Home

Searching for Microsoft Azure Resources

Use the search tokens below to search for resources discovered. You will need to first choose cloud provider on the Resources tab to see the relevant tokens for your environment.  Looking for help with writing your query? click here

General

account.idaccount.id

Use a text value ##### to show resources based on the unique account ID associated with the connector at the time of creation.

Example

Show findings with this account ID

account.id: 205767712438

account.aliasaccount.alias

Use a text value ##### to show connectors based on the account alias associated with the connector at the time of creation.

Example

Show connectors with this account alias

account.alias: Example_connector

subscriptionNamesubscriptionName

Use a text value ##### to find Azure connectors based on the subscription name associated with the connector at the time of creation.

Example

Show connectors with this subscription name

subscriptionName: Sample Cloud Subscription

createdcreated

Use a date range or specific date to define when the resource was created.

Examples

Show resources created within certain dates

created: [2018-01-01 ... 2018-03-01]

Show resources created starting 2018-10-01, ending 1 month ago

created: [2018-01-01 ... now-1m]

Show resources created starting 2 weeks ago, ending 1 second ago

created: [now-2w ... now-1s]

Show resources created on specific date

created: 2018-01-08

updatedupdated

Use a date range or specific date to define when the resource was last updated.

Examples

Show resources updated within certain dates

updated: [2018-01-01 ... 2018-03-01]

Show resources updated starting 2018-10-01, ending 1 month ago

updated: [2018-01-01 ... now-1m]

Show resources updated starting 2 weeks ago, ending 1 second ago

updated: [now-2w ... now-1s]

Show resources updated on specific date

updated: 2018-01-08

namename

Use backticks to help you find the exact match of the resource name you're looking for.

Examples

Show any findings with this name

name: my-resource

Show all the findings that exactly match with this name

name: `my-resource`

providerprovider

Select the name of the cloud service provider you're interested in. Select from names in the drop-down menu.

Example

Find resources synced from Microsoft Azure

provider: Azure

regionregion

Select the name of the region you're interested in. Select from names in the drop-down menu.

Example

Find resources in the Singapore region

region: Singapore

resource.idresource.id

Use a text value ##### to find resources by the unique ID assigned to the resource.

Example

Show resources with ID acl-8e5198f5

resource.id: acl-8e5198f5

resource.typeresource.type

Select the type of resource you're interested in. Select from names in the drop-down menu.

Example

Show resources of type Instance

resource.type: Instance

tag.keytag.key

Use a text value ##### to define the key of an Azure tag assigned to the resource (case sensitive).

Example

Show findings with key Department

tag.key: Department

tag.valuetag.value

Use a text value ##### to define the value of an Azure tag assigned to the resource (case sensitive).

Example

Show findings with tag value Finance

tag.value: Finance

tags.nametags.name

Use values within quotes or backticks to help you find the resources with the specified tag you're looking for.

Example

Show any findings that contain "network" and "blue" in name

tags.name: "network blue"

Show any findings that contain "network" or "blue" in name (another method)

tags.name: "network" OR tags.name: "blue"

Show any findings that match exact value "Cloud Agent"

tags.name: "Cloud Agent"

andand

Use a boolean query to express your query using AND logic.

Example

Show findings with account ID 205767712438 and type Subnet

account.id: 205767712438 and resource.type: Subnet

notnot

Use a boolean query to express your query using NOT logic.

Example

Show findings that are not resource type Instance

not resource.type: Instance

oror

Use a boolean query to express your query using OR logic.

Example

Show findings with one of these tag values

tag.value: Finance or tag.value: Accounting

projectIdprojectId

Use a text value ##### to find GCP resources with a certain project Id.

Example

Show resources with this projectId

projectId: my-project-1513669048551

Azure: General

locationlocation

Select the name of the Azure location you're interested in. Select from names in the drop-down menu.

Example

Find resources in this location

location: Frankfurt

resourceGroupNameresourceGroupName

Use a text value ##### to find resources by the resource group name.

Example

Show resources with this group name

resourceGroupName: my-eastus-rg

subscriptionIdsubscriptionId

Use a text value ##### to find resources by the subscription ID.

Example

Show resources with this subscription ID

subscriptionId: fbb9ea64-abda-452e-adfa-83442409

Azure: SQL Server

These tokens are available in queries with resource.type:SQL Server

sqlserver.typesqlserver.type

Use a text value ##### to find resources by the SQL Server type.

Example

Show resources with this type

sqlserver.type: Microsoft.sql

sqlserver.fullyQualifiedDomainNamesqlserver.fullyQualifiedDomainName

Use a text value ##### to find resources by the SQL Server Fully Qualified Domain Name (FQDN).

Example

Show resources with this FQDN

sqlserver.fullyQualifiedDomainName: severname.database.windows.net

sqlserver.versionsqlserver.version

Use a text value ##### to find resources by the SQL Server version.

Example

Show resources with this version

sqlserver.version: 12

sqlserver.statesqlserver.state

Use a text value ##### to find resources by the current SQL Server state.

Example

Show resources with this state

sqlserver.state: ready

Azure: SQL Server Database

These tokens are available in queries with resource.type:SQL Server Database

sqldatabase.editionsqldatabase.edition

Select the database edition (basic, standard, premium) you're interested in. Select from names in the drop-down menu.

Example

Find resources with standard edition

sqldatabase.edition: standard

sqldatabase.statussqldatabase.status

Select the database status (online, offline, restoring, etc) you're interested in. Select from names in the drop-down menu.

Example

Show online databases

sqldatabase.status: online

Azure: Virtual Machine

These tokens are available in queries with resource.type:Virtual Machine

virtualmachine.vmIdvirtualmachine.vmId

Use a text value ##### to find resources by the virtual machine ID.

Example

Show resources with this virtual machine ID

virtualmachine.vmId: MyVMID

connector.remediationEnabledconnector.remediationEnabled

Use  true to view the resources associated with the connector for which remediation is enabled.

Example

Show resources associated with the connector for which remediation is enabled

connector.remediationEnabled: TRUE

virtualmachine.vmSizevirtualmachine.vmSize

Use a text value ##### to find resources by size of the virtual machine.

Example

Show resources with this virtual machine size

virtualmachine.vmSize: Standard_DS1_v2

virtualmachine.networkSecurityGroupvirtualmachine.networkSecurityGroup

Use a text value ##### to find the network security group of the virtual machine.

Example

Show resources with this network security group

virtualmachine.networkSecurityGroup: myNSG

virtualmachine.osTypevirtualmachine.osType

Use a ####text value to find VMs with agents installed on them.

Example

Show VMs with specified OS Type.

virtualmachine.osType: Windows

virtualmachine.agentInstalledvirtualmachine.agentInstalled

Use True | False to find VMs with agents installed on them.

Example

Show VMs with agents installed.

virtualmachine.agentInstalled: True

virtualmachine.hasThreatsvirtualmachine.hasThreats

Use the values true | false to find virtual machines with that has threats identified.

Example

Show resources with threats identified

virtualmachine.hasThreats: True

virtualmachine.publicIpAddressvirtualmachine.publicIpAddress

Use a text value ##### to find virtual machines with certain IP address.

Example

Show resources with this IP address

virtualmachine.publicIpAddress: 13.126.125.189

virtualmachine.statusvirtualmachine.status

Select the status (Creating, Deleting, Updating, etc.) of the virtual machine you're interested in. Select the required status from the drop-down menu.

Example

Show virtual machines with VM running status

virtualmachine.status: VM running

virtualmachine.networkInterface.subnetIdvirtualmachine.networkInterface.subnetId

Use a text value ##### to find VMs with a certain network interface address ID.

Example

Show findings with this address ID

virtualmachine.networkInterface.subnetId: id-12345

virtualmachine.networkInterface.privateDnsNamevirtualmachine.networkInterface.privateDnsName

Use a text value ##### to find VMs having network interface with a certain private DNS name.

Example

Show findings with this private DNS name

virtualmachine.networkInterface.privateDnsName: ip-172-31-33-67.us-east-2.compute.internal

virtualmachine.networkInterface.privateIpAddressvirtualmachine.networkInterface.privateIpAddress

Use a text value ##### to find VMs having network interface with a certain private IP address.

Example

Show findings with this private IP

virtualmachine.networkInterface.privateIpAddress: 172.31.28.151

virtualmachine.networkInterface.secondaryPrivateIpvirtualmachine.networkInterface.secondaryPrivateIp

Use a text value ##### to find VMs having network interfaces with a certain secondary private IP address.

Example

Show findings with this secondary private IP

virtualmachine.networkInterface.secondaryPrivateIp: 10.0.0.85

virtualmachine.networkInterface.publicIpvirtualmachine.networkInterface.publicIp

Use a text value ##### to find VMs having network interfaces with a certain public IP address.

Example

Show findings with this public IP address

virtualmachine.networkInterface.publicIp: 13.126.125.189

virtualmachine.networkInterface.ipv6Ipvirtualmachine.networkInterface.ipv6Ip

Use a text value ##### to find VMs having network interfaces with a certain IPv6 IP address.

Example

Show findings with this IPv6 address

virtualmachine.networkInterface.ipv6Ip: 2010:ab2::1234:zzz:2002:1f

virtualmachine.isDockerHostvirtualmachine.isDockerHost

Use the values true | false to define whether the instance has a docker installed on the host.

Example

Show VMs with docker installed on the host

virtualmachine.isDockerHost:true

Show VMs without docker installed on the host

virtualmachine.isDockerHost:false

virtualmachine.docker.versionvirtualmachine.docker.version

Use a text value ##### to define Docker version you are looking for.

Example

Show VMs with specified docker version

virtualmachine.docker.version:8.2

virtualmachine.riskScorevirtualmachine.riskScore

Use an integer value (0-1000) to search for all the Azure VMs with the specified risk score.

Example

Show all VMs with a risk score greater than 125

virtualmachine.riskScore > 125

Show all VMs with a risk score of 125

virtualmachie.riskScore: 125

Azure: Virtual Network

These tokens are available in queries with resource.type:Virtual Network

virtualnetwork.typevirtualnetwork.type

Use a text value ##### to find resources by the virtual network type.

Example

Show resources with this virtual network type

virtualnetwork.type: Microsoft.Network/virtualNetworks

Azure: Web App

These tokens are available in queries with resource.type:Web App

webapp.kindwebapp.kind

Use a text value ##### to find web apps based on the kind filter you are interested in..

Examples

Show any web apps with kind filter

webapp.kind: Linux

webapp.deploymentIdwebapp.deploymentId

Use a text value ##### to find web apps based on the deployment ID of the web app.

Example

Show web apps with this deployment ID

webapp.deploymentId:depl-7495

webapp.statewebapp.state

Search web app based on its state.

Examples

Show web apps that are in running state

webapp.state:Running

webapp.availabilityStatewebapp.availabilityState

>Select the web app state (NORMAL, LIMITED, DISASTER_RECOVERY_MODE) you're interested in. Select from names in the drop-down menu.

Example

Show web apps with availability state as LIMITED

webapp.availabilityState:LIMITED

webapp.usageStatewebapp.usageState

Search the web apps based on their usage state (NORMAL, EXCEEDED). Select from names in the drop-down menu.

Example

Show web app on usage state

webapp.usageState:NORMAL

webapp.enabledwebapp.enabled

Use the values true | false to find whether web app is enabled or not.

Examples

Show web apps which are default container.

webapp.enabled:true

webapp.isDefaultContainerwebapp.isDefaultContainer

Use the values true | false to find whether web app is the default container or not.

Examples

Show web apps which are default container.

webapp.isDefaultContainer:true

webapp.httpsonlywebapp.httpsonly

Use the values true | false to find whether HTTPSOnly feature is enabled or not on a web app.

Examples

Show web apps with HTTPSOnly feature enabled.

webapp.httpsonly:TRUE

webapp.redundancyModewebapp.redundancyMode

Use a text value ##### to define the redundancy mode of the web app.

Example

Show web apps with this redundancy mode.

webapp.redundancyMode:MANUAL

webapp.appserviceplanwebapp.appserviceplan

Use a text value ##### to define the AppServicePlanId of webapp you're looking for.

Examples

Show web apps with this AppServicePlan ID.

webapp.appserviceplan:app-service-plan-123

webapp.defaultHostNamewebapp.defaultHostName

Use a text value ##### to define the default host name for web apps.

Example

Show web apps with this default host name

webapp.defaultHostName:windowsappabc123.azurewebsites.net

webapp.hostnames.enabledwebapp.hostnames.enabled

Use a text value ##### to define the enabled host names of the web apps.

Example

Show web apps with this host names

webapp.hostnames.enabled:windowsappabc123.azurewebsites.net

webapp.hostnames.sslStatewebapp.hostnames.sslState

Select web apps based on the SSL  state of the enabled hosts (DISABLED, SNI_ENABLED, IP_BASED_ENABLED) you're interested in. Select from names in the drop-down menu.

Example

Show web apps with disabled SSL state

webapp.hostnames.sslState:DISABLED

webapp.clientAffinityEnabledwebapp.clientAffinityEnabled

Use the values true | false to find whether client affinity is enabled or not on a web app.

Example

Show web apps with client affinity enabled

webapp.clientAffinityEnabled:TRUE

webapp.clientCertEnabledwebapp.clientCertEnabled

Use the values true | false to find whether client cert is enabled or not on a web app.

Example

Show web apps with client cert enabled

webapp.clientCertEnabled:TRUE

Azure: Function App

These tokens are available in queries with resource.type:Function App

functionapp.kindfunctionapp.kind

Use a text value ##### to find function apps based on the kind filter you are interested in..

Examples

Show any function apps with kind filter

functionapp.kind: Linux

functionapp.deploymentIdfunctionapp.deploymentId

Use a text value ##### to find function apps based on the deployment ID of the function app.

Example

Show function apps with this deployment ID

functionapp.deploymentId:depl-7495

functionapp.statefunctionapp.state

Search function app based on its state.

Examples

Show function apps that are in running state

functionapp.state:Running

functionapp.availabilityStatefunctionapp.availabilityState

>Select the function app state (NORMAL, LIMITED, DISASTER_RECOVERY_MODE) you're interested in. Select from names in the drop-down menu.

Example

Show function apps with availability state as LIMITED

functionapp.availabilityState:LIMITED

functionapp.usageStatefunctionapp.usageState

Search the function apps based on their usage state (NORMAL, EXCEEDED). Select from names in the drop-down menu.

Example

Show function app on usage state

functionapp.usageState:NORMAL

functionapp.enabledfunctionapp.enabled

Use the values true | false to find whether function app is enabled or not.

Examples

Show function apps which are default container.

functionapp.enabled:true

functionapp.isDefaultContainerfunctionapp.isDefaultContainer

Use the values true | false to find whether function app is the default container or not.

Examples

Show function apps which are default container.

functionapp.isDefaultContainer:true

functionapp.httpsonlyfunctionapp.httpsonly

Use the values true | false to find whether HTTPSOnly feature is enabled or not on the function app.

Examples

Show function apps with HTTPSOnly feature enabled.

functionapp.httpsonly:TRUE

functionapp.redundancyModefunctionapp.redundancyMode

Use a text value ##### to define the redundancy mode of the function app.

Example

Show function apps with this redundancy mode.

functionapp.redundancyMode:MANUAL

functionapp.appserviceplanfunctionapp.appserviceplan

Use a text value ##### to define the AppServicePlanId of function app you're looking for.

Examples

Show function apps with this AppServicePlan ID.

functionapp.appserviceplan:app-service-plan-123

functionapp.defaultHostNamefunctionapp.defaultHostName

Use a text value ##### to define the default host name for function apps.

Example

Show function apps with this default host name

functionapp.defaultHostName:windowsappabc123.azurewebsites.net

functionapp.hostnames.enabledfunctionapp.hostnames.enabled

Use a text value ##### to define the enabled host names of the function apps.

Example

Show function apps with this host names

functionapp.hostnames.enabled:windowsappabc123.azurewebsites.net

functionapp.hostnames.sslStatefunctionapp.hostnames.sslState

Select function apps based on the SSL  state of the enabled hosts (DISABLED, SNI_ENABLED, IP_BASED_ENABLED) you're interested in. Select from names in the drop-down menu.

Example

Show function apps with disabled SSL state

functionapp.hostnames.sslState:DISABLED

functionapp.clientAffinityEnabledfunctionapp.clientAffinityEnabled

Use the values true | false to find whether client affinity is enabled or not on a function app.

Example

Show function apps with client affinity enabled

functionapp.clientAffinityEnabled:TRUE

functionapp.clientCertEnabledfunctionapp.clientCertEnabled

Use the values true | false to find whether client cert is enabled or not on a function app.

Example

Show function apps with client cert enabled

functionapp.clientCertEnabled:TRUE

functionapp.languagefunctionapp.language

Use a text value ##### to find functionapps based on the language in which the functions under function apps are written.

Example

Show function apps with client cert enabled

functionapp.language:CSharp

Azure: Vulnerability 

These tokens are available in queries with resource.type:vulnerability

vulnerability.qidvulnerability.qid

Use an integer value ##### to define the QID in question.

Example

Show findings with QID 90405

vulnerability.qid:90405

vulnerability.severityvulnerability.severity

Select a severity (1-5) to find assets having vulnerabilities with this severity. Select from values in the drop-down menu.

Example

Show findings with severity 4

vulnerability.severity:4

vulnerability.customerSeverityvulnerability.customerSeverity

Use an integer value ##### to define the QID in question.

Example

Show findings with QID 90405

vulnerability.customerSeverity:3

vulnerability.exploitabilityvulnerability.exploitability

Use values within quotes or backticks to help you find known exploit description you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings related to this description

 vulnerability.exploitability: GIF Parser Heap

Show any findings that contain "GIF", "Parser" or "Heap" in description

 vulnerability.exploitability: "GIF Parser Heap"

Show any findings that match exact value

 vulnerability.exploitability: `GIF Parser Heap`

vulnerability.patchAvailablevulnerability.patchAvailable

Use the values true | false to define vulnerabilities with patch available.

Examples

Show findings with patch available

vulnerability.patchAvailable: "true"

Show findings with no patch available

vulnerability.patchAvailable: "false"

vulnerability.firstFoundvulnerability.firstFound

Use a date range or specific date to define when findings were first found.

Examples

Show findings first found within certain dates

vulnerability.firstFound: [2015-10-21 ... 2015-10-30]

Show findings first found starting 2015-10-01, ending 1 month ago

vulnerability.firstFound: [2015-10-01 ... now-1M]

Show findings first found starting 2 weeks ago, ending 1 second ago

vulnerability.firstFound: [now-2w ... now-1s]

Show findings first found on certain date

vulnerability.firstFound:'2015-11-11'

vulnerability.lastFoundvulnerability.lastFound

Use a date range or specific date to define when findings were last found.

Examples

Show findings last found within certain dates

vulnerability.lastFound: [2015-10-21 ... 2016-01-15]

Show findings last found starting 2016-01-01, ending 1 month ago

vulnerability.lastFound: [2016-01-01 ... now-1M]

Show findings last found starting 2 weeks ago, ending 1 second ago

vulnerability.lastFound: [now-2w ... now-1s]

Show findings last found on certain date

vulnerability.lastFound:'2016-01-11'

Show findings last found on 2017-01-12 with patch available

vulnerabilities: (lastFound: '2017-01-12' AND vulnerability.patchAvailable: "true")

vulnerability.titlevulnerability.title

Use quotes or backticks within values to help you find the title you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings related to this title

vulnerability.title: Remote Code Execution

Show any findings that contain "Remote" or "Code" in title

vulnerability.title: "Remote Code"

Show any findings that match exact value

vulnerability.title: `Remote Code`

vulnerability.descriptionvulnerability.description

Use quotes or backticks within values to help you find the vulnerability description you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings related to description

vulnerability.description: remote code execution

Show any findings  that contain "remote" or "code" in description

vulnerability.description: "remote code execution"

Show any findings that match exact value

vulnerability.description: `remote code execution`

vulnerability.cveIdsvulnerability.cveIds

Use a text value ##### to find the CVE name you're interested in.

Example

Show findings with CVE name CVE-2015-0313

vulnerability.cveIds: CVE-2015-0313

vulnerability.categoryvulnerability.category

Select a category (CGI, Database, DNS, BIND, etc) to find vulnerabilities with this category. Select from names in the drop-down menu.

Example

Show findings with the category CGI

vulnerability.category: "CGI"

vulnerability.cvss3Info.baseScorevulnerability.cvss3Info.baseScore

Use an integer value ##### to help you find the CVSS base score you're interested in.

Example

Show assets with this score

vulnerability.cvss3Info.baseScore: 7.8

vulnerability.cvss3Info.temporalScorevulnerability.cvss3Info.temporalScore

Use an integer value ##### to help you find the CVSS temporal score you're interested in.

Example

Show assets with this score

vulnerability.cvss3Info.temporalScore: 6.4

vulnerability.cvssInfo.accessVectorvulnerability.cvssInfo.accessVector

Select the name ##### of a CVSS access vector you'd like to find (e.g. UNDEFINED, LOCAL_ACCESS, ADJACENT_NETWORK, NETWORK). Select from names in the drop-down menu.

Example

Show findings with this name

vulnerability.cvssInfo.accessVector: "NETWORK"

vulnerability.portvulnerability.port

Use an integer value ##### to help you find assets with some open port.

Example

Show vulnerability with port 80

vulnerability.port: 80

vulnerability.protocolvulnerability.protocol

Use a text value ##### (UDP or TCP) to define the port protocol you're interested in.

Examples

Show findings found on TCP

vulnerability.protocol: TCP

Show findings found on port 80 and TCP

vulnerability: (port: 80 AND protocol: TCP)

vulnerability.hostOSvulnerability.hostOS

Use quotes or backticks within values to help you find the instance operating system you're interested in.

Examples

Show any findings with this OS name

vulnerability.hostOS:Windows 2012

Show any findings that contain components of OS name

vulnerability.hostOS:"Windows 2012"

Show any findings that match exact value "Windows 2012"

vulnerability.hostOS:`Windows 2012`

vulnerability.typeDetectedvulnerability.typeDetected

Select a detection type (e.g. Confirmed, Potential, Information) to find instances with vulnerabilities of this type. Select from names in the drop-down menu.

Example

Show findings with this type

vulnerability.typeDetected:Confirmed

vulnerability.PCIvulnerability.PCI

Use the values true | false to find vulnerabilities that must be fixed for PCI Compliance (per PCI DSS).

Examples

Show PCI vulnerabilities

vulnerability.PCI:TRUE

Do not show PCI vulnerabilities

vulnerability.PCI:FALSE

vulnerability.authTypesvulnerability.authTypes

Select the name (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc) of an authentication type you're interested in. Select from names in the drop-down menu.

Example

Show findings with Windows auth type

vulnerability.authTypes:WINDOWS_AUTH

vulnerability.bugTraqIdsvulnerability.bugTraqIds

Use a text value ##### to find a BugTraq number you're interested in.

Example

Show findings with BugTraq ID 22211

vulnerability.bugTraqIds:22211

vulnerability.compliance.descriptionvulnerability.compliance.description

Use quotes or backticks within values to help you find the compliance description you're looking for.

Examples

Show any findings related to this description

vulnerability.compliance.description:malicious software

Show any findings that contain "malicious" or "software" in description

vulnerability.compliance.description:"malicious software"

Show any findings that match exact value "malicious software"

vulnerability.compliance.description:`malicious software`

vulnerability.compliance.sectionvulnerability.compliance.section

Use quotes or backticks within values to help you find the compliance section you're looking for.

Examples

Show any findings related to this section

vulnerability.compliance.section:164.308

Show any findings that contain parts of section

vulnerability.compliance.section:"164.308"

Show any findings that match exact value "164.308"

vulnerability.compliance.section:`164.308`

vulnerability.compliance.typevulnerability.compliance.type

Select the name ##### of a compliance type you're interested in (e.g. COBIT, HIPAA, GLBA, SOX). Select from names in the drop-down menu.

Example

Show findings with the compliance type HIPAA

vulnerability.compliance.type:HIPAA

vulnerability.consequencevulnerability.consequence

Use quotes or backticks within values to help you find the consequence you're looking for.

Examples

Show any findings related to consequence

vulnerability.consequence:sensitive information

Show any findings that contain "sensitive" or "information" in consequence

vulnerability.consequence:"sensitive information"

Show any findings that match exact value "sensitive information"

vulnerability.consequence:`sensitive information`

vulnerability.flagsvulnerability.flags

Use a text value ##### to find the Qualys defined vulnerability property of interest (e.g. REMOTE, WINDOWS_AUTH, UNIX_AUTH, PCI_RELATED etc).

Example

Show findings with this flag

vulnerability.flags:PCI_RELATED

vulnerability.listsvulnerability.lists

Use a text value ##### to find the vulnerability list of interest (e.g. SANS_20, QUALYS_20, QUALYS_INT_10, QUALYS_EXT_10).

Example

Show findings with vulnerabilities in SANS Top 20

vulnerability.lists:SANS_20

vulnerability.patchesvulnerability.patches

Use an integer value ##### to help you find the patch QID you're interested in.

Example

Show assets with this patch QID

vulnerability.patches:90753

vulnerability.publishedvulnerability.published

Use a date range or specific date to define when vulnerabilities were first published in the KnowledgeBase.

Examples

Show findings for vulnerabilities published within certain dates

vulnerability.published:[2015-10-21 ... 2016-01-15]

Show findings for vulnerabilities published starting 2017-01-01, ending 1 month ago

vulnerability.published:[2017-01-01 ... now-1M]

Show findings for vulnerabilities published starting 2 weeks ago, ending 1 second ago

vulnerability.published:[now-2w ... now-1s]

Show findings for vulnerabilities published on certain date

vulnerability.published:'2018-01-15'

vulnerability.riskvulnerability.risk

Use an integer value ##### to define the vulnerability risk rating you're interested in. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.

Example

Show findings with risk 50

vulnerability.risk:50

vulnerability.osvulnerability.os

Use quotes or backticks within values to help you find the operating system vulnerabilities were detected on.

Examples

Show any findings related to this OS value

vulnerability.os:windows

Show any findings that contain parts of OS value

vulnerability.os:"windows"

Show any findings that match exact value "windows"

vulnerability.os:`windows`

vulnerability.cvssInfo.baseScorevulnerability.cvssInfo.baseScore

Use an integer value ##### to help you find the CVSS base score you're interested in.

Example

Show instances with this score

vulnerability.cvssInfo.baseScore:7.8

vulnerability.cvssInfo.temporalScorevulnerability.cvssInfo.temporalScore

Use an integer value ##### to help you find the CVSS temporal score you're interested in.

Example

Show instances with this score

vulnerability.cvssInfo.temporalScore:6.4

vulnerability.discoveryTypesvulnerability.discoveryTypes

Select a discovery type (Remote or Authenticated) to find instances with vulnerabilities having this discovery type. Select from names in the drop-down menu.

Example

Show findings with Remote discovery type

vulnerability.discoveryTypes:REMOTE

vulnerability.sans20Categoriesvulnerability.sans20Categories

Use a text value ##### to find vulnerabilities in the SANS 20 category you're interested in (e.g. Anti-virus Software, Backup Software, etc).

Example

Show findings with this category name

vulnerability.sans20Categories:Media Players

vulnerability.solutionvulnerability.solution

Use quotes or backticks within values to help you find the solution you're looking for.

Examples

Show any findings related to this solution

vulnerability.solution:Bulletin MS10-006

Show any findings that contain parts of solution

vulnerability.solution:"Bulletin MS10-006"

Show any findings that match exact value "Bulletin MS10-006"

vulnerability.solution:`Bulletin MS10-006`

vulnerability.statusvulnerability.status

Select the vulnerability status (ACTIVE, FIXED, NEW, REOPENED) you're interested in. Select from names from the drop-down menu.

Example

Show vulnerabilities with ACTIVE status

vulnerability.status:ACTIVE

vulnerability.supportedByvulnerability.supportedBy

Select a Qualys service (VM, Agent type, etc) to show vulnerabilities that can be detected by this service. Select from names in the drop-down menu.

Example

Show vulnerabilities supported by Linux Agent

vulnerability.supportedBy:LINUX_AGENT

vulnerability.vendorRefsvulnerability.vendorRefs

Use a text value ##### to find the vendor reference you're interested in.

Example

Show this vendor reference

vulnerability.vendorRefs:KB3021953

vulnerability.vendors.productNamevulnerability.vendors.productName

Use a text value ##### to find the vendor product name you're interested in.

Example

Show findings with this vendor product name

vulnerability.vendors.productName:Windows

vulnerability.vendors.vendorNamevulnerability.vendors.vendorName

Use a text value ##### to find the vendor name you're interested in.

Example

Show findings with this vendor name

vulnerability.vendors.vendorName:Adobe

vulnerability.disabledvulnerability.disabled

Use the values true | false to define vulnerabilities that are disabled.

Example

Show findings with this disabled set to False

vulnerability.disabled:False

Threat Protection

(For Threat Protection users) Use these tokens for searching Real-Time Threat Indicators (RTI).

vulnerability.threatIntel.activeAttacksvulnerability.threatIntel.activeAttacks

Use the values true | false to define real-time threats due to active attacks.

Example

Show resources with threats due to active attacks

vulnerability.threatIntel.activeAttacks: "true"

vulnerability.threatIntel.denialOfServicevulnerability.threatIntel.denialOfService

Use the values true | false to define real-time threats due to denial of service.

Example

Show resources with threats due to denial of service

vulnerability.threatIntel.denialOfService: "true"

vulnerability.threatIntel.easyExploitvulnerability.threatIntel.easyExploit

Use the values true | false to define real-time threats due to easy exploit.

Example

Show resources with threats due to easy exploit

vulnerability.threatIntel.easyExploit: "true"

vulnerability.threatIntel.exploitKitvulnerability.threatIntel.exploitKit

Use the values true | false to define real-time threats due to exploit kit.

Example

Show resources with threats due to exploit kit

vulnerability.threatIntel.exploitKit: "true"

vulnerability.threatIntel.exploitKitNamevulnerability.threatIntel.exploitKitName

Use quotes or backticks within values to help you find the exploit kit name you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings with this name

vulnerability.threatIntel.exploitKitName: Angler

Show any findings that match exact value

vulnerability.threatIntel.exploitKitName: `Angler`

vulnerability.threatIntel.highDataLossvulnerability.threatIntel.highDataLoss

Use the values true | false to define real-time threats due to high data loss.

Example

Show resources with threats due to high data loss

vulnerability.threatIntel.highDataLoss: "true"

vulnerability.threatIntel.highLateralMovementvulnerability.threatIntel.highLateralMovement

Use the values true | false to define real-time threats due to high lateral movement.

Example

Show resources with threats due to high lateral movement

vulnerability.threatIntel.highLateralMovement: "true"

vulnerability.threatIntel.malwarevulnerability.threatIntel.malware

Use the values true | false to define real-time threats due to malware.

Example

Show resources with threats due to malware

vulnerability.threatIntel.malware: "true"

vulnerability.threatIntel.malwareNamevulnerability.threatIntel.malwareName

Use quotes or backticks within values to help you find the malware name you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings with this name

vulnerability.threatIntel.malwareName: TROJ_PDFKA.DQ

Show any findings that match exact value

vulnerability.threatIntel.malwareName: `TROJ_PDFKA.DQ`

vulnerability.threatIntel.noPatchvulnerability.threatIntel.noPatch

Use the values true | false to define real-time threats due to no patch available.

Example

Show resources with threats due to no patch available

vulnerability.threatIntel.noPatch: "true"

vulnerability.threatIntel.publicExploitvulnerability.threatIntel.publicExploit

Use the values true | false to define real-time threats due to public exploit.

Example

Show resources with threats due to public exploit

vulnerability.threatIntel.publicExploit: "true"

vulnerability.threatIntel.publicExploitNamevulnerability.threatIntel.publicExploitName

Use quotes or backticks within values to help you find the public exploit name of interest. Quotes can be used when the value has more than one word.

Examples

Show any findings with this name

vulnerability.threatIntel.publicExploitName: RealVNC NULL Authentication Mode Bypass

Show any findings that contain parts of name

vulnerability.threatIntel.publicExploitName: "RealVNC NULL Authentication Mode Bypass"

Show any findings that match exact value

vulnerability.threatIntel.publicExploitName: `RealVNC NULL Authentication Mode Bypass`

vulnerability.threatIntel.zeroDayvulnerability.threatIntel.zeroDay

Use the values true | false to define real-time threats due to zero day exploit.

Example

Show resources with threats due to zero day exploit

vulnerability.threatIntel.zeroDay: "true"