Home

Search Tokens for IT Assets

A complete list of tokens for writing search queries is provided below.

General | AWS EC2 | Microsoft Azure | Google Cloud Platform | Assets | Threat Protection | Compliance

General

and

Use a boolean query to express your query using AND logic.

Example

Show findings with AWS EC2 accountId and availability zone

aws.ec2.accountId: 123456789012 and aws.ec2.availabilityZone: us-east-1a

not

Use a boolean query to express your query using NOT logic.

Example

Show findings that are not specific AWS instance type

not aws.ec2.instanceType: t2.micro

or

Use a boolean query to express your query using OR logic.

Example

Show findings with one of these aws tag values

aws.tags: Finance or aws.tags: Accounting

 

Quick links: AWS EC2 | Microsoft Azure | Google Cloud Platform | Assets | Threat Protection | Compliance

AWS EC2

Use these tokens when searching your AWS EC2 assets on the Assets list.

- Your results may return Terminated instances. It's recommended you include aws.ec2instanceState in your query to reduce the number of results.

- The syntax is different when writing queries for tag rules than when searching assets in the Assets list. Be sure to follow the syntax tips in the drop-down when writing your query.

aws.ec2.accountId

Use a text value ##### to find EC2 instances with a certain account ID.

Examples

Find EC2 instances that match this account ID

aws.ec2.accountId: 123456789012

Find EC2 instances with account ID starting "12345"

aws.ec2.accountId: 12345*

Find EC2 instances where account ID is null (remove the colon)

aws.ec2.accountId is null

aws.ec2.availabilityZone

Use a text value ##### to find EC2 instances by the availability zone in which the instance launched.

Example

Find EC2 instances in the us-east-1a availability zone

aws.ec2.availabilityZone: us-east-1a

aws.ec2.hasAgent

Use the values true | false to define whether the EC2 asset has a cloud agent.

Examples

Show findings with a cloud agent

aws.ec2.hasAgent: true

Show findings without a cloud agent

aws.ec2.hasAgent: false

aws.ec2.hostname

Use a text value ##### to find the EC2 hostname you're looking for.

Examples

Find instances related to name

aws.ec2.hostname: abc.qualys.com

Find instances that match exact value

aws.ec2.hostname: `abc.qualys.com`

aws.ec2.imageId

Use a text value ##### to find EC2 instances with a certain Image (AMI) ID.

Examples

Find instances related to the Image ID

aws.ec2.imageId: ami-2ea83347

Find instances that match exact value

aws.ec2.imageId: `ami-2ea83347`

aws.ec2.instanceId

Use a text value ##### to find EC2 instances by the instance ID.

Example

Find EC2 instances with this ID

aws.ec2.instanceId: i-1234567890abcdef0

aws.ec2.instanceState

Select the name of the instance state (e.g. PENDING, RUNNING, TERMINATED, STOPPED, etc) you're interested in. Select from names in the drop-down menu.

Example

Find running EC2 instances

aws.ec2.instanceState: RUNNING

aws.ec2.instanceType

Select the type of instance you're interested in. Select from names in the drop-down menu.

Example

Find EC2 instances with instance type t2.micro

aws.ec2.instanceType: t2.micro

aws.ec2.isQualysScanner

Use the values true | false to define whether the EC2 asset is a Qualys scanner.

Examples

Show findings where assets are scanners

aws.ec2.isQualysScanner: true

Show findings where assets are not scanners

aws.ec2.isQualysScanner: false

aws.ec2.kernelId

Use a text value ##### to find EC2 instances by kernel ID (AKI).

Example

Find EC2 instances with this kernel ID

aws.ec2.kernelId: aki-70ab0c10

aws.ec2.launchDate

Use a date range or specific date to define when the EC2 instance launched. Enter dates in yyyy-mm-dd format.

Examples

Find EC2 instances launched within certain dates

aws.ec2.launchDate: [2017-06-15 ... 2017-06-30]

Find EC2 instances launched on specific date

aws.ec2.launchDate:'2017-08-15'

aws.ec2.privateDNS

Use a text value ##### to define a private DNS address you're interested in.

Example

Find the EC2 instance with this private DNS address

aws.ec2.privateDNS: ip-10-90-2-85.ec2.internal

aws.ec2.privateIpAddress

Use a text value ##### to define a private IPv4 address or range of IPs you're interested in.

Examples

Find EC2 instances with this private IP address

aws.ec2.privateIpAddress: 10.90.0.119

Find EC2 instances within this IP range

aws.ec2.privateIpAddress: [10.1.78.23 ... 10.100.78.235]

aws.ec2.publicDNS

Use a text value ##### to define a public DNS address you're interested in.

Example

Find the EC2 instance with this public DNS address

aws.ec2.publicDNS: ec2-52-70-141-154.compute-1.amazonaws.com

aws.ec2.publicIpAddress

Use a text value ##### to define a public IPv4 address or range of IPs you're interested in.

Examples

Find EC2 instances with this public IP address

aws.ec2.publicIpAddress: 52.70.141.154

Find EC2 instances within this IP range

aws.ec2.publicIpAddress: [52.70.141.154 ... 52.70.141.164]

aws.ec2.region.code

Select the code of the region you're interested in. Select from codes in the drop-down menu.

Example

Find EC2 instances in the us-east-1 region

aws.ec2.region.code: us-east-1

aws.ec2.region.name

Select the name of the region you're interested in. Select from names in the drop-down menu.

Example

Find EC2 instances in the US East (N. Virginia) region

aws.ec2.region.name: US East (N. Virginia)

aws.ec2.spotInstance

Use the values true | false to define whether your EC2 instance is a Spot instance.

Examples

Show EC2 Spot instances

aws.ec2.spotInstance: "true"

Show EC2 instances that are not Spot instances

aws.ec2.spotInstance: "false"

aws.ec2.subnetId

Use a text value ##### to find EC2 instances by the ID of the subnet in which the interface resides.

Example

Find EC2 instances with this subnet ID

aws.ec2.subnetId: subnet-bc02c0d4

aws.ec2.vpcId

Use a text value ##### to find EC2 instances by the ID of the VPC in which the interface resides.

Example

Find EC2 instances with this VPC ID

aws.ec2.vpcId: vpc-1e37cd76

aws.tags

Use a text value ##### to find EC2 instances with a certain AWS tag key and value (both are case insensitive).

Example

Find EC2 instances with an AWS tag with key "abc" and value "xyz"

aws.tags: (key:abc and value:xyz)

aws.tags.key

Use a text value ##### to find EC2 instances with a certain AWS tag key/name (case insensitive).

Examples

Find EC2 instances with key "devops"

aws.tags.key: devops

Find EC2 instances with key starting "dev"

aws.tags.key: dev*

Find EC2 instances with key ending "ops"

aws.tags.key: *ops

aws.tags.value

Use a text value ##### to find EC2 instances with a certain AWS tag value (case insensitive).

Examples

Find EC2 instances with tag value "dailybuild"

aws.tags.value: dailybuild

Find EC2 instances with tag value starting "daily"

aws.tags.value: daily*

Find EC2 instances with tag value ending "build"

aws.tags.value: *build

 

Microsoft Azure

Use these tokens when searching Microsoft Azure assets on the Assets list.

azure.tags

Use a text value ##### to find Azure instances with a certain tag name and value. Both are case insensitive.

Example

Find Azure instances with a tag with name "abc" and value "xyz"

azure.tags: (name:abc and value:xyz)

azure.tags.name

Use a text value ##### to find Azure instances with a certain tag name (case insensitive).

Examples

Find Azure instances with name "devops"

azure.tags.name: devops

Find Azure instances with name starting "dev"

azure.tags.name: dev*

Find Azure instances with name ending "ops"

azure.tags.name: *ops

azure.tags.value

Use a text value ##### to find Azure instances with a certain tag value (case insensitive).

Examples

Find Azure instances with tag value "dailybuild"

azure.tags.value: dailybuild

Find Azure instances with tag value starting "daily"

azure.tags.value: daily*

Find Azure instances with tag value ending "build"

azure.tags.value: *build

azure.vm.imageOffer

Use a text value ##### to define the image offer name (i.e. UbuntuServer or WindowsServer) for images deployed from the Azure image gallery.

Examples

Find Azure instances related to name

azure.vm.imageOffer: UbuntuServer

Find Azure instances that match exact value

azure.vm.imageOffer: `UbuntuServer`

azure.vm.imagePublisher

Use a text value ##### to define the name of the Azure virtual machine image publisher (i.e. Canonical or MicrosoftWindowsServer).

Examples

Find Azure instances related to name

azure.vm.imagePublisher: Canonical

Find Azure instances that match exact value

azure.vm.imagePublisher: `Canonical`

azure.vm.imageVersion

Use a text value ##### to define the version of the Azure virtual machine image sku you're interested in.

Example

Find Azure instances with this sku version

azure.vm.imageVersion: 16.04.201708030

azure.vm.location

Use a text value ##### to define the region you're interested in.

Example

Find Azure instances in this location

azure.vm.location: westus

azure.vm.macAddress

Use a text value ##### to define the MAC address you're interested in.

Example

Find Azure instances with this MAC address

azure.vm.macAddress: '000D3A36DDED'

azure.vm.name

Use a text value ##### to find the Azure virtual machine name you're looking for.

Examples

Find Azure instances related to name

azure.vm.name: avset2

Find Azure instances that match exact value

azure.vm.name: `avset2`

azure.vm.platform

Use a text value ##### to define the operating system platform (Linux or Windows) of the Azure virtual machine.

Example

Find Azure instances on Windows platform

azure.vm.platform: Windows

azure.vm.privateIpAddress

Use a text value ##### to define a private IPv4 address or range of IPs you're interested in.

Examples

Find Azure instances with this private IP

azure.vm.privateIpAddress: 10.1.2.5

Find Azure instances within this IP range

azure.vm.privateIpAddress: [10.1.2.5 ... 10.1.2.33]

azure.vm.publicIpAddress

Use a text value ##### to define a public IPv4 address or range of IPs you're interested in.

Examples

Find Azure instances with this public IP

azure.vm.publicIpAddress: 13.126.125.189

Find Azure instances within this IP range

azure.vm.publicIpAddress: [13.126.125.180 ... 13.126.125.255]

azure.vm.resourceGroupName

Use a text value ##### to define the name of the resource group you're interested in.

Examples

Find Azure instances related to name

azure.vm.resourceGroupName: my-eastus-rg

Find Azure instances that match exact value

azure.vm.resourceGroupName: `my-eastus-rg`

azure.vm.size

Use a text value ##### to help you find Azure VM instances with a certain virtual machine size.

Example

Find Azure instances with this size

azure.vm.size: Standard_D1

azure.vm.state

Select the name of the instance state (e.g. DEALLOCATED, RUNNING, STOPPED, etc) you're interested in. Select from names in the drop-down menu.

Example

Find running Azure instances

azure.vm.state: RUNNING

azure.vm.subnet

Use a text value ##### to define the Azure virtual machine subnet you're interested in.

Example

Find Azure instances with this subnet

azure.vm.subnet: 10.1.2.0

azure.vm.subscriptionId

Use a text value ##### to define the subscription ID of the Azure virtual machine subscription.

Example

Find Azure instances with this subscription ID

azure.vm.subscriptionId: fbb9ea64-abda-452e-adfa-83442409

azure.vm.vmId

Use a text value ##### to define the Azure virtual machine ID you're looking for.

Example

Find Azure instances with this ID

azure.vm.vmId: 13f56399-bd52-4150-9748-7190aae1ff21

azure.vm.hasAgent

Use the values true | false to define whether the Azure virtual machine you're looking for has a cloud agent installed on it.

Example

Find Azure instances with cloud agent installed

azure.vm.hasAgent: true

Find Azure instances without cloud agent

azure.vm.hasAgent: false

 

Google Cloud Platform

Use these tokens when searching Google Cloud Platform assets on the Assets list.

gcp.compute.hostname

Use a text value ##### to define the hostname you're looking for.

Examples

Find GCP instances related to name

gcp.compute.hostname: instance-5.c.qvsa-dev.internal

Find GCP instances that match exact value

gcp.compute.hostname: `instance-5.c.qvsa-dev.internal`

gcp.compute.instanceId

Use a text value ##### to define the Google Compute instance ID you're looking for.

Example

Find GCP instances with this ID

gcp.compute.instanceId: 4392196237934605253

gcp.compute.macAddress

Use a text value ##### to define the MAC address you're interested in.

Example

Find GCP instances with this MAC address

gcp.compute.macAddress: '000D3A36DDED'

gcp.compute.machineType

Use a text value ##### to define the machine type of the virtual machine instance you're interested in.

Examples

Find GCP instances related to name

gcp.compute.machineType: n1-standard-1

Find GCP instances that match exact value

gcp.compute.machineType: `n1-standard-1`

gcp.compute.network

Use a text value ##### to find GCP instances by the VPC network the instance belongs to.

Example

Find GCP instances with this network

gcp.compute.network: 000D3A36DDED

gcp.compute.privateIpAddress

Use a text value ##### to define a private IPv4 address or range of IPs you're interested in.

Examples

Find GCP instances with this private IP

gcp.compute.privateIpAddress: 10.240.0.7

Find GCP instances with this private IP range

gcp.compute.privateIpAddress: [10.240.0.7 ... 10.240.0.30]

gcp.compute.projectId

Use a text value ##### to define the project ID assigned to the GCP Console project the instance belongs to.

Examples

Find GCP instances related to ID

gcp.compute.projectId: qvsa-dev

Find GCP instances that match exact value

gcp.compute.projectId: `qvsa-dev`

gcp.compute.projectNumber

Use an integer value ##### to define the project number assigned to the GCP Console project the instance belongs to.

Examples

Find GCP instances related to this number

gcp.compute.projectNumber: 1035365309337

Find GCP instances that match exact value

gcp.compute.projectNumber: `1035365309337`

gcp.compute.publicIpAddress

Use a text value ##### to define a public IPv4 address or range of IPs you're interested in.

Examples

Find GCP instances with this public IP

gcp.compute.publicIpAddress: 104.196.57.216

Find GCP instances within this IP range

gcp.compute.publicIpAddress: [104.196.57.216 ... 104.196.57.218]

gcp.compute.zone

Use a text value ##### to define the zone of the GCP instance you're looking for

Examples

Find GCP instances related to name

gcp.compute.zone: us-east1-d

Find GCP instances that match exact value

gcp.compute.zone: `us-east1-d`

gcp.compute.state

Select the state of the GCP instance (e.g. DEALLOCATED, PENDING, RUNNING, SHUTTING DOWN, STOPPED, STOPPING, TERMINATED, etc) you're interested in. Select the state from the drop-down menu.

Examples

Find running GCP instances

gcp.compute.state: RUNNING

 

Assets

All tokens below are available with AssetView.

accounts.username

Use a text value ##### to find the username you're looking for.

Example

Show assets with this exact username (case sensitive)

accounts.username: Administrator

Show assets with username starting with "Admin" (case sensitive)

accounts.username: Admin

activatedForModules

Select the name ##### of an activated module you're interested in. Select from names in the drop-down menu.

Examples

Show assets activated for VM

activatedForModules: "VM"

Show assets activated for VM and PC

activatedForModules: "VM" AND activatedForModules: "PC"

agentActivations.key

Use a text value ##### to define the agent activation key you're interested in.

Example

Show assets with agents activated using this key

agentActivations.key: 057cc48a-8d84-48eb-add4-97a605d0567d

agentActivations.status

Select the agent activation status (ACTIVE, INACTIVE, UNSUPPORTED) you're interested in. Select from names in the drop-down menu.

Example

Show assets with active agents

agentActivations.status: ACTIVE

agentId

Use a text value ##### to find an agent ID of interest.

Example

Show the asset with this agent ID

agentID: f0c8e682-e9cc-4e7d-b92a-0c905d81ec74

agentVersion

Use a text value ##### to find the agent version you're interested in.

Example

Show findings with agent version 1.3.2.0

agentVersion: 1.3.2.0

assetId

Use an integer value ##### to help you find certain Qualys asset IDs (UUIDs), assigned by an agent or a scanner appliance when Agentless Tracking is used.

Examples

Show this asset ID

assetId: 2918869

Show asset IDs in this range

assetId: [3546997 .. 12945655]

Show the 2 asset IDs listed

assetId: [3546997,12945655]

trackingMethod

Select the tracking method for the assets (IP, DNSNAME, NETBIOS, INSTANCE_ID, and etc.) you're interested in. Select from names in the drop-down menu.

Examples

Show this assets tracked by IP

trackingMethod: IP

Show asset tracked by NETBIOS

trackingMethod: NETBIOS

configurationProfile

Use quotes or backticks within values to help you find the agent configuration profile you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings related to profile name

configurationProfile: Initial Profile

Show any findings that contain parts of the name

configurationProfile: "Initial Profile"

Show any findings that match exact value

configurationProfile: `Initial Profile`

connectors.connector.name

Use a text value ##### to define the connector name you're interested in.

Example

Show findings detected by connector name myec2

connectors.connector.name: myec2

cpuCount

Use an integer value ##### to help you find assets with some number of CPUs.

Example

Show assets that have 2 CPUs

cpuCount: 2

connectedFrom

Use a text value ##### to define the external IP address a cloud agent connected from.

Example

Show findings for an external IP address that an agent connected from

connectedFrom: 10.0.100.11

created

Use a date range or specific date to define when assets were created (i.e. when first scanned by a scanner appliance, or when agent was installed).

Examples

Show assets created within certain dates

created: [2016-01-01 ... 2016-01-10]

Show assets created starting 2015-10-01, ending 1 month ago

created: [2015-10-01 ... now-1M]

Show assets created starting 2 weeks ago, ending 1 second ago

created: [now-2w ... now-1s]

Show assets created on specific date

created:'2016-01-08'

docker.dockerVersion

Use a text value ##### to define a Docker version you're looking for.

Example

Show findings with this Docker version

docker.dockerVersion:17.3

docker.noOfContainers

Use an integer value ##### to help you find assets with some number of Docker containers. The value is displayed only for VM scan or Agent scan (and not for sensors).

Example

Show findings with 2 Docker containers

docker.noOfContainers:2

docker.noOfImages

Use an integer value ##### to help you find assets with some number of Docker images. The value is displayed only for VM scan or Agent scan (and not for sensors).

Example

Show findings with 5 Docker images

docker.noOfImages:5

isDockerHost

Use the values true | false to choose whether to show docker hosts or not (only when the hosts have been scanned).

Example

Show docker hosts

isDockerHost:true

docker.hasSensor

Use the values true | false to choose whether to show docker hosts that have the Container Sensor installed.

Example

Show docker hosts with container sensor installed.

docker.hasSensor:true

errorStatus

Use the values true | false to define agents with or without error status.

Example

Show agents with error status

errorStatus: "true"

fimCapable

Use the values true | false to define whether or not agents are FIM capable. fimCapable search is not supported for all operating systems. Check the Cloud Agent Getting Started Guide for platform/OS support.

Examples

Show agents that are FIM capable and activated for FIM

fimCapable: "true"

Show agents that are not FIM capable but can be upgraded to FIM capability

fimCapable: "false"

hardware.category

Use quotes or backticks within values to help you find the hardware category you're looking for.

Examples

Show any findings that match exact value

hardware.category:Printers/Laser

hardware.category1

Use text value ##### to find assets with hardware category 1 value.

Example

If you are searching for assets that are laser printers, then category1 is Printers and category2 is Laser.

Show any findings that match exact value

hardware.category1:Printers

hardware.category2

Use text value ##### to find assets with hardware category 2 value.

Example

If you are searching for assets that are laser printers, then category1 is Printers and category2 is Laser.

Show any findings that match exact value

hardware.category2:Laser

hardware.manufacturer

Use quotes or backticks within values to find assets having a certain hardware manufacturer.

Example

Show any findings that match exact value "Dell"

hardware.manufacturer:`Dell`

hardware.product

Use quotes or backticks within values to find assets having a certain hardware product.

Example

Show any findings that match exact value "Latitude"

hardware.product:`Latitude`

hardware.model

Use quotes or backticks within values to find assets having a certain hardware model.

Example

Show any findings that match exact value "e7470"

hardware.model:`De7470`

hardware.lifecycle.stage

Use a text value ##### in quotes to define the hardware lifecycle stage (INTRO, GA, EOS, OBS)

Example

Show End-of-Sale hardware

hardware.lifecycle.stage:"EOS"

hardware.lifecycle.obs

Use a date range or specific date to define a hardware obsolete date of interest.

Examples

Show findings with hardware obsolete date in this date range

hardware.lifecycle.obs:[2019-01-01 ... 2019-01-15]

Show findings with hardware obsolete date starting 2019-01-15, ending 1 month ago

hardware.lifecycle.obs:[2019-01-15 ... now-1M]

Show findings with hardware obsolete date starting 2 weeks ago, ending 1 second ago

hardware.lifecycle.obs:[now-2w ... now-1s]

Show findings with this hardware obsolete date

hardware.lifecycle.obs:'2019-03-18'

hardware.lifecycle.eos

Use a date range or specific date to define a hardware End-of-Sale date of interest.

Examples

Show findings with hardware End-of-Sale date in this date range

hardware.lifecycle.eos:[2019-01-01 ... 2019-01-15]

Show findings with hardware End-of-Sale date starting 2019-01-15, ending 1 month ago

hardware.lifecycle.eos:[2019-01-15 ... now-1M]

Show findings with hardware End-of-Sale date starting 2 weeks ago, ending 1 second ago

hardware.lifecycle.eos:[now-2w ... now-1s]

Show findings with this hardware End-of-Sale date

hardware.lifecycle.eos:'2019-03-18'

hardware.lifecycle.intro

Use a date range or specific date to define a hardware introduction date of interest.

Examples

Show findings with hardware introduction date in this date range

hardware.lifecycle.intro:[2019-01-01 ... 2019-01-15]

Show findings with hardware introduction date starting 2019-01-15, ending 1 month ago

hardware.lifecycle.intro:[2019-01-15 ... now-1M]

Show findings with hardware introduction date starting 2 weeks ago, ending 1 second ago

hardware.lifecycle.intro:[now-2w ... now-1s]

Show findings with this hardware introduction date

hardware.lifecycle.intro:'2019-03-18'

hardware.lifecycle.ga

Use a date range or specific date to define a hardware general availability date of interest.

Examples

Show findings with hardware GA date in this date range

hardware.lifecycle.ga:[2019-01-01 ... 2019-01-15]

Show findings with hardware GA date starting 2019-01-15, ending 1 month ago

hardware.lifecycle.ga:[2019-01-15 ... now-1M]

Show findings with hardware GA date starting 2 weeks ago, ending 1 second ago

hardware.lifecycle.ga:[now-2w ... now-1s]

Show findings with this hardware GA date

hardware.lifecycle.ga:'2019-03-18'

hostId

Use an integer value ##### to help you find the asset with a certain Qualys host ID (UUID), assigned by an agent or a scanner appliance when Agentless Tracking is used.

Example

Show assets that have this host ID

hostId: 2918869

interfaces.address

Use a text value ##### to define an IP address (IPv4 of IPv6) you're interested in. Note that you cannot perform a range search since this is a text field.

Examples

Show the asset with IPv4 address

interfaces.address: 10.10.100.20

Show the asset with IPv6 address (enclose value in single quotes)

interfaces.address: 'fe80:0:0:0:2501:b53c:4139:404b'

interfaces.dnsAddress

Use a text value ##### to define a DNS address you're interested in.

Example

Show the asset with DNS address 10.0.100.11

interfaces.dnsAddress: 10.0.100.11

interfaces.gatewayAddress

Use a text value ##### to help you find assets with a certain default gateway address.

Example

Show assets with this default gateway address

interfaces.gatewayAddress: 10.11.65.1

interfaces.hostname

Find the hostname you're looking for. Search by domain name, use backticks for exact matching, or enter a partial value with an asterisk (*) for suffix/prefix matching.

Examples

Show any findings related to name

interfaces.hostname: xpsp2-jp-26-111

Show any findings related to name (we'll match super domains)

interfaces.hostname: com-pa3020-36.eng.sjc01.qualys.com

Show any findings that match exact value

interfaces.hostname: `xpsp2-jp-26-111`

interfaces.hostname: `com-pa3020-36.eng.sjc01.qualys.com`

Show any findings that match domain name

interfaces.hostname: qualys.com

interfaces.hostname: sjc01.qualys.com

interfaces.hostname: eng.sjc01.qualys.com

Show any findings starting with string (case sensitive)

interfaces.hostname: xp*

interfaces.hostname: com-pa30*

Show any findings ending with string

interfaces.hostname: *111

interfaces.hostname: *lys.com

interfaces.interfaceName

Use a text value ##### to help you find a certain interface name.

Example

Show the asset with name PRO/1000

interfaces.interfaceName: PRO/1000

interfaces.macAddress

Use values within quotes to help you find a MAC address you're interested in.

Example

Show the asset with this MAC address

interfaces.macAddress: "00-50-56-A9-73-5A"

lastActivity

Use a date range or specific date to define when the last activity on the agent occurred. Last activity could be when agent was last scanned, updated, activated, etc.

Examples

Show findings with last activity within certain dates

lastActivity: [2016-01-01 ... 2016-01-10]

Show findings with last activity starting 2015-10-01, ending 1 month ago

lastActivity: [2015-10-01 ... now-1M]

Show findings with last activity starting 2 weeks ago, ending 1 second ago

lastActivity: [now-2w ... now-1s]

Show findings with last activity on a specific date

lastActivity:'2015-12-01'

lastCheckedIn

Use a date range or specific date to define when agents last checked in to the platform.

Examples

Show findings with last check in within a specific date range.

lastCheckedIn:[2020-01-01 ... 2020-01-10]

Show findings with last check in starting 2019-11-01, ending 1 month ago.

lastCheckedIn:[2019-11-01 ... now-1M]

Show findings with last check in starting 2 weeks ago, ending 1 second ago

lastCheckedIn:[now-2w ... now-1s]

Show findings with last check in on a specific date

lastCheckedIn:'2020-02-11'

Show findings with last check in before (older than) last 30 days.

lastCheckedIn<now-30d

Note: We recommend not to use the NOT operator in your range search to form a query like NOT lastCheckedIn:[now-30d...now-2s]. See 'QQL Best Practices' topic in the Unified Dashboard online Help.

Show findings with last check in within last 30 days excluding day 30

lastCheckedIn>now-30d

Show findings with last check in within last 30 days including day 30

lastCheckedIn>=now-30d

Show findings with last check in which is older than last 30 days excluding day 30

lastCheckedIn<now-30d

Show findings with last check in which is older than last 30 days including day 30

lastCheckedIn<=now-30d

lastComplianceScanDate

Use a date range or specific date to define when compliance scans were last conducted.

Examples

Show findings with last compliance scan within certain dates

lastComplianceScanDate: [2017-01-01 ... 2017-03-31]

Show findings with last compliance scan starting 2016-10-15, ending 1 month ago

lastComplianceScanDate: [2016-10-15 ... now-1M]

Show findings with last compliance scan starting 2 weeks ago, ending 1 second ago

lastComplianceScanDate: [now-2w ... now-1s]

Show findings with last compliance scan on specific date

lastComplianceScanDate:'2017-02-18'

lastFullScan

Use a date range or specific date to define when full scans (assessments) were last conducted using Cloud Agent (CA).

Examples

Show findings with last full scan within certain dates

lastFullScan: [2016-01-01 ... 2016-01-10]

Show findings with last full scan starting 2015-10-01, ending 1 month ago

lastFullScan: [2015-10-01 ... now-1M]

Show findings with last full scan starting 2 weeks ago, ending 1 second ago

lastFullScan: [now-2w ... now-1s]

Show findings with last full scan on a specific date

lastFullScan:'2016-02-08'

lastInventory

Use a date range or specific date to define when inventory scans were last conducted by agents. We recommend lastInventoryDate for date range queries using parameters i.e. [now-1M ... now-1s]

Examples

Show findings with last inventory scan within certain dates

lastInventory: [2018-06-01 ... 2018-06-10]

Show findings with last inventory scan on specific date

lastInventory:'2018-07-25'

lastInventoryDate

Use a date range or specific date to define when inventory scans were last conducted by agents. We recommend lastInventoryDate for date range queries using parameters i.e. [now-1M ... now-1s]

Examples

Show findings with last inventory scan within certain dates

lastInventoryDate: [2018-05-01 ... 2018-06-28]

Show findings with last inventory scan starting 2018-06-15, ending 1 month ago

lastInventoryDate: [2018-06-15 ... now-1M]

Show findings with last inventory scan starting 3 weeks ago, ending 1 second ago

lastInventoryDate: [now-3w ... now-1s]

Show findings with last inventory scan on specific date

lastInventoryDate:'2018-07-10'

lastLoggedOnUser

Use a text value ##### to help you find assets last logged into by a user of interest.

Examples

Show assets with last logon by user asmith

lastLoggedOnUser: asmith

lastVmScanDate

Use a date range or specific date to define when vulnerability scans were last conducted.

Examples

Show findings with last vulnerability scan within certain dates

lastVmScanDate: [2017-01-01 ... 2017-02-10]

Show findings with last vulnerability scan starting 2016-11-01, ending 1 month ago

lastVmScanDate: [2016-11-01 ... now-1M]

Show findings with last vulnerability scan starting 2 weeks ago, ending 1 second ago

lastVmScanDate: [now-2w ... now-1s]

Show findings with last vulnerability scan on specific date

lastVmScanDate:'2017-04-10'

name

Use quotes or backticks within values to help you find the asset name you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings related to name

name: QK2K12QP3-65-53

Show any findings that match exact value

name: `QK2K12QP3-65-53`

netbiosName

Use a text value ##### to define the NetBIOS name you're interested in.

Examples

Show assets with this exact name (case sensitive)

netbiosName: EC2AMAZ-19OC2IT

Show assets with name starting with "EC2" (case sensitive)

netbiosName: EC2

Show assets with name ending with "c2it" (case insensitive)

netbiosName: *c2it

openPorts.description

Use quotes or backticks within values to help you find the service description detected on an open port. Quotes can be used when the value has more than one word.

Examples

Show any findings with this description

openPorts.description: Windows Remote Desktop

Show any findings that contain parts of description

openPorts.description: "Windows Remote Desktop"

Show any findings that match exact value

openPorts.description: `Windows Remote Desktop`

openPorts.detectedService

Use quotes or backticks within values to help you find the detected service you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings with this service name

openPorts.detectedService: win_remote_desktop

Show any findings that match exact value

openPorts.detectedService: `win_remote_desktop`

openPorts.firstFound

Use a date range or specific date to define when open ports were first found.

Examples

Show findings with open ports first found within certain dates

openPorts.firstFound: [2017-06-15 ... 2017-06-30]

Show findings with open ports first found starting 2017-06-22, ending 1 month ago

openPorts.firstFound: [2017-06-22 ... now-1M]

Show findings with open ports first found starting 2 weeks ago, ending 1 second ago

openPorts.firstFound: [now-2w ... now-1s]

Show findings with open ports first found on specific date

openPorts.firstFound:'2017-06-14'

openPorts.lastUpdated

Use a date range or specific date to define when open ports were last updated.

Examples

Show findings with open ports last updated within certain dates

openPorts.lastUpdated: [2017-06-15 ... 2017-06-30]

Show findings with open ports last updated starting 2017-06-22, ending 1 month ago

openPorts.lastUpdated: [2017-06-22 ... now-1M]

Show findings with open ports last updated starting 2 weeks ago, ending 1 second ago

openPorts.lastUpdated: [now-2w ... now-1s]

Show findings with open ports last updated on specific date

openPorts.lastUpdated:'2017-06-14'

openPorts.port

Use an integer value ##### to help you find assets with some open port.

Example

Show assets with open port 80

openPorts.port: 80

openPorts.protocol

Use a text value ##### (UDP or TCP) to define the port protocol you're interested in.

Examples

Show findings found on TCP

openPorts.protocol: TCP

Show findings found on port 80 and TCP

openPorts: (port: 80 AND protocol: TCP)

operatingSystem

Use quotes or backticks within values to help you find the operating system you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings with this OS name

operatingSystem: Windows 2012

Show any findings that contain components of OS name

operatingSystem: "Windows 2012"

Show any findings that match exact value

operatingSystem: `Windows 2012`

operatingSystem.category

Use text value ##### to help you find the full operating system category name you're looking for, i.e. Windows, Unix, Linux, Mac and more.

Example

Show any findings that match exact value

operatingSystem.category:Windows/Embedded

operatingSystem.category1

Use text value ##### to help you find the operating system category 1 value you're looking for.

Example

If you are searching for assets with Windows Embedded operating system, then category1 is Windows and category2 is Embedded.

Show any findings that match exact value

operatingSystem.category1:Windows

operatingSystem.category2

Use quotes or backticks to help you find the operating system category 1 value you're looking for.

Example

Show any findings that match exact value

If you are searching for assets with Windows Embedded operating system, then category1 is Windows and category2 is Embedded.

operatingSystem.category2:Embedded

operatingSystem.publisher

Use a text value ##### to define an operating system manufacturer you're looking for.

Example

Show findings with this exact software publisher

operatingSystem.publisher:Microsoft

operatingSystem.name

Use text value ##### to help you find the operating system brand name you're looking for, e.g. Windows OS.

Example

Show any findings that match exact value

operatingSystem.name:Windows 10

operatingSystem.architecture

Use text value ##### to help you find the operating system architecture you're looking for, i.e. 32-Bit or 64-Bit.

Example

Show any findings that match exact value

operatingSystem.architecture:64-Bit

operatingSystem.marketVersion

Use text value ##### to help you find the operating system market version, e.g. Windows OS.

Example

Show any findings that match exact value

operatingSystem.marketVersion:7

operatingSystem.version

Use a text value ##### to define the OS version you're interested in.

Example

Show findings with this exact OS version

operatingSystem.version:16.1

operatingSystem.update

Use a text value ##### to define an OS update version of interest.

Example

Show findings with this exact OS update version

operatingSystem.update:SP2

operatingSystem.lifecycle.ga

Use a date range or specific date to define an OS general availability date of interest.

Examples

Show findings with OS GA date in this date range

operatingSystem.lifecycle.ga:[2019-01-01 ... 2019-01-15]

Show findings with OS GA date starting 2019-01-15, ending 1 month ago

operatingSystem.lifecycle.ga:[2019-01-15 ... now-1M]

Show findings with OS GA date starting 2 weeks ago, ending 1 second ago

operatingSystem.lifecycle.ga:[now-2w ... now-1s]

Show findings with this OS GA date

operatingSystem.lifecycle.ga:'2019-03-18'

operatingSystem.lifecycle.eol

Use a date range or specific date to define an operating system End-of-Life date of interest.

Examples

Show findings with operating system End-of-Life date in this date range

operatingSystem.lifecycle.eol:[2019-01-01 ... 2019-01-15]

Show findings with operating system End-of-Life date starting 2019-01-15, ending 1 month ago

operatingSystem.lifecycle.eol:[2019-01-15 ... now-1M]

Show findings with operating system End-of-Life date starting 2 weeks ago, ending 1 second ago

operatingSystem.lifecycle.eol:[now-2w ... now-1s]

Show findings with this operating system End-of-Life date

operatingSystem.lifecycle.eol:'2019-03-18'

operatingSystem.lifecycle.eos

Use a date range or specific date to define an operating system End-of-Support date of interest.

Examples

Show findings with operating system End-of-Support date in this date range

operatingSystem.lifecycle.eos:[2019-01-01 ... 2019-01-15]

Show findings with operating system End-of-Support date starting 2019-01-15, ending 1 month ago

operatingSystem.lifecycle.eos:[2019-01-15 ... now-1M]

Show findings with operating system End-of-Support date starting 2 weeks ago, ending 1 second ago

operatingSystem.lifecycle.eos:[now-2w ... now-1s]

Show findings with this operating system End-of-Support date

operatingSystem.lifecycle.eos:'2019-03-18'

operatingSystem.osId

Use quotes or backticks within values to help you find the operating system ID.

Example

Show any findings that match exact value

operatingSystem.osId:`96426`

operatingSystem.edition

Use text value ##### to help you find the operating system edition you're looking for.

Example

Show any findings that match exact value

operatingSystem.edition:Enterprise

operatingSystem.lifecycle.stage

Use a text value ##### to define an OS lifecycle stage you're looking for, i.e. active, eol, obsolete.

Examples

Show findings having this OS lifecycle stage

operatingSystem.lifecycle.stage:eol

Show findings with OS category Windows and OS lifecycle stage "active"

operatingSystem:(category:Windows AND lifecycle.stage:eol)

pendingActivationForModules

Select the name ##### of a module that's pending activation. Select from names in the drop-down menu.

Examples

Show assets pending activation for VM

pendingActivationForModules: "VM"

Show assets pending activation for VM and FIM

pendingActivationForModules: "VM" AND pendingActivationForModules: "FIM"

processors.description

Use quotes or backticks within values to help you find the processor description you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings with this description

processors.description: intel

Show any findings that match exact value

processors.description: `intel`

processors.speed

Use an integer value ##### to help you find assets with a certain processor speed.

Example

Show assets with this processor speed

processors.speed: 1995

provider

Select the name ##### of a cloud service provider you're looking for. Select from names in the drop-down menu.

Examples

Show assets synced from Amazon AWS

provider: "AWS"

services.description

Use quotes or backticks within values to help you find the service description you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings with this description

services.description: Windows Event Log

Show any findings that contain parts of description

services.description: "Windows Event Log"

Show any findings that match exact value

services.description: `Windows Event Log`

services.name

Use quotes or backticks within values to help you find the service name you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings with this name

services.name: eventlog

Show any findings that match exact value

services.name: `eventlog`

services.status

Use quotes or backticks within values to help you find the service status you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings with this status

services.status: running

Show any findings that match exact value

services.status: `running`

software.architecture

Use text value ##### to help you find the software architecture you're looking for, i.e 32-Bit or 64-Bit.

Example

Show any findings that match exact value

software.architecture:64-Bit

software.edition

Use text value ##### to help you find the software edition you're looking for.

Example

Show any findings that match exact value

software.edition:Professional

software.category

Use quotes or backticks within values to help you find a software category.

Example

Show any findings that match exact value

software.category:Application Development/Testing

software.category1

Use text value ##### to help you find the software category 1 value you're looking for.

Example

If you are searching for assets having testing software, then category1 is Application Development and category2 is Testing.

Show any findings that match exact value

software.category1:Application Development

software.category2

Use text value ##### to help you find the software category 2 value you're looking for.

Example

If you are searching for assets having testing software, then category1 is Application Development and category2 is Testing.

Show any findings that match exact value

software.category2:Testing

software.firstFound

Use a date range or specific date to define when software was first found.

Examples

Show assets with software first found within certain dates

software.firstFound: [2017-06-15 ... 2017-06-30]

Show assets with software first found starting 2017-06-22, ending 1 month ago

software.firstFound: [2017-06-22 ... now-1M]

Show assets with software first found starting 2 weeks ago, ending 1 second ago

software.firstFound: [now-2w ... now-1s]

Show assets with software first found on specific date

software.firstFound:'2017-06-14'

software.lastUpdated

Use a date range or specific date to define when software was last updated.

Examples

Show assets with software last updated within certain dates

software.lastUpdated: [2017-06-15 ... 2017-06-30]

Show assets with software last updated starting 2017-06-22, ending 1 month ago

software.lastUpdated: [2017-06-22 ... now-1M]

Show assets with software last updated starting 2 weeks ago, ending 1 second ago

software.lastUpdated: [now-2w ... now-1s]

Show assets with software last updated on specific date

software.lastUpdated:'2017-06-14'

software.installedDate

Use a date range or specific date to define when software was installed.

Examples

Show assets with software installed within certain dates

software.installedDate:[2018-01-15 ... 2018-03-12]

Show assets with software installed starting 2018-01-22, ending 1 month ago

software.installedDate:[2018-01-22 ... now-1M]

Show assets with software installed starting 2 weeks ago, ending 1 second ago

software.installedDate:[now-2w ... now-1s]

Show assets with software installed on specific date

software.installedDate:'2018-02-16'

software.marketVersion

Use text value ##### to help you find a software market version, e.g. Windows OS.

Example

Show any findings that match exact value

software.marketVersion:7

software.majorVersion

Use a text value ##### to define the major software version you're interested in.

Example

Show any findings that match exact value

software.majorVersion:1.19.0.0

software.name

Use quotes or backticks within values to help you find the software name you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings with this name

software.name: VMware Tools

Show any findings that contain parts of name

software.name: "VMware Tools"

Show any findings that match exact value

software.name: `VMware Tools`

Find assets with certain tag and software installed

tags.name: `Cloud Agent` AND software: (name: `Cisco AnyConnect Secure Mobility Client` AND version: `3.1.12345`)

software.product

Use a text value ##### to define a software product name you're looking for.

Example

Show findings with this exact product name

software.product:Office

software.publisher

Use a text value ##### to define a software manufacturer you're looking for.

Example

Show findings with this exact software publisher

software.publisher:Microsoft

software.type

Use a text value ##### to define a software type of interest.

Example

Show findings having this software type

software.type:Installer Package

software.update

Use a text value ##### to define a software update version of interest.

Example

Show findings with this exact software update version

software.update:16.0.1.2

software.version

Use a text value ##### to define the software version you're interested in. Note that you cannot perform a range search since this is a text field.

Example

Show findings with this version

software.version: 8.6.10

Find assets with certain tag and software installed

tags.name: `Cloud Agent` AND software: (name: `Cisco AnyConnect Secure Mobility Client` AND version: `3.1.12345`)

software.lifecycle.stage

Use a text value ##### to define a software lifecycle stage you're looking for, i.e. active, eol, obsolete.

Examples

Show findings having this software lifecycle stage

software:(lifecycle.stage:eol)

Show findings having software category Windows and software lifecycle stage "active"

software:(category:Windows AND lifecycle.stage:eol)

software.lifecycle.ga

Use a date range or specific date to define a software general availability date of interest.

Examples

Show findings with software GA date in this date range

software:(lifecycle.ga:[2019-01-01 ... 2019-01-15])

Show findings with woftware GA date starting 2019-01-15, ending 1 month ago

software:(lifecycle.ga:[2019-01-15 ... now-1M])

Show findings with software GA date starting 2 weeks ago, ending 1 second ago

software:(lifecycle.ga:[now-2w ... now-1s])

Show findings with this software GA date

software:(lifecycle.ga:'2019-03-18')

software.lifecycle.eol

Use a date range or specific date to define an software End-of-Life date of interest.

Examples

Show findings with software End-of-Life date in this date range

software.lifecycle.eol:[2019-01-01 ... 2019-01-15]

Show findings with software End-of-Life date starting 2019-01-15, ending 1 month ago

software.lifecycle.eol:[2019-01-15 ... now-1M]

Show findings with software End-of-Life date starting 2 weeks ago, ending 1 second ago

software.lifecycle.eol:[now-2w ... now-1s]

Show findings with this software End-of-Life date

software.lifecycle.eol:'2019-03-18'

software.lifecycle.eos

Use a date range or specific date to define an software End-of-Support date of interest.

Examples

Show findings with software End-of-Support date in this date range

software.lifecycle.eos:[2019-01-01 ... 2019-01-15]

Show findings with software End-of-Support date starting 2019-01-15, ending 1 month ago

software.lifecycle.eos:[2019-01-15 ... now-1M]

Show findings with software End-of-Support date starting 2 weeks ago, ending 1 second ago

software.lifecycle.eos:[now-2w ... now-1s]

Show findings with this software End-of-Support date

software.lifecycle.eos:'2019-03-18'

software.license.subcategory

Use text value ##### to help you find a software license subcategory, i.e. GPL, Apache 2.0, BSD.

Example

Show any findings that match exact value

software:(license.subcategory:Apache 2.0)

software.license.category

Use text value ##### to help you find a software license category, i.e. Open Source, Commercial.

Example

Show any findings that match exact value

software:(license.category:`Open Source`)

system.biosDescription

Use quotes or backticks within values to help you find the BIOS description you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings with this description

system.biosDescription: Phoenix Technologies

Show any findings that contain parts of name

system.biosDescription: "Phoenix Technologies"

Show any findings that match exact value

system.biosDescription: `Phoenix Technologies`

system.lastBoot

Use a date range or specific date to define when assets were last booted.

Examples

Show assets last booted within certain dates

system.lastBoot: [2016-01-01 ... 2016-01-10]

Show assets last booted starting 2015-10-01, ending 1 month ago

system.lastBoot: [2015-10-01 ... now-1M]

Show assets last booted starting 2 weeks ago, ending 1 second ago

system.lastBoot: [now-2w ... now-1s]

Show assets last booted on a specific date

system.lastBoot:'2016-01-08'

system.manufacturer

Use quotes or backticks within values to help you find the system manufacturer you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings with this name

system.manufacturer: dell

Show any findings that match exact value

system.manufacturer: `dell`

system.model

Use quotes or backticks within values to help you find the system model you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings with this name

system.model: optiplex

Show any findings that match exact value

system.model: `optiplex`

system.timezone

Use a text value ##### in quotes to find assets with a certain timezone set.

Example

Show assets with this timezone

system.timezone: "-08:00"

system.totalMemory

Use an integer value ##### to help you find assets with a certain total system memory.

Example

Show assets with this total system memory

system.totalMemory: 1024

tags.businessImpact

Select the name ##### that defines the business impact you're looking for. Select from names in the drop-down menu.

Examples

Show findings with High business impact

tags.businessImpact: "HIGH"

tags.name

Use quotes or backticks within values to help you find the asset tag you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings related to this tag name

tags.name: Cloud Agent

Show any findings that contain "Cloud" or "Agent" in name

tags.name: "Cloud Agent"

Show any findings that match exact value

tags.name: `Cloud Agent`

udcManifestAssigned

Use the values true | false to find assets with PC agents assigned a UDC manifest. Assets are found when agents have the PC module enabled and one or more user defined controls have been added to your subscription.

Examples

Show assets with agents assigned a UDC manfest

udcManifestAssigned: "true"

Show assets with agents not assigned a UDC manifest

udcManifestAssigned: "false"

updated

Use a date range or specific date to define when assets were updated (i.e. when re-scanned by a scanner appliance, or when host data uploaded to the cloud platform by an agent).

Examples

Show assets updated within certain dates

updated: [2016-01-01 ... 2016-01-10]

Show assets updated starting 2015-10-01, ending 3 months ago

updated: [2015-10-01 ... now-3M]

Show assets updated starting 2 weeks ago, ending 1 second ago

updated: [now-2w ... now-1s]

Show assets updated on a specific date

updated:'2016-01-10'

volumes.free

Use an integer value ##### to help you find assets with a certain free volume space.

Example

Show assets with this free volume space

volumes.free: 448312320

volumes.name

Use a text value ##### to find assets with a certain volume name.

Example

Show assets with this volume name

volumes.name: /boot

volumes.size

Use an integer value ##### to help you find assets with a certain volume size.

Example

Show assets with this volume size

volumes.size: 481529856

vulnerabilities

Choose the value * to find assets with vulnerabilities.

Example

Show all findings that have vulnerabilities

vulnerabilities: *

vulnerabilities.firstFound

Use a date range or specific date to define when findings were first found.

Examples

Show findings first found within certain dates

vulnerabilities.firstFound: [2015-10-21 ... 2015-10-30]

Show findings first found starting 2015-10-01, ending 1 month ago

vulnerabilities.firstFound: [2015-10-01 ... now-1M]

Show findings first found starting 2 weeks ago, ending 1 second ago

vulnerabilities.firstFound: [now-2w ... now-1s]

Show findings first found on certain date

vulnerabilities.firstFound:'2015-11-11'

vulnerabilities.lastFound

Use a date range or specific date to define when findings were last found.

Examples

Show findings last found within certain dates

vulnerabilities.lastFound: [2015-10-21 ... 2016-01-15]

Show findings last found starting 2016-01-01, ending 1 month ago

vulnerabilities.lastFound: [2016-01-01 ... now-1M]

Show findings last found starting 2 weeks ago, ending 1 second ago

vulnerabilities.lastFound: [now-2w ... now-1s]

Show findings last found on certain date

vulnerabilities.lastFound:'2016-01-11'

Show findings last found on 2017-01-12 with patch available

vulnerabilities: (lastFound: '2017-01-12' AND vulnerability.patchAvailable: "true")

vulnerabilities.typeDetected

Select a detection type (e.g. Confirmed, Potential, Information) to find assets with vulnerabilities of this type. Select from names in the drop-down menu.

Example

Show findings with this type

vulnerabilities.typeDetected: "Confirmed"

vulnerabilities.nonExploitableKernel

Use the values true | false to define vulnerabilities that exist on non exploitable kernels.

Examples

Show findings on non-exploitable kernels

vulnerabilities.nonExploitableKernel:TRUE

vulnerabilities.nonExploitableConfig

Use the values true | false to list vulnerabilities that exist on non exploitable configuration.

Examples

Show findings on non-exploitable config

vulnerabilities.nonExploitableConfig:TRUE

vulnerabilities.nonExploitableService

Use the values true | false to list vulnerabilities that exist on non exploitable services.

Examples

Show findings on non-exploitable services

vulnerabilities.nonExploitableService:TRUE

vulnerabilities.vulnerability.authTypes

Select the name (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc) of an authentication type you're interested in. Select from names in the drop-down menu.

Example

Show findings with Windows auth type

vulnerabilities.vulnerability.authTypes: "WINDOWS_AUTH"

vulnerabilities.vulnerability.bugTraqIds

Use a text value ##### to find a BugTraq number you're interested in.

Example

Show findings with BugTraq ID 22211

vulnerabilities.vulnerability.bugTraqIds: 22211

vulnerabilities.vulnerability.category

Select a category (CGI, Database, DNS, BIND, etc) to find vulnerabilities with this category. Select from names in the drop-down menu.

Example

Show findings with the category CGI

vulnerabilities.vulnerability.category: "CGI"

vulnerabilities.vulnerability.compliance.description

Use quotes or backticks within values to help you find the compliance description you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings related to this description

vulnerabilities.vulnerability.compliance.description: malicious software

Show any findings that contain "malicious" or "software" in description

vulnerabilities.vulnerability.compliance.description: "malicious software"

Show any findings that match exact value

vulnerabilities.vulnerability.compliance.description: `malicious software`

vulnerabilities.vulnerability.compliance.section

Use quotes or backticks within values to help you find the compliance section you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings related to this section

vulnerabilities.vulnerability.compliance.section: 164.308

Show any findings that match exact value

vulnerabilities.vulnerability.compliance.section: `164.308`

vulnerabilities.vulnerability.compliance.type

Select the name ##### of a compliance type you're interested in (e.g. COBIT, HIPAA, GLBA, SOX). Select from names in the drop-down menu.

Example

Show findings with the compliance type HIPAA

vulnerabilities.vulnerability.compliance.type: "HIPAA"

vulnerabilities.vulnerability.consequence

Use quotes or backticks within values to help you find the consequence you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings related to consequence

vulnerabilities.vulnerability.consequence: sensitive information

Show any findings that contain "sensitive" or "information" in consequence

vulnerabilities.vulnerability.consequence: "sensitive information"

Show any findings that match exact value

vulnerabilities.vulnerability.consequence: `sensitive information`

vulnerabilities.vulnerability.cveIds

Use a text value ##### to find the CVE name you're interested in.

Example

Show findings with CVE name CVE-2015-0313

vulnerabilities.vulnerability.cveIds: CVE-2015-0313

vulnerabilities.vulnerability.cvssInfo.accessVector

Select the name ##### of a CVSS access vector you'd like to find (e.g. UNDEFINED, LOCAL_ACCESS, ADJACENT_NETWORK, NETWORK). Select from names in the drop-down menu.

Example

Show findings with this name

vulnerabilities.vulnerability.cvssInfo.accessVector: "NETWORK"

vulnerabilities.vulnerability.cvssInfo.baseScore

Use an integer value ##### to help you find the CVSS base score you're interested in.

Example

Show assets with this score

vulnerabilities.vulnerability.cvssInfo.baseScore: 7.8

vulnerabilities.vulnerability.cvssInfo.temporalScore

Use an integer value ##### to help you find the CVSS temporal score you're interested in.

Example

Show assets with this score

vulnerabilities.vulnerability.cvssInfo.temporalScore: 6.4

vulnerabilities.vulnerability.description

Use quotes or backticks within values to help you find the vulnerability description you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings related to description

vulnerabilities.vulnerability.description: remote code execution

Show any findings that contain "remote" or "code" in description

vulnerabilities.vulnerability.description: "remote code execution"

Show any findings that match exact value

vulnerabilities.vulnerability.description: `remote code execution`

vulnerabilities.vulnerability.discoveryTypes

Select a discovery type (Remote or Authenticated) to find assets with vulnerabilities having this discovery type. Select from names in the drop-down menu.

Example

Show findings with Remote discovery type

vulnerabilities.vulnerability.discoveryTypes: Remote

vulnerabilities.vulnerability.exploitability

Use quotes or backticks within values to help you find known exploit description you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings related to this description

vulnerabilities.vulnerability.exploitability: GIF Parser Heap

Show any findings that contain "GIF", "Parser" or "Heap" in description

vulnerabilities.vulnerability.exploitability: "GIF Parser Heap"

Show any findings that match exact value

vulnerabilities.vulnerability.exploitability: `GIF Parser Heap`

vulnerabilities.vulnerability.flags

Use a text value ##### to find the Qualys defined vulnerability property of interest (e.g. REMOTE, WINDOWS_AUTH, UNIX_AUTH etc, PCI_RELATED).

Example

Show findings with this property

vulnerabilities.vulnerability.flags: PCI_RELATED

vulnerabilities.vulnerability.lists

Use a text value ##### to find the vulnerability list of interest (e.g. SANS_20, QUALYS_20, QUALYS_INT_10, QUALYS_EXT_10).

Example

Show findings with vulnerabilities in SANS Top 20

vulnerabilities.vulnerability.lists: SANS_20

vulnerabilities.vulnerability.os

Use quotes or backticks within values to help you find the operating system vulnerabilities were detected on. Quotes can be used when the value has more than one word.

Examples

Show any findings related to this OS value

vulnerabilities.vulnerability.os: windows

Show any findings that match exact value

vulnerabilities.vulnerability.os: `windows`

vulnerabilities.vulnerability.patchAvailable

Use the values true | false to define vulnerabilities with patch available.

Examples

Show findings with patch available

vulnerabilities.vulnerability.patchAvailable: "true"

Show findings with no patch available

vulnerabilities.vulnerability.patchAvailable: "false"

vulnerabilities.vulnerability.patches

Use an integer value ##### to help you find the patch QID you're interested in.

Example

Show assets with this patch QID

vulnerabilities.vulnerability.patches: 90753

vulnerabilities.vulnerability.published

Use a date range or specific date to define when vulnerabilities were first published in the KnowledgeBase.

Examples

Show findings for vulnerabilities published within certain dates

vulnerabilities.vulnerability.published: [2015-10-21 ... 2016-01-15]

Show findings for vulnerabilities published starting 2016-01-01, ending 1 month ago

vulnerabilities.vulnerability.published: [2016-01-01 ... now-1M]

Show findings for vulnerabilities published starting 2 weeks ago, ending 1 second ago

vulnerabilities.vulnerability.published: [now-2w ... now-1s]

Show findings for vulnerabilities published on certain date

vulnerabilities.vulnerability.published:'2015-07-15'

vulnerabilities.vulnerability.qid

Use an integer value ##### to define the QID in question.

Example

Show findings with QID 90405

vulnerabilities.vulnerability.qid: 90405

vulnerabilities.vulnerability.risk

Use an integer value ##### to define the vulnerability risk rating you're interested in. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.

Example

Show findings with risk 50

vulnerabilities.vulnerability.risk: 50

vulnerabilities.vulnerability.sans20Categories

Use a text value ##### to find vulnerabilities in the SANS 20 category you're interested in (e.g. Anti-virus Software, Backup Software, etc).

Example

Show findings with this category name

vulnerabilities.vulnerability.sans20Categories: "Media Players"

vulnerabilities.severity

Select a severity (1-5) to find assets having vulnerabilities with this severity. Select from values in the drop-down menu.

Example

Show findings with severity 4

vulnerabilities.severity: "4"

vulnerabilities.vulnerability.solution

Use quotes or backticks within values to help you find the solution you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings related to this solution

vulnerabilities.vulnerability.solution: Bulletin MS10-006

Show any findings that contain parts of solution

vulnerabilities.vulnerability.solution: "Bulletin MS10-006"

Show any findings that match exact value

vulnerabilities.vulnerability.solution: `Bulletin MS10-006`

vulnerabilities.vulnerability.title

Use quotes or backticks within values to help you find the title you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings related to this title

vulnerabilities.vulnerability.title: Remote Code Execution

Show any findings that contain "Remote" or "Code" in title

vulnerabilities.vulnerability.title: "Remote Code"

Show any findings that match exact value

vulnerabilities.vulnerability.title: `Remote Code`

vulnerabilities.vulnerability.types

Select a detection type (e.g. Vulnerability, Potential, Information) to find assets with vulnerabilities of this type. Select from names in the drop-down menu.

Example

Show findings with this type

vulnerabilities.vulnerability.types: "VULNERABILITY"

vulnerabilities.vulnerability.updated

Use a date range or specific date to define when vulnerabilities were updated in the KnowledgeBase.

Examples

Show vulnerabilities updated within certain dates

vulnerabilities.vulnerability.updated: [2015-10-21 ... 2015-10-30]

Show vulnerabilities updated starting 2015-11-01, ending 1 month ago

vulnerabilities.vulnerability.updated: [2015-11-01 ... now-1M]

Show vulnerabilities updated stating 2 weeks ago, ending 1 second ago

vulnerabilities.vulnerability.updated: [now-2w ... now-1s]

Show vulnerabilities updated on certain date

vulnerabilities.vulnerability.updated: '2015-03-08'

vulnerabilities.vulnerability.vendorRefs

Use a text value ##### to find the vendor reference you're interested in.

Example

Show findings with this reference

vulnerabilities.vulnerability.vendorRefs: KB3021953

vulnerabilities.vulnerability.qualysPatchable

Use the values  true | false to search for vulnerabilities that can be patched at Qualys.

Examples

Show vulnerabilities with patch available at Qualys

vulnerabilities.vulnerability.qualysPatchable: "true"

Show vulnerabilities with patch not available at Qualys

vulnerabilities.vulnerability.qualysPatchable: "false"

vulnerabilities.vulnerability.criticality

Select a criticality (e.g. "CRITICAL","HIGH","MEDIUM","LOW","NONE") to find assets with vulnerabilities of this type. Select from names in the drop-down menu.

Examples

Show vulnerabilities with HIGH criticality

vulnerabilities.vulnerability.criticality: "HIGH"

and

Use a boolean query to express your query using AND logic.

Example

Show assets with operating system Windows and Linux

operatingSystem: windows and operatingSystem: linux

not

Use a boolean query to express your query using NOT logic.

Example

Show assets that don't have Windows operating system

not operatingSystem: windows

or

Use a boolean query to express your query using OR logic.

Example

Show assets with one of these tag names

tag.name: Cloud Agent or tag.name: HQ

 

Threat Protection

(For Threat Protection users) Use these tokens for searching Real-Time Threat Indicators (RTI).

vulnerabilities.vulnerability.threatIntel.activeAttacks

Use the values true | false to define real-time threats due to active attacks.

Example

Show assets with threats due to active attacks

vulnerabilities.vulnerability.threatIntel.activeAttacks: "true"

vulnerabilities.vulnerability.threatIntel.denialOfService

Use the values true | false to define real-time threats due to denial of service.

Example

Show assets with threats due to denial of service

vulnerabilities.vulnerability.threatIntel.denialOfService: "true"

vulnerabilities.vulnerability.threatIntel.easyExploit

Use the values true | false to define real-time threats due to easy exploit.

Example

Show assets with threats due to easy exploit

vulnerabilities.vulnerability.threatIntel.easyExploit: "true"

vulnerabilities.vulnerability.threatIntel.exploitKit

Use the values true | false to define real-time threats due to exploit kit.

Example

Show assets with threats due to exploit kit

vulnerabilities.vulnerability.threatIntel.exploitKit: "true"

vulnerabilities.vulnerability.threatIntel.exploitKitName

Use quotes or backticks within values to help you find the exploit kit name you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings with this name

vulnerabilities.vulnerability.threatIntel.exploitKitName: Angler

Show any findings that match exact value

vulnerabilities.vulnerability.threatIntel.exploitKitName: `Angler`

vulnerabilities.vulnerability.threatIntel.highDataLoss

Use the values true | false to define real-time threats due to high data loss.

Example

Show assets with threats due to high data loss

vulnerabilities.vulnerability.threatIntel.highDataLoss: "true"

vulnerabilities.vulnerability.threatIntel.highLateralMovement

Use the values true | false to define real-time threats due to high lateral movement.

Example

Show assets with threats due to high lateral movement

vulnerabilities.vulnerability.threatIntel.highLateralMovement: "true"

vulnerabilities.vulnerability.threatIntel.malware

Use the values true | false to define real-time threats due to malware.

Example

Show assets with threats due to malware

vulnerabilities.vulnerability.threatIntel.malware: "true"

vulnerabilities.vulnerability.threatIntel.malwareName

Use quotes or backticks within values to help you find the malware name you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings with this name

vulnerabilities.vulnerability.threatIntel.malwareName: TROJ_PDFKA.DQ

Show any findings that match exact value

vulnerabilities.vulnerability.threatIntel.malwareName: `TROJ_PDFKA.DQ`

vulnerabilities.vulnerability.threatIntel.noPatch

Use the values true | false to define real-time threats due to no patch available.

Example

Show assets with threats due to no patch available

vulnerabilities.vulnerability.threatIntel.noPatch: "true"

vulnerabilities.vulnerability.threatIntel.publicExploit

Use the values true | false to define real-time threats due to public exploit.

Example

Show assets with threats due to public exploit

vulnerabilities.vulnerability.threatIntel.publicExploit: "true"

vulnerabilities.vulnerability.threatIntel.publicExploitName

Use quotes or backticks within values to help you find the public exploit name of interest. Quotes can be used when the value has more than one word.

Examples

Show any findings with this name

vulnerabilities.vulnerability.threatIntel.publicExploitName: RealVNC NULL Authentication Mode Bypass

Show any findings that contain parts of name

vulnerabilities.vulnerability.threatIntel.publicExploitName: "RealVNC NULL Authentication Mode Bypass"

Show any findings that match exact value

vulnerabilities.vulnerability.threatIntel.publicExploitName: `RealVNC NULL Authentication Mode Bypass`

vulnerabilities.vulnerability.threatIntel.zeroDay

Use the values true | false to define real-time threats due to zero day exploit.

Example

Show assets with threats due to zero day exploit

vulnerabilities.vulnerability.threatIntel.zeroDay: "true"

vulnerabilities.vulnerability.threatIntel.wormable

Use the values true | false to define real-time wormable threats.

Examples

Show assets with wormable threats

vulnerabilities.vulnerability.threatIntel.wormable: "true"

 

vulnerabilities.vulnerability.threatIntel.predictedHighRisk

Use the values true | false to define real-time threats due to predicted high risk.

Examples

Show assets with predicted high risk threat

vulnerabilities.vulnerability.threatIntel.predictedHighRisk: "true"

vulnerabilities.vulnerability.threatIntel.unauthenticatedExploitation

Use the values true | false to define real-time threats due to unauthenticated exploitation risk.

Examples

Show assets with unauthenticated exploitation threat

vulnerabilities.vulnerability.threatIntel.unauthenticatedExploitation: "true"

vulnerabilities.vulnerability.threatIntel.remoteCodeExecution

Use the values true | false to define real-time threats due to remote code execution risk.

Examples

Show assets with  remote code execution threat

vulnerabilities.vulnerability.threatIntel.remoteCodeExecution: "true"

vulnerabilities.vulnerability.threatIntel.ransomware

Use the values true | false to define real-time threats due to ransomeware vulnerability.

Examples

Show assets with ransomeware threat

vulnerabilities.vulnerability.threatIntel.ransomware: "true"

vulnerabilities.vulnerability.threatIntel.privilegeEscalation

Use the values true | false to define real-time threats due to privilege escalation risk.

Examples

Show assets with privilege escalation threat

vulnerabilities.vulnerability.threatIntel.privilegeEscalation: "true"

vulnerabilities.vulnerability.threatIntel.solorigateSunburst

Use the values true | false to filter real-time threats due to Solorigate Sunburst risk.

Examples

Show assets with Solorigate Sunburst threat

vulnerabilities.vulnerability.threatIntel.solorigateSunburst: "true"

Compliance

Use these tokens for searching compliance policies.


statement

Use quotes or backticks within values to help you find policies by statement.

Examples

Show any findings related to this statement

statement: Accept Remote rsyslog Messages Only on Designated Log Hosts - ModLoad

Show any findings that contain parts of statement

statement: "Accept Remote rsyslog Messages Only on Designated Log Hosts - ModLoad"

Show findings that match exact value

statement: `Accept Remote rsyslog Messages Only on Designated Log Hosts - ModLoad`


cid

Use an integer value ##### in quotes to help you find policies by CID number.

Example

Find policies for CID 1071

cid: "1071"


policy

Use quotes or backticks within values to help you find policies by policy name.

Examples

Show any findings related to this policy name

policy: Policy to test Error out on 1.2 release

Show any findings that contain parts of policy name

policy: "Policy to test Error out on 1.2 release"

Show findings that match exact value

policy: `Policy to test Error out on 1.2 release`


category

Use quotes or backticks within values to help you find policies by category.

Examples

Show any findings related to this category

category: OS Security Settings

Show any findings that contain parts of category name

category: "OS Security Settings"

Show findings that match exact value

category: `OS Security Settings`


posture

Use a text value ##### in quotes to find policies of a certain posture (Pass, Fail, Error).

Example

Show policies of this posture

posture: "FAIL"


criticality

Use a text value ##### to find policies of a certain criticality (CRITICAL, URGENT, SERIOUS, MEDIUM, MINIMAL, UNDEFINED).

Example

Show policies of this criticality

criticality: "URGENT"