assets associatedSearch Tokens for Assets
You can use search tokens to search for asset information on the Assets tab.
asset:(assetInterface.addressasset:(assetInterface.address
Use a text value ##### to specify the host IP address.
Example
Show assets with this IP address
asset:(assetInterface.address: 10.20.30.40)
asset:(assetInterface.hostnameasset:(assetInterface.hostname
Use a text value ##### to specify the interface hostname.
Example
Show assets that have this hostname
asset:(assetInterface.hostname: xpsp2-jp-26-111)
asset:(externalasset:(external
Use the values true | false to find external assets. If the selected value is true, then the query displays all the external assets. If the selected value is false, then the query displays internal assets.
Examples
Show external assets.
asset:(external: true)
Show internal assets.
asset:(external: false)
Use a text value ##### to specify the asset name.
Example
Show the asset that have this specific name
asset:(name: server1)
asset:(netbiosNameasset:(netbiosName
Use a text value ##### to specify the host NetBios name.
Example
Show assets that have this host NetBios name
asset:(netbiosName: server1)
Use a text value ##### to specify WAS URL to search the assets scanned by WAS.
Example
Show the assets scanned by WAS using WAS URL
asset:(wasUrl:"https://www.example.com")
certificate:(archiveReasoncertificate:(archiveReason
Use a text value ##### to list all assets with certificates that were archived for the specified reason. Values can be: Expired, Ignored, Other, Renewed, Replaced, Retired, Revoked, Suspended.
Example
Show assets with certificates that were archived with reason: Revoked
certificate:(archiveReason: Revoked)
Show assets with certificates that were archived
with reason: Expired
certificate:(archiveReason: Expired)
certificate:(approvedcertificate:(approved
Use the values true | false to find certificates from approved CAs.
Example
Show assets with certificates that have approval status true from approved CAs
certificate:(approved: true)
certificate:(browserDistrust:certificate:(browserDistrust:
Use the value potential to search a list of assets associated with leaf certificates distrusted by Google Chrome.
Example
Show assets with leaf certificates distrusted by Google Chrome
certificate:(browserDistrust: potential)
certificate:(browserDistrustIssuedByEntrust:certificate:(browserDistrustIssuedByEntrust:
Use the subject name as the token value to search a list of assets associated with leaf certificates issued by the certificate authority (CA) Entrust, which Google Chrome no longer trusts. Token values are AffirmTrust Commercial | AffirmTrust Networking | AffirmTrust Premium | AffirmTrust Premium ECC | Entrust Root Certification Authority | Entrust Root Certification Authority - EC1 | Entrust Root Certification Authority - G2 | Entrust Root Certification Authority - G4 | Entrust.net Certification Authority (2048).
Example
Show the list of assets associated with leaf certificates by the certificate authority (CA) Entrust.
certificate:(browserDistrustIssuedByEntrust: Entrust Root Certification Authority)
certificate:(browserDistrustExpiryGroup:certificate:(browserDistrustExpiryGroup:
Use the time ranges to search for assets associated with leaf certificates issued by the certificate authority (CA) Entrust, which Google Chrome no longer trusts and are expiring during the period. Token values are 0-30 Days | 31-60 Days| 61-90 Days| 180+ Days | 91-180 Days | Expired
Example
Show the list of assets associated with leaf certificates expiring during the specified period issued by the certificate authority (CA) Entrust.
certificate:(browserDistrustExpiryGroup: 31-60 Days)
certificate:(certhashcertificate:(certhash
Use a text value ##### to specify certificate fingerprint of the certificates.
Example
Show certificates that have this hash value
certificate:(certhash: 20e1541486f2cd405559d8483a3663f2a77c3cf93c72f4f915259f084f814221)
certificate:(dncertificate:(dn
Use a text value ##### to list all certificates that have the specified subject identifier in the certificate subject distinguished name (DN).
Example
Show certificates that have this subject identifier in the distinguished name.
certificate:(dn: ST=California)
certificate:(expiryGroupcertificate:(expiryGroup
Use quotes or backticks within values to help you filter certificates according to expired time. Choose the values from: Expired or In n Days where n is any number
Examples
Show certificates which expired in last 20 days
certificate:(expiryGroup: "In 20 Days")
Show all expired certificates in your subscription
certificate:(expiryGroup: "Expired")
certificate:(isRenewablecertificate:(isRenewable
Use the values true | false to find assets with certificates that can only be renewed with Qualys. Certificates can be renewed with Qualys if they are issued by a DigiCert CA and are expiring in next 90 days or are already expired.
Example
Show assets with certificates that are renewable with Qualys
certificate:(isRenewable: true)
certificate:(issuer.countrycertificate:(issuer.country
Use a text value ##### to specify the country mentioned in the issuer distinguished name.
Example
Show assets with certificates that have this country in issuer DN
certificate:(issuer.country: US)
certificate:(issuer.namecertificate:(issuer.name
Use a text value ##### to specify name of the issuing certificate authority.
Example
Show assets with certificates having this issuing authority name
certificate:(issuer.name: Symantec Class 3 EV
SSL CA - G3)
certificate:(issuer.organizationcertificate:(issuer.organization
Use a text value ##### to specify the organization mentioned in the issuer distinguished name.
Example
Show assets with certificates that have this organization in issuer DN
certificate:(issuer.organization: Symantec Corporation)
certificate:(issuer.organizationUnitcertificate:(issuer.organizationUnit
Use a text value ##### to specify the organization unit mentioned in the issuer distinguished name.
Example
Show assets with certificates that have this organization unit in issuer DN
certificate:(issuer.organizationUnit: Symantec
Trust Network)
certificate:(issuerCategorycertificate:(issuerCategory
Use the values Self-signed | CA to specify the category of certificate.
Example
Show assets with DigiCert SHA2 Extended Validation Server CA certificates
certificate:(issuerCategory: DigiCert SHA2 Extended
Validation Server CA )
certificate:(keySizecertificate:(keySize
Use a text value ##### to specify the key length of a certificate.
Example
Show assets with 2048-bit certificates
certificate:(keySize: 2048)
certificate:(selfSignedcertificate:(selfSigned
Use the values true | false to find assets with certificates that are self-signed.
Example
Show assets with certificates that are self-signed
certificate:(selfSigned: true)
certificate:(serialNumbercertificate:(serialNumber
Use the values ##### to find assets with a certificate having a specific serial number.
Example
Show assets with certificate that has this serial number
certificate:(serialNumber: "0686793b5f66d74e877cc09eedb09d90")
certificate:(signatureAlgorithmcertificate:(signatureAlgorithm
Use a text value ##### to specify the signing algorithm for a certificate.
Example
Show certificates that use this signature algorithm
certificate:(signatureAlgorithm: SHA256withRSA)
certificate:(subject.countrycertificate:(subject.country
Use a text value ##### to specify the country mentioned in the subject distinguished name.
Example
Show assets that have this country in subject DN
certificate:(subject.country: US)
certificate:(subject.localitycertificate:(subject.locality
Use a text value ##### to specify the locality mentioned in the subject distinguished name you’re interested in.
Example
Show assets that have this locality in subject DN
certificate:(subject.locality: Redwood City)
certificate:(subject.namecertificate:(subject.name
Use a text value ##### to define the certificate name.
Example
Show assets that have certificates with this name
certificate:(subject.name: www.qualys.com)
certificate:(subject.organizationcertificate:(subject.organization
Use a text value ##### to specify the organization mentioned in the subject distinguished name.
Example
Show assets with certificates that have this organization in subject DN
certificate:(subject.organization: Qualys, Inc.)
certificate:(subject.statecertificate:(subject.state
Use a text value ##### to specify the state mentioned in the subject distinguished name.
Example
Show assets with certificates that have this state in subject DN
certificate:(subject.state: California)
certificate:(subjectAlternativeNames.dnsNamecertificate:(subjectAlternativeNames.dnsName
Use a text value ##### show the DNS Name in Certificate Subject Alternate Name (SAN).
Example
Show assets that have the specified DNS Name in Certificate SAN
certificate:(subjectAlternativeNames.dnsName: www.qualys.com)
certificate:(subjectAlternativeNames.ipAddresscertificate:(subjectAlternativeNames.ipAddress
Use a text value ##### to show the IP address in Certificate Subject Alternate Name (SAN).
Example
Show assets that have the specified the IP address in Certificate SAN
certificate:(subjectAlternativeNames.ipAddress: 10.113.197.210)
certificate:(typecertificate:(type
Use the values Intermediate | Leaf | Root to find assets associated with these certificate types.
Example
Show assets associated with leaf certificates
certificate:(type: leaf)
certificate:(validFromcertificate:(validFrom
Use a date range or specific date to define validation date of the certificates.
Examples
Show certificates that are valid within certain dates
certificate:(validFrom: [2018-06-15 .. 2018-06-30])
Show certificates that are valid on a specific date
certificate:(validFrom: '2017-12-14')
certificate:(validTocertificate:(validTo
Use a date range or specific date to define expiration date of the certificates.
Examples
Show assets with certificates that are expiring within certain dates
certificate:(validTo: [2018-06-15 .. 2018-06-30])
Show assets with certificates that are expiring on a specific date
certificate:(validTo: '2017-12-14')
certificate:(validitycertificate:(validity
Use an integer value ##### to search the certificates based on their validity.
Examples
Show all assets with certificates whose validity is greater than 200 days
certificate:(validity > 200)
Show all assets with certificates whose validity is less than 200 days
certificate:(validity < 200d)
Show all certificates whose validity is greater than 3 months. Here each month is considered as 30 days.
certificate:(validity > 3m)
Show all certificates whose validity is greater than 1 year. Here each year is considered as 365 days.
certificate:(validity > 1y)
instance:(cipherSuites.valueinstance:(cipherSuites.value
Use a text value ##### to list the assets that have cipher suits enabled in a SSL/TLS instance.
Example
Show assets that have this cipher suit enabled in the SSL/TLS instance
instance:(cipherSuites.value: DES-CBC3-SHA)
Use a text value ##### to specify host FQDN of the asset.
Example
Show assets that have this host FQDN
instance:(fqdn: server1.qualys.com)
instance:(gradeinstance:(grade
Use a text value ##### to specify the Certificate Grade for an instance on the host.
Example
Show assets that have this Certificate Grade for an instance on the host
instance:(grade: B)
Use an integer value ##### to specify the listening port.
Example
Show assets that have this listening port open
instance:(port: 443)
instance:(serviceinstance:(service
Use a text value ##### to specify the service.
Example
Show assets that have this service
instance:(service: SMTP)
instance:(sourcesinstance:(sources
Use a text value ##### to find the assets that are scanned through VM (Vulnerability Management), Qualys Cloud Agent, and WAS (Web Application Scanning). Values are IP Scanner, Cloud Agent, EASM and WAS.
Examples
Show assets that are scanned through VM (Vulnerability Management)
instance:(sources: IP Scanner)
Show assets that are scanned through Qualys Cloud Agent
instance:(sources: Cloud Agent)
Show assets that are scanned through EASM
instance:(sources: EASM)
Show assets that are scanned through WAS
instance:(sources: WAS)
instance:(sslProtocolsinstance:(sslProtocols
Use a value ##### to specify SSL/TLS protocols.
Example
Show assets that have this SSL/TLS protocol enabled
instance:(sslProtocols: TLSv1.2)
instance:(vulns.qidinstance:(vulns.qid
Use an integer value ##### to specify the vulnerability QID.
Example
Show assets that have this vulnerability QID
instance:(vulns.qid: 38603)
instance:(vulns.severityinstance:(vulns.severity
Use an integer value ##### to specify the vulnerability severity.
Example
Show assets that have this vulnerability severity
instance:(vulns.severity: 3)
instance:(vulns.titleinstance:(vulns.title
Use a text value ##### to specify vulnerability title.
Example
Show assets that have POODLE in the vulnerability title
instance:(vulns.title: POODLE)
certificate.request.cncertificate.request.cn
Use a text value ##### to specify the common name of the certificate.
Example
Show all certificates with common name certificate.qualys-demo.com
certificate.request.cn: certificate.qualys-demo.com
certificate.request.datecertificate.request.date
Use a date range or specific date to define when certificates were requested.
Examples
Show findings with certificates requested within certain dates
certificate.request.date: [2017-06-15 .. 2017-06-30]
Show findings with certificates requested starting 2017-06-22, ending 1 month ago
certificate.request.date: [2017-06-22 ..now-1M]
Show findings with certificates requested starting 2 weeks ago, ending 1 second ago
certificate.request.date: [now-2w .. now-1s]
Show findings with certificates requested on specific date
certificate.request.date: '2017-06-14'
certificate.request.statuscertificate.request.status
Use quotes or backticks within values to help you find the certificate request status. Choose the status values from: SUBMITTED, APPROVED, REJECTED, POSTED, DENIED.
Examples
Show any findings with this status
certificate.request.status: SUBMITTED
Show any findings that match exact value
certificate.request.status: "SUBMITTED"
certificate.request.typecertificate.request.type
Use the values ENROLLMENT | RENEWAL to specify the type of certificate request.
Example
Show all certificates requested for renewal
certificate.request.type: RENEWAL
Supported Boolean Operators
The Qualys Query Language (QQL) supports the following logical or Boolean query operators. Use these operators in your queries to narrow down or broaden your search.
Narrow down the search by using the and operator in the Boolean query. The result contains all the token values that are provided in the query.
Example
Show the certificates issued by DigiCert and will expire in 30 days
certificate:(expiryGroup:In 30 Days and
issuer.name:DigiCert)
Narrow down the search by using the not operator in the Boolean query. The result contains all the other values except the one specified after not in the query.
Example
Exclude the certificates that are issued by Qualys in the search result
certificate:(not issuer.organization:Qualys)
Broaden the search by using the or operator in the Boolean query. The result contains any of the token values that are provided in the query.
Example
Show the assets having an operating system as Windows or Netscaler
asset:(operatingSystem:Windows or operatingSystem:Netscaler)
We do not support nested queries for combination of NOT and OR operators.
For example, not certificate:(expiryGroup:In 90 Days ) or asset:(operatingSystem:'Windows') is not a supported query.