A complete list of tokens for writing search queries is provided below.
General | AWS EC2 | IBM | Microsoft Azure | Google Cloud Platform | Alibaba Cloud Platform | Assets | Oracle Cloud Compute Instance
and
Example
Show findings with AWS EC2 accountId and availability zone
aws.ec2.accountId: 123456789012 and aws.ec2.availabilityZone: us-east-1a
not
Example
Show findings that are not specific AWS instance type
not aws.ec2.instanceType: t2.micro
or
Example
Show findings with one of these aws tag values
aws.tags: Finance or aws.tags: Accounting
Quick links: AWS EC2 | Microsoft Azure | Google Cloud Platform | Alibaba Cloud Platform | Assets | Threat Protection | Compliance
Use these tokens when searching your AWS EC2 assets on the Assets list.
- Your results may return Terminated instances. It's recommended you include aws.ec2instanceState in your query to reduce the number of results.
- The syntax is different when writing queries for tag rules than when searching assets in the Assets list. Be sure to follow the syntax tips in the drop-down when writing your query.
Examples
Find EC2 instances that match this account ID
aws.ec2.accountId: 123456789012
Find EC2 instances with account ID starting "12345"
aws.ec2.accountId: 12345*
Find EC2 instances where account ID is null (remove the colon)
aws.ec2.accountId is null
Example
Find EC2 instances in the us-east-1a availability zone
aws.ec2.availabilityZone: us-east-1a
Examples
Show findings with a cloud agent
aws.ec2.hasAgent: true
Show findings without a cloud agent
aws.ec2.hasAgent: false
Examples
Find instances related to name
aws.ec2.hostname: abc.qualys.com
Find instances that match exact value
aws.ec2.hostname: `abc.qualys.com`
Examples
Find instances related to the Image ID
aws.ec2.imageId: ami-2ea83347
Find instances that match exact value
aws.ec2.imageId: `ami-2ea83347`
Example
Find EC2 instances with this ID
aws.ec2.instanceId: i-1234567890abcdef0
Example
Find running EC2 instances
aws.ec2.instanceState: RUNNING
Example
Find EC2 instances with instance type t2.micro
aws.ec2.instanceType: t2.micro
Examples
Show findings where assets are scanners
aws.ec2.isQualysScanner: true
Show findings where assets are not scanners
aws.ec2.isQualysScanner: false
Example
Find EC2 instances with this kernel ID
aws.ec2.kernelId: aki-70ab0c10
Examples
Find EC2 instances launched within certain dates
aws.ec2.launchDate: [2017-06-15 ... 2017-06-30]
Find EC2 instances launched on specific date
aws.ec2.launchDate:'2017-08-15'
Example
Find the EC2 instance with this private DNS address
aws.ec2.privateDNS: ip-10-90-2-85.ec2.internal
Examples
Find EC2 instances with this private IP address
aws.ec2.privateIpAddress: 10.90.0.119
Find EC2 instances within this IP range
aws.ec2.privateIpAddress: [10.1.78.23 ... 10.100.78.235]
Example
Find the EC2 instance with this public DNS address
aws.ec2.publicDNS: ec2-52-70-141-154.compute-1.amazonaws.com
Examples
Find EC2 instances with this public IP address
aws.ec2.publicIpAddress: 52.70.141.154
Find EC2 instances within this IP range
aws.ec2.publicIpAddress: [52.70.141.154 ... 52.70.141.164]
Example
Find EC2 instances in the us-east-1 region
aws.ec2.region.code: us-east-1
Example
Find EC2 instances in the US East (N. Virginia) region
aws.ec2.region.name: US East (N. Virginia)
Examples
Show EC2 Spot instances
aws.ec2.spotInstance: "true"
Show EC2 instances that are not Spot instances
aws.ec2.spotInstance: "false"
Example
Find EC2 instances with this subnet ID
aws.ec2.subnetId: subnet-bc02c0d4
Example
Find EC2 instances with this VPC ID
aws.ec2.vpcId: vpc-1e37cd76
Use these token when searching IBM assets on the Assets list.
Example
Find IBM virtual server with this Id
ibm.virtualServer.id: '123741814'
Example
Find IBM virtual server with this location
ibm.virtualServer.location: 'dal13'
Example
Find IBM virtual server datacenter with this Id
ibm.virtualServer.datacenterId: '1854895'
Example
Find IBM virtual server with this device name
ibm.virtualServer.deviceName: 'virtualserver01.Qualys-Inc.cloud'
Example
Find IBM virtual server with this public IP address
ibm.virtualServer.publicIpAddress: '150.238.75.107'
Example
Find IBM virtual server with this private IP address
ibm.virtualServer.privateIpAddress: '10.187.94.40'
Example
Find IBM virtual server with this public vlan
ibm.virtualServer.publicVlan: '1796'
Example
Find IBM virtual server with this private vlan
ibm.virtualServer.privateVlan: '2236'
Example
Find IBM virtual server with this domain
ibm.virtualServer.domain: 'Qualys-Inc.cloud'
Use these tokens when searching Microsoft Azure assets on the Assets list.
Examples
Find Azure instances related to name
azure.vm.imageOffer: UbuntuServer
Find Azure instances that match exact value
azure.vm.imageOffer: `UbuntuServer`
Examples
Find Azure instances related to name
azure.vm.imagePublisher: Canonical
Find Azure instances that match exact value
azure.vm.imagePublisher: `Canonical`
Example
Find Azure instances with this sku version
azure.vm.imageVersion: 16.04.201708030
Example
Find Azure instances in this location
azure.vm.location: westus
Example
Find Azure instances with this MAC address
azure.vm.macAddress: '000D3A36DDED'
Examples
Find Azure instances related to name
azure.vm.name: avset2
Find Azure instances that match exact value
azure.vm.name: `avset2`
Example
Find Azure instances on Windows platform
azure.vm.platform: Windows
Examples
Find Azure instances with this private IP
azure.vm.privateIpAddress: 10.1.2.5
Find Azure instances within this IP range
azure.vm.privateIpAddress: [10.1.2.5 ... 10.1.2.33]
Examples
Find Azure instances with this virtual network
azure.vm.virtualNetwork: `mburton01-vnet`
Examples
Find Azure instances with this public IP
azure.vm.publicIpAddress: 13.126.125.189
Find Azure instances within this IP range
azure.vm.publicIpAddress: [13.126.125.180 ... 13.126.125.255]
Examples
Find Azure instances related to name
azure.vm.resourceGroupName: my-eastus-rg
Find Azure instances that match exact value
azure.vm.resourceGroupName: `my-eastus-rg`
Example
Find Azure instances with this size
azure.vm.size: Standard_D1
Example
Find running Azure instances
azure.vm.state: RUNNING
Example
Find Azure instances with this subnet
azure.vm.subnet: 10.1.2.0
Example
Find Azure instances with this subscription ID
azure.vm.subscriptionId: fbb9ea64-abda-452e-adfa-83442409
Example
Find Azure instances with this ID
azure.vm.vmId: 13f56399-bd52-4150-9748-7190aae1ff21
Use these tokens when searching Google Cloud Platform assets on the Assets list.
Examples
Find GCP instances related to name
gcp.compute.hostname: instance-5.c.qvsa-dev.internal
Find GCP instances that match exact value
gcp.compute.hostname: `instance-5.c.qvsa-dev.internal`
Example
Find GCP instances with this ID
gcp.compute.instanceId: 4392196237934605253
Example
Find GCP instances with this MAC address
gcp.compute.macAddress: '000D3A36DDED'
Examples
Find GCP instances related to name
gcp.compute.machineType: n1-standard-1
Find GCP instances that match exact value
gcp.compute.machineType: `n1-standard-1`
Example
Find GCP instances with this network
gcp.compute.network: 000D3A36DDED
Examples
Find GCP instances with this private IP
gcp.compute.privateIpAddress: 10.240.0.7
Find GCP instances with this private IP range
gcp.compute.privateIpAddress: [10.240.0.7 ... 10.240.0.30]
Examples
Find GCP instances related to ID
gcp.compute.projectId: qvsa-dev
Find GCP instances that match exact value
gcp.compute.projectId: `qvsa-dev`
Examples
Find GCP instances related to this number
gcp.compute.projectNumber: 1035365309337
Find GCP instances that match exact value
gcp.compute.projectNumber: `1035365309337`
Examples
Find GCP instances with this public IP
gcp.compute.publicIpAddress: 104.196.57.216
Find GCP instances within this IP range
gcp.compute.publicIpAddress: [104.196.57.216 ... 104.196.57.218]
Examples
Find GCP instances related to name
gcp.compute.zone: us-east1-d
Find GCP instances that match exact value
gcp.compute.zone: `us-east1-d`
Examples
Find running GCP instances
gcp.compute.state: RUNNING
Use these tokens when searching Alibaba Cloud Platform assets on the Assets list.
Examples
Find instances with a cloud agent
alibaba.instance.hasAgent: "true"
Show instances which do not have cloud agent installed
alibaba.instance.hasAgent: "false"
Example
Find instances with given ID
alibaba.instance.instanceId: i-a2dxxxxsxxxxxhdfax
Example
Find alibaba cloud instances with given instance type
alibaba.instance.instanceType: ecs.t5-lc2m1.nano
Examples
Find instances in a RUNNING state
alibaba.instance.instanceState: "RUNNING"
Example
Find instances related to the given image ID
alibaba.instance.imageId: ubuntu_14_0405_64_20G_alibase_20170824.vhd
Examples
Find instances with the given alibaba account ID
alibaba.instance.accountId: 587xxxxxxx
Examples
Find instances that belong to the given serial number
alibaba.instance.serialNumber: 12trexxxxr-3xx-xxx-rtg4-xxxx6t45
Example
Find instances that belong to the given region code
alibaba.instance.region.id: "ap-south-1"
Example
Find instances that belong to the given region name
alibaba.instance.region.name: "India (Mumbai)"
Example
Find instances that belong to the given zone ID
alibaba.instance.zoneId: ap-south-1b
Example
Find instances that belong to the given VPC ID
alibaba.instance.vpcId: vpc-a2d6pxxxxvvdadd5yikj
Examples
Find instances that are associate with the given hostname
alibaba.instance.hostName: abc.qualys.com
Example
Find instances that are associated with the given DNS configurations
alibaba.instance.dnsServer:100.xxx.x.xxx
Examples
Find instances with the given private IP address.
alibaba.instance.privateIpAddress:192.168.XX.XX
Find instances with the given private IP address
alibaba.instance.privateIpAddress: [192.168.XX.XX.....192.168.XX.XX]
Example
Find instances with the given public IP address
alibaba.instance.publicIpAddress:149.xx.xx.xx
Find instances with the given public IP address
alibaba.instance.publicIpAddress: [149.xx.xx.xx... 149.xx.xx.xx]
Example
Find instances with the given MAC address
alibaba.instance.macAddress: 00:16:3e:0f:XX:XX
Example
Find instances belonging to given CIDR block of VPC network
alibaba.instance.vpcCidrBlock: 172.xx.x.x/16
Example
Find instances connected with the give vSwicth ID
alibaba.instance.vswitchId: vsw-a2dxxxoxxxxsqx1mxxxdd
Examples
Find instances connected with the given interface ID
alibaba.instance.interfaceId: eni-a2dxxxxaixxxtux572
Example
Find instances connected the given CIDR block of vSwitch
alibaba.instance.vswitchCidrBlock:192.168.XX.XX/24
Example
Choose the network type to find cloud instances
alibaba.instance.networkType:vpc
All tokens below are available with AssetView.
Example
Show assets with this exact username (case sensitive)
accounts.username: Administrator
Show assets with username starting with "Admin" (case sensitive)
accounts.username: Admin
Examples
Show assets activated for VM
activatedForModules: "VM"
Show assets activated for VM and PC
activatedForModules: "VM" AND activatedForModules: "PC"
Example
Show assets with agents activated using this key
agentActivations.key: 057cc48a-8d84-48eb-add4-97a605d0567d
Example
Show assets with active agents
agentActivations.status: ACTIVE
Examples
Show assets with active agents, where the Agent has communicated in last 48 hours
agentStatus: "ACTIVE"
Show assets with inactive agents, where the Agent has not communicated in last 48 hours
agentStatus: "INACTIVE"
Example
Show the asset with this agent ID
agentID: f0c8e682-e9cc-4e7d-b92a-0c905d81ec74
Example
Show findings with agent version 1.3.2.0
agentVersion: 1.3.2.0
Select the platform type to search the assets based on operating system of host asset.
Example
Show the list of assets with Windows platform.
platformType:'Windows'
>Examples
Show any findings related to profile name
configurationProfile: Initial Profile
Show any findings that contain parts of the name
configurationProfile: "Initial Profile"
Show any findings that match exact value
configurationProfile: `Initial Profile`
cpuCountUse an integer value ##### to help you find assets with some number of CPUs.Example
Show assets that have 2 CPUs
cpuCount: 2
connectedFromUse a text value ##### to define the external IP address a cloud agent connected from.Example
Show findings for an external IP address that an agent connected from
connectedFrom: 10.0.100.11
createdUse a date range or specific date to define when assets were created (i.e. when first scanned by a scanner appliance, or when agent was installed).Examples
Show assets created within certain dates
created: [2016-01-01 ... 2016-01-10]
Show assets created starting 2015-10-01, ending 1 month ago
created: [2015-10-01 ... now-1M]
Show assets created starting 2 weeks ago, ending 1 second ago
created: [now-2w ... now-1s]
Show assets created on specific date
created:'2016-01-08'
errorStatusUse the values true | false to define agents with or without error status.Example
Show agents with error status
errorStatus: "true"
fimCapableUse the values true | false to define whether or not agents are FIM capable. fimCapable search is not supported for all operating systems. Check the Cloud Agent Getting Started Guide for platform/OS support.Examples
Show agents that are FIM capable and activated for FIM
fimCapable: "true"
Show agents that are not FIM capable but can be upgraded to FIM capability
fimCapable: "false"
hostIdUse an integer value ##### to help you find the asset with a certain Qualys host ID (UUID), assigned by an agent or a scanner appliance when Agentless Tracking is used.Example
Show assets that have this host ID
hostId: 2918869
interfaces.addressUse a text value ##### to define an IP address (IPv4 of IPv6) you're interested in. Note that you cannot perform a range search since this is a text field.Examples
Show the asset with IPv4 address
interfaces.address: 10.10.100.20
Show the asset with IPv6 address (enclose value in single quotes)
interfaces.address: 'fe80:0:0:0:2501:b53c:4139:404b'
interfaces.dnsAddressUse a text value ##### to define a DNS address you're interested in.Example
Show the asset with DNS address 10.0.100.11
interfaces.dnsAddress: 10.0.100.11
interfaces.gatewayAddressUse a text value ##### to help you find assets with a certain default gateway address.Example
Show assets with this default gateway address
interfaces.gatewayAddress: 10.11.65.1
interfaces.hostnameFind the hostname you're looking for. Search by domain name, use backticks for exact matching, or enter a partial value with an asterisk (*) for suffix/prefix matching.Examples
Show any findings related to name
interfaces.hostname: xpsp2-jp-26-111
Show any findings related to name (we'll match super domains)
interfaces.hostname: com-pa3020-36.eng.sjc01.qualys.com
Show any findings that match exact value
interfaces.hostname: `xpsp2-jp-26-111`
interfaces.hostname: `com-pa3020-36.eng.sjc01.qualys.com`
Show any findings that match domain name
interfaces.hostname: qualys.com
interfaces.hostname: sjc01.qualys.com
interfaces.hostname: eng.sjc01.qualys.com
Show any findings starting with string (case sensitive)
interfaces.hostname: xp*
interfaces.hostname: com-pa30*
Show any findings ending with string
interfaces.hostname: *111
interfaces.hostname: *lys.com
interfaces.interfaceNameUse a text value ##### to help you find a certain interface name.Example
Show the asset with name PRO/1000
interfaces.interfaceName: PRO/1000
interfaces.macAddressUse values within quotes to help you find a MAC address you're interested in.Example
Show the asset with this MAC address
interfaces.macAddress: "00-50-56-A9-73-5A"
lastActivityUse a date range or specific date to define when the last activity on the agent occurred.Examples
Show findings with last activity within certain dates
lastActivity: [2016-01-01 ... 2016-01-10]
Show findings with last activity starting 2015-10-01, ending 1 month ago
lastActivity: [2015-10-01 ... now-1M]
Show findings with last activity starting 2 weeks ago, ending 1 second ago
lastActivity: [now-2w ... now-1s]
Show findings with last activity on a specific date
lastActivity:'2015-12-01'
lastCheckedInUse a date range or specific date to define when the asset was last checked in to the platform.Examples
Show findings with last check in within a specific date range.
lastCheckedIn:[2020-01-01 ... 2020-01-10]
Show findings with last check in starting 2019-11-01, ending 1 month ago.
lastCheckedIn:[2019-11-01 ... now-1M]
Show findings with last check in starting 2 weeks ago, ending 1 second ago
lastCheckedIn:[now-2w ... now-1s]
Show findings with last check in on a specific date
lastCheckedIn:'2020-02-11'
Show findings with last check in before (older than) last 30 days.
lastCheckedIn<now-30d
Note: We recommend not to use the NOT operator in your range search to form a query like NOT lastCheckedIn:[now-30d...now-2s]. See 'QQL Best Practices' topic in the Unified Dashboard online Help.
Show findings with last check in within last 30 days excluding day 30
lastCheckedIn>now-30d
Show findings with last check in within last 30 days including day 30
lastCheckedIn>=now-30d
Show findings with last check in which is older than last 30 days excluding day 30
lastCheckedIn<now-30d
Show findings with last check in which is older than last 30 days including day 30
lastCheckedIn<=now-30d
lastComplianceScanDateUse a date range or specific date to define when compliance scans were last conducted.Examples
Show findings with last compliance scan within certain dates
lastComplianceScanDate: [2017-01-01 ... 2017-03-31]
Show findings with last compliance scan starting 2016-10-15, ending 1 month ago
lastComplianceScanDate: [2016-10-15 ... now-1M]
Show findings with last compliance scan starting 2 weeks ago, ending 1 second ago
lastComplianceScanDate: [now-2w ... now-1s]
Show findings with last compliance scan on specific date
lastComplianceScanDate:'2017-02-18'
lastFullScanUse a date range or specific date to define when full scans (assessments) were last conducted using Cloud Agent (CA).Examples
Show findings with last full scan within certain dates
lastFullScan: [2016-01-01 ... 2016-01-10]
Show findings with last full scan starting 2015-10-01, ending 1 month ago
lastFullScan: [2015-10-01 ... now-1M]
Show findings with last full scan starting 2 weeks ago, ending 1 second ago
lastFullScan: [now-2w ... now-1s]
Show findings with last full scan on a specific date
lastFullScan:'2016-02-08'
lastInventoryUse a date range or specific date to define when inventory scans were last conducted by agents. We recommend lastInventoryDate for date range queries using parameters i.e. [now-1M ... now-1s]Examples
Show findings with last inventory scan within certain dates
lastInventory: [2018-06-01 ... 2018-06-10]
Show findings with last inventory scan on specific date
lastInventory:'2018-07-25'
lastLoggedOnUserUse a text value ##### to help you find assets last logged into by a user of interest.Examples
Show assets with last logon by user asmith
lastLoggedOnUser: asmith
lastVmScanDateUse a date range or specific date to define when vulnerability scans were last conducted.Examples
Show findings with last vulnerability scan within certain dates
lastVmScanDate: [2017-01-01 ... 2017-02-10]
Show findings with last vulnerability scan starting 2016-11-01, ending 1 month ago
lastVmScanDate: [2016-11-01 ... now-1M]
Show findings with last vulnerability scan starting 2 weeks ago, ending 1 second ago
lastVmScanDate: [now-2w ... now-1s]
Show findings with last vulnerability scan on specific date
lastVmScanDate:'2017-04-10'
nameUse quotes or backticks within values to help you find the asset name you're looking for. Quotes can be used when the value has more than one word.Examples
Show any findings related to name
name: QK2K12QP3-65-53
Show any findings that match exact value
name: `QK2K12QP3-65-53`
netbiosNameUse a text value ##### to define the NetBIOS name you're interested in.Examples
Show assets with this exact name (case sensitive)
netbiosName: EC2AMAZ-19OC2IT
Show assets with name starting with "EC2" (case sensitive)
netbiosName: EC2
Show assets with name ending with "c2it" (case insensitive)
netbiosName: *c2it
openPorts.descriptionUse quotes or backticks within values to help you find the service description detected on an open port. Quotes can be used when the value has more than one word.Examples
Show any findings with this description
openPorts.description: Windows Remote Desktop
Show any findings that contain parts of description
openPorts.description: "Windows Remote Desktop"
Show any findings that match exact value
openPorts.description: `Windows Remote Desktop`
openPorts.detectedServiceUse quotes or backticks within values to help you find the detected service you're looking for. Quotes can be used when the value has more than one word.Examples
Show any findings with this service name
openPorts.detectedService: win_remote_desktop
Show any findings that match exact value
openPorts.detectedService: `win_remote_desktop`
openPorts.portUse an integer value ##### to help you find assets with some open port.Example
Show assets with open port 80
openPorts.port: 80
openPorts.protocolUse a text value ##### (UDP or TCP) to define the port protocol you're interested in.Examples
Show findings found on TCP
openPorts.protocol: TCP
Show findings found on port 80 and TCP
openPorts: (port: 80 AND protocol: TCP)
processors.descriptionUse quotes or backticks within values to help you find the processor description you're looking for. Quotes can be used when the value has more than one word.Examples
Show any findings with this description
processors.description: intel
Show any findings that match exact value
processors.description: `intel`
processors.speedUse an integer value ##### to help you find assets with a certain processor speed.Example
Show assets with this processor speed
processors.speed: 1995
providerSelect the name ##### of a cloud service provider you're looking for. Select from names in the drop-down menu.Examples
Show assets synced from Amazon AWS
provider: "AWS"
qualysCorrelationIDUse a text value #### to show assets with specific Qualys Correlation ID.Example
Show assets with this Qualys Correlation ID
qualysCorrelationID: "0f1b031712682e27cca306e4a2a9e3144696ac099b08fcdf76ccb6f3647ec058"
Show assets without any Qualys Correlation ID
qualysCorrelationID: "UNIDENTIFIED"
Show assets all assets with Qualys Correlation ID
qualysCorrelationID: "*"
services.descriptionUse quotes or backticks within values to help you find the service description you're looking for. Quotes can be used when the value has more than one word.Examples
Show any findings with this description
services.description: Windows Event Log
Show any findings that contain parts of description
services.description: "Windows Event Log"
Show any findings that match exact value
services.description: `Windows Event Log`
services.nameUse quotes or backticks within values to help you find the service name you're looking for. Quotes can be used when the value has more than one word.Examples
Show any findings with this name
services.name: eventlog
Show any findings that match exact value
services.name: `eventlog`
services.statusUse quotes or backticks within values to help you find the service status you're looking for. Quotes can be used when the value has more than one word.Examples
Show any findings with this status
services.status: running
Show any findings that match exact value
services.status: `running`
software.nameUse quotes or backticks within values to help you find the software name you're looking for. Quotes can be used when the value has more than one word.Examples
Show any findings with this name
software.name: VMware Tools
Show any findings that contain parts of name
software.name: "VMware Tools"
Show any findings that match exact value
software.name: `VMware Tools`
Find assets with certain tag and software installed
tags.name: `Cloud Agent` AND software: (name: `Cisco AnyConnect Secure Mobility Client` AND version: `3.1.12345`)
system.biosDescriptionUse quotes or backticks within values to help you find the BIOS description you're looking for. Quotes can be used when the value has more than one word.Examples
Show any findings with this description
system.biosDescription: Phoenix Technologies
Show any findings that contain parts of name
system.biosDescription: "Phoenix Technologies"
Show any findings that match exact value
system.biosDescription: `Phoenix Technologies`
system.lastBootUse a date range or specific date to define when assets were last booted.Examples
Show assets last booted within certain dates
system.lastBoot: [2016-01-01 ... 2016-01-10]
Show assets last booted starting 2015-10-01, ending 1 month ago
system.lastBoot: [2015-10-01 ... now-1M]
Show assets last booted starting 2 weeks ago, ending 1 second ago
system.lastBoot: [now-2w ... now-1s]
Show assets last booted on a specific date
system.lastBoot:'2016-01-08'
system.manufacturerUse quotes or backticks within values to help you find the system manufacturer you're looking for. Quotes can be used when the value has more than one word.Examples
Show any findings with this name
system.manufacturer: dell
Show any findings that match exact value
system.manufacturer: `dell`
system.modelUse quotes or backticks within values to help you find the system model you're looking for. Quotes can be used when the value has more than one word.Examples
Show any findings with this name
system.model: optiplex
Show any findings that match exact value
system.model: `optiplex`
system.timezoneUse a text value ##### in quotes to find assets with a certain timezone set.Example
Show assets with this timezone
system.timezone: "-08:00"
system.totalMemoryUse an integer value ##### to help you find assets with a certain total system memory.Example
Show assets with this total system memory
system.totalMemory: 1024
udcManifestAssignedUse the values true | false to find assets with PC agents assigned a UDC manifest. Assets are found when agents have the PC module enabled and one or more user defined controls have been added to your subscription.Examples
Show assets with agents assigned a UDC manfest
udcManifestAssigned: "true"
Show assets with agents not assigned a UDC manifest
udcManifestAssigned: "false"
updatedUse a date range or specific date to define when assets were updated (i.e. when re-scanned by a scanner appliance, or when host data uploaded to the cloud platform by an agent).Examples
Show assets updated within certain dates
updated: [2016-01-01 ... 2016-01-10]
Show assets updated starting 2015-10-01, ending 3 months ago
updated: [2015-10-01 ... now-3M]
Show assets updated starting 2 weeks ago, ending 1 second ago
updated: [now-2w ... now-1s]
Show assets updated on a specific date
updated:'2016-01-10'
volumes.freeUse an integer value ##### to help you find assets with a certain free volume space.Example
Show assets with this free volume space
volumes.free: 448312320
volumes.nameUse a text value ##### to find assets with a certain volume name.Example
Show assets with this volume name
volumes.name: /boot
volumes.sizeUse an integer value ##### to help you find assets with a certain volume size.Example
Show assets with this volume size
volumes.size: 481529856
vulnerabilitiesChoose the value * to find assets with vulnerabilities.Example
Show all findings that have vulnerabilities
vulnerabilities: *
vulnerabilities.firstFoundUse a date range or specific date to define when findings were first found.Examples
Show findings first found within certain dates
vulnerabilities.firstFound: [2015-10-21 ... 2015-10-30]
Show findings first found starting 2015-10-01, ending 1 month ago
vulnerabilities.firstFound: [2015-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second ago
vulnerabilities.firstFound: [now-2w ... now-1s]
Show findings first found on certain date
vulnerabilities.firstFound:'2015-11-11'
vulnerabilities.lastFoundUse a date range or specific date to define when findings were last found.Examples
Show findings last found within certain dates
vulnerabilities.lastFound: [2015-10-21 ... 2016-01-15]
Show findings last found starting 2016-01-01, ending 1 month ago
vulnerabilities.lastFound: [2016-01-01 ... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
vulnerabilities.lastFound: [now-2w ... now-1s]
Show findings last found on certain date
vulnerabilities.lastFound:'2016-01-11'
Show findings last found on 2017-01-12 with patch available
vulnerabilities: (lastFound: '2017-01-12' AND vulnerability.patchAvailable: "true")
vulnerabilities.typeDetectedSelect a detection type (e.g. Confirmed, Potential, Information) to find assets with vulnerabilities of this type. Select from names in the drop-down menu. Example
Show findings with this type
vulnerabilities.typeDetected: "Confirmed"
vulnerabilities.vulnerability.authTypesSelect the name (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc) of an authentication type you're interested in. Select from names in the drop-down menu.Example
Show findings with Windows auth type
vulnerabilities.vulnerability.authTypes: "WINDOWS_AUTH"
vulnerabilities.vulnerability.bugTraqIdsUse a text value ##### to find a BugTraq number you're interested in.Example
Show findings with BugTraq ID 22211
vulnerabilities.vulnerability.bugTraqIds: 22211
vulnerabilities.vulnerability.categorySelect a category (CGI, Database, DNS, BIND, etc) to find vulnerabilities with this category. Select from names in the drop-down menu.Example
Show findings with the category CGI
vulnerabilities.vulnerability.category: "CGI"
vulnerabilities.vulnerability.compliance.descriptionUse quotes or backticks within values to help you find the compliance description you're looking for. Quotes can be used when the value has more than one word.Examples
Show any findings related to this description
vulnerabilities.vulnerability.compliance.description: malicious software
Show any findings that contain "malicious" or "software" in description
vulnerabilities.vulnerability.compliance.description: "malicious software"
Show any findings that match exact value
vulnerabilities.vulnerability.compliance.description: `malicious software`
vulnerabilities.vulnerability.compliance.sectionUse quotes or backticks within values to help you find the compliance section you're looking for. Quotes can be used when the value has more than one word.Examples
Show any findings related to this section
vulnerabilities.vulnerability.compliance.section: 164.308
Show any findings that match exact value
vulnerabilities.vulnerability.compliance.section: `164.308`
vulnerabilities.vulnerability.compliance.typeSelect the name ##### of a compliance type you're interested in (e.g. COBIT, HIPAA, GLBA, SOX). Select from names in the drop-down menu.Example
Show findings with the compliance type HIPAA
vulnerabilities.vulnerability.compliance.type: "HIPAA"
vulnerabilities.vulnerability.cveIdsUse a text value ##### to find the CVE name you're interested in.Example
Show findings with CVE name CVE-2015-0313
vulnerabilities.vulnerability.cveIds: CVE-2015-0313
Note: The CVE in the query is case sensitive and must be used in capital case.
vulnerabilities.vulnerability.cvssInfo.accessVectorSelect the name ##### of a CVSS access vector you'd like to find (e.g. UNDEFINED, LOCAL_ACCESS, ADJACENT_NETWORK, NETWORK). Select from names in the drop-down menu.Example
Show findings with this name
vulnerabilities.vulnerability.cvssInfo.accessVector: "NETWORK"
vulnerabilities.vulnerability.cvssInfo.baseScoreUse an integer value ##### to help you find the CVSS base score you're interested in.Example
Show assets with this score
vulnerabilities.vulnerability.cvssInfo.baseScore: 7.8
vulnerabilities.vulnerability.cvssInfo.temporalScoreUse an integer value ##### to help you find the CVSS temporal score you're interested in.Example
Show assets with this score
vulnerabilities.vulnerability.cvssInfo.temporalScore: 6.4
vulnerabilities.vulnerability.descriptionUse quotes or backticks within values to help you find the vulnerability description you're looking for. Quotes can be used when the value has more than one word.Examples
Show any findings related to description
vulnerabilities.vulnerability.description: remote code execution
Show any findings that contain "remote" or "code" in description
vulnerabilities.vulnerability.description: "remote code execution"
Show any findings that match exact value
vulnerabilities.vulnerability.description: `remote code execution`
vulnerabilities.vulnerability.discoveryTypesSelect a discovery type (Remote or Authenticated) to find assets with vulnerabilities having this discovery type. Select from names in the drop-down menu.Example
Show findings with Remote discovery type
vulnerabilities.vulnerability.discoveryTypes: Remote
vulnerabilities.vulnerability.exploitabilityUse quotes or backticks within values to help you find known exploit description you're looking for. Quotes can be used when the value has more than one word.Examples
Show any findings related to this description
vulnerabilities.vulnerability.exploitability: GIF Parser Heap
Show any findings that contain "GIF", "Parser" or "Heap" in description
vulnerabilities.vulnerability.exploitability: "GIF Parser Heap"
Show any findings that match exact value
vulnerabilities.vulnerability.exploitability: `GIF Parser Heap`
vulnerabilities.vulnerability.flagsUse a text value ##### to find the Qualys defined vulnerability property of interest (e.g. REMOTE, WINDOWS_AUTH, UNIX_AUTH etc, PCI_RELATED).Example
Show findings with this property
vulnerabilities.vulnerability.flags: PCI_RELATED
vulnerabilities.vulnerability.impactUse quotes or backticks within values to help you find the impact you're looking for.Example
Show any findings related to impact
vulnerabilities.vulnerability.impact: sensitive information
Show any findings that contain "sensitive" or "information" in consequence
vulnerabilities.vulnerability.impact: "sensitive information"
Show any findings that match exact value "sensitive information"
vulnerabilities.vulnerability.impact: 'sensitive information'
vulnerabilities.vulnerability.listsUse a text value ##### to find the vulnerability list of interest (e.g. SANS_20, QUALYS_20, QUALYS_INT_10, QUALYS_EXT_10).Example
Show findings with vulnerabilities in SANS Top 20
vulnerabilities.vulnerability.lists: SANS_20
vulnerabilities.vulnerability.osUse quotes or backticks within values to help you find the operating system vulnerabilities were detected on. Quotes can be used when the value has more than one word.Examples
Show any findings related to this OS value
vulnerabilities.vulnerability.os: windows
Show any findings that match exact value
vulnerabilities.vulnerability.os: `windows`
vulnerabilities.vulnerability.patchAvailableUse the values true | false to define vulnerabilities with patch available.Examples
Show findings with patch available
vulnerabilities.vulnerability.patchAvailable: "true"
Show findings with no patch available
vulnerabilities.vulnerability.patchAvailable: "false"
vulnerabilities.vulnerability.patchesUse an integer value ##### to help you find the patch QID you're interested in.Example
Show assets with this patch QID
vulnerabilities.vulnerability.patches: 90753
vulnerabilities.vulnerability.publishedUse a date range or specific date to define when vulnerabilities were first published in the KnowledgeBase.Examples
Show findings for vulnerabilities published within certain dates
vulnerabilities.vulnerability.published: [2015-10-21 ... 2016-01-15]
Show findings for vulnerabilities published starting 2016-01-01, ending 1 month ago
vulnerabilities.vulnerability.published: [2016-01-01 ... now-1M]
Show findings for vulnerabilities published starting 2 weeks ago, ending 1 second ago
vulnerabilities.vulnerability.published: [now-2w ... now-1s]
Show findings for vulnerabilities published on certain date
vulnerabilities.vulnerability.published:'2015-07-15'
vulnerabilities.vulnerability.qidUse an integer value ##### to filter assets with specific QID. By default, the results exclude the vulnerabilities with the Fixed status.Example
Show findings with QID 90405
vulnerabilities.vulnerability.qid: 90405
vulnerabilities.vulnerability.riskUse an integer value ##### to define the vulnerability risk rating you're interested in. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.Example
Show findings with risk 50
vulnerabilities.vulnerability.risk: 50
vulnerabilities.vulnerability.sans20CategoriesUse a text value ##### to find vulnerabilities in the SANS 20 category you're interested in (e.g. Anti-virus Software, Backup Software, etc).Example
Show findings with this category name
vulnerabilities.vulnerability.sans20Categories: "Media Players"
vulnerabilities.severitySelect a severity (1-5) to find assets having vulnerabilities with this severity. Select from values in the drop-down menu.Example
Show findings with severity 4
vulnerabilities.severity: "4"
vulnerabilities.vulnerability.solutionUse quotes or backticks within values to help you find the solution you're looking for. Quotes can be used when the value has more than one word.Examples
Show any findings related to this solution
vulnerabilities.vulnerability.solution: Bulletin MS10-006
Show any findings that contain parts of solution
vulnerabilities.vulnerability.solution: "Bulletin MS10-006"
Show any findings that match exact value
vulnerabilities.vulnerability.solution: `Bulletin MS10-006`
vulnerabilities.vulnerability.titleUse quotes or backticks within values to help you find the title you're looking for. Quotes can be used when the value has more than one word.Examples
Show any findings related to this title
vulnerabilities.vulnerability.title: Remote Code Execution
Show any findings that contain "Remote" or "Code" in title
vulnerabilities.vulnerability.title: "Remote Code"
Show any findings that match exact value
vulnerabilities.vulnerability.title: `Remote Code`
vulnerabilities.vulnerability.typesSelect a detection type (e.g. Vulnerability, Potential, Information) to find assets with vulnerabilities of this type. Select from names in the drop-down menu. Example
Show findings with this type
vulnerabilities.vulnerability.types: "VULNERABILITY"
vulnerabilities.vulnerability.updatedUse a date range or specific date to define when vulnerabilities were updated in the KnowledgeBase.Examples
Show vulnerabilities updated within certain dates
vulnerabilities.vulnerability.updated: [2015-10-21 ... 2015-10-30]
Show vulnerabilities updated starting 2015-11-01, ending 1 month ago
vulnerabilities.vulnerability.updated: [2015-11-01 ... now-1M]
Show vulnerabilities updated stating 2 weeks ago, ending 1 second ago
vulnerabilities.vulnerability.updated: [now-2w ... now-1s]
Show vulnerabilities updated on certain date
vulnerabilities.vulnerability.updated: '2015-03-08'
vulnerabilities.vulnerability.vendorRefsUse a text value ##### to find the vendor reference you're interested in.Example
Show findings with this reference
vulnerabilities.vulnerability.vendorRefs: KB3021953
andUse a boolean query to express your query using AND logic.Example
Show assets with operating system Windows and Linux
operatingSystem: windows and operatingSystem: linux
Example
Show assets that don't have Windows operating system
not operatingSystem: windows
orUse a boolean query to express your query using OR logic.Example
Show assets with one of these tag names
tag.name: Cloud Agent or tag.name: HQ
Example
Show host assets, where VM scan is performed with the specified manifest version
vmManifestVersion: "VULNSIGS-VM-0.49.0.0-18"
Example
Show host assets, where PC scan is performed with the specified manifest version
pcManifestVersion: "VULNSIGS-PC-2.5.889-6"
Example
Show host assets, where SCA scan is performed with the specified manifest version
scaManifestVersion: "VULNSIGS-SCA-2.5.891-2"
Example
Show host assets, where UDC scan is performed with the specified manifest version
udcManifestVersion: "UDCVULNSIGS-1014"
Example
Show host assets, where middleware scan is performed with the specified manifest version
middlewareManifestVersion: "VULNSIGS-MIDDLEWARE-SCAN-2.5.884-2"
Examples
Show assets that has at least one of the software components from the list, is identified.
swCAIdealCandidate: "true"
Show assets where none of the software components from the list are identified.
swCAIdealCandidate: "false"
Use a date value to find the Cloud Agent hosts with specific last SwCA scan date or date range.
Examples
Show the list of Cloud Agent hosts with specified last SwCA scan date.
lastSwCAScanDate: '2024-10-31'
Show the list of Cloud Agent hosts with last SwCA scan date between 2024-09-11 and 2024-10-31.
lastSwCAScanDate: [2024-09-11...2024-10-31]
Show the list of Cloud Agent hosts with last SwCA scan date greater than 2024-06-27.
lastSwCAScanDate > '2024-06-27'
Show the list of Cloud Agent hosts with last SwCA scan date less than or equal to 2024-10-31.
lastSwCAScanDate =< '2024-10-31'
Use these tokens for searching Oracle Cloud Compute instances (OCI).
oci.compute.ociIdUse a text value ##### to search all assets with the specified OCI ID.Example
Show assets with this OCI ID
oci.compute.ociId:ocid1.compartment.oc1..1234567lbhcx2ajiagh57wrurvqs2ubd4ttaimgy22cxh3r6brpmmugq'
oci.compute.compartmentIdUse a text value ##### to search all assets with the specified OCI compartment ID.Example
Show assets with this OCI compartment ID
oci.compute.compartmentId:ocid1.compartment.oc1..123452sjze35z6bkhvwjtzzgcp534zj4o75tgsizg3q36wl447jvfg6dq'
oci.compute.displayNameUse a text value ##### to search all assets with the specified display name.Example
Show assets with display name oracle 8.
oci.compute.displayName:oracle 8
oci.compute.shapeUse a text value ##### to search all assets with the specified shape.Example
Show all assets with the shape x5-2.36.512
oci.compute.shape:x5-2.36.512
oci.compute.regionUse a text value ##### to search all assets in the specified region.Example
Show all assets with the region us-east-1
oci.compute.region:us-east-1
oci.compute.regionKeyUse a text value ##### to search all assets with the specified region key.Example
Show all assets with the region key SYD
oci.compute.regionKey:SYD
oci.compute.regionRealmUse a text value ##### to search all groups with the specified region realm.Example
Show all assets with the region realm OC1
oci.compute.regionRealm:OC1
oci.compute.availabilityDomainUse a text value ##### to search all assets with the specified available domain.Example
Show all assets with the available domain Lhkx:US-ASHBURN-AD-1
oci.compute.availabilityDomain:Lhkx:US-ASHBURN-AD-1
oci.compute.timeCreatedUse a text value ##### to search all assets created at the specified time.Example
Show all assets with the created time 2021-02-09T07:24:31.000Z (Use 2021-02-09 while searching in UI)
oci.compute.timeCreated:2021-02-09
oci.compute.imageIdUse a text value ##### to search all assets with the specified image ID.Example
Show all assets with the ocid1.image.oc1.iad.aaaaaaaaffp3cnkpfxibzrdkfnxbitkgxk7al33rrhpzhfnrhfv7ml2xdpyq image ID
oci.compute.imageId:ocid1.image.oc1.iad.aaaaaaaaffp3cnkpfxibzrdkfnxbitkgxk7al33rrhpzhfnrhfv7ml2xdpyq
oci.compute.faultDomainUse a text value ##### to search all assets with the specified fault domain.Example
Show all assets with fault domain FAULT-DOMAIN-1
oci.compute.faultDomain:FAULT-DOMAIN-1
oci.compute.hostNameUse a text value ##### to search all assets with the specified host name.Example
Show all findings with the host name oracle-8
oci.compute.hostName:oracle-8
oci.compute.canonicalRegionNameUse a text value ##### to search all assets having the specified canonical region name.Example
Show all assets with the canonical region name us-ashburn-1
oci.compute.canonicalRegionName:us-ashburn-1
oci.compute.isQualysScannerUse the values true | false to list all assets that are Qualys Scanner. Choose True to list all assets that are Qualys Scanner and choose False to list all assets that are not Qualys Scanner.Example
Show all assets that are Qualys Scanner.
oci.compute.isQualysScanner:"true"
oci.compute.hasAgentUse the values true | false to list all assets that have cloud agents. Choose True to list all assets having cloud agents and choose False to list all assets that do not have cloud agents.Example
Show all assets with having cloud agent installed
oci.compute.hasAgent:"true"
oci.vnic.vnicIdUse a text value ##### to search all assets with the specified VNIC ID.Example
Show all assets with the VNIC ID ocid1.vnic.oc1.iad.abuwcljt6cdjcuwhkce37madk4p6bd6ocjknilpwzai5rsyjejteiodyp22q
oci.vnic.vnicId:ocid1.vnic.oc1.iad.abuwcljt6cdjcuwhkce37madk4p6bd6ocjknilpwzai5rsyjejteiodyp22q
oci.vnic.vcnIdUse a text value ##### to search all assets with the specified VCN ID.Example
Show all assets with this VCN ID
oci.vnic.vcnId:ocid1.vnic.oc1.iad.abuwcljt6cdjcuwhkce37madk4p6bd6ocjknilpwzai5rsyjejteiodyp22q
oci.vnic.privateIpUse a text value ##### to search all assets with the specified private IP.Example
Show all assets with this private IP
oci.vnic.privateIp:10.0.0.222
oci.vnic.vlanTagUse a text value ##### to search all assets with the specified vlan tag.Example
Show all assets with the vlan tag 1
oci.vnic.vlanTag:1
oci.vnic.macAddrUse a text value ##### to search all assets with the specified MAC address.Example
Show all assets with the MAC address 02:00:17:06:bd:b3
oci.vnic.macAddr:02:00:17:06:bd:b3
oci.vnic.virtualRouterIpUse a text value ##### to search all assets with the specified router IP.Example
Show all assets with the router IP 10.0.0.1
oci.vnic.virtualRouterIp:10.0.0.1
oci.vnic.subnetCidrBlockUse a text value ##### to search all assets with the specified block.Example
Show all assets with the block 10.0.0.0/24
oci.vnic.subnetCidrBlock:10.0.0.0/24
oci.vnic.nicIndexUse a text value ##### to search all assets with the specified index.Example
Show all assets with the index 1
oci.vnic.nicIndex:1
oci.compute.stateUse a text value ##### to search all assets with specific compute state.Example
Show all assets with the compute state Starting
oci.compute.state:STARTING