Searching for Microsoft Azure Resources
Use the search tokens below to search for resources discovered. You will need to first choose cloud provider on the Resources tab to see the relevant tokens for your environment. Looking for help with writing your query? click here
General
azure.subscriptionNameazure.subscriptionName
Use a text value ##### to find Azure connectors based on the subscription cloud.resource.name associated with the connector at the time of creation.
Example
Show connectors with this subscription cloud.resource.name
azure.subscriptionName: Sample Cloud Subscription
azure.resource.createdDateazure.resource.createdDate
Use a date range or specific date to define when the resource was created.
Example
Show resources created within certain dates
azure.resource.createdDate: [2018-01-01 ... 2018-03-01]
Show resources created starting 2018-10-01, ending 1 month ago
azure.resource.createdDate: [2018-01-01 ... now-1m]
Show resources created starting 2 weeks ago, ending 1 second ago
azure.resource.createdDate: [now-2w ... now-1s]
Show resources created on specific date
azure.resource.createdDate: 2018-01-08
azure.resource.updatedDateazure.resource.updatedDate
Use a date range or specific date to define when the resource was last updated.
Example
Show resources updated within certain dates
azure.resource.updatedDate: [2018-01-01 ... 2018-03-01]
Show resources updated starting 2018-10-01, ending 1 month ago
azure.resource.updatedDate: [2018-01-01 ... now-1m]
Show resources updated starting 2 weeks ago, ending 1 second ago
azure.resource.updatedDate: [now-2w ... now-1s]
Show resources updated on specific date
azure.resource.updatedDate: 2018-01-08
cloud.resource.namecloud.resource.name
Use backticks to help you find the exact match of the resource cloud.resource.name you're looking for.
Example
Show any findings with this cloud.resource.name
cloud.resource.name: my-resource
Show all the findings that exactly match with this cloud.resource.name
cloud.resource.name: `my-resource`
Select the name of the region you're interested in. Select from names in the drop-down menu.
Example
Find resources in the Singapore region
region: Singapore
cloud.resource.idcloud.resource.id
Use a text value ##### to find resources by the unique ID assigned to the resource.
Example
Show resources with ID acl-8e5198f5
cloud.resource.id: acl-8e5198f5
cloud.resource.typecloud.resource.type
Select the azure.publicIpAddresses.type of resource you're interested in. Select from names in the drop-down menu.
Example
Show resources of azure.publicIpAddresses.type Instance
cloud.resource.type: Instance
Use a text value ##### to define the key of an Azure tag assigned to the resource (case sensitive).
Example
Show findings with key Department
azure.tag.key: Department
azure.tag.valueazure.tag.value
Use a text value ##### to define the value of an Azure tag assigned to the resource (case sensitive).
Example
Show findings with tag value Finance
azure.tag.value: Finance
connector.tag.nameconnector.tag.name
Use values within quotes or backticks to help you find the resources with the specified tag applied via Connector or Apply Tag API for Exceptions.
Example
Show any findings that contain "network" and "blue" in cloud.resource.name
connector.tag.name: "network blue"
Show any findings that contain "network" or "blue" in cloud.resource.name (another method)
connector.tag.name: "network" OR connector.tag.name: "blue"
Show any findings that match exact value "Cloud Agent"
connector.tag.name: "Cloud Agent"
Use a boolean query to express your query using AND logic.
Example
Show findings with account ID 205767712438 and type Subnet
account.id: 205767712438 and resource.type: Subnet
Use a boolean query to express your query using NOT logic.
Example
Show findings that are not region Hong Kong
not region: Hong Kong
Use a boolean query to express your query using OR logic.
Example
Show findings with one of these tag values
tag.value: Finance or tag.value: Accounting
Use a text value ##### to find GCP resources with a certain project Id.
Example
Show resources with this projectId
projectId: my-project-1513669048551
Select the name of the Azure location you're interested in. Select from names in the drop-down menu.
Example
Find resources in this location
azure.location: Frankfurt
azure.resourceGroup.nameazure.resourceGroup.name
Use a text value ##### to find resources by the resource group name.
Example
Show resources with this group cloud.resource.name
azure.resourceGroup.name: my-eastus-rg
azure.subscriptionIdazure.subscriptionId
Use a text value ##### to find resources by the subscription ID.
Example
Show resources with this subscription ID
azure.subscriptionId: fbb9ea64-abda-452e-adfa-83442409
Azure: SQL Server
These tokens are available in queries with cloud.resource.type:SQL Server
azure.sqlServer.typeazure.sqlServer.type
Use a text value ##### to find resources by the SQL Server type.
Example
Show resources with this azure.publicIpAddresses.type
azure.sqlServer.type: Microsoft.sql
azure.sqlServer.fullyQualifiedDomainNameazure.sqlServer.fullyQualifiedDomainName
Use a text value ##### to find resources by the SQL Server Fully Qualified Domain Name (FQDN).
Example
Show resources with this FQDN
azure.sqlServer.fullyQualifiedDomainName: severname.database.windows.net
azure.sqlServer.versionazure.sqlServer.version
Use a text value ##### to find resources by the SQL Server version.
Example
Show resources with this version
azure.sqlServer.version: 12
azure.sqlServer.stateazure.sqlServer.state
Use a text value ##### to find resources by the current SQL Server state.
Example
Show resources with this state
azure.sqlServer.state: ready
Azure: PostGRE SQL Server
These tokens are available in queries with cloud.resource.type: PostGRE SQL Server
azure.postgreSqlServer.backupRetentionDaysazure.postgreSqlServer.backupRetentionDays
Provide an integer value to find PostgreSQL servers with the specified backup retention period in days.
Example
Find PostgreSQL servers with 14 days backup retention.
azure.postgreSqlServer.backupRetentionDays: 14
azure.postgreSqlServer.geoRedundantBackupazure.postgreSqlServer.geoRedundantBackup
Select backup redundancy state (Enabled, Disabled) to find PostgreSQL servers with geo-redundant backup enabled or disabled.
Example
Find PostgreSQL servers with geo-redundant backup enabled.
azure.postgreSqlServer.geoRedundantBackup: Enabled
azure.postgreSqlServer.sslEnforcementazure.postgreSqlServer.sslEnforcement
Select SSL enforcement state (Enabled, Disabled) to find single PostgreSQL servers with SSL enforcement enabled or disabled.
Example
Find single PostgreSQL servers with SSL enforcement enabled
azure.postgreSqlServer.sslEnforcement: Enabled
azure.postgreSqlServer.storageAutogrowazure.postgreSqlServer.storageAutogrow
Select storage autogrow state (Enabled, Disabled) to find single PostgreSQL servers with storage autogrow enabled or disabled.
Examples
Find single PostgreSQL servers with storage autogrow enabled
azure.postgreSqlServer.storageAutogrow: Enabled
azure.postgreSqlServer.byokEnforcementazure.postgreSqlServer.byokEnforcement
Select BYOK enforcement state (Enabled, Disabled) to find single PostgreSQL servers with bring-your-own-key encryption enabled or disabled.
Examples
Find single PostgreSQL servers with BYOK enabled
azure.postgreSqlServer.byokEnforcement: Enabled
azure.postgreSqlServer.minimalTlsVersionazure.postgreSqlServer.minimalTlsVersion
Select TLS version (TLS1_0,TLS1_1,TLS1_2,TLS1_3) to find single PostgreSQL servers with the specified minimal TLS version.
Examples
Find single PostgreSQL servers with TLS 0 as minimum version
azure.postgreSqlServer.minimalTlsVersion: TLS1_0
azure.postgreSqlServer.publicNetworkAccessazure.postgreSqlServer.publicNetworkAccess
Select network access state (Enabled, Disabled) to find PostgreSQL servers with public network access enabled or disabled.
Examples
Find PostgreSQL servers with public network access disabled
azure.postgreSqlServer.publicNetworkAccess: Disabled
azure.postgreSqlServer.skuTierazure.postgreSqlServer.skuTier
Select pricing tier (Basic, General Purpose, Memory Optimized, Burstable) to find PostgreSQL servers of the specified tier.
Examples
ind PostgreSQL servers in General Purpose tier
azure.postgreSqlServer.skuTier: General Purpose
azure.postgreSqlServer.serverTypeazure.postgreSqlServer.serverType
Provide a string value to find PostgreSQL servers of the specified type.
Examples
Find flexible PostgreSQL servers
azure.postgreSqlServer.serverType: Flexible
Azure: SQL Server Database
These tokens are available in queries with resource.type:SQL Server Database
azure.sqlDatabase.editionazure.sqlDatabase.edition
Select the database edition (basic, standard, premium) you're interested in. Select from names in the drop-down menu.
Example
Find resources with standard edition
azure.sqlDatabase.edition: standard
azure.sqlDatabase.statusazure.sqlDatabase.status
Select the database status (online, offline, restoring, etc) you're interested in. Select from names in the drop-down menu.
Example
Show online databases
azure.sqlDatabase.status: online
Azure: Virtual Machine
These tokens are available in queries with resource.type:Virtual Machine
Use a text value ##### to find resources by the virtual machine ID.
Example
Show resources with this virtual machine ID
azure.vm.vmId: MyVMID
connector.remediationEnabledconnector.remediationEnabled
Use true to view the resources associated with the connector for which remediation is enabled.
Example
Show resources associated with the connector for which remediation is enabled
connector.remediationEnabled: TRUE
Use a text value ##### to find resources by size of the virtual machine.
Example
Show resources with this virtual machine size
azure.vm.size: Standard_DS1_v2
azure.vm.networkSecurityGroupazure.vm.networkSecurityGroup
Use a text value ##### to find the network security group of the virtual machine.
Example
Show resources with this network security group
azure.vm.networkSecurityGroup: myNSG
azure.vm.osTypeazure.vm.osType
Use a ####text value to find VMs with agents installed on them.
Example
Show VMs with specified OS Type.
azure.vm.osType: Windows
azure.vm.agentInstalledazure.vm.agentInstalled
Use True | False to find VMs with agents installed on them.
Example
Show VMs with agents installed.
azure.vm.agentInstalled: True
azure.vm.hasThreatsazure.vm.hasThreats
Use the values true | false to find virtual machines with that has threats identified.
Example
Show resources with threats identified
azure.vm.hasThreats: True
azure.vm.publicIpAddressazure.vm.publicIpAddress
Use a text value ##### to find virtual machines with certain IP address.
Example
Show resources with this IP address
azure.vm.publicIpAddress: 13.126.125.189
azure.vm.statusazure.vm.status
Select the status (Creating, Deleting, Updating, etc.) of the virtual machine you're interested in. Select the required status from the drop-down menu.
Example
Show virtual machines with VM running status
azure.vm.status: VM running
azure.vm.networkInterface.subnetIdazure.vm.networkInterface.subnetId
Use a text value ##### to find VMs with a certain network interface address ID.
Example
Show findings with this address ID
azure.vm.networkInterface.subnetId: id-12345
azure.vm.networkInterface.privateDnsazure.vm.networkInterface.privateDns
Use a text value ##### to find VMs having network interface with a certain private DNS name.
Example
Show findings with this private DNS name
azure.vm.networkInterface.privateDns: ip-172-31-33-67.us-east-2.compute.internal
azure.vm.networkInterface.privateIpAddressazure.vm.networkInterface.privateIpAddress
Use a text value ##### to find VMs having network interface with a certain private IP address.
Example
Show findings with this private IP
azure.vm.networkInterface.privateIpAddress: 172.31.28.151
azure.vm.networkInterface.secondaryPrivateIpazure.vm.networkInterface.secondaryPrivateIp
Use a text value ##### to find VMs having network interfaces with a certain secondary private IP address.
Example
Show findings with this secondary private IP
azure.vm.networkInterface.secondaryPrivateIp: 10.0.0.85
azure.vm.networkInterface.publicIpazure.vm.networkInterface.publicIp
Use a text value ##### to find VMs having network interfaces with a certain public IP address.
Example
Show findings with this public IP address
azure.vm.networkInterface.publicIp: 13.126.125.189
azure.vm.networkInterface.ipv6Ipazure.vm.networkInterface.ipv6Ip
Use a text value ##### to find VMs having network interfaces with a certain IPv6 IP address.
Example
Show findings with this IPv6 address
azure.vm.networkInterface.ipv6Ip: 2010:ab2::1234:zzz:2002:1f
azure.vm.isDockerHostazure.vm.isDockerHost
Use the values true | false to define whether the instance has a docker installed on the host.
Example
Show VMs with docker installed on the host
azure.vm.isDockerHost:true
Show VMs without docker installed on the host
azure.vm.isDockerHost:false
azure.vm.dockerVersionazure.vm.dockerVersion
Use a text value ##### to define Docker version you are looking for.
Example
Show VMs with specified docker version
azure.vm.dockerVersion:8.2
azure.vm.truRiskazure.vm.truRisk
Use an integer value (0-1000) to search for all the Azure VMs with the specified risk score.
Example
Show all VMs with a risk score greater than 125
azure.vm.truRisk > 125
Show all VMs with a risk score of 125
virtualmachie.riskScore: 125
azure.vm.firstScanDateazure.vm.firstScanDate
Use a specific date to filter VMs based on the timestamp at which they were first scanned using any of the available scan techniques.
Example
Show VMs with the first scan date as 2025-04-08
azure.vm.firstScanDate:2025-04-08
azure.vm.lastScanDateazure.vm.lastScanDate
Use a specific date to filter VMs based on the timestamp at which they were last scanned using any of the available scan techniques.
Example
Show VMswith the last scan date as 2025-04-14
azure.vm.lastScanDate:2025-04-14
azure.vm.scanTypeazure.vm.scanType
Select a scan type from the drop-down to filter VMs by that type.
Available options are:
(Cloud Agent Scan, Cloud Perimeter Scan, Snapshot Based Scan, VM Scan, and Other Scan
Example
Show instances scanned with API-based scan
azure.vm.scanType: "API Based Scan"
Azure: Virtual Network
These tokens are available in queries with resource.type:Virtual Network
virtualnetwork.typevirtualnetwork.type
Use a text value ##### to find resources by the virtual network type.
Example
Show resources with this virtual network type
virtualnetwork.type: Microsoft.Network/virtualNetworks
Azure: Network Interface
azure.networkInterfaces.provisoningStateazure.networkInterfaces.provisoningState
Find network interfaces based on their provisioning state (Deleting, Failed, Succeeded, Updating). Select the required state from the drop-down menu.
Example
Show network interfaces in Succeeded state.
azure.networkInterfaces.provisoningState: Succeeded
azure.networkInterfaces.subnet.idazure.networkInterfaces.subnet.id
Find network interfaces based on their subnet ID.
Example
Show network interfaces with the specified ID.
azure.networkInterfaces.subnet.id:/subscriptions/xxxxxx-xxxx-xxxx-xxxx-xxxxx8c0586/resourceGroups/azure_resource_group/providers/Microsoft.Network/virtualNetworks/customtest/subnets/subnet2
azure.networkInterfaces.macAddressazure.networkInterfaces.macAddress
Find network interfaces based on their MAC Address.
Example
Show network interfaces with the MAC Address.
azure.networkInterfaces.macAddress:7C-1E-52-19-1F-3C
Select (Enabled, Disabled) to find Network Interfaces with Accelerated Networking enabled/disabled.
Example
Show network interfaces with the Accelerated Networking enabled.
azure.networkInterfaces.enableAcceleratedNetworking:Enabled
azure.networkInterfaces.vnetEncryptionSupportedazure.networkInterfaces.vnetEncryptionSupported
Select (True, False) to find Network Interfaces that support VNET encryption.
Example
Show network interfaces supporting VNET Encryption.
azure.networkInterfaces.subnet.id: true
azure.networkInterfaces.enableIpForwardingazure.networkInterfaces.enableIpForwarding
Select (True, False) to find Network Interfaces with IP Forwarding enabled or disabled.
Example
Show network interfaces with IP Forwarding enabled:
azure.networkInterfaces.enableIpForwarding: true
azure.networkInterfaces.disableTcpStateTrackingazure.networkInterfaces.disableTcpStateTracking
Select (True, False) to find Network Interfaces with TCP State Tracking disabled or enabled.
Example
Show network interfaces with TCP State Tracking disabled:
azure.networkInterfaces.disableTcpStateTracking: true
azure.networkInterfaces.networkSecurityGroup.idazure.networkInterfaces.networkSecurityGroup.id
Provide a string value to find Network Interfaces associated with a specific Network Security Group ID.
Example
Find Network Interfaces associated with the specified Network Security Group ID
azure.networkInterfaces.networkSecurityGroup.id: /subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/myNSG
Azure: PostGRE Single Server
azure.postgreSingleServer.backupRetentionDaysazure.postgreSingleServer.backupRetentionDays
Provide an integer value to find PostgreSQL Single Servers with the specified backup retention period in days.
Example
Find PostgreSQL Single Servers with a 14-day backup retention period.
azure.postgreSingleServer.backupRetentionDays: 14
azure.postgreSingleServer.geoRedundantBackupazure.postgreSingleServer.geoRedundantBackup
Select (True, False) to find PostgreSQL Single Servers with geo-redundant backup enabled or disabled.
Example Show PostgreSQL Single Servers with geo-redundant backup enabled
azure.postgreSingleServer.geoRedundantBackup: true
azure.postgreSingleServer.sslEnforcementazure.postgreSingleServer.sslEnforcement
Select (True, False) to find PostgreSQL Single Servers with SSL enforcement enabled or disabled.
Example Show PostgreSQL Single Servers with SSL enforcement enabled
azure.postgreSingleServer.sslEnforcement: true
azure.postgreSingleServer.byokEnforcementazure.postgreSingleServer.byokEnforcement
Select (True, False) to find PostgreSQL Single Servers with Bring Your Own Key (BYOK) enforcement enabled or disabled.
Example
Show PostgreSQL Single Servers with BYOK enforcement enabled
azure.postgreSingleServer.byokEnforcement: true
azure.postgreSingleServer.storageAutogrowazure.postgreSingleServer.storageAutogrow
Select (True, False) to find PostgreSQL Single Servers with storage auto-grow enabled or disabled.
Example
Show PostgreSQL Single Servers with storage auto-grow enable
azure.postgreSingleServer.storageAutogrow: true
azure.postgreSingleServer.publicNetworkAccessazure.postgreSingleServer.publicNetworkAccess
Select (True, False) to find PostgreSQL Single Servers with public network access enabled or disabled.
Example
Show PostgreSQL Single Servers with public network access disabled
azure.postgreSingleServer.publicNetworkAccess: false
azure.postgreSingleServer.skuTierazure.postgreSingleServer.skuTier
Find PostgreSQL Single Servers based on their SKU tier (Basic, GeneralPurpose, MemoryOptimized). Select the required tier from the drop-down menu.
Example
Show PostgreSQL Single Servers with the General Purpose tier
azure.postgreSingleServer.skuTier: GeneralPurpose
azure.postgreSingleServer.minimalTlsVersion azure.postgreSingleServer.minimalTlsVersion
Find PostgreSQL Single Servers based on their minimal TLS version (TLS1_0, TLS1_1, TLS1_2, TLS1_3). Select the required version from the drop-down menu.
Example
Show PostgreSQL Single Servers with minimal TLS version 1.2
azure.postgreSingleServer.minimalTlsVersion: TLS1_2
Azure: Load Balancer
azure.loadBalancer.sku.nameazure.loadBalancer.sku.name
Find Load Balancers based on their SKU cloud.resource.name (Basic, Gateway, Standard). Select the required SKU cloud.resource.name from the drop-down menu.
Example
Show Load Balancers with the Standard SKU
azure.loadBalancer.sku.name: Standard
azure.loadBalancer.sku.tierazure.loadBalancer.sku.tier
Find Load Balancers based on their SKU tier (Global, Regional). Select the required tier from the drop-down menu.
Example
Show Load Balancers with the Regional tier
azure.loadBalancer.sku.tier: Regional
azure.loadBalancer.provisioningStateazure.loadBalancer.provisioningState
Find Load Balancers based on their provisioning state (Succeeded, Updating, Deleting, Failed). Select the required state from the drop-down menu.
Example
Show Load Balancers in the Succeeded provisioning state
azure.loadBalancer.provisioningState: Succeeded
Azure: Firewall
azure.firewall.provisioningStateazure.firewall.provisioningState
Select the required state from the drop-down menu (Succeeded, Updating, Deleting, Failed) to find firewalls based on their current provisioning state.
Example
Show firewalls in the Succeeded provisioning state
azure.firewall.provisioningState: Succeeded
azure.firewall.threatIntelModeazure.firewall.threatIntelMode
Select the required mode from the drop-down menu (Alert, Deny, Off) to find firewalls based on their Threat Intelligence mode.
Examples Show firewalls with Threat Intelligence in Alert mode:
azure.firewall.threatIntelMode: Alert
Show firewalls with Threat Intelligence turned off
azure.firewall.threatIntelMode: Off
Azure: MySQL
azure.mysqlFlexibleServer.autoGrowazure.mysqlFlexibleServer.autoGrow
Select (Enabled, Disabled) to find MySQL Flexible Servers with auto-grow storage enabled or disabled.
Example
Show MySQL Flexible Servers with auto-grow storage enabled
azure.mysqlFlexibleServer.autoGrow: Enabled
azure.mysqlFlexibleServer.publicNetworkAccessazure.mysqlFlexibleServer.publicNetworkAccess
Select (Enabled, Disabled) to find MySQL Flexible Servers with public network access enabled or disabled.
Example
Show MySQL Flexible Servers with public network access disabled
azure.mysqlFlexibleServer.publicNetworkAccess: Disabled
azure.mysqlFlexibleServer.backupRetentionDaysazure.mysqlFlexibleServer.backupRetentionDays
Provide an integer value to find MySQL Flexible Servers with the specified backup retention period in days. You can also use comparison operators for ranges.
Examples
Find MySQL Flexible Servers with a 14-day backup retention period
azure.mysqlFlexibleServer.backupRetentionDays: 14
Find MySQL Flexible Servers with a backup retention period greater than 7 days
azure.mysqlFlexibleServer.backupRetentionDays: >7
Azure: Storage Account
azure.storageAccount.skuTierazure.storageAccount.skuTier
Select the required tier from the drop-down menu (Standard, Premium) to find Storage Accounts based on their SKU tier.
Example
Show Storage Accounts with the Premium tier
azure.storageAccount.skuTier: Premium
azure.storageAccount.minimumTlsVersionazure.storageAccount.minimumTlsVersion
Select the required version from the drop-down menu (TLS1_0, TLS1_1, TLS1_2, TLS1_3) to find Storage Accounts based on their minimum TLS version.
Example
Show Storage Accounts with minimum TLS version 1.2
azure.storageAccount.minimumTlsVersion: TLS1_2
azure.storageAccount.supportsHttpsTrafficOnlyazure.storageAccount.supportsHttpsTrafficOnly
Select (True, False) to find Storage Accounts that do or do not support HTTPS traffic only.
Example
Show Storage Accounts that support HTTPS traffic only
azure.storageAccount.supportsHttpsTrafficOnly: true
Azure: Application Gateways
azure.applicationGateways.provisioningStateazure.applicationGateways.provisioningState
Select the required state from the drop-down menu (Succeeded, Updating, Deleting, Failed) to find Application Gateways based on their current provisioning state.
Example
Show Application Gateways in the Succeeded provisioning state
azure.applicationGateways.provisioningState: Succeeded
azure.applicationGateways.sku.nameazure.applicationGateways.sku.name
Select the required SKU cloud.resource.name from the drop-down menu (Standard_v2, Standard, WAF_v2, WAF) to find Application Gateways based on their SKU name.
Example
Show Application Gateways with the WAF_v2 SKU
azure.applicationGateways.sku.name: WAF_v2
azure.applicationGateways.sku.tierazure.applicationGateways.sku.tier
Select the required tier from the drop-down menu (Basic, Standard, WAF, Standard_v2, WAF_v2) to find Application Gateways based on their SKU tier.
Example
Show Application Gateways with the Standard_v2 tier
azure.applicationGateways.sku.tier: Standard_v2
azure.applicationGateways.sku.familyazure.applicationGateways.sku.family
Select the required family from the drop-down menu (Generation_1, Generation_2) to find Application Gateways based on their SKU family.
Example
Show Application Gateways with the Generation_2 SKU family
azure.applicationGateways.sku.family: Generation_2
azure.applicationGateways.sku.capacityazure.applicationGateways.sku.capacity
Provide an integer value to find Application Gateways with a specific capacity (number of instances).
Example
Find Application Gateways with a capacity of 2 instances
azure.applicationGateways.sku.capacity: 2
azure.applicationGateways.operationalStateazure.applicationGateways.operationalState
Select the required state from the drop-down menu (Running, Stopped, Starting, Stopping). Find Application Gateways based on their current operational state.
Example
Show Application Gateways in the Running operational state
azure.applicationGateways.operationalState: Running
azure.applicationGateways.enableHttp2azure.applicationGateways.enableHttp2
Select (True, False) to find Application Gateways with HTTP/2 support enabled or disabled.
Example
Show Application Gateways with HTTP/2 support enabled
azure.applicationGateways.enableHttp2: true
Azure: MariaDB
azure.mariadbServer.versionazure.mariadbServer.version
Find MariaDB servers based on their version. Provide a string value for the version number.
Example
Show MariaDB servers running version 10.3
azure.mariadbServer.version: 10.3
azure.mariadbServer.minimalTlsVersionazure.mariadbServer.minimalTlsVersion
Select the required version from the drop-down menu (TLSEnforcementDisabled, TLS1_0, TLS1_1, TLS1_2) to find MariaDB servers based on their minimum TLS version.
Example
Show MariaDB servers with minimum TLS version 1.2
azure.mariadbServer.minimalTlsVersion: TLS1_2
azure.mariadbServer.publicNetworkAccessazure.mariadbServer.publicNetworkAccess
Select (True, False) to find MariaDB servers with public network access enabled or disabled.
Example Show MariaDB servers with public network access disabled
azure.mariadbServer.publicNetworkAccess: false
azure.mariadbServer.sku.tierazure.mariadbServer.sku.tier
Select the required tier from the drop-down menu (Basic, GeneralPurpose, MemoryOptimized) to find MariaDB servers based on their SKU tier.
Example
Show MariaDB servers with the General Purpose tier.
azure.mariadbServer.sku.tier: GeneralPurpose
Azure: Cosmos DB
azure.cosmosDb.kindazure.cosmosDb.kind
Select the required kind from the drop-down menu (GlobalDocumentDB, MongoDB) to find Cosmos DB accounts based on their database kind.
Example
Show Cosmos DB accounts of the MongoDB azure.publicIpAddresses.type
azure.cosmosDb.kind: MongoDB
Show Cosmos DB accounts of the SQL (Core) API azure.publicIpAddresses.type
azure.cosmosDb.kind: GlobalDocumentDB
Show Cosmos DB accounts of the Parse azure.publicIpAddresses.type
azure.cosmosDb.kind: Parse
azure.cosmosDb.publicNetworkAccessazure.cosmosDb.publicNetworkAccess
Select (Enabled, Disabled) to find Cosmos DB accounts with public network access enabled or disabled.
Example
Show Cosmos DB accounts with public network access disabled
azure.cosmosDb.publicNetworkAccess: Disabled
Azure: NAT Gateways
azure.natGateways.provisioningStateazure.natGateways.provisioningState
Select the required state from the drop-down menu (Succeeded, Updating, Deleting, Failed) to find NAT Gateways based on their current provisioning state.
Example
Show NAT Gateways in the Succeeded provisioning state
azure.natGateways.provisioningState: Succeeded
azure.natGateways.idleTimeoutInMinutesazure.natGateways.idleTimeoutInMinutes
Provide an integer value to find NAT Gateways with a specific idle timeout setting in minutes. You can also use comparison operators for ranges.
Examples
Find NAT Gateways with an idle timeout of 15 minutes
azure.natGateways.idleTimeoutInMinutes: 15
Find NAT Gateways with an idle timeout greater than 10 minutes
azure.natGateways.idleTimeoutInMinutes: >10
Azure: Web App
These tokens are available in queries with resource.type:Web App
azure.webApp.kindazure.webApp.kind
Use a text value ##### to find web apps based on the kind filter you are interested in..
Example
Show any web apps with kind filter
azure.webApp.kind: Linux
azure.webApp.deploymentIdazure.webApp.deploymentId
Use a text value ##### to find web apps based on the deployment ID of the web app.
Example
Show web apps with this deployment ID
azure.webApp.deploymentId:depl-7495
azure.webApp.stateazure.webApp.state
Search web app based on its state.
Example
Show web apps that are in running state
azure.webApp.state:Running
azure.webApp.availabilityStateazure.webApp.availabilityState
>Select the web app state (NORMAL, LIMITED, DISASTER_RECOVERY_MODE) you're interested in. Select from names in the drop-down menu.
Example
Show web apps with availability state as LIMITED
azure.webApp.availabilityState:LIMITED
azure.webApp.usageStateazure.webApp.usageState
Search the web apps based on their usage state (NORMAL, EXCEEDED). Select from names in the drop-down menu.
Example
Show web app on usage state
azure.webApp.usageState:NORMAL
azure.webApp.enabledazure.webApp.enabled
Use the values true | false to find whether web app is enabled or not.
Example
Show web apps which are default container.
azure.webApp.enabled:true
azure.webApp.isDefaultContainerazure.webApp.isDefaultContainer
Use the values true | false to find whether web app is the default container or not.
Example
Show web apps which are default container.
azure.webApp.isDefaultContainer:true
azure.webApp.httpsOnlyazure.webApp.httpsOnly
Use the values true | false to find whether HTTPSOnly feature is enabled or not on a web app.
Example
Show web apps with HTTPSOnly feature enabled.
azure.webApp.httpsOnly:TRUE
azure.webApp.redundancyModeazure.webApp.redundancyMode
Use a text value ##### to define the redundancy mode of the web app.
Example
Show web apps with this redundancy mode.
azure.webApp.redundancyMode:MANUAL
azure.webApp.appServicePlanazure.webApp.appServicePlan
Use a text value ##### to define the AppServicePlanId of webapp you're looking for.
Example
Show web apps with this AppServicePlan ID.
azure.webApp.appServicePlan:app-service-plan-123
azure.webApp.defaultHostnameazure.webApp.defaultHostname
Use a text value ##### to define the default host cloud.resource.name for web apps.
Example
Show web apps with this default host cloud.resource.name
azure.webApp.defaultHostname:windowsappabc123.azurewebsites.net
azure.webApp.hostnames.enabledazure.webApp.hostnames.enabled
Use a text value ##### to define the enabled host names of the web apps.
Example
Show web apps with this host names
azure.webApp.hostnames.enabled:windowsappabc123.azurewebsites.net
azure.webApp.hostnames.sslStateazure.webApp.hostnames.sslState
Select web apps based on the SSL state of the enabled hosts (DISABLED, SNI_ENABLED, IP_BASED_ENABLED) you're interested in. Select from names in the drop-down menu.
Example
Show web apps with disabled SSL state
azure.webApp.hostnames.sslState:DISABLED
azure.webApp.clientAffinityEnabledazure.webApp.clientAffinityEnabled
Use the values true | false to find whether client affinity is enabled or not on a web app.
Example
Show web apps with client affinity enabled
azure.webApp.clientAffinityEnabled:TRUE
azure.webApp.clientCertEnabledazure.webApp.clientCertEnabled
Use the values true | false to find whether client cert is enabled or not on a web app.
Example
Show web apps with client cert enabled
azure.webApp.clientCertEnabled:TRUE
Azure: Function App
These tokens are available in queries with cloud.resource.type:Function App
azure.functionApp.kindazure.functionApp.kind
Use a text value ##### to find function apps based on the kind filter you are interested in..
Example
Show any function apps with kind filter
azure.functionApp.kind: Linux
azure.functionApp.deploymentIdazure.functionApp.deploymentId
Use a text value ##### to find function apps based on the deployment ID of the function app.
Example
Show function apps with this deployment ID
azure.functionApp.deploymentId:depl-7495
azure.functionApp.stateazure.functionApp.state
Search function app based on its state.
Example
Show function apps that are in running state
azure.functionApp.state:Running
azure.functionApp.availabilityStateazure.functionApp.availabilityState
>Select the function app state (NORMAL, LIMITED, DISASTER_RECOVERY_MODE) you're interested in. Select from names in the drop-down menu.
Example
Show function apps with availability state as LIMITED
azure.functionApp.availabilityState:LIMITED
azure.functionApp.usageStateazure.functionApp.usageState
Search the function apps based on their usage state (NORMAL, EXCEEDED). Select from names in the drop-down menu.
Example
Show function app on usage state
azure.functionApp.usageState:NORMAL
azure.functionApp.enabledazure.functionApp.enabled
Use the values true | false to find whether function app is enabled or not.
Example
Show function apps which are default container.
azure.functionApp.enabled:true
azure.functionApp.isDefaultContainerazure.functionApp.isDefaultContainer
Use the values true | false to find whether function app is the default container or not.
Example
Show function apps which are default container.
azure.functionApp.isDefaultContainer:true
azure.functionApp.httpsOnlyazure.functionApp.httpsOnly
Use the values true | false to find whether HTTPSOnly feature is enabled or not on the function app.
Example
Show function apps with HTTPSOnly feature enabled.
azure.functionApp.httpsOnly:TRUE
azure.functionApp.redundancyModeazure.functionApp.redundancyMode
Use a text value ##### to define the redundancy mode of the function app.
Example
Show function apps with this redundancy mode.
azure.functionApp.redundancyMode:MANUAL
azure.functionApp.appServicePlanazure.functionApp.appServicePlan
Use a text value ##### to define the AppServicePlanId of function app you're looking for.
Example
Show function apps with this AppServicePlan ID.
azure.functionApp.appServicePlan:app-service-plan-123
azure.functionApp.defaultHostNameazure.functionApp.defaultHostName
Use a text value ##### to define the default host cloud.resource.name for function apps.
Example
Show function apps with this default host cloud.resource.name
azure.functionApp.defaultHostName:windowsappabc123.azurewebsites.net
azure.functionApp.hostnames.enabledazure.functionApp.hostnames.enabled
Use a text value ##### to define the enabled host names of the function apps.
Example
Show function apps with this host names
azure.functionApp.hostnames.enabled:windowsappabc123.azurewebsites.net
azure.functionApp.hostnames.sslStateazure.functionApp.hostnames.sslState
Select function apps based on the SSL state of the enabled hosts (DISABLED, SNI_ENABLED, IP_BASED_ENABLED) you're interested in. Select from names in the drop-down menu.
Example
Show function apps with disabled SSL state
azure.functionApp.hostnames.sslState:DISABLED
azure.functionApp.clientAffinityEnabledazure.functionApp.clientAffinityEnabled
Use the values true | false to find whether client affinity is enabled or not on a function app.
Example
Show function apps with client affinity enabled
azure.functionApp.clientAffinityEnabled:TRUE
azure.functionApp.clientCertEnabledazure.functionApp.clientCertEnabled
Use the values true | false to find whether client cert is enabled or not on a function app.
Example
Show function apps with client cert enabled
azure.functionApp.clientCertEnabled:TRUE
azure.functionApp.languageazure.functionApp.language
Use a text value ##### to find functionapps based on the language in which the functions under function apps are written.
Example
Show function apps with client cert enabled
azure.functionApp.language:CSharp
Azure: Vulnerability
These tokens are available in queries with cloud.resource.type:vulnerability
finding.vulnerability.qidfinding.vulnerability.qid
Use an integer value ##### to define the QID in question.
Example
Show findings with QID 90405
finding.vulnerability.qid:90405
finding.vulnerability.severityfinding.vulnerability.severity
Select a severity (1-5) to find assets having vulnerabilities with this severity. Select from values in the drop-down menu.
Example
Show findings with severity 4
finding.vulnerability.severity:4
finding.vulnerability.customerSeverityfinding.vulnerability.customerSeverity
Use an integer value ##### to view the severity level set by Qualys to find assets having vulnerabilities. The severity level ranges between 1-5. Select from values in the drop-down menu.
Example
Show findings with custom severity 3
finding.vulnerability.customerSeverity:3
finding.vulnerability.exploitabilityfinding.vulnerability.exploitability
Use values within quotes or backticks to help you find known exploit description you're looking for. Quotes can be used when the value has more than one word.
Example
Show any findings related to this description
finding.vulnerability.exploitability: GIF Parser Heap
Show any findings that contain "GIF", "Parser" or "Heap" in description
finding.vulnerability.exploitability: "GIF Parser Heap"
Show any findings that match exact value
finding.vulnerability.exploitability: `GIF Parser Heap`
finding.vulnerability.isPatchAvailablefinding.vulnerability.isPatchAvailable
Use the values true | false to define vulnerabilities with patch available.
Example
Show findings with patch available
finding.vulnerability.isPatchAvailable: "true"
Show findings with no patch available
finding.vulnerability.isPatchAvailable: "false"
finding.vulnerability.isDisabledfinding.vulnerability.isDisabled
Use the values true | false to define disabled vulnerabilities
Example
Show findings with disabled vulnerabilities
finding.vulnerability.isDisabled: "true"
Show findings with disabled vulnerabilities
finding.vulnerability.isDisabled: "false"
finding.vulnerability.isIgnoredfinding.vulnerability.isIgnored
Use the values true | false to define ignored vulnerabilities
Example
Show findings with ignored vulnerabilities
finding.vulnerability.isIgnored: "true"
Show findings with ignored vulnerabilties
finding.vulnerability.isIgnored: "false"
finding.vulnerability.firstFoundDatefinding.vulnerability.firstFoundDate
Use a date range or specific date to define when findings were first found.
Example
Show findings first found within certain dates
finding.vulnerability.firstFoundDate: [2015-10-21 ... 2015-10-30]
Show findings first found starting 2015-10-01, ending 1 month ago
finding.vulnerability.firstFoundDate: [2015-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second ago
finding.vulnerability.firstFoundDate: [now-2w ... now-1s]
Show findings first found on certain date
finding.vulnerability.firstFoundDate:'2015-11-11'
finding.vulnerability.lastFoundDatefinding.vulnerability.lastFoundDate
Use a date range or specific date to define when findings were last found.
Example
Show findings last found within certain dates
finding.vulnerability.lastFoundDate: [2015-10-21 ... 2016-01-15]
Show findings last found starting 2016-01-01, ending 1 month ago
finding.vulnerability.lastFoundDate: [2016-01-01 ... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
finding.vulnerability.lastFoundDate: [now-2w ... now-1s]
Show findings last found on certain date
finding.vulnerability.lastFoundDate:'2016-01-11'
Show findings last found on 2017-01-12 with patch available
vulnerabilities: (lastFound: '2017-01-12' AND finding.vulnerability.isPatchAvailable: "true")
finding.vulnerability.titlefinding.vulnerability.title
Use quotes or backticks within values to help you find the title you're looking for. Quotes can be used when the value has more than one word.
Example
Show any findings related to this title
finding.vulnerability.title: Remote Code Execution
Show any findings that contain "Remote" or "Code" in title
finding.vulnerability.title: "Remote Code"
Show any findings that match exact value
finding.vulnerability.title: `Remote Code`
finding.vulnerability.descriptionfinding.vulnerability.description
Use quotes or backticks within values to help you find the vulnerability description you're looking for. Quotes can be used when the value has more than one word.
Example
Show any findings related to description
finding.vulnerability.description: remote code execution
Show any findings that contain "remote" or "code" in description
finding.vulnerability.description: "remote code execution"
Show any findings that match exact value
finding.vulnerability.description: `remote code execution`
finding.vulnerability.cveIdfinding.vulnerability.cveId
Use a text value ##### to find the CVE name you're interested in.
Example
Show findings with CVE name CVE-2015-0313
finding.vulnerability.cveId: CVE-2015-0313
finding.vulnerability.categoryfinding.vulnerability.category
Select a category (CGI, Database, DNS, BIND, etc) to find vulnerabilities with this category. Select from names in the drop-down menu.
Example
Show findings with the category CGI
finding.vulnerability.category: "CGI"
finding.vulnerability.cvss3BaseScorefinding.vulnerability.cvss3BaseScore
Use an integer value ##### to help you find the CVSS base score you're interested in.
Example
Show assets with this score
finding.vulnerability.cvss3BaseScore: 7.8
finding.vulnerability.cvss3TemporalScorefinding.vulnerability.cvss3TemporalScore
Use an integer value ##### to help you find the CVSS temporal score you're interested in.
Example
Show assets with this score
finding.vulnerability.cvss3TemporalScore: 6.4
finding.vulnerability.cvss2AccessVectorfinding.vulnerability.cvss2AccessVector
Select the name ##### of a CVSS access vector you'd like to find (e.g. UNDEFINED, LOCAL_ACCESS, ADJACENT_NETWORK, NETWORK). Select from names in the drop-down menu.
Example
Show findings with this name
finding.vulnerability.cvss2AccessVector: "NETWORK"
finding.vulnerability.portfinding.vulnerability.port
Use an integer value ##### to help you find assets with some open port.
Example
Show vulnerability with port 80
finding.vulnerability.port: 80
finding.vulnerability.protocolfinding.vulnerability.protocol
Use a text value ##### (UDP or TCP) to define the port protocol you're interested in.
Example
Show findings found on TCP
finding.vulnerability.protocol: TCP
Show findings found on port 80 and TCP
vulnerability: (port: 80 AND protocol: TCP)
finding.vulnerability.typeDetectedfinding.vulnerability.typeDetected
Select a detection type (e.g. Confirmed, Potential, Information) to find instances with vulnerabilities of this type. Select from names in the drop-down menu.
Example
Show findings with this type
finding.vulnerability.typeDetected:Confirmed
finding.vulnerability.isPCIfinding.vulnerability.isPCI
Use the values true | false to find vulnerabilities that must be fixed for PCI Compliance (per PCI DSS).
Example
Show PCI vulnerabilities
finding.vulnerability.isPCI:TRUE
Do not show PCI vulnerabilities
finding.vulnerability.isPCI:FALSE
finding.vulnerability.authTypefinding.vulnerability.authType
Select the name (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc) of an authentication type you're interested in. Select from names in the drop-down menu.
Example
Show findings with Windows auth type
finding.vulnerability.authType:WINDOWS_AUTH
finding.vulnerability.bugTraqIdfinding.vulnerability.bugTraqId
Use a text value ##### to find a BugTraq number you're interested in.
Example
Show findings with BugTraq ID 22211
finding.vulnerability.bugTraqId:22211
finding.vulnerability.compliance.descriptionfinding.vulnerability.compliance.description
Use quotes or backticks within values to help you find the compliance description you're looking for.
Example
Show any findings related to this description
finding.vulnerability.compliance.description:malicious software
Show any findings that contain "malicious" or "software" in description
finding.vulnerability.compliance.description:"malicious software"
Show any findings that match exact value "malicious software"
finding.vulnerability.compliance.description:`malicious software`
finding.vulnerability.compliance.sectionfinding.vulnerability.compliance.section
Use quotes or backticks within values to help you find the compliance section you're looking for.
Example
Show any findings related to this section
finding.vulnerability.compliance.section:164.308
Show any findings that contain parts of section
finding.vulnerability.compliance.section:"164.308"
Show any findings that match exact value "164.308"
finding.vulnerability.compliance.section:`164.308`
finding.vulnerability.compliance.typefinding.vulnerability.compliance.type
Select the name ##### of a compliance type you're interested in (e.g. COBIT, HIPAA, GLBA, SOX). Select from names in the drop-down menu.
Example
Show findings with the compliance type HIPAA
finding.vulnerability.compliance.type:HIPAA
finding.vulnerability.consequencefinding.vulnerability.consequence
Use quotes or backticks within values to help you find the consequence you're looking for.
Example
Show any findings related to consequence
finding.vulnerability.consequence:sensitive information
Show any findings that contain "sensitive" or "information" in consequence
finding.vulnerability.consequence:"sensitive information"
Show any findings that match exact value "sensitive information"
finding.vulnerability.consequence:`sensitive information`
finding.vulnerability.flagfinding.vulnerability.flag
Use a text value ##### to find the Qualys defined vulnerability property of interest (e.g. REMOTE, WINDOWS_AUTH, UNIX_AUTH, PCI_RELATED etc).
Example
Show findings with this flag
finding.vulnerability.flag:PCI_RELATED
finding.vulnerability.listfinding.vulnerability.list
Use a text value ##### to find the vulnerability list of interest (e.g. SANS_20, QUALYS_20, QUALYS_INT_10, QUALYS_EXT_10).
Example
Show findings with vulnerabilities in SANS Top 20
finding.vulnerability.list:SANS_20
finding.vulnerability.patchesfinding.vulnerability.patches
Use an integer value ##### to help you find the patch QID you're interested in.
Example
Show assets with this patch QID
finding.vulnerability.patches:90753
finding.vulnerability.publishedDatefinding.vulnerability.publishedDate
Use a date range or specific date to define when vulnerabilities were first published in the KnowledgeBase.
Example
Show findings for vulnerabilities published within certain dates
finding.vulnerability.publishedDate:[2015-10-21 ... 2016-01-15]
Show findings for vulnerabilities published starting 2017-01-01, ending 1 month ago
finding.vulnerability.publishedDate:[2017-01-01 ... now-1M]
Show findings for vulnerabilities published starting 2 weeks ago, ending 1 second ago
finding.vulnerability.publishedDate:[now-2w ... now-1s]
Show findings for vulnerabilities published on certain date
finding.vulnerability.publishedDate:'2018-01-15'
finding.vulnerability.riskfinding.vulnerability.risk
Use an integer value ##### to define the vulnerability risk rating you're interested in. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.
Example
Show findings with risk 50
finding.vulnerability.risk:50
finding.vulnerability.cvss2BaseScorefinding.vulnerability.cvss2BaseScore
Use an integer value ##### to help you find the CVSS base score you're interested in.
Example
Show instances with this score
finding.vulnerability.cvss2BaseScore:7.8
finding.vulnerability.cvss2TemporalScorefinding.vulnerability.cvss2TemporalScore
Use an integer value ##### to help you find the CVSS temporal score you're interested in.
Example
Show instances with this score
finding.vulnerability.cvss2TemporalScore:6.4
finding.vulnerability.discoveryTypefinding.vulnerability.discoveryType
Select a discovery type (Remote or Authenticated) to find instances with vulnerabilities having this discovery type. Select from names in the drop-down menu.
Example
Show findings with Remote discovery type
finding.vulnerability.discoveryType:REMOTE
finding.vulnerability.sans20Categoriesfinding.vulnerability.sans20Categories
Use a text value ##### to find vulnerabilities in the SANS 20 category you're interested in (e.g. Anti-virus Software, Backup Software, etc).
Example
Show findings with this category name
finding.vulnerability.sans20Categories:Media Players
finding.vulnerability.solutionfinding.vulnerability.solution
Use quotes or backticks within values to help you find the solution you're looking for.
Example
Show any findings related to this solution
finding.vulnerability.solution:Bulletin MS10-006
Show any findings that contain parts of solution
finding.vulnerability.solution:"Bulletin MS10-006"
Show any findings that match exact value "Bulletin MS10-006"
finding.vulnerability.solution:`Bulletin MS10-006`
finding.vulnerability.statusfinding.vulnerability.status
Select the vulnerability status (ACTIVE, FIXED, NEW, REOPENED) you're interested in. Select from names from the drop-down menu.
Example
Show vulnerabilities with ACTIVE status
finding.vulnerability.status:ACTIVE
finding.vulnerability.supportedBy.serviceNamefinding.vulnerability.supportedBy.serviceName
Select a Qualys service (VM, Agent type, etc) to show vulnerabilities that can be detected by this service. Select from names in the drop-down menu.
Example
Show vulnerabilities supported by Linux Agent
finding.vulnerability.supportedBy.serviceName:LINUX_AGENT
finding.vulnerability.vendorReffinding.vulnerability.vendorRef
Use a text value ##### to find the vendor reference you're interested in.
Example
Show this vendor reference
finding.vulnerability.vendorRef:KB3021953
finding.vulnerability.vendorProductNamefinding.vulnerability.vendorProductName
Use a text value ##### to find the vendor product name you're interested in.
Example
Show findings with this vendor product name
finding.vulnerability.vendorProductName:Windows
finding.vulnerability.vendorNamefinding.vulnerability.vendorName
Use a text value ##### to find the vendor name you're interested in.
Example
Show findings with this vendor name
finding.vulnerability.vendorName:Adobe
finding.vulnerability.isDisabledfinding.vulnerability.isDisabled
Use the values true | false to define vulnerabilities that are disabled.
Example
Show findings with this disabled set to False
finding.vulnerability.isDisabled:False
Threat Protection
(For Threat Protection users) Use these tokens for searching Real-Time Threat Indicators (RTI).
finding.vulnerability.threatIntel.isActiveAttackfinding.vulnerability.threatIntel.isActiveAttack
Use the values true | false to define real-time threats due to active attacks.
Example
Show resources with threats due to active attacks
finding.vulnerability.threatIntel.isActiveAttack: "true"
Use the values true | false to define real-time threats due to denial of service.
Example
Show resources with threats due to denial of service
finding.vulnerability.threatIntel.isDenialOfService: "true"
vulnerability.threatIntel.easyExploitvulnerability.threatIntel.easyExploit
Use the values true | false to define real-time threats due to easy exploit.
Example
Show resources with threats due to easy exploit
vulnerability.threatIntel.easyExploit: "true"
finding.vulnerability.threatIntel.exploitKitfinding.vulnerability.threatIntel.exploitKit
Use the values true | false to define real-time threats due to exploit kit.
Example
Show resources with threats due to exploit kit
finding.vulnerability.threatIntel.exploitKit: "true"
finding.vulnerability.threatIntel.exploitKitNamefinding.vulnerability.threatIntel.exploitKitName
Use quotes or backticks within values to help you find the exploit kit name you're looking for. Quotes can be used when the value has more than one word.
Example
Show any findings with this name
finding.vulnerability.threatIntel.exploitKitName: Angler
Show any findings that match exact value
finding.vulnerability.threatIntel.exploitKitName: `Angler`
finding.vulnerability.threatIntel.isHighDataLossfinding.vulnerability.threatIntel.isHighDataLoss
Use the values true | false to define real-time threats due to high data loss.
Example
Show resources with threats due to high data loss
finding.vulnerability.threatIntel.isHighDataLoss: "true"
Use the values true | false to define real-time threats due to high lateral movement.
Example
Show resources with threats due to high lateral movement
finding.vulnerability.threatIntel.isHighLateralMovement: "true"
finding.vulnerability.threatIntel.isMalwarefinding.vulnerability.threatIntel.isMalware
Use the values true | false to define real-time threats due to malware.
Example
Show resources with threats due to malware
finding.vulnerability.threatIntel.isMalware: "true"
finding.vulnerability.threatIntel.malwareNamefinding.vulnerability.threatIntel.malwareName
Use quotes or backticks within values to help you find the malware name you're looking for. Quotes can be used when the value has more than one word.
Example
Show any findings with this name
finding.vulnerability.threatIntel.malwareName: TROJ_PDFKA.DQ
Show any findings that match exact value
finding.vulnerability.threatIntel.malwareName: `TROJ_PDFKA.DQ`
finding.vulnerability.threatIntel.hasNoPatchfinding.vulnerability.threatIntel.hasNoPatch
Use the values true | false to define real-time threats due to no patch available.
Example
Show resources with threats due to no patch available
finding.vulnerability.threatIntel.hasNoPatch: "true"
finding.vulnerability.threatIntel.isPublicExploitfinding.vulnerability.threatIntel.isPublicExploit
Use the values true | false to define real-time threats due to public exploit.
Example
Show resources with threats due to public exploit
finding.vulnerability.threatIntel.isPublicExploit: "true"
Use quotes or backticks within values to help you find the public exploit name of interest. Quotes can be used when the value has more than one word.
Example
Show any findings with this name
finding.vulnerability.threatIntel.publicExploitName: RealVNC NULL Authentication Mode Bypass
Show any findings that contain parts of name
finding.vulnerability.threatIntel.publicExploitName: "RealVNC NULL Authentication Mode Bypass"
Show any findings that match exact value
finding.vulnerability.threatIntel.publicExploitName: `RealVNC NULL Authentication Mode Bypass`
finding.vulnerability.threatIntel.isZeroDayfinding.vulnerability.threatIntel.isZeroDay
Use the values true | false to define real-time threats due to zero day exploit.
Example
Show resources with threats due to zero day exploit
finding.vulnerability.threatIntel.isZeroDay: "true"
Azure: Public IP Addresses
cloud.resource.namecloud.resource.name
Provide a string value to find resources with the specified name.
Example
Find a resource named "my-public-ip"
cloud.resource.name: my-public-ip
cloud.resource.idcloud.resource.id
Provide a string value to find resources with the specified Azure Resource ID.
Example
Find a resource with ID "/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/myResourceGroup/providers/Microsoft.Network/publicIPAddresses/my-public-ip"
cloud.resource.id: /subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/myResourceGroup/providers/Microsoft.Network/publicIPAddresses/my-public-ip
Provide a string value to find resources in the specified Azure region.
Example
Find resources in the East US cloud.region
azure.location: eastus
azure.publicIpAddresses.typeazure.publicIpAddresses.type
Select the type of resource you're interested in. Select from names in the drop-down menu.
Example
Show resources of type VM
azure.publicIpAddresses.type: VM
azure.publicIpAddresses.sku.nameazure.publicIpAddresses.sku.name
Select from available options (e.g., Basic, Standard) to find public IP addresses with the specified SKU name.
Example
Show public IP addresses with Standard SKU.
azure.publicIpAddresses.sku.name: Standard
azure.publicIpAddresses.sku.tierazure.publicIpAddresses.sku.tier
Select from available options (e.g., Regional, Global) to find public IP addresses with the specified SKU tier.
Example
Show public IP addresses with Regional tier.
azure.publicIpAddresses.sku.tier: Regional
azure.publicIpAddresses.provisioningStateazure.publicIpAddresses.provisioningState
Select from available options (e.g., Succeeded, Updating, Deleting, Failed) to find public IP addresses with the specified provisioning state.
Example
Show successfully provisioned public IP addresses.
azure.publicIpAddresses.provisioningState: Succeeded
azure.publicIpAddresses.publicIpAddressVersionazure.publicIpAddresses.publicIpAddressVersion
Select from available options (IPv4, IPv6) to find public IP addresses of the specified IP version.
Example
Show IPv4 public IP addresses.
azure.publicIpAddresses.publicIpAddressVersion: IPv4
azure.publicIpAddresses.publicIpAllocationMethodazure.publicIpAddresses.publicIpAllocationMethod
Select from available options (Dynamic, Static) to find public IP addresses with the specified allocation method.
Example
Show static public IP addresses.
azure.publicIpAddresses.publicIpAllocationMethod: Static
azure.publicIpAddresses.idleTimeoutInMinutesazure.publicIpAddresses.idleTimeoutInMinutes
Provide an integer value to find public IP addresses with the specified idle timeout in minutes.
Example
Find public IP addresses with a 4-minute idle timeout
azure.publicIpAddresses.idleTimeoutInMinutes: 4
Select from available options (e.g., Enabled, Disabled) to find public IP addresses with the specified DDoS protection mode.
Example
Show public IP addresses with DDoS protection enabled.
azure.publicIpAddresses.ddosSettings.protectionMode: Enabled
Azure: AI Foundry
azure.aiService.kindazure.aiService.kind
Select from available options (AI Services, SpeechServices, etc.) to find AI services with the specified kind.
Example
Show AI Services with ContentSafety.
azure.aiService.kind: ContentSafety