Home

Search tips for tokens

Syntax help displayed in UI for tokens. This help file is not searchable in online help and end user doesn't see this file.

General

and

Use a boolean query to express your query using AND logic.

Example

Find assets with certain tag and software installed

tags.name:`Cloud Agent` AND software: (name:`Cisco AnyConnect Secure Mobility Client` AND version:`3.1.12345`)

not

Use a boolean query to express your query using NOT logic.

Example

Show assets that don't have Windows operating system

not operatingSystem: Windows

or

Use a boolean query to express your query using OR logic.

Example

Show findings with one of these tag values

tags.name:Cloud Agent or tags.name:Windows

Vulnerability index

vulnerabilities.firstFound

Use a date range or specific date to define when findings were first found.

Examples

Show findings first found within certain dates

vulnerabilities.firstFound:[2017-10-21 ... 2017-10-30]

Show findings first found starting 2015-10-01, ending 1 month ago

vulnerabilities.firstFound:[2015-10-01 ... now-1M]

Show findings first found starting 2 weeks ago, ending 1 second ago

vulnerabilities.firstFound:[now-2w ... now-1s]

Show findings first found on certain date

vulnerabilities.firstFound:'2016-11-11'

vulnerabilities.hostAssetName

Use quotes or backticks within values to help you find the host asset name you're looking for.

Examples

Show any findings related to name

vulnerabilities.hostAssetName:QK2K12QP3-65-53

Show any findings that contain parts of name

vulnerabilities.hostAssetName:"QK2K12QP3-65-53"

Show any findings that match exact value "QK2K12QP3-65-53"

vulnerabilities.hostAssetName:`QK2K12QP3-65-53`

vulnerabilities.hostOS

Use quotes or backticks within values to help you find the host operating system you're interested in.

Examples

Show any findings with this OS name

vulnerabilities.hostOS:Windows 2012

Show any findings that contain components of OS name

vulnerabilities.hostOS:"Windows 2012"

Show any findings that match exact value "Windows 2012"

vulnerabilities.hostOS:`Windows 2012`

lastVmScanDate

Use a date range or specific date to define when vulnerability scans were last conducted.

Examples

Show findings with last vulnerability scan within certain dates

lastVmScanDate: [2017-01-01 ... 2017-02-10]

Show findings with last vulnerability scan starting 2016-11-01, ending 1 month ago

lastVmScanDate: [2016-11-01 ... now-1M]

Show findings with last vulnerability scan starting 2 weeks ago, ending 1 second ago

lastVmScanDate: [now-2w ... now-1s]

Show findings with last vulnerability scan on specific date

lastVmScanDate:'2017-04-10'

vulnerabilities.found

Use the values true | false to define vulnerabilities are detected or not on the assets.

Examples

Show findings with vulnerabilities detected

vulnerabilities.found:TRUE

vulnerabilities.disabled

Use the values true | false to define vulnerabilities are disabled or enabled.

Examples

Show findings with vulnerabilities disabled

vulnerabilities.disabled:TRUE

vulnerabilities.lastFound

Use a date range or specific date to define when findings were last found.

Examples

Show findings last found within certain dates

vulnerabilities.lastFound:[2015-10-21 ... 2016-01-15]

Show findings last found starting 2016-01-01, ending 1 month ago

vulnerabilities.lastFound:[2016-01-01 ... now-1M]

Show findings last found starting 2 weeks ago, ending 1 second ago

vulnerabilities.lastFound:[now-2w ... now-1s]

Show findings last found on certain date

vulnerabilities.lastFound:'2016-01-11'

Show findings last found on 2017-01-12 with patch available

vulnerabilities: (lastFound:'2017-01-12' AND vulnerability.patchAvailable:TRUE)

vulnerabilities.nonExploitableConfig

Use the values true | false to define vulnerabilities with non-exploitable configurations.

Examples

Show findings with non exploitable configurations

vulnerabilities.nonExploitableConfig:TRUE

Show findings with exploitable configurations

vulnerabilities.nonExploitableConfig:FALSE

vulnerabilities.nonRunningKernel

Use the values true | false to define vulnerabilities found on non-running Linux kernels.

Examples

Show vulnerabilities on non-running Linux kernels

vulnerabilities.nonRunningKernel:TRUE

Show vulnerabilities on running Linux kernels

vulnerabilities.nonRunningKernel:FALSE

vulnerabilities.port

Use an integer value ##### to help you find vulnerabilities found on a certain port.

Example

Show vulnerabilities found on this port

vulnerabilities.port:443

vulnerabilities.protocol

Use a text value ##### (UDP or TCP) to define the port protocol you're interested in.

Example

Show vulnerabilities found on TCP protocol

vulnerabilities.protocol:TCP

vulnerabilities.ignored

Use an integer value ##### to help you find vulnerabilities that have been marked as ignored.

Example

Show vulnerabilities that are marked as ignored

vulnerabilities.ignored:TRUE

vulnerabilities.instance

Use an integer value ##### to help you find vulnerabilities found on a certain instance.

Example

Show vulnerabilities found on this instance  

vulnerabilities.instance: 354216

vulnerabilities.runningService

Use the values true | false to define vulnerabilities found on a running port/service.

Example

Show vulnerabilities found on running service

vulnerabilities.runningService:TRUE

Show vulnerabilities found on non-running service

vulnerabilities.runningService:FALSE

vulnerabilities.severity

Select a severity (1-5) to find assets having vulnerabilities with this severity. Select from values in the drop-down menu.

Example

Show findings with severity 5

vulnerabilities.severity:5

vulnerabilities.status

Select a status (e.g. Active, Closed, New, Reopened) to find vulnerabilities with certain status. Select from names in the drop-down menu.

Example

Show vulnerabilities with New status

vulnerabilities.status:NEW

vulnerabilities.typeDetected

Select a detection type (e.g. Confirmed, Potential, Information) to find assets with vulnerabilities of this type. Select from names in the drop-down menu.

Example

Show findings with this type

vulnerabilities.typeDetected:Confirmed

vulnerabilities.vulnerability.authTypes

Select the name (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc) of an authentication type you're interested in. Select from names in the drop-down menu.

Example

Show findings with Windows auth type

vulnerabilities.vulnerability.authTypes:WINDOWS_AUTH

vulnerabilities.vulnerability.bugTraqIds

Use a text value ##### to find a BugTraq number you're interested in.

Example

Show findings with BugTraq ID 22211

vulnerabilities.vulnerability.bugTraqIds:22211

vulnerabilities.vulnerability.category

Select a category (CGI, Database, DNS, BIND, etc) to find vulnerabilities with this category. Select from names in the drop-down menu.

Example

Show findings with category CGI

vulnerabilities.vulnerability.category:CGI

vulnerabilities.vulnerability.compliance.description

Use quotes or backticks within values to help you find the compliance description you're looking for.

Examples

Show any findings related to this description

vulnerabilities.vulnerability.compliance.description:malicious software

Show any findings that contain "malicious" or "software" in description

vulnerabilities.vulnerability.compliance.description:"malicious software"

Show any findings that match exact value "malicious software"

vulnerabilities.vulnerability.compliance.description:`malicious software`

vulnerabilities.vulnerability.compliance.section

Use quotes or backticks within values to help you find the compliance section you're looking for.

Examples

Show any findings related to this section

vulnerabilities.vulnerability.compliance.section:164.308

Show any findings that contain parts of section

vulnerabilities.vulnerability.compliance.section:"164.308"

Show any findings that match exact value "164.308"

vulnerabilities.vulnerability.compliance.section:`164.308`

vulnerabilities.vulnerability.compliance.type

Select the name ##### of a compliance type you're interested in (e.g. COBIT, HIPAA, GLBA, SOX). Select from names in the drop-down menu.

Example

Show findings with the compliance type HIPAA

vulnerabilities.vulnerability.compliance.type:HIPAA

vulnerabilities.vulnerability.consequence

Use quotes or backticks within values to help you find the consequence you're looking for.

Examples

Show any findings related to consequence

vulnerabilities.vulnerability.consequence:sensitive information

Show any findings that contain "sensitive" or "information" in consequence

vulnerabilities.vulnerability.consequence:"sensitive information"

Show any findings that match exact value "sensitive information"

vulnerabilities.vulnerability.consequence:`sensitive information`

vulnerabilities.vulnerability.cveIds

Use a text value ##### to find the CVE name you're interested in.

Example

Show findings with CVE name CVE-2015-0313

vulnerabilities.vulnerability.cveIds:CVE-2015-0313

vulnerabilities.vulnerability.cvss3Info.basescore

Use an integer value ##### to help you find the CVSSv3 base score you're interested in.

Example

Show assets with this score

vulnerabilities.vulnerability.cvss3Info.basescore:7.8

vulnerabilities.vulnerability.cvss3Info.temporalScore

Use an integer value ##### to help you find the CVSSv3 temporal score you're interested in.

Example

Show assets with this score

vulnerabilities.vulnerability.cvss3Info.temporalScore:6.4

vulnerabilities.vulnerability.cvssInfo.accessVector

Select the name ##### of a CVSS access vector you'd like to find (e.g. UNDEFINED, LOCAL_ACCESS, ADJACENT_NETWORK, NETWORK). Select from names in the drop-down menu.

Example

Show findings with this name

vulnerabilities.vulnerability.cvssInfo.accessVector:NETWORK

vulnerabilities.vulnerability.cvssInfo.baseScore

Use an integer value ##### to help you find the CVSS base score you're interested in.

Example

Show assets with this score

vulnerabilities.vulnerability.cvssInfo.baseScore:7.8

vulnerabilities.vulnerability.cvssInfo.temporalScore

Use an integer value ##### to help you find the CVSS temporal score you're interested in.

Example

Show assets with this score

vulnerabilities.vulnerability.cvssInfo.temporalScore:6.4

vulnerabilities.vulnerability.discoveryTypes

Select a discovery type (Remote or Authenticated) to find assets with vulnerabilities having this discovery type. Select from names in the drop-down menu.

Example

Show findings with Remote discovery type

vulnerabilities.vulnerability.discoveryTypes:REMOTE

vulnerabilities.vulnerability.exploitability

Use quotes or backticks within values to help you find known exploit description you're looking for.

Examples

Show any findings related to this description

vulnerabilities.vulnerability.exploitability:GIF Parser Heap

Show any findings that contain "GIF", "Parser" or "Heap" in description

vulnerabilities.vulnerability.exploitability:"GIF Parser Heap"

Show any findings that match exact value "GIF Parser Heap"

vulnerabilities.vulnerability.exploitability:`GIF Parser Heap`

vulnerabilities.vulnerability.flags

Use a text value ##### to find the Qualys defined vulnerability property of interest (e.g. REMOTE, WINDOWS_AUTH, UNIX_AUTH, PCI_RELATED etc).

Example

Show findings with this flag

vulnerabilities.vulnerability.flags:PCI_RELATED

vulnerabilities.vulnerability.os

Use quotes or backticks within values to help you find the operating system vulnerabilities were detected on.

Examples

Show any findings related to this OS value

vulnerabilities.vulnerability.os:windows

Show any findings that contain parts of OS value

vulnerabilities.vulnerability.os:"windows"

Show any findings that match exact value "windows"

vulnerabilities.vulnerability.os:`windows`

vulnerabilities.vulnerability.patchAvailable

Use the values true | false to define vulnerabilities with patch available.

Examples

Show findings with patch available

vulnerabilities.vulnerability.patchAvailable:TRUE

Show findings with no patch available

vulnerabilities.vulnerability.patchAvailable:FALSE

vulnerabilities.vulnerability.PCI

Use the values true | false to find vulnerabilities that must be fixed for PCI Compliance (per PCI DSS).

Examples

Show PCI vulnerabilities

vulnerabilities.vulnerability.PCI:TRUE

Do not show PCI vulnerabilities

vulnerabilities.vulnerability.PCI:FALSE

vulnerabilities.vulnerability.qid

Use an integer value ##### to define the QID in question.

Example

Show findings with QID 90405

vulnerabilities.vulnerability.qid: 90405

vulnerabilities.vulnerability.sans20Categories

Use a text value ##### to find vulnerabilities in the SANS 20 category you're interested in (e.g. Anti-virus Software, Backup Software, etc).

Example

Show findings with this category name

vulnerabilities.vulnerability.sans20Categories:Media Players

vulnerabilities.vulnerability.solution

Use quotes or backticks within values to help you find the solution you're looking for.

Examples

Show any findings related to this solution

vulnerabilities.vulnerability.solution:Bulletin MS10-006

Show any findings that contain parts of solution

vulnerabilities.vulnerability.solution:"Bulletin MS10-006"

Show any findings that match exact value "Bulletin MS10-006"

vulnerabilities.vulnerability.solution:`Bulletin MS10-006`

vulnerabilities.vulnerability.supportedBy

Select a Qualys service (VM, Agent type, etc) to show vulnerabilities that can be detected by this service. Select from names in the drop-down menu.

Example

Show vulnerabilities supported by Linux Agent

vulnerabilities.vulnerability.supportedBy:LINUX_AGENT

vulnerabilities.vulnerability.title

Use quotes or backticks within values to help you find the title you're looking for.

Examples

Show any findings related to this title

vulnerabilities.vulnerability.title:Remote Code Execution

Show any findings that contain "Remote" or "Code" in title

vulnerabilities.vulnerability.title:"Remote Code"

Show any findings that match exact value "Remote Code"

vulnerabilities.vulnerability.title:`Remote Code`

vulnerabilities.vulnerability.types

Select a detection type (e.g. Vulnerability, Potential, Information) to find assets with vulnerabilities of this type. Select from names in the drop-down menu.

Example

Show findings with this type

vulnerabilities.vulnerability.types:VULNERABILITY

vulnerabilities.vulnerability.vendorRefs

Use a text value ##### to find the vendor reference you're interested in.

Example

Show this vendor reference

vulnerabilities.vulnerability.vendorRefs:KB3021953

vulnerabilities.vulnerability.vendors.productName

Use a text value ##### to find the vendor product name you're interested in.

Example

Show findings with this vendor product name

vulnerabilities.vulnerability.vendors.productName:Windows

vulnerabilities.vulnerability.vendors.vendorName

Use a text value ##### to find the vendor name you're interested in.

Example

Show findings with this vendor name

vulnerabilities.vulnerability.vendors.vendorName:Adobe

vulnerabilities.nonExploitableKernel

Use the values true | false to define vulnerabilities that exist on non exploitable kernels.

Examples

Show findings on non-exploitable kernels

vulnerabilities.nonExploitableKernel:TRUE

vulnerabilities.nonExploitableService

Use the values true | false to define vulnerabilities that exist on non exploitable services.

Examples

Show findings on non-exploitable services

vulnerabilities.nonExploitableService:TRUE

vulnerabilities.vulnerability.virtualPatchAvailable

Use the values true | false to define vulnerabilities that have a virtual patch available.

Examples

Show findings with virtual patch available

vulnerabilities.vulnerability.virtualPatchAvailable:TRUE

Show findings that don't have virtual patch available

vulnerabilities.vulnerability.virtualPatchAvailable:FALSE

vulnerabilities.vulnerability.patchReleased

Use a date range or specific date to define when patch was available.

Examples

Show findings last found within certain dates

vulnerabilities.vulnerability.patchReleased:[2018-10-21 ... 2019-01-15]

Show findings last found starting 2020-01-01, ending 1 month ago

vulnerabilities.vulnerability.patchReleased:[2020-01-01 ... now-1M]

Show findings last found starting 2 weeks ago, ending 1 second ago

vulnerabilities.vulnerability.patchReleased:[now-2w ... now-1s]

Show findings last found on certain date

vulnerabilities.vulnerability.patchReleased:'2020-01-02'

vulnerabilities.timesFound

Show findings that were detected for the specified number of times.

Examples

Show findings last found 3 times

vulnerabilities.timesFound:3

vulnerabilities.vulnerability.kbAge

Select the number of days from the range (00..30, 31..60, 61..90, 91..180,180..+) since the vulnerability was disclosed. Select the number of days from the drop-down menu.

Example

Show findings that were disclosed in the last 60 days

vulnerabilities.vulnerability.kbAge:[31..60]

vulnerabilities.detectionAge

Select the number of days from the range (00..30, 31..60, 61..90, 91..180,180..+) since the vulnerability was first detected (by a scanner or cloud agent) on the asset. Select the number of days from the drop-down menu.

Example

Show findings that were detected in the last 60 days.

vulnerabilities.detectionAge: [31..60]

 

Asset index

accounts.username

Use a text value ##### to find the username you're looking for.

Example

Show assets with the username Administrator

accounts.username:Administrator

activatedForModules

Select the name ##### of an activated module you're interested in. Select from names in the drop-down menu.

Examples

Show assets activated for VM

activatedForModules:VM

Show assets activated for VM and FIM

activatedForModules:VM AND activatedForModules:FIM

agentActivations.key

Use a text value ##### to define the agent activation key you're interested in.

Example

Show assets with agents activated using key-value

agentActivations.key:key-value

agentActivations.status

Use a text value ##### (ACTIVE or INACTIVE) to define agent activation status you're looking for.

Example

Show assets with active agents

agentActivations.status:ACTIVE

agentId

Use a text value ##### to find an agent ID of interest.

Example

Show the asset with this agent ID

agentID:f0c8e682-e9cc-4e7d-b92a-0c905d81ec74

agentVersion

Use a text value ##### to find the agent version you're interested in.

Example

Show findings with agent version 1.5.6.46

agentVersion:1.5.6.46

assetId

Use an integer value ##### to help you find certain Qualys asset IDs (UUIDs), assigned by an agent or a scanner appliance when Agentless Tracking is used.

Examples

Show this asset ID

assetId: 2918869

Show asset IDs in this range

assetId: [3546997 .. 12945655]

Show the 2 asset IDs listed

assetId: [3546997,12945655]

configurationProfile

Use quotes or backticks within values to help you find the agent configuration profile you're looking for.

Examples

Show any findings related to profile name

configurationProfile:Initial Profile

Show any findings that contain parts of profile name

configurationProfile:"Initial Profile"

Show any findings that match exact value "Initial Profile"

configurationProfile:`Initial Profile`

connectors.connector.name

Use a text value ##### to define the connector name you're interested in.

Example

Show findings detected by connector myec2

connectors.connector.name:myec2

cpuCount

Use an integer value ##### to help you find assets with some number of CPUs.

Example

Show assets that have 2 CPUs

cpuCount:2

created

Use a date range or specific date to define when assets were created (i.e. when first scanned by a scanner appliance, or when agent was installed).

Examples

Show assets created within certain dates

created:[2016-01-01 ... 2016-01-10]

Show assets created starting 2017-10-01, ending 1 month ago

created:[2017-10-01 ... now-1M]

Show assets created starting 2 weeks ago, ending 1 second ago

created:[now-2w ... now-1s]

Show assets created on specific date

created:'2018-01-08'

docker.dockerVersion

Use a text value ##### to define a Docker version you're looking for.

Example

Show findings with this Docker version

docker.dockerVersion:17.3

docker.noOfContainers

Use an integer value ##### to help you find assets with some number of Docker containers. .

Example

Show findings with 2 Docker containers

docker.noOfContainers:2

docker.noOfImages

Use an integer value ##### to help you find assets with some number of Docker images.

Example

Show findings with 5 Docker images

docker.noOfImages:5

isDockerHost

Use the values true | false to choose whether to show docker hosts or not (only when the hosts have been scanned).

Examples

Show docker hosts

isDockerHost:true

Do not show docker hosts

isDockerHost:false

interfaces.address

Use a text value ##### to define an IP address (IPv4 of IPv6) you're interested in.

Examples

Show the asset with IPv4 address

interfaces.address:10.10.100.20

Show the asset with IPv6 address (enclose value in single quotes)

interfaces.address:'fe80:0:0:0:2501:b53c:4139:404b'

interfaces.dnsAddress

Use a text value ##### to define a DNS address you're interested in.

Example

Show the asset with DNS address 10.0.100.11

interfaces.dnsAddress:10.0.100.11

interfaces.gatewayAddress

Use a text value ##### to help you find assets with a certain default gateway address.

Example

Show assets with this default gateway address

interfaces.gatewayAddress:10.11.65.1

interfaces.hostname

Use quotes or backticks within values to help you find the hostname you're looking for.

Examples

Show any findings related to name

interfaces.hostname:xpsp2-jp-26-111

Show any findings that contain parts of name

interfaces.hostname:"xpsp2-jp-26-111"

Show any findings that match exact value "xpsp2-jp-26-111"

interfaces.hostname:`xpsp2-jp-26-111`

Show any findings related to name (we'll match super domains)

interfaces.hostname:qcentos71sqp3.rdlab.acme.com

Show any findings that match exact value "qcentos71sqp3.rdlab.acme.com"

interfaces.hostname:`qcentos71sqp3.rdlab.acme.com`

interfaces.interfaceName

Use a text value ##### to help you find a certain interface name.

Example

Show the asset with name PRO/1000

interfaces.interfaceName:PRO/1000

interfaces.macAddress

Use quotes within values to help you find a MAC address you're interested in.

Example

Show the asset with this MAC address

interfaces.macAddress:"00-50-56-A9-73-5A"

lastCheckedIn

Use a date range or specific date to define when agents last checked in to the platform.

Examples

Show findings with last check in within certain dates

lastCheckedIn:[2018-01-01 ... 2018-01-10]

Show findings with last check in starting 2017-11-01, ending 1 month ago

lastCheckedIn:[2017-11-01 ... now-1M]

Show findings with last check in starting 2 weeks ago, ending 1 second ago

lastCheckedIn:[now-2w ... now-1s]

Show findings with last check in on a specific date

lastCheckedIn:'2018-02-11'

lastComplianceScanDate

Use a date range or specific date to define when compliance scans were last conducted.

Examples

Show findings with last compliance scan within certain dates

lastComplianceScanDate: [2017-01-01 ... 2017-03-31]

Show findings with last compliance scan starting 2016-10-15, ending 1 month ago

lastComplianceScanDate: [2016-10-15 ... now-1M]

Show findings with last compliance scan starting 2 weeks ago, ending 1 second ago

lastComplianceScanDate: [now-2w ... now-1s]

Show findings with last compliance scan on specific date

lastComplianceScanDate:'2017-02-18'

lastFullScan

Use a date range or specific date to define when full scans (assessments) were last conducted using Cloud Agent (CA).

Examples

Show findings with last full scan within certain dates

lastFullScan:[2018-01-01 ... 2018-01-10]

Show findings with last full scan starting 2017-11-01, ending 1 month ago

lastFullScan:[2017-11-01 ... now-1M]

Show findings with last full scan starting 2 weeks ago, ending 1 second ago

lastFullScan:[now-2w ... now-1s]

Show findings with last full scan on a specific date

lastFullScan:'2018-02-08'

lastInventory

Use a date range or specific date to define when inventory scans were last conducted by agents.

Examples

Show findings with last inventory scan within certain dates

lastInventory:[2018-01-12 ... 2018-01-20]

Show findings with last inventory scan starting 2018-01-01, ending 1 month ago

lastInventory:[2018-01-01 ... now-1M]

Show findings with last inventory scan starting 3 weeks ago, ending 1 second ago

lastInventory:[now-3w ... now-1s]

Show findings with last inventory scan on specific date

lastInventory:'2018-02-10'

lastLoggedOnUser

Use a text value ##### to help you find assets last logged into by a user of interest.

Examples

Show assets with last logon by user asmith

lastLoggedOnUser:asmith

lastActivity

Use a date range or specific date to define when the last activity on the agent occurred. Last activity could be when agent was last scanned, updated, activated, etc.

Examples

Show findings with last activity within certain dates

lastActivity: [2016-01-01 ... 2016-01-10]

Show findings with last activity starting 2015-10-01, ending 1 month ago

lastActivity: [2015-10-01 ... now-1M]

Show findings with last activity starting 2 weeks ago, ending 1 second ago

lastActivity: [now-2w ... now-1s]

Show findings with last activity on a specific date

lastActivity:'2015-12-01'

name

Use quotes or backticks within values to help you find the asset name you're looking for.

Examples

Show any findings related to name

name:QK2K12QP3-65-53

Show any findings that contain parts of name

name:"QK2K12QP3-65-53"

Show any findings that match exact value "QK2K12QP3-65-53"

name:`QK2K12QP3-65-53`

netbiosName

Use a text value ##### to define the NetBIOS name you're interested in.

Examples

Show assets with this exact name (case sensitive)

netbiosName: EC2AMAZ-19OC2IT

Show assets with name starting with "EC2" (case sensitive)

netbiosName: EC2*

Show assets with name ending with "c2it" (case insensitive)

netbiosName: *c2it

openPorts.description

Use quotes or backticks within values to help you find the service description detected on an open port.

Examples

Show any findings with this description

openPorts.description:Windows Remote Desktop

Show any findings that contain parts of description

openPorts.description:"Windows Remote Desktop"

Show any findings that match exact value "Windows Remote Desktop"

openPorts.description:`Windows Remote Desktop`

openPorts.detectedService

Use quotes or backticks within values to help you find the detected service you're looking for.

Examples

Show any findings with this service name

openPorts.detectedService:win_remote_desktop

Show any findings that contain parts of name

openPorts.detectedService:"win_remote_desktop"

Show any findings that match exact value "win_remote_desktop"

openPorts.detectedService:`win_remote_desktop`

openPorts.firstFound

Use a date range or specific date to define when open ports were first found.

Examples

Show findings with open ports first found within certain dates

openPorts.firstFound:[2017-06-15 ... 2017-06-30]

Show findings with open ports first found starting 2017-06-22, ending 1 month ago

openPorts.firstFound: [2017-06-22 ... now-1M]

Show findings with open ports first found starting 2 weeks ago, ending 1 second ago

openPorts.firstFound:[now-2w ... now-1s]

Show findings with open ports first found on specific date

openPorts.firstFound:'2017-06-14'

openPorts.lastUpdated

Use a date range or specific date to define when open ports were last updated.

Examples

Show findings with open ports last updated within certain dates

openPorts.lastUpdated:[2017-06-15 ... 2017-06-30]

Show findings with open ports last updated starting 2017-06-22, ending 1 month ago

openPorts.lastUpdated:[2017-06-22 ... now-1M]

Show findings with open ports last updated starting 2 weeks ago, ending 1 second ago

openPorts.lastUpdated:[now-2w ... now-1s]

Show findings with open ports last updated on specific date

openPorts.lastUpdated:'2018-01-14'

openPorts.port

Use an integer value ##### to help you find assets with some open port.

Example

Show assets with open port 80

openPorts.port:80

openPorts.protocol

Use a text value ##### (UDP or TCP) to define the port protocol you're interested in.

Examples

Show findings found on TCP

openPorts.protocol:TCP

Show findings found on port 80 and TCP

openPorts:(port:80 AND protocol:TCP)

operatingSystem

Use quotes or backticks within values to help you find the operating system you're looking for.

Examples

Show any findings with this OS name

operatingSystem:Windows 2012

how any findings that contain components of OS name

operatingSystem:"Windows 2012"

Show any findings that match exact value "Windows 2012"

operatingSystem:`Windows 2012`

pendingActivationForModules

Select the name ##### of a module that's pending activation. Select from names in the drop-down menu.

Examples

Show assets pending activation for VM

pendingActivationForModules:VM

Show assets pending activation for VM and FIM

pendingActivationForModules:VM AND pendingActivationForModules:FIM

processors.description

Use quotes or backticks within values to help you find the processor description you're looking for.

Examples

Show any findings with this description

processors.description:intel

Show any findings that contain parts of description

processors.description:"intel"

Show any findings that match exact value "intel"

processors.description:`intel`

processors.speed

Use an integer value ##### to help you find assets with a certain processor speed.

Example

Show assets with this processor speed

processors.speed:1995

services.description

Use quotes or backticks within values to help you find the service description you're looking for.

Examples

Show any findings with this description

services.description:Windows Event Log

Show any findings that contain parts of description

services.description:"Windows Event Log"

Show any findings that match exact value "Windows Event Log"

services.description:`Windows Event Log`

services.name

Use quotes or backticks within values to help you find the service name you're looking for.

Examples

Show any findings with this name

services.name:eventlog

Show any findings that contain parts of name

services.name:"eventlog"

Show any findings that match exact value "eventlog"

services.name:`eventlog`

services.status

Use quotes or backticks within values to help you find the service status you're looking for.

Examples

Show any findings with this status

services.status:running

Show any findings that contain parts of name

services.status:"running"

Show any findings that match exact value "running"

services.status:`running`

software.firstFound

Use a date range or specific date to define when software was first found.

Examples

Show assets with software first found within certain dates

software.firstFound:[2017-10-15 ... 2017-10-30]

Show assets with software first found starting 2017-06-22, ending 1 month ago

software.firstFound:[2017-06-22 ... now-1M]

Show assets with software first found starting 2 weeks ago, ending 1 second ago

software.firstFound:[now-2w ... now-1s]

Show assets with software first found on specific date

software.firstFound:'2017-08-14'

software.lastUpdated

Use a date range or specific date to define when software was last updated.

Examples

Show assets with software last updated within certain dates

software.lastUpdated:[2018-01-15 ... 2018-03-12]

Show assets with software last updated starting 2018-01-22, ending 1 month ago

software.lastUpdated:[2018-01-22 ... now-1M]

Show assets with software last updated starting 2 weeks ago, ending 1 second ago

software.lastUpdated:[now-2w ... now-1s]

Show assets with software last updated on specific date

software.lastUpdated:'2018-02-16'

software.installedDate

Use a date range or specific date to define when software was installed.

Examples

Show assets with software installed within certain dates

software.installedDate:[2018-01-15 ... 2018-03-12]

Show assets with software installed starting 2018-01-22, ending 1 month ago

software.installedDate:[2018-01-22 ... now-1M]

Show assets with software installed starting 2 weeks ago, ending 1 second ago

software.installedDate:[now-2w ... now-1s]

Show assets with software installed on specific date

software.installedDate:'2018-02-16'

software.name

Use quotes or backticks within values to help you find the software name you're looking for.

Examples

Show any findings with this name

software.name:VMware Tools

Show any findings that contain parts of name

software.name:"VMware Tools"

Show any findings that match exact value "VMware Tools"

software.name:`VMware Tools`

Find assets with certain tag and software installed

tags.name:`Cloud Agent` AND software:(name:`Cisco AnyConnect Secure Mobility Client` AND version:`3.1.12345`)

software.version

Use a text value ##### to define the software version you're interested in.

Example

Show findings with this version

software.version: 8.6.10

Find assets with certain tag and software installed

tags.name:`Cloud Agent` AND software: (name:`Cisco AnyConnect Secure Mobility Client` AND version:`3.1.12345`)

system.biosDescription

Use quotes or backticks within values to help you find the BIOS description you're looking for.

Examples

Show any findings with this description

system.biosDescription: Phoenix Technologies

Show any findings that contain parts of name

system.biosDescription: "Phoenix Technologies"

Show any findings that match exact value "Phoenix Technologies"

system.biosDescription: `Phoenix Technologies`

system.lastBoot

Use a date range or specific date to define when assets were last booted.

Examples

Show assets last booted within certain dates

system.lastBoot:[2018-01-11 ... 2018-01-23]

Show assets last booted starting 2017-10-01, ending 1 month ago

system.lastBoot:[2017-10-01 ... now-1M]

Show assets last booted starting 2 weeks ago, ending 1 second ago

system.lastBoot:[now-2w ... now-1s]

Show assets last booted on a specific date

system.lastBoot:'2018-03-08'

system.manufacturer

Use quotes or backticks within values to help you find the system manufacturer you're looking for.

Examples

Show any findings with this name

system.manufacturer:dell

Show any findings that contain parts of name

system.manufacturer:"dell"

Show any findings that match exact value "dell"

system.manufacturer:`dell`

system.model

Use quotes or backticks within values to help you find the system model you're looking for.

Examples

Show any findings with this name

system.model: optiplex

Show any findings that contain parts of name

system.manufacturer: "optiplex"

Show any findings that match exact value "optiplex"

system.manufacturer: `optiplex`

system.timezone

Use a text value ##### in quotes to find assets with a certain timezone set.

Example

Show assets with this timezone

system.timezone:-08:00

system.totalMemory

Use an integer value ##### to help you find assets with a certain total system memory.

Example

Show assets with this total system memory

system.totalMemory:1024

tags.name

Use quotes or backticks within values to help you find the asset tag you're looking for.

Examples

Show any findings related to this tag name

tags.name:Cloud Agent

Show any findings that contain "Cloud" or "Agent" in name

tags.name:"Cloud Agent"

Show any findings that match exact value "Cloud Agent"

tags.name:`Cloud Agent`

updated

Use a date range or specific date to define when assets were updated (i.e. when re-scanned by a scanner appliance, or when host data uploaded to the cloud platform by an agent).

Examples

Show assets updated within certain dates

updated:[2017-12-01 ... 2018-01-10]

Show assets updated starting 2017-10-01, ending 3 months ago

updated:[2017-10-01 ... now-3M]

Show assets updated starting 2 weeks ago, ending 1 second ago

updated:[now-2w ... now-1s]

Show assets updated on a specific date

updated:'2018-03-10'

volumes.free

Use an integer value ##### to help you find assets with a certain free volume space.

Example

Show assets with this free volume space

volumes.free:448312320

volumes.name

Use a text value ##### to find assets with a certain volume name.

Example

Show assets with this volume name

volumes.name:/boot

volumes.size

Use an integer value ##### to help you find assets with a certain volume size.

Example

Show assets with this volume size

volumes.size:481529856

vulnerabilities

Choose the value * to find assets with vulnerabilities.

Example

Show all findings that have vulnerabilities

vulnerabilities:*

 

Asset index - not in Vuln index

vulnerabilities.vulnerability.description

Use quotes or backticks within values to help you find the vulnerability description you're looking for.

Examples

Show any findings related to description

vulnerabilities.vulnerability.description:remote code execution

Show any findings that contain "remote" or "code" in description

vulnerabilities.vulnerability.description:"remote code execution"

Show any findings that match exact value "remote code execution"

vulnerabilities.vulnerability.description:`remote code execution`

vulnerabilities.vulnerability.lists

Use a text value ##### to find the vulnerability list of interest (e.g. SANS_20, QUALYS_20, QUALYS_INT_10, QUALYS_EXT_10).

Example

Show findings with vulnerabilities in SANS Top 20

vulnerabilities.vulnerability.lists:SANS_20

vulnerabilities.vulnerability.patches

Use an integer value ##### to help you find the patch QID you're interested in.

Example

Show assets with this patch QID

vulnerabilities.vulnerability.patches:90753

vulnerabilities.vulnerability.published

Use a date range or specific date to define when vulnerabilities were first published in the KnowledgeBase.

Examples

Show findings for vulnerabilities published within certain dates

vulnerabilities.vulnerability.published:[2015-10-21 ... 2016-01-15]

Show findings for vulnerabilities published starting 2017-01-01, ending 1 month ago

vulnerabilities.vulnerability.published:[2017-01-01 ... now-1M]

Show findings for vulnerabilities published starting 2 weeks ago, ending 1 second ago

vulnerabilities.vulnerability.published:[now-2w ... now-1s]

Show findings for vulnerabilities published on certain date

vulnerabilities.vulnerability.published:'2018-01-15'

vulnerabilities.vulnerability.risk

Use an integer value ##### to define the vulnerability risk rating you're interested in. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.

Example

Show findings with risk 50

vulnerabilities.vulnerability.risk:50

vulnerabilities.vulnerability.qualysPatchable

Use the valuesvulnerabilities  true | false to define that can be patched at Qualys.

Examples

Show vulnerabilities with patch available at Qualys

vulnerabilities.vulnerability.qualysPatchable: "true"

Show vulnerabilities with patch not available at Qualys

vulnerabilities.vulnerability.qualysPatchable: "false"

vulnerabilities.vulnerability.criticality

Select a criticality (e.g. "CRITICAL","HIGH","MEDIUM","LOW","NONE") to find assets with vulnerabilities of this type. Select from names in the drop-down menu.

Examples

Show vulnerabilities with HIGH criticality

vulnerabilities.vulnerability.criticality: "HIGH"

vulnerability.severity

Select a severity (1-5) to find assets having vulnerabilities with this severity. Select from values in the drop-down menu.

Example

Show findings with severity 4

vulnerability.severity:4

vulnerabilities.vulnerability.updated

Use a date range or specific date to define when vulnerabilities were updated in the KnowledgeBase.

Examples

Show vulnerabilities updated within certain dates

vulnerabilities.vulnerability.updated:[2017-10-21 ... 2017-10-30]

Show vulnerabilities updated starting 2017-11-01, ending 1 month ago

vulnerabilities.vulnerability.updated:[2017-11-01 ... now-1M]

Show vulnerabilities updated stating 2 weeks ago, ending 1 second ago

vulnerabilities.vulnerability.updated:[now-2w ... now-1s]

Show vulnerabilities updated on certain date

vulnerabilities.vulnerability.updated:'2018-03-08'

 

Threat Protection

(For Threat Protection users) Use these tokens for searching Real-Time Threat Indicators (RTI).

vulnerabilities.vulnerability.threatIntel.activeAttacks

Use the values true | false to define real-time threats due to active attacks.

Examples

Show assets with threats due to active attacks

vulnerabilities.vulnerability.threatIntel.activeAttacks: true

Show assets that don't have threats due to active attacks

vulnerabilities.vulnerability.threatIntel.activeAttacks: false

vulnerabilities.vulnerability.threatIntel.denialOfService

Use the values true | false to define real-time threats due to denial of service.

Examples

Show assets with threats due to denial of service

vulnerabilities.vulnerability.threatIntel.denialOfService: true

Show assets that don't have threats due to denial of service

vulnerabilities.vulnerability.threatIntel.denialOfService: false

vulnerabilities.vulnerability.threatIntel.easyExploit

Use the values true | false to define real-time threats due to easy exploit.

Examples

Show assets with threats due to easy exploit

vulnerabilities.vulnerability.threatIntel.easyExploit: true

Show assets that don't have threats due to easy exploit

vulnerabilities.vulnerability.threatIntel.easyExploit: false

vulnerabilities.vulnerability.threatIntel.exploitKit

Use the values true | false to define real-time threats due to exploit kit.

Examples

Show assets with threats due to exploit kit

vulnerabilities.vulnerability.threatIntel.exploitKit: true

Show assets that don't have threats due to exploit kit

vulnerabilities.vulnerability.threatIntel.exploitKit: false

vulnerabilities.vulnerability.threatIntel.exploitKitName

Use quotes or backticks within values to help you find the exploit kit name you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings with this name

vulnerabilities.vulnerability.threatIntel.exploitKitName: Angler

Show any findings that match exact value

vulnerabilities.vulnerability.threatIntel.exploitKitName: `Angler`

vulnerabilities.vulnerability.threatIntel.highDataLoss

Use the values true | false to define real-time threats due to high data loss.

Examples

Show assets with threats due to high data loss

vulnerabilities.vulnerability.threatIntel.highDataLoss: true

Show assets that don't have threats due to high data loss

vulnerabilities.vulnerability.threatIntel.highDataLoss: false

vulnerabilities.vulnerability.threatIntel.highLateralMovement

Use the values true | false to define real-time threats due to high lateral movement.

Examples

Show assets with threats due to high lateral movement

vulnerabilities.vulnerability.threatIntel.highLateralMovement: true

Show assets that don't have threats due to high lateral movement

vulnerabilities.vulnerability.threatIntel.highLateralMovement: false

vulnerabilities.vulnerability.threatIntel.malware

Use the values true | false to define real-time threats due to malware.

Examples

Show assets with threats due to malware

vulnerabilities.vulnerability.threatIntel.malware: true

Show assets that don't have threats due to malware

vulnerabilities.vulnerability.threatIntel.malware: false

vulnerabilities.vulnerability.threatIntel.malwareName

Use quotes or backticks within values to help you find the malware name you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings with this name

vulnerabilities.vulnerability.threatIntel.malwareName: TROJ_PDFKA.DQ

Show any findings that match exact value

vulnerabilities.vulnerability.threatIntel.malwareName: `TROJ_PDFKA.DQ`

vulnerabilities.vulnerability.threatIntel.noPatch

Use the values true | false to define real-time threats due to no patch available.

Examples

Show assets with threats due to no patch available

vulnerabilities.vulnerability.threatIntel.noPatch: true

Show assets that don't have threats due to no patch available

vulnerabilities.vulnerability.threatIntel.noPatch: false

vulnerabilities.vulnerability.threatIntel.publicExploit

Use the values true | false to define real-time threats due to public exploit.

Example

Show assets with threats due to public exploit

vulnerabilities.vulnerability.threatIntel.publicExploit: true

Show assets that don't have threats due to public exploit

vulnerabilities.vulnerability.threatIntel.publicExploit: false

vulnerabilities.vulnerability.threatIntel.publicExploitName

Use quotes or backticks within values to help you find the public exploit name of interest. Quotes can be used when the value has more than one word.

Examples

Show any findings with this name

vulnerabilities.vulnerability.threatIntel.publicExploitName: RealVNC NULL Authentication Mode Bypass

Show any findings that contain parts of name

vulnerabilities.vulnerability.threatIntel.publicExploitName: "RealVNC NULL Authentication Mode Bypass"

Show any findings that match exact value

vulnerabilities.vulnerability.threatIntel.publicExploitName: `RealVNC NULL Authentication Mode Bypass`

vulnerabilities.vulnerability.threatIntel.zeroDay

Use the values true | false to define real-time threats due to zero day exploit.

Examples

Show assets with threats due to zero day exploit

vulnerabilities.vulnerability.threatIntel.zeroDay: true

Show assets that don't have threats due to zero day exploit

vulnerabilities.vulnerability.threatIntel.zeroDay: false

vulnerabilities.vulnerability.threatIntel.wormable

Use the values true | false to define real-time wormable threats.

Examples

Show assets with wormable threats

vulnerabilities.vulnerability.threatIntel.wormable: "true"

vulnerabilities.vulnerability.threatIntel.predictedHighRisk

Use the values true | false to define real-time threats due to predicted high risk.

Examples

Show assets with predicted high risk threat

vulnerabilities.vulnerability.threatIntel.predictedHighRisk: "true"

vulnerabilities.vulnerability.threatIntel.unauthenticatedExploitation

Use the values true | false to define real-time threats due to unauthenticated exploitation risk.

Examples

Show assets with unauthenticated exploitation threat

vulnerabilities.vulnerability.threatIntel.unauthenticatedExploitation: "true"

vulnerabilities.vulnerability.threatIntel.remoteCodeExecution

Use the values true | false to define real-time threats due to remote code execution risk.

Examples

Show assets with  remote code execution threat

vulnerabilities.vulnerability.threatIntel.remoteCodeExecution: "true"

vulnerabilities.vulnerability.threatIntel.privilegeEscalation

Use the values true | false to define real-time threats due to privilege escalation risk.

Examples

Show assets with privilege escalation threat

vulnerabilities.vulnerability.threatIntel.privilegeEscalation: "true"

Asset Inventory

hardware.category

Use quotes or backticks within values to help you find the hardware category you're looking for.

Examples

Show any findings that contain parts of value

hardware.category:"Computer/Server"

Show any findings that match exact value

hardware.category:`Computer/Server`

hardware.category1

Use quotes or backticks within values to find assets with hardware category 1 value.

Example

Show any findings that match exact value

hardware.category1:`Computer`

hardware.category2

Use quotes or backticks within values to find assets with hardware category 2 value.

Example

Show any findings that match exact value

hardware.category2:`Server`

hardware.lifecycle.ga

Use a date range or specific date to define a hardware general availability date of interest.

Examples

Show findings with hardware GA date in this date range

hardware.lifecycle.ga:[2019-01-01 ... 2019-01-15]

Show findings with hardware GA date starting 2019-01-15, ending 1 month ago

hardware.lifecycle.ga:[2019-01-15 ... now-1M]

Show findings with hardware GA date starting 2 weeks ago, ending 1 second ago

hardware.lifecycle.ga:[now-2w ... now-1s]

Show findings with this hardware GA date

hardware.lifecycle.ga:'2019-03-18'

hardware.lifecycle.intro

Use a date range or specific date to define a hardware introduction date of interest.

Examples

Show findings with hardware introduction date in this date range

hardware.lifecycle.intro:[2019-01-01 ... 2019-01-15]

Show findings with hardware introduction date starting 2019-01-15, ending 1 month ago

hardware.lifecycle.intro:[2019-01-15 ... now-1M]

Show findings with hardware introduction date starting 2 weeks ago, ending 1 second ago

hardware.lifecycle.intro:[now-2w ... now-1s]

Show findings with this hardware introduction date

hardware.lifecycle.intro:'2019-03-18'

hardware.lifecycle.eos

Use a date range or specific date to define a hardware End-of-Sale date of interest.

Examples

Show findings with hardware End-of-Sale date in this date range

hardware.lifecycle.eos:[2019-01-01 ... 2019-01-15]

Show findings with hardware End-of-Sale date starting 2019-01-15, ending 1 month ago

hardware.lifecycle.eos:[2019-01-15 ... now-1M]

Show findings with hardware End-of-Sale date starting 2 weeks ago, ending 1 second ago

hardware.lifecycle.eos:[now-2w ... now-1s]

Show findings with this hardware End-of-Sale date

hardware.lifecycle.eos:'2019-03-18'

hardware.lifecycle.obs

Use a date range or specific date to define a hardware obsolete date of interest.

Examples

Show findings with hardware obsolete date in this date range

hardware.lifecycle.obs:[2019-01-01 ... 2019-01-15]

Show findings with hardware obsolete date starting 2019-01-15, ending 1 month ago

hardware.lifecycle.obs:[2019-01-15 ... now-1M]

Show findings with hardware obsolete date starting 2 weeks ago, ending 1 second ago

hardware.lifecycle.obs:[now-2w ... now-1s]

Show findings with this hardware obsolete date

hardware.lifecycle.obs:'2019-03-18'

hardware.lifecycle.stage

Use a text value ##### in quotes to define the hardware lifecycle stage (INTRO, GA, EOS, OBS)

Example

Show End-of-Sale hardware

hardware.lifecycle.stage:"EOS"

hardware.manufacturer

Use quotes or backticks within values to find assets having a certain hardware manufacturer.

Example

Show any findings that match exact value "Dell"

hardware.manufacturer:`Dell`

hardware.model

Use quotes or backticks within values to find assets having a certain hardware model.

Example

Show any findings that match exact value "e7470"

hardware.model:`De7470`

hardware.product

Use quotes or backticks within values to find assets having a certain hardware product.

Example

Show any findings that match exact value "Latitude"

hardware.product:`Latitude`

operatingSystem.architecture

Use quotes or backticks within values to help you find the operating system architecture you're looking for, i.e. 32-Bit or 64-Bit.

Example

Show any findings that match exact value

operatingSystem.architecture:`64-Bit`

operatingSystem.category

Use quotes or backticks within values to help you find the full operating system category name you're looking for, i.e. Windows, Unix, Linux, Mac and more.

Example

Show any findings that match exact value

operatingSystem.category:`Windows`

operatingSystem.category1

Use quotes or backticks within values to help you find the operating system category 1 value you're looking for.

Example

Show any findings that match exact value

operatingSystem.category1:`Windows`

operatingSystem.category2

Use quotes or backticks within values to help you find the operating system category 1 value you're looking for.

Example

Show any findings that match exact value

operatingSystem.category2:`Client`

operatingSystem.edition

Use quotes or backticks within values to help you find the operating system edition you're looking for.

Example

Show any findings that match exact value

operatingSystem.edition:`Enterprise`

operatingSystem.lifecycle.ga

Use a date range or specific date to define an OS general availability date of interest.

Examples

Show findings with OS GA date in this date range

operatingSystem.lifecycle.ga:[2019-01-01 ... 2019-01-15]

Show findings with OS GA date starting 2019-01-15, ending 1 month ago

operatingSystem.lifecycle.ga:[2019-01-15 ... now-1M]

Show findings with OS GA date starting 2 weeks ago, ending 1 second ago

operatingSystem.lifecycle.ga:[now-2w ... now-1s]

Show findings with this OS GA date

operatingSystem.lifecycle.ga:'2019-03-18'

operatingSystem.lifecycle.eol

Use a date range or specific date to define an operating system End-of-Life date of interest.

Examples

Show findings with operating system End-of-Life date in this date range

operatingSystem.lifecycle.eol:[2019-01-01 ... 2019-01-15]

Show findings with operating system End-of-Life date starting 2019-01-15, ending 1 month ago

operatingSystem.lifecycle.eol:[2019-01-15 ... now-1M]

Show findings with operating system End-of-Life date starting 2 weeks ago, ending 1 second ago

operatingSystem.lifecycle.eol:[now-2w ... now-1s]

Show findings with this operating system End-of-Life date

operatingSystem.lifecycle.eol:'2019-03-18'

operatingSystem.lifecycle.eos

Use a date range or specific date to define an operating system End-of-Support date of interest.

Examples

Show findings with operating system End-of-Support date in this date range

operatingSystem.lifecycle.eos:[2019-01-01 ... 2019-01-15]

Show findings with operating system End-of-Support date starting 2019-01-15, ending 1 month ago

operatingSystem.lifecycle.eos:[2019-01-15 ... now-1M]

Show findings with operating system End-of-Support date starting 2 weeks ago, ending 1 second ago

operatingSystem.lifecycle.eos:[now-2w ... now-1s]

Show findings with this operating system End-of-Support date

operatingSystem.lifecycle.eos:'2019-03-18'

operatingSystem.lifecycle.stage

Use a text value ##### to define an OS lifecycle stage you're looking for, i.e. active, eol, obsolete.

Examples

Show findings having this OS lifecycle stage

operatingSystem.lifecycle.stage:eol

Show findings with OS category Windows and OS lifecycle stage "active"

operatingSystem:(category:Windows AND lifecycle.stage:eol)

operatingSystem.marketVersion

Use quotes or backticks within values to help you find the operating system market version, e.g. Windows OS.

Example

Show any findings that match exact value

operatingSystem.marketVersion:`7`

operatingSystem.osId

Use quotes or backticks within values to help you find the operating system ID.

Example

Show any findings that match exact value

operatingSystem.osId:`96426`

operatingSystem.name

Use quotes or backticks within values to help you find the operating system brand name you're looking for, e.g. Windows OS.

Example

Show any findings that match exact value

operatingSystem.name:`Windows 10`

operatingSystem.publisher

Use a text value ##### to define an operating system manufacturer you're looking for.

Example

Show findings with this exact software publisher

operatingSystem.publisher:`Microsoft`

operatingSystem.update

Use a text value ##### to define an OS update version of interest.

Example

Show findings with this exact OS update version

operatingSystem.update:`SP2`

operatingSystem.version

Use a text value ##### to define the OS version you're interested in.

Example

Show findings with this exact OS version

operatingSystem.version:`16.1`

software.architecture

Use quotes or backticks within values to help you find the software architecture you're looking for, i.e 32-Bit or 64-Bit.

Example

Show any findings that match exact value

software:(architecture:`64-Bit`)

software.category

Use quotes or backticks within values to help you find a software category.

Example

Show any findings that match exact value

software:(category:`Productivity > Productivity Suites`)

software.category1

Use quotes or backticks within values to help you find the software category 1 value you're looking for.

Example

Show any findings that match exact value

software:(category1:`Productivity`)

software.category2

Use quotes or backticks within values to help you find the software category 2 value you're looking for.

Example

Show any findings that match exact value

software:(category2:`Productivity Suites`)

software.edition

Use quotes or backticks within values to help you find the software edition you're looking for.

Example

Show any findings that match exact value

software:(edition:`Professional`)

software.lifecycle.ga

Use a date range or specific date to define a software general availability date of interest.

Examples

Show findings with software GA date in this date range

software:(lifecycle.ga:[2019-01-01 ... 2019-01-15])

Show findings with woftware GA date starting 2019-01-15, ending 1 month ago

software:(lifecycle.ga:[2019-01-15 ... now-1M])

Show findings with software GA date starting 2 weeks ago, ending 1 second ago

software:(lifecycle.ga:[now-2w ... now-1s])

Show findings with this software GA date

software:(lifecycle.ga:'2019-03-18')

software.lifecycle.eol

Use a date range or specific date to define an software End-of-Life date of interest.

Examples

Show findings with software End-of-Life date in this date range

software.lifecycle.eol:[2019-01-01 ... 2019-01-15]

Show findings with software End-of-Life date starting 2019-01-15, ending 1 month ago

software.lifecycle.eol:[2019-01-15 ... now-1M]

Show findings with software End-of-Life date starting 2 weeks ago, ending 1 second ago

software.lifecycle.eol:[now-2w ... now-1s]

Show findings with this software End-of-Life date

software.lifecycle.eol:'2019-03-18'

software.lifecycle.eos

Use a date range or specific date to define an software End-of-Support date of interest.

Examples

Show findings with software End-of-Support date in this date range

software.lifecycle.eos:[2019-01-01 ... 2019-01-15]

Show findings with software End-of-Support date starting 2019-01-15, ending 1 month ago

software.lifecycle.eos:[2019-01-15 ... now-1M]

Show findings with software End-of-Support date starting 2 weeks ago, ending 1 second ago

software.lifecycle.eos:[now-2w ... now-1s]

Show findings with this software End-of-Support date

software.lifecycle.eos:'2019-03-18'

software.lifecycle.stage

Use a text value ##### to define a software lifecycle stage you're looking for, i.e. active, eol, obsolete.

Examples

Show findings having this software lifecycle stage

software:(lifecycle.stage:eol)

Show findings having software category Windows and software lifecycle stage "active"

software:(category:Windows AND lifecycle.stage:eol)

software.license.category

Use text value ##### to help you find a software license category, i.e. Open Source, Commercial.

Example

Show any findings that match exact value

software:(license.category:`Open Source`)

software.marketVersion

Use quotes or backticks within values to help you find a software market version, e.g. Windows OS.

Example

Show any findings that match exact value

software:(marketVersion:`7`)

software.product

Use a text value ##### to define a software product name you're looking for.

Example

Show findings with this exact product name

software:(product:`Office`)

software.publisher

Use a text value ##### to define a software manufacturer you're looking for.

Example

Show findings with this exact software publisher

software:(publisher:`Microsoft`)

software.type

Use a text value ##### to define a software type of interest.

Example

Show findings having this software type

software:(type:`Installer Package`)

software.update

Use a text value ##### to define a software update version of interest.

Example

Show findings with this exact software update version

software:(update:`16.0.1.2`)

software.majorVersion

Use a text value ##### to define the major software version you're interested in.

Example

Show findings with this exact software version

software:(majorVersion:1.19.0.0)

software.license.subcategory

Use text value ##### to help you find a software license subcategory, i.e. GPL, Apache 2.0, BSD.

Example

Show any findings that match exact value

software:(license.subcategory:Apache 2.0)

AWS EC2

Use these tokens when searching your AWS EC2 assets on the Assets list.

- Your results may return Terminated instances. It's recommended you include aws.ec2instanceState in your query to reduce the number of results.

- The syntax is different when writing queries for tag rules than when searching assets in the Assets list. Be sure to follow the syntax tips in the drop-down when writing your query.

aws.ec2.accountId

Use a text value ##### to find EC2 instances with a certain account ID.

Examples

Find EC2 instances that match this account ID

aws.ec2.accountId: 123456789012

Find EC2 instances with account ID starting "12345"

aws.ec2.accountId: 12345*

Find EC2 instances where account ID is null (remove the colon)

aws.ec2.accountId is null

aws.ec2.availabilityZone

Use a text value ##### to find EC2 instances by the availability zone in which the instance launched.

Example

Find EC2 instances in the us-east-1a availability zone

aws.ec2.availabilityZone: us-east-1a

aws.ec2.hasAgent

Use the values true | false to define whether the EC2 asset has a cloud agent.

Examples

Show findings with a cloud agent

aws.ec2.hasAgent: true

Show findings without a cloud agent

aws.ec2.hasAgent: false

aws.ec2.hostname

Use a text value ##### to find the EC2 hostname you're looking for.

Examples

Find instances related to name

aws.ec2.hostname: abc.qualys.com

Find instances that match exact value

aws.ec2.hostname: `abc.qualys.com`

aws.ec2.imageId

Use a text value ##### to find EC2 instances with a certain Image (AMI) ID.

Examples

Find instances related to the Image ID

aws.ec2.imageId: ami-2ea83347

Find instances that match exact value

aws.ec2.imageId: `ami-2ea83347`

aws.ec2.instanceId

Use a text value ##### to find EC2 instances by the instance ID.

Example

Find EC2 instances with this ID

aws.ec2.instanceId: i-1234567890abcdef0

aws.ec2.instanceState

Select the name of the instance state (e.g. PENDING, RUNNING, TERMINATED, STOPPED, etc) you're interested in. Select from names in the drop-down menu.

Example

Find running EC2 instances

aws.ec2.instanceState: RUNNING

aws.ec2.instanceType

Select the type of instance you're interested in. Select from names in the drop-down menu.

Example

Find EC2 instances with instance type t2.micro

aws.ec2.instanceType: t2.micro

aws.ec2.isQualysScanner

Use the values true | false to define whether the EC2 asset is a Qualys scanner.

Examples

Show findings where assets are scanners

aws.ec2.isQualysScanner: true

Show findings where assets are not scanners

aws.ec2.isQualysScanner: false

aws.ec2.kernelId

Use a text value ##### to find EC2 instances by kernel ID (AKI).

Example

Find EC2 instances with this kernel ID

aws.ec2.kernelId: aki-70ab0c10

aws.ec2.launchDate

Use a date range or specific date to define when the EC2 instance launched. Enter dates in yyyy-mm-dd format.

Examples

Find EC2 instances launched within certain dates

aws.ec2.launchDate: [2017-06-15 ... 2017-06-30]

Find EC2 instances launched on specific date

aws.ec2.launchDate:'2017-08-15'

aws.ec2.privateDNS

Use a text value ##### to define a private DNS address you're interested in.

Example

Find the EC2 instance with this private DNS address

aws.ec2.privateDNS: ip-10-90-2-85.ec2.internal

aws.ec2.privateIpAddress

Use a text value ##### to define a private IPv4 address or range of IPs you're interested in.

Examples

Find EC2 instances with this private IP address

aws.ec2.privateIpAddress: 10.90.0.119

Find EC2 instances within this IP range

aws.ec2.privateIpAddress: [10.1.78.23 ... 10.100.78.235]

aws.ec2.publicDNS

Use a text value ##### to define a public DNS address you're interested in.

Example

Find the EC2 instance with this public DNS address

aws.ec2.publicDNS: ec2-52-70-141-154.compute-1.amazonaws.com

aws.ec2.publicIpAddress

Use a text value ##### to define a public IPv4 address or range of IPs you're interested in.

Examples

Find EC2 instances with this public IP address

aws.ec2.publicIpAddress: 52.70.141.154

Find EC2 instances within this IP range

aws.ec2.publicIpAddress: [52.70.141.154 ... 52.70.141.164]

aws.ec2.region.code

Select the code of the region you're interested in. Select from codes in the drop-down menu.

Example

Find EC2 instances in the us-east-1 region

aws.ec2.region.code: us-east-1

aws.ec2.region.name

Select the name of the region you're interested in. Select from names in the drop-down menu.

Example

Find EC2 instances in the US East (N. Virginia) region

aws.ec2.region.name: US East (N. Virginia)

aws.ec2.spotInstance

Use the values true | false to define whether your EC2 instance is a Spot instance.

Examples

Show EC2 Spot instances

aws.ec2.spotInstance: "true"

Show EC2 instances that are not Spot instances

aws.ec2.spotInstance: "false"

aws.ec2.subnetId

Use a text value ##### to find EC2 instances by the ID of the subnet in which the interface resides.

Example

Find EC2 instances with this subnet ID

aws.ec2.subnetId: subnet-bc02c0d4

aws.ec2.vpcId

Use a text value ##### to find EC2 instances by the ID of the VPC in which the interface resides.

Example

Find EC2 instances with this VPC ID

aws.ec2.vpcId: vpc-1e37cd76

aws.tags

Use a text value ##### to find EC2 instances with a certain AWS tag key and value (both are case insensitive).

Example

Find EC2 instances with an AWS tag with key "abc" and value "xyz"

aws.tags: (key:abc and value:xyz)

aws.tags.key

Use a text value ##### to find EC2 instances with a certain AWS tag key/name (case insensitive).

Examples

Find EC2 instances with key "devops"

aws.tags.key: devops

Find EC2 instances with key starting "dev"

aws.tags.key: dev*

Find EC2 instances with key ending "ops"

aws.tags.key: *ops

aws.tags.value

Use a text value ##### to find EC2 instances with a certain AWS tag value (case insensitive).

Examples

Find EC2 instances with tag value "dailybuild"

aws.tags.value: dailybuild

Find EC2 instances with tag value starting "daily"

aws.tags.value: daily*

Find EC2 instances with tag value ending "build"

aws.tags.value: *build

 

Microsoft Azure

Use these tokens when searching Microsoft Azure assets on the Assets list.

azure.tags

Use a text value ##### to find Azure instances with a certain tag name and value. Both are case insensitive.

Example

Find Azure instances with a tag with name "abc" and value "xyz"

azure.tags: (name:abc and value:xyz)

azure.tags.name

Use a text value ##### to find Azure instances with a certain tag name (case insensitive).

Examples

Find Azure instances with name "devops"

azure.tags.name: devops

Find Azure instances with name starting "dev"

azure.tags.name: dev*

Find Azure instances with name ending "ops"

azure.tags.name: *ops

azure.tags.value

Use a text value ##### to find Azure instances with a certain tag value (case insensitive).

Examples

Find Azure instances with tag value "dailybuild"

azure.tags.value: dailybuild

Find Azure instances with tag value starting "daily"

azure.tags.value: daily*

Find Azure instances with tag value ending "build"

azure.tags.value: *build

azure.vm.imageOffer

Use a text value ##### to define the image offer name (i.e. UbuntuServer or WindowsServer) for images deployed from the Azure image gallery.

Examples

Find Azure instances related to name

azure.vm.imageOffer: UbuntuServer

Find Azure instances that match exact value

azure.vm.imageOffer: `UbuntuServer`

azure.vm.imagePublisher

Use a text value ##### to define the name of the Azure virtual machine image publisher (i.e. Canonical or MicrosoftWindowsServer).

Examples

Find Azure instances related to name

azure.vm.imagePublisher: Canonical

Find Azure instances that match exact value

azure.vm.imagePublisher: `Canonical`

azure.vm.imageVersion

Use a text value ##### to define the version of the Azure virtual machine image sku you're interested in.

Example

Find Azure instances with this sku version

azure.vm.imageVersion: 16.04.201708030

azure.vm.location

Use a text value ##### to define the region you're interested in.

Example

Find Azure instances in this location

azure.vm.location: westus

azure.vm.macAddress

Use a text value ##### to define the MAC address you're interested in.

Example

Find Azure instances with this MAC address

azure.vm.macAddress: '000D3A36DDED'

azure.vm.name

Use a text value ##### to find the Azure virtual machine name you're looking for.

Examples

Find Azure instances related to name

azure.vm.name: avset2

Find Azure instances that match exact value

azure.vm.name: `avset2`

azure.vm.platform

Use a text value ##### to define the operating system platform (Linux or Windows) of the Azure virtual machine.

Example

Find Azure instances on Windows platform

azure.vm.platform: Windows

azure.vm.privateIpAddress

Use a text value ##### to define a private IPv4 address or range of IPs you're interested in.

Examples

Find Azure instances with this private IP

azure.vm.privateIpAddress: 10.1.2.5

Find Azure instances within this IP range

azure.vm.privateIpAddress: [10.1.2.5 ... 10.1.2.33]

azure.vm.publicIpAddress

Use a text value ##### to define a public IPv4 address or range of IPs you're interested in.

Examples

Find Azure instances with this public IP

azure.vm.publicIpAddress: 13.126.125.189

Find Azure instances within this IP range

azure.vm.publicIpAddress: [13.126.125.180 ... 13.126.125.255]

azure.vm.resourceGroupName

Use a text value ##### to define the name of the resource group you're interested in.

Examples

Find Azure instances related to name

azure.vm.resourceGroupName: my-eastus-rg

Find Azure instances that match exact value

azure.vm.resourceGroupName: `my-eastus-rg`

azure.vm.size

Use a text value ##### to help you find Azure VM instances with a certain virtual machine size.

Example

Find Azure instances with this size

azure.vm.size: Standard_D1

azure.vm.state

Select the name of the instance state (e.g. DEALLOCATED, RUNNING, STOPPED, etc) you're interested in. Select from names in the drop-down menu.

Example

Find running Azure instances

azure.vm.state: RUNNING

azure.vm.subnet

Use a text value ##### to define the Azure virtual machine subnet you're interested in.

Example

Find Azure instances with this subnet

azure.vm.subnet: 10.1.2.0

azure.vm.subscriptionId

Use a text value ##### to define the subscription ID of the Azure virtual machine subscription.

Example

Find Azure instances with this subscription ID

azure.vm.subscriptionId: fbb9ea64-abda-452e-adfa-83442409

azure.vm.vmId

Use a text value ##### to define the Azure virtual machine ID you're looking for.

Example

Find Azure instances with this ID

azure.vm.vmId: 13f56399-bd52-4150-9748-7190aae1ff21

 

Google Cloud Platform

Use these tokens when searching Google Cloud Platform assets on the Assets list.

gcp.compute.hostname

Use a text value ##### to define the hostname you're looking for.

Examples

Find GCP instances related to name

gcp.compute.hostname: instance-5.c.qvsa-dev.internal

Find GCP instances that match exact value

gcp.compute.hostname: `instance-5.c.qvsa-dev.internal`

gcp.compute.instanceId

Use a text value ##### to define the Google Compute instance ID you're looking for.

Example

Find GCP instances with this ID

gcp.compute.instanceId: 4392196237934605253

gcp.compute.macAddress

Use a text value ##### to define the MAC address you're interested in.

Example

Find GCP instances with this MAC address

gcp.compute.macAddress: '000D3A36DDED'

gcp.compute.machineType

Use a text value ##### to define the machine type of the virtual machine instance you're interested in.

Examples

Find GCP instances related to name

gcp.compute.machineType: n1-standard-1

Find GCP instances that match exact value

gcp.compute.machineType: `n1-standard-1`

gcp.compute.network

Use a text value ##### to find GCP instances by the VPC network the instance belongs to.

Example

Find GCP instances with this network

gcp.compute.network: 000D3A36DDED

gcp.compute.privateIpAddress

Use a text value ##### to define a private IPv4 address or range of IPs you're interested in.

Examples

Find GCP instances with this private IP

gcp.compute.privateIpAddress: 10.240.0.7

Find GCP instances with this private IP range

gcp.compute.privateIpAddress: [10.240.0.7 ... 10.240.0.30]

gcp.compute.projectId

Use a text value ##### to define the project ID assigned to the GCP Console project the instance belongs to.

Examples

Find GCP instances related to ID

gcp.compute.projectId: qvsa-dev

Find GCP instances that match exact value

gcp.compute.projectId: `qvsa-dev`

gcp.compute.projectNumber

Use an integer value ##### to define the project number assigned to the GCP Console project the instance belongs to.

Examples

Find GCP instances related to this number

gcp.compute.projectNumber: 1035365309337

Find GCP instances that match exact value

gcp.compute.projectNumber: `1035365309337`

gcp.compute.publicIpAddress

Use a text value ##### to define a public IPv4 address or range of IPs you're interested in.

Examples

Find GCP instances with this public IP

gcp.compute.publicIpAddress: 104.196.57.216

Find GCP instances within this IP range

gcp.compute.publicIpAddress: [104.196.57.216 ... 104.196.57.218]

gcp.compute.zone

Use a text value ##### to define the zone of the GCP instance you're looking for

Examples

Find GCP instances related to name

gcp.compute.zone: us-east1-d

Find GCP instances that match exact value

gcp.compute.zone: `us-east1-d`

gcp.compute.state

Select the state of the GCP instance (e.g. DEALLOCATED, PENDING, RUNNING, SHUTTING DOWN, STOPPED, STOPPING, TERMINATED, etc) you're interested in. Select the state from the drop-down menu.

Examples

Find running GCP instances

gcp.compute.state: RUNNING

 

Passive Scanner only

asset.fqdn

Use a text value ##### to define the asset FQDN name you're looking for.

Example

Show the asset with this FQDN

asset.fqdn:ACMENVT7.acme.com

hardware.typingConfidence

Use a text value ##### to define the hardware typing confidence you're looking for, i.e. HIGH, MEDIUM, LOW.

Example

Show this hardware typing confidence

hardware.typingConfidence:HIGH

inventory.scannerID

Use an integer value ##### to help you find assets scanned by a certain scanner appliance ID.

Example

Show this scanner appliance ID

inventory.scannerID:345678892

inventory.scannerName

Use a text value ##### to help you find assets based on specific scanner appliance name.

Examples

Show assets with scanner name as ITCorp-appliance

inventory.scannerName:ITCorp-appliance

openPorts.lastFound

Use a date range or specific date to define when open ports were last found.

Examples

Show open ports found within certain dates

openPorts.lastFound: [2019-01-01 ... 2019-01-15]

Show open ports found starting 2019-01-15, ending 3 months ago

openPorts.lastFound: [2019-01-15 ... now-3M]

Show open ports found starting 2 weeks ago, ending 1 second ago

openPorts.lastFound: [now-2w ... now-1s]

Show open ports found on a specific date

openPorts.lastFound:'2019-03-18'

openPort.lastUpdated

Use a date range or specific date to define when ports on assets were last updated (i.e. when re-scanned by a scanner appliance, or when host data uploaded to the cloud platform by an agent).

Examples

Show ports updated within certain dates

openPort.lastUpdated: [2019-01-01 ... 2019-01-15]

Show ports updated starting 2019-01-15, ending 3 months ago

openPort.lastUpdated: [2019-01-15 ... now-3M]

Show ports updated starting 2 weeks ago, ending 1 second ago

openPort.lastUpdated: [now-2w ... now-1s]

Show ports updated on a specific date

openPort.lastUpdated:'2019-03-18'

operatingSystem.typingConfidence

Use a text value ##### to define the OS typing confidence you're interested in, i.e. HIGH, MEDIUM, LOW.

Example

Show this OS typing confidence

operatingSystem.typingConfidence:MEDIUM

traffic.timestamp

Use a date range or specific date to find assets as per traffic timestamp.

Examples

Show assets with traffic timestamp 2019-03-18

traffic.timestamp:'2019-03-18'

Show assets with traffic timestamp within certain dates

traffic.timestamp:[2019-01-01 ... 2019-01-15]

Show assets with traffic timestamp starting 2019-01-15, ending 1 month ago

traffic.timestamp:[2019-01-15 ... now-1M]

Show assets with traffic timestamp starting 2 weeks ago, ending 1 second ago

traffic.timestamp:[now-2w ... now-1s]

traffic.total

Use an integer value ##### to find assets having specific amount of total traffic in MBs (both ingress and egress).

Example

Show assets with 100 MB total traffic

traffic.total:100

traffic.ingress

Use an integer value ##### to find assets having specific amount of ingress traffic in MBs.

Example

Show assets with 60 MB ingress traffic

traffic.ingress:60

traffic.egress

Use an integer value ##### to find assets having specific amount of egress traffic in MBs.

Example

Show assets with 40 MB egress traffic

traffic.egress:40

traffic.protocol

Use a text value ##### to find assets with traffic over specific protocol.

Example

Show assets with traffic over TCP

traffic.protocol:tcp

traffic.port

Use a integer value ##### to find assets with traffic over specific port.

Example

Show assets with traffic over port 80

traffic.port:80

traffic.type

Use a text value ##### to find assets with traffic of a specific type (client or server).

Example

Show assets with client traffic

traffic.type:client

traffic.family

Use a text value ##### to find assets with traffic of a specific family.

Example

Show assets with peer to peer traffic

traffic.family:Peer to Peer

traffic.application

Use a text value ##### to find assets with traffic from a specific application.

Example

Show assets with traffic from BitTorrent

traffic.application:BitTorrent

traffic.service

Use a text value ##### to find assets with traffic from a specific service.

Example

Show assets with traffic from HTTP

traffic.service:http