A complete list of tokens for writing search queries is provided below.
General | AWS EC2 | IBM | Microsoft Azure | Google Cloud Platform | Alibaba Cloud Platform | Assets | Oracle Cloud Compute Instance
Use a boolean query to express your query using AND logic.
Example
Show findings with AWS EC2 accountId and availability zone
aws.ec2.accountId: 123456789012 and aws.ec2.availabilityZone: us-east-1a
Use a boolean query to express your query using NOT logic.
Example
Show findings that are not specific AWS instance type
not aws.ec2.instanceType: t2.micro
Use a boolean query to express your query using OR logic.
Example
Show findings with one of these aws tag values
aws.tag: Finance or aws.tag: Accounting
Quick links: AWS EC2 | Microsoft Azure | Google Cloud Platform | Alibaba Cloud Platform | Assets | Threat Protection | Compliance
Use these tokens when searching your AWS EC2 assets on the Assets list.
- Your results may return Terminated instances. It's recommended you include aws.ec2instanceState in your query to reduce the number of results.
- The syntax is different when writing queries for tag rules than when searching assets in the Assets list. Be sure to follow the syntax tips in the drop-down when writing your query.
Use a text value ##### to find EC2 instances with a certain account ID.
Examples
Find EC2 instances that match this account ID
aws.ec2.accountId: 123456789012
Find EC2 instances with account ID starting "12345"
aws.ec2.accountId: 12345*
Find EC2 instances where account ID is null (remove the colon)
aws.ec2.accountId is null
Use a text value ##### to find EC2 instances by the availability zone in which the instance launched.
Example
Find EC2 instances in the us-east-1a availability zone
aws.ec2.availabilityZone: us-east-1a
Use the values true | false to define whether the EC2 asset has a cloud agent.
Examples
Show findings with a cloud agent
aws.ec2.hasAgent: true
Show findings without a cloud agent
aws.ec2.hasAgent: false
Use a text value ##### to find the EC2 hostname you're looking for.
Examples
Find instances related to name
aws.ec2.hostname: abc.qualys.com
Find instances that match exact value
aws.ec2.hostname: `abc.qualys.com`
Use a text value ##### to find EC2 instances with a certain Image (AMI) ID.
Examples
Find instances related to the Image ID
aws.ec2.imageId: ami-2ea83347
Find instances that match exact value
aws.ec2.imageId: `ami-2ea83347`
Use a text value ##### to find EC2 instances by the instance ID.
Example
Find EC2 instances with this ID
aws.ec2.instanceId: i-1234567890abcdef0
Select the name of the instance state (e.g. PENDING, RUNNING, TERMINATED, STOPPED, etc) you're interested in. Select from names in the drop-down menu.
Example
Find running EC2 instances
aws.ec2.instanceState: RUNNING
Select the type of instance you're interested in. Select from names in the drop-down menu.
Example
Find EC2 instances with instance type t2.micro
aws.ec2.instanceType: t2.micro
Use the values true | false to define whether the EC2 asset is a Qualys scanner.
Examples
Show findings where assets are scanners
aws.ec2.isQualysScanner: true
Show findings where assets are not scanners
aws.ec2.isQualysScanner: false
Use a text value ##### to find EC2 instances by kernel ID (AKI).
Example
Find EC2 instances with this kernel ID
aws.ec2.kernelId: aki-70ab0c10
Use a date range or specific date to define when the EC2 instance launched. Enter dates in yyyy-mm-dd format.
Examples
Find EC2 instances launched within certain dates
aws.ec2.launchDate: [2017-06-15 ... 2017-06-30]
Find EC2 instances launched on specific date
aws.ec2.launchDate:'2017-08-15'
Use a text value ##### to define a private DNS address you're interested in.
Example
Find the EC2 instance with this private DNS address
aws.ec2.privateDns: ip-10-90-2-85.ec2.internal
Use a text value ##### to define a private IPv4 address or range of IPs you're interested in.
Examples
Find EC2 instances with this private IP address
aws.ec2.privateIpAddress: 10.90.0.119
Find EC2 instances within this IP range
aws.ec2.privateIpAddress: [10.1.78.23 ... 10.100.78.235]
Use a text value ##### to define a public DNS address you're interested in.
Example
Find the EC2 instance with this public DNS address
aws.ec2.publicDns: ec2-52-70-141-154.compute-1.amazonaws.com
Use a text value ##### to define a public IPv4 address or range of IPs you're interested in.
Examples
Find EC2 instances with this public IP address
aws.ec2.publicIpAddress: 52.70.141.154
Find EC2 instances within this IP range
aws.ec2.publicIpAddress: [52.70.141.154 ... 52.70.141.164]
Select the code of the region you're interested in. Select from codes in the drop-down menu.
Example
Find EC2 instances in the us-east-1 region
aws.ec2.region.code: us-east-1
Select the name of the region you're interested in. Select from names in the drop-down menu.
Example
Find EC2 instances in the US East (N. Virginia) region
aws.ec2.region.name: US East (N. Virginia)
Use the values true | false to define whether your EC2 instance is a Spot instance.
Examples
Show EC2 Spot instances
aws.ec2.spotInstance: "true"
Show EC2 instances that are not Spot instances
aws.ec2.spotInstance: "false"
Use a text value ##### to find EC2 instances by the ID of the subnet in which the interface resides.
Example
Find EC2 instances with this subnet ID
aws.ec2.subnetId: subnet-bc02c0d4
Use a text value ##### to find EC2 instances by the ID of the VPC in which the interface resides.
Example
Find EC2 instances with this VPC ID
aws.ec2.vpcId: vpc-1e37cd76
Use a text value ##### to find EC2 instances with a certain AWS tag key and value (both are case insensitive).
Example
Find EC2 instances with an AWS tag with key "abc" and value "xyz"
aws.tag: (key:abc and value:xyz)
Use a text value ##### to find EC2 instances with a certain AWS tag key/name (case insensitive).
Examples
Find EC2 instances with key "devops"
aws.tag.key: devops
Find EC2 instances with key starting "dev"
aws.tag.key: dev*
Find EC2 instances with key ending "ops"
aws.tag.key: *ops
Use a text value ##### to find EC2 instances with a certain AWS tag value (case insensitive).
Examples
Find EC2 instances with tag value "dailybuild"
aws.tag.value: dailybuild
Find EC2 instances with tag value starting "daily"
aws.tag.value: daily*
Find EC2 instances with tag value ending "build"
aws.tag.value: *build
Use these token when searching IBM assets on the Assets list.
Use a text value ##### to find IBM instances with a certain tag name.
Example
Find IBM instances with this tag name
ibm.tag.name: name:abc
Use a text value ##### to find IBM instances with a certain value.
Example
Find IBM instances with this tag value
ibm.tag.value: 'centos7'
Use a text value ##### to find IBM virtual server with a certain account ID.
Example
Find IBM virtual server with this Id
ibm.virtualServer.id: '123741814'
Use a text value ##### to find IBM virtual server with a certain location.
Example
Find IBM virtual server with this location
ibm.virtualServer.location: 'dal13'
Use a text value ##### to find IBM virtual server datacenter with a certain id.
Example
Find IBM virtual server datacenter with this Id
ibm.virtualServer.datacenterId: '1854895'
Use a text value ##### to find IBM virtual server with device name.
Example
Find IBM virtual server with this device name
ibm.virtualServer.deviceName: 'virtualserver01.Qualys-Inc.cloud'
Use a numerical value ##### to find IBM virtual server with specific public IP address.
Example
Find IBM virtual server with this public IP address
ibm.virtualServer.publicIpAddress: '150.238.75.107'
Use a numerical value ##### to find IBM virtual server with specific private IP address.
Example
Find IBM virtual server with this private IP address
ibm.virtualServer.privateIpAddress: '10.187.94.40'
Use a numerical value ##### to find IBM virtual server with specific public vlan.
Example
Find IBM virtual server with this public vlan
ibm.virtualServer.publicVlan: '1796'
Use a numerical value ##### to find IBM virtual server with specific private vlan.
Example
Find IBM virtual server with this private vlan
ibm.virtualServer.privateVlan: '2236'
Use a text value ##### to find IBM virtual server with specific domain.
Example
Find IBM virtual server with this domain
ibm.virtualServer.domain: 'Qualys-Inc.cloud'
Use these tokens when searching Microsoft Azure assets on the Assets list.
Use a text value ##### to find Azure instances with a certain tag name and value. Both are case insensitive.
Example
Find Azure instances with a tag with name "abc" and value "xyz"
azure.tag: (name:abc and value:xyz)
Use a text value ##### to find Azure instances with a certain tag name (case insensitive).
Examples
Find Azure instances with name "devops"
azure.tag.name: devops
Find Azure instances with name starting "dev"
azure.tag.name: dev*
Find Azure instances with name ending "ops"
azure.tag.name: *ops
Use a text value ##### to find Azure instances with a certain tag value (case insensitive).
Examples
Find Azure instances with tag value "dailybuild"
azure.tag.value: dailybuild
Find Azure instances with tag value starting "daily"
azure.tag.value: daily*
Find Azure instances with tag value ending "build"
azure.tag.value: *build
Use a text value ##### to define the image offer name (i.e. UbuntuServer or WindowsServer) for images deployed from the Azure image gallery.
Examples
Find Azure instances related to name
azure.vm.imageOffer: UbuntuServer
Find Azure instances that match exact value
azure.vm.imageOffer: `UbuntuServer`
Use a text value ##### to define the name of the Azure virtual machine image publisher (i.e. Canonical or MicrosoftWindowsServer).
Examples
Find Azure instances related to name
azure.vm.imagePublisher: Canonical
Find Azure instances that match exact value
azure.vm.imagePublisher: `Canonical`
Use a text value ##### to define the version of the Azure virtual machine image sku you're interested in.
Example
Find Azure instances with this sku version
azure.vm.imageVersion: 16.04.201708030
Use a text value ##### to define the region you're interested in.
Example
Find Azure instances in this location
azure.vm.location: westus
Use a text value ##### to define the MAC address you're interested in.
Example
Find Azure instances with this MAC address
azure.vm.macAddress: '000D3A36DDED'
Use a text value ##### to find the Azure virtual machine name you're looking for.
Examples
Find Azure instances related to name
azure.vm.name: avset2
Find Azure instances that match exact value
azure.vm.name: `avset2`
Use a text value ##### to define the operating system platform (Linux or Windows) of the Azure virtual machine.
Example
Find Azure instances on Windows platform
azure.vm.platform: Windows
Use a text value ##### to define a private IPv4 address or range of IPs you're interested in.
Examples
Find Azure instances with this private IP
azure.vm.privateIpAddress: 10.1.2.5
Find Azure instances within this IP range
azure.vm.privateIpAddress: [10.1.2.5 ... 10.1.2.33]
Use a text value ##### to find Azure instances that belong to a specific virtual network.
Examples
Find Azure instances with this virtual network
azure.vm.virtualNetwork: `mburton01-vnet`
Use a text value ##### to define a public IPv4 address or range of IPs you're interested in.
Examples
Find Azure instances with this public IP
azure.vm.publicIpAddress: 13.126.125.189
Find Azure instances within this IP range
azure.vm.publicIpAddress: [13.126.125.180 ... 13.126.125.255]
Use a text value ##### to define the name of the resource group you're interested in.
Examples
Find Azure instances related to name
azure.vm.resourceGroupName: my-eastus-rg
Find Azure instances that match exact value
azure.vm.resourceGroupName: `my-eastus-rg`
Use a text value ##### to help you find Azure VM instances with a certain virtual machine size.
Example
Find Azure instances with this size
azure.vm.size: Standard_D1
Select the name of the instance state (e.g. DEALLOCATED, RUNNING, STOPPED, TERMINATED, etc) you're interested in. Select from names in the drop-down menu.
Example
Find running Azure instances
azure.vm.state: RUNNING
Use a text value ##### to define the Azure virtual machine subnet you're interested in.
Example
Find Azure instances with this subnet
azure.vm.subnet: 10.1.2.0
Use a text value ##### to define the subscription ID of the Azure virtual machine subscription.
Example
Find Azure instances with this subscription ID
azure.vm.subscriptionId: fbb9ea64-abda-452e-adfa-83442409
Use a text value ##### to define the Azure virtual machine ID you're looking for.
Example
Find Azure instances with this ID
azure.vm.vmId: 13f56399-bd52-4150-9748-7190aae1ff21
Use these tokens when searching Google Cloud Platform assets on the Assets list.
Use a text value ##### to define the hostname you're looking for.
Examples
Find GCP instances related to name
gcp.compute.hostname: instance-5.c.qvsa-dev.internal
Find GCP instances that match exact value
gcp.compute.hostname: `instance-5.c.qvsa-dev.internal`
Use a text value ##### to define the Google Compute instance ID you're looking for.
Example
Find GCP instances with this ID
gcp.compute.instanceId: 4392196237934605253
Use a text value ##### to define the MAC address you're interested in.
Example
Find GCP instances with this MAC address
gcp.compute.macAddress: '000D3A36DDED'
Use a text value ##### to define the machine type of the virtual machine instance you're interested in.
Examples
Find GCP instances related to name
gcp.compute.machineType: n1-standard-1
Find GCP instances that match exact value
gcp.compute.machineType: `n1-standard-1`
Use a text value ##### to find GCP instances by the VPC network the instance belongs to.
Example
Find GCP instances with this network
gcp.compute.network: 000D3A36DDED
Use a text value ##### to define a private IPv4 address or range of IPs you're interested in.
Examples
Find GCP instances with this private IP
gcp.compute.privateIpAddress: 10.240.0.7
Find GCP instances with this private IP range
gcp.compute.privateIpAddress: [10.240.0.7 ... 10.240.0.30]
Use a text value ##### to define the project ID assigned to the GCP Console project the instance belongs to.
Examples
Find GCP instances related to ID
gcp.compute.projectId: qvsa-dev
Find GCP instances that match exact value
gcp.compute.projectId: `qvsa-dev`
Use an integer value ##### to define the project number assigned to the GCP Console project the instance belongs to.
Examples
Find GCP instances related to this number
gcp.compute.projectNumber: 1035365309337
Find GCP instances that match exact value
gcp.compute.projectNumber: `1035365309337`
Use a text value ##### to define a public IPv4 address or range of IPs you're interested in.
Examples
Find GCP instances with this public IP
gcp.compute.publicIpAddress: 104.196.57.216
Find GCP instances within this IP range
gcp.compute.publicIpAddress: [104.196.57.216 ... 104.196.57.218]
Use a text value ##### to define the zone of the GCP instance you're looking for
Examples
Find GCP instances related to name
gcp.compute.zone: us-east1-d
Find GCP instances that match exact value
gcp.compute.zone: `us-east1-d`
Select the state of the GCP instance (e.g. DEALLOCATED, PENDING, RUNNING, SHUTTING DOWN, STOPPED, STOPPING, TERMINATED, etc) you're interested in. Select the state from the drop-down menu.
Examples
Find running GCP instances
gcp.compute.state: RUNNING
Use these tokens when searching Alibaba Cloud Platform assets on the Assets list.
Use the values true | false to define whether the alibaba instances have a cloud agent installed.
Examples
Find instances with a cloud agent
alibaba.instance.hasAgent: "true"
Show instances which do not have cloud agent installed
alibaba.instance.hasAgent: "false"
Use a text value ##### to find alibaba cloud instances with a certain ID.
Example
Find instances with given ID
alibaba.instance.instanceId: i-a2dxxxxsxxxxxhdfax
Use a text value ##### to find alibaba cloud instances with a certain instance type: ecs.t5-lc1m2.small, ecs.t5-lc1m2.nano
Example
Find alibaba cloud instances with given instance type
alibaba.instance.instanceType: ecs.t5-lc2m1.nano
Use the text value to find alibaba cloud instances in a selected state: MOVING, PROVISIONING, RUNNING, STARTING, STOPPING, STOPPED, CREATING_IMAGE, TERMINATING, TERMINATED.
Examples
Find instances in a RUNNING state
alibaba.instance.instanceState: "RUNNING"
Use a text value ##### to find alibaba cloud instances with the specified image ID that is used during instance creation.
Example
Find instances related to the given image ID
alibaba.instance.imageId: ubuntu_14_0405_64_20G_alibase_20170824.vhd
Use a text value ##### to find alibaba cloud instances with a certain account ID.
Examples
Find instances with the given alibaba account ID
alibaba.instance.accountId: 587xxxxxxx
Use an integer value ##### to find alibaba cloud instances that belong to the specific serial number.
Examples
Find instances that belong to the given serial number
alibaba.instance.serialNumber: 12trexxxxr-3xx-xxx-rtg4-xxxx6t45
Use a text value ##### to find the alibaba cloud instances that belong to the specific region code.
Example
Find instances that belong to the given region code
alibaba.instance.region.id: "ap-south-1"
Use a text value ##### to find the alibaba cloud instances that belong to the specific region name. Select a value from the drop-down list.
Example
Find instances that belong to the given region name
alibaba.instance.regionName: "India (Mumbai)"
Use a text value ##### to find alibaba cloud instances that belong to the specific zone ID.
Example
Find instances that belong to the given zone ID
alibaba.instance.zoneId: ap-south-1b
Use a text value ##### to find alibaba cloud instances that belong to the specific virtual private clouds (VPC) ID.
Example
Find instances that belong to the given VPC ID
alibaba.instance.vpcId: vpc-a2d6pxxxxvvdadd5yikj
Use a text value #####to find the alibaba cloud instances associated with the hostname.
Examples
Find instances that are associate with the given hostname
alibaba.instance.hostName: abc.qualys.com
Use the value to find the aliababa cloud instances that are associated with the Domain Name System (DNS) configuration.
Example
Find instances that are associated with the given DNS configurations
alibaba.instance.dnsServer:100.xxx.x.xxx
Use a text value ##### to find alibaba cloud instances with private IPv4 address or range of IPs assigned to NIC.
Examples
Find instances with the given private IP address.
alibaba.instance.privateIpAddress:192.168.XX.XX
Find instances with the given private IP address
alibaba.instance.privateIpAddress: [192.168.XX.XX.....192.168.XX.XX]
Use a text value ##### to find alibaba cloud instances with public IPv4 address or range of IPs.
Example
Find instances with the given public IP address
alibaba.instance.publicIpAddress:149.xx.xx.xx
Find instances with the given public IP address
alibaba.instance.publicIpAddress: [149.xx.xx.xx... 149.xx.xx.xx]
Use a text value ##### to find alibaba cloud instances with the specific MAC address.
Example
Find instances with the given MAC address
alibaba.instance.macAddress: 00:16:3e:0f:XX:XX
Use a text value ##### to find alibaba cloud instances that belongs to the CIDR block of the VPC network.
Example
Find instances belonging to given CIDR block of VPC network
alibaba.instance.vpcCidrBlock: 172.xx.x.x/16
Use a text value ##### to find alibaba cloud instances that is connected to the vSwitch ID.
Example
Find instances connected with the give vSwicth ID
alibaba.instance.vswitchId: vsw-a2dxxxoxxxxsqx1mxxxdd
Use a text value ##### to find alibaba cloud instances by ID of network interface controllers (NICs).
Examples
Find instances connected with the given interface ID
alibaba.instance.interfaceId: eni-a2dxxxxaixxxtux572
Use a text value ##### to find alibaba cloud instances that are connected to the CIDR block of vSwitch.
Example
Find instances connected the given CIDR block of vSwitch
alibaba.instance.vswitchCidrBlock:192.168.XX.XX/24
Select the network type (vpc, classic) of the alibaba cloud instances.
Example
Choose the network type to find cloud instances
alibaba.instance.networkType:vpc
All tokens below are available with AssetView.
Use a text value ##### to find the username you're looking for.
Example
Show assets with this exact username (case sensitive)
account.username: Administrator
Show assets with username starting with "Admin" (case sensitive)
account.username: Admin
Select the name ##### of an activated module you're interested in. Select from names in the drop-down menu.
Examples
Show assets activated for VM
sensor.activatedForModules: "VM"
Show assets activated for VM and PA/PC
sensor.activatedForModules: "VM" AND sensor.activatedForModules: "PC"
Use a text value ##### to define the agent activation key you're interested in.
Example
Show assets with agents activated using this key
agent.activations.key: 057cc48a-8d84-48eb-add4-97a605d0567d
Select the agent activation status (ACTIVE, INACTIVE, UNSUPPORTED) you're interested in. Select from names in the drop-down menu.
Example
Show assets with active agents
agent.activations.status: ACTIVE
Select the agent status (ACTIVE or INACTIVE) you're interested in.
Examples
Show assets with active agents, where the Agent has communicated in last 48 hours
agent.status: "ACTIVE"
Show assets with inactive agents, where the Agent has not communicated in last 48 hours
agent.status: "INACTIVE"
Use a text value ##### to find an agent ID of interest.
Example
Show the asset with this agent ID
agentID: f0c8e682-e9cc-4e7d-b92a-0c905d81ec74
Use a text value ##### to find the agent version you're interested in.
Example
Show findings with agent version 1.3.2.0
agent.version: 1.3.2.0
Select the platform type to search the assets based on operating system of host asset.
Example
Show the list of assets with Windows platform.
platform.type:'Windows'
Use quotes or backticks within values to help you find the agent configuration profile you're looking for. Quotes can be used when the value has more than one word.
Examples
Show any findings related to profile name
agent.configurationProfile: Initial Profile
Show any findings that contain parts of the name
agent.configurationProfile: "Initial Profile"
Show any findings that match exact value
agent.configurationProfile: `Initial Profile`
Use an integer value ##### to help you find assets with some number of CPUs.
Example
Show assets that have 2 CPUs
asset.cpuCount: 2
Use a text value ##### to define the external IP address a cloud agent connected from.
Example
Show findings for an external IP address that an agent connected from
agent.connectedFrom: 10.0.100.11
Use a date range or specific date to define when assets were asset.createdDate (i.e. when first scanned by a scanner appliance, or when agent was installed).
Examples
Show assets asset.createdDate within certain dates
asset.createdDate: [2016-01-01 ... 2016-01-10]
Show assets asset.createdDate starting 2015-10-01, ending 1 month ago
asset.createdDate: [2015-10-01 ... now-1M]
Show assets asset.createdDate starting 2 weeks ago, ending 1 second ago
asset.createdDate: [now-2w ... now-1s]
Show assets asset.createdDate on specific date
asset.createdDate:'2016-01-08'
Use the values true | false to define agents with or without error status.
Example
Show agents with error status
agent.errorStatus: "true"
Use the values true | false to define whether or not agents are FIM capable. agent.fimCapable search is not supported for all operating systems. Check the Cloud Agent Getting Started Guide for platform/OS support.
Examples
Show agents that are FIM capable and activated for FIM
agent.fimCapable: "true"
Show agents that are not FIM capable but can be upgraded to FIM capability
agent.fimCapable: "false"
Use an integer value ##### to help you find the asset with a certain Qualys host ID (UUID), assigned by an agent or a scanner appliance when Agentless Tracking is used.
Example
Show assets that have this host ID
asset.hostId: 2918869
Use a text value ##### to define an IP address (IPv4 of IPv6) you're interested in. Note that you cannot perform a range search since this is a text field.
Examples
Show the asset with IPv4 address
asset.interface.address: 10.10.100.20
Show the asset with IPv6 address (enclose value in single quotes)
asset.interface.address: 'fe80:0:0:0:2501:b53c:4139:404b'
Use a text value ##### to define a DNS address you're interested in.
Example
Show the asset with DNS address 10.0.100.11
asset.interface.dnsAddress: 10.0.100.11
Use a text value ##### to help you find assets with a certain default gateway address.
Example
Show assets with this default gateway address
asset.interface.gatewayAddress: 10.11.65.1
Find the hostname you're looking for. Search by domain name, use backticks for exact matching, or enter a partial value with an asterisk (*) for suffix/prefix matching.
Examples
Show any findings related to name
asset.interface.hostname: xpsp2-jp-26-111
Show any findings related to name (we'll match super domains)
asset.interface.hostname: com-pa3020-36.eng.sjc01.qualys.com
Show any findings that match exact value
asset.interface.hostname: `xpsp2-jp-26-111`
asset.interface.hostname: `com-pa3020-36.eng.sjc01.qualys.com`
Show any findings that match domain name
asset.interface.hostname: qualys.com
asset.interface.hostname: sjc01.qualys.com
asset.interface.hostname: eng.sjc01.qualys.com
Show any findings starting with string (case sensitive)
asset.interface.hostname: xp*
asset.interface.hostname: com-pa30*
Show any findings ending with string
asset.interface.hostname: *111
asset.interface.hostname: *lys.com
Use a text value ##### to help you find a certain interface name.
Example
Show the asset with name PRO/1000
asset.interface.name: PRO/1000
Use values within quotes to help you find a MAC address you're interested in.
Example
Show the asset with this MAC address
asset.interface.macAddress: "00-50-56-A9-73-5A"
Use a date range or specific date to define when the last activity on the agent occurred.
Examples
Show findings with last activity within certain dates
agent.lastActivityDate: [2016-01-01 ... 2016-01-10]
Show findings with last activity starting 2015-10-01, ending 1 month ago
agent.lastActivityDate: [2015-10-01 ... now-1M]
Show findings with last activity starting 2 weeks ago, ending 1 second ago
agent.lastActivityDate: [now-2w ... now-1s]
Show findings with last activity on a specific date
agent.lastActivityDate:'2015-12-01'
Use a date range or specific date to define when the asset was last checked in to the platform.
Examples
Show findings with last check in within a specific date range.
agent.lastCheckedInDate:[2020-01-01 ... 2020-01-10]
Show findings with last check in starting 2019-11-01, ending 1 month ago.
agent.lastCheckedInDate:[2019-11-01 ... now-1M]
Show findings with last check in starting 2 weeks ago, ending 1 second ago
agent.lastCheckedInDate:[now-2w ... now-1s]
Show findings with last check in on a specific date
agent.lastCheckedInDate:'2020-02-11'
Show findings with last check in before (older than) last 30 days.
agent.lastCheckedInDate<now-30d
Note: We recommend not to use the NOT operator in your range search to form a query like NOT agent.lastCheckedInDate:[now-30d...now-2s]. See 'QQL Best Practices' topic in the Unified Dashboard online Help.
Show findings with last check in within last 30 days excluding day 30
agent.lastCheckedInDate>now-30d
Show findings with last check in within last 30 days including day 30
agent.lastCheckedInDate>=now-30d
Show findings with last check in which is older than last 30 days excluding day 30
agent.lastCheckedInDate<now-30d
Show findings with last check in which is older than last 30 days including day 30
agent.lastCheckedInDate<=now-30d
Use a date range or specific date to define when compliance scans were last conducted.
Examples
Show findings with last compliance scan within certain dates
sensor.lastComplianceScanDate: [2017-01-01 ... 2017-03-31]
Show findings with last compliance scan starting 2016-10-15, ending 1 month ago
sensor.lastComplianceScanDate: [2016-10-15 ... now-1M]
Show findings with last compliance scan starting 2 weeks ago, ending 1 second ago
sensor.lastComplianceScanDate: [now-2w ... now-1s]
Show findings with last compliance scan on specific date
sensor.lastComplianceScanDate:'2017-02-18'
Use a date range or specific date to define when full scans (assessments) were last conducted using Cloud Agent (CA).
Examples
Show findings with last full scan within certain dates
sensor.lastFullScanDate: [2016-01-01 ... 2016-01-10]
Show findings with last full scan starting 2015-10-01, ending 1 month ago
sensor.lastFullScanDate: [2015-10-01 ... now-1M]
Show findings with last full scan starting 2 weeks ago, ending 1 second ago
sensor.lastFullScanDate: [now-2w ... now-1s]
Show findings with last full scan on a specific date
sensor.lastFullScanDate:'2016-02-08'
Use a date range or specific date to define when inventory scans were last conducted by agents. We recommend lastInventoryDate for date range queries using parameters i.e. [now-1M ... now-1s]
Examples
Show findings with last inventory scan within certain dates
agent.lastInventoryDate: [2018-06-01 ... 2018-06-10]
Show findings with last inventory scan on specific date
agent.lastInventoryDate:'2018-07-25'
Use a text value ##### to help you find assets last logged into by a user of interest.
Examples
Show assets with last logon by user asmith
asset.lastLoggedOnUser: asmith
Use a date range or specific date to define when vulnerability scans were last conducted.
Examples
Show findings with last vulnerability scan within certain dates
sensor.lastVmAgentScanDate: [2017-01-01 ... 2017-02-10]
Show findings with last vulnerability scan starting 2016-11-01, ending 1 month ago
sensor.lastVmAgentScanDate: [2016-11-01 ... now-1M]
Show findings with last vulnerability scan starting 2 weeks ago, ending 1 second ago
sensor.lastVmAgentScanDate: [now-2w ... now-1s]
Show findings with last vulnerability scan on specific date
sensor.lastVmAgentScanDate:'2017-04-10'
Use quotes or backticks within values to help you find the asset name you're looking for. Quotes can be used when the value has more than one word.
Examples
Show any findings related to name
asset.name: QK2K12QP3-65-53
Show any findings that match exact value
asset.name: `QK2K12QP3-65-53`
Use a text value ##### to define the NetBIOS name you're interested in.
Examples
Show assets with this exact name (case sensitive)
asset.netbiosName: EC2AMAZ-19OC2IT
Show assets with name starting with "EC2" (case sensitive)
asset.netbiosName: EC2
Show assets with name ending with "c2it" (case insensitive)
asset.netbiosName: *c2it
Use quotes or backticks within values to help you find the service description detected on an open port. Quotes can be used when the value has more than one word.
Examples
Show any findings with this description
openPorts.description: Windows Remote Desktop
Show any findings that contain parts of description
openPorts.description: "Windows Remote Desktop"
Show any findings that match exact value
openPorts.description: `Windows Remote Desktop`
Use quotes or backticks within values to help you find the detected service you're looking for. Quotes can be used when the value has more than one word.
Examples
Show any findings with this service name
openPorts.detectedService: win_remote_desktop
Show any findings that match exact value
openPorts.detectedService: `win_remote_desktop`
Use an integer value ##### to help you find assets with some open port.
Example
Show assets with open port 80
openPorts.port: 80
Use a text value ##### (UDP or TCP) to define the port protocol you're interested in.
Examples
Show findings found on TCP
openPorts.protocol: TCP
Show findings found on port 80 and TCP
openPorts: (port: 80 AND protocol: TCP)
Use quotes or backticks within values to help you find the processor description you're looking for. Quotes can be used when the value has more than one word.
Examples
Show any findings with this description
processor.name: intel
Show any findings that match exact value
processor.name: `intel`
Use an integer value ##### to help you find assets with a certain processor speed.
Example
Show assets with this processor speed
processor.speed: 1995
Select the name ##### of a cloud service provider you're looking for. Select from names in the drop-down menu.
Examples
Show assets synced from Amazon AWS
cloud.provider: "AWS"
Use a text value #### to show assets with specific Qualys Correlation ID.
Example
Show assets with this Qualys Correlation ID
agent.qualysCorrelationId: "0f1b031712682e27cca306e4a2a9e3144696ac099b08fcdf76ccb6f3647ec058"
Show assets without any Qualys Correlation ID
agent.qualysCorrelationId: "UNIDENTIFIED"
Show assets all assets with Qualys Correlation ID
agent.qualysCorrelationId: "*"
Use quotes or backticks within values to help you find the service description you're looking for. Quotes can be used when the value has more than one word.
Examples
Show any findings with this description
image.service.description: Windows Event Log
Show any findings that contain parts of description
image.service.description: "Windows Event Log"
Show any findings that match exact value
image.service.description: `Windows Event Log`
Use quotes or backticks within values to help you find the service name you're looking for. Quotes can be used when the value has more than one word.
Examples
Show any findings with this name
image.service.name: eventlog
Show any findings that match exact value
image.service.name: `eventlog`
Use quotes or backticks within values to help you find the service status you're looking for. Quotes can be used when the value has more than one word.
Examples
Show any findings with this status
image.service.status: running
Show any findings that match exact value
image.service.status: `running`
Use quotes or backticks within values to help you find the software name you're looking for. Quotes can be used when the value has more than one word.
Examples
Show any findings with this name
software.name: VMware Tools
Show any findings that contain parts of name
software.name: "VMware Tools"
Show any findings that match exact value
software.name: `VMware Tools`
Find assets with certain tag and software installed
asset.tag.name: `Cloud Agent` AND software: (name: `Cisco AnyConnect Secure Mobility Client` AND version: `3.1.12345`)
Use quotes or backticks within values to help you find the BIOS description you're looking for. Quotes can be used when the value has more than one word.
Examples
Show any findings with this description
asset.biosDescription: Phoenix Technologies
Show any findings that contain parts of name
asset.biosDescription: "Phoenix Technologies"
Show any findings that match exact value
asset.biosDescription: `Phoenix Technologies`
Use a date range or specific date to define when assets were last booted.
Examples
Show assets last booted within certain dates
asset.lastBootDate: [2016-01-01 ... 2016-01-10]
Show assets last booted starting 2015-10-01, ending 1 month ago
asset.lastBootDate: [2015-10-01 ... now-1M]
Show assets last booted starting 2 weeks ago, ending 1 second ago
asset.lastBootDate: [now-2w ... now-1s]
Show assets last booted on a specific date
asset.lastBootDate:'2016-01-08'
Use quotes or backticks within values to help you find the system manufacturer you're looking for. Quotes can be used when the value has more than one word.
Examples
Show any findings with this name
hardware.manufacturer: dell
Show any findings that match exact value
hardware.manufacturer: `dell`
Use quotes or backticks within values to help you find the system model you're looking for. Quotes can be used when the value has more than one word.
Examples
Show any findings with this name
hardware.model: optiplex
Show any findings that match exact value
hardware.model: `optiplex`
Use a text value ##### in quotes to find assets with a certain timezone set.
Example
Show assets with this timezone
asset.timezone: "-08:00"
Use an integer value ##### to help you find assets with a certain total system memory.
Example
Show assets with this total system memory
asset.totalMemory: 1024
Use quotes or backticks within values to help you find the asset tag you're looking for. Quotes can be used when the value has more than one word.
Examples
Show any findings related to this tag name
asset.tag.name: Cloud Agent
Show any findings that contain "Cloud" or "Agent" in name
asset.tag.name: "Cloud Agent"
Show any findings that match exact value
asset.tag.name: `Cloud Agent`
Use the values true | false to find assets with PA/PC agents assigned a UDC manifest. Assets are found when agents have the PC module enabled and one or more user defined controls have been added to your subscription.
Examples
Show assets with agents assigned a UDC manfest
asset.udcManifestAssigned: "true"
Show assets with agents not assigned a UDC manifest
asset.udcManifestAssigned: "false"
Use a date range or specific date to define when assets were last updated(i.e. when re-scanned by a scanner appliance, or when host data uploaded to the cloud platform by an agent).
Examples
Show assets asset.lastUpdatedDate within certain dates
asset.lastUpdatedDate: [2016-01-01 ... 2016-01-10]
Show assets last updated starting 2015-10-01, ending 3 months ago
asset.lastUpdatedDate: [2015-10-01 ... now-3M]
Show assets last updated starting 2 weeks ago, ending 1 second ago
asset.lastUpdatedDate: [now-2w ... now-1s]
Show assets last updated on a specific date
asset.lastUpdatedDate:'2016-01-10'
Use an integer value ##### to help you find assets with a certain free volume space.
Example
Show assets with this free volume space
volume.free: 448312320
Use a text value ##### to find assets with a certain volume name.
Example
Show assets with this volume name
volume.name: /boot
Use an integer value ##### to help you find assets with a certain volume size.
Example
Show assets with this volume size
volume.size: 481529856
Choose the value * to find assets with vulnerabilities.
Example
Show all findings that have vulnerability
asset.isVulnerable: *
Use a date range or specific date to define when findings were first found.
Examples
Show findings first found within certain dates
vulnerabilities.firstFoundDate: [2015-10-21 ... 2015-10-30]
Show findings first found starting 2015-10-01, ending 1 month ago
vulnerabilities.firstFoundDate: [2015-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second ago
vulnerabilities.firstFoundDate: [now-2w ... now-1s]
Show findings first found on certain date
vulnerabilities.firstFoundDate:'2015-11-11'
Use a date range or specific date to define when findings were last found.
Examples
Show findings last found within certain dates
vulnerabilities.lastFoundDate: [2015-10-21 ... 2016-01-15]
Show findings last found starting 2016-01-01, ending 1 month ago
vulnerabilities.lastFoundDate: [2016-01-01 ... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
vulnerabilities.lastFoundDate: [now-2w ... now-1s]
Show findings last found on certain date
vulnerabilities.lastFoundDate:'2016-01-11'
Show findings last found on 2017-01-12 with patch available
asset.isVulnerable: (lastFound: '2017-01-12' AND vulnerability.patchAvailable: "true")
Select a detection type (e.g. Confirmed, Potential, Information) to find assets with vulnerability of this type. Select from names in the drop-down menu.
Example
Show findings with this type
vulnerabilities.typeDetected: "Confirmed"
Select the name (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc) of an authentication type you're interested in. Select from names in the drop-down menu.
Example
Show findings with Windows auth type
vulnerabilities.vulnerability.authType: "WINDOWS_AUTH"
Use a text value ##### to find a BugTraq number you're interested in.
Example
Show findings with BugTraq ID 22211
vulnerabilities.vulnerability.bugTraqId: 22211
Select a category (CGI, Database, DNS, BIND, etc) to find vulnerability with this category. Select from names in the drop-down menu.
Example
Show findings with the category CGI
vulnerabilities.vulnerability.category: "CGI"
Use quotes or backticks within values to help you find the compliance description you're looking for. Quotes can be used when the value has more than one word.
Examples
Show any findings related to this description
vulnerabilities.vulnerability.compliance.description: malicious software
Show any findings that contain "malicious" or "software" in description
vulnerabilities.vulnerability.compliance.description: "malicious software"
Show any findings that match exact value
vulnerabilities.vulnerability.compliance.description: `malicious software`
Use quotes or backticks within values to help you find the compliance section you're looking for. Quotes can be used when the value has more than one word.
Examples
Show any findings related to this section
vulnerabilities.vulnerability.compliance.section: 164.308
Show any findings that match exact value
vulnerabilities.vulnerability.compliance.section: `164.308`
Select the name ##### of a compliance type you're interested in (e.g. COBIT, HIPAA, GLBA, SOX). Select from names in the drop-down menu.
Example
Show findings with the compliance type HIPAA
vulnerabilities.vulnerability.compliance.type: "HIPAA"
Use a text value ##### to find the CVE name you're interested in.
Example
Show findings with CVE name CVE-2015-0313
vulnerabilities.vulnerability.cveId: CVE-2015-0313
Note: The CVE in the query is case sensitive and must be used in capital case.
Select the name ##### of a CVSS access vector you'd like to find (e.g. UNDEFINED, LOCAL_ACCESS, ADJACENT_NETWORK, NETWORK). Select from names in the drop-down menu.
Example
Show findings with this name
vulnerabilities.vulnerability.cvss2AccessVector: "NETWORK"
Use an integer value ##### to help you find the CVSS base score you're interested in.
Example
Show assets with this score
vulnerabilities.vulnerability.cvss2BaseScore: 7.8
Use an integer value ##### to help you find the CVSS temporal score you're interested in.
Example
Show assets with this score
vulnerabilities.vulnerability.cvss2TemporalScore: 6.4
Use quotes or backticks within values to help you find the vulnerability description you're looking for. Quotes can be used when the value has more than one word.
Examples
Show any findings related to description
vulnerabilities.vulnerability.description: remote code execution
Show any findings that contain "remote" or "code" in description
vulnerabilities.vulnerability.description: "remote code execution"
Show any findings that match exact value
vulnerabilities.vulnerability.description: `remote code execution`
Select a discovery type (Remote or Authenticated) to find assets with vulnerability having this discovery type. Select from names in the drop-down menu.
Example
Show findings with Remote discovery type
vulnerabilities.vulnerability.discoveryType: Remote
Use quotes or backticks within values to help you find known exploit description you're looking for. Quotes can be used when the value has more than one word.
Examples
Show any findings related to this description
vulnerabilities.vulnerability.exploitability: GIF Parser Heap
Show any findings that contain "GIF", "Parser" or "Heap" in description
vulnerabilities.vulnerability.exploitability: "GIF Parser Heap"
Show any findings that match exact value
vulnerabilities.vulnerability.exploitability: `GIF Parser Heap`
Use a text value ##### to find the Qualys defined vulnerability property of interest (e.g. REMOTE, WINDOWS_AUTH, UNIX_AUTH etc, PCI_RELATED).
Example
Show findings with this property
vulnerabilities.vulnerability.flag: PCI_RELATED
Use quotes or backticks within values to help you find the impact you're looking for.
Example
Show any findings related to impact
vulnerabilities.vulnerability.impact: sensitive information
Show any findings that contain "sensitive" or "information" in consequence
vulnerabilities.vulnerability.impact: "sensitive information"
Show any findings that match exact value "sensitive information"
vulnerabilities.vulnerability.impact: 'sensitive information'
Use a text value ##### to find the vulnerability list of interest (e.g. SANS_20, QUALYS_20, QUALYS_INT_10, QUALYS_EXT_10).
Example
Show findings with vulnerability in SANS Top 20
vulnerabilities.vulnerability.list: SANS_20
Use the values true | false to define vulnerability with patch available.
Examples
Show findings with patch available
vulnerabilities.vulnerability.isPatchAvailable: "true"
Show findings with no patch available
vulnerabilities.vulnerability.isPatchAvailable: "false"
Use an integer value ##### to help you find the patch QID you're interested in.
Example
Show assets with this patch QID
vulnerabilities.vulnerability.patches: 90753
Use a date range or specific date to define when vulnerability were first published in the KnowledgeBase.
Examples
Show findings for vulnerability published within certain dates
vulnerabilities.vulnerability.publishedDate: [2015-10-21 ... 2016-01-15]
Show findings for vulnerability published starting 2016-01-01, ending 1 month ago
vulnerabilities.vulnerability.publishedDate: [2016-01-01 ... now-1M]
Show findings for vulnerability published starting 2 weeks ago, ending 1 second ago
vulnerabilities.vulnerability.publishedDate: [now-2w ... now-1s]
Show findings for vulnerability published on certain date
vulnerabilities.vulnerability.publishedDate:'2015-07-15'
Use an integer value ##### to filter assets with specific QID. By default, the results exclude the vulnerability with the Fixed status.
Example
Show findings with QID 90405
vulnerabilities.vulnerability.qid: 90405
Use an integer value ##### to define the vulnerability risk rating you're interested in. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.
Example
Show findings with risk 50
vulnerabilities.vulnerability.risk: 50
Use a text value ##### to find vulnerability in the SANS 20 category you're interested in (e.g. Anti-virus Software, Backup Software, etc).
Example
Show findings with this category name
vulnerabilities.vulnerability.sans20Categories: "Media Players"
Select a severity (1-5) to find assets having vulnerability with this severity. Select from values in the drop-down menu.
Example
Show findings with severity 4
vulnerabilities.severity: "4"
Use quotes or backticks within values to help you find the solution you're looking for. Quotes can be used when the value has more than one word.
Examples
Show any findings related to this solution
vulnerabilities.vulnerability.solution: Bulletin MS10-006
Show any findings that contain parts of solution
vulnerabilities.vulnerability.solution: "Bulletin MS10-006"
Show any findings that match exact value
vulnerabilities.vulnerability.solution: `Bulletin MS10-006`
Use quotes or backticks within values to help you find the title you're looking for. Quotes can be used when the value has more than one word.
Examples
Show any findings related to this title
vulnerabilities.vulnerability.title: Remote Code Execution
Show any findings that contain "Remote" or "Code" in title
vulnerabilities.vulnerability.title: "Remote Code"
Show any findings that match exact value
vulnerabilities.vulnerability.title: `Remote Code`
Select a detection type (e.g. Vulnerability, Potential, Information) to find assets with vulnerability of this type. Select from names in the drop-down menu.
Example
Show findings with this type
vulnerabilities.vulnerability.type: "VULNERABILITY"
Use a date range or specific date to define when vulnerability were last updated in the KnowledgeBase.
Examples
Show vulnerability last updated within certain dates
vulnerabilities.vulnerability.updatedDate: [2015-10-21 ... 2015-10-30]
Show vulnerability last updated starting 2015-11-01, ending 1 month ago
vulnerabilities.vulnerability.updatedDate: [2015-11-01 ... now-1M]
Show vulnerability last updated stating 2 weeks ago, ending 1 second ago
vulnerabilities.vulnerability.updatedDate: [now-2w ... now-1s]
Show vulnerability last updated on certain date
vulnerabilities.vulnerability.updatedDate: '2015-03-08'
Use a text value ##### to find the vendor reference you're interested in.
Example
Show findings with this reference
vulnerabilities.vulnerability.vendorRef: KB3021953
Use a boolean query to express your query using AND logic.
Example
Show assets with operating system Windows and Linux
operatingSystem.name: windows and operatingSystem.name: linux
Use a boolean query to express your query using NOT logic.
Example
Show assets that don't have Windows operating system
not operatingSystem.name: windows
Use a boolean query to express your query using OR logic.
Example
Show assets with one of these tag names
tag.name: Cloud Agent or tag.name: HQ
Find the host assets, using the last VM manifest version processed by Cloud Agent.
Example
Show host assets that has proccessed a specific maifest version
asset.vmManifestVersion: "VULNSIGS-VM-0.49.0.0-18"
Find the host assets, using the last PA/PC manifest version processed by Cloud Agent.
Example
Show host assets that has proccessed a specific maifest version
asset.pcManifestVersion: "VULNSIGS-PC-2.5.889-6"
Find the host assets, using the last PA/PC manifest version processed by Cloud Agent.
Example
Show host assets that has proccessed a specific maifest version
asset.paManifestVersion: "VULNSIGS-PC-2.5.890-6"
Find the host assets, using the last SCA manifest version processed by Cloud Agent.
Example
Show host assets that has proccessed a specific maifest version
asset.scaManifestVersion: "VULNSIGS-SCA-2.5.891-2"
Find the host assets, using the last UDC manifest version processed by Cloud Agent.
Example
Show host assets that has proccessed a specific maifest version
asset.udcManifestVersion: "UDCVULNSIGS-1014"
Find the host assets, using the last middleware manifest version processed by Cloud Agent.
Example
Show host assets that has proccessed a specific maifest version
asset.middlewareManifestVersion: "VULNSIGS-MIDDLEWARE-SCAN-2.5.884-2"
Use the values true | false to find assets on which at least one of the software components—Ruby, Node.js, Go, Rust, PHP, Python, Java Platform, and Standard Edition (Java SE), is identified.
Examples
Show assets that has at least one of the software components from the list, is identified.
agent.swCAIdealCandidate: "true"
Show assets where none of the software components from the list are identified.
agent.swCAIdealCandidate: "false"
Use a date value to find the Cloud Agent hosts with specific last SwCA scan date or date range.
Examples
Show the list of Cloud Agent hosts with specified last SwCA scan date.
agent.lastSwCAScanDate: '2024-10-31'
Show the list of Cloud Agent hosts with last SwCA scan date between 2024-09-11 and 2024-10-31.
agent.lastSwCAScanDate: [2024-09-11 ... 2024-10-31]
Show the list of Cloud Agent hosts with last SwCA scan date greater than 2024-06-27.
agent.lastSwCAScanDate > '2024-06-27'
Show the list of Cloud Agent hosts with last SwCA scan date less than or equal to 2024-10-31.
agent.lastSwCAScanDate =< '2024-10-31'
Use this token to search Cloud Agents matching the specified SwCA Configuration Profile name.
Examples
Use the SwCA profile name in the backticks (`...`) to search for Cloud Agents with a SwCA profile exactly matching the specified profile name.
agent.swcaConfigName: `test_swca_profile`
Use the SwCA profile name in the quotes ("...") to search for Cloud Agents with a SwCA profile containing the part of the specified profile name.
agent.swcaConfigName: "test"
Use the text value to search the software with specific versions.
Examples
Search software given software version.
software.version: 4.25
Use these tokens for searching Oracle Cloud Compute instances (OCI).
Use a text value ##### to search all assets with the specified OCI ID.
Example
Show assets with this OCI ID
oci.compute.id:ocid1.compartment.oc1..1234567lbhcx2ajiagh57wrurvqs2ubd4ttaimgy22cxh3r6brpmmugq'
Use a text value ##### to search all assets with the specified OCI compartment ID.
Example
Show assets with this OCI compartment ID
oci.compute.compartmentId:ocid1.compartment.oc1..123452sjze35z6bkhvwjtzzgcp534zj4o75tgsizg3q36wl447jvfg6dq'
Use a text value ##### to search all assets with the specified display name.
Example
Show assets with display name oracle 8.
oci.compute.displayName:oracle 8
Use a text value ##### to search all assets with the specified shape.
Example
Show all assets with the shape x5-2.36.512
oci.compute.shape:x5-2.36.512
Use a text value ##### to search all assets in the specified region.
Example
Show all assets with the region us-east-1
oci.compute.region:us-east-1
Use a text value ##### to search all assets with the specified region key.
Example
Show all assets with the region key SYD
oci.compute.regionKey:SYD
Use a text value ##### to search all groups with the specified region realm.
Example
Show all assets with the region realm OC1
oci.compute.regionRealm:OC1
Use a text value ##### to search all assets with the specified available domain.
Example
Show all assets with the available domain Lhkx:US-ASHBURN-AD-1
oci.compute.availabilityDomain:Lhkx:US-ASHBURN-AD-1
Use a text value ##### to search all assets asset.createdDate at the specified time.
Example
Show all assets with the asset.createdDate time 2021-02-09T07:24:31.000Z (Use 2021-02-09 while searching in UI)
oci.compute.timeCreated:2021-02-09
Use a text value ##### to search all assets with the specified image ID.
Example
Show all assets with the ocid1.image.oc1.iad.aaaaaaaaffp3cnkpfxibzrdkfnxbitkgxk7al33rrhpzhfnrhfv7ml2xdpyq image ID
oci.compute.imageId:ocid1.image.oc1.iad.aaaaaaaaffp3cnkpfxibzrdkfnxbitkgxk7al33rrhpzhfnrhfv7ml2xdpyq
Use a text value ##### to search all assets with the specified fault domain.
Example
Show all assets with fault domain FAULT-DOMAIN-1
oci.compute.faultDomain:FAULT-DOMAIN-1
Use a text value ##### to search all assets with the specified host name.
Example
Show all findings with the host name oracle-8
oci.compute.hostName:oracle-8
Use a text value ##### to search all assets having the specified canonical region name.
Example
Show all assets with the canonical region name us-ashburn-1
oci.compute.canonicalRegionName:us-ashburn-1
Use the values true | false to list all assets that are Qualys Scanner. Choose True to list all assets that are Qualys Scanner and choose False to list all assets that are not Qualys Scanner.
Example
Show all assets that are Qualys Scanner.
oci.compute.isQualysScanner:"true"
Use the values true | false to list all assets that have cloud agents. Choose True to list all assets having cloud agents and choose False to list all assets that do not have cloud agents.
Example
Show all assets with having cloud agent installed
oci.compute.hasAgent:"true"
Use a text value ##### to search all assets with the specified tags.
Example
Show all assets with the tag key CreatedBy and specific value
oci.tag.name:(key:CreatedBy and value:oktasso/[email protected])
Use a text value ##### to search all assets with the specified tag key.
Example
Show all assets with the tag key CreatedBy
oci.tag.key:CreatedBy
Use a text value ##### to search all assets with the specified tag value.
Example
Show all assets with the tag value 2021-02-09
oci.tag.value:2021-02-09
Use a text value ##### to search all assets with the specified namespace.
Example
Show all assets with the namespace Oracle-Tags
oci.tag.namespace:Oracle-Tags
Use a text value ##### to search all assets with the specified VNIC ID.
Example
Show all assets with the VNIC ID ocid1.vnic.oc1.iad.abuwcljt6cdjcuwhkce37madk4p6bd6ocjknilpwzai5rsyjejteiodyp22q
oci.vnic.vnicId:ocid1.vnic.oc1.iad.abuwcljt6cdjcuwhkce37madk4p6bd6ocjknilpwzai5rsyjejteiodyp22q
Use a text value ##### to search all assets with the specified VCN ID.
Example
Show all assets with this VCN ID
oci.vnic.vcnId:ocid1.vnic.oc1.iad.abuwcljt6cdjcuwhkce37madk4p6bd6ocjknilpwzai5rsyjejteiodyp22q
Use a text value ##### to search all assets with the specified private IP.
Example
Show all assets with this private IP
oci.vnic.privateIp:10.0.0.222
Use a text value ##### to search all assets with the specified vlan tag.
Example
Show all assets with the vlan tag 1
oci.vnic.vlanTag:1
Use a text value ##### to search all assets with the specified MAC address.
Example
Show all assets with the MAC address 02:00:17:06:bd:b3
oci.vnic.macAddr:02:00:17:06:bd:b3
Use a text value ##### to search all assets with the specified router IP.
Example
Show all assets with the router IP 10.0.0.1
oci.vnic.virtualRouterIp:10.0.0.1
Use a text value ##### to search all assets with the specified block.
Example
Show all assets with the block 10.0.0.0/24
oci.vnic.subnetCidrBlock:10.0.0.0/24
Use a text value ##### to search all assets with the specified index.
Example
Show all assets with the index 1
oci.vnic.nicIndex:1
Use a text value ##### to search all assets with specific compute state.
Example
Show all assets with the compute state Starting
oci.compute.state:STARTING
Use a text value ##### to find the CVE name you're interested in.
Examples
Show findings with CVE name CVE-2015-0313
finding.vulnerability.cveId: CVE-2015-0313
Note: The CVE in the query is case sensitive and must be used in capital case.
Use a date range or specific date to define when findings were first found.
Examples
Show findings first found within certain dates
finding.firstFoundDate: [2015-10-21 ... 2015-10-30]
Show findings first found starting 2015-10-01, ending 1 month ago
finding.firstFoundDate: [2015-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second ago
finding.firstFoundDate: [now-2w ... now-1s]
Show findings first found on certain date
finding.firstFoundDate:'2015-11-11'
Use a date range or specific date to define when findings were last found.
Examples
Show findings last found within certain dates
finding.lastFoundDate: [2015-10-21 ... 2016-01-15]
Show findings last found starting 2016-01-01, ending 1 month ago
finding.lastFoundDate: [2016-01-01 ... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
finding.lastFoundDate: [now-2w ... now-1s]
Show findings last found on certain date
finding.lastFoundDate:'2016-01-11'
Show findings last found on 2017-01-12 with patch available
asset.isVulnerable: (lastFound: '2017-01-12' AND vulnerability.patchAvailable: "true")
Select a severity (1-5) to find assets having vulnerability with this severity. Select from values in the drop-down menu.
Examples
Show findings with severity 4
finding.severity: "4"
Use quotes or backticks within values to help you find the title you're looking for. Quotes can be used when the value has more than one word.
Examples
Show any findings related to this title
finding.vulnerability.title: Remote Code Execution
Show any findings that contain "Remote" or "Code" in title
finding.vulnerability.title: "Remote Code"
Show any findings that match exact value
finding.vulnerability.title: `Remote Code`
Select a detection type (e.g. Confirmed, Potential, Information) to find assets with vulnerability of this type. Select from names in the drop-down menu.
Examples
Show findings with this type
finding.typeDetected: "Confirmed"
Use quotes or backticks within values to help you find the vulnerability description you're looking for. Quotes can be used when the value has more than one word.
Examples
Show any findings related to description
finding.vulnerability.description: remote code execution
Show any findings that contain "remote" or "code" in description
finding.vulnerability.description: "remote code execution"
Show any findings that match exact value
finding.vulnerability.description: `remote code execution`
Use an integer value ##### to filter assets with specific QID. By default, the results exclude the vulnerability with the Fixed status.
Examples
Show findings with QID 90405
finding.vulnerability.qid: 90405
Use quotes or backticks within values to help you find the impact you're looking for.
Examples
Show any findings related to impact
finding.vulnerability.impact: sensitive information
Show any findings that contain "sensitive" or "information" in consequence
finding.vulnerability.impact: "sensitive information"
Show any findings that match exact value "sensitive information"
finding.vulnerability.impact: 'sensitive information'
Use quotes or backticks within values to help you find the solution you're looking for. Quotes can be used when the value has more than one word.
Examples
Show any findings related to this solution
finding..vulnerability.solution: Bulletin MS10-006
Show any findings that contain parts of solution
finding.vulnerability.solution: "Bulletin MS10-006"
Show any findings that match exact value
finding.vulnerability.solution: `Bulletin MS10-006`
Use a text value ##### to find the Qualys defined vulnerability property of interest (e.g. REMOTE, WINDOWS_AUTH, UNIX_AUTH etc, PCI_RELATED).
Examples
Show findings with this property
finding.vulnerability.flag: PCI_RELATED
Use an integer value ##### to help you find the patch QID you're interested in.
Examples
Show assets with this patch QID
finding.vulnerability.patches: 90753
Use quotes or backticks within values to help you find known exploit description you're looking for. Quotes can be used when the value has more than one word.
Examples
Show any findings related to this description
finding.vulnerability.exploitability: GIF Parser Heap
Show any findings that contain "GIF", "Parser" or "Heap" in description
finding.vulnerability.exploitability: "GIF Parser Heap"
Show any findings that match exact value
finding.vulnerability.exploitability: `GIF Parser Heap`
Use the values true | false to define vulnerability with patch available.
Examples
Show findings with patch available
finding.vulnerability.isPatchAvailable: "true"
Show findings with no patch available
finding.vulnerability.isPatchAvailable: "false"
Use a text value ##### to find the vendor reference you're interested in.
Examples
Show findings with this reference
finding.vulnerability.vendorRef: KB3021953
Use a text value ##### to find a BugTraq number you're interested in.
Examples
Show findings with BugTraq ID 22211
finding.vulnerability.bugTraqId: 22211
Use a text value ##### to find vulnerability in the SANS 20 category you're interested in (e.g. Anti-virus Software, Backup Software, etc).
Examples
Show findings with this category name
finding.vulnerability.sans20Categories: "Media Players"
Use a text value ##### to find the vulnerability list of interest (e.g. SANS_20, QUALYS_20, QUALYS_INT_10, QUALYS_EXT_10).
Examples
Show findings with vulnerability in SANS Top 20
finding.vulnerability.list: SANS_20
Select the name ##### of a compliance type you're interested in (e.g. COBIT, HIPAA, GLBA, SOX). Select from names in the drop-down menu.
Examples
Show findings with the compliance type HIPAA
finding.vulnerability.compliance.type: "HIPAA"
Use quotes or backticks within values to help you find the compliance section you're looking for. Quotes can be used when the value has more than one word.
Examples
Show any findings related to this section
finding.vulnerability.compliance.section: 164.308
Show any findings that match exact value
finding.vulnerability.compliance.section: `164.308`
Use quotes or backticks within values to help you find the compliance description you're looking for. Quotes can be used when the value has more than one word.
Examples
Show any findings related to this description
finding.vulnerability.compliance.description: malicious software
Show any findings that contain "malicious" or "software" in description
finding.vulnerability.compliance.description: "malicious software"
Show any findings that match exact value
finding.vulnerability.compliance.description: `malicious software`
Select a category (CGI, Database, DNS, BIND, etc) to find vulnerability with this category. Select from names in the drop-down menu.
Examples
Show findings with the category CGI
finding.vulnerability.category: "CGI"
Select a detection type (e.g. Vulnerability, Potential, Information) to find assets with vulnerability of this type. Select from names in the drop-down menu.
Examples
Show findings with this type
finding.vulnerability.type: "VULNERABILITY"
Use an integer value ##### to define the vulnerability risk rating you're interested in. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.
Examples
Show findings with risk 50
finding.vulnerability.risk: 50
Use a date range or specific date to define when Vulnerable were first published in the KnowledgeBase.
Examples
Show findings for vulnerability published within certain dates
finding.vulnerability.publishedDate: [2015-10-21 ... 2016-01-15]
Show findings for vulnerability published starting 2016-01-01, ending 1 month ago
finding.vulnerability.publishedDate: [2016-01-01 ... now-1M]
Show findings for vulnerability published starting 2 weeks ago, ending 1 second ago
finding.vulnerability.publishedDate: [now-2w ... now-1s]
Show findings for vulnerability published on certain date
finding.vulnerability.publishedDate:'2015-07-15'
Use a date range or specific date to define when vulnerability were last updated in the KnowledgeBase.
Examples
Show vulnerability last updated within certain dates
finding.vulnerability.updatedDate: [2015-10-21 ... 2015-10-30]
Show vulnerability last updated starting 2015-11-01, ending 1 month ago
finding.vulnerability.updatedDate: [2015-11-01 ... now-1M]
Show vulnerability last updated stating 2 weeks ago, ending 1 second ago
finding.vulnerability.updatedDate: [now-2w ... now-1s]
Show vulnerability last updated on certain date
finding.vulnerability.updatedDate: '2015-03-08'
Select a discovery type (Remote or Authenticated) to find assets with vulnerability having this discovery type. Select from names in the drop-down menu.
Examples
Show findings with Remote discovery type
finding.vulnerability.discoveryType: Remote
Select the name (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc) of an authentication type you're interested in. Select from names in the drop-down menu.
Examples
Show findings with Windows auth type
finding.vulnerability.authType: "WINDOWS_AUTH"
Select the name ##### of a CVSS access vector you'd like to find (e.g. UNDEFINED, LOCAL_ACCESS, ADJACENT_NETWORK, NETWORK). Select from names in the drop-down menu.
Examples
Show findings with this name
finding.vulnerability.cvss2AccessVector: "NETWORK"
Use an integer value ##### to help you find the CVSS base score you're interested in.
Examples
Show assets with this score
finding.vulnerability.cvss2BaseScore: 7.8
Use an integer value ##### to help you find the CVSS temporal score you're interested in.
Examples
Show assets with this score
finding.vulnerability.cvss2TemporalScore: 6.4