Search for Remediation Activity
Use the search tokens below to search and filter remediation activities that have been triggered. You'll need to first choose Amazon Web Service or Microsoft Azure on the Resources tab to see the relevant tokens for your environment. Looking for help with writing your query? click here
AWS | Microsoft Azure | GCP
AWS
cloud.resource.typecloud.resource.type
Select the type of resource you're interested in. Select from name of resource type from the drop-down menu.
Example
Show resources of type instance
cloud.resource.type: Instance
cloud.resource.idcloud.resource.id
Use a text value ##### to find resources based on the unique resource ID assigned to the resource.
Example
Show resources that partially matches with the specified resource id ID acl-8e5198f5
cloud.resource.id: acl-8e5198f5
Show resources that exactly matches with the specified resource id ID acl-8e5198f5
cloud.resource.id: `acl-8e5198f5`
Use a text value ##### to show controls based on the unique control ID associated with the control at the time of creation.
Example
Show controls with this ID
control.id: 205767712438
connector.name
response.statusresponse.status
Select the remediation activity status ("Sucess", "Queued", "Error") to view remediation activities with selected status. Select from names in the drop-down menu.
Example
Show remediation activities with success as the remediation activity status
response.status: Success
response.actionresponse.action
Select the type of remediation action from the drop-down options.
- AWS : Control Remediation, Stop Instance, Remove IAM
- Azure: Control Remediation
- GCP: Control Remediation
Example
Show remediation activities of specified type such as control remediation
response.action: Control Remediation
Use a text value ##### to show connectors based on the unique account ID associated with the connector/ARN at the time of creation.
Example
Show connectors associated with this account ID
aws.accountId: 205767712438
response.triggeredBy.usernameresponse.triggeredBy.username
Use a text value ##### to find remediation activities that were initiated by a user of interest.
Example
Show remediation activities that were triggered by the specified user
response.triggeredBy.username: user_john
response.triggeredDateresponse.triggeredDate
Use a date range or specific date to define when the remediation activities was initiated.
Examples
Show remediation activities triggered within certain dates
response.triggeredDate: [2021-01-01 ... 2021-03-01]
Show remediation activities triggered starting 2021-10-01, ending 1 month ago
response.triggeredDate: [2021-01-01 ... now-1m]
Show remediation activities triggered starting 2 weeks ago, ending 1 second ago
response.triggeredDate: [now-2w ... now-1s]
Show remediation activities triggered on specific date
response.triggeredDate: 2021-01-08
Use values within quotes to help you find controls with a certain name.
Examples
Show findings with this name
control.name: Avoid the use of the root account
Show any findings that contain parts of name
control.name: "Avoid the use of the root account"
Use values within quotes to help you find connectors with a certain name.
Example
Show connectors with this name
connector.name: Sample_connector
Azure
cloud.resource.typecloud.resource.type
Select the type of resource you're interested in. Select from name of resource type from the drop-down menu.
Example
Show resources of type instance
cloud.resource.type: Instance
cloud.resource.idcloud.resource.id
Use a text value ##### to find resources based on the unique resource ID assigned to the resource.
Example
Show resources that partially matches with the specified resource rule.id ID acl-8e5198f5
cloud.resource.id: acl-8e5198f5
Show resources that exactly matches with the specified resource rule.id ID acl-8e5198f5
cloud.resource.id: `acl-8e5198f5`
Use a text value ##### to show controls based on the unique control ID associated with the control at the time of creation.
Example
Show controls with this ID
control.id: 205767712438
Use values within quotes to help you find connectors with a certain name.
Example
Show connectors with this name
connector.name: Sample_connector
response.statusresponse.status
Select the remediation activity status ("Sucess", "Queued", "Error") to view remediation activities with selected status. Select from names in the drop-down menu.
Example
Show remediation activities with success as the remediation activity status
response.status: Success
response.actionresponse.action
Select the type of remediation action from the drop-down options.
- AWS : Control Remediation, Stop Instance, Remove IAM
- Azure: Control Remediation
- GCP: Control Remediation
Example
Show remediation activities of specified type such as control remediation
response.action: Control Remediation
azure.subscriptionIdazure.subscriptionId
Use a text value ##### to find Azure connectors based on the unique subscription ID associated with the connector at the time of creation.
Example
Show connectors with this subscription ID
azure.subscriptionId: fbb9ea64-abda-452e-adfa-83442409
response.triggeredBy.usernameresponse.triggeredBy.username
Use a text value ##### to find remediation activities that were initiated by a user of interest.
Example
Show remediation activities that were triggered by the specified user
response.triggeredBy.username: user_john
response.triggeredDateresponse.triggeredDate
Use a date range or specific date to define when the remediation activities was initiated.
Examples
Show remediation activities triggered within certain dates
response.triggeredDate: [2021-01-01 ... 2021-03-01]
Show remediation activities triggered starting 2021-10-01, ending 1 month ago
response.triggeredDate: [2021-01-01 ... now-1m]
Show remediation activities triggered starting 2 weeks ago, ending 1 second ago
response.triggeredDate: [now-2w ... now-1s]
Show remediation activities triggered on specific date
response.triggeredDate: 2021-01-08
Use values within quotes to help you find controls with a certain name.
Examples
Show findings with this name
control.name: Avoid the use of the root account
Show any findings that contain parts of name
control.name: "Avoid the use of the root account"
GCP
cloud.resource.typecloud.resource.type
Select the type of resource you're interested in. Select from name of resource type from the drop-down menu.
Example
Show resources of type instance
cloud.resource.type: Instance
cloud.resource.idcloud.resource.id
Use a text value ##### to find resources based on the unique resource ID assigned to the resource.
Example
Show resources that partially matches with the specified resource rule.id ID acl-8e5198f5
cloud.resource.id: acl-8e5198f5
Show resources that exactly matches with the specified resource rule.id ID acl-8e5198f5
cloud.resource.id: `acl-8e5198f5`
Use a text value ##### to show controls based on the unique control ID associated with the control at the time of creation.
Example
Show controls with this ID
control.id: 205767712438
response.statusresponse.status
Select the remediation activity status ("Sucess", "Queued", "Error") to view remediation activities with selected status. Select from names in the drop-down menu.
Example
Show remediation activities with success as the remediation activity status
response.status: Success
response.actionresponse.action
Select the type of remediation action from the drop-down options.
- AWS : Control Remediation, Stop Instance, Remove IAM
- Azure: Control Remediation
- GCP: Control Remediation
Example
Show remediation activities of specified type such as control remediation
response.action: Control Remediation
Use a text value ##### to find GCP connectors based on the unique project ID associated with the connector at the time of creation.
Example
Show connectors with this gcp.projectId
gcp.projectId: my-project-1513669048551
response.triggeredBy.usernameresponse.triggeredBy.username
Use a text value ##### to find remediation activities that were initiated by a user of interest.
Example
Show remediation activities that were triggered by the specified user
response.triggeredBy.username: user_john
response.triggeredDateresponse.triggeredDate
Use a date range or specific date to define when the remediation activities was initiated.
Examples
Show remediation activities triggered within certain dates
response.triggeredDate: [2021-01-01 ... 2021-03-01]
Show remediation activities triggered starting 2021-10-01, ending 1 month ago
response.triggeredDate: [2021-01-01 ... now-1m]
Show remediation activities triggered starting 2 weeks ago, ending 1 second ago
response.triggeredDate: [now-2w ... now-1s]
Show remediation activities triggered on specific date
response.triggeredDate: 2021-01-08
Use values within quotes to help you find controls with a certain name.
Examples
Show findings with this name
control.name: Avoid the use of the root account
Show any findings that contain parts of name
control.name: "Avoid the use of the root account"
Supported Boolean Operators
The Qualys Query Language (QQL) supports the following logical or Boolean query operators. Use these operators in your queries to narrow down or broaden your search.
Use a boolean query to express your query using AND logic.
Example
Show active actions created by a user
action.active: TRUE and action.createdBy:`Joe Smith`
Use a boolean query to express your query using NOT logic.
Example
Show actions that are not of type SLACK
not action.type: SLACK
Use a boolean query to express your query using OR logic.
Example
Show actions created by one of these user IDs
action.createdById: jsmith or action.createdByIdjdoe