Searching for GCP Resources
Use the search tokens below to search for resources discovered. You'll need to first choose cloud provider on the Resources tab to see the relevant tokens for your environment. Looking for help with writing your query? click here
General
Use a text value ##### to show resources based on the unique account ID associated with the connector/ARN at the time of creation.
Example
Show findings with this account ID
account.id: 205767712438
Use a text value ##### to show connectors based on the account alias associated with the connector/ARN at the time of creation.
Example
Show connectors with this account alias
account.alias: Example_connector
subscriptionNamesubscriptionName
Use a text value ##### to find Azure connectors based on the subscription name associated with the connector at the time of creation.
Example
Show connectors with this subscription name
subscriptionName: Sample Cloud Subscription
gcp.resource.createdDategcp.resource.createdDate
Use a date range or specific date to define when the resource was created.
Example
Show resources created within certain dates
gcp.resource.createdDate: [2018-01-01 ... 2018-03-01]
Show resources created starting 2018-10-01, ending 1 month ago
gcp.resource.createdDate: [2018-01-01 ... now-1m]
Show resources created starting 2 weeks ago, ending 1 second ago
gcp.resource.createdDate: [now-2w ... now-1s]
Show resources created on specific date
gcp.resource.createdDate: 2018-01-08
gcp.resource.updatedDategcp.resource.updatedDate
Use a date range or specific date to define when the resource was last updated.
Example
Show resources updated within certain dates
gcp.resource.updatedDate: [2018-01-01 ... 2018-03-01]
Show resources updated starting 2018-10-01, ending 1 month ago
gcp.resource.updatedDate: [2018-01-01 ... now-1m]
Show resources updated starting 2 weeks ago, ending 1 second ago
gcp.resource.updatedDate: [now-2w ... now-1s]
Show resources updated on specific date
gcp.resource.updatedDate: 2018-01-08
cloud.resource.namecloud.resource.name
Use backticks to help you find the exact match of the resource name you're looking for.
Example
Show any findings with this name
cloud.resource.name: my-resource
Show all the findings that exactly match with this name
cloud.resource.name: `my-resource`
Select the name of the cloud service provider you're interested in. Select from names in the drop-down menu.
Example
Find resources synced from Amazon AWS
provider: AWS
Select the name of the region you're interested in. Select from names in the drop-down menu.
Example
Find resources in the Singapore region
cloud.region: Singapore
cloud.resource.idcloud.resource.id
Use a text value ##### to find resources by the unique ID assigned to the resource.
Example
Show resources with ID acl-8e5198f5
cloud.resource.id: acl-8e5198f5
cloud.resource.typecloud.resource.type
Select the type of resource you're interested in. Select from names in the drop-down menu.
Example
Show resources of type Instance
cloud.resource.type: Instance
Use a text value ##### to define the key of an GCP tag assigned to the resource (case sensitive).
Example
Show findings with key Department
tag.key: Department
Use a text value ##### to define the value of an GCP tag value assigned to the resource (case sensitive).
Example
Show findings with tag value Finance
tag.value: Finance
connector.tag.nameconnector.tag.name
Use values within quotes or backticks to help you find the resources with the specified tag applied via Connector or Apply Tag API for Exceptions.
Example
Show any findings that contain "network" and "blue" in name
connector.tag.name: "network blue"
Show any findings that contain "network" or "blue" in name (another method)
connector.tag.name: "network" OR connector.tag.name: "blue"
Show any findings that match exact value "Cloud Agent"
connector.tag.name: "Cloud Agent"
Use a boolean query to express your query using AND logic.
Example
Show findings with account ID 205767712438 and type Subnet
account.id: 205767712438 and resource.type: Subnet
Use a boolean query to express your query using NOT logic.
Example
Show findings that are not region Hong Kong
not region: Hong Kong
Use a boolean query to express your query using OR logic.
Example
Show findings with one of these tag values
tag.value: Finance or tag.value: Accounting
Use a text value ##### to find GCP resources with a certain project Id.
Example
Show resources with this projectId
gcp.projectId: my-project-1513669048551
Use a text value ##### to define the name of GCP label assigned to the resource (case sensitive).
Example
Show findings with name - Environment
gcp.label.name: Environment
gcp.label.valuegcp.label.value
Use a text value ##### to define the value of GCP label assigned to the resource (case sensitive).
Example
Show cloud functions with certain label value
gcp.label.value: test-environment
GCP: VM Instances
These tokens are available in queries with cloud.resource.type:VM Instances
gcp.compute.machineTypegcp.compute.machineType
Select the name of the instance machine type you are interested in. Select the machine type from the drop-down menu.
Example
Show resources with g1-small virtual network type
gcp.compute.machineType: g1-small
connector.remediationEnabledconnector.remediationEnabled
Use true to view the resources associated with the connector for which remediation is enabled.
Example
Show resources associated with the connector for which remediation is enabled
connector.remediationEnabled: TRUE
Select the action status ("Sucess", "Queued", "Error") you're interested in. Select from names in the drop-down menu.
Example
Show resources with success status for remediation action
action.status: Success
gcp.networkInterfaces.networkgcp.networkInterfaces.network
Use a text value ##### to find network interfaces of instances that belong to the specified network.
Example
Show resources with default network
gcp.networkInterfaces.network: default
gcp.networkInterfaces.subnetworkgcp.networkInterfaces.subnetwork
Use a text value ##### to find network interfaces of instances that belong to the specified subnetwork.
Example
Show resources with default subnetwork
gcp.networkInterfaces.subnetwork: default
gcp.compute.externalIpAddressgcp.compute.externalIpAddress
Use a text value ##### to find instances that belong to the specified external IP address.
Example
Show resources with specified external IP address
gcp.compute.externalIpAddress: 52.70.141.154
gcp.compute.privateIpAddressgcp.compute.privateIpAddress
Use a text value ##### to find instances that belong to the specified private IP address.
Example
Show resources with specified private IP address
gcp.compute.privateIpAddress: 10.90.0.119
gcp.compute.statusgcp.compute.status
Select the status (PROVISIONING, REPAIRING, RUNNING, etc.) of the VM instances you're interested in. Select the required status from the drop-down menu.
Example
Show VM instances with running status
gcp.compute.status: RUNNING
gcp.compute.agentInstalledgcp.compute.agentInstalled
Use true to view the list of GCP VMs with Qualys Agent installed.
Example
Show VMs with Qualys Agent installed.
gcp.compute.agentInstalled: True
gcp.compute.firstScanDategcp.compute.firstScanDate
Use a specific date to filter VM instances based on the timestamp at which they were first scanned using any of the available scan techniques.
Example
Show VM instances with the first scan date as 2025-04-08
gcp.compute.firstScanDate:2025-04-08
gcp.compute.lastScanDategcp.compute.lastScanDate
Use a specific date to filter VM instances based on the timestamp at which they were last scanned using any of the available scan techniques.
Example
Show VM instances with the last scan date as 2025-04-14
gcp.compute.lastScanDate:2025-04-14
gcp.compute.scanTypegcp.compute.scanType
Select a scan type from the drop-down to filter VM instances by that type.
Available options are:
(Cloud Agent Scan, Cloud Perimeter Scan, and Other Scan)
Example
Show VM instances scanned with Cloud Agent Scan.
gcp.compute.scanType: "Cloud Agent Scan"
GCP:Firewall Rules
These tokens are available in queries with cloud.resource.type: Firewall Rules
gcp.firewall.networkgcp.firewall.network
Select the name of the instance machine type you are interested in. Select the machine type from the drop-down menu.
Example
Show networks with this cloud.resource.name
gcp.firewall.network: default
GCP:Network
These tokens are available in queries with cloud.resource.type:Networks
gcp.network.subnetworksgcp.network.subnetworks
Use a text value ##### to find subnetworks within a network.
Example
Show networks with default value
gcp.network.subnetworks: default
GCP:SubNetwork
These tokens are available in queries with cloud.resource.type:Subnetworks
gcp.subnetwork.networkgcp.subnetwork.network
Use a text value ##### to find networks within a subnetwork.
Example
Show subnetworks with default value
gcp.subnetwork.network: default
gcp.subnetwork.ipCidrRangegcp.subnetwork.ipCidrRange
Use a string value ##### to find subnetworks with certain ip cidr range.
Example
Show subnetworks with specified cidr range
gcp.subnetwork.ipCidrRange: 1X.XXX.X.X/X0
gcp.subnetwork.ipv6Prefixgcp.subnetwork.ipv6Prefix
Use a string value ##### to find resources based on the IPv6 address prefix (IPv6 CIDR Range).
Example
Show resources with the IPv6prefix: 'fd20:XXX:XXXX:X:X:X:X:X/64'
gcp.subnetwork.ipv6Prefix: 'fd20:XXX:XXXX:X:X:X:X:X/64'
GCP: Cloud Function
These tokens are available in queries with cloud.resource.type: Cloud Function
gcp.cloudFunction.timeoutgcp.cloudFunction.timeout
Use a string value ##### to find cloud functions based on timeout values.
Example
Show cloud functions with specified timeout value
gcp.cloudFunction.timeout: 60s
gcp.cloudFunction.memorygcp.cloudFunction.memory
Use a text value ##### to find cloud functions based on the available memory. You can specify values in MB.
Example
Show cloud functions with 128 MB available memory.
gcp.cloudFunction.memory: 128
gcp.cloudFunction.runtimegcp.cloudFunction.runtime
Use a text value ##### to find cloud functions based on the programming language they are written in.
Example
Show cloud functions with go111 language
gcp.cloudFunction.runtime: go111
gcp.cloudFunction.maxInstancesgcp.cloudFunction.maxInstances
Use a text value ##### to find cloud functions based on the number of maximum instances to which cloud-function can be scaled.
Example
Show cloud functions that can take up maximum 2 instances
gcp.cloudFunction.maxInstances: 2
gcp.cloudFunction.ingressSettingsgcp.cloudFunction.ingressSettings
Use a text value ##### to find cloud functions based on ingress-settings of cloud-function.
Example
Show cloud functions that allow all the ingress traffic
gcp.cloudFunction.ingressSettings: ALLOW_ALL
gcp.cloudFunction.versionIdgcp.cloudFunction.versionId
Use a text value ##### to find cloud functions based on the versionId of cloud-functio.
Example
Show cloud functions with specific version Id
gcp.cloudFunction.versionId: 2
gcp.cloudFunction.serviceAccountEmailgcp.cloudFunction.serviceAccountEmail
Use a text value ##### to find cloud functions with the specified service-account email. Ensure that you surround the search value within double quote.
Example
Show cloud functions with certain service-account email
gcp.cloudFunction.serviceAccountEmail: "[email protected]"
gcp.cloudFunction.vpcConnectorgcp.cloudFunction.vpcConnector
Use a text value ##### to find cloud functions based on name of the VPC connector associated with the cloud-function.
Example
Show cloud functions with specified VPC cloud.resource.name
gcp.cloudFunction.vpcConnector: sampleVPC
gcp.cloudFunction.triggergcp.cloudFunction.trigger
Use a text value ##### to find cloud functions based on the trigger-service used to trigger the execution of the cloud-function. Ensure that you surround the search value within double quotes.
Example
Show cloud functions with specified trigger-service
gcp.cloudFunction.trigger: "storage.googleapis.com"
gcp.cloudFunction.statusgcp.cloudFunction.status
Use a text value ##### to find cloud functions based on the status.
Example
Show cloud functions with active status
gcp.cloudFunction.status: ACTIVE
gcp.cloudFunction.label.keygcp.cloudFunction.label.key
Use a text value ##### to find cloud functions based on the label key.
Example
Show cloud functions with certain label keys
gcp.cloudFunction.label.key: environment
gcp.cloudFunction.label.valuegcp.cloudFunction.label.value
Use a text value ##### to find cloud functions based on the label value.
Example
Show cloud functions with certain label value
gcp.cloudFunction.label.value: test-environment
GCP: Load Balancer
gcp.loadBalancing.ipAddressgcp.loadBalancing.ipAddress
Provide an IP address to find load balancers associated with the specified IP address.
Example
Find a load balancer with IP address 203.0.113.1.
gcp.loadBalancing.ipAddress: 203.0.113.1
gcp.loadBalancing.schemegcp.loadBalancing.scheme
Select from available options (NTERNAL, EXTERNAL, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED,
EXTERNAL_MANAGED) to find load balancers with the specified scheme.
Example
Show internally managed load balancers.
gcp.loadBalancing.scheme: INTERNAL_MANAGED
gcp.loadBalancing.forwardingRuleTargetgcp.loadBalancing.forwardingRuleTarget
Provide a string value to find load balancers with the specified forwarding rule target. This could be an instance group, IP address, or another resource.
Example
Find load balancers targeting a specific instance group.
gcp.loadBalancing.forwardingRuleTarget: projects/my-project/regions/us-central1/instanceGroups/my-instance-group
GCP: Kubernetes Engine
Provide a string value to find Kubernetes clusters with the specified name.
Example
Find a resource named "my-cluster"
name: my-cluster
Provide a string value to find Kubernetes clusters in the specified zone.
Example
Find resources in zone "us-central1-a"
zone: us-central1-a
Provide a string value to find Kubernetes clusters with the specified ID.
Example
Find a resource with ID "12345678"
resource.id: 12345678
Provide a string value to find Kubernetes clusters of the specified type.
Example
Find Kubernetes cluster resources.
type: container.googleapis.com/Cluster
gcp.kubernetesClusters.statusgcp.kubernetesClusters.status
Select from available options (e.g., PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED) to find Kubernetes clusters with the specified status.
Example
Show running Kubernetes clusters.
gcp.kubernetesClusters.status: RUNNING
gcp.kubernetesClusters.databaseEncryption.stategcp.kubernetesClusters.databaseEncryption.state
Select from available options (e.g., ENCRYPTED, DECRYPTED) to find Kubernetes clusters based on their database encryption state.
Example
Show clusters with encrypted databases.
gcp.kubernetesClusters.databaseEncryption.state: ENCRYPTED
gcp.kubernetesClusters.shieldedNodes.enabledgcp.kubernetesClusters.shieldedNodes.enabled
Select (True, False) to find Kubernetes clusters based on whether shielded nodes are enabled.
Example
Show clusters with shielded nodes enabled. gcp.kubernetesClusters.shieldedNodes.enabled: true
Select from available options (e.g., BALANCED, OPTIMIZE_UTILIZATION) to find Kubernetes clusters with the specified autoscaling profile.
Example
Show clusters with balanced autoscaling.
gcp.kubernetesClusters.autoScaling.autoScalingProfile: BALANCED
Select from available options (e.g., STANDARD, ADVANCED) to find Kubernetes clusters with the specified enterprise config cluster tier.
Example
Show clusters with advanced tier.
gcp.kubernetesClusters.enterpriseConfig.clusterTier: ADVANCED
Select (True, False) to find Kubernetes clusters based on whether the Kubernetes Dashboard addon is disabled.
Example
Show clusters with Kubernetes Dashboard disabled.
gcp.kubernetesClusters.addonsConfig.kubernetesDashboard.disabled: true
gcp.kubernetesClusters.networkPolicy.providergcp.kubernetesClusters.networkPolicy.provider
Select from available options (e.g., CALICO) to find Kubernetes clusters with the specified network policy provider.
Example
Show clusters using Calico for network policy.
gcp.kubernetesClusters.networkPolicy.provider: CALICO
gcp.kubernetesClusters.networkPolicy.enabledgcp.kubernetesClusters.networkPolicy.enabled
Select (True, False) to find Kubernetes clusters based on whether network policy is enabled.
Example
Show clusters with network policy enabled. gcp.kubernetesClusters.networkPolicy.enabled: true
gcp.kubernetesClusters.nodeConfig.machineTypegcp.kubernetesClusters.nodeConfig.machineType
Provide a string value to find Kubernetes clusters with nodes of the specified machine type.
Example
Find clusters with n1-standard-2 nodes
gcp.kubernetesClusters.nodeConfig.machineType: n1-standard-2
gcp.kubernetesClusters.nodeConfig.diskSizeGbgcp.kubernetesClusters.nodeConfig.diskSizeGb
Provide an integer value to find Kubernetes clusters with nodes having the specified disk size in GB.
Example
Find clusters with 100GB node disks gcp.kubernetesClusters.nodeConfig.diskSizeGb: 100
gcp.kubernetesClusters.nodeConfig.imageTypegcp.kubernetesClusters.nodeConfig.imageType
Provide a string value to find Kubernetes clusters with nodes using the specified image type.
Example
Find clusters with COS nodes gcp.kubernetesClusters.nodeConfig.imageType: COS
gcp.kubernetesClusters.nodeConfig.diskTypegcp.kubernetesClusters.nodeConfig.diskType
Provide a string value to find Kubernetes clusters with nodes using the specified disk type.
Example
Find clusters with pd-standard node disks gcp.kubernetesClusters.nodeConfig.diskType: pd-standard
Select (True, False) to find Kubernetes clusters based on whether integrity monitoring is enabled for shielded nodes.
Example
Show clusters with integrity monitoring enabled for shielded nodes.
gcp.kubernetesClusters.nodeConfig.shieldedInstanceConfig.enableIntegrityMonitoring: true
GCP:Cloud Run Services
These tokens are available in queries with cloud.resource.type:Cloud Run Services
gcp.runservices.arngcp.runservices.arn
Search for Google Cloud Run services using their full resource identifier/ARN.
Example
Show a specific Cloud Run service by ARN
gcp.runservices.arn: projects/123456789/locations/us-central1/services/my-run-service
gcp.runservices.ingressgcp.runservices.ingress
Search for Google Cloud Run services based on their ingress configuration, such as INTERNAL, EXTERNAL, or ALL.
Example
Show Cloud Run services exposed to the public internet
gcp.runservices.ingress: EXTERNAL