Home

Search Tokens for VMDR

You can use the search tokens available in Vulnerabilities tab and refine your search results. We have broadly classified the search tokens for asset and vulnerability search in Vulnerabilities tab. Click each token to learn more about it.

Generic | Vulnerability | Asset | Asset Inventory | RTIs | AWS | Microsoft Azure | GCP | Passive Scanner

Generic

and

not

or

Vulnerability Tokens

Use these tokens to define search criteria for vulnerabilities.

vulnerabilities.firstFound

vulnerabilities.hostAssetName

vulnerabilities.hostOS

vulnerabilities.found

vulnerabilities.disabled

vulnerabilities.lastFound

vulnerabilities.nonExploitableConfig

vulnerabilities.nonRunningKernel

vulnerabilities.ssl

vulnerabilities.port

vulnerabilities.protocol

vulnerabilities.ignored

vulnerabilities.instance

vulnerabilities.runningService

vulnerabilities.severity

vulnerabilities.status

vulnerabilities.typeDetected

vulnerabilities.vulnerability.authTypes

vulnerabilities.vulnerability.bugTraqIds

vulnerabilities.vulnerability.category

vulnerabilities.vulnerability.compliance.description

vulnerabilities.vulnerability.compliance.section

vulnerabilities.vulnerability.compliance.type

vulnerabilities.vulnerability.consequence

vulnerabilities.vulnerability.cveIds

vulnerabilities.vulnerability.cvss3Info.basescore

vulnerabilities.vulnerability.cvss3Info.temporalScore

vulnerabilities.vulnerability.cvss2Info.accessVector

vulnerabilities.vulnerability.cvss2Info.baseScore

vulnerabilities.vulnerability.cvss2Info.temporalScore

vulnerabilities.vulnerability.discoveryTypes

vulnerabilities.vulnerability.exploitability

vulnerabilities.vulnerability.flags

vulnerabilities.vulnerability.os

vulnerabilities.vulnerability.patchAvailable

vulnerabilities.vulnerability.pci

vulnerabilities.vulnerability.rebootRequired

vulnerabilities.vulnerability.qid

vulnerabilities.vulnerability.sans20Categories

vulnerabilities.vulnerability.solution

vulnerabilities.vulnerability.supportedBy

vulnerabilities.vulnerability.title

vulnerabilities.vulnerability.types

vulnerabilities.vulnerability.vendorRefs

vulnerabilities.vulnerability.vendors.productName

vulnerabilities.vulnerability.vendors.vendorName

vulnerabilities.nonExploitableKernel

vulnerabilities.nonExploitableService

vulnerabilities.vulnerability.virtualPatchAvailable

vulnerabilities.vulnerability.patchReleased

vulnerabilities.timesFound

vulnerabilities.vulnerability.kbAge

vulnerabilities.detectionAge

vulnerabilities.vulnerability.description

vulnerabilities.vulnerability.lists

vulnerabilities.vulnerability.patches

vulnerabilities.vulnerability.published

vulnerabilities.vulnerability.risk

vulnerabilities.vulnerability.qualysPatchable

vulnerabilities.vulnerability.criticality

vulnerabilities.vulnerability.updated

Asset Tokens

Use these tokens to define search criteria for assets.

accounts.username

activatedForModules

agentActivations.key

agentActivations.status

agentId

trackingMethod

agentVersion

assetId

configurationProfile

connectors.connector.name

cpuCount

created

docker.dockerVersion

docker.noOfContainers

docker.noOfImages

isDockerHost

interfaces.address

interfaces.dnsAddress

interfaces.gatewayAddress

interfaces.hostname

interfaces.interfaceName

interfaces.macAddress

lastCheckedIn

lastVmScanDate

lastComplianceScanDate

lastFullScan

lastInventory

lastLoggedOnUser

lastActivity

name

netbiosName

openPorts.description

openPorts.detectedService

openPorts.firstFound

openPorts.lastUpdated

openPorts.port

openPorts.protocol

operatingSystem

pendingActivationForModules

processors.description

processors.speed

services.description

services.name

services.status

software.firstFound

software.lastUpdated

software.installedDate

software.name

software.version

system.biosDescription

system.lastBoot

system.manufacturer

system.model

system.timezone

system.totalMemory

tags.name

updated

volumes.free

volumes.name

volumes.size

vulnerabilities

Asset Inventory

Use search tokens to refine your search for assets based on different asset properties.

hardware.category

hardware.category1

hardware.category2

hardware.lifecycle.ga

hardware.lifecycle.intro

hardware.lifecycle.eos

hardware.lifecycle.obs

hardware.lifecycle.stage

hardware.manufacturer

hardware.model

hardware.product

operatingSystem.architecture

operatingSystem.category

operatingSystem.category1

operatingSystem.category2

operatingSystem.edition

operatingSystem.lifecycle.ga

operatingSystem.lifecycle.eol

operatingSystem.lifecycle.eos

operatingSystem.lifecycle.stage

operatingSystem.marketVersion

operatingSystem.osId

operatingSystem.name

operatingSystem.publisher

operatingSystem.update

operatingSystem.version

software.architecture

software.category

software.category1

software.category2

software.edition

software.lifecycle.ga

software.lifecycle.eol

software.lifecycle.eos

software.lifecycle.stage

software.license.category

software.marketVersion

software.product

software.publisher

software.type

software.update

software.majorVersion

software.license.subcategory

RTIs

Use these tokens for searching Real-Time Threat Indicator (RTI) related vulnerabilities.

vulnerabilities.vulnerability.threatIntel.activeAttacks

vulnerabilities.vulnerability.threatIntel.denialOfService

vulnerabilities.vulnerability.threatIntel.easyExploit

vulnerabilities.vulnerability.threatIntel.exploitKit

vulnerabilities.vulnerability.threatIntel.exploitKitName

vulnerabilities.vulnerability.threatIntel.highDataLoss

vulnerabilities.vulnerability.threatIntel.highLateralMovement

vulnerabilities.vulnerability.threatIntel.malware

vulnerabilities.vulnerability.threatIntel.malwareName

vulnerabilities.vulnerability.threatIntel.noPatch

vulnerabilities.vulnerability.threatIntel.publicExploit

vulnerabilities.vulnerability.threatIntel.publicExploitName

vulnerabilities.vulnerability.threatIntel.zeroDay

vulnerabilities.vulnerability.threatIntel.wormable

vulnerabilities.vulnerability.threatIntel.predictedHighRisk

vulnerabilities.vulnerability.threatIntel.unauthenticatedExploitation

vulnerabilities.vulnerability.threatIntel.remoteCodeExecution

vulnerabilities.vulnerability.threatIntel.ransomware

vulnerabilities.vulnerability.threatIntel.privilegeEscalation

vulnerabilities.vulnerability.threatIntel.solorigateSunburst

AWS EC2

Use these tokens when searching your AWS EC2 assets on the Assets list.

- Your results may return Terminated instances. It's recommended you include aws.ec2instanceState in your query to reduce the number of results.

- The syntax is different when writing queries for tag rules than when searching assets in the Assets list. Be sure to follow the syntax tips in the drop-down when writing your query.

aws.ec2.accountId

aws.ec2.availabilityZone

aws.ec2.hasAgent

aws.ec2.hostname

aws.ec2.imageId

aws.ec2.instanceId

aws.ec2.instanceState

aws.ec2.instanceType

aws.ec2.isQualysScanner

aws.ec2.kernelId

aws.ec2.launchDate

aws.ec2.privateDNS

aws.ec2.privateIpAddress

aws.ec2.publicDNS

aws.ec2.publicIpAddress

aws.ec2.region.code

aws.ec2.region.name

aws.ec2.spotInstance

aws.ec2.subnetId

aws.ec2.vpcId

aws.tags

aws.tags.key

aws.tags.value

Microsoft Azure

Use these tokens when searching Microsoft Azure assets on the Assets list.

azure.tags

azure.tags.name

azure.tags.value

azure.vm.imageOffer

azure.vm.imagePublisher

azure.vm.imageVersion

azure.vm.location

azure.vm.macAddress

azure.vm.name

azure.vm.platform

azure.vm.privateIpAddress

azure.vm.publicIpAddress

azure.vm.resourceGroupName

azure.vm.size

azure.vm.state

azure.vm.subnet

azure.vm.subscriptionId

azure.vm.vmId

Google Cloud Platform

Use these tokens when searching Google Cloud Platform assets on the Assets list.

gcp.compute.hostname

gcp.compute.instanceId

gcp.compute.macAddress

gcp.compute.machineType

gcp.compute.network

gcp.compute.privateIpAddress

gcp.compute.projectId

gcp.compute.projectNumber

gcp.compute.publicIpAddress

gcp.compute.zone

gcp.compute.state

Passive Scanner only

Use these tokens when searching assets detected by passive scanning.

asset.fqdn

hardware.typingConfidence

inventory.scannerID

inventory.scannerName

openPorts.lastFound

openPort.lastUpdated

operatingSystem.typingConfidence

traffic.timestamp

traffic.total

traffic.ingress

traffic.egress

traffic.protocol

traffic.port

traffic.type

traffic.family

traffic.application

traffic.service