Searching for Assets in Certificate View

You can use search tokens to search for asset information on the Assets tab.

asset:(assetInterface.addressasset:(assetInterface.address

Use a text value ##### to specify the host IP address.

Example

Show assets with this IP address

asset:(assetInterface.address: 10.20.30.40)

 

asset:(assetInterface.hostnameasset:(assetInterface.hostname

Use a text value ##### to specify the interface hostname.

Example

Show assets that have this hostname

asset:(assetInterface.hostname: xpsp2-jp-26-111)

 

asset:(externalasset:(external

Use the values true | false to find external assets. If the selected value is true, then the query displays all the external assets. If the selected value is false, then the query displays internal assets.

Examples

Show external assets.

asset:(external: true)

Show internal assets.

asset:(external: false)

asset:(nameasset:(name

Use a text value ##### to specify the asset name.

Example

Show the asset that have this specific name

asset:(name: server1)

 

asset:(netbiosNameasset:(netbiosName

Use a text value ##### to specify the host NetBios name.

Example

Show assets that have this host NetBios name

asset:(netbiosName: server1)

 

asset:(operatingSystemasset:(operatingSystem

Use quotes or backticks within values to find the operating system.

Examples

Show any findings with this OS name

asset:(operatingSystem: Windows 2012)

Show any findings that contain components of OS name

asset:(operatingSystem: "Windows 2012")

Show any findings that match exact value "Windows 2012"

asset:(operatingSystem: `Windows 2012`)

 

assets:(tags.nameassets:(tags.name

Use a text value ##### to specify the asset tag.

Example

Show assets that have this asset tag

assets:(tags.name: prod-dmz)

 

certificate:(archiveReasoncertificate:(archiveReason

Use a text value ##### to list all assets with certificates that were archived for the specified reason. Values can be: Expired, Ignored, Other, Renewed, Replaced, Retired, Revoked, Suspended.

Example

Show assets with certificates that were archived with reason: Revoked

certificate:(archiveReason: Revoked)

Show assets with certificates that were archived with reason: Expired

certificate:(archiveReason: Expired)

 

certificate:(approvedcertificate:(approved

Use the values true | false to find certificates from approved CAs.

Example

Show assets with certificates that have approval status true from approved CAs

certificate:(approved: true)

 

certificate:(certhashcertificate:(certhash

Use a text value ##### to specify certificate fingerprint of the certificates.

Example

Show certificates that have this hash value

certificate:(certhash: 20e1541486f2cd405559d8483a3663f2a77c3cf93c72f4f915259f084f814221)

 

certificate:(dncertificate:(dn

Use a text value ##### to list all certificates that have the specified subject identifier in the certificate subject distinguished name (DN).

Example

Show certificates that have this subject identifier in the distinguished name.

certificate:(dn: ST=California)

 

certificate:(expiryGroupcertificate:(expiryGroup

Use quotes or backticks within values to help you filter certificates according to expired time. Choose the values from: Expired or In n Days where n is any number

Examples

Show certificates which expired in last 20 days

certificate:(expiryGroup: "In 20 Days")

Show all expired certificates in your subscription

certificate:(expiryGroup: "Expired")

 

certificate:(isRenewablecertificate:(isRenewable

Use the values true | false to find assets with certificates that can only be renewed with Qualys. Certificates can be renewed with Qualys if they are issued by a DigiCert CA and are expiring in next 90 days or are already expired.

Example

Show assets with certificates that are renewable with Qualys

certificate:(isRenewable: true)

 

certificate:(issuer.countrycertificate:(issuer.country

Use a text value ##### to specify the country mentioned in the issuer distinguished name.

Example

Show assets with certificates that have this country in issuer DN

certificate:(issuer.country: US)

 

certificate:(issuer.namecertificate:(issuer.name

Use a text value ##### to specify name of the issuing certificate authority.

Example

Show assets with certificates having this issuing authority name

certificate:(issuer.name: Symantec Class 3 EV SSL CA - G3)

 

certificate:(issuer.organizationcertificate:(issuer.organization

Use a text value ##### to specify the organization mentioned in the issuer distinguished name.

Example

Show assets with certificates that have this organization in issuer DN

certificate:(issuer.organization: Symantec Corporation)

 

certificate:(issuer.organizationUnitcertificate:(issuer.organizationUnit

Use a text value ##### to specify the organization unit mentioned in the issuer distinguished name.

Example

Show assets with certificates that have this organization unit in issuer DN

certificate:(issuer.organizationUnit: Symantec Trust Network)

 

certificate:(issuerCategorycertificate:(issuerCategory

Use the values Self-signed | CA to specify the category of certificate.

Example

Show assets with DigiCert SHA2 Extended Validation Server CA certificates

certificate:(issuerCategory: DigiCert SHA2 Extended Validation Server CA )

 

certificate:(keySizecertificate:(keySize

Use a text value ##### to specify the key length of a certificate.

Example

Show assets with 2048-bit certificates

certificate:(keySize: 2048)

 

certificate:(selfSignedcertificate:(selfSigned

Use the values true | false to find assets with certificates that are self-signed.

Example

Show assets with certificates that are self-signed

certificate:(selfSigned: true)

 

certificate:(serialNumbercertificate:(serialNumber

Use the values ##### to find assets with a certificate having a specific serial number.

Example

Show assets with certificate that has this serial number

certificate:(serialNumber: "0686793b5f66d74e877cc09eedb09d90")

 

certificate:(signatureAlgorithmcertificate:(signatureAlgorithm

Use a text value ##### to specify the signing algorithm for a certificate.

Example

Show certificates that use this signature algorithm

certificate:(signatureAlgorithm: SHA256withRSA)

 

certificate:(subject.countrycertificate:(subject.country

Use a text value ##### to specify the country mentioned in the subject distinguished name.

Example

Show assets that have this country in subject DN

certificate:(subject.country: US)

 

certificate:(subject.localitycertificate:(subject.locality

Use a text value ##### to specify the locality mentioned in the subject distinguished name you’re interested in.

Example

Show assets that have this locality in subject DN

certificate:(subject.locality: Redwood City)

 

certificate:(subject.namecertificate:(subject.name

Use a text value ##### to define the certificate name.

Example

Show assets that have certificates with this name

certificate:(subject.name: www.qualys.com)

 

certificate:(subject.organizationcertificate:(subject.organization

Use a text value ##### to specify the organization mentioned in the subject distinguished name.

Example

Show assets with certificates that have this organization in subject DN

certificate:(subject.organization: Qualys, Inc.)

 

certificate:(subject.statecertificate:(subject.state

Use a text value ##### to specify the state mentioned in the subject distinguished name.

Example

Show assets with certificates that have this state in subject DN

certificate:(subject.state: California)

 

certificate:(subjectAlternativeNames.dnsNamecertificate:(subjectAlternativeNames.dnsName

Use a text value ##### show the DNS Name in Certificate Subject Alternate Name (SAN).

Example

Show assets that have the specified DNS Name in Certificate SAN

certificate:(subjectAlternativeNames.dnsName: www.qualys.com)

 

certificate:(subjectAlternativeNames.ipAddresscertificate:(subjectAlternativeNames.ipAddress

Use a text value ##### to show the IP address in Certificate Subject Alternate Name (SAN).

Example

Show assets that have the specified the IP address in Certificate SAN

certificate:(subjectAlternativeNames.ipAddress: 10.113.197.210)

 

certificate:(validFromcertificate:(validFrom

Use a date range or specific date to define validation date of the certificates.

Examples

Show certificates that are valid within certain dates

certificate:(validFrom: [2018-06-15 .. 2018-06-30])

Show certificates that are valid on a specific date

certificate:(validFrom: '2017-12-14')

 

certificate:(validTocertificate:(validTo

Use a date range or specific date to define expiration date of the certificates.

Examples

Show assets with certificates that are expiring within certain dates

certificate:(validTo: [2018-06-15 .. 2018-06-30])

Show assets with certificates that are expiring on a specific date

certificate:(validTo: '2017-12-14')

 

certificate:(validitycertificate:(validity

Use an integer value ##### to search the certificates based on their validity.

Examples

Show all assets with certificates whose validity is greater than 200 days

certificate:(validity > 200)

Show all assets with certificates whose validity is less than 200 days

certificate:(validity < 200d)

Show all certificates whose validity is greater than 3 months. Here each month is considered as 30 days.

certificate:(validity > 3m)

Show all certificates whose validity is greater than 1 year. Here each year is considered as 365 days.

certificate:(validity > 1y)

 

instance:(cipherSuites.valueinstance:(cipherSuites.value

Use a text value ##### to list the assets that have cipher suits enabled in a SSL/TLS instance.

Example

Show assets that have this cipher suit enabled in the SSL/TLS instance

instance:(cipherSuites.value: DES-CBC3-SHA)

 

instance:(fqdninstance:(fqdn

Use a text value ##### to specify host FQDN of the asset.

Example

Show assets that have this host FQDN

instance:(fqdn: server1.qualys.com)

 

instance:(gradeinstance:(grade

Use a text value ##### to specify the Certificate Grade for an instance on the host.

Example

Show assets that have this Certificate Grade for an instance on the host

instance:(grade: B)

 

instance:(portinstance:(port

Use an integer value ##### to specify the listening port.

Example

Show assets that have this listening port open

instance:(port: 443)

 

instance:(serviceinstance:(service

Use a text value ##### to specify the service.

Example

Show assets that have this service

instance:(service: SMTP)

 

instance:(sourcesinstance:(sources

Use a text value ##### to find the assets that are scanned through VM (Vulnerability Management) or Qualys Cloud Agent. Values can be: VM or QAGENT.

Examples

Show assets that are scanned through VM (Vulnerability Management)

instance:(sources: VM)

Show assets that are scanned through Qualys Cloud Agent

instance:(sources: QAGENT)

instance:(sslProtocolsinstance:(sslProtocols

Use a value ##### to specify SSL/TLS protocols.

Example

Show assets that have this SSL/TLS protocol enabled

instance:(sslProtocols: TLSv1.2)

 

instance:(vulns.qidinstance:(vulns.qid

Use an integer value ##### to specify the vulnerability QID.

Example

Show assets that have this vulnerability QID

instance:(vulns.qid: 38603)

 

instance:(vulns.severityinstance:(vulns.severity

Use an integer value ##### to specify the vulnerability severity.

Example

Show assets that have this vulnerability severity

instance:(vulns.severity: 3)

 

instance:(vulns.titleinstance:(vulns.title

Use a text value ##### to specify vulnerability title.

Example

Show assets that have POODLE in the vulnerability title

instance:(vulns.title: POODLE)

 

certificate.request.cncertificate.request.cn

Use a text value ##### to specify the common name of the certificate.

Example

Show all certificates with common name certificate.qualys-demo.com

certificate.request.cn: certificate.qualys-demo.com

 

certificate.request.datecertificate.request.date

Use a date range or specific date to define when certificates were requested.

Examples

Show findings with certificates requested within certain dates

certificate.request.date: [2017-06-15 .. 2017-06-30]

Show findings with certificates requested starting 2017-06-22, ending 1 month ago

certificate.request.date: [2017-06-22 ..now-1M]

Show findings with certificates requested starting 2 weeks ago, ending 1 second ago

certificate.request.date: [now-2w .. now-1s]

Show findings with certificates requested on specific date

certificate.request.date: '2017-06-14'

 

certificate.request.statuscertificate.request.status

Use quotes or backticks within values to help you find the certificate request status. Choose the status values from: SUBMITTED, APPROVED, REJECTED, POSTED, DENIED.

Examples

Show any findings with this status

certificate.request.status: SUBMITTED

Show any findings that match exact value

certificate.request.status: "SUBMITTED"

 

certificate.request.typecertificate.request.type

Use the values ENROLLMENT | RENEWAL to specify the type of certificate request.

Example

Show all certificates requested for renewal

certificate.request.type: RENEWAL

 

Supported Boolean Operators

The Qualys Query Language (QQL) supports the following logical or Boolean query operators. Use these operators in your queries to narrow down or broaden your search.

andand

Narrow down the search by using the and operator in the Boolean query. The result contains all the token values that are provided in the query.

Example

Show the certificates issued by DigiCert and will expire in 30 days

certificate:(expiryGroup:In 30 Days and issuer.name:DigiCert)

 

notnot

Narrow down the search by using the not operator in the Boolean query. The result contains all the other values except the one specified after not in the query.

Example

Exclude the certificates that are issued by Qualys in the search result

certificate:(not issuer.organization:Qualys)

 

oror

Broaden the search by using the or operator in the Boolean query. The result contains any of the token values that are provided in the query.

Example

Show the assets having an operating system as Windows or Netscaler

asset:(operatingSystem:Windows or operatingSystem:Netscaler)

 

Note: We do not support nested queries for combination of NOT and OR operators.

For example, not certificate:(expiryGroup:In 90 Days ) or asset:(operatingSystem:'Windows') is not a supported query.