Looking for a list of the search fields? Click here

Looking for sample search queries? Click here

How to Search: TotalCloud

Search by Field | String matching | Full Text Search | Boolean Operators | Multiple values (In, Not In) | Is Null Queries | Range searches | Date searches | Nested Queries

Search by Field

Enter the field name, then a colon, then your query. Nested fields are dot separated.

Examples:

provider:aws
tag.key:department
subnet.availabilityZone:ap-southeast-2c
instance.state:terminated

There are many fields you can search within each resource type. Start by clicking on the resource type in List View. Then enter "and" followed by the field name and value.

Examples:

resource.type:"Instance" and instance.type:t2.micro
resource.type:"Subnet" and subnet.availabilityZone:ap-southeast-2c
resource.type:"VPC" and vpc.instanceTenancy:default

String matching

Use single quotes or double quotes around your query to match a string. Your results will include any match that contains the string.

Examples:

iamuser.arn:"arn:aws:iam::383031258652:user"
resource.id:"subnet"

Full Text Search

Some fields containing strings of text (like names, descriptions) allow you to use full text search and advanced search capabilities. Full text search fields do not support exact matching.

Learn more >>

Examples:

Show controls with s3 in the name (case insensitive)

control.name:s3

Show policies with "amazon" and "benchmark" in the name (in any order, case insensitive)

policy.name:"amazon benchmark"

Boolean Operators

Use keywords AND, OR, NOT to narrow or broaden your search.

Examples:

region:Mumbai or region:Sydney
NOT account.id:383031258652
control.criticality:HIGH and service.type:IAM

When using multiple AND queries, you can use parenthesis to join the query. We have noticed that when using 4 or more AND queries, the QQL may fail to retrieve the exact filtered data. To prevent this, we recommend joining the third and fourth queries in parenthesis to ensure accurate results.

Examples:

policy.name:"AWS Best Practices Policy" and control.result:FAIL and (service.type:"S3" and isRemediable:true)

Multiple values (In, Not In)

Use to match values "In" or "Not In" fields. You'll need to remove the colon and then write "in" or "not in", followed by a comma-separated list of values within square brackets. Do not use quotes around your values. Available for all fields except analyzed fields (i.e. full text search fields).

Show all resources in one of the regions listed

region in [Sydney, Mumbai]

Show subnets NOT in any of the availability zones listed

resource.type:Subnet and subnet.availabilityZone not in [eu-west-2c, eu-west-1a, eu-west-3c]

Is Null Queries

Want to match an empty/null value for a field? You'll need to remove the colon and then write "is null". For example, find resources where the name is null.

Examples:

name is null
tag.value is null

Range searches

Ranges can be specified with the [lower .. upper] syntax using () and/or [] as follows. This is supported for numeric and date fields.

Examples:

Greater than or equal to 123 and less than or equal to 1234 - uses square brackets

elb.listener.loadBalancerPort:[123 .. 1234]

Greater than but not equal to 123 and less than but not equal to 1234 - uses parenthesis

elb.listener.loadBalancerPort:(123 .. 1234)

Greater than or equal to 123 and less than but not equal to 1234

elb.listener.loadBalancerPort:[123 .. 1234)

Greater than but not equal to 123 and less than or equal to 1234

elb.listener.loadBalancerPort:(123 .. 1234]

Greater than 123

elb.listener.loadBalancerPort > 123

Greater than or equal to 123

elb.listener.loadBalancerPort >= 123

Less than 1234

elb.listener.loadBalancerPort < 1234

Less than or equal to 1234

elb.listener.loadBalancerPort <= 1234

Between January 1st and April 1st 2018

updated: [2018-01-01 .. 2018-04-01]

Date searches

Use a date range [start date .. end date] or a specific date. Several date variables are also available.

Learn more >>

Examples:

updated:2018-03-27
updated < 2018-03-27
updated:[2018-01-27 .. 2018-03-27]
updated:[now-3d .. now-1s]

Nested Queries

Use a single nested query, using parentheses, to include multiple fields in your query per examples below.

Learn more >>

Examples:

Find instances that are type t2.micro and stopped.

resource.type:Instance and instance: (type:t2.micro and state:stopped)

Find controls that have High criticality and the control result is Fail.

control: (criticality:HIGH and result:FAIL)

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.