Search Tokens for VMDR

You can use the search tokens available in Vulnerabilities tab and refine your search results. We have broadly classified the search tokens for asset and vulnerability search in Vulnerabilities tab. Click each token to learn more about it.

Generic

The order of precedence to use the operators is NOT, AND, OR. However, you can use the parenthesis to override the precedence.

notnot

Use a boolean query to express your query using NOT logic.

Example

Show assets that don't have Windows operating system

not operatingSystem: Windows

andand

Use a boolean query to express your query using AND logic.

Example

Find assets with certain tag and software installed

tags.name:`Cloud Agent` and software: (name:`Cisco AnyConnect Secure Mobility Client` and version:`3.1.12345`)

oror

Use a boolean query to express your query using OR logic.

Example

Show findings with one of these tag values

tags.name:Cloud Agent or tags.name:Windows

Vulnerability Tokens

Use these tokens to define search criteria for vulnerabilities.

vulnerabilities.disabledvulnerabilities.disabled

Use the values true | false to define vulnerabilities are disabled or enabled.

Examples

Show findings with vulnerabilities disabled

vulnerabilities.disabled:TRUE

vulnerabilities.detectionScorevulnerabilities.detectionScore

Use an integer value (0-100) to help you find vulnerabilities based on specific detection score.

Examples

Show vulnerabilities with detection score 80

vulnerabilities.detectionScore:80

Show vulnerabilities with detection score 25

vulnerabilities.detectionScore:25

vulnerabilities.detectionSourcevulnerabilities.detectionSource

Use a string value within quotes or backticks to find vulnerabilities with a certain source of detection.

Examples:

- Show findings with Qualys as the detection source:

vulnerabilities.detectionSource:Qualys

- Show findings that contain parts of the detection source:

vulnerabilities.detectionSource:"Qualys"

- Show findings that match the exact value Qualys:

vulnerabilities.detectionSource:`Qualys`

vulnerabilities.foundvulnerabilities.found

Use the values true | false to define vulnerabilities are detected or not on the assets.

Examples

Show findings with vulnerabilities detected

vulnerabilities.found:TRUE

vulnerabilities.firstFoundvulnerabilities.firstFound

Use the date range or specific date to define when findings were first found.

Examples

Show findings first found within certain dates

vulnerabilities.firstFound:[2017-10-21 ... 2017-10-30]

Show findings first found starting 2015-10-01, ending 1 month ago

vulnerabilities.firstFound:[2015-10-01 ... now-1M]

Show findings first found starting 2 weeks ago, ending 1 second ago

vulnerabilities.firstFound:[now-2w ... now-1s]

Show findings first found on certain date

vulnerabilities.firstFound:'2016-11-11'

vulnerabilities.hostAssetNamevulnerabilities.hostAssetName

Use quotes or backticks within values to help you find the host asset name.

Examples

Show any findings related to name

vulnerabilities.hostAssetName:QK2K12QP3-65-53

Show any findings that contain parts of name

vulnerabilities.hostAssetName:"QK2K12QP3-65-53"

Show any findings that match exact value "QK2K12QP3-65-53"

vulnerabilities.hostAssetName:`QK2K12QP3-65-53`

vulnerabilities.hostOSvulnerabilities.hostOS

Use quotes or backticks within values to help you find the host operating system.

Examples

Show any findings with this OS name

vulnerabilities.hostOS:Windows 2012

Show any findings that contain components of OS name

vulnerabilities.hostOS:"Windows 2012"

Show any findings that match exact value "Windows 2012"

vulnerabilities.hostOS:`Windows 2012`

vulnerabilities.ignoredvulnerabilities.ignored

Use an integer value ##### to help you find vulnerabilities that have been marked as ignored.

Example

Show vulnerabilities that are marked as ignored

vulnerabilities.ignored:TRUE

vulnerabilities.instancevulnerabilities.instance

Use a text value ##### to help you find vulnerabilities found on a certain instance.

Example

Show vulnerabilities found in this instance

vulnerabilities.instance: oracle

vulnerabilities.lastFixedvulnerabilities.lastFixed

Use a date range or specific date to define when findings were last fixed.

Examples

Show findings last fixed within certain dates

vulnerabilities.lastFixed:[2015-10-21 ... 2016-01-15]

Show findings last fixed starting 2016-01-01, ending 1 month ago

vulnerabilities.lastFixed:[2016-01-01 ... now-1M]

Show findings last fixed starting 2 weeks ago, ending 1 second ago

vulnerabilities.lastFixed:[now-2w ... now-1s]

Show findings last fixed on certain date

vulnerabilities.lastFixed:'2016-01-11'

Show findings last fixed within certain number of days

vulnerabilities.lastFixed: [91..180]

vulnerabilities.lastFoundvulnerabilities.lastFound

Use a date range or specific date to define when findings were last found.

Examples

Show findings last found within certain dates

vulnerabilities.lastFound:[2015-10-21 ... 2016-01-15]

Show findings last found starting 2016-01-01, ending 1 month ago

vulnerabilities.lastFound:[2016-01-01 ... now-1M]

Show findings last found starting 2 weeks ago, ending 1 second ago

vulnerabilities.lastFound:[now-2w ... now-1s]

Show findings last found on certain date

vulnerabilities.lastFound:'2016-01-11'

Show findings last found within certain number of days

vulnerabilities.lastFound: [91..180]

Show findings last found on 2017-01-12 with patch available

vulnerabilities: (lastFound:'2017-01-12' AND vulnerability.patchAvailable:TRUE)

vulnerabilities: (lastFound: AND vulnerability.patchAvailable:TRUE)

vulnerabilities.nonExploitableConfigvulnerabilities.nonExploitableConfig

Use the values true | false to define vulnerabilities with non-exploitable configurations.

Examples

Show findings with non exploitable configurations

vulnerabilities.nonExploitableConfig:TRUE

Show findings with exploitable configurations

vulnerabilities.nonExploitableConfig:FALSE

vulnerabilities.nonRunningKernelvulnerabilities.nonRunningKernel

Use the values true | false to view vulnerabilities found on non-running kernels.

Examples

Show detections found on non-running Kernal

vulnerabilities.nonRunningKernel:TRUE

Show detections found on running Kernal

vulnerabilities.nonRunningKernel:FALSE

vulnerabilities.portvulnerabilities.port

Use an integer value ##### to help you find vulnerabilities found on a certain port.

Example

Show vulnerabilities found on this port

vulnerabilities.port:443

vulnerabilities.protocolvulnerabilities.protocol

Use a text value ##### (UDP or TCP) to define the port protocol.

Example

Show vulnerabilities found on TCP protocol

vulnerabilities.protocol:TCP

vulnerabilities.runningServicevulnerabilities.runningService

Use the values true | false to define vulnerabilities found on a non-exploitable port/service.

Example

Show vulnerabilities found on running service

vulnerabilities.runningService:TRUE

Show vulnerabilities found on non-running service

vulnerabilities.nonexploitableService:FALSE

vulnerabilities.sslvulnerabilities.ssl

Use the values true | false to define vulnerabilities found on secure socket layer (SSL).

Examples

Show vulnerabilities associated with SSL

vulnerabilities.ssl:TRUE

vulnerabilities.severityvulnerabilities.severity

Use an integer value to view the severity level set by you to find assets having vulnerabilities. The severity level ranges between 1-5. Select from values in the drop-down menu. If you do not set the severity level, its level will be the same as the level set by Qualys.

Example

Show findings with severity by 5

vulnerabilities.severity:5

For information about customer and Qualys severity, see Customer and Kb Severity Level

vulnerabilities.statusvulnerabilities.status

Select a status (e.g. Active, Fixed, New, Reopened) to find vulnerabilities with certain status. Select from names in the drop-down menu.

If you select the status as Fixed, the list will only show vulnerabilities that are fixed in the last 365 days.

Example

Show vulnerabilities with New status

vulnerabilities.status:NEW

vulnerabilities.ttr.firstFoundvulnerabilities.ttr.firstFound

Use the number of days to determine the findings based on the Total and First Found time to remediate. The token accepts range input as number of days. You can also customize the range input.

Examples

Show vulnerabilities findings based on total and first found calculation

vulnerabilities.ttr.firstFound:[61..90]

Use custom query to see the vulnerabilities findings based on total and first found calculation

vulnerabilities.ttr.firstFound:[0..90]

vulnerabilities.tags.namevulnerabilities.tags.name

Use quotes or backticks within values to help you find the vulnerabilities tag.

Examples

Show any findings related to this tag name

vulnerabilities.tags.name: Microsoft Security Update

Show any findings that contain "Ubuntu" or "2021" in name

vulnerabilities.tags.name:"Ubuntu 2021"

Show any findings that match exact value "centOS_security"

vulnerabilities.tags.name:`centOS_security`

Note: This token is available only to limited customers (in Beta phase).

vulnerabilities.typeDetectedvulnerabilities.typeDetected

Select a detection type (e.g. Confirmed, Potential, Information) to find assets with vulnerabilities of this type. Select from names in the drop-down menu.

Example

Show findings with this type

vulnerabilities.typeDetected:Confirmed

vulnerabilities.vulnerability.authTypesvulnerabilities.vulnerability.authTypes

Select the name (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc) of an authentication type you're interested in. Select from names in the drop-down menu.

Example

Show findings with Windows auth type

vulnerabilities.vulnerability.authTypes:WINDOWS_AUTH

vulnerabilities.vulnerability.bugTraqIdsvulnerabilities.vulnerability.bugTraqIds

Use a text value ##### to find a BugTraq number.

Example

Show findings with BugTraq ID 22211

vulnerabilities.vulnerability.bugTraqIds:22211

vulnerabilities.vulnerability.categoryvulnerabilities.vulnerability.category

Select a category (CGI, Database, DNS, BIND, etc) to find vulnerabilities with this category. Select from names in the drop-down menu.

Example

Show findings with category CGI

vulnerabilities.vulnerability.category:CGI

vulnerabilities.vulnerability.compliance.descriptionvulnerabilities.vulnerability.compliance.description

Use quotes or backticks within values to help you find the compliance description.

Examples

Show any findings related to this description

vulnerabilities.vulnerability.compliance.description:malicious software

Show any findings that contain "malicious" or "software" in description

vulnerabilities.vulnerability.compliance.description:"malicious software"

Show any findings that match exact value "malicious software"

vulnerabilities.vulnerability.compliance.description:`malicious software`

vulnerabilities.vulnerability.compliance.sectionvulnerabilities.vulnerability.compliance.section

Use quotes or backticks within values to help you find the compliance section.

Examples

Show any findings related to this section

vulnerabilities.vulnerability.compliance.section:164.308

Show any findings that contain parts of section

vulnerabilities.vulnerability.compliance.section:"164.308"

Show any findings that match exact value "164.308"

vulnerabilities.vulnerability.compliance.section:`164.308`

vulnerabilities.vulnerability.compliance.typevulnerabilities.vulnerability.compliance.type

Select the name ##### of a compliance type, for example, COBIT, HIPAA, GLBA, SOX. Select from names in the drop-down menu.

Example

Show findings with the compliance type HIPAA

vulnerabilities.vulnerability.compliance.type:HIPAA

vulnerabilities.vulnerability.impactvulnerabilities.vulnerability.impact

Use quotes or backticks within values to help you find the impact.

Examples

Show any findings related to impact

vulnerabilities.vulnerability.impact:sensitive information

Show any findings that contain "sensitive" or "information" in consequence

vulnerabilities.vulnerability.impact:"sensitive information"

Show any findings that match exact value "sensitive information"

vulnerabilities.vulnerability.impact:`sensitive information`

vulnerabilities.vulnerability.cveIdsvulnerabilities.vulnerability.cveIds

Use a text value ##### to find the CVE name.

Example

Show findings with CVE name CVE-2015-0313

vulnerabilities.vulnerability.cveIds:CVE-2015-0313

Note: The CVE in the query is case sensitive and must be used in capital case.

vulnerabilities.vulnerability.cvss3_1Info.basescorevulnerabilities.vulnerability.cvss3_1Info.basescore

Use an integer value ##### to help you find the CVSSv3.1 base score.

Example

Show assets with this score

vulnerabilities.vulnerability.cvss3_1Info.basescore:7.8

vulnerabilities.vulnerability.cvss3_1Info.temporalScorevulnerabilities.vulnerability.cvss3_1Info.temporalScore

Use an integer value ##### to help you find the CVSSv3.1 temporal score.

Example

Show assets with this score

vulnerabilities.vulnerability.cvss3_1Info.temporalScore:6.4

vulnerabilities.vulnerability.cvss2Info.accessVectorvulnerabilities.vulnerability.cvss2Info.accessVector

Select the name ##### of a CVSS2 access vector, for example, UNDEFINED, LOCAL_ACCESS, ADJACENT_NETWORK, NETWORK. Select from names in the drop-down menu.

Example

Show findings with this name

vulnerabilities.vulnerability.cvss2Info.accessVector:NETWORK

vulnerabilities.vulnerability.cvss2Info.baseScorevulnerabilities.vulnerability.cvss2Info.baseScore

Use an integer value ##### to help you find the CVSS2 base score.

Example

Show assets with this score

vulnerabilities.vulnerability.cvss2Info.baseScore:7.8

vulnerabilities.vulnerability.cvss2Info.temporalScorevulnerabilities.vulnerability.cvss2Info.temporalScore

Use an integer value ##### to help you find the CVSS2 temporal score.

Example

Show assets with this score

vulnerabilities.vulnerability.cvss2Info.temporalScore:6.4

vulnerabilities.vulnerability.discoveryTypesvulnerabilities.vulnerability.discoveryTypes

Select a discovery type (Remote or Authenticated) to find assets with vulnerabilities having this discovery type. Select from names in the drop-down menu.

Example

Show findings with Remote discovery type

vulnerabilities.vulnerability.discoveryTypes:REMOTE

vulnerabilities.vulnerability.exploitabilityvulnerabilities.vulnerability.exploitability

Use quotes or backticks within values to help you find known exploit description.

Examples

Show any findings related to this description

vulnerabilities.vulnerability.exploitability:GIF Parser Heap

Show any findings that contain "GIF", "Parser" or "Heap" in description

vulnerabilities.vulnerability.exploitability:"GIF Parser Heap"

Show any findings that match exact value "GIF Parser Heap"

vulnerabilities.vulnerability.exploitability:`GIF Parser Heap`

vulnerabilities.vulnerability.flagsvulnerabilities.vulnerability.flags

Use a text value ##### to find the Qualys defined vulnerability property, for example, REMOTE, WINDOWS_AUTH, UNIX_AUTH, PCI_RELATED etc.

Example

Show findings with this flag

vulnerabilities.vulnerability.flags:PCI_RELATED

vulnerabilities.vulnerability.osvulnerabilities.vulnerability.os

Use quotes or backticks within values to help you find the operating system vulnerabilities were detected on.

Examples

Show any findings related to this OS value

vulnerabilities.vulnerability.os:windows

Show any findings that contain parts of OS value

vulnerabilities.vulnerability.os:"windows"

Show any findings that match exact value "windows"

vulnerabilities.vulnerability.os:`windows`

vulnerabilities.vulnerability.patchAvailablevulnerabilities.vulnerability.patchAvailable

Use the values true | false to define vulnerabilities with patch available.

Examples

Show findings with patch available

vulnerabilities.vulnerability.patchAvailable:TRUE

Show findings with no patch available

vulnerabilities.vulnerability.patchAvailable:FALSE

vulnerabilities.vulnerability.pcivulnerabilities.vulnerability.pci

Use the values true | false to find vulnerabilities that must be fixed for PCI Compliance (per PCI DSS).

Examples

Show PCI vulnerabilities

vulnerabilities.vulnerability.pci:TRUE

Do not show PCI vulnerabilities

vulnerabilities.vulnerability.pci:FALSE

vulnerabilities.vulnerability.rebootRequiredvulnerabilities.vulnerability.rebootRequired

Use the values true | false to find vulnerabilities that need reboot.

Examples

Show vulnerabilities that need reboot.

vulnerabilities.vulnerability.rebootRequired: TRUE

vulnerabilities.vulnerability.qidvulnerabilities.vulnerability.qid

Use an integer value ##### to define the QID in question.

Example

Show findings with QID 90405

vulnerabilities.vulnerability.qid: 90405

vulnerabilities.vulnerability.ransomware.namevulnerabilities.vulnerability.ransomware.name

Use quotes or backticks within values to help you find the ransomware name you're looking for. Quotes can be used when the value has more than one word.

Example

Show findings with this name

vulnerabilities.vulnerability.ransomware.name: Locky

Show findings that match exact value

vulnerabilities.vulnerability.ransomware.name: Locky

vulnerabilities.vulnerability.sans20Categoriesvulnerabilities.vulnerability.sans20Categories

Use a text value ##### to find vulnerabilities in the SANS 20 category, for example, Anti-virus Software, Backup Software, etc.

Example

Show findings with this category name

vulnerabilities.vulnerability.sans20Categories:Media Players

vulnerabilities.vulnerability.severityvulnerabilities.vulnerability.severity

Use an integer value to view the severity level set by Qualys to find assets having vulnerabilities. The severity level ranges between 1-5. Select from values in the drop-down menu.

Example

Show findings with severity set by Qualys as 5

vulnerabilities.vulnerability.severity:5

For information about customer and Qualys severity, see Customer and Kb Severity Level

vulnerabilities.vulnerability.solutionvulnerabilities.vulnerability.solution

Use quotes or backticks within values to help you find the solution.

Examples

Show any findings related to this solution

vulnerabilities.vulnerability.solution:Bulletin MS10-006

Show any findings that contain parts of solution

vulnerabilities.vulnerability.solution:"Bulletin MS10-006"

Show any findings that match exact value "Bulletin MS10-006"

vulnerabilities.vulnerability.solution:`Bulletin MS10-006`

vulnerabilities.vulnerability.supportedByvulnerabilities.vulnerability.supportedBy

Select a Qualys service (VM, Agent type, etc) to show vulnerabilities that can be detected by this service. Select from names in the drop-down menu.

Example

Show vulnerabilities supported by Linux Agent

vulnerabilities.vulnerability.supportedBy:CA-Linux Agent

vulnerabilities.vulnerability.titlevulnerabilities.vulnerability.title

Use quotes or backticks within values to help you find the title.

Examples

Show any findings related to this title

vulnerabilities.vulnerability.title:Remote Code Execution

Show any findings that contain "Remote" or "Code" in title

vulnerabilities.vulnerability.title:"Remote Code"

Show any findings that match exact value "Remote Code"

vulnerabilities.vulnerability.title:`Remote Code`

vulnerabilities.vulnerability.typesvulnerabilities.vulnerability.types

Select a detection type (e.g. Vulnerability, Potential, Information) to find assets with vulnerabilities of this type. Select from names in the drop-down menu.

Example

Show findings with this type

vulnerabilities.vulnerability.types:VULNERABILITY

vulnerabilities.vulnerability.vendorRefsvulnerabilities.vulnerability.vendorRefs

Use a text value ##### to find the vendor reference.

Example

Show this vendor reference

vulnerabilities.vulnerability.vendorRefs:KB3021953

vulnerabilities.vulnerability.vendors.productNamevulnerabilities.vulnerability.vendors.productName

Use a text value ##### to find the vendor product name.

Example

Show findings with this vendor product name

vulnerabilities.vulnerability.vendors.productName:Windows

vulnerabilities.vulnerability.vendors.vendorNamevulnerabilities.vulnerability.vendors.vendorName

Use a text value ##### to find the vendor name.

Example

Show findings with this vendor name

vulnerabilities.vulnerability.vendors.vendorName:Adobe

vulnerabilities.nonExploitableKernelvulnerabilities.nonExploitableKernel

Use the values true | false to define vulnerabilities that exist on non exploitable kernels.

Examples

Show findings on non-exploitable kernels

vulnerabilities.nonExploitableKernel:TRUE

vulnerabilities.nonExploitableServicevulnerabilities.nonExploitableService

`Use the values true | false to define vulnerabilities that exist on non exploitable services.

Examples

Show findings on non-exploitable services

vulnerabilities.nonExploitableService:TRUE

vulnerabilities.vulnerability.patchReleasedvulnerabilities.vulnerability.patchReleased

Use a date range or specific date to define when patch was available.

Examples

Show findings last found within certain dates

vulnerabilities.vulnerability.patchReleased:[2018-10-21 ... 2019-01-15]

Show findings last found starting 2020-01-01, ending 1 month ago

vulnerabilities.vulnerability.patchReleased:[2020-01-01 ... now-1M]

Show findings last found starting 2 weeks ago, ending 1 second ago

vulnerabilities.vulnerability.patchReleased:[now-2w ... now-1s]

Show findings last found on certain date

vulnerabilities.vulnerability.patchReleased:'2020-01-02'

vulnerabilities.timesFoundvulnerabilities.timesFound

Show findings that were detected for the specified number of times.

Examples

Show findings last found 3 times

vulnerabilities.timesFound:3

vulnerabilities.vulnerability.kbAgevulnerabilities.vulnerability.kbAge

Select the number of days from the range (00..30, 31..60, 61..90, 91..180,180..+) since the vulnerability was published by Qualys in the Knowledge Base. The kbAge is the published date for the QIDs. Select the number of days from the drop-down menu.

Example

Show findings/QIDs that were recently published (in the last 30 days)

vulnerabilities.vulnerability.kbAge:[00..30]

vulnerabilities.detectionAgevulnerabilities.detectionAge

Select the number of days from the range (00..30, 31..60, 61..90, 91..180,180..+) since the vulnerability was first detected (by a scanner or cloud agent) on the asset till the current date. The age is calculated irrespective of the vulnerability status.

Example

Show findings that were detected in the last 30 days.

vulnerabilities.detectionAge:[00..30]

vulnerabilities.vulnerability.descriptionvulnerabilities.vulnerability.description

Use quotes or backticks within values to help you find the vulnerability description.

Examples

Show any findings related to description

vulnerabilities.vulnerability.description:remote code execution

Show any findings that contain "remote" or "code" in description

vulnerabilities.vulnerability.description:"remote code execution"

Show any findings that match exact value "remote code execution"

vulnerabilities.vulnerability.description:`remote code execution`

vulnerabilities.vulnerability.listsvulnerabilities.vulnerability.lists

Use a text value ##### to find the vulnerability list of interest, for example, SANS_20, QUALYS_20, QUALYS_INT_10, QUALYS_EXT_10).

Example

Show findings with vulnerabilities in SANS Top 20

vulnerabilities.vulnerability.lists:SANS_20

vulnerabilities.vulnerability.patchesvulnerabilities.vulnerability.patches

Use an integer value ##### to help you find the patch QID.

Example

Show assets with this patch QID

vulnerabilities.vulnerability.patches:90753

vulnerabilities.vulnerability.publishedvulnerabilities.vulnerability.published

Use a date range or specific date to define when vulnerabilities were first published in the KnowledgeBase.

Examples

Show findings for vulnerabilities published within certain dates

vulnerabilities.vulnerability.published:[2015-10-21 ... 2016-01-15]

Show findings for vulnerabilities published starting 2017-01-01, ending 1 month ago

vulnerabilities.vulnerability.published:[2017-01-01 ... now-1M]

Show findings for vulnerabilities published starting 2 weeks ago, ending 1 second ago

vulnerabilities.vulnerability.published:[now-2w ... now-1s]

Show findings for vulnerabilities published on certain date

vulnerabilities.vulnerability.published:'2018-01-15'

vulnerabilities.vulnerability.riskvulnerabilities.vulnerability.risk

Use an integer value ##### to define the vulnerability risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.

Example

Show findings with risk 50

vulnerabilities.vulnerability.risk:50

vulnerabilities.vulnerability.qualysPatchablevulnerabilities.vulnerability.qualysPatchable

Use the valuesvulnerabilities true | false to define that can be patched at Qualys.

Examples

Show vulnerabilities with patch available at Qualys

vulnerabilities.vulnerability.qualysPatchable: "true"

Show vulnerabilities with patch not available at Qualys

vulnerabilities.vulnerability.qualysPatchable: "false"

vulnerabilities.vulnerability.criticalityvulnerabilities.vulnerability.criticality

Select a criticality (e.g. "CRITICAL","HIGH","MEDIUM","LOW","NONE") to find assets with vulnerabilities of this type. Select from names in the drop-down menu.

If a QID does not have a CVSSv3 Base score, the CVSSv2 Base score takes the priority.

The following list of criticality defines the CVSS Score from 0.0 to 10.0:

None: 0.0
Low: 0.1-3.9
Medium: 4.0-6.9
High: 7.0-8.9
Critical: 9.0-10.0

Examples

Show vulnerabilities with HIGH criticality

vulnerabilities.vulnerability.criticality: "HIGH"

vulnerabilities.vulnerability.updatedvulnerabilities.vulnerability.updated

Use a date range or specific date to define when vulnerabilities were updated in the KnowledgeBase.

Examples

Show vulnerabilities updated within certain dates

vulnerabilities.vulnerability.updated:[2017-10-21 ... 2017-10-30]

Show vulnerabilities updated starting 2017-11-01, ending 1 month ago

vulnerabilities.vulnerability.updated:[2017-11-01 ... now-1M]

Show vulnerabilities updated stating 2 weeks ago, ending 1 second ago

vulnerabilities.vulnerability.updated:[now-2w ... now-1s]

Show vulnerabilities updated on certain date

vulnerabilities.vulnerability.updated:'2018-03-08'

Asset Tokens

The following asset tokens will list all the assets mentioned in the QQL. You can filter the search results using other token options such as Generic, Search by Field, Search without field tokens.

accounts.usernameaccounts.username

Use a text value ##### to find the username.

Example

Show assets with the username Administrator

accounts.username:Administrator

activatedForModulesactivatedForModules

Select the name ##### of an activated module. Select from names in the drop-down menu.

Examples

Show assets activated for VM

activatedForModules:VM

Show assets activated for VM and FIM

activatedForModules:VM AND activatedForModules:FIM

agent.activations.keyagent.activations.key

Use a text value ##### to define the agent activation key.

Example

Show assets with agents activated using key-value

agent.activations.key:key-value

agent.activations.statusagent.activations.status

Use a text value ##### (ACTIVE or INACTIVE) to define agent activation status.

Example

Show assets with active agents

agent.activations.status:ACTIVE

agent.agentIDagent.agentID

Use a text value ##### to find an agent ID of interest.

Example

Show the asset with this agent ID

agent.agentID:f0c8e682-e9cc-4e7d-b92a-0c905d81ec74

agent.versionagent.version

Use a text value ##### to find the agent version.

Example

Show findings with agent version 1.5.6.46

agent.version:1.5.6.46

assetIdassetId

Use an integer value ##### to help you find certain Qualys asset IDs (UUIDs), assigned by an agent or a scanner appliance when Agentless Tracking is used.

Examples

Show this asset ID

assetId: 2918869

Show asset IDs in this range

assetId: [3546997 .. 12945655]

Show the 2 asset IDs listed

assetId: [3546997,12945655]

agent.configurationProfileagent.configurationProfile

Use quotes or backticks within values to help you find the agent configuration profile.

Examples

Show any findings related to profile name

agent.configurationProfile:Initial Profile

Show any findings that contain parts of profile name

agent.configurationProfile:"Initial Profile"

Show any findings that match exact value "Initial Profile"

agent.configurationProfile:`Initial Profile`

agent.connectedFromagent.connectedFrom

Use a text value ##### to define the external IP address a cloud agent is connected from.

Example

Show findings for an external IP address that an agent connected from

agent.connectedFrom:10.0.100.11

connectors.connector.nameconnectors.connector.name

Use a text value ##### to define the connector name.

Example

Show findings detected by connector myec2

connectors.connector.name:myec2

connectors.firstDiscoveredconnectors.firstDiscovered

Use a date range or specific date to define when the connectors were first discovered.

Example

Show findings for connectors that were first discovered within certain dates

connectors.firstDiscovered:[2015-10-21 ... 2016-01-15]

Show findings for connectors that were first discovered starting 2017-01-01, ending 1 month ago

connectors.firstDiscovered:[2017-01-01 ... now-1M]

Show findings for connectors that were first discovered starting 2 weeks ago, ending 1 second ago

connectors.firstDiscovered:[now-2w ... now-1s]

Show findings for connectors that were first discovered on certain date

connectors.firstDiscovered:'2018-01-15'

Show findings for connectors that were first discovered before a certain date

connectors.firstDiscovered <'2018-01-15'

Show findings for connectors that were first discovered after a certain date

connectors.firstDiscovered >'2018-01-15'

connectors.lastDiscoveredconnectors.lastDiscovered

Use a date range or specific date to define when the connectors were last discovered.

Example

Show findings for connectors last discovered within certain dates

connectors.lastDiscovered:[2015-10-21 ... 2016-01-15]

Show findings for connectors last discovered starting 2017-01-01, ending 1 month ago

connectors.lastDiscovered:[2017-01-01 ... now-1M]

Show findings for connectors last discovered starting 2 weeks ago, ending 1 second ago

connectors.lastDiscovered:[now-2w ... now-1s]

Show findings for connectors last discovered on certain date

connectors.lastDiscovered:'2018-01-15'

Show findings for connectors last discovered before a certain date

connectors.lastDiscovered <'2018-01-15'

Show findings for connectors last discovered after a certain date

connectors.lastDiscovered >'2018-01-15'

cpuCountcpuCount

Use an integer value ##### to help you find assets with some number of CPUs.

Example

Show assets that have 2 CPUs

cpuCount:2

createdcreated

Use a date range or specific date to define when assets were created, that is, when first scanned by a scanner appliance, or when agent was installed.

Examples

Show assets created within certain dates

created:[2016-01-01 ... 2016-01-10]

Show assets created starting 2017-10-01, ending 1 month ago

created:[2017-10-01 ... now-1M]

Show assets created starting 2 weeks ago, ending 1 second ago

created:[now-2w ... now-1s]

Show assets created on specific date

created:'2018-01-08'

criticalityScorecriticalityScore

Use an integer value (1-5) to help you find assets based on specific criticality score.

Examples

Show assets with criticality score 5

criticalityScore:5

Show assets with criticality score 2

criticalityScore:2

docker.dockerVersiondocker.dockerVersion

Use a text value ##### to define a Docker version.

Example

Show findings with this Docker version

docker.dockerVersion:17.3

docker.noOfContainersdocker.noOfContainers

Use an integer value ##### to help you find assets with some number of Docker containers. .

Example

Show findings with 2 Docker containers

docker.noOfContainers:2

docker.noOfImagesdocker.noOfImages

Use an integer value ##### to help you find assets with some number of Docker images.

Example

Show findings with 5 Docker images

docker.noOfImages:5

isDockerHostisDockerHost

Use the values true | false to choose whether to show docker hosts or not (only when the hosts have been scanned).

Examples

Show docker hosts

isDockerHost:true

Do not show docker hosts

isDockerHost:false

interfaces.addressinterfaces.address

Use a text value ##### to define an IP address (IPv4 of IPv6).

Examples

Show the asset with IPv4 address

interfaces.address:10.10.100.20

Show the asset with IPv6 address (enclose value in single quotes)

interfaces.address:'fe80:0:0:0:2501:b53c:4139:404b'

interfaces.dnsAddressinterfaces.dnsAddress

Use a text value ##### to define a DNS address.

Example

Show the asset with DNS address 10.0.100.11

interfaces.dnsAddress:10.0.100.11

interfaces.gatewayAddressinterfaces.gatewayAddress

Use a text value ##### to help you find assets with a certain default gateway address.

Example

Show assets with this default gateway address

interfaces.gatewayAddress:10.11.65.1

interfaces.hostnameinterfaces.hostname

Use quotes or backticks within values to help you find the hostname.

Examples

Show any findings related to name

interfaces.hostname:xpsp2-jp-26-111

Show any findings that contain parts of name

interfaces.hostname:"xpsp2-jp-26-111"

Show any findings that match exact value "xpsp2-jp-26-111"

interfaces.hostname:`xpsp2-jp-26-111`

Show any findings related to name (we'll match super domains)

interfaces.hostname:qcentos71sqp3.rdlab.acme.com

Show any findings that match exact value "qcentos71sqp3.rdlab.acme.com"

interfaces.hostname:`qcentos71sqp3.rdlab.acme.com`

interfaces.interfaceNameinterfaces.interfaceName

Use a text value ##### to help you find a certain interface name.

Example

Show the asset with name PRO/1000

interfaces.interfaceName:PRO/1000

interfaces.macAddressinterfaces.macAddress

Use values within quotes to help you find a MAC address.

Example

Show the asset with this MAC address

interfaces.macAddress:"00-50-56-A9-73-5A"

agent.lastCheckedInagent.lastCheckedIn

Use a date range or specific date to define when agents last checked in to the platform. The last checked in date will be updated after agent provisioning, agent inventory and agent scan.

Examples

Show findings with last check in within a specific date range.

agent.lastCheckedIn:[2020-01-01 ... 2020-01-10]

Show findings with last check in starting 2019-11-01, ending 1 month ago.

agent.lastCheckedIn:[2019-11-01 ... now-1M]

Show findings with last check in starting 2 weeks ago, ending 1 second ago

agent.lastCheckedIn:[now-2w ... now-1s]

Show findings with last check in on a specific date

agent.lastCheckedIn:'2020-02-11'

Show findings with last check in before (older than) last 30 days.

agent.lastCheckedIn<now-30d

Note: We recommend not to use the NOT operator in your range search to form a query like NOT lastCheckedIn:[now-30d...now-2s]. See 'QQL Best Practices' topic in the Unified Dashboard online Help.

Show findings with last check in within last 30 days excluding day 30

agent.lastCheckedIn>now-30d

Show findings with last check in within last 30 days including day 30

agent.lastCheckedIn>=now-30d

Show findings with last check in which is older than last 30 days excluding day 30

agent.lastCheckedIn<now-30d

Show findings with last check in which is older than last 30 days including day 30

agent.lastCheckedIn<=now-30d

lastLocation.namelastLocation.name

Use a text value ##### to help you find assets based on last location.

Examples

Show assets with last location as Redwood City, California - United States

lastLocation.name: `Redwood City, California - United States`

Show assets with last location with exact string

lastLocation.name: `Redwood City, California - United States`

lastLocation.continentlastLocation.continent

Use a text value ##### to help you find assets based on continent of the last location.

Examples

Show assets with last location continent as North America

lastLocation.continent: `North America`

Show assets with last location with exact string

lastLocation.continent: `North America`

lastLocation.countrylastLocation.country

Use a text value ##### to help you find assets based on country of the last location.

Example

Show assets with last location country as United States

lastLocation.country: United States

lastLocation.statelastLocation.state

Use a text value ##### to help you find assets based on state of the last location.

Example

Show assets with last location state as California

lastLocation.state: California

lastLocation.citylastLocation.city

Use a text value ##### to help you find assets with city of the last location.

Example

Show assets with last location state as Miami

lastLocation.city: Miami

lastLocation.postallastLocation.postal

Use a text value ##### to help you find assets based on postal of the last location.

Example

Show assets with last location postal as 94065

lastLocation.postal: 94065

lastVmScanDatelastVmScanDate

Use a date range or specific date to define when full or custom vulnerability scans were last conducted by the agent or scanner. In case of a full vulnerability scan all QIDs are triggered. For custom vulnerability scan specific QIDs are triggered.

Examples

Show findings with last vulnerability scan within certain dates

lastVmScanDateScanner: [2017-01-01 ... 2017-02-10]

Show findings with last vulnerability scan starting 2016-11-01, ending 1 month ago

lastVmScanDateScanner: [2016-11-01 ... now-1M]

Show findings with last vulnerability scan starting 2 weeks ago, ending 1 second ago

lastVmScanDateScanner: [now-2w ... now-1s]

Show findings with last vulnerability scan on specific date

lastVmScanDateScanner:'2017-04-10'

lastVmScanDateScanner lastVmScanDateScanner

Use a date range or specific date to define when full or custom vulnerability scans were last conducted by the scanner. In case of a full vulnerability scan all QIDs are triggered. For custom vulnerability scan specific QIDs are triggered.

Examples

Show findings with last vulnerability scan within certain dates

lastVmScanDateScanner: [2017-01-01 ... 2017-02-10]

Show findings with last vulnerability scan starting 2016-11-01, ending 1 month ago

lastVmScanDateScanner: [2016-11-01 ... now-1M]

Show findings with last vulnerability scan starting 2 weeks ago, ending 1 second ago

lastVmScanDateScanner: [now-2w ... now-1s]

Show findings with last vulnerability scan on specific date

lastVmScanDateScanner:'2017-04-10'

lastVmScanDateAgentlastVmScanDateAgent

Use a date range or specific date to define when full or custom vulnerability scans were last conducted by the agent. In case of a full vulnerability scan all QIDs are triggered. For custom vulnerability scan specific QIDs are triggered.

Examples

Show findings with last vulnerability scan within certain dates

lastVmScanDateAgent: [2017-01-01 ... 2017-02-10]

Show findings with last vulnerability scan starting 2016-11-01, ending 1 month ago

lastVmScanDateAgent: [2016-11-01 ... now-1M]

Show findings with last vulnerability scan starting 2 weeks ago, ending 1 second ago

lastVmScanDateAgent: [now-2w ... now-1s]

Show findings with last vulnerability scan on specific date

lastVmScanDateAgent:'2017-04-10'

lastPcScanDateAgentlastPcScanDateAgent

Use a date range or specific date to define when compliance scans were last conducted. In case of a full policy compliance scan all QIDs are triggered. For custom policy compliance scan specific QIDs are triggered.

Examples

Show findings with last compliance scan within certain dates

lastPcScanDateAgent: [2017-01-01 ... 2017-02-10]

Show findings with last compliance scan starting 2016-11-01, ending 1 month ago

lastPcScanDateAgent: [2016-11-01 ... now-1M]

Show findings with last compliance scan starting 2 weeks ago, ending 1 second ago

lastPcScanDateAgent: [now-2w ... now-1s]

Show findings with last compliance scan on specific date

lastPcScanDateAgent:'2017-04-10'

lastPcScanDateScannerlastPcScanDateScanner

Use a date range or specific date to define when policy compliance scans were last conducted by the scanner. In case of a full policy compliance scan all QIDs are triggered. For custom policy compliance scan specific QIDs are triggered.

Examples

Show findings with last compliance scan within certain dates

lastPcScanDateScanner: [2017-01-01 ... 2017-02-10]

Show findings with last compliance scan starting 2016-11-01, ending 1 month ago

lastPcScanDateScanner: [2016-11-01 ... now-1M]

Show findings with last compliance scan starting 2 weeks ago, ending 1 second ago

lastPcScanDateScanner: [now-2w ... now-1s]

Show findings with last compliance scan on specific date

lastPcScanDateScanner:'2017-04-10'

lastComplianceScanDatelastComplianceScanDate

Use a date range or specific date to define when compliance scans were last conducted. In case of a full compliance scan, all QIDs are triggered. For custom compliance scan specific QIDs are triggered.

Examples

Show findings with last compliance scan within certain dates

lastComplianceScanDate: [2017-01-01 ... 2017-03-31]

Show findings with last compliance scan starting 2016-10-15, ending 1 month ago

lastComplianceScanDate: [2016-10-15 ... now-1M]

Show findings with last compliance scan starting 2 weeks ago, ending 1 second ago

lastComplianceScanDate: [now-2w ... now-1s]

Show findings with last compliance scan on specific date

lastComplianceScanDate:'2017-02-18'

lastFullScanlastFullScan

Use a date range or specific date to define when full scans were last conducted on an agent or a scanner. In case of a full vulnerability scan all QIDs are triggered. For custom vulnerability scan specific QIDs are triggered.

Examples

Show findings with last full scan within certain dates

lastFullScan:[2018-01-01 ... 2018-01-10]

Show findings with last full scan starting 2017-11-01, ending 1 month ago

lastFullScan:[2017-11-01 ... now-1M]

Show findings with last full scan starting 2 weeks ago, ending 1 second ago

lastFullScan:[now-2w ... now-1s]

Show findings with last full scan on a specific date

lastFullScan:'2018-02-08'

agent.lastInventoryagent.lastInventory

Use a date range or specific date to define when inventory scans were last conducted by agents.

Examples

Show findings with last inventory scan within certain dates

agent.lastInventory:[2018-01-12 ... 2018-01-20]

Show findings with last inventory scan starting 2018-01-01, ending 1 month ago

agent.lastInventory:[2018-01-01 ... now-1M]

Show findings with last inventory scan starting 3 weeks ago, ending 1 second ago

agent.lastInventory:[now-3w ... now-1s]

Show findings with last inventory scan on specific date

agent.lastInventory:'2018-02-10'

lastLoggedOnUserlastLoggedOnUser

Use a text value ##### to help you find assets last logged into by a user of interest.

Examples

Show assets with last logon by user asmith

lastLoggedOnUser:asmith

agent.lastActivityagent.lastActivity

Use a date range or specific date to define when the last activity on the agent occurred. The last activity date will be updated after agent provisioning, and agent inventory. The date will not be updated after agent scan.

Examples

Show findings with last activity within certain dates

agent.lastActivity: [2016-01-01 ... 2016-01-10]

Show findings with last activity starting 2015-10-01, ending 1 month ago

agent.lastActivity: [2015-10-01 ... now-1M]

Show findings with last activity starting 2 weeks ago, ending 1 second ago

agent.lastActivity: [now-2w ... now-1s]

Show findings with last activity on a specific date

agent.lastActivity:'2015-12-01'

namename

Use quotes or backticks within values to help you find the asset name.

Examples

Show any findings related to name

name:QK2K12QP3-65-53

Show any findings that contain parts of name

name:"QK2K12QP3-65-53"

Show any findings that match exact value "QK2K12QP3-65-53"

name:`QK2K12QP3-65-53`

netbiosNamenetbiosName

Use a text value ##### to define the NetBIOS name.

Examples

Show assets with this exact name (case sensitive)

netbiosName: EC2AMAZ-19OC2IT

Show assets with name starting with "EC2" (case sensitive)

netbiosName: EC2*

Show assets with name ending with "c2it" (case insensitive)

netbiosName: *c2it

openPorts.descriptionopenPorts.description

Use quotes or backticks within values to help you find the service description detected on an open port.

Examples

Show any findings with this description

openPorts.description:Windows Remote Desktop

Show any findings that contain parts of description

openPorts.description:"Windows Remote Desktop"

Show any findings that match exact value "Windows Remote Desktop"

openPorts.description:`Windows Remote Desktop`

openPorts.detectedServiceopenPorts.detectedService

Use quotes or backticks within values to help you find the detected service.

Examples

Show any findings with this service name

openPorts.detectedService:win_remote_desktop

Show any findings that contain parts of name

openPorts.detectedService:"win_remote_desktop"

Show any findings that match exact value "win_remote_desktop"

openPorts.detectedService:`win_remote_desktop`

openPorts.firstFoundopenPorts.firstFound

Use a date range or specific date to define when open ports were first found.

Examples

Show findings with open ports first found within certain dates

openPorts.firstFound:[2017-06-15 ... 2017-06-30]

Show findings with open ports first found starting 2017-06-22, ending 1 month ago

openPorts.firstFound: [2017-06-22 ... now-1M]

Show findings with open ports first found starting 2 weeks ago, ending 1 second ago

openPorts.firstFound:[now-2w ... now-1s]

Show findings with open ports first found on specific date

openPorts.firstFound:'2017-06-14'

openPorts.lastUpdatedopenPorts.lastUpdated

Use a date range or specific date to define when open ports were last updated.

Examples

Show findings with open ports last updated within certain dates

openPorts.lastUpdated:[2017-06-15 ... 2017-06-30]

Show findings with open ports last updated starting 2017-06-22, ending 1 month ago

openPorts.lastUpdated:[2017-06-22 ... now-1M]

Show findings with open ports last updated starting 2 weeks ago, ending 1 second ago

openPorts.lastUpdated:[now-2w ... now-1s]

Show findings with open ports last updated on specific date

openPorts.lastUpdated:'2018-01-14'

openPorts.portopenPorts.port

Use an integer value ##### to help you find assets with some open port.

Example

Show assets with open port 80

openPorts.port:80

openPorts.protocolopenPorts.protocol

Use a text value ##### (UDP or TCP) to define the port protocol.

Examples

Show findings found on TCP

openPorts.protocol:TCP

Show findings found on port 80 and TCP

openPorts:(port:80 AND protocol:TCP)

operatingSystemoperatingSystem

Use quotes or backticks within values to help you find the operating system.

Examples

Show any findings with this OS name

operatingSystem:Windows 2012

how any findings that contain components of OS name

operatingSystem:"Windows 2012"

Show any findings that match exact value "Windows 2012"

operatingSystem:`Windows 2012`

pendingActivationForModulespendingActivationForModules

Select the name ##### of a module that's pending activation. Select from names in the drop-down menu.

Examples

Show assets pending activation for VM

pendingActivationForModules:VM

Show assets pending activation for VM and FIM

pendingActivationForModules:VM AND pendingActivationForModules:FIM

platformplatform

Use a text value ##### to find assets on Windows or Linux platform.

Example

Show assets on Windows platform

platform:Windows

providerprovider

Select the name ##### of a cloud service provider.

Examples

Show assets synced from Amazon AWS

provider: AWS

processors.descriptionprocessors.description

Use quotes or backticks within values to help you find the processor description.

Examples

Show any findings with this description

processors.description:intel

Show any findings that contain parts of description

processors.description:"intel"

Show any findings that match exact value "intel"

processors.description:`intel`

processors.speedprocessors.speed

Use an integer value ##### to help you find assets with a certain processor speed.

Example

Show assets with this processor speed

processors.speed:1995

processors.threadsPerCoreprocessors.threadsPerCore

Use an integer value ##### to show the number of threads per core.

Example

Show number of threads per core

processors.threadsPerCore:1

processors.coresPerSocketprocessors.coresPerSocket

Use an integer value ##### to show the number of cores per socket.

Example

Show number of cores per socket

processors.coresPerSocket:2

processors.numberOfSocketsprocessors.numberOfSockets

Use an integer value ##### to show the number of sockets.

Example

Show number of sockets

processors.numberofSockets:2

processors.numberOfCpuprocessors.numberOfCpu

Use an integer value ##### to show the number of CPUs.

Example

Show the CPUs

processors.numberofCpu:4

processors.multithreadingStatusprocessors.multithreadingStatus

Use a string value ##### to determine the multithreading status of the processor.

Example

Show multi-threading status

processors.multithreadingStatus:"ENABLED"

QIDQID

Use an integer value ##### to define the QID.

Example

Show findings with QID 90405

QID: 90405

Note: The QID token shows all assets that have the specific QID. The exclude vulnerabilities filters are not applicable for the QID token.

qualysCorrelationIDqualysCorrelationID

Use a text value #### to show assets with specific Qualys Correlation ID.

Example

Show assets with this Qualys Correlation ID

qualysCorrelationID: 0f1b031712682e27cca306e4a2a9e3144696ac099b08fcdf76ccb6f3647ec058

Show assets without any Qualys Correlation ID

qualysCorrelationID: UNIDENTIFIED

Show assets all assets with Qualys Correlation ID

qualysCorrelationID: *

riskScoreriskScore

Use an integer value (0-1000) to help you find assets based on specific risk score.

Examples

Show assets with risk score 60

riskScore:60

Show assets with risk score 25

riskScore:25

sensors.firstEasmScanDatesensors.firstEasmScanDate

Show a list of External Attack Surface discovered assets based on their first scan date.

Examples

Show a list of External Attack Surface discovered assets scanned for the first time on or after 2022-10-04

sensors.firstEasmScanDate >='2022-10-04'

Show a list of External Attack Surface discovered assets that are scanned for the first time before 2022-10-04

sensors.firstEasmScanDate <'2022-10-04'

Show a list of External Attack Surface discovered assets that are scanned for the first time after 2022-10-04

sensors.firstEasmScanDate > '2022-10-04'

Show a list of External Attack Surface discovered assets that are scanned for the first time on 2022-10-04

sensors.firstEasmScanDate = '2022-10-04'

services.descriptionservices.description

Use quotes or backticks within values to help you find the service description.

Examples

Show any findings with this description

services.description:Windows Event Log

Show any findings that contain parts of description

services.description:"Windows Event Log"

Show any findings that match exact value "Windows Event Log"

services.description:`Windows Event Log`

services.nameservices.name

Use quotes or backticks within values to help you find the service name.

Examples

Show any findings with this name

services.name:eventlog

Show any findings that contain parts of name

services.name:"eventlog"

Show any findings that match exact value "eventlog"

services.name:`eventlog`

services.statusservices.status

Use quotes or backticks within values to help you find the service status.

Examples

Show any findings with this status

services.status:running

Show any findings that contain parts of name

services.status:"running"

Show any findings that match exact value running

services.status:`running`

software.firstFoundsoftware.firstFound

Use a date range or specific date to define when software was first found.

Examples

Show assets with software first found within certain dates

software.firstFound:[2017-10-15 ... 2017-10-30]

Show assets with software first found starting 2017-06-22, ending 1 month ago

software.firstFound:[2017-06-22 ... now-1M]

Show assets with software first found starting 2 weeks ago, ending 1 second ago

software.firstFound:[now-2w ... now-1s]

Show assets with software first found on specific date

software.firstFound:'2017-08-14'

software.lastUpdatedsoftware.lastUpdated

Use a date range or specific date to define when software was last updated in Qualys database.

Examples

Show assets with software last updated within certain dates

software.lastUpdated:[2018-01-15 ... 2018-03-12]

Show assets with software last updated starting 2018-01-22, ending 1 month ago

software.lastUpdated:[2018-01-22 ... now-1M]

Show assets with software last updated starting 2 weeks ago, ending 1 second ago

software.lastUpdated:[now-2w ... now-1s]

Show assets with software last updated on specific date

software.lastUpdated:'2018-02-16'

software.installedDatesoftware.installedDate

Use a date range or specific date to define when software was installed.

Examples

Show assets with software installed within certain dates

software.installedDate:[2018-01-15 ... 2018-03-12]

Show assets with software installed starting 2018-01-22, ending 1 month ago

software.installedDate:[2018-01-22 ... now-1M]

Show assets with software installed starting 2 weeks ago, ending 1 second ago

software.installedDate:[now-2w ... now-1s]

Show assets with software installed on specific date

software.installedDate:'2018-02-16'

software.namesoftware.name

Use quotes or backticks within values to help you find the software name.

Examples

Show any findings with this name

software.name:VMware Tools

Show any findings that contain parts of name

software.name:"VMware Tools"

Show any findings that match exact value "VMware Tools"

software.name:`VMware Tools`

Find assets with certain tag and software installed

tags.name:`Cloud Agent` AND software:(name:`Cisco AnyConnect Secure Mobility Client` AND version:`3.1.12345`)

software.versionsoftware.version

Use a text value ##### to define the software version.

Example

Show findings with this version

software.version: 8.6.10

Find assets with certain tag and software installed

tags.name:`Cloud Agent` AND software: (name:`Cisco AnyConnect Secure Mobility Client` AND version:`3.1.12345`)

system.biosDescriptionsystem.biosDescription

Use quotes or backticks within values to help you find the BIOS description.

Examples

Show any findings with this description

system.biosDescription: Phoenix Technologies

Show any findings that contain parts of name

system.biosDescription: "Phoenix Technologies"

Show any findings that match exact value "Phoenix Technologies"

system.biosDescription: `Phoenix Technologies`

system.lastBootsystem.lastBoot

Use a date range or specific date to define when assets were last booted.

Examples

Show assets last booted within certain dates

system.lastBoot:[2018-01-11 ... 2018-01-23]

Show assets last booted starting 2017-10-01, ending 1 month ago

system.lastBoot:[2017-10-01 ... now-1M]

Show assets last booted starting 2 weeks ago, ending 1 second ago

system.lastBoot:[now-2w ... now-1s]

Show assets last booted on a specific date

system.lastBoot:'2018-03-08'

system.manufacturersystem.manufacturer

Use quotes or backticks within values to help you find the system manufacturer.

Examples

Show any findings with this name

system.manufacturer:dell

Show any findings that contain parts of name

system.manufacturer:"dell"

Show any findings that match exact value "dell"

system.manufacturer:`dell`

system.modelsystem.model

Use quotes or backticks within values to help you find the system model.

Examples

Show any findings with this name

system.model: optiplex

Show any findings that contain parts of name

system.manufacturer: "optiplex"

Show any findings that match exact value "optiplex"

system.manufacturer: `optiplex`

system.timezonesystem.timezone

Use a text value ##### in quotes to find assets with a certain timezone set.

Example

Show assets with this timezone

system.timezone:-08:00

system.totalMemorysystem.totalMemory

Use an integer value ##### to help you find assets with a certain total system memory.

Example

Show assets with this total system memory

system.totalMemory:1024

tags.businessImpacttags.businessImpact

Select a criticality e.g. "CRITICAL","HIGH","MEDIUM","LOW","MINOR" to find tags of this type. Select from names in the drop-down menu.

Example

Show tags names with critical business impact

tags.businessImpact:Critical

tags.nametags.name

Use values within quotes or backticks to help you find the asset tag you are looking for.

Example

Show any findings that match exact value "Cloud Agent"

tags.name:`Cloud Agent`

trackingMethodtrackingMethod

Select the tracking method for the assets (IP, DNSNAME, NETBIOS, INSTANCE_ID, and etc.)Select from names in the drop-down menu.

Examples

Show this assets tracked by IP

trackingMethod: IP

Show asset tracked by NETBIOS

trackingMethod: NETBIOS

Show assets tracked by EASM

trackingMethod: EASM

updatedupdated

Use a date range or specific date to define when assets were updated (i.e. when re-scanned by a scanner appliance, or when host data uploaded to the cloud platform by an agent).

Examples

Show assets updated within certain dates

updated:[2017-12-01 ... 2018-01-10]

Show assets updated starting 2017-10-01, ending 3 months ago

updated:[2017-10-01 ... now-3M]

Show assets updated starting 2 weeks ago, ending 1 second ago

updated:[now-2w ... now-1s]

Show assets updated on a specific date

updated:'2018-03-10'

volumes.freevolumes.free

Use an integer value ##### to help you find assets with a certain free volume space.

Example

Show assets with this free volume space

volumes.free:448312320

volumes.namevolumes.name

Use a text value ##### to find assets with a certain volume name.

Example

Show assets with this volume name

volumes.name:/boot

volumes.sizevolumes.size

Use an integer value ##### to help you find assets with a certain volume size.

Example

Show assets with this volume size

volumes.size:481529856

vulnerabilitiesvulnerabilities

Choose the value * to find assets with vulnerabilities.

Example

Show all findings that have vulnerabilities

vulnerabilities:*

Asset Inventory

Use search tokens to refine your search for assets based on different asset properties.

hardware.categoryhardware.category

Use quotes or backticks within values to help you find the hardware.

Examples

Show any findings that contain parts of value

hardware.category:"Computer/Server"

Show any findings that match exact value

hardware.category:`Computer/Server`

hardware.category1hardware.category1

Use quotes or backticks within values to find assets with hardware category 1 value.

Example

Show any findings that match exact value

hardware.category1:`Computer`

hardware.category2hardware.category2

Use quotes or backticks within values to find assets with hardware category 2 value.

Example

Show any findings that match exact value

hardware.category2:`Server`

hardware.lifecycle.gahardware.lifecycle.ga

Use a date range or specific date to define a hardware general availability.

Examples

Show findings with hardware GA date in this date range

hardware.lifecycle.ga:[2019-01-01 ... 2019-01-15]

Show findings with hardware GA date starting 2019-01-15, ending 1 month ago

hardware.lifecycle.ga:[2019-01-15 ... now-1M]

Show findings with hardware GA date starting 2 weeks ago, ending 1 second ago

hardware.lifecycle.ga:[now-2w ... now-1s]

Show findings with this hardware GA date

hardware.lifecycle.ga:'2019-03-18'

hardware.lifecycle.introhardware.lifecycle.intro

Use a date range or specific date to define a hardware introduction date.

Examples

Show findings with hardware introduction date in this date range

hardware.lifecycle.intro:[2019-01-01 ... 2019-01-15]

Show findings with hardware introduction date starting 2019-01-15, ending 1 month ago

hardware.lifecycle.intro:[2019-01-15 ... now-1M]

Show findings with hardware introduction date starting 2 weeks ago, ending 1 second ago

hardware.lifecycle.intro:[now-2w ... now-1s]

Show findings with this hardware introduction date

hardware.lifecycle.intro:'2019-03-18'

hardware.lifecycle.eoshardware.lifecycle.eos

Use a date range or specific date to define a hardware End-of-Sale date.

Examples

Show findings with hardware End-of-Sale date in this date range

hardware.lifecycle.eos:[2019-01-01 ... 2019-01-15]

Show findings with hardware End-of-Sale date starting 2019-01-15, ending 1 month ago

hardware.lifecycle.eos:[2019-01-15 ... now-1M]

Show findings with hardware End-of-Sale date starting 2 weeks ago, ending 1 second ago

hardware.lifecycle.eos:[now-2w ... now-1s]

Show findings with this hardware End-of-Sale date

hardware.lifecycle.eos:'2019-03-18'

hardware.lifecycle.obshardware.lifecycle.obs

Use a date range or specific date to define a hardware obsolete date.

Examples

Show findings with hardware obsolete date in this date range

hardware.lifecycle.obs:[2019-01-01 ... 2019-01-15]

Show findings with hardware obsolete date starting 2019-01-15, ending 1 month ago

hardware.lifecycle.obs:[2019-01-15 ... now-1M]

Show findings with hardware obsolete date starting 2 weeks ago, ending 1 second ago

hardware.lifecycle.obs:[now-2w ... now-1s]

Show findings with this hardware obsolete date

hardware.lifecycle.obs:'2019-03-18'

hardware.lifecycle.stagehardware.lifecycle.stage

Use a text value ##### in quotes to define the hardware lifecycle stage (INTRO, GA, EOS, OBS)

Example

Show End-of-Sale hardware

hardware.lifecycle.stage:"EOS"

hardware.manufacturerhardware.manufacturer

Use quotes or backticks within values to find assets having a certain hardware manufacturer.

Example

Show any findings that match exact value "Dell"

hardware.manufacturer:`Dell`

hardware.modelhardware.model

Use quotes or backticks within values to find assets having a certain hardware model.

Example

Show any findings that match exact value "e7470"

hardware.model:`De7470`

hardware.producthardware.product

Use quotes or backticks within values to find assets having a certain hardware product.

Example

Show any findings that match exact value "Latitude"

hardware.product:`Latitude`

operatingSystem.architectureoperatingSystem.architecture

Use quotes or backticks within values to help you find the operating system architecture that is 32-Bit or 64-Bit.

Example

Show any findings that match exact value

operatingSystem.architecture:`64-Bit`

operatingSystem.categoryoperatingSystem.category

Use quotes or backticks within values to help you find the full operating system category name that is Windows, Unix, Linux, Mac and more.

Example

Show any findings that match exact value

operatingSystem.category:`Windows`

operatingSystem.category1operatingSystem.category1

Use quotes or backticks within values to help you find the operating system category 1 value.

Example

Show any findings that match exact value

operatingSystem.category1:`Windows`

operatingSystem.category2operatingSystem.category2

Use quotes or backticks within values to help you find the operating system category 1 value.

Example

Show any findings that match exact value

operatingSystem.category2:`Client`

operatingSystem.editionoperatingSystem.edition

Use quotes or backticks within values to help you find the operating system edition.

Example

Show any findings that match exact value

operatingSystem.edition:`Enterprise`

operatingSystem.lifecycle.gaoperatingSystem.lifecycle.ga

Use a date range or specific date to define an OS general availability date.

Examples

Show findings with OS GA date in this date range

operatingSystem.lifecycle.ga:[2019-01-01 ... 2019-01-15]

Show findings with OS GA date starting 2019-01-15, ending 1 month ago

operatingSystem.lifecycle.ga:[2019-01-15 ... now-1M]

Show findings with OS GA date starting 2 weeks ago, ending 1 second ago

operatingSystem.lifecycle.ga:[now-2w ... now-1s]

Show findings with this OS GA date

operatingSystem.lifecycle.ga:'2019-03-18'

operatingSystem.lifecycle.eoloperatingSystem.lifecycle.eol

Use a date range or specific date to define an operating system End-of-Life date.

Examples

Show findings with operating system End-of-Life date in this date range

operatingSystem.lifecycle.eol:[2019-01-01 ... 2019-01-15]

Show findings with operating system End-of-Life date starting 2019-01-15, ending 1 month ago

operatingSystem.lifecycle.eol:[2019-01-15 ... now-1M]

Show findings with operating system End-of-Life date starting 2 weeks ago, ending 1 second ago

operatingSystem.lifecycle.eol:[now-2w ... now-1s]

Show findings with this operating system End-of-Life date

operatingSystem.lifecycle.eol:'2019-03-18'

operatingSystem.lifecycle.eosoperatingSystem.lifecycle.eos

Use a date range or specific date to define an operating system End-of-Support date.

Examples

Show findings with operating system End-of-Support date in this date range

operatingSystem.lifecycle.eos:[2019-01-01 ... 2019-01-15]

Show findings with operating system End-of-Support date starting 2019-01-15, ending 1 month ago

operatingSystem.lifecycle.eos:[2019-01-15 ... now-1M]

Show findings with operating system End-of-Support date starting 2 weeks ago, ending 1 second ago

operatingSystem.lifecycle.eos:[now-2w ... now-1s]

Show findings with this operating system End-of-Support date

operatingSystem.lifecycle.eos:'2019-03-18'

operatingSystem.lifecycle.stageoperatingSystem.lifecycle.stage

Use a text value ##### to define an OS lifecycle stage that is, active, eol, obsolete.

Examples

Show findings having this OS lifecycle stage

operatingSystem.lifecycle.stage:eol

Show findings with OS category Windows and OS lifecycle stage "active"

operatingSystem:(category:Windows AND lifecycle.stage:eol)

operatingSystem.marketVersionoperatingSystem.marketVersion

Use quotes or backticks within values to help you find the operating system market version, e.g. Windows OS.

Example

Show any findings that match exact value

operatingSystem.marketVersion:`7`

operatingSystem.osIdoperatingSystem.osId

Use quotes or backticks within values to help you find the operating system ID.

Example

Show any findings that match exact value

operatingSystem.osId:`96426`

operatingSystem.nameoperatingSystem.name

Use quotes or backticks within values to help you find the operating system brand name, for example, Windows OS.

Example

Show any findings that match exact value

operatingSystem.name:`Windows 10`

operatingSystem.publisheroperatingSystem.publisher

Use a text value ##### to define an operating system manufacturer.

Example

Show findings with this exact software publisher

operatingSystem.publisher:`Microsoft`

operatingSystem.updateoperatingSystem.update

Use a text value ##### to define an OS update version.

Example

Show findings with this exact OS update version

operatingSystem.update:`SP2`

operatingSystem.versionoperatingSystem.version

Use a text value ##### to define the OS version you're interested in.

Example

Show findings with this exact OS version

operatingSystem.version:`16.1`

software.architecturesoftware.architecture

Use quotes or backticks within values to help you find the software architecture, that is, 32-Bit or 64-Bit.

Example

Show any findings that match exact value

software:(architecture:`64-Bit`)

software.categorysoftware.category

Use quotes or backticks within values to help you find a software category.

Example

Show any findings that match exact value

software:(category:`Productivity > Productivity Suites`)

software.category1software.category1

Use quotes or backticks within values to help you find the software category 1 value.

Example

Show any findings that match exact value

software:(category1:`Productivity`)

software.category2software.category2

Use quotes or backticks within values to help you find the software category 2 value.

Example

Show any findings that match exact value

software:(category2:`Productivity Suites`)

software.editionsoftware.edition

Use quotes or backticks within values to help you find the software edition.

Example

Show any findings that match exact value

software:(edition:`Professional`)

software.lifecycle.gasoftware.lifecycle.ga

Use a date range or specific date to define a software general availability date.

Examples

Show findings with software GA date in this date range

software:(lifecycle.ga:[2019-01-01 ... 2019-01-15])

Show findings with woftware GA date starting 2019-01-15, ending 1 month ago

software:(lifecycle.ga:[2019-01-15 ... now-1M])

Show findings with software GA date starting 2 weeks ago, ending 1 second ago

software:(lifecycle.ga:[now-2w ... now-1s])

Show findings with this software GA date

software:(lifecycle.ga:'2019-03-18')

software.lifecycle.eolsoftware.lifecycle.eol

Use a date range or specific date to define an software End-of-Life date.

Examples

Show findings with software End-of-Life date in this date range

software.lifecycle.eol:[2019-01-01 ... 2019-01-15]

Show findings with software End-of-Life date starting 2019-01-15, ending 1 month ago

software.lifecycle.eol:[2019-01-15 ... now-1M]

Show findings with software End-of-Life date starting 2 weeks ago, ending 1 second ago

software.lifecycle.eol:[now-2w ... now-1s]

Show findings with this software End-of-Life date

software.lifecycle.eol:'2019-03-18'

software.lifecycle.eossoftware.lifecycle.eos

Use a date range or specific date to define an software End-of-Support date.

Examples

Show findings with software End-of-Support date in this date range

software.lifecycle.eos:[2019-01-01 ... 2019-01-15]

Show findings with software End-of-Support date starting 2019-01-15, ending 1 month ago

software.lifecycle.eos:[2019-01-15 ... now-1M]

Show findings with software End-of-Support date starting 2 weeks ago, ending 1 second ago

software.lifecycle.eos:[now-2w ... now-1s]

Show findings with this software End-of-Support date

software.lifecycle.eos:'2019-03-18'

software.lifecycle.stagesoftware.lifecycle.stage

Use a text value ##### to define a software lifecycle stage that is, active, eol, obsolete.

Examples

Show findings having this software lifecycle stage

software:(lifecycle.stage:eol)

Show findings having software category Windows and software lifecycle stage "active"

software:(category:Windows AND lifecycle.stage:eol)

software.license.categorysoftware.license.category

Use text value ##### to help you find a software license category, i.e. Open Source, Commercial.

Example

Show any findings that match exact value

software:(license.category:`Open Source`)

software.marketVersionsoftware.marketVersion

Use quotes or backticks within values to help you find a software market version, e.g. Windows OS.

Example

Show any findings that match exact value

software:(marketVersion:`7`)

software.productsoftware.product

Use a text value ##### to define a software product name.

Example

Show findings with this exact product name

software:(product:`Office`)

software.publishersoftware.publisher

Use a text value ##### to define a software manufacturer.

Example

Show findings with this exact software publisher

software:(publisher:`Microsoft`)

software.typesoftware.type

Use a text value ##### to define a software type.

Example

Show findings having this software type

software:(type:`Installer Package`)

software.updatesoftware.update

Use a text value ##### to define a software update version.

Example

Show findings with this exact software update version

software:(update:`16.0.1.2`)

software.license.subCategorysoftware.license.subCategory

Use text value ##### to help you find a software license subCategory, i.e. GPL, Apache 2.0, BSD.

Example

Show any findings that match exact value

software:(license.subCategory:Apache 2.0)

RTIs

Use these tokens for searching Real-Time Threat Indicator (RTI) related vulnerabilities.

vulnerabilities.vulnerability.threatIntel.activeAttacksvulnerabilities.vulnerability.threatIntel.activeAttacks

Use the values true | false to define real-time threats due to active attacks.

Examples

Show assets with threats due to active attacks

vulnerabilities.vulnerability.threatIntel.activeAttacks: true

Show assets that don't have threats due to active attacks

vulnerabilities.vulnerability.threatIntel.activeAttacks: false

vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulnsvulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns

Use the values true | false to define real-time threats due to CISA Exploits.

Examples

Show assets with threats due to CISA exploit

vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns: true

Show assets that don't have threats due to CISA exploit

vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns: false

vulnerabilities.vulnerability.threatIntel.denialOfServicevulnerabilities.vulnerability.threatIntel.denialOfService

Use the values true | false to define real-time threats due to denial of service.

Examples

Show assets with threats due to denial of service

vulnerabilities.vulnerability.threatIntel.denialOfService: true

Show assets that don't have threats due to denial of service

vulnerabilities.vulnerability.threatIntel.denialOfService: false

vulnerabilities.vulnerability.threatIntel.easyExploitvulnerabilities.vulnerability.threatIntel.easyExploit

Use the values true | false to define real-time threats due to easy exploit.

Examples

Show assets with threats due to easy exploit

vulnerabilities.vulnerability.threatIntel.easyExploit: true

Show assets that don't have threats due to easy exploit

vulnerabilities.vulnerability.threatIntel.easyExploit: false

vulnerabilities.vulnerability.threatIntel.exploitKitvulnerabilities.vulnerability.threatIntel.exploitKit

Use the values true | false to define real-time threats due to exploit kit.

Examples

Show assets with threats due to exploit kit

vulnerabilities.vulnerability.threatIntel.exploitKit: true

Show assets that don't have threats due to exploit kit

vulnerabilities.vulnerability.threatIntel.exploitKit: false

vulnerabilities.vulnerability.threatIntel.exploitKitNamevulnerabilities.vulnerability.threatIntel.exploitKitName

Use quotes or backticks within values to help you find the exploit kit name you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings with this name

vulnerabilities.vulnerability.threatIntel.exploitKitName: Angler

Show any findings that match exact value

vulnerabilities.vulnerability.threatIntel.exploitKitName: `Angler`

vulnerabilities.vulnerability.threatIntel.highDataLossvulnerabilities.vulnerability.threatIntel.highDataLoss

Use the values true | false to define real-time threats due to high data loss.

Examples

Show assets with threats due to high data loss

vulnerabilities.vulnerability.threatIntel.highDataLoss: true

Show assets that don't have threats due to high data loss

vulnerabilities.vulnerability.threatIntel.highDataLoss: false

vulnerabilities.vulnerability.threatIntel.highLateralMovementvulnerabilities.vulnerability.threatIntel.highLateralMovement

Use the values true | false to define real-time threats due to high lateral movement.

Examples

Show assets with threats due to high lateral movement

vulnerabilities.vulnerability.threatIntel.highLateralMovement: true

Show assets that don't have threats due to high lateral movement

vulnerabilities.vulnerability.threatIntel.highLateralMovement: false

vulnerabilities.vulnerability.threatIntel.malwarevulnerabilities.vulnerability.threatIntel.malware

Use the values true | false to define real-time threats due to malware.

Examples

Show assets with threats due to malware

vulnerabilities.vulnerability.threatIntel.malware: true

Show assets that don't have threats due to malware

vulnerabilities.vulnerability.threatIntel.malware: false

vulnerabilities.vulnerability.threatIntel.malwareNamevulnerabilities.vulnerability.threatIntel.malwareName

Use quotes or backticks within values to help you find the malware name you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings with this name

vulnerabilities.vulnerability.threatIntel.malwareName: TROJ_PDFKA.DQ

Show any findings that match exact value

vulnerabilities.vulnerability.threatIntel.malwareName: `TROJ_PDFKA.DQ`

vulnerabilities.vulnerability.threatIntel.noPatchvulnerabilities.vulnerability.threatIntel.noPatch

Use the values true | false to define real-time threats due to no patch available.

Examples

Show assets with threats due to no patch available

vulnerabilities.vulnerability.threatIntel.noPatch: true

Show assets that don't have threats due to no patch available

vulnerabilities.vulnerability.threatIntel.noPatch: false

vulnerabilities.vulnerability.threatIntel.publicExploitvulnerabilities.vulnerability.threatIntel.publicExploit

Use the values true | false to define real-time threats due to public exploit.

Example

Show assets with threats due to public exploit

vulnerabilities.vulnerability.threatIntel.publicExploit: true

Show assets that don't have threats due to public exploit

vulnerabilities.vulnerability.threatIntel.publicExploit: false

vulnerabilities.vulnerability.threatIntel.publicExploitNamevulnerabilities.vulnerability.threatIntel.publicExploitName

Use quotes or backticks within values to help you find the public exploit name of interest. Quotes can be used when the value has more than one word.

Examples

Show any findings with this name

vulnerabilities.vulnerability.threatIntel.publicExploitName: RealVNC NULL Authentication Mode Bypass

Show any findings that contain parts of name

vulnerabilities.vulnerability.threatIntel.publicExploitName: "RealVNC NULL Authentication Mode Bypass"

Show any findings that match exact value

vulnerabilities.vulnerability.threatIntel.publicExploitName: `RealVNC NULL Authentication Mode Bypass`

vulnerabilities.vulnerability.threatIntel.zeroDayvulnerabilities.vulnerability.threatIntel.zeroDay

Use the values true | false to define real-time threats due to zero day exploit.

Examples

Show assets with threats due to zero day exploit

vulnerabilities.vulnerability.threatIntel.zeroDay: true

Show assets that don't have threats due to zero day exploit

vulnerabilities.vulnerability.threatIntel.zeroDay: false

vulnerabilities.vulnerability.threatIntel.wormablevulnerabilities.vulnerability.threatIntel.wormable

Use the values true | false to define real-time wormable threats.

Examples

Show assets with wormable threats

vulnerabilities.vulnerability.threatIntel.wormable: "true"

vulnerabilities.vulnerability.threatIntel.predictedHighRiskvulnerabilities.vulnerability.threatIntel.predictedHighRisk

Use the values true | false to define real-time threats due to predicted high risk.

Examples

Show assets with predicted high risk threat

vulnerabilities.vulnerability.threatIntel.predictedHighRisk: "true"

vulnerabilities.vulnerability.threatIntel.unauthenticatedExploitationvulnerabilities.vulnerability.threatIntel.unauthenticatedExploitation

Use the values true | false to define real-time threats due to unauthenticated exploitation risk.

Examples

Show assets with unauthenticated exploitation threat

vulnerabilities.vulnerability.threatIntel.unauthenticatedExploitation: "true"

vulnerabilities.vulnerability.threatIntel.remoteCodeExecutionvulnerabilities.vulnerability.threatIntel.remoteCodeExecution

Use the values true | false to define real-time threats due to remote code execution risk.

Examples

Show assets with remote code execution threat

vulnerabilities.vulnerability.threatIntel.remoteCodeExecution: "true"

vulnerabilities.vulnerability.threatIntel.ransomwarevulnerabilities.vulnerability.threatIntel.ransomware

Use the values true | false to define real-time threats due to ransomeware vulnerability.

Examples

Show assets with ransomeware threat

vulnerabilities.vulnerability.threatIntel.ransomware: "true"

vulnerabilities.vulnerability.threatIntel.privilegeEscalationvulnerabilities.vulnerability.threatIntel.privilegeEscalation

Use the values true | false to define real-time threats due to privilege escalation risk.

Examples

Show assets with privilege escalation threat

vulnerabilities.vulnerability.threatIntel.privilegeEscalation: "true"

vulnerabilities.vulnerability.threatIntel.solorigateSunburstvulnerabilities.vulnerability.threatIntel.solorigateSunburst

Use the values true | false to filter real-time threats due to Solorigate/Sunburst risk.

Examples

Show assets with Solorigate/Sunburst threat

vulnerabilities.vulnerability.threatIntel.solorigateSunburst: "true"

Threat Feed

Use the and/or tokens combined with these tokens for searching a threat feed.

categoriescategories

Use a text value to find threat feed based on categories.

Examples

Find categories that match any CVE.

categories: CVE:2020-8591

contentscontents

Use a text value to find threat feed based on contents.

Examples

Find content that match a product.

contents: Google

publishDatepublishDate

Use a date to find threat feed based publish date.

Examples

Find threat feeds that match a publish date.

publishDate: [2020-10-21 ... 2021-01-15]

AWS EC2

Use these tokens when searching your AWS EC2 assets on the Assets list.

- Your results may return Terminated instances. It's recommended you include aws.ec2instanceState in your query to reduce the number of results.

- The syntax is different when writing queries for tag rules than when searching assets in the Assets list. Be sure to follow the syntax tips in the drop-down when writing your query.

aws.ec2.accountIdaws.ec2.accountId

Use a text value ##### to find EC2 instances with a certain account ID.

Example

Find EC2 instances in that match this account ID

aws.ec2.accountId: 123456789012

Find EC2 instances with account ID starting "12345"

aws.ec2.accountId: 12345*

Find EC2 instances where account ID is null (remove the colon)

aws.ec2.accountId is null

aws.ec2.availabilityZoneaws.ec2.availabilityZone

Use a text value ##### to find EC2 instances by the availability zone in which the instance launched.

Example

Find EC2 instances in the us-east-1a availability zone

aws.ec2.availabilityZone: us-east-1a

aws.ec2.hasAgentaws.ec2.hasAgent

Use the values true | false to define whether the EC2 asset has a cloud agent.

Examples

Show findings with a cloud agent

aws.ec2.hasAgent: true

Show findings without a cloud agent

aws.ec2.hasAgent: false

aws.ec2.hostnameaws.ec2.hostname

Use a text value ##### to find the EC2 hostname.

Examples

Find instances related to name

aws.ec2.hostname: abc.qualys.com

Find instances that match exact value

aws.ec2.hostname: `abc.qualys.com`

aws.ec2.imageIdaws.ec2.imageId

Use a text value ##### to find EC2 instances with a certain Image (AMI) ID.

Examples

Find instances related to the Image ID

aws.ec2.imageId: ami-2ea83347

Find instances that match exact value

aws.ec2.imageId: `ami-2ea83347`

aws.ec2.instanceIdaws.ec2.instanceId

Use a text value ##### to find EC2 instances by the instance ID.

Example

Find EC2 instances with this ID

aws.ec2.instanceId: i-1234567890abcdef0

aws.ec2.instanceStateaws.ec2.instanceState

Select the name of the instance state (e.g. PENDING, RUNNING, TERMINATED, STOPPED, etc) you're interested in. Select from names in the drop-down menu.

Example

Find running EC2 instances

aws.ec2.instanceState: RUNNING

aws.ec2.instanceTypeaws.ec2.instanceType

Select the type of instance you're interested in. Select from names in the drop-down menu.

Example

Find EC2 instances with instance type t2.micro

aws.ec2.instanceType: t2.micro

aws.ec2.isQualysScanneraws.ec2.isQualysScanner

Use the values true | false to define whether the EC2 asset is a Qualys scanner.

Examples

Show findings where assets are scanners

aws.ec2.isQualysScanner: true

Show findings where assets are not scanners

aws.ec2.isQualysScanner: false

aws.ec2.kernelIdaws.ec2.kernelId

Use a text value ##### to find EC2 instances by kernel ID (AKI).

Example

Find EC2 instances with this kernel ID

aws.ec2.kernelId: aki-70ab0c10

aws.ec2.launchDateaws.ec2.launchDate

Use a date range or specific date to define when the EC2 instance launched. Enter dates in yyyy-mm-dd format.

Examples

Find EC2 instances launched within certain dates

aws.ec2.launchDate: [2017-06-15 ... 2017-06-30]

Find EC2 instances launched on specific date

aws.ec2.launchDate:'2017-08-15'

aws.ec2.privateDNSaws.ec2.privateDNS

Use a text value ##### to define a private DNS address.

Example

Find the EC2 instance with this private DNS address

aws.ec2.privateDNS: ip-10-90-2-85.ec2.internal

aws.ec2.privateIpAddressaws.ec2.privateIpAddress

Use a text value ##### to define a private IPv4 address or range of IPs.

Examples

Find EC2 instances with this private IP address

aws.ec2.privateIpAddress: 10.90.0.119

Find EC2 instances within this IP range

aws.ec2.privateIpAddress: [10.1.78.23 ... 10.100.78.235]

aws.ec2.publicDNSaws.ec2.publicDNS

Use a text value ##### to define a public DNS address.

Example

Find the EC2 instance with this public DNS address

aws.ec2.publicDNS: ec2-52-70-141-154.compute-1.amazonaws.com

aws.ec2.publicIpAddressaws.ec2.publicIpAddress

Use a text value ##### to define a public IPv4 address or range of IPs.

Examples

Find EC2 instances with this public IP address

aws.ec2.publicIpAddress: 52.70.141.154

Find EC2 instances within this IP range

aws.ec2.publicIpAddress: [52.70.141.154 ... 52.70.141.164]

aws.ec2.region.codeaws.ec2.region.code

Select the code of the region from codes in the drop-down menu.

Example

Find EC2 instances in the us-east-1 region

aws.ec2.region.code: us-east-1

aws.ec2.region.nameaws.ec2.region.name

Select the name of the region from names in the drop-down menu.

Example

Find EC2 instances in the US East (N. Virginia) region

aws.ec2.region.name: US East (N. Virginia)

aws.ec2.spotInstanceaws.ec2.spotInstance

Use the values true | false to define whether your EC2 instance is a Spot instance.

Examples

Show EC2 Spot instances

aws.ec2.spotInstance: "true"

Show EC2 instances that are not Spot instances

aws.ec2.spotInstance: "false"

aws.ec2.subnetIdaws.ec2.subnetId

Use a text value ##### to find EC2 instances by the ID of the subnet in which the interface resides.

Example

Find EC2 instances with this subnet ID

aws.ec2.subnetId: subnet-bc02c0d4

aws.ec2.vpcIdaws.ec2.vpcId

Use a text value ##### to find EC2 instances by the ID of the VPC in which the interface resides.

Example

Find EC2 instances with this VPC ID

aws.ec2.vpcId: vpc-1e37cd76

aws.tagsaws.tags

Use a text value ##### to find EC2 instances with a certain AWS tag key and value (both are case insensitive).

Example

Find EC2 instances with an AWS tag with key "abc" and value "xyz"

aws.tags: (key:abc and value:xyz)

aws.tags.keyaws.tags.key

Use a text value ##### to find EC2 instances with a certain AWS tag key/name (case insensitive).

Examples

Find EC2 instances with key "devops"

aws.tags.key: devops

Find EC2 instances with key starting "dev"

aws.tags.key: dev*

Find EC2 instances with key ending "ops"

aws.tags.key: *ops

aws.tags.valueaws.tags.value

Use a text value ##### to find EC2 instances with a certain AWS tag value (case insensitive).

Examples

Find EC2 instances with tag value "dailybuild"

aws.tags.value: dailybuild

Find EC2 instances with tag value starting "daily"

aws.tags.value: daily*

Find EC2 instances with tag value ending "build"

aws.tags.value: *build

Microsoft Azure

Use these tokens when searching Microsoft Azure assets on the Assets list.

azure.tagsazure.tags

Use a text value ##### to find Azure instances with a certain tag name and value. Both are case insensitive.

Example

Find Azure instances with a tag with name "abc" and value "xyz"

azure.tags: (name:abc and value:xyz)

azure.tags.nameazure.tags.name

Use a text value ##### to find Azure instances with a certain tag name (case insensitive).

Examples

Find Azure instances with name "devops"

azure.tags.name: devops

Find Azure instances with name starting "dev"

azure.tags.name: dev*

Find Azure instances with name ending "ops"

azure.tags.name: *ops

azure.tags.valueazure.tags.value

Use a text value ##### to find Azure instances with a certain tag value (case insensitive).

Examples

Find Azure instances with tag value "dailybuild"

azure.tags.value: dailybuild

Find Azure instances with tag value starting "daily"

azure.tags.value: daily*

Find Azure instances with tag value ending "build"

azure.tags.value: *build

azure.vm.hasAgentazure.vm.hasAgent

Use the values true | false to define whether the Azure virtual machine you're looking for has a cloud agent installed on it.

Examples

Find Azure instances with agents

azure.vm.hasAgent `true`

azure.vm.imageOfferazure.vm.imageOffer

Use a text value ##### to define the image offer name (i.e. UbuntuServer or WindowsServer) for images deployed from the Azure image gallery.

Examples

Find Azure instances related to name

azure.vm.imageOffer: UbuntuServer

Find Azure instances that match exact value

azure.vm.imageOffer: `UbuntuServer`

azure.vm.imagePublisherazure.vm.imagePublisher

Use a text value ##### to define the name of the Azure virtual machine image publisher (i.e. Canonical or MicrosoftWindowsServer).

Examples

Find Azure instances related to name

azure.vm.imagePublisher: Canonical

Find Azure instances that match exact value

azure.vm.imagePublisher: `Canonical`

azure.vm.imageVersionazure.vm.imageVersion

Use a text value ##### to define the version of the Azure virtual machine image sku you're interested in.

Example

Find Azure instances with this sku version

azure.vm.imageVersion: 16.04.201708030

azure.vm.locationazure.vm.location

Use a text value ##### to define the region you're interested in.

Example

Find Azure instances in this location

azure.vm.location: westus

azure.vm.macAddressazure.vm.macAddress

Use a text value ##### to define the MAC address you're interested in.

Example

Find Azure instances with this MAC address

azure.vm.macAddress: '000D3A36DDED'

azure.vm.nameazure.vm.name

Use a text value ##### to find the Azure virtual machine name you're looking for.

Examples

Find Azure instances related to name

azure.vm.name: avset2

Find Azure instances that match exact value

azure.vm.name: `avset2`

azure.vm.platformazure.vm.platform

Use a text value ##### to define the operating system platform (Linux or Windows) of the Azure virtual machine.

Example

Find Azure instances on Windows platform

azure.vm.platform: Windows

azure.vm.privateIpAddressazure.vm.privateIpAddress

Use a text value ##### to define a private IPv4 address or range of IPs you're interested in.

Examples

Find Azure instances with this private IP

azure.vm.privateIpAddress: 10.1.2.5

Find Azure instances within this IP range

azure.vm.privateIpAddress: [10.1.2.5 ... 10.1.2.33]

azure.vm.publicIpAddressazure.vm.publicIpAddress

Use a text value ##### to define a public IPv4 address or range of IPs you're interested in.

Examples

Find Azure instances with this public IP

azure.vm.publicIpAddress: 13.126.125.189

Find Azure instances within this IP range

azure.vm.publicIpAddress: [13.126.125.180 ... 13.126.125.255]

azure.vm.resourceGroupNameazure.vm.resourceGroupName

Use a text value ##### to define the name of the resource group you're interested in.

Examples

Find Azure instances related to name

azure.vm.resourceGroupName: my-eastus-rg

Find Azure instances that match exact value

azure.vm.resourceGroupName: `my-eastus-rg`

azure.vm.sizeazure.vm.size

Use a text value ##### to help you find Azure VM instances with a certain virtual machine size.

Example

Find Azure instances with this size

azure.vm.size: Standard_D1

azure.vm.stateazure.vm.state

Select the name of the instance state (e.g. DEALLOCATED, RUNNING, STOPPED, etc) you're interested in. Select from names in the drop-down menu.

Example

Find running Azure instances

azure.vm.state: RUNNING

azure.vm.subnetazure.vm.subnet

Use a text value ##### to define the Azure virtual machine subnet you're interested in.

Example

Find Azure instances with this subnet

azure.vm.subnet: 10.1.2.0

azure.vm.subscriptionIdazure.vm.subscriptionId

Use a text value ##### to define the subscription ID of the Azure virtual machine subscription.

Example

Find Azure instances with this subscription ID

azure.vm.subscriptionId: fbb9ea64-abda-452e-adfa-83442409

azure.vm.virtualNetworkazure.vm.virtualNetwork

Use a text value ##### to define the Azure virtual network you're looking for.

Example

Find Azure virtual network with this ID

azure.vm.virtualNetwork: mburton01-vnet

azure.vm.vmIdazure.vm.vmId

Use a text value ##### to define the Azure virtual machine ID you're looking for.

Example

Find Azure instances with this ID

azure.vm.vmId: 13f56399-bd52-4150-9748-7190aae1ff21

Google Cloud Platform

Use these tokens when searching Google Cloud Platform assets on the Assets list.

gcp.compute.hostnamegcp.compute.hostname

Use a text value ##### to define the hostname you're looking for.

Examples

Find GCP instances related to name

gcp.compute.hostname: instance-5.c.qvsa-dev.internal

Find GCP instances that match exact value

gcp.compute.hostname: `instance-5.c.qvsa-dev.internal`

gcp.compute.instanceIdgcp.compute.instanceId

Use a text value ##### to define the Google Compute instance ID you're looking for.

Example

Find GCP instances with this ID

gcp.compute.instanceId: 4392196237934605253

gcp.compute.macAddressgcp.compute.macAddress

Use a text value ##### to define the MAC address you're interested in.

Example

Find GCP instances with this MAC address

gcp.compute.macAddress: '000D3A36DDED'

gcp.compute.machineTypegcp.compute.machineType

Use a text value ##### to define the machine type of the virtual machine instance you're interested in.

Examples

Find GCP instances related to name

gcp.compute.machineType: n1-standard-1

Find GCP instances that match exact value

gcp.compute.machineType: `n1-standard-1`

gcp.compute.networkgcp.compute.network

Use a text value ##### to find GCP instances by the VPC network the instance belongs to.

Example

Find GCP instances with this network

gcp.compute.network: 000D3A36DDED

gcp.compute.privateIpAddressgcp.compute.privateIpAddress

Use a text value ##### to define a private IPv4 address or range of IPs you're interested in.

Examples

Find GCP instances with this private IP

gcp.compute.privateIpAddress: 10.240.0.7

Find GCP instances with this private IP range

gcp.compute.privateIpAddress: [10.240.0.7 ... 10.240.0.30]

gcp.compute.projectIdgcp.compute.projectId

Use a text value ##### to define the project ID assigned to the GCP Console project the instance belongs to.

Examples

Find GCP instances related to ID

gcp.compute.projectId: qvsa-dev

Find GCP instances that match exact value

gcp.compute.projectId: `qvsa-dev`

gcp.compute.projectNumbergcp.compute.projectNumber

Use an integer value ##### to define the project number assigned to the GCP Console project the instance belongs to.

Examples

Find GCP instances related to this number

gcp.compute.projectNumber: 1035365309337

Find GCP instances that match exact value

gcp.compute.projectNumber: `1035365309337`

gcp.compute.publicIpAddressgcp.compute.publicIpAddress

Use a text value ##### to define a public IPv4 address or range of IPs you're interested in.

Examples

Find GCP instances with this public IP

gcp.compute.publicIpAddress: 104.196.57.216

Find GCP instances within this IP range

gcp.compute.publicIpAddress: [104.196.57.216 ... 104.196.57.218]

gcp.compute.zonegcp.compute.zone

Use a text value ##### to define the zone of the GCP instance you're looking for

Examples

Find GCP instances related to name

gcp.compute.zone: us-east1-d

Find GCP instances that match exact value

gcp.compute.zone: `us-east1-d`

gcp.compute.stategcp.compute.state

Select the state of the GCP instance (e.g. DEALLOCATED, PENDING, RUNNING, SHUTTING DOWN, STOPPED, STOPPING, TERMINATED, etc) you're interested in. Select the state from the drop-down menu.

Examples

Find running GCP instances

gcp.compute.state: RUNNING

IBM

Use these token when searching IBM assets on the Assets list.

ibm.tags.nameibm.tags.name

Use a text value ##### to find IBM instances with a certain tag name.

Examples

Find running IBM instances with tag name

ibm.tags.name: Test1

ibm.tags.valueibm.tags.value

Use a text value ##### to find IBM instances with a certain tag value.

Examples

Find running IBM instances with tag value

ibm.tags.value: centos7

ibm.virtualServer.idibm.virtualServer.id

Use a text value ##### to find IBM virtual server with a certain account ID.

Examples

Find IBM virtual server with this ID

ibm.virtualServer.id: 123741814

ibm.virtualServer.locationibm.virtualServer.location

Use a text value ##### to find IBM virtual server with a certain location.

Examples

Find IBM virtual server with this location

ibm.virtualServer.location: dall3

ibm.virtualServer.datacenterIdibm.virtualServer.datacenterId

Use a text value ##### to find IBM virtual server datacenter with a certain id.

Examples

Find IBM virtual server datacenter with this Id

ibm.virtualServer.datacenterId: 1854895

ibm.virtualServer.deviceNameibm.virtualServer.deviceName

Use a text value ##### to find IBM virtual server with device name.

Examples

Find IBM virtual server with this device name

ibm.virtualServer.deviceName: virtualserver01.Qualys-Inc.cloud

ibm.virtualServer.publicIpAddressibm.virtualServer.publicIpAddress

Use a numerical value ##### to find IBM virtual server with specific public IP address.

Examples

Find IBM virtual server with this public IP address

ibm.virtualServer.publicIpAddress: 150.238.75.107

ibm.virtualServer.privateIpAddressibm.virtualServer.privateIpAddress

Use a numerical value ##### to find IBM virtual server with specific private IP address.

Examples

Find IBM virtual server with this private IP address

ibm.virtualServer.privateIpAddress: 10.187.94.40

ibm.virtualServer.publicVlanibm.virtualServer.publicVlan

Use a numerical value ##### to find IBM virtual server with specific public vlan.

Examples

Find IBM virtual server with this public vlan

ibm.virtualServer.publicVlan: 1796

ibm.virtualServer.privateVlanibm.virtualServer.privateVlan

Use a numerical value ##### to find IBM virtual server with specific private vlan.

Examples

Find IBM virtual server with this private vlan

ibm.virtualServer.privateVlan: 2236

ibm.virtualServer.domainibm.virtualServer.domain

Use a text value ##### to find IBM virtual server with specific domain.

Examples

Find IBM virtual server with this domain

ibm.virtualServer.domain: Qualys-Inc.cloud

Oracle Cloud Compute Instance

Use these token when searching Oracle Cloud Compute Instance (OCI) assets on the Assets list.

oci.compute.ociIdoci.compute.ociId

Use a text value ##### to search all assets with the specified OCI ID.

Examples

Show assets with this OCI ID

oci.compute.ociId: ocid1.compartment.oc1..1234567lbhcx2ajiagh57wrurvqs2ubd4ttaimgy22cxh3r6brpmmugq

oci.compute.compartmentIdoci.compute.compartmentId

Use a text value ##### to search all assets with the specified OCI compartment ID.

Examples

Show assets with this OCI ID

oci.compute.compartmentId: ocid1.compartment.oc1..123452sjze35z6bkhvwjtzzgcp534zj4o75tgsizg3q36wl447jvfg6dq

oci.compute.compartmentNameoci.compute.compartmentName

Use a text value ##### to search all assets with the specified OCI compartment name.

Examples

Show assets with this OCI compartment name

oci.compute.compartmentName: ocid1.compartment.abc

oci.compute.displayNameoci.compute.displayName

Use a text value ##### to search all assets with the specified display name.

Examples

Show assets with display name oracle 8

oci.compute.displayName: oracle 8

oci.compute.shapeoci.compute.shape

Use a text value ##### to search all assets with the specified shape.

Examples

Show all assets with the shape x5-2.36.512

oci.compute.shape: x5-2.36.512

oci.compute.regionoci.compute.region

Use a text value ##### to search all assets in the specified region.

Examples

Show all assets with the region us-east-1

oci.compute.region: us-east-1

oci.compute.regionKeyoci.compute.regionKey

Use a text value ##### to search all assets with the specified region key.

Examples

Show all assets with the region key SYD

oci.compute.regionKey: SYD

oci.compute.regionRealmoci.compute.regionRealm

Use a text value ##### to search all groups with the specified region realm.

Examples

Show all assets with the region realm OC1

oci.compute.regionRealm: OC1

oci.compute.availabilityDomainoci.compute.availabilityDomain

Use a text value ##### to search all assets with the specified available domain.

Examples

Show all assets with the available domain Lhkx:US-ASHBURN-AD-1

oci.compute.availabilityDomain: Lhkx:US-ASHBURN-AD-1

oci.compute.timeCreatedoci.compute.timeCreated

Use a text value ##### to search all assets created at the specified time.

Examples

Show all assets with the created time 2021-02-09T07:24:31.000Z (Use 2021-02-09 while searching in UI)

oci.compute.timeCreated: 2021-02-09

oci.compute.imageIdoci.compute.imageId

Use a text value ##### to search all assets with the specified image ID.

Examples

Show all assets with the ocid1.image.oc1.iad.aaaaaaaaffp3cnkpfxibzrdkfnxbitkgxk7al33rrhpzhfnrhfv7ml2xdpyq image ID

oci.compute.imageId: ocid1.image.oc1.iad.aaaaaaaaffp3cnkpfxibzrdkfnxbitkgxk7al33rrhpzhfnrhfv7ml2xdpyq

oci.compute.faultDomainoci.compute.faultDomain

Use a text value ##### to search all assets with the specified fault domain.

Examples

Show all assets with fault domain FAULT-DOMAIN-1

oci.compute.faultDomain: FAULT-DOMAIN-1

oci.compute.hostNameoci.compute.hostName

Use a text value ##### to search all assets with the specified host name.

Examples

Show all findings with the host name oracle-8

oci.compute.hostName: oracle-8

oci.compute.canonicalRegionNameoci.compute.canonicalRegionName

Use a text value ##### to search all assets having the specified canonical region name.

Examples

Show all assets with the canonical region name us-ashburn-1

oci.compute.canonicalRegionName: us-ashburn-1

oci.compute.isQualysScanneroci.compute.isQualysScanner

Use the values true | false to list all assets that are Qualys Scanner. Choose True to list all assets that are Qualys Scanner and choose False to list all assets that are not Qualys Scanner.

Examples

Show all assets that are Qualys Scanner

oci.compute.isQualysScanner: true

oci.tagsoci.tags

Use a text value ##### to search all assets with the specified tags.

Examples

Show all assets with the tag key CreatedBy and specific value

oci.tags: (key:CreatedBy and value:oktasso/abc@example.com)

oci.tags.keyoci.tags.key

Use a text value ##### to search all assets with the specified tag key.

Examples

Show all assets with the tag key CreatedBy

oci.tags.key: CreatedBy

oci.tags.valueoci.tags.value

Use a text value ##### to search all assets with the specified tag value.

Examples

Show all assets with the tag value 2021-02-09

oci.tags.value: 2021-02-09

oci.tags.namespaceoci.tags.namespace

Use a text value ##### to search all assets with the specified namespace.

Examples

Show all assets with the namespace Oracle-Tags

oci.tags.namespace: Oracle-Tags

oci.vnic.vnicIdoci.vnic.vnicId

Use a text value ##### to search all assets with the specified VNIC ID.

Examples

Show all assets with the VNIC ID ocid1.vnic.oc1.iad.abuwcljt6cdjcuwhkce37madk4p6bd6ocjknilpwzai5rsyjejteiodyp22q

oci.vnic.vnicId: ocid1.vnic.oc1.iad.abuwcljt6cdjcuwhkce37madk4p6bd6ocjknilpwzai5rsyjejteiodyp22q

oci.vnic.vcnIdoci.vnic.vcnId

Use a text value ##### to search all assets with the specified VCN ID.

Examples

Show all assets with this VCN ID

oci.vnic.vcnId: ocid1.vnic.oc1.iad.abuwcljt6cdjcuwhkce37madk4p6bd6ocjknilpwzai5rsyjejteiodyp22q

oci.vnic.privateIpoci.vnic.privateIp

Use a text value ##### to search all assets with the specified private IP.

Examples

Show all assets with this private IP

oci.vnic.privateIp: 10.0.0.222

oci.vnic.publicIpoci.vnic.publicIp

Use a text value ##### to search all assets with the specified public IP.

Examples

Show all assets with this public IP

oci.vnic.publicIp: 10.0.0.222

oci.vnic.subnetIdoci.vnic.subnetId

Use a text value ##### to find OCI instances by the ID of the subnet in which the interface resides.

Examples

Find OCI instances with this subnet ID

oci.vnic.subnetId: subnet-bc02c0d4

oci.vnic.subnetNameoci.vnic.subnetName

Use a text value ##### to find OCI instances by the name of the subnet in which the interface resides.

Examples

Find OCI instances with this subnet name

oci.vnic.subnetName: subnet-abc

oci.vnic.vcnNameoci.vnic.vcnName

Use a text value ##### to search all assets with the specified vcn name.

Examples

Show all assets with this vcn name

oci.vnic.vcnName: abc

oci.vnic.vlanTagoci.vnic.vlanTag

Use a text value ##### to search all assets with the specified vlan tag.

Examples

Show all assets with the vlan tag 1

oci.vnic.vlanTag: 1

oci.vnic.macAddroci.vnic.macAddr

Use a text value ##### to search all assets with the specified MAC address.

Examples

Show all assets with the MAC address 02:00:17:06:bd:b3

oci.vnic.macAddr: 02:00:17:06:bd:b3

oci.vnic.virtualRouterIpoci.vnic.virtualRouterIp

Use a text value ##### to search all assets with the specified router IP.

Examples

Show all assets with the router IP 10.0.0.1

oci.vnic.virtualRouterIp: 10.0.0.1

oci.vnic.subnetCidrBlockoci.vnic.subnetCidrBlock

Use a text value ##### to search all assets with the specified block.

Examples

Show all assets with the block 10.0.0.0/24

oci.vnic.subnetCidrBlock: 10.0.0.0/24

oci.vnic.nicIndexoci.vnic.nicIndex

Use a text value ##### to search all assets with the specified index.

Examples

Show all assets with the index 1

oci.vnic.nicIndex: 1

oci.compute.stateoci.compute.state

Use a text value ##### to search all assets with specific compute state.

Examples

Show all assets with the compute state Starting

oci.compute.state: STARTING

oci.compute.tenantIdoci.compute.tenantId

Use a text value ##### to search all assets with specific tenant ID.

Examples

Show all assets with the specific tenant ID

oci.compute.tenantId: ocid1.tenancy.oc1..aaaaaaaax2gwhq3hszjqhte5pgzijgyge6gvlsrqar6kxn7itwhk7keokamq

oci.compute.tenantNameoci.compute.tenantName

Use a text value ##### to search all assets with specific tenant name.

Examples

Show all assets with the specific tenant name

oci.compute.tenantName: oraclecengg1

oci.tags.typeoci.tags.type

Use a text value ##### to search all assets with specific tag type.

Examples

Show all assets with the specific tag type

oci.tags.type: DEFINED

oci.compute.hasAgentoci.compute.hasAgent

Use the values true | false to list all assets that have cloud agents. Choose True to list all assets having cloud agents and choose False to list all assets that do not have cloud agents.

Examples

Show all assets with having cloud agent installed

oci.compute.hasAgent: true

Passive Scanner only

Use these tokens when searching assets detected by passive scanning.

asset.fqdnasset.fqdn

Use a text value ##### to define the asset FQDN name you're looking for.

Example

Show the asset with this FQDN

asset.fqdn:ACMENVT7.acme.com

hardware.typingConfidencehardware.typingConfidence

Use a text value ##### to define the hardware typing confidence you're looking for, i.e. HIGH, MEDIUM, LOW.

Example

Show this hardware typing confidence

hardware.typingConfidence:HIGH

inventory.scannerIDinventory.scannerID

Use an integer value ##### to help you find assets scanned by a certain scanner appliance ID.

Example

Show this scanner appliance ID

inventory.scannerID:345678892

inventory.scannerNameinventory.scannerName

Use a text value ##### to help you find assets based on specific scanner appliance name.

Examples

Show assets with scanner name as ITCorp-appliance

inventory.scannerName:ITCorp-appliance

openPorts.lastFoundopenPorts.lastFound

Use a date range or specific date to define when open ports were last found.

Examples

Show open ports found within certain dates

openPorts.lastFound: [2019-01-01 ... 2019-01-15]

Show open ports found starting 2019-01-15, ending 3 months ago

openPorts.lastFound: [2019-01-15 ... now-3M]

Show open ports found starting 2 weeks ago, ending 1 second ago

openPorts.lastFound: [now-2w ... now-1s]

Show open ports found on a specific date

openPorts.lastFound:'2019-03-18'

openPort.lastUpdatedopenPort.lastUpdated

Use a date range or specific date to define when ports on assets were last updated (i.e. when re-scanned by a scanner appliance, or when host data uploaded to the cloud platform by an agent).

Examples

Show ports updated within certain dates

openPort.lastUpdated: [2019-01-01 ... 2019-01-15]

Show ports updated starting 2019-01-15, ending 3 months ago

openPort.lastUpdated: [2019-01-15 ... now-3M]

Show ports updated starting 2 weeks ago, ending 1 second ago

openPort.lastUpdated: [now-2w ... now-1s]

Show ports updated on a specific date

openPort.lastUpdated:'2019-03-18'

operatingSystem.typingConfidenceoperatingSystem.typingConfidence

Use a text value ##### to define the OS typing confidence you're interested in, i.e. HIGH, MEDIUM, LOW.

Example

Show this OS typing confidence

operatingSystem.typingConfidence:MEDIUM

traffic.timestamptraffic.timestamp

Use a date range or specific date to find assets as per traffic timestamp.

Examples

Show assets with traffic timestamp 2019-03-18

traffic.timestamp:'2019-03-18'

Show assets with traffic timestamp within certain dates

traffic.timestamp:[2019-01-01 ... 2019-01-15]

Show assets with traffic timestamp starting 2019-01-15, ending 1 month ago

traffic.timestamp:[2019-01-15 ... now-1M]

Show assets with traffic timestamp starting 2 weeks ago, ending 1 second ago

traffic.timestamp:[now-2w ... now-1s]

traffic.totaltraffic.total

Use an integer value ##### to find assets having specific amount of total traffic in MBs (both ingress and egress).

Example

Show assets with 100 MB total traffic

traffic.total:100

traffic.ingresstraffic.ingress

Use an integer value ##### to find assets having specific amount of ingress traffic in MBs.

Example

Show assets with 60 MB ingress traffic

traffic.ingress:60

traffic.egresstraffic.egress

Use an integer value ##### to find assets having specific amount of egress traffic in MBs.

Example

Show assets with 40 MB egress traffic

traffic.egress:40

traffic.protocoltraffic.protocol

Use a text value ##### to find assets with traffic over specific protocol.

Example

Show assets with traffic over TCP

traffic.protocol:tcp

traffic.porttraffic.port

Use a integer value ##### to find assets with traffic over specific port.

Example

Show assets with traffic over port 80

traffic.port:80

traffic.typetraffic.type

Use a text value ##### to find assets with traffic of a specific type (client or server).

Example

Show assets with client traffic

traffic.type:client

traffic.familytraffic.family

Use a text value ##### to find assets with traffic of a specific family.

Example

Show assets with peer to peer traffic

traffic.family:Peer to Peer

traffic.applicationtraffic.application

Use a text value ##### to find assets with traffic from a specific application.

Example

Show assets with traffic from BitTorrent

traffic.application:BitTorrent

traffic.servicetraffic.service

Use a text value ##### to find assets with traffic from a specific service.

Example

Show assets with traffic from HTTP

traffic.service:http