Old and New Search Token Mappings
The token standardization for the Qualys Query Language (QQL) search tokens follows a standard naming convention.
The new token format follows the syntax: provider.entity.attribute
For example, in the new token, aws.account.status, AWS is the provider, account is the entity, and status is the attribute.
The resource, assets, vulnerability, insights, and investigate tokens along with the tokens common to all Qualys applications are now updated.
- Only new tokens are displayed in the auto-suggestion in the search bars within the UI. However, if you type the old token name manually, the QQL query still works. Old token name visibility from the UI is removed.
- The existing Dashboard widgets and Saved Search Queries will continue to support the old tokens. You can edit search queries and widgets to update the new tokens.
AWS Resource TokensAWS Resource Tokens
| Resource | Old Token | New Token |
|---|---|---|
| common | resource.type | cloud.resource.type |
| common | resource.id | cloud.resource.id |
| common | region | cloud.region |
| common | created | aws.resource.createdDate |
| common | updated | aws.resource.updatedDate |
| common | name | cloud.resource.name |
| common | account.id | cloud.accountId |
| common | tag.key | aws.tag.key |
| common | tag.value | aws.tag.value |
| common | account.alias | aws.account.alias |
| common | tags.name | connector.tag.name |
| common | aws.account.tags.key | aws.account.tag.key |
| common | aws.account.tags.value | aws.account.tag.value |
| common | aws.account.status | aws.account.status |
| load_balancer | elb.createdTime | aws.elb.createdTime |
| load_balancer | elb.vpcId | aws.elb.vpcId |
| load_balancer | elb.listener.instancePort | aws.elb.listener.instancePort |
| load_balancer | elb.securityGroupId | aws.elb.securityGroupId |
| load_balancer | elb.scheme | aws.elb.scheme |
| load_balancer | elb.state | aws.elb.state |
| load_balancer | elb.subnet | aws.elb.subnet |
| load_balancer | elb.listener.protocol | aws.elb.listener.protocol |
| load_balancer | elb.availabilityZone | aws.elb.availabilityZone |
| load_balancer | elb.type | aws.elb.type |
| load_balancer | elb.instanceId | aws.elb.instanceId |
| load_balancer | elb.listener.instanceProtocol | aws.elb.listener.instanceProtocol |
| load_balancer | elb.ipAddressType | aws.elb.ipAddressType |
| load_balancer | elb.dnsName | aws.elb.dnsName |
| load_balancer | elb.listener.loadBalancerPort | aws.elb.listener.loadBalancerPort |
| load_balancer | subnet.autoAssignPublicIp | aws.subnet.autoAssignPublicIp |
| load_balancer | subnet.autoAssignIpv6Address | aws.subnet.autoAssignIpv6Address |
| load_balancer | subnet.availableIpCount | aws.subnet.availableIpCount |
| load_balancer | subnet.availabilityZone | aws.subnet.availabilityZone |
| load_balancer | subnet.vpcId | aws.subnet.vpcId |
| load_balancer | subnet.defaultSubnet | aws.subnet.defaultSubnet |
| load_balancer | subnet.cidrBlock | aws.subnet.cidrBlock |
| load_balancer | subnet.ipv6CidrBlock | aws.subnet.ipv6CidrBlock |
| lambda | lambda.tracingConfig | aws.lambda.tracingConfig |
| lambda | lambda.timeout | aws.lambda.timeout |
| lambda | lambda.role | aws.lambda.role |
| lambda | lambda.runtime | aws.lambda.runtime |
| lambda | lambda.memorySize | aws.lambda.memorySize |
| lambda | lambda.trigger.arn | aws.lambda.trigger.arn |
| lambda | lambda.trigger.type | aws.lambda.trigger.type |
| lambda | lambda.layer.name | aws.lambda.layer.name |
| lambda | lambda.vpcId | aws.lambda.vpcId |
| lambda | lambda.hasThreats | aws.lambda.hasThreats |
| auto_scaling_group | autoscaling.availabilityZone | aws.autoScaling.availabilityZone |
| auto_scaling_group | autoscaling.createdTime | aws.autoScaling.createdTime |
| auto_scaling_group | autoscaling.healthCheckType | aws.autoScaling.healthCheckType |
| auto_scaling_group | autoscaling.launchConfigurationName | aws.autoScaling.launchConfigurationName |
| auto_scaling_group | autoscaling.instanceId | aws.autoScaling.instanceId |
| auto_scaling_group | autoscaling.loadBalancerName | aws.autoScaling.loadBalancerName |
| iam_role | role.lastActivity.lastUsedDate | aws.iam.role.lastActivity.lastUsedDate |
| iam_role | path | aws.iam.role.path |
| iam_role | firstDiscoveredOn | aws.iam.role.firstDiscoveredOn |
| iam_role | arn | aws.iam.role.arn |
| route_53_domain | route53.domain.autorenew | aws.route53.domain.autorenew |
| network_interfaces | networkinterfaces.status | aws.networkinterfaces.status |
| network_interfaces | networkinterfaces.interfaceType | aws.networkinterfaces.interfaceType |
| network_interfaces | networkinterfaces.availabilityZone | aws.networkinterfaces.availabilityZone |
| network_interfaces | networkinterfaces.sourceDestCheck | aws.networkinterfaces.sourceDestCheck |
| network_interfaces | networkinterfaces.requesterManaged | aws.networkinterfaces.requesterManaged |
| network_interfaces | networkinterfaces.operator.managed | aws.networkinterfaces.operator.managed |
| network_interfaces | networkinterfaces.attachment.networkCardIndex | aws.networkinterfaces.attachment.networkCardIndex |
| network_interfaces | networkinterfaces.attachment.deleteOnTermination | aws.networkinterfaces.attachment.deleteOnTermination |
| network_interfaces | networkinterfaces.attachment.deviceIndex | aws.networkinterfaces.attachment.deviceIndex |
| network_interfaces | networkinterfaces.attachment.status | aws.networkinterfaces.attachment.status |
| network_interfaces | networkinterfaces.association.natEnabled | aws.networkinterfaces.association.natEnabled |
| bucket | s3.ownerName | aws.s3.ownerName |
| bucket | s3.ownerId | aws.s3.ownerId |
| bucket | s3.isPubliclyAccessible | aws.s3.isPubliclyAccessible |
| bucket | s3.creationDate | aws.s3.creationDate |
| bucket | s3.hasThreats | aws.s3.hasThreats |
| sns_topic | arn | aws.sns.topic.arn |
| sns_topic | sns.topic.isFifo | aws.sns.topic.isFifo |
| sagemaker_notebook | sagemaker.notebook.name | aws.sagemaker.notebook.name |
| sagemaker_notebook | sagemaker.notebook.arn | aws.sagemaker.notebook.arn |
| sagemaker_notebook | sagemaker.notebook.status | aws.sagemaker.notebook.status |
| vpc_endpoint_service | vpcendpointservice.type | aws.vpcendpointservice.type |
| vpc_endpoint_service | vpcendpointservice.supportedIpAddressType | aws.vpcendpointservice.supportedIpAddressType |
| vpc_endpoint_service | vpcendpointservice.acceptancerequired | aws.vpcendpointservice.acceptancerequired |
| vpc_endpoint_service | vpcendpointservice.owner | aws.vpcendpointservice.owner |
| api_gateway | apigateway.deploymentId | aws.apigateway.deploymentId |
| api_gateway | apigateway.ipv6 | aws.apigateway.ipv6 |
| sqs_queue | sqs.queue.isFifo | aws.sqs.queue.isFifo |
| vpc_security_group | vpc.defaultVpc | aws.vpc.defaultVpc |
| vpc_security_group | securitygroup.outboundRule.toPort | aws.securitygroup.outboundRule.toPort |
| vpc_security_group | securitygroup.vpcId | aws.securitygroup.vpcId |
| vpc_security_group | securitygroup.inboundRule.ipv4Range | aws.securitygroup.inboundRule.ipv4Range |
| vpc_security_group | securitygroup.outboundRule.ipv4Range | aws.securitygroup.outboundRule.ipv4Range |
| vpc_security_group | securitygroup.description | aws.securitygroup.description |
| vpc_security_group | securitygroup.inboundRule.toPort | aws.securitygroup.inboundRule.toPort |
| vpc_security_group | vpc.ipv6CidrBlock | aws.vpc.ipv6CidrBlock |
| vpc_security_group | securitygroup.inboundRule.ipv6Range | aws.securitygroup.inboundRule.ipv6Range |
| vpc_security_group | securitygroup.inboundRule.ipProtocol | aws.securitygroup.inboundRule.ipProtocol |
| vpc_security_group | securitygroup.outboundRule.fromPort | aws.securitygroup.outboundRule.fromPort |
| vpc_security_group | securitygroup.inboundRule.fromPort | aws.securitygroup.inboundRule.fromPort |
| vpc_security_group | securitygroup.outboundRule.ipProtocol | aws.securitygroup.outboundRule.ipProtocol |
| vpc_security_group | vpc.cidrBlock | aws.vpc.cidrBlock |
| vpc_security_group | vpc.instanceTenancy | aws.vpc.instanceTenancy |
| vpc_security_group | securitygroup.outboundRule.ipv6Range | aws.securitygroup.outboundRule.ipv6Range |
| cloudfront_distribution | cloudfront.distributions.id | aws.cloudfront.distribution.id |
| cloudfront_distribution | cloudfront.distributions.domainname | aws.cloudfront.distribution.domainname |
| cloudfront_distribution | cloudfront.distributions.enabled | aws.cloudfront.distribution.enabled |
| cloudfront_distribution | cloudfront.distributions.priceclass | aws.cloudfront.distribution.priceclass |
| cloudfront_distribution | cloudfront.distributions.staging | aws.cloudfront.distribution.staging |
| cloudfront_distribution | cloudfront.distributions.arn | aws.cloudfront.distribution.arn |
| cloudfront_distribution | cloudfront.distributions.loggingEnabled | aws.cloudfront.distribution.loggingEnabled |
| redshift_cluster | redshift.clusteridentifier | aws.redshift.clusteridentifier |
| redshift_cluster | redshift.clusterstatus | aws.redshift.clusterstatus |
| redshift_cluster | redshift.clusternamespacearn | aws.redshift.clusternamespacearn |
| redshift_cluster | redshift.kmskeyid | aws.redshift.kmskeyid |
| ebs | ebsvolume.volumeId | aws.ebs.volumeId |
| ebs | ebsvolume.state | aws.ebs.state |
| ebs | ebsvolume.instance | aws.ebs.instance |
| ebs | ebsvolume.encrypted | aws.ebs.encrypted |
| iam_user | iamuser.userId | aws.iam.userId |
| iam_user | iamuser.arn | aws.iam.arn |
| iam_user | iamuser.username | aws.iam.username |
| iam_user | iamuser.path | aws.iam.path |
| iam_user | iamuser.passwordLastUsed | aws.iam.passwordLastUsed |
| iam_user | iamuser.userCreationTime | aws.iam.userCreationTime |
| iam_user | iamuser.passwordEnabled | aws.iam.passwordEnabled |
| iam_user | iamuser.passwordLastChanged | aws.iam.passwordLastChanged |
| iam_user | iamuser.hasThreats | aws.iam.hasThreats |
| iam_user | iamuser.passwordNextRotation | aws.iam.passwordNextRotation |
| iam_user | iamuser.mfaActive | aws.iam.mfaActive |
| iam_user | iamuser.accessKey1Active | aws.iam.accessKey1Active |
| iam_user | iamuser.accessKey1LastRotated | aws.iam.accessKey1LastRotated |
| iam_user | iamuser.accessKey1LastUsed | aws.iam.accessKey1LastUsed |
| iam_user | iamuser.accessKey2Active | aws.iam.accessKey2Active |
| iam_user | iamuser.accessKey2lastRotated | aws.iam.accessKey2lastRotated |
| iam_user | iamuser.accessKey2LastUsed | aws.iam.accessKey2LastUsed |
| iam_user | iamuser.group.name | aws.iam.group.name |
| iam_user | iamuser.policy.arn | aws.iam.policy.arn |
| iam_user | iamuser.boundaryPolicy | aws.iam.boundaryPolicy |
| iam_user | iamuser.accesskey.id | aws.iam.accesskey.id |
| eks_cluster | ekscluster.status | aws.eks.status |
| eks_cluster | ekscluster.version | aws.eks.version |
| eks_cluster | ekscluster.platformVersion | aws.eks.platformVersion |
| eks_cluster | ekscluster.endpointPublicAccess | aws.eks.endpointPublicAccess |
| eks_cluster | ekscluster.endpointPrivateAccess | aws.eks.endpointPrivateAccess |
| eks_cluster | ekscluster.endpoint | aws.eks.endpoint |
| eks_cluster | ekscluster.role.name | aws.eks.role.name |
| eks_cluster | ekscluster.eksnodegroup.name | aws.eks.nodegroup.name |
| eks_cluster | ekscluster.fargateprofile.name | aws.eks.fargateprofile.name |
| eks_cluster | ekscluster.vpcId | aws.eks.vpcId |
| eks_cluster | ekscluster.subnetId | aws.eks.subnetId |
| eks_cluster | cloudProvider.aws.eks.arn | aws.eks.arn |
| eks_cluster | cloudProvider.aws.eks.accountId | aws.eks.accountId |
| eks_cluster | cloudProvider.aws.eks.region | aws.eks.region |
| iam_group | group.managedPolicy.arn | aws.iam.group.managedPolicy.arn |
| iam_group | group.inlinePolicy.policyName | aws.iam.group.inlinePolicy.policyName |
| iam_group | firstDiscoveredOn | aws.iam.firstDiscoveredOn |
| iam_group | arn | aws.iam.arn |
| cloud_front | cloudfront.id | aws.cloudfront.id |
| cloud_front | cloudfront.domainname | aws.cloudfront.domainname |
| cloud_front | cloudfront.enabled | aws.cloudfront.enabled |
| cloud_front | cloudfront.priceclass | aws.cloudfront.priceclass |
| cloud_front | cloudfront.staging | aws.cloudfront.staging |
| cloud_front | cloudfront.arn | aws.cloudfront.arn |
| cloud_front | cloudfront.loggingEnabled | aws.cloudfront.loggingEnabled |
| rds | rds.engine | aws.rds.engine |
| rds | rds.status | aws.rds.status |
| rds | rds.dbInstanceIdentifier | aws.rds.dbInstanceIdentifier |
| rds | rds.publiclyAccessible | aws.rds.publiclyAccessible |
| rds | rds.securityGroup.id | aws.rds.securityGroup.id |
| rds | rds.endpoint.port | aws.rds.endpoint.port |
| rds | rds.subnetGroup.dbSubnetVpcId | aws.rds.subnetGroup.dbSubnetVpcId |
| rds | rds.instanceClass | aws.rds.instanceClass |
| subnet | vpc.defaultVpc | aws.vpc.defaultVpc |
| subnet | subnet.autoAssignPublicIp | aws.subnet.autoAssignPublicIp |
| subnet | subnet.autoAssignIpv6Address | aws.subnet.autoAssignIpv6Address |
| subnet | subnet.availableIpCount | aws.subnet.availableIpCount |
| subnet | vpc.ipv6CidrBlock | aws.vpc.ipv6CidrBlock |
| subnet | subnet.availabilityZone | aws.subnet.availabilityZone |
| subnet | elb.availabilityZone | aws.elb.availabilityZone |
| subnet | subnet.vpcId | aws.subnet.vpcId |
| subnet | subnet.defaultSubnet | aws.subnet.defaultSubnet |
| subnet | subnet.cidrBlock | aws.subnet.cidrBlock |
| subnet | vpc.cidrBlock | aws.vpc.cidrBlock |
| subnet | vpc.instanceTenancy | aws.vpc.instanceTenancy |
| subnet | subnet.ipv6CidrBlock | aws.subnet.ipv6CidrBlock |
| state_machine | statemachine.name | aws.statemachine.name |
| state_machine | statemachine.statemachinearn | aws.statemachine.statemachinearn |
| state_machine | statemachine.type | aws.statemachine.type |
| state_machine | statemachine.status | aws.statemachine.status |
| state_machine | statemachine.loggingLevel | aws.statemachine.loggingLevel |
| state_machine | statemachine.tracingEnabled | aws.statemachine.tracingEnabled |
| iam_policy | firstDiscoveredOn | aws.iam.firstDiscoveredOn |
| iam_policy | policy.type | aws.iam.policy.type |
| iam_policy | policy.subType | aws.iam.policy.subType |
| iam_policy | arn | aws.iam.arn |
| custom_domain | customdomainnames.status | aws.customdomain.status |
| custom_domain | customdomainnames.tlsVersion | aws.customdomain.tlsVersion |
| custom_domain | customdomainnames.apiEndpointType | aws.customdomain.apiEndpointType |
| network_acl | vpc.defaultVpc | aws.vpc.defaultVpc |
| network_acl | networkacl.defaultAcl | aws.networkacl.defaultAcl |
| network_acl | networkacl.ruleNumber | aws.networkacl.ruleNumber |
| network_acl | networkacl.association.id | aws.networkacl.association.id |
| network_acl | networkacl.cidrBlock | aws.networkacl.cidrBlock |
| network_acl | networkacl.portRange.to | aws.networkacl.portRange.to |
| network_acl | vpc.ipv6CidrBlock | aws.vpc.ipv6CidrBlock |
| network_acl | networkacl.ipv6CidrBlock | aws.networkacl.ipv6CidrBlock |
| network_acl | networkacl.association.subnetId | aws.networkacl.association.subnetId |
| network_acl | networkacl.vpcId | aws.networkacl.vpcId |
| network_acl | networkacl.protocol | aws.networkacl.protocol |
| network_acl | networkacl.portRange.from | aws.networkacl.portRange.from |
| network_acl | vpc.cidrBlock | aws.vpc.cidrBlock |
| network_acl | vpc.instanceTenancy | aws.vpc.instanceTenancy |
| network_acl | networkacl.ruleAction | aws.networkacl.ruleAction |
| network_acl | networkacl.egress | aws.networkacl.egress |
| network_acl | networkacl.association.networkAclId | aws.networkacl.association.networkAclId |
| vpc_endpoint | vpcendpoint.vpc | aws.vpcendpoint.vpc |
| vpc_endpoint | vpcendpoint.type | aws.vpcendpoint.type |
| vpc_endpoint | vpcendpoint.state | aws.vpcendpoint.state |
| vpc_endpoint | vpcendpoint.privatednsenabled | aws.vpcendpoint.privatednsenabled |
| vpc_endpoint | vpcendpoint.requestermanaged | aws.vpcendpoint.requestermanaged |
| vpc_endpoint | vpcendpoint.ipaddresstype | aws.vpcendpoint.ipaddresstype |
| eks_nodegroup | eksnodegroup.version | aws.eks.nodegroup.version |
| eks_nodegroup | eksnodegroup.status | aws.eks.nodegroup.status |
| eks_nodegroup | eksnodegroup.desiredSize | aws.eks.nodegroup.desiredSize |
| eks_nodegroup | eksnodegroup.amiType | aws.eks.nodegroup.amiType |
| eks_nodegroup | eksnodegroup.instanceType | aws.eks.nodegroup.instanceType |
| eks_nodegroup | eksnodegroup.diskSize | aws.eks.nodegroup.diskSize |
| eks_nodegroup | eksnodegroup.minSize | aws.eks.nodegroup.minSize |
| eks_nodegroup | eksnodegroup.maxSize | aws.eks.nodegroup.maxSize |
| eks_nodegroup | eksnodegroup.labels.key | aws.eks.nodegroup.labels.key |
| eks_nodegroup | eksnodegroup.labels.value | aws.eks.nodegroup.labels.value |
| eks_nodegroup | eksnodegroup.role.name | aws.eks.nodegroup.role.name |
| eks_nodegroup | eksnodegroup.subnetId | aws.eks.nodegroup.subnetId |
| eks_nodegroup | eksnodegroup.autoScalingGroup.name | aws.eks.nodegroup.autoScalingGroup.name |
| eks_nodegroup | eksnodegroup.ekscluster.name | aws.eks.nodegroup.ekscluster.name |
| eks_nodegroup | eksnodegroup.securityGroup | aws.eks.nodegroup.securityGroup |
| secrets | secrets.name | aws.secrets.name |
| secrets | secrets.arn | aws.secrets.arn |
| secrets | secrets.rotationEnabled | aws.secrets.rotationEnabled |
| secrets | secrets.kmsKeyId | aws.secrets.kmsKeyId |
| internet_gateway | internetgateway.vpcId | aws.internetgateway.vpcId |
| internet_gateway | internetgateway.state | aws.internetgateway.state |
| ecr_repository | ecr.registryId | aws.ecr.registryId |
| ecr_repository | ecr.arn | aws.ecr.arn |
| ecr_repository | ecr.encryptionConfigurations.encryptionType | aws.ecr.encryptionConfigurations.encryptionType |
| ecr_repository | ecr.imageTagMutability | aws.ecr.imageTagMutability |
| ecr_repository | ecr.imageScanningConfiguration.scanOnPush | aws.ecr.imageScanningConfiguration.scanOnPush |
| ecr_repository | ecr.imageDigest | aws.ecr.imageDigest |
| ecr_repository | ecr.repositoryUri | aws.ecr.repositoryUri |
| ecs_cluster | ecs.cluster.arn | aws.ecs.cluster.arn |
| ecs_cluster | ecs.cluster.name | aws.ecs.cluster.name |
| ecs_cluster | ecs.cluster.status | aws.ecs.cluster.status |
| ecs_cluster | ecs.cluster.namespace | aws.ecs.cluster.namespace |
| efs_file_system | arn | aws.efs.arn |
| efs_file_system | efs.state | aws.efs.state |
| route_53_hosted_zone | route53.hostedzone.arn | aws.route53.hostedzone.arn |
| route_53_hosted_zone | route53.hostedzone.isPrivateZone | aws.route53.hostedzone.isPrivateZone |
| route_53_hosted_zone | route53.hostedzone.recordname | aws.route53.hostedzone.recordname |
| route_table | vpc.defaultVpc | aws.vpc.defaultVpc |
| route_table | routetable.route.state | aws.routetable.route.state |
| route_table | routetable.vpcId | aws.routetable.vpcId |
| route_table | routetable.route.networkInterfaceId | aws.routetable.route.networkInterfaceId |
| route_table | vpc.ipv6CidrBlock | aws.vpc.ipv6CidrBlock |
| route_table | routetable.route.destinationPrefix | aws.routetable.route.destinationPrefix |
| route_table | routetable.route.instanceId | aws.routetable.route.instanceId |
| route_table | routetable.association.routeTableId | aws.routetable.association.routeTableId |
| route_table | routetable.route.destinationCidrBlock | aws.routetable.route.destinationCidrBlock |
| route_table | routetable.route.vpcPeeringId | aws.routetable.route.vpcPeeringId |
| route_table | vpc.cidrBlock | aws.vpc.cidrBlock |
| route_table | vpc.instanceTenancy | aws.vpc.instanceTenancy |
| route_table | routetable.route.gatewayId | aws.routetable.route.gatewayId |
| route_table | routetable.route.egressInternetGatewayId | aws.routetable.route.egressInternetGatewayId |
| route_table | routetable.subnetId | aws.routetable.subnetId |
| route_table | routetable.association.id | aws.routetable.association.id |
| route_table | routetable.route.destinationIpv6CidrBlock | aws.routetable.route.destinationIpv6CidrBlock |
| route_table | routetable.main | aws.routetable.main |
| route_table | routetable.route.instanceOwnerId | aws.routetable.route.instanceOwnerId |
| route_table | routetable.route.natGatewayId | aws.routetable.route.natGatewayId |
| vpc | vpc.cidrBlock | aws.vpc.cidrBlock |
| vpc | vpc.defaultVpc | aws.vpc.defaultVpc |
| vpc | vpc.instanceTenancy | aws.vpc.instanceTenancy |
| vpc | vpc.ipv6CidrBlock | aws.vpc.ipv6CidrBlock |
| eks_fargate_profile | eksfargateprofile.status | aws.eks.fargateprofile.status |
| eks_fargate_profile | eksfargateprofile.selectors.namespace.name | aws.eks.fargateprofile.selectors.namespace.name |
| eks_fargate_profile | eksfargateprofile.selectors.namespace.labels.key | aws.eks.fargateprofile.selectors.namespace.labels.key |
| eks_fargate_profile | eksfargateprofile.selectors.namespace.labels.value | aws.eks.fargateprofile.selectors.namespace.labels.value |
| eks_fargate_profile | eksfargateprofile.role.name | aws.eks.fargateprofile.role.name |
| eks_fargate_profile | eksfargateprofile.ekscluster.name | aws.eks.fargateprofile.ekscluster.name |
| eks_fargate_profile | eksfargateprofile.subnetId | aws.eks.fargateprofile.subnetId |
| ec2_images | ami.state | aws.ami.state |
| ec2_images | ami.hypervisor | aws.ami.hypervisor |
| ec2_images | ami.imagetype | aws.ami.imagetype |
| ec2_images | ami.architecture | aws.ami.architecture |
| ec2_images | ami.bootmode | aws.ami.bootmode |
| ec2_images | ami.platform | aws.ami.platform |
| Bedrock Foundation Model | foundationModel.arn | aws.foundationModel.arn |
| Bedrock Foundation Model | foundationModel.customizationsSupported | aws.foundationModel.supportedCustomizations |
| Bedrock Foundation Model | foundationModel.inputModalities | aws.foundationModel.inputModalities |
| Bedrock Foundation Model | foundationModel.outputModalities | aws.foundationModel.outputModalities |
| Bedrock Foundation Model | foundationModel.inferenceTypesSupported | aws.foundationModel.supportedInferenceTypes |
| Bedrock Custom Model | customModel.arn | aws.customModel.arn |
| Bedrock Custom Model | customModel.customizationsSupported | aws.customModel.supportedCustomizations |
| Bedrock Knowledge Bases | KnowledgeBases.arn | aws.knowledgeBases.arn |
| Bedrock Knowledge Bases | KnowledgeBases.knowledgeBaseConfigurationType | aws.knowledgeBases.configurationType |
| Sagemaker Model | sagemakerModel.arn | aws.sagemakerModel.arn |
AWS Asset TokensAWS Asset Tokens
| RESOURCE | Old Token | New Token |
|---|---|---|
| AWS Instance | instance.networkInterface.privateIpAddress | aws.ec2.networkInterface.privateIpAddress |
| AWS Instance | instance.publicDnsName | aws.ec2.publicDns |
| AWS Instance | instance.spotInstanceRequestId | aws.ec2.spotInstanceRequestId |
| AWS Instance | instance.publicIpAddress | aws.ec2.publicIpAddress |
| AWS Instance | instance.type | aws.ec2.instanceType |
| AWS Instance | instance.hasSecrets | aws.ec2.hasSecrets |
| AWS Instance | instance.networkInterface.subnetId | aws.ec2.networkInterface.subnetId |
| AWS Instance | instance.hasAgent | aws.ec2.hasAgent |
| AWS Instance | action.status | action.status |
| AWS Instance | instance.state | aws.ec2.instanceState |
| AWS Instance | instance.availabilityZone | aws.ec2.availabilityZone |
| AWS Instance | instance.secondaryPrivateIpAddress | aws.ec2.secondaryPrivateIpAddress |
| AWS Instance | instanceProfile.role.arn | instanceProfile.roleArn |
| AWS Instance | instance.securityGroup.id | aws.ec2.securityGroup.id |
| AWS Instance | threats.prediction | threat.prediction |
| AWS Instance | instance.privateDnsName | aws.ec2.privateDns |
| AWS Instance | instanceProfile.role.name | instanceProfile.roleName |
| AWS Instance | instance.privateIpAddress | aws.ec2.privateIpAddress |
| AWS Instance | instance.status | aws.ec2.status |
| AWS Instance | instance.hasThreats | aws.ec2.hasThreats |
| AWS Instance | instance.riskScore | aws.ec2.truRisk |
| AWS Instance | instance.vpcId | aws.ec2.vpcId |
| AWS Instance | scanType.isSnapshotScanEnabled | scanType.isSnapshotScanEnabled |
| AWS Instance | instance.networkInterface.publicIp | aws.ec2.networkInterface.publicIp |
| AWS Instance | connector.remediationEnabled | connector.isRemediationEnabled |
| AWS Instance | instance.isDockerHost | aws.ec2.isDockerHost |
| AWS Instance | instance.docker.version | aws.ec2.dockerVersion |
| AWS Instance | instance.profileName | aws.ec2.profileName |
| AWS Instance | instance.networkInterface.secondaryPrivateIp | aws.ec2.networkInterface.secondaryPrivateIp |
| AWS Instance | instance.subnetId | aws.ec2.subnetId |
| AWS Instance | instance.profileArn | aws.ec2.profileArn |
| AWS Instance | instance.networkInterface.groupName | aws.ec2.networkInterface.groupName |
| AWS Instance | instance.networkInterface.ipv6Ip | aws.ec2.networkInterface.ipv6Ip |
| AWS Instance | instance.networkInterface.groupId | aws.ec2.networkInterface.groupId |
| AWS Instance | instance.hasSensor | aws.ec2.hasSensor |
| AWS Instance | threats.eventNote | threat.eventNote |
| AWS Instance | instance.networkInterface.description | aws.ec2.networkInterface.description |
| AWS Instance | instance.networkInterface.privateDnsName | aws.ec2.networkInterface.privateDns |
| AWS Instance | instance.imageId | aws.ec2.imageId |
| AWS Instance | instance.networkInterface.addressId | aws.ec2.networkInterface.addressId |
| AWS Instance | instance.scanType | aws.ec2.scanType |
| AWS Instance | instance.firstScanDate | aws.ec2.firstScanDate |
| AWS Instance | instance.lastScanDate | aws.ec2.lastScanDate |
| AWS Security Group | securitygroup.outboundRule.toPort | aws.vpc.securityGroup.outboundRule.toPort |
| AWS Security Group | securitygroup.inboundRule.ipv4Range | aws.vpc.securityGroup.inboundRule.ipv4Range |
| AWS Security Group | securitygroup.outboundRule.ipv4Range | aws.vpc.securityGroup.outboundRule.ipv4Range |
| AWS Security Group | securitygroup.inboundRule.ipProtocol | aws.vpc.securityGroup.inboundRule.ipProtocol |
| AWS Security Group | securitygroup.outboundRule.fromPort | aws.vpc.securityGroup.outboundRule.fromPort |
| AWS Security Group | securitygroup.inboundRule.fromPort | aws.vpc.securityGroup.inboundRule.fromPort |
| AWS Security Group | securitygroup.outboundRule.ipv6Range | aws.vpc.securityGroup.outboundRule.ipv6Range |
| AWS Security Group | securitygroup.vpcId | aws.vpc.securityGroup.vpcId |
| AWS Security Group | securitygroup.description | aws.vpc.securityGroup.description |
| AWS Security Group | securitygroup.inboundRule.toPort | aws.vpc.securityGroup.inboundRule.toPort |
| AWS Security Group | securitygroup.inboundRule.ipv6Range | aws.vpc.securityGroup.inboundRule.ipv6Range |
| AWS Security Group | securitygroup.outboundRule.ipProtocol | aws.vpc.securityGroup.outboundRule.ipProtocol |
Azure Resource TokensAzure Resource Tokens
| Resource | Old Token | New Token |
|---|---|---|
| common | resource.type | cloud.resource.type |
| common | location | azure.location |
| common | created | azure.resource.createdDate |
| common | updated | azure.resource.updatedDate |
| common | name | cloud.resource.name |
| common | subscriptionId | cloud.accountId |
| common | resourceGroupName | azure.resourceGroup.name |
| common | resource.id | cloud.resource.id |
| common | tag.key | azure.tag.key |
| common | tag.value | azure.tag.value |
| common | subscriptionName | azure.subscriptionName |
| common | tags.name | connector.tag.name |
| load_balancer | type | azure.loadBalancer.type |
| load_balancer | loadbalancer.provisioningState | azure.loadBalancer.provisioningState |
| load_balancer | loadbalancer.sku.name | azure.loadBalancer.sku.name |
| load_balancer | loadbalancer.sku.tier | azure.loadBalancer.sku.tier |
| kubernetes_cluster | type | azure.kubernetesCluster.type |
| kubernetes_cluster | kubernetescluster.powerState.code | azure.kubernetesCluster.powerState.code |
| kubernetes_cluster | kubernetescluster.kubernetesVersion | azure.kubernetesCluster.kubernetesVersion |
| kubernetes_cluster | kubernetescluster.fqdn | azure.kubernetesCluster.fqdn |
| kubernetes_cluster | kubernetescluster.azurePortalFQDN | azure.kubernetesCluster.azurePortalFqdn |
| kubernetes_cluster | kubernetescluster.addonProfiles.azureKeyvaultSecretProvider.enabled | azure.kubernetesCluster.addonProfiles.azureKeyvaultSecretProvider.enabled |
| kubernetes_cluster | kubernetescluster.addonProfiles.azurepolicy.enabled | azure.kubernetesCluster.addonProfiles.azurePolicy.enabled |
| kubernetes_cluster | kubernetescluster.addonProfiles.httpApplicationRouting.enabled | azure.kubernetesCluster.addonProfiles.httpApplicationRouting.enabled |
| kubernetes_cluster | kubernetescluster.addonProfiles.omsAgent.enabled | azure.kubernetesCluster.addonProfiles.omsAgent.enabled |
| kubernetes_cluster | kubernetescluster.enableRBAC | azure.kubernetesCluster.enableRbac |
| kubernetes_cluster | kubernetescluster.networkProfile.networkPolicy | azure.kubernetesCluster.networkProfile.networkPolicy |
| kubernetes_cluster | kubernetescluster.storageProfile.diskCSIDriver.enabled | azure.kubernetesCluster.storageProfile.diskCsiDriver.enabled |
| kubernetes_cluster | kubernetescluster.storageProfile.fileCSIDriver.enabled | azure.kubernetesCluster.storageProfile.fileCsiDriver.enabled |
| kubernetes_cluster | kubernetescluster.snapshotController.enabled | azure.kubernetesCluster.snapshotController.enabled |
| kubernetes_cluster | kubernetescluster.disableLocalAccounts | azure.kubernetesCluster.disableLocalAccounts |
| kubernetes_cluster | kubernetescluster.oidcIssuerProfile.enabled | azure.kubernetesCluster.oidcIssuerProfile.enabled |
| network_interfaces | networkinterfaces.provisoningState | azure.networkInterfaces.provisoningState |
| network_interfaces | networkinterfaces.subnet.id | azure.networkInterfaces.subnet.id |
| network_interfaces | networkinterfaces.macAddress | azure.networkInterfaces.macAddress |
| network_interfaces | networkinterfaces.enableAcceleratedNetworking | azure.networkInterfaces.enableAcceleratedNetworking |
| network_interfaces | networkinterfaces.vnetEncryptionSupported | azure.networkInterfaces.vnetEncryptionSupported |
| network_interfaces | networkinterfaces.enableIPForwarding | azure.networkInterfaces.enableIpForwarding |
| network_interfaces | networkinterfaces.disableTcpStateTracking | azure.networkInterfaces.disableTcpStateTracking |
| network_interfaces | networkinterfaces.networkSecurityGroup.id | azure.networkInterfaces.networkSecurityGroup.id |
| nat_gateways | natGateways.provisioningState | azure.natGateways.provisioningState |
| nat_gateways | natGateways.idleTimeoutInMinutes | azure.natGateways.idleTimeoutInMinutes |
| web_app | webapp.enabled | azure.webApp.enabled |
| web_app | webapp.kind | azure.webApp.kind |
| web_app | webapp.deploymentId | azure.webApp.deploymentId |
| web_app | webapp.state | azure.webApp.state |
| web_app | webapp.availabilityState | azure.webApp.availabilityState |
| web_app | webapp.usageState | azure.webApp.usageState |
| web_app | webapp.isDefaultContainer | azure.webApp.isDefaultContainer |
| web_app | webapp.httpsonly | azure.webApp.httpsOnly |
| web_app | webapp.redundancyMode | azure.webApp.redundancyMode |
| web_app | webapp.appserviceplan | azure.webApp.appServicePlan |
| web_app | webapp.defaultHostName | azure.webApp.defaultHostname |
| web_app | webapp.hostnames.enabled | azure.webApp.hostnames.enabled |
| web_app | webapp.hostnames.sslState | azure.webApp.hostnames.sslState |
| web_app | webapp.clientAffinityEnabled | azure.webApp.clientAffinityEnabled |
| web_app | webapp.clientCertEnabled | azure.webApp.clientCertEnabled |
| application_gateways | type | azure.applicationGateways.type |
| application_gateways | applicationgateways.provisioningState | azure.applicationGateways.provisioningState |
| application_gateways | applicationgateways.sku.name | azure.applicationGateways.sku.name |
| application_gateways | applicationgateways.sku.tier | azure.applicationGateways.sku.tier |
| application_gateways | applicationgateways.sku.family | azure.applicationGateways.sku.family |
| application_gateways | applicationgateways.publicIPAddress | azure.applicationGateways.publicIpAddress |
| application_gateways | applicationgateways.sku.capacity | azure.applicationGateways.sku.capacity |
| application_gateways | applicationgateways.operationalState | azure.applicationGateways.operationalState |
| application_gateways | applicationgateways.enableHttp2 | azure.applicationGateways.enableHttp2 |
| function_app | functionapp.enabled | azure.functionApp.enabled |
| function_app | functionapp.kind | azure.functionApp.kind |
| function_app | functionapp.deploymentId | azure.functionApp.deploymentId |
| function_app | functionapp.state | azure.functionApp.state |
| function_app | functionapp.availabilityState | azure.functionApp.availabilityState |
| function_app | functionapp.usageState | azure.functionApp.usageState |
| function_app | functionapp.isDefaultContainer | azure.functionApp.isDefaultContainer |
| function_app | functionapp.httpsonly | azure.functionApp.httpsOnly |
| function_app | functionapp.redundancyMode | azure.functionApp.redundancyMode |
| function_app | functionapp.appserviceplan | azure.functionApp.appServicePlan |
| function_app | functionapp.defaultHostName | azure.functionApp.defaultHostName |
| function_app | functionapp.hostnames.enabled | azure.functionApp.hostnames.enabled |
| function_app | functionapp.hostnames.sslState | azure.functionApp.hostnames.sslState |
| function_app | functionapp.clientAffinityEnabled | azure.functionApp.clientAffinityEnabled |
| function_app | functionapp.clientCertEnabled | azure.functionApp.clientCertEnabled |
| function_app | functionapp.language | azure.functionApp.language |
| cosmos_db | cosmosdb.kind | azure.cosmosDb.kind |
| cosmos_db | cosmosdb.publicNetworkAccess | azure.cosmosDb.publicNetworkAccess |
| azure_mysql_flexible_server | mysqlFlexibleServer.publicNetworkAccess | azure.mysqlFlexibleServer.publicNetworkAccess |
| azure_mysql_flexible_server | mysqlFlexibleServer.backupRetentionDays | azure.mysqlFlexibleServer.backupRetentionDays |
| azure_mysql_flexible_server | mysqlFlexibleServer.autoGrow | azure.mysqlFlexibleServer.autoGrow |
| firewall | firewall.provisioningState | azure.firewall.provisioningState |
| firewall | firewall.threatIntelMode | azure.firewall.threatIntelMode |
| sql_server | sqlserver.type | azure.sqlServer.type |
| sql_server | sqlserver.fullyQualifiedDomainName | azure.sqlServer.fullyQualifiedDomainName |
| sql_server | sqlserver.version | azure.sqlServer.version |
| sql_server | sqlserver.state | azure.sqlServer.state |
| sql_server_database | sqldatabase.edition | azure.sqlDatabase.edition |
| sql_server_database | sqldatabase.status | azure.sqlDatabase.status |
| disk | disk.osType | azure.disk.osType |
| disk | disk.state | azure.disk.state |
| disk | disk.architecture | azure.disk.architecture |
| disk | disk.publicNetworkAccess | azure.disk.publicNetworkAccess |
| disk | disk.networkAccessPolicy | azure.disk.networkAccessPolicy |
| disk | disk.zones | azure.disk.zones |
| disk | disk.sku.tier | azure.disk.sku.tier |
| public_ip_addresses | type | azure.publicIpAddresses.type |
| public_ip_addresses | publicipaddresses.sku.name | azure.publicIpAddresses.sku.name |
| public_ip_addresses | publicipaddresses.sku.tier | azure.publicIpAddresses.sku.tier |
| public_ip_addresses | publicipaddresses.provisioningState | azure.publicIpAddresses.provisioningState |
| public_ip_addresses | publicipaddresses.publicIPAddressVersion | azure.publicIpAddresses.publicIpAddressVersion |
| public_ip_addresses | publicipaddresses.publicIPAllocationMethod | azure.publicIpAddresses.publicIpAllocationMethod |
| public_ip_addresses | publicipaddresses.idleTimeoutInMinutes | azure.publicIpAddresses.idleTimeoutInMinutes |
| public_ip_addresses | publicipaddresses.ddosSettings.protectionMode | azure.publicIpAddresses.ddosSettings.protectionMode |
| psql_flexible_server | postgreflexibleserver.backupRetentionDays | azure.postgreFlexibleServer.backupRetentionDays |
| psql_flexible_server | postgreflexibleserver.geoRedundantBackup | azure.postgreFlexibleServer.geoRedundantBackup |
| psql_flexible_server | postgreflexibleserver.publicNetworkAccess | azure.postgreFlexibleServer.publicNetworkAccess |
| psql_flexible_server | postgreflexibleserver.skuTier | azure.postgreFlexibleServer.skuTier |
| mariadb_server | mariadbServer.version | azure.mariadbServer.version |
| mariadb_server | mariadbServer.minimalTLSVersion | azure.mariadbServer.minimalTlsVersion |
| mariadb_server | mariadbServer.publicNetworkAccess | azure.mariadbServer.publicNetworkAccess |
| mariadb_server | mariadbServer.sku.tier | azure.mariadbServer.sku.tier |
| cognitive_service | aiservice.kind | azure.aiService.kind |
| psql_single_server | tags | azure.postgreSingleServer.tags |
| psql_single_server | id | azure.postgreSingleServer.id |
| psql_single_server | postgresingleserver.backupRetentionDays | azure.postgreSingleServer.backupRetentionDays |
| psql_single_server | postgresingleserver.geoRedundantBackup | azure.postgreSingleServer.geoRedundantBackup |
| psql_single_server | postgresingleserver.sslEnforcement | azure.postgreSingleServer.sslEnforcement |
| psql_single_server | postgresingleserver.storageAutogrow | azure.postgreSingleServer.storageAutogrow |
| psql_single_server | postgresingleserver.byokEnforcement | azure.postgreSingleServer.byokEnforcement |
| psql_single_server | postgresingleserver.publicNetworkAccess | azure.postgreSingleServer.publicNetworkAccess |
| psql_single_server | postgresingleserver.skuTier | azure.postgreSingleServer.skuTier |
| psql_single_server | postgresingleserver.minimalTlsVersion | azure.postgreSingleServer.minimalTlsVersion |
| psql_server | tags | azure.postgreSqlServer.tags |
| psql_server | postgresqlserver.backupRetentionDays | azure.postgreSqlServer.backupRetentionDays |
| psql_server | postgresqlserver.geoRedundantBackup | azure.postgreSqlServer.geoRedundantBackup |
| psql_server | postgresqlserver.sslEnforcement | azure.postgreSqlServer.sslEnforcement |
| psql_server | postgresqlserver.storageAutogrow | azure.postgreSqlServer.storageAutogrow |
| psql_server | postgresqlserver.byokEnforcement | azure.postgreSqlServer.byokEnforcement |
| psql_server | postgresqlserver.publicNetworkAccess | azure.postgreSqlServer.publicNetworkAccess |
| psql_server | postgresqlserver.skuTier | azure.postgreSqlServer.skuTier |
| psql_server | postgresqlserver.minimalTlsVersion | azure.postgreSqlServer.minimalTlsVersion |
| psql_server | postgresqlserver.serverType | azure.postgreSqlServer.serverType |
| storage_account | storageAccount.skuTier | azure.storageAccount.skuTier |
| storage_account | storageAccount.minimumTlsVersion | azure.storageAccount.minimumTlsVersion |
| storage_account | storageAccount.supportsHttpsTrafficOnly | azure.storageAccount.supportsHttpsTrafficOnly |
Azure Asset TokensAzure Asset Tokens
| RESOURCE | Old Token | New Token |
|---|---|---|
| Azure Virtual Machine | virtualmachine.vmId | azure.vm.vmId |
| Azure Virtual Machine | virtualmachine.vmSize | azure.vm.size |
| Azure Virtual Machine | virtualmachine.osType | azure.vm.osType |
| Azure Virtual Machine | virtualmachine.publicIpAddress | azure.vm.publicIpAddress |
| Azure Virtual Machine | virtualmachine.networkSecurityGroup | azure.vm.networkSecurityGroup |
| Azure Virtual Machine | virtualmachine.agentInstalled | azure.vm.agentInstalled |
| Azure Virtual Machine | virtualmachine.status | azure.vm.status |
| Azure Virtual Machine | virtualmachine.networkInterface.subnetId | azure.vm.networkInterface.subnetId |
| Azure Virtual Machine | virtualmachine.networkInterface.privateDnsName | azure.vm.networkInterface.privateDns |
| Azure Virtual Machine | virtualmachine.networkInterface.privateIpAddress | azure.vm.networkInterface.privateIpAddress |
| Azure Virtual Machine | virtualmachine.networkInterface.secondaryPrivateIp | azure.vm.networkInterface.secondaryPrivateIp |
| Azure Virtual Machine | virtualmachine.networkInterface.publicIp | azure.vm.networkInterface.publicIp |
| Azure Virtual Machine | virtualmachine.networkInterface.ipv6Ip | azure.vm.networkInterface.ipv6Ip |
| Azure Virtual Machine | virtualmachine.isDockerHost | azure.vm.isDockerHost |
| Azure Virtual Machine | virtualmachine.docker.version | azure.vm.dockerVersion |
| Azure Virtual Machine | virtualmachine.hasThreats | azure.vm.hasThreats |
| Azure Virtual Machine | virtualmachine.riskScore | azure.vm.truRisk |
| Azure Virtual Machine | virtualmachine.scanType | azure.vm.scanType |
| Azure Virtual Machine | virtualmachine.firstScanDate | azure.vm.firstScanDate |
| Azure Virtual Machine | virtualmachine.lastScanDate | azure.vm.lastScanDate |
GCP Resource TokensGCP Resource Tokens
| Resource | Old Token | New Token |
|---|---|---|
| common | resource.type | cloud.resource.type |
| common | region | cloud.region |
| common | created | gcp.resource.createdDate |
| common | updated | gcp.resource.updatedDate |
| common | name | cloud.resource.name |
| common | projectId | cloud.accountId |
| common | resource.id | cloud.resource.id |
| common | tags.name | connector.tag.name |
| common | label.name | gcp.label.name |
| common | label.value | gcp.label.value |
| firewall_rules | firewall.network | gcp.firewall.network |
| network | network.subnetworks | gcp.network.subnetworks |
| k8s_cluster | kubernetesClusters.status | gcp.kubernetesClusters.status |
| k8s_cluster | kubernetesClusters.databaseEncryption.state | gcp.kubernetesClusters.databaseEncryption.state |
| k8s_cluster | kubernetesClusters.shieldedNodes.enabled | gcp.kubernetesClusters.shieldedNodes.enabled |
| k8s_cluster | kubernetesClusters.autoscaling.autoscalingProfile | gcp.kubernetesClusters.autoScaling.autoScalingProfile |
| k8s_cluster | kubernetesClusters.enterpriseConfig.clusterTier | gcp.kubernetesClusters.enterpriseConfig.clusterTier |
| k8s_cluster | kubernetesClusters.addonsConfig.kubernetesDashboard.disabled | gcp.kubernetesClusters.addonsConfig.kubernetesDashboard.disabled |
| k8s_cluster | kubernetesClusters.networkPolicy.provider | gcp.kubernetesClusters.networkPolicy.provider |
| k8s_cluster | kubernetesClusters.networkPolicy.enabled | gcp.kubernetesClusters.networkPolicy.enabled |
| k8s_cluster | kubernetesClusters.nodeConfig.machineType | gcp.kubernetesClusters.nodeConfig.machineType |
| k8s_cluster | kubernetesClusters.nodeConfig.diskSizeGb | gcp.kubernetesClusters.nodeConfig.diskSizeGb |
| k8s_cluster | kubernetesClusters.nodeConfig.imageType | gcp.kubernetesClusters.nodeConfig.imageType |
| k8s_cluster | kubernetesClusters.nodeConfig.diskType | gcp.kubernetesClusters.nodeConfig.diskType |
| k8s_cluster | kubernetesClusters.nodeConfig.shieldedInstanceConfig.enableIntegrityMonitoring | gcp.kubernetesClusters.nodeConfig.shieldedInstanceConfig.enableIntegrityMonitoring |
| cloud_function | cloudFunction.timeout | gcp.cloudFunction.timeout |
| cloud_function | cloudFunction.memory | gcp.cloudFunction.memory |
| cloud_function | cloudFunction.trigger | gcp.cloudFunction.trigger |
| cloud_function | cloudFunction.runtime | gcp.cloudFunction.runtime |
| cloud_function | cloudFunction.serviceAccountEmail | gcp.cloudFunction.serviceAccountEmail |
| cloud_function | cloudFunction.maxInstances | gcp.cloudFunction.maxInstances |
| cloud_function | cloudFunction.versionId | gcp.cloudFunction.versionId |
| cloud_function | cloudFunction.vpcConnector | gcp.cloudFunction.vpcConnector |
| cloud_function | cloudFunction.ingressSettings | gcp.cloudFunction.ingressSettings |
| cloud_function | cloudFunction.label.key | gcp.cloudFunction.label.key |
| cloud_function | cloudFunction.label.value | gcp.cloudFunction.label.value |
| cloud_function | cloudFunction.status | gcp.cloudFunction.status |
| load_balancing | loadBalancing.IPAddress | gcp.loadBalancing.ipAddress |
| load_balancing | loadBalancing.scheme | gcp.loadBalancing.scheme |
| load_balancing | loadBalancing.forwardingRuleTarget | gcp.loadBalancing.forwardingRuleTarget |
| subnetwork | subnetwork.ipCidrRange | gcp.subnetwork.ipCidrRange |
| subnetwork | subnetwork.network | gcp.subnetwork.network |
| subnetwork | subnetwork.ipv6Prefix | gcp.subnetwork.ipv6Prefix |
| Cloud Run Services | runservices.arn | gcp.runservices.arn |
| Cloud Run Services | runservices.ingress | gcp.runservices.ingress |
GCP Asset TokensGCP Asset Tokens
| RESOURCE | Old Token | New Token |
|---|---|---|
| GCP Instance | instance.machineType | gcp.compute.machineType |
| GCP Instance | instance.networkInterfaces.network | gcp.networkInterfaces.network |
| GCP Instance | instance.externalIpAddress | gcp.compute.externalIpAddress |
| GCP Instance | instance.privateIpAddress | gcp.compute.privateIpAddress |
| GCP Instance | instance.networkInterfaces.subnetwork | gcp.networkInterfaces.subnetwork |
| GCP Instance | instance.status | gcp.compute.status |
| GCP Instance | instance.agentInstalled | gcp.compute.agentInstalled |
| GCP Instance | instance.scanType | gcp.compute.scanType |
| GCP Instance | instance.firstScanDate | gcp.compute.firstScanDate |
| GCP Instance | instance.lastScanDate | gcp.compute.lastScanDate |
OCI Resource TokensOCI Resource Tokens
| Resource | Old Token | New Token |
|---|---|---|
| Common Tokens | tags.name | connector.tag.name |
| Common Tokens | tag.key | oci.tag.key |
| Common Tokens | tag.value | oci.tag.value |
| Common Tokens | tag.type | oci.tag.type |
| Common Tokens | tag.namespace | oci.tag.namespace |
| Common Tokens | created | oci.resource.createdDate |
| Common Tokens | updated | oci.resource.updatedDate |
| Common Tokens | name | cloud.resource.name |
| Common Tokens | tenantId | oci.tenantId / cloud.accountId |
| Common Tokens | resource.id | cloud.resource.id |
| Common Tokens | region | cloud.region |
| Common Tokens | resource.type | cloud.resource.type |
| Load balancer | id | oci.loadBalancer.id |
| Load balancer | compartmentId | oci.loadBalancer.compartmentId |
| Load balancer | loadbalancer.isPrivate | oci.loadBalancer.isPrivate |
| Load balancer | loadbalancer.isIpPublic | oci.loadBalancer.isIpPublic |
| Load balancer | loadbalancer.shapeName | oci.loadBalancer.shapeName |
| Load balancer | loadbalancer.lifecycleState | oci.loadBalancer.lifecycleState |
| Bucket | bucket.id | oci.bucket.id |
| Bucket | bucket.namespace | oci.bucket.namespace |
| Bucket | bucket.compartmentId | oci.bucket.compartmentId |
| Bucket | bucket.createdBy | oci.bucket.createdBy.username |
| Bucket | bucket.replicationEnabled | oci.bucket.replicationEnabled |
| Bucket | bucket.isReadOnly | oci.bucket.isReadOnly |
| Bucket | bucket.versioning | oci.bucket.versioning |
| Bucket | bucket.autoTiering | oci.bucket.autoTiering |
| Bucket | bucket.objectEventsEnabled | oci.bucket.objectEventsEnabled |
| Bucket | bucket.timeCreated | oci.bucket.timeCreated |
| Bucket | bucket.publicAccessType | oci.bucket.publicAccessType |
| Bucket | bucket.storageTier | oci.bucket.storageTier |
| Bucket | bucket.objectLevelAuditMode | oci.bucket.objectLevelAuditMode |
| Bucket | bucket.kmsKeyId | oci.bucket.kmsKeyId |
| Iam user | user.id | oci.iamUser.id |
| Iam user | user.isMfaActivated | oci.iamUser.isMfaActivated |
| Iam user | user.lifecycleState | oci.iamUser.lifecycleState |
| Iam user | user.canUseConsolePassword | oci.iamUser.canUseConsolePassword |
| Iam user | user.lastSuccessfulLoginTime | oci.iamUser.lastSuccessfulLoginTime |
| Iam user | user.timeCreated | oci.iamUser.timeCreated |
| Iam user | user.timeModified | oci.iamUser.timeModified |
| Security list | securitylist.compartmentId | oci.securityList.compartmentId |
| Security list | securitylist.egressSecurityRules.destination | oci.securityList.egressSecurityRules.destination |
| Security list | securitylist.egressSecurityRules.destinationPortRange.min | oci.securityList.egressSecurityRules.destinationPortRange.min |
| Security list | securitylist.egressSecurityRules.destinationPortRange.max | oci.securityList.egressSecurityRules.destinationPortRange.max |
| Security list | securitylist.egressSecurityRules.isStateless | oci.securityList.egressSecurityRules.isStateless |
| Security list | securitylist.egressSecurityRules.protocol | oci.securityList.egressSecurityRules.protocol |
| Security list | securitylist.egressSecurityRules.sourcePortRange.min | oci.securityList.egressSecurityRules.sourcePortRange.min |
| Security list | securitylist.egressSecurityRules.sourcePortRange.max | oci.securityList.egressSecurityRules.sourcePortRange.max |
| Security list | securitylist.id | oci.securityList.id |
| Security list | securitylist.ingressSecurityRules.destinationPortRange.min | oci.securityList.ingressSecurityRules.destinationPortRange.min |
| Security list | securitylist.ingressSecurityRules.destinationPortRange.max | oci.securityList.ingressSecurityRules.destinationPortRange.max |
| Security list | securitylist.ingressSecurityRules.isStateless | oci.securityList.ingressSecurityRules.isStateless |
| Security list | securitylist.ingressSecurityRules.protocol | oci.securityList.ingressSecurityRules.protocol |
| Security list | securitylist.ingressSecurityRules.source | oci.securityList.ingressSecurityRules.source |
| Security list | securitylist.ingressSecurityRules.sourcePortRange.min | oci.securityList.ingressSecurityRules.sourcePortRange.min |
| Security list | securitylist.ingressSecurityRules.sourcePortRange.max | oci.securityList.ingressSecurityRules.sourcePortRange.max |
| Security list | securitylist.lifecyclestate | oci.securityList.lifecycleState |
| Security list | securitylist.vcnId | oci.securityList.vcnId |
| Security list | securitylist.timeCreated | oci.securityList.timeCreated |
| Kubernetes | kubernetesclusters.lifecycleState | oci.kubernetesClusters.lifecycleState |
| Kubernetes | compartmentId | oci.kubernetesClusters.compartmentId |
| Kubernetes | kubernetesclusters.type | oci.kubernetesClusters.type |
| Kubernetes | kubernetesclusters.isPublicIpEnabled | oci.kubernetesClusters.isPublicIpEnabled |
| Kubernetes | kubernetesclusters.kubernetesVersion | oci.kubernetesClusters.kubernetesVersion |
| Kubernetes | kubernetesclusters.imagePolicyConfig.isPolicyEnabled | oci.kubernetesClusters.imagePolicyConfig.isPolicyEnabled |
| Kubernetes | kubernetesclusters.addOns.isKubernetesDashboardEnabled | oci.kubernetesClusters.addOns.isKubernetesDashboardEnabled |
| Kubernetes | kubernetesclusters.addOns.isTillerEnabled | oci.kubernetesClusters.addOns.isTillerEnabled |
| Kubernetes | kubernetesclusters.admissionControllerOptions.isPodSecurityPolicyEnabled | oci.kubernetesClusters.admissionControllerOptions.isPodSecurityPolicyEnabled |
OCI Asset TokensOCI Asset Tokens
| RESOURCE | Old Token | New Token |
|---|---|---|
| OCI Instance | instance.availabilityDomain | oci.compute.availabilityDomain |
| OCI Instance | instance.faultDomain | oci.compute.faultDomain |
| OCI Instance | instance.id | oci.compute.id |
| OCI Instance | instance.imageId | oci.compute.imageId |
| OCI Instance | instance.compartmentId | oci.compute.compartmentId |
| OCI Instance | instance.isPvEncryptionInTransitEnabled | oci.compute.isPvEncryptionInTransitEnabled |
| OCI Instance | instance.lifecycleState | oci.compute.lifecycleState |
| OCI Instance | instance.privateIp | oci.vnic.privateIp |
| OCI Instance | instance.publicIp | oci.vnic.publicIp |
| OCI Instance | instance.secureBootEnabled | oci.compute.secureBootEnabled |
| OCI Instance | instance.shape | oci.compute.shape |
Vulnerability TokensVulnerability Tokens
| Old Tokens | New Tokens |
|---|---|
| vulnerability.vendorRefs | finding.vulnerability.vendorRef |
| vulnerability.vendors.productName | finding.vulnerability.vendorProductName |
| vulnerability.vendors.vendorName | finding.vulnerability.vendorName |
| vulnerability.typeDetected | finding.vulnerability.typeDetected |
| vulnerability.title | finding.vulnerability.title |
| vulnerability.threatIntel.publicExploitName | finding.vulnerability.threatIntel.publicExploitName |
| vulnerability.threatIntel.malwareName | finding.vulnerability.threatIntel.malwareName |
| vulnerability.threatIntel.zeroDay | finding.vulnerability.threatIntel.isZeroDay |
| vulnerability.threatIntel.publicExploit | finding.vulnerability.threatIntel.isPublicExploit |
| vulnerability.threatIntel.malware | finding.vulnerability.threatIntel.isMalware |
| vulnerability.threatIntel.highLateralMovement | finding.vulnerability.threatIntel.isHighLateralMovement |
| vulnerability.threatIntel.highDataLoss | finding.vulnerability.threatIntel.isHighDataLoss |
| vulnerability.threatIntel.denialOfService | finding.vulnerability.threatIntel.isDenialOfService |
| vulnerability.threatIntel.activeAttacks | finding.vulnerability.threatIntel.isActiveAttack |
| vulnerability.threatIntel.noPatch | finding.vulnerability.threatIntel.hasNoPatch |
| vulnerability.threatIntel.exploitKitName | finding.vulnerability.threatIntel.exploitKitName |
| vulnerability.threatIntel.exploitKit | finding.vulnerability.threatIntel.exploitKit |
| vulnerability.supportedBy | finding.vulnerability.supportedBy.serviceName |
| vulnerability.status | finding.vulnerability.status |
| vulnerability.solution | finding.vulnerability.solution |
| vulnerability.severity | finding.vulnerability.severity |
| vulnerability.sans20Categories | finding.vulnerability.sans20Categories |
| vulnerability.risk | finding.vulnerability.risk |
| vulnerability.qid | finding.vulnerability.qid |
| vulnerability.published | finding.vulnerability.publishedDate |
| vulnerability.protocol | finding.vulnerability.protocol |
| vulnerability.port | finding.vulnerability.port |
| vulnerability.patches | finding.vulnerability.patches |
| vulnerability.os | finding.vulnerability.operatingSystem.name |
| vulnerability.lists | finding.vulnerability.list |
| vulnerability.lastFound | finding.vulnerability.lastFoundDate |
| vulnerability.PCI | finding.vulnerability.isPCI |
| vulnerability.patchAvailable | finding.vulnerability.isPatchAvailable |
| vulnerability.ignored | finding.vulnerability.isIgnored |
| vulnerability.disabled | finding.vulnerability.isDisabled |
| vulnerability.hostOS | finding.vulnerability.host.operatingSystem.name |
| vulnerability.flags | finding.vulnerability.flag |
| vulnerability.firstFound | finding.vulnerability.firstFoundDate |
| vulnerability.exploitability | finding.vulnerability.exploitability |
| vulnerability.discoveryTypes | finding.vulnerability.discoveryType |
| vulnerability.description | finding.vulnerability.description |
| vulnerability.cvss3Info.temporalScore | finding.vulnerability.cvss3TemporalScore |
| vulnerability.cvss3Info.baseScore | finding.vulnerability.cvss3BaseScore |
| vulnerability.cvssInfo.temporalScore | finding.vulnerability.cvss2TemporalScore |
| vulnerability.cvssInfo.baseScore | finding.vulnerability.cvss2BaseScore |
| vulnerability.cvssInfo.accessVector | finding.vulnerability.cvss2AccessVector |
| vulnerability.cveIds | finding.vulnerability.cveId |
| vulnerability.customerSeverity | finding.vulnerability.customerSeverity |
| vulnerability.consequence | finding.vulnerability.consequence |
| vulnerability.compliance.type | finding.vulnerability.compliance.type |
| vulnerability.compliance.section | finding.vulnerability.compliance.section |
| vulnerability.compliance.description | finding.vulnerability.compliance.description |
| vulnerability.category | finding.vulnerability.category |
| vulnerability.bugTraqIds | finding.vulnerability.bugTraqId |
| vulnerability.authTypes | finding.vulnerability.authType |
Insights TokensInsights Tokens
| Old Token | New Token |
|---|---|
| aws.account.alias | aws.account.alias |
| azure.location | azure.location |
| azure.resourceGroupName | azure.resourceGroupName |
| azure.subscription.name | azure.subscription.name |
| cloud.id | cloud.id |
| cloud.provider | cloud.provider |
| cloud.region | cloud.region |
| cloud.resource.id | cloud.resource.id |
| connector.name | connector.name |
| image.registry | image.registry |
| insight.title | insight.title |
| isAttackPathEnabled | insight.isAttackPathEnabled |
| k8s.cluster.name | k8s.cluster.name |
| k8s.namespace | k8s.namespace |
| resource.name | cloud.resource.name |
| riskScore | asset.truRisk |
| service.type | service.type |
investigate Tokensinvestigate Tokens
| Old Token | New Token |
|---|---|
| tc.findings.cloudAccount | cloud.accountId |
| tc.findings.affectedResource | finding.affectedResource |
| tc.findings.remoteResource | |
| tc.findings.alertClass | finding.alertClass |
| tc.findings.category | finding.category |
| tc.findings.severity | finding.severity |
| tc.findings.cloudProvider | cloud.provider |
| tc.findings.region | cloud.region |
| tc.findings.resourceType | finding.resource.type |
| tc.findings.hash | finding.hash |
| tc.findings.remote.ipAddress | finding.remote.ipAddress |
| tc.findings.remote.city | finding.remote.city |
| tc.findings.remote.country | finding.remote.country |
| tc.findings.mitre.attack.tactic.id | finding.mitre.attack.tactic.id |
| tc.findings.mitre.attack.tactic.name | finding.mitre.attack.tactic.name |
| tc.findings.mitre.attack.technique.id | finding.mitre.attack.technique.id |
| tc.findings.mitre.attack.technique.name | finding.mitre.attack.technique.name |
| tc.findings.mitre.attack.rule.name | finding.mitre.attack.rule.name |
| tc.findings.pod | container.cluster.pod.name |
| tc.findings.containerName | container.name |
| tc.findings.clusterName | container.cluster.name |
| tc.findings.nodeName | container.cluster.node.name |
| tc.findings.namespace | container.cluster.pod.namespace |
| tc.findings.processName | process.name |
| tc.findings.exception.id | exception.id |
| tc.findings.exception.name | exception.name |
| asset.truRisk | asset.truRisk |
| container.host.name | container.host.name |
| container.host.ipAddress | container.host.ipAddress |
| container.host.ipV6Address | container.host.ipV6Address |
| container.portMapping.hostIp | container.portMapping.hostIp |
| container.portMapping.hostPort | container.portMapping.hostPort |
| container.portMapping.port | container.portMapping.port |
| container.portMapping.protocol | container.portMapping.protocol |
| container.cluster.pod.name | container.cluster.k8s.pod.name |
| container.cluster.node.name | container.cluster.k8s.node.name |
| container.cluster.pod.namespace | container.cluster.k8s.pod.namespace |
| Old Token | New Token |
|---|---|
| cid | control.id |
| control.criticality | control.criticality |
| control.executionType | control.executionType |
| control.name | control.name |
| control.result | control.result |
| control.type | control.type |
| controlObjective.comments | control.objective.comments |
| controlObjective.section | control.objective.section |
| createdBy | control.createdBy.username |
| createdBy | policy.createdBy.username |
| createdDate | policy.createdDate |
| evaluatedOn | cloud.resource.evaluatedDate |
| exception.name | exception.name |
| firstEvaluatedOn | cloud.resource.firstEvaluatedDate |
| git.branch | git.branch |
| git.reponame | git.repoName |
| iac.scan.id | iac.scan.id |
| iac.scan.name | iac.scan.name |
| iac.source | iac.source |
| iac.template.type | iac.template.type |
| isCustomizable | control.isCustomizable |
| isRemediable | control.isRemediable |
| lastEvaluatedOn | cloud.resource.lastEvaluatedDate |
| lastFixed | cloud.resource.lastFixedDate |
| lastReopened | cloud.resource.lastReopenedDate |
| mandate.compliance | mandate.compliance |
| mandate.name | mandate.name |
| mandate.publisher | mandate.publisher |
| modifiedBy | policy.updatedBy.username |
| modifiedDate | policy.updatedDate |
| parentCid | control.parentCid |
| policy.compliance | policy.compliance |
| policy.executionType | policy.executionType |
| policy.name | policy.name |
| policy.name | policy.name |
| policy.uuid | policy.uuid |
| policyType | policy.type |
| provider | control.provider |
| provider | policy.provider |
| qflow.id | qflow.id |
| qflow.name | qflow.name |
| remediationStatus | cloud.resource.remediationStatus |
| requirement.comments | requirement.comments |
| requirement.section | requirement.section |
| resource.result | resource.result |
| resource.type | resource.type |
| rootParentCid | control.rootParentCid |
| service.type | service.type |
| updatedBy | control.updatedBy.username |
Mandate, Policies, and Exception TokensMandate, Policies, and Exception Tokens
| Group | Old Token | New Token |
|---|---|---|
| Mandate | mandate.name | mandate.name |
| Mandate | geography | mandate.geography |
| Mandate | industry | mandate.industry |
| Mandate | mandate.publisher | mandate.publisher |
| Mandate | mandate.version | mandate.version |
| Policies | policy.name | policy.name |
| Policies | createdBy | policy.createdBy.username |
| Policies | createdDate | policy.createdDate |
| Policies | policy.executionType | policy.executionType |
| Policies | modifiedBy | policy.updatedBy.username |
| Policies | modifiedDate | policy.updatedDate |
| Policies | provider | policy.provider |
| Policies | policyType | policy.type |
| Exceptions | exception.name | exception.name |
| Exceptions | exception.provider | exception.provider |
| Exceptions | exception.reason | exception.reason |
| Exceptions | exception.scope | exception.scope |
| Exceptions | exception.status | exception.status |
| Exceptions | cloud.id | cloud.accountId |
| Exceptions | control.id | control.id |
| Exceptions | qflow.id | qflow.id |
| Exceptions | qflow.name | qflow.name |
| Exceptions | cloud.resource.id | cloud.resource.id |
| Exceptions | account.id | cloud.id |
| Exceptions | subscriptionId | cloud.id |
| Exceptions | projectId | cloud.id |
| Exceptions | cid | control.id |
| Exceptions | resource.accountId | cloud.id |
| Exceptions | resource.subscriptionId | cloud.id |
| Exceptions | resource.projectId | cloud.id |
Connector TokensConnector Tokens
| Old Token | New Token |
|---|---|
| name | connector.application.name |
| status | connector.status |
| application | connector.application.name |
| isDisabled | connector.isDisabled |
| username | connector.username |
| remediationEnabled | connector.isRemediationEnabled |
| authType | connector.authType |
| module | connector.module.name |
| org.connector.name | org.connector.name |
| org.name | org.name |
| scanType.isSnapshotScanEnabled | scanType.isSnapshotScanEnabled |
| scanType.isInstantAssessmentEnabled | scanType.isInstantAssessmentEnabled |
| scanType.isCPSEnabled | scanType.isCPSEnabled |
| scanType.snapshotScan.isSecretDetectionEnabled | scanType.snapshotScan.isSecretDetectionEnabled |
| scanType.snapshotScan.isScaEnabled | scanType.snapshotScan.isScaEnabled |
| scanType.snapshotScan.isAmiScanningEnabled | scanType.snapshotScan.isAmiScanningEnabled |
| isFlexScanConfigured | connector.isFlexScanConfigured |
| isAttachedToOrgConnector | connector.isAttachedToOrgConnector |
| isServiceAccount | connector.isServiceAccount |
| organizationName | org.name |
| organizationId | org.id |
| oci.tenantId | oci.tenantId |
| oci.tenantName | oci.tenantName |
| managementGroupName | azure.managementGroupName |
| managementGroupId | azure.managementGroupId |
| folderName | gcp.folderName |
| folderId | gcp.folderId |
| ouName | aws.ouName |
| ouId | aws.ouId |
| jobType | job.type |
| state | connector.state |
Remediation and Alerting TokensRemediation and Alerting Tokens
| Old Token | New Token |
|---|---|
| resource.type | cloud.resource.type |
| resource.id | cloud.resource.id |
| cid | control.id |
| connector.name | connector.name |
| status | response.status |
| response.user | response.user |
| response.userid | response.userId |
| response.username | response.user |
| response.userId | response.userId |
| action | response.action |
| triggeredBy | response.triggeredBy.username |
| triggeredOn | response.triggeredDate |
| control.name | control.name |
| account.id | aws.accountId |
| subscriptionId | azure.subscriptionId |
| projectId | gcp.projectId |
| service.type | service.type |
| connectorUuid | connector.uuid |
| evidences.key | evidence.key |
| evidences.value | evidence.value |
| accountGroup | account.group |
| action.id | action.id |
| action.name | action.name |
| action.type | action.type |
| action.message | action.message |
| action.subject | action.subject |
| action.emailRecipient | action.email.recipient |
| action.slackChannel | action.slackChannel |
| ruleQuery | rule.query |
| rule.id | rule.id |
| ruleName | rule.name |
| ruleDescription | rule.description |
| ruleState | rule.state |
| ruleSeverity | rule.severity |
| createdBy | rule.createdBy.username |
| createdById | rule.createdBy.userId |
| createdDate | rule.createdDate |
| updatedBy | rule.updatedBy.username |
| updatedById | rule.updatedBy.userId |
| updatedDate | rule.updatedDate |
| aggregate | rule.aggregate |
| aggregationGroup | rule.aggregationGroup |
| index | rule.index |
| ruleSeverity | rule.severity |
| id | rule.id |
| lastRun | rule.lastRun |
| trigger | rule.trigger |
| policyName | policy.name |
| uuid | policy.uuid |
| policyMode | policy.mode |
| isDefault | policy.isDefault |
| policyType | policy.type |
| k8sFilters.cluster.clusterUid | policy.k8sFilter.cluster.clusterUid |
| k8sFilters.namespace.clusterUid | policy.k8sFilter.namespace.clusterUid |
| k8sFilters.namespace.namespaceValue | policy.k8sFilter.namespace.value |
| service.type | service.type |
| connectorUuid | connector.uuid |
| evidences.key | evidence.key |
| evidences.value | evidence.value |
| accountGroup | account.group |
| rulename | rule.name |
| jobname | job.name |
| asset.agentid | agent.id |
| asset.hostname | asset.hostname |
| asset.name | asset.name |
| file.hash.md5 | file.hash.md5 |
| file.hash.sha256 | file.hash.sha256 |
| file.name | file.name |
| indicator.score | indicator.score |
| indicator.severityscore | indicator.severityScore |
| platform | agent.platform |
| event.source | event.source |