Searching for GCP Resources
Use the search tokens below to search for resources discovered. You'll need to first choose cloud provider on the Resources tab to see the relevant tokens for your environment. Looking for help with writing your query? click here
General
Use a text value ##### to show resources based on the unique account ID associated with the connector/ARN at the time of creation.
Example
Show findings with this account ID
account.id: 205767712438
Use a text value ##### to show connectors based on the account alias associated with the connector/ARN at the time of creation.
Example
Show connectors with this account alias
account.alias: Example_connector
subscriptionNamesubscriptionName
Use a text value ##### to find Azure connectors based on the subscription name associated with the connector at the time of creation.
Example
Show connectors with this subscription name
subscriptionName: Sample Cloud Subscription
Use a date range or specific date to define when the resource was created.
Examples
Show resources created within certain dates
created: [2018-01-01 ... 2018-03-01]
Show resources created starting 2018-10-01, ending 1 month ago
created: [2018-01-01 ... now-1m]
Show resources created starting 2 weeks ago, ending 1 second ago
created: [now-2w ... now-1s]
Show resources created on specific date
created: 2018-01-08
Use a date range or specific date to define when the resource was last updated.
Examples
Show resources updated within certain dates
updated: [2018-01-01 ... 2018-03-01]
Show resources updated starting 2018-10-01, ending 1 month ago
updated: [2018-01-01 ... now-1m]
Show resources updated starting 2 weeks ago, ending 1 second ago
updated: [now-2w ... now-1s]
Show resources updated on specific date
updated: 2018-01-08
Use backticks to help you find the exact match of the resource name you're looking for.
Examples
Show any findings with this name
name: my-resource
Show all the findings that exactly match with this name
name: `my-resource`
Select the name of the cloud service provider you're interested in. Select from names in the drop-down menu.
Example
Find resources synced from Amazon AWS
provider: AWS
Select the name of the region you're interested in. Select from names in the drop-down menu.
Example
Find resources in the Singapore region
region: Singapore
Use a text value ##### to find resources by the unique ID assigned to the resource.
Example
Show resources with ID acl-8e5198f5
resource.id: acl-8e5198f5
Select the type of resource you're interested in. Select from names in the drop-down menu.
Example
Show resources of type Instance
resource.type: Instance
Use a text value ##### to define the key of an AWS or Azure tag assigned to the resource (case sensitive).
Example
Show findings with key Department
tag.key: Department
Use a text value ##### to define the value of an AWS or Azure tag assigned to the resource (case sensitive).
Example
Show findings with tag value Finance
tag.value: Finance
Use values within quotes or backticks to help you find the resources with the specified tag you're looking for.
Example
Show any findings that contain "network" and "blue" in name
tags.name: "network blue"
Show any findings that contain "network" or "blue" in name (another method)
tags.name: "network" OR tags.name: "blue"
Show any findings that match exact value "Cloud Agent"
tags.name: "Cloud Agent"
Use a boolean query to express your query using AND logic.
Example
Show findings with account ID 205767712438 and type Subnet
account.id: 205767712438 and resource.type: Subnet
Use a boolean query to express your query using NOT logic.
Example
Show findings that are not region Hong Kong
not region: Hong Kong
Use a boolean query to express your query using OR logic.
Example
Show findings with one of these tag values
tag.value: Finance or tag.value: Accounting
Use a text value ##### to find GCP resources with a certain project Id.
Example
Show resources with this projectId
projectId: my-project-1513669048551
Use a text value ##### to define the name of GCP label assigned to the resource (case sensitive).
Example
Show findings with name Environment
label.key: Environment
Use a text value ##### to define the value of GCP label assigned to the resource (case sensitive).
Example
Show cloud functions with certain label value
label.value: test-environment
GCP: VM Instances
These tokens are available in queries with resource.type:VM Instances
instance.machineTypeinstance.machineType
Select the name of the instance machine type you are interested in. Select the machine type from the drop-down menu.
Example
Show resources with g1-small virtual network type
instance.machineType: g1-small
connector.remediationEnabledconnector.remediationEnabled
Use true to view the resources associated with the connector for which remediation is enabled.
Example
Show resources associated with the connector for which remediation is enabled
connector.remediationEnabled: TRUE
Select the action status ("Sucess", "Queued", "Error") you're interested in. Select from names in the drop-down menu.
Example
Show resources with success status for remediation action
action.status: Success
instance.networkInterfaces.networkinstance.networkInterfaces.network
Use a text value ##### to find network interfaces of instances that belong to the specified network.
Example
Show resources with default network
instance.networkInterfaces.network: default
instance.networkInterfaces.subnetworkinstance.networkInterfaces.subnetwork
Use a text value ##### to find network interfaces of instances that belong to the specified subnetwork.
Example
Show resources with default subnetwork
instance.networkInterfaces.subnetwork: default
instance.externalIpAddressinstance.externalIpAddress
Use a text value ##### to find instances that belong to the specified external IP address.
Example
Show resources with specified external IP address
instance.externalIpAddress: 52.70.141.154
instance.privateIpAddressinstance.privateIpAddress
Use a text value ##### to find instances that belong to the specified private IP address.
Example
Show resources with specified private IP address
instance.privateIpAddress: 10.90.0.119
instance.statusinstance.status
Select the status (PROVISIONING, REPAIRING, RUNNING, etc.) of the VM instances you're interested in. Select the required status from the drop-down menu.
Example
Show VM instances with running status
instance.status: RUNNING
instance.agentInstalledinstance.agentInstalled
Use true to view the list of GCP VMs with Qualys Agent installed.
Example
Show VMs with Qualys Agent installed.
instance.agentInstalled: True
GCP:Firewall Rules
These tokens are available in queries with resource.type: Firewall Rules
firewall.networkfirewall.network
Select the name of the instance machine type you are interested in. Select the machine type from the drop-down menu.
Example
Show networks with this name
firewall.network: default
GCP:Network
These tokens are available in queries with resource.type:Networks
network.subnetworksnetwork.subnetworks
Use a text value ##### to find subnetworks within a network.
Example
Show networks with default value
network.subnetworks: default
GCP:SubNetwork
These tokens are available in queries with resource.type:Subnetworks
subnetwork.networksubnetwork.network
Use a text value ##### to find networks within a subnetwork.
Example
Show subnetworks with default value
subnetwork.network: default
subnetwork.ipCidrRangesubnetwork.ipCidrRange
Use a text value ##### to find subnetworks with certain ip cidr range.
Example
Show subnewtorks with specified cidr range
subnetwork.ipCidrRange: 10.170.0.0/20
GCP: Cloud Function
These tokens are available in queries with resource.type: Cloud Function
cloudFunction.timeoutcloudFunction.timeout
Use a text value ##### to find cloud functions based on timeout values.
Example
Show cloud functions with specified timeout value
cloudFunction.timeout: 60s
cloudFunction.memorycloudFunction.memory
Use a text value ##### to find cloud functions based on the available memory. You can specify values in MB.
Example
Show cloud functions with 128 MB available memory.
cloudFunction.memory: 128
cloudFunction.runtimecloudFunction.runtime
Use a text value ##### to find cloud functions based on the programming language they are written in.
Example
Show cloud functions with go111 language
cloudFunction.runtime: go111
cloudFunction.maxInstancescloudFunction.maxInstances
Use a text value ##### to find cloud functions based on the number of maximum instances to which cloud-function can be scaled.
Example
Show cloud functions that can take up maximum 2 instances
cloudFunction.maxInstances: 2
cloudFunction.ingressSettingscloudFunction.ingressSettings
Use a text value ##### to find cloud functions based on ingress-settings of cloud-function.
Example
Show cloud functions that allow all the ingress traffic
cloudFunction.ingressSettings: ALLOW_ALL
cloudFunction.versionIdcloudFunction.versionId
Use a text value ##### to find cloud functions based on the versionId of cloud-functio.
Example
Show cloud functions with specific version Id
cloudFunction.versionId: 2
cloudFunction.serviceAccountEmailcloudFunction.serviceAccountEmail
Use a text value ##### to find cloud functions with the specified service-account email. Ensure that you surround the search value within double quote.
Example
Show cloud functions with certain service-account email
cloudFunction.serviceAccountEmail: "project-151@appspot.gserviceaccount.com"
cloudFunction.vpcConnectorcloudFunction.vpcConnector
Use a text value ##### to find cloud functions based on name of the VPC connector associated with the cloud-function.
Example
Show cloud functions with specified VPC name
cloudFunction.vpcConnector: sampleVPC
cloudFunction.triggercloudFunction.trigger
Use a text value ##### to find cloud functions based on the trigger-service used to trigger the execution of the cloud-function. Ensure that you surround the search value within double quotes..
Example
Show cloud functions with specified trigger-service
cloudFunction.trigger: "storage.googleapis.com"
cloudFunction.statuscloudFunction.status
Use a text value ##### to find cloud functions based on the status.
Example
Show cloud functions with active status
cloudFunction.status: ACTIVE
cloudFunction.label.keycloudFunction.label.key
Use a text value ##### to find cloud functions based on the label key.
Example
Show cloud functions with certain label keys
cloudFunction.label.key: environment
cloudFunction.label.valuecloudFunction.label.value
Use a text value ##### to find cloud functions based on the label value.
Example
Show cloud functions with certain label value
cloudFunction.label.value: test-environment
Load Balancer
loadBalancing.IPAddressloadBalancing.IPAddress
Provide an IP address to find load balancers associated with the specified IP address.
Examples
Find a load balancer with IP address 203.0.113.1.
loadBalancing.IpAddress: 203.0.113.1
loadBalancing.schemeloadBalancing.scheme
Select from available options (NTERNAL, EXTERNAL, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED,
EXTERNAL_MANAGED) to find load balancers with the specified scheme.
Example
Show internally managed load balancers.
loadBalancing.scheme: INTERNAL_MANAGED
loadBalancing.forwardingRuleTargetloadBalancing.forwardingRuleTarget
Provide a string value to find load balancers with the specified forwarding rule target. This could be an instance group, IP address, or another resource.
Examples
Find load balancers targeting a specific instance group.
loadBalancing.forwardingRuleTarget: projects/my-project/regions/us-central1/instanceGroups/my-instance-group