assets that don't have threats due to high data loss

vulnerabilities.vulnerability.threatIntel.highDataLoss: false

vulnerabilities.vulnerability.threatIntel.highLateralMovementvulnerabilities.vulnerability.threatIntel.highLateralMovement

Use the values true | false to define real-time threats due to high lateral movement.

Examples

Show assets with threats due to high lateral movement

vulnerabilities.vulnerability.threatIntel.highLateralMovement: true

Show assets that don't have threats due to high lateral movement

vulnerabilities.vulnerability.threatIntel.highLateralMovement: false

vulnerabilities.vulnerability.threatIntel.malwarevulnerabilities.vulnerability.threatIntel.malware

Use the values true | false to define real-time threats due to malware.

Examples

Show assets with threats due to malware

vulnerabilities.vulnerability.threatIntel.malware: true

Show assets that don't have threats due to malware

vulnerabilities.vulnerability.threatIntel.malware: false

vulnerabilities.vulnerability.threatIntel.malwareNamevulnerabilities.vulnerability.threatIntel.malwareName

Use quotes or backticks within values to help you find the malware name you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings with this name

vulnerabilities.vulnerability.threatIntel.malwareName: TROJ_PDFKA.DQ

Show any findings that match exact value

vulnerabilities.vulnerability.threatIntel.malwareName: `TROJ_PDFKA.DQ`

vulnerabilities.vulnerability.threatIntel.noPatchvulnerabilities.vulnerability.threatIntel.noPatch

Use the values true | false to define real-time threats due to no patch available.

Examples

Show assets with threats due to no patch available

vulnerabilities.vulnerability.threatIntel.noPatch: true

Show assets that don't have threats due to no patch available

vulnerabilities.vulnerability.threatIntel.noPatch: false

vulnerabilities.vulnerability.threatIntel.publicExploitvulnerabilities.vulnerability.threatIntel.publicExploit

Use the values true | false to define real-time threats due to public exploit.

Example

Show assets with threats due to public exploit

vulnerabilities.vulnerability.threatIntel.publicExploit: true

Show assets that don't have threats due to public exploit

vulnerabilities.vulnerability.threatIntel.publicExploit: false

vulnerabilities.vulnerability.threatIntel.publicExploitNamevulnerabilities.vulnerability.threatIntel.publicExploitName

Use quotes or backticks within values to help you find the public exploit name of interest. Quotes can be used when the value has more than one word.

Examples

Show any findings with this name

vulnerabilities.vulnerability.threatIntel.publicExploitName: RealVNC NULL Authentication Mode Bypass

Show any findings that contain parts of name

vulnerabilities.vulnerability.threatIntel.publicExploitName: "RealVNC NULL Authentication Mode Bypass"

Show any findings that match exact value

vulnerabilities.vulnerability.threatIntel.publicExploitName: `RealVNC NULL Authentication Mode Bypass`

vulnerabilities.vulnerability.threatIntel.zeroDayvulnerabilities.vulnerability.threatIntel.zeroDay

Use the values true | false to define real-time threats due to zero day exploit.

Examples

Show assets with threats due to zero day exploit

vulnerabilities.vulnerability.threatIntel.zeroDay: true

Show assets that don't have threats due to zero day exploit

vulnerabilities.vulnerability.threatIntel.zeroDay: false

vulnerabilities.vulnerability.threatIntel.wormablevulnerabilities.vulnerability.threatIntel.wormable

Use the values true | false to define real-time wormable threats.

Examples

Show assets with wormable threats

vulnerabilities.vulnerability.threatIntel.wormable: "true"

vulnerabilities.vulnerability.threatIntel.predictedHighRiskvulnerabilities.vulnerability.threatIntel.predictedHighRisk

Use the values true | false to define real-time threats due to predicted high risk.

Examples

Show assets with predicted high risk threat

vulnerabilities.vulnerability.threatIntel.predictedHighRisk: "true"

vulnerabilities.vulnerability.threatIntel.unauthenticatedExploitationvulnerabilities.vulnerability.threatIntel.unauthenticatedExploitation

Use the values true | false to define real-time threats due to unauthenticated exploitation risk.

Examples

Show assets with unauthenticated exploitation threat

vulnerabilities.vulnerability.threatIntel.unauthenticatedExploitation: "true"

vulnerabilities.vulnerability.threatIntel.remoteCodeExecutionvulnerabilities.vulnerability.threatIntel.remoteCodeExecution

Use the values true | false to define real-time threats due to remote code execution risk.

Examples

Show assets with  remote code execution threat

vulnerabilities.vulnerability.threatIntel.remoteCodeExecution: "true"

vulnerabilities.vulnerability.threatIntel.ransomwarevulnerabilities.vulnerability.threatIntel.ransomware

Use the values true | false to define real-time threats due to ransomeware vulnerability.

Examples

Show assets with ransomeware threat

vulnerabilities.vulnerability.threatIntel.ransomware: "true"

vulnerabilities.vulnerability.threatIntel.privilegeEscalationvulnerabilities.vulnerability.threatIntel.privilegeEscalation

Use the values true | false to define real-time threats due to privilege escalation risk.

Examples

Show assets with privilege escalation threat

vulnerabilities.vulnerability.threatIntel.privilegeEscalation: "true"

vulnerabilities.vulnerability.threatIntel.solorigateSunburstvulnerabilities.vulnerability.threatIntel.solorigateSunburst

Use the values true | false to filter real-time threats due to Solorigate/Sunburst risk.

Examples

Show assets with Solorigate/Sunburst threat

vulnerabilities.vulnerability.threatIntel.solorigateSunburst: "true"