Search Token Mapping
We have implemented standardized search tokens across all Qualys applications. As part of this enhancement, both common and Cloud Agent-specific tokens are updated with new token names that follow a standard and consistent nomenclature.
The new token format follows the syntax: entity.attribute
For example, in the new token, agent.version, where agent is the entity, and version is the attribute.
The following table gives the complete mapping of old search tokens and new tokens.
General Cloud Agent Tokens
The following search tokens are available for all the Cloud Agent users.
General Search TokensGeneral Search Tokens
| Old Token Name | New Token Name |
|---|---|
| vulnerabilities.vulnerability.cveIds | vulnerabilities.vulnerability.cveId |
| vulnerabilities.firstFound | vulnerabilities.firstFoundDate |
| vulnerabilities.lastFound | vulnerabilities.lastFoundDate |
| vulnerabilities.severity | vulnerabilities.severity |
| vulnerabilities.vulnerability.title | vulnerabilities.vulnerability.title |
| vulnerabilities.typeDetected | vulnerabilities.typeDetected |
| vulnerabilities.vulnerability.description | vulnerabilities.vulnerability.description |
| vulnerabilities.vulnerability.qid | vulnerabilities.vulnerability.qid |
| vulnerabilities | asset.isVulnerable |
| vulnerabilities.vulnerability.impact | vulnerabilities.vulnerability.impact |
| vulnerabilities.vulnerability.solution | vulnerabilities.vulnerability.solution |
| vulnerabilities.vulnerability.os | vulnerabilities.vulnerability.operatingSystem.name |
| vulnerabilities.vulnerability.flags | vulnerabilities.vulnerability.flag |
| vulnerabilities.vulnerability.patches | vulnerabilities.vulnerability.patches |
| vulnerabilities.vulnerability.exploitability | vulnerabilities.vulnerability.exploitability |
| vulnerabilities.vulnerability.patchAvailable | vulnerabilities.vulnerability.isPatchAvailable |
| vulnerabilities.vulnerability.vendorRefs | vulnerabilities.vulnerability.vendorRef |
| vulnerabilities.vulnerability.bugTraqIds | vulnerabilities.vulnerability.bugTraqId |
| vulnerabilities.vulnerability.sans20Categories | vulnerabilities.vulnerability.sans20Categories |
| vulnerabilities.vulnerability.lists | vulnerabilities.vulnerability.list |
| vulnerabilities.vulnerability.compliance.type | vulnerabilities.vulnerability.compliance.type |
| vulnerabilities.vulnerability.compliance.section | vulnerabilities.vulnerability.compliance.section |
| vulnerabilities.vulnerability.compliance.description | vulnerabilities.vulnerability.compliance.description |
| vulnerabilities.vulnerability.category | vulnerabilities.vulnerability.category |
| vulnerabilities.vulnerability.types | vulnerabilities.vulnerability.type |
| vulnerabilities.vulnerability.risk | vulnerabilities.vulnerability.risk |
| vulnerabilities.vulnerability.published | vulnerabilities.vulnerability.publishedDate |
| vulnerabilities.vulnerability.updated | vulnerabilities.vulnerability.updatedDate |
| vulnerabilities.vulnerability.discoveryTypes | vulnerabilities.vulnerability.discoveryType |
| vulnerabilities.vulnerability.authTypes | vulnerabilities.vulnerability.authType |
| vulnerabilities.vulnerability.cvssInfo.accessVector | vulnerabilities.vulnerability.cvss2AccessVector |
| vulnerabilities.vulnerability.cvssInfo.baseScore | vulnerabilities.vulnerability.cvss2BaseScore |
| vulnerabilities.vulnerability.cvssInfo.temporalScore | vulnerabilities.vulnerability.cvss2TemporalScore |
| provider | cloud.provider |
| activatedForModules | sensor.activatedForModules |
| interfaces.hostname | asset.interface.hostname |
| interfaces.address | asset.interface.address |
| interfaces.gatewayAddress | asset.interface.gatewayAddress |
| interfaces.interfaceName | asset.interface.name |
| interfaces.macAddress | asset.interface.macAddress |
| interfaces.dnsAddress | asset.interface.dnsAddress |
| connectedFrom | agent.connectedFrom |
| agentId | agent.id |
| configurationProfile | agent.configurationProfile |
| agentVersion | agent.version |
| agentActivations.key | agent.activations.key |
| agentActivations.status | agent.activations.status |
| lastInventory | agent.lastInventoryDate |
| lastCheckedIn | agent.lastCheckedInDate |
| lastActivity | agent.lastActivityDate |
| alibaba.instance.accountId | alibaba.instance.accountId |
| alibaba.instance.dnsServer | alibaba.instance.dnsServer |
| alibaba.instance.hasAgent | alibaba.instance.hasAgent |
| alibaba.instance.hostName | alibaba.instance.hostName |
| alibaba.instance.imageId | alibaba.instance.imageId |
| alibaba.instance.instanceId | alibaba.instance.instanceId |
| alibaba.instance.instanceState | alibaba.instance.instanceState |
| alibaba.instance.instanceType | alibaba.instance.instanceType |
| alibaba.instance.interfaceId | alibaba.instance.interfaceId |
| alibaba.instance.macAddress | alibaba.instance.macAddress |
| alibaba.instance.networkType | alibaba.instance.networkType |
| alibaba.instance.privateIpAddress | alibaba.instance.privateIpAddress |
| alibaba.instance.publicIpAddress | alibaba.instance.publicIpAddress |
| alibaba.instance.region.code | alibaba.instance.regionCode |
| alibaba.instance.region.name | alibaba.instance.regionName |
| alibaba.instance.serialNumber | alibaba.instance.serialNumber |
| alibaba.instance.vpcCidrBlock | alibaba.instance.vpcCidrBlock |
| alibaba.instance.vpcId | alibaba.instance.vpcId |
| alibaba.instance.vswitchCidrBlock | alibaba.instance.vswitchCidrBlock |
| alibaba.instance.vswitchId | alibaba.instance.vswitchId |
| alibaba.instance.zoneId | alibaba.instance.zoneId |
| name | asset.name |
| created | asset.createdDate |
| netbiosName | asset.netbiosName |
| accounts.username | account.username |
| azure.tags | azure.tag |
| azure.tags.name | azure.tag.name |
| azure.tags.value | azure.tag.value |
| azure.vm.imageOffer | azure.vm.imageOffer |
| azure.vm.imagePublisher | azure.vm.imagePublisher |
| azure.vm.imageVersion | azure.vm.imageVersion |
| azure.vm.location | azure.vm.location |
| azure.vm.macAddress | azure.vm.macAddress |
| azure.vm.name | azure.vm.name |
| azure.vm.platform | azure.vm.platform |
| azure.vm.privateIpAddress | azure.vm.privateIpAddress |
| azure.vm.publicIpAddress | azure.vm.publicIpAddress |
| azure.vm.resourceGroupName | azure.vm.resourceGroupName |
| azure.vm.size | azure.vm.size |
| azure.vm.state | azure.vm.state |
| azure.vm.subnet | azure.vm.subnet |
| azure.vm.subscriptionId | azure.vm.subscriptionId |
| azure.vm.vmId | azure.vm.vmId |
| gcp.compute.hostname | gcp.compute.hostname |
| gcp.compute.imageId | gcp.compute.imageId |
| gcp.compute.instanceId | gcp.compute.instanceId |
| gcp.compute.macAddress | gcp.compute.macAddress |
| gcp.compute.machineType | gcp.compute.machineType |
| gcp.compute.network | gcp.compute.network |
| gcp.compute.privateIpAddress | gcp.compute.privateIpAddress |
| gcp.compute.projectId | gcp.compute.projectId |
| gcp.compute.projectNumber | gcp.compute.projectNumber |
| gcp.compute.publicIpAddress | gcp.compute.publicIpAddress |
| gcp.compute.state | gcp.compute.state |
| gcp.compute.zone | gcp.compute.zone |
| ibm.tags.name | ibm.tag.name |
| ibm.tags.value | ibm.tag.value |
| ibm.virtualServer.datacenterId | ibm.virtualServer.datacenterId |
| ibm.virtualServer.deviceName | ibm.virtualServer.deviceName |
| ibm.virtualServer.domain | ibm.virtualServer.domain |
| ibm.virtualServer.id | ibm.virtualServer.id |
| ibm.virtualServer.location | ibm.virtualServer.location |
| ibm.virtualServer.privateIpAddress | ibm.virtualServer.privateIpAddress |
| ibm.virtualServer.privateVlan | ibm.virtualServer.privateVlan |
| ibm.virtualServer.publicIpAddress | ibm.virtualServer.publicIpAddress |
| ibm.virtualServer.publicVlan | ibm.virtualServer.publicVlan |
| middlewareLastManifestVersionProcessed | asset.middlewareManifestVersion |
| pcLastManifestVersionProcessed | asset.pcManifestVersion |
| paLastManifestVersionProcessed | asset.paManifestVersion |
| scaLastManifestVersionProcessed | asset.scaManifestVersion |
| qualysCorrelationID | agent.qualysCorrelationId |
| udcLastManifestVersionProcessed | asset.udcManifestVersion |
| vmLastManifestVersionProcessed | asset.vmManifestVersion |
| oci.compute.availabilityDomain | oci.compute.availabilityDomain |
| oci.compute.canonicalRegionName | oci.compute.canonicalRegionName |
| oci.compute.compartmentId | oci.compute.compartmentId |
| oci.compute.displayName | oci.compute.displayName |
| oci.compute.faultDomain | oci.compute.faultDomain |
| oci.compute.hasAgent | oci.compute.hasAgent |
| oci.compute.hostName | oci.compute.hostName |
| oci.compute.imageId | oci.compute.imageId |
| oci.compute.isQualysScanner | oci.compute.isQualysScanner |
| oci.compute.ociId | oci.compute.id |
| oci.compute.region | oci.compute.region |
| oci.compute.regionKey | oci.compute.regionKey |
| oci.compute.regionRealm | oci.compute.regionRealm |
| oci.compute.shape | oci.compute.shape |
| oci.compute.state | oci.compute.state |
| oci.compute.timeCreated | oci.compute.timeCreated |
| oci.tags | oci.tag.name |
| oci.tags.key | oci.tag.key |
| oci.tags.namespace | oci.tag.namespace |
| oci.tags.value | oci.tag.value |
| oci.vnic.macAddr | oci.vnic.macAddr |
| oci.vnic.nicIndex | oci.vnic.nicIndex |
| oci.vnic.privateIp | oci.vnic.privateIp |
| oci.vnic.subnetCidrBlock | oci.vnic.subnetCidrBlock |
| oci.vnic.virtualRouterIp | oci.vnic.virtualRouterIp |
| oci.vnic.vlanTag | oci.vnic.vlanTag |
| oci.vnic.vnicId | oci.vnic.vnicId |
| openPorts.description | openPorts.description |
| openPorts.detectedService | openPorts.detectedService |
| openPorts.port | openPorts.port |
| openPorts.protocol | openPorts.protocol |
| processors.description | processor.name |
| processors.speed | processor.speed |
| lastComplianceScanDate | sensor.lastComplianceScanDate |
| lastFullScan | sensor.lastFullScanDate |
| lastVmScanDate | sensor.lastVmAgentScanDate |
| services.description | image.service.description |
| services.name | image.service.name |
| services.status | image.service.status |
| software.name | software.name |
| software.version | software.version |
| tags.name | asset.tag.name |
| volumes.name | volume.name |
| volumes.size | volume.size |
| volumes.free | volume.free |
| system.biosDescription | asset.biosDescription |
| system.manufacturer | hardware.manufacturer |
| system.model | hardware.model |
| system.totalMemory | asset.totalMemory |
| system.timezone | asset.timezone |
| system.lastBoot | asset.lastBootDate |
| operatingSystem | operatingSystem.name |
| updated | asset.lastUpdatedDate |
| platformType | platform.type |
| lastLoggedOnUser | asset.lastLoggedOnUser |
| hostId | asset.hostId |
| udcManifestAssigned | asset.udcManifestAssigned |
| fimCapable | agent.fimCapable |
| iocCapable | agent.iocCapable |
| errorStatus | agent.errorStatus |
| lastSwCAScanDate | agent.lastSwCAScanDate |
| cpuCount | asset.cpuCount |
| agentStatus | agent.status |
| qualysCorrelationID | agent.qualysCorrelationId |
| swCAIdealCandidate | agent.swCAIdealCandidate |
| aws.ec2.instanceId | aws.ec2.instanceId |
| aws.ec2.instanceState | aws.ec2.instanceState |
| aws.ec2.instanceType | aws.ec2.instanceType |
| aws.ec2.hostname | aws.ec2.hostname |
| aws.ec2.privateIpAddress | aws.ec2.privateIpAddress |
| aws.ec2.publicDNS | aws.ec2.publicDns |
| aws.ec2.privateDNS | aws.ec2.privateDns |
| aws.ec2.isQualysScanner | aws.ec2.isQualysScanner |
| aws.ec2.hasAgent | aws.ec2.hasAgent |
| aws.ec2.publicIpAddress | aws.ec2.publicIpAddress |
| aws.ec2.spotInstance | aws.ec2.spotInstance |
| aws.ec2.kernelId | aws.ec2.kernelId |
| aws.ec2.vpcId | aws.ec2.vpcId |
| aws.ec2.availabilityZone | aws.ec2.availabilityZone |
| aws.ec2.region.code | aws.ec2.region.code |
| aws.ec2.imageId | aws.ec2.imageId |
| aws.ec2.subnetId | aws.ec2.subnetId |
| aws.ec2.launchDate | aws.ec2.launchDate |
| aws.ec2.accountId | aws.ec2.accountId |
| aws.ec2.region.name | aws.ec2.region.name |
| aws.tags | aws.tag |
| aws.tags.key | aws.tag.key |
| aws.tags.value | aws.tag.value |
Finding Tokens
The Finding tokens are available only for the users who has access to Enterprise TruRisk™ Management (ETM) application. The following table illustrates the normal vulnerability tokens and their corresponding finding tokens.
| Available Vulnerability Tokens | Corresponsing Finding Token |
|---|---|
| vulnerabilities.vulnerability.cveIds | finding.vulnerability.cveId |
| vulnerabilities.firstFound | finding.firstFoundDate |
| vulnerabilities.lastFound | finding.lastFoundDate |
| vulnerabilities.severity | finding.severity |
| vulnerabilities.vulnerability.title | finding.vulnerability.title |
| vulnerabilities.typeDetected | finding.typeDetected |
| vulnerabilities.vulnerability.description | finding.vulnerability.description |
| vulnerabilities.vulnerability.qid | finding.vulnerability.qid |
| vulnerabilities | asset.isVulnerable |
| vulnerabilities.vulnerability.impact | finding.vulnerability.impact |
| vulnerabilities.vulnerability.solution | finding.vulnerability.solution |
| vulnerabilities.vulnerability.os | finding.vulnerability.operatingSystem.name |
| vulnerabilities.vulnerability.flags | finding.vulnerability.flag |
| vulnerabilities.vulnerability.patches | finding.vulnerability.patches |
| vulnerabilities.vulnerability.exploitability | finding.vulnerability.exploitability |
| vulnerabilities.vulnerability.patchAvailable | finding.vulnerability.isPatchAvailable |
| vulnerabilities.vulnerability.vendorRefs | finding.vulnerability.vendorRef |
| vulnerabilities.vulnerability.bugTraqIds | finding.vulnerability.bugTraqId |
| vulnerabilities.vulnerability.sans20Categories | finding.vulnerability.sans20Categories |
| vulnerabilities.vulnerability.lists | finding.vulnerability.list |
| vulnerabilities.vulnerability.compliance.type | finding.vulnerability.compliance.type |
| vulnerabilities.vulnerability.compliance.section | finding.vulnerability.compliance.section |
| vulnerabilities.vulnerability.compliance.description | finding.vulnerability.compliance.description |
| vulnerabilities.vulnerability.category | finding.vulnerability.category |
| vulnerabilities.vulnerability.types | finding.vulnerability.type |
| vulnerabilities.vulnerability.risk | finding.vulnerability.risk |
| vulnerabilities.vulnerability.published | finding.vulnerability.publishedDate |
| vulnerabilities.vulnerability.updated | finding.vulnerability.updatedDate |
| vulnerabilities.vulnerability.discoveryTypes | finding.vulnerability.discoveryType |
| vulnerabilities.vulnerability.authTypes | finding.vulnerability.authType |
| vulnerabilities.vulnerability.cvssInfo.accessVector | finding.vulnerability.cvss2AccessVector |
| vulnerabilities.vulnerability.cvssInfo.baseScore | finding.vulnerability.cvss2BaseScore |
| vulnerabilities.vulnerability.cvssInfo.temporalScore | finding.vulnerability.cvss2TemporalScore |