Searching for Containers
Use the search tokens below to search for containers. Looking for help with writing your query? click here
container.instance.argumentscontainer.instance.arguments
Use a text value ##### to define a container.instance.command line argument of interest.
Example
Show containers run with this container.instance.command argument
container.instance.arguments: family
aws.ec2.instanceIdaws.ec2.instanceId
Use a text value ##### to find containers deployed on an AWS EC2 instance using the EC2 instance ID.
Example
Show containers deployed on a AWS EC2 instance with this instance ID.
aws.ec2.instanceId:"i-0ab8d3318979f529c"
aws.ecs.accountIdaws.ecs.accountId
Use a text value ##### to find AWS Fargate containers by the AWS ECS account ID.
Example
Show AWS Fargate containers with this AWS ECS account ID
aws.ecs.accountId: 123456789012
aws.ecs.cluster.nameaws.ecs.cluster.name
Use a text value ##### to find AWS Fargate containers by the cluster name.
Example
Show AWS Fargate containers with this cluster container.instance.name
aws.ecs.cluster.name: my-cluster
aws.ecs.container.idaws.ecs.container.id
Use a text value ##### to find AWS Fargate containers by the container ID.
Example
Show AWS Fargate containers with this container ID
aws.ecs.container.id: 1234bafa-d5ac-6789-0ae1-23b4d5f67baa
aws.ecs.container.macAddressaws.ecs.container.macAddress
Use a text value ##### to find AWS Fargate containers by the container MAC address.
Example
Show AWS Fargate containers with this container MAC address
aws.ecs.container.macAddress: 01:2d:a3:45:67:d8
aws.ecs.container.subnetIdaws.ecs.container.subnetId
Use a text value ##### to find AWS Fargate containers by the container subnet ID.
Example
Show AWS Fargate containers with this container subnet ID
aws.ecs.container.subnetId: subnet-0b12c3a456fdaab78
aws.ecs.region.codeaws.ecs.region.code
Use a text value ##### to find AWS Fargate containers by the region code.
Example
Show AWS Fargate containers with this region code
aws.ecs.region.code: us-west-2
aws.eks.arnaws.eks.arn
Use a text value ##### to find AWS EKS containers by the AWS ARN.
Example
Show AWS EKS containers with this AWS ARN.
aws.eks.arn: <region>:<accountid>:cluster/<clustername>
aws.eks.accountIdaws.eks.accountId
Use a text value ##### to find AWS EKS containers by the account ID.
Example
Show AWS EKS containers with this account ID.
cloudProvider.aws.eks.accoundId: ??Need example??
aws.eks.regionaws.eks.region
Use a text value ##### to find AWS EKS containers by the region code.
Example
Show AWS EKS containers with this region code.
aws.eks.region: us-west-2
gcp.gke.krngcp.gke.krn
Use a text value ##### to find GCP GKE containers by the GCP KRN.
Example
Show GCP GKE containers with this KRN.
gcp.gke.krn: projects/<project_id>/locations/<region>/clusters/<cluster_name>
gcp.gke.accountIdgcp.gke.accountId
Use a text value ##### to find GCP GKE containers by the Account ID.
Example
Show AWS EKS containers with this account ID.
gcp.gke.accountId: ??Need example??
gcp.gke.regiongcp.gke.region
Use a text value ##### to find GCP GKE containers by the region code.
Example
Show GCP GKE containers with this region code.
gcp.gke.region: us-west-2
oci.oke.ocidoci.oke.ocid
Use a text value ##### to find OCI OKE containers by the OC ID.
Example
Show OCI OKE containers with this OC ID.
oci.oke.ocid: ocid1.cluster.oc1.<REGION>.<TENANCY_OCID>.<CLUSTER_OCID>
oci.oke.accountIdoci.oke.accountId
Use a text value ##### to find OCI OKE containers by the account ID.
Example
Show OCI OKE containers with this account ID.
oci.oke.accountId: ??Need Example??
oci.oke.regionoci.oke.region
Use a text value ##### to find OCI OKE containers by the region code.
Example
Show OCI OKE containers with this region code.
oci.oke.region: us-west-2
azure.aks.resourceIdazure.aks.resourceId
Use a text value ##### to find Azure AKS containers by the resource ID.
Example
Show Azure AKS containers with this resource ID.
cloudProvider.aws.aks.resourceId: ??Need Example??
azure.aks.accountIdazure.aks.accountId
Use a text value ##### to find Azure AKS containers by the account ID.
Example
Show Azure AKS containers with this account ID.
azure.aks.accountId: ??Need Example??
azure.aks.regionazure.aks.region
Use a text value ##### to find Azure AKS containers by the region code.
Example
Show AWS EKS containers with this region code.
azure.aks.region: us-west-2
container.selfManaged.clusterIdcontainer.selfManaged.clusterId
Use a text value ##### to find self-managed containers by the cluster ID.
Example
Show self-managed containers with this cluster ID.
container.selfManaged.clusterId: ??Need example??
container.selfManaged.accountIdcontainer.selfManaged.accountId
Use a text value ##### to find self-managed containers by the account ID.
Example
Show self-managed containers with this account ID.
container.selfManaged.accountId: ??Need example??
container.selfManaged.regioncontainer.selfManaged.region
Use a text value ##### to find self-managed containers by the region code.
Example
Show self-managed containers with this region code.
container.selfManaged.region: us-west-2
container.selfManaged.clusterIdcontainer.selfManaged.clusterId
Use a text value ##### to find self-managed containers by the cluster ID.
Example
Show self-managed containers with this cluster ID.
container.selfManaged.clusterId: ??Need example??
container.cluster.namecontainer.cluster.name
Use a text value ##### to find containers by the cluster name.
Example
Show containers with this cluster name.
container.cluster.name: ??Need example??
container.cluster.uidcontainer.cluster.uid
Use a text value ##### to find containers by the Cluster UID.
Example
Show containers with this Cluster UID.
container.cluster.uid: ??Need example??
container.cluster.k8s.node.isMastercontainer.cluster.k8s.node.isMaster
Use the values true | false to find containers running on the master node.
Example
Show containers running on master node
container.cluster.k8s.node.isMaster: true
container.cluster.k8s.node.namecontainer.cluster.k8s.node.name
Use a text value ##### to find containers by the Kubernetes cluster node name.
Example
Show containers with this node container.instance.name
container.cluster.k8s.node.name: my-node
container.cluster.k8s.pod.controller.namecontainer.cluster.k8s.pod.controller.name
Use a text value ##### to find containers by the Kubernetes cluster pod controller name.
Example
Show containers with this pod controller container.instance.name
container.cluster.k8s.pod.controller.name: my-controller
container.cluster.k8s.pod.controller.typecontainer.cluster.k8s.pod.controller.type
Use a text value ##### to find containers by the Kubernetes cluster pod controller type (CronJob, DaemonSet, Deployment, Job, Node, ReplicaSet, ReplicationController, StatefulSet).
Example
Show containers with this pod controller type
container.cluster.k8s.pod.controller.type: ReplicationController
container.cluster.k8s.pod.controller.uuidcontainer.cluster.k8s.pod.controller.uuid
Use a text value ##### to find containers by the Kubernetes cluster pod controller uuid.
Example
Show containers with this pod controller uuid
container.cluster.k8s.pod.controller.uuid: 01234567-89ab-cdef-0123-456789abcdef
container.cluster.k8s.pod.label.keycontainer.cluster.k8s.pod.label.key
Use a text value ##### to find containers by a label container.instance.name (key) assigned to the Kubernetes cluster pod.
Example
Show containers with this pod label container.instance.name
container.cluster.k8s.pod.label.key: container.instance.environment
container.cluster.k8s.pod.label.valuecontainer.cluster.k8s.pod.label.value
Use a text value ##### to find containers by a label value assigned to the Kubernetes cluster pod.
Example
Show containers with this pod label value
container.cluster.k8s.pod.label.value: production
container.cluster.k8s.pod.namecontainer.cluster.k8s.pod.name
Use a text value ##### to find containers by the Kubernetes cluster pod name.
Example
Show containers with this pod container.instance.name
container.cluster.k8s.pod.name: my-pod
container.cluster.k8s.pod.namespacecontainer.cluster.k8s.pod.namespace
Use a text value ##### to find containers by the Kubernetes cluster pod namespace.
Example
Show containers with this pod namespace
container.cluster.k8s.pod.namespace: my.namespace.example.com
container.cluster.k8s.pod.namespaceMetadata.labelscontainer.cluster.k8s.pod.namespaceMetadata.labels
Use a text value ##### to find containers using labels assigned to a namespace.
Example
Show containers within a namespace using these labels assigned to the namespace.
container.cluster.k8s.pod.namespaceMetadata.labels:"label1:value1"
container.cluster.k8s.pod.namespaceMetadata.annotationscontainer.cluster.k8s.pod.namespaceMetadata.annotations
Use a text value ##### to find containers using annotations assigned to a namespace.
Example
Show containers within a namespace using these annotations assigned to the namespace.
container.cluster.k8s.pod.namespaceMetadata.annotations:"annotation1:value1"
container.cluster.k8s.pod.uuidcontainer.cluster.k8s.pod.uuid
Use a text value ##### to find containers by the Kubernetes cluster pod uuid.
Example
Show containers with this pod uuid
container.cluster.k8s.pod.uuid: 01234567-89ab-cdef-0123-456789abcdef
container.cluster.k8s.projectcontainer.cluster.k8s.project
Use a text value ##### to find containers by the Kubernetes cluster project name.
Example
Show containers with this Kubernetes cluster project
container.cluster.k8s.project: my-project
container.cluster.typecontainer.cluster.type
Use a text value ##### to find containers by the cluster type (KUBERNETES).
Example
Show containers with the Kubernetes cluster type
container.cluster.type: KUBERNETES
container.instance.commandcontainer.instance.command
Use a text value ##### to define a container.instance.command you're looking for.
Example
Show containers run with this container.instance.command
container.instance.command: /run.sh
container.instance.idcontainer.instance.id
Use a text value ##### to find a container ID.
Example
Show container with this ID
container.instance.id: ed46df944e1c
controls.controlIdcontrols.controlId
Use a text value ##### to find controls by control ID.
Example
Show containers with this control ID
controls.controlId: 10826
controls.criticalitycontrols.criticality
Use a text value ##### to find controls by criticality level (MINIMAL, MEDIUM, SERIOUS, CRITICAL, URGENT).
Example
Show containers with URGENT controls
controls.criticality: "URGENT"
controls.posturecontrols.posture
Use a text value ##### to find controls by compliance posture (PASS, FAIL).
Example
Show containers with failed controls
controls.posture: "FAIL"
container.instance.createdDatecontainer.instance.createdDate
Use a date range or specific date to define when containers were created.
Examples
Find containers container.instance.createdDate within certain dates
container.instance.createdDate: [2017-06-15 ... 2017-06-30]
Find containers container.instance.createdDate on specific date
container.instance.createdDate:'2017-08-15'
container.instance.environmentcontainer.instance.environment
Use a text value ##### to define an container.instance.environment variable container.instance.name you're interested in.
Example
Show containers with this container.instance.environment variable
container.instance.environment: "my-variable"
riskAcceptance.nameriskAcceptance.name
Use a text value ##### to specify the names of exceptions.
Example
Show containers on which these exceptions are applied.
riskAcceptance.name: [Exception1,Exception2]
container.instance.host.architecturecontainer.instance.host.architecture
Use a text value ##### to find containers based on the host architecture (amd64, arm64, x86_64).
Example
Show findings with arm64 host architecture
container.instance.host.architecture: arm64
container.instance.host.namecontainer.instance.host.name
Use a text value ##### to define the hostname you're looking for.
Example
Show containers with this hostname
container.instance.host.name: dockerhost07.mydomain.com
container.instance.host.ipAddresscontainer.instance.host.ipAddress
Use a text value ##### to define a host IP address you're interested in.
Example
Show container with this IP address
container.instance.host.ipAddress: 10.44.92.127
container.instance.image.idcontainer.instance.image.id
Use a text value ##### to define a container image ID of interest.
Example
Show containers with this image ID
container.instance.image.id: c2d1b73a90ec
container.instance.image.shacontainer.instance.image.sha
Use a text value ##### to define SHA 256 hash of container image.
Example
Show container image with this SHA value
container.instance.image.sha: 163dc7f6b91a30bdaa867c28e7edc341e72da63b0f9056be497bd59a83bce695
asset.container.image.tag.nameasset.container.image.tag.name
Show containers associated with images that have this tag assigned.
Example
Show containers associated with images that have the tag 'TestImage'
asset.container.image.tag.name: TestImage
container.instance.ipAddresscontainer.instance.ipAddress
Use a text value ##### to define a container IPv4 address of interest.
Example
Show containers on this IPv4 address
container.instance.ipAddress: 172.17.0.2
container.instance.ipV6Addresscontainer.instance.ipV6Address
Use a text value ##### to define a container IPv6 address of interest.
Example
Show containers on this IPv6 address
container.instance.ipV6Address: fe80:0:0:0:2502:b53c:4139:404b
container.instance.isDriftcontainer.instance.isDrift
Use the values true | false to find drift containers.
Example
Show drift containers
container.instance.isDrift: true
container..instance.isRootcontainer..instance.isRoot
Use the values true | false to find containers running processes as root. It refers to the privilege the running container has been started with; containers inherit the privilege of the user/process starting the container unless explicitly changed.
Example
Show containers running processes as root
container..instance.isRoot: true
drift.categorydrift.category
Use a text value ##### to find containers having drift software or vulnerabilities (Software or Vulnerability).
Example
Show containers with drift software
drift.category: Software
drift.reasondrift.reason
Use a text value ##### to find containers with specific container.instance.state of drift software or vulnerabilities (Fixed, New, Removed, Varied).
Example
Show drift reason
drift.reason: Fixed
container.instance.label.keycontainer.instance.label.key
Use a text value ##### to find containers with a certain label name.
Example
Show containers with label container.instance.name "vendor"
container.instance.label.key: vendor
container.instance.label.valuecontainer.instance.label.value
Use a text value ##### to find containers with a certain label value.
Example
Show containers with label value "CentOS"
container.instance.label.value: CentOS
container.instance.lastComplianceScanDatecontainer.instance.lastComplianceScanDate
Use a date range or specific date to define when containers were last scanned for compliance.
Examples
Show containers with last compliance scan within certain dates
container.instance.lastComplianceScanDate: [2021-01-01 ... 2021-01-30]
Show containers with last compliance scan starting 2020-10-15, ending 1 month ago
container.instance.lastComplianceScanDate: [2020-10-15 ... now-1M]
Show containers with last compliance scan starting 2 weeks ago, ending 1 second ago
container.instance.lastComplianceScanDate: [now-2w ... now-1s]
Show containers with last compliance scan on specific date
container.instance.lastComplianceScanDate:'2021-01-18'
container.instance.lastVmScanDatecontainer.instance.lastVmScanDate
Use a date range or specific date to define when containers were last scanned for vulnerabilities.
Examples
Show containers last scanned within certain dates
container.instance.lastVmScanDate: [2021-01-01 ... 2021-01-30]
Show containers last scanned starting 2020-10-15, ending 1 month ago
container.instance.lastVmScanDate: [2020-10-15 ... now-1M]
Show containers last scanned starting 2 weeks ago, ending 1 second ago
container.instance.lastVmScanDate: [now-2w ... now-1s]
Show containers last scanned on specific date
container.instance.lastVmScanDate:'2021-01-18'
container.instance.macAddresscontainer.instance.macAddress
Use a text value ##### to define a container MAC address you're interested in.
Example
Show container with this MAC address
container.instance.macAddress: 00-50-56-A9-73-5A
container.instance.namecontainer.instance.name
Use a text value ##### to define the container container.instance.name you're interested in.
Example
Show this container container.instance.name
container.instance.name: my-container
container.instance.pathcontainer.instance.path
Use a text value ##### to define the container container.instance.path you're looking for. Enclose the container.instance.path in double quotes.
Example
Show containers installed at this container.instance.path
container.instance.path: "/usr/container.instance.path/container/"
container.instance.portMapping.hostIpcontainer.instance.portMapping.hostIp
Use a text value ##### to define a port mapping host of interest.
Example
Show containers with this host mapping host IP
container.instance.portMapping.hostIp: xxx.xxx.xxx.xxx
container.instance.portMapping:(hostPortcontainer.instance.portMapping:(hostPort
Use an integer value ##### to define a port mapping host port you're looking for.
Example
Show containers with this host mapping host port
container.instance.portMapping:(hostPort: xxxxx
container.instance.portMapping:(containerPortcontainer.instance.portMapping:(containerPort
Use an integer value ##### to define a port number on the container that is bound to the host port.
Example
Show containers with this port mapping port
container.instance.portMapping:(containerPort: xxxxx
container.instance.portMapping.protocolcontainer.instance.portMapping.protocol
Use a text value ##### to define a port mapping protocol you're interested in.
Example
Show containers with this port mapping protocol
container.instance.portMapping.protocol: UDP
container..instance.isPrivilegedcontainer..instance.isPrivileged
Use the values true | false to find containers with privilege status true or false.
Example
Show containers whose privilege status is true
container..instance.isPrivileged: true
container.instance.qdsSeveritycontainer.instance.qdsSeverity
Use this value to help you find containers with the QDS severity you're interested in.
Example
Show all containers having QDS severity as 'HIGH'.
container.instance.qdsSeverity: HIGH
drift.software.namedrift.software.name
Use a text value ##### to find drift software with certain software name.
Example
Show findings with software container.instance.name
drift.software.name: my-app
drift.software.fixVersiondrift.software.fixVersion
Use a text value ##### to find drift software with certain software version.
Example
Show findings with software version
drift.software.fixVersion: 8.0
drift.software.fixVersiondrift.software.fixVersion
Use a text value ##### to find drift software with certain fix version.
Example
Show findings with certain fix version
drift.software.fixVersion: 8.0
drift.software.vulnerabilities.authTypedrift.software.vulnerabilities.authType
Use a text value ##### to find drift software vulnerabilities with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc). See Authentication Types in online help for more options.
Example
Show findings with Windows auth type
drift.software.vulnerabilities.authType: "WINDOWS_AUTH"
drift.software.vulnerabilities.categorydrift.software.vulnerabilities.category
Use a text value ##### to find drift software vulnerabilities with a vulnerability category (CGI, Database, DNS, BIND, etc). See Vulnerability Categories in online help for category names.
Example
Show findings with category CGI
drift.software.vulnerabilities.category: "CGI"
drift.software.vulnerabilities.customerSeveritydrift.software.vulnerabilities.customerSeverity
Use an integer value ##### to find drift software vulnerabilities with this customer defined severity (1-5).
Examples
Show findings with customer-defined severity 4
drift.software.vulnerabilities.customerSeverity: "4"
Show findings with customer-defined severity 5 and category DNS
drift.software.vulnerabilities: (customerSeverity: "5" AND category: "DNS")
drift.software.vulnerabilities.cveidsdrift.software.vulnerabilities.cveids
Use a text value ##### to find drift software vulnerabilities with CVE Ids.
Example
Show findings with CVE Ids
drift.software.vulnerabilities.cveids: "CVE-2014-9999"
drift.software.vulnerabilities.cvssInfo.accessVectordrift.software.vulnerabilities.cvssInfo.accessVector
Use a text value ##### to find drift software vulnerabilities with specific CVSS access vector.
Example
Show findings with CVSS access vector
drift.software.vulnerabilities.cvssInfo.accessVector: "Local"
drift.software.vulnerabilities.cvssInfo.baseScoredrift.software.vulnerabilities.cvssInfo.baseScore
Use a integer value ##### to find drift software vulnerabilities with specific CVSS base score.
Example
Show findings with CVSS base score
drift.software.vulnerabilities.cvssInfo.baseScore: "7.2"
drift.software.vulnerabilities.cvssInfo.temporalScoredrift.software.vulnerabilities.cvssInfo.temporalScore
Use a integer value ##### to find drift software vulnerabilities with specific CVSS temporal score.
Example
Show findings with CVSS temporal score
drift.software.vulnerabilities.cvssInfo.temporalScore: "6.2"
drift.software.vulnerabilities.cvss3Info.baseScoredrift.software.vulnerabilities.cvss3Info.baseScore
Use a integer value ##### to find drift software vulnerabilities with specific CVSS3 base score.
Example
Show findings with CVSS3 base score
drift.software.vulnerabilities.cvss3Info.baseScore: "4.3"
drift.software.vulnerabilities.cvss3Info.temporalScoredrift.software.vulnerabilities.cvss3Info.temporalScore
Use a integer value ##### to find drift software vulnerabilities with specific CVSS3 temporal score.
Example
Show findings with CVSS3 temporal score
drift.software.vulnerabilities.cvss3Info.temporalScore: "3.8"
drift.software.vulnerabilities.discoveryTypedrift.software.vulnerabilities.discoveryType
Use a text value ##### to find drift software vulnerabilities with a discovery type (REMOTE or AUTHENTICATED).
Example
Show findings with Remote discovery type
drift.software.vulnerabilities.discoveryType: "REMOTE"
drift.software.vulnerabilities.firstFounddrift.software.vulnerabilities.firstFound
Use a date range or specific date to find when drift software vulnerabilities were first found.
Examples
Show findings first found within certain dates
drift.software.vulnerabilities.firstFound: [2017-10-01 ... 2017-10-12]
Show findings first found starting 2017-10-01, ending 1 month ago
drift.software.vulnerabilities.firstFound: [2017-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second ago
drift.software.vulnerabilities.firstFound: [now-2w ... now-1s]
Show findings first found on certain date
drift.software.vulnerabilities.firstFound:'2017-09-22'
Show findings first found in the past 10 days with severity 5
drift.software.vulnerabilities: (firstFound > now-10d AND severity: "5")
drift.software.vulnerabilities.lastFounddrift.software.vulnerabilities.lastFound
Use a date range or specific date to find when drift software vulnerabilities were last found.
Examples
Show findings last found within certain dates
drift.software.vulnerabilities.lastFound: [2017-10-02 ... 2017-10-15]
Show findings last found starting 2017-10-01, ending 1 month ago
drift.software.vulnerabilities.lastFound: [2017-10-01 ... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
drift.software.vulnerabilities.lastFound: [now-2w ... now-1s]
Show findings last found on certain date
drift.software.vulnerabilities.lastFound:'2017-10-11'
Show findings last found on 2017-10-12 and category CGI
drift.software.vulnerabilities: (lastFound: '2017-10-12' AND category: "CGI")
drift.software.vulnerabilities.resultdrift.software.vulnerabilities.result
Use a text value ##### to find drift software packages that have vulnerabilities. This is scan (QID) test result generated by signature.
Example
Show findings with libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4
drift.software.vulnerabilities.result: "libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4"
drift.software.vulnerabilities.riskdrift.software.vulnerabilities.risk
Use an integer value ##### to find drift software vulnerabilities having a certain risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.
Example
Show findings with risk 50
drift.software.vulnerabilities.risk: 50
drift.software.vulnerabilities.severitydrift.software.vulnerabilities.severity
Use an integer value ##### to find drift software vulnerabilities with this Qualys defined severity (1-5).
Examples
Show findings with severity 4
drift.software.vulnerabilities.severity: "4"
Show findings with severity 5 and category DNS
drift.software.vulnerabilities: (severity: "5" AND category: "DNS")
drift.software.vulnerabilities.supportedBydrift.software.vulnerabilities.supportedBy
Use a text value ##### to find drift software vulnerabilities that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows Agent, CA-Linux Agent, CA-Mac Agent).
Example
Show findings supported by VM
drift.software.vulnerabilities.supportedBy: "VM"
drift.software.vulnerabilities.threatInteldrift.software.vulnerabilities.threatIntel
Use a text value ##### to find drift software vulnerabilities that are exposed to real-time threats.
Examples
Show findings exposed to public exploit threats
drift.software.vulnerabilities.threatIntel: "publicExploit": true
Show findings exposed to multiple threats
drift.software.vulnerabilities.threatIntel: {"publicExploit" : true, "publicExploitNames" : ["Sambar Server 4.3/4.4 Beta 3 - Search CGI - The Exploit-DB Ref : 20223" ]}
drift.software.vulnerabilities.typeDetecteddrift.software.vulnerabilities.typeDetected
Use a text value ##### to find drift software vulnerabilities with a detection type (CONFIRMED or POTENTIAL).
Example
Show findings with this detection type
drift.software.vulnerabilities.typeDetected: "CONFIRMED"
drift.software.vulnerabilities.qiddrift.software.vulnerabilities.qid
Use an integer value ##### to provide a QID to find containers having vulnerabilities in certain drift software.
Example
Show findings with QID 90405
drift.software.vulnerabilities.qid: 90405
drift.software.vulnerabilities.titledrift.software.vulnerabilities.title
Use an text value ##### to provide a title to find containers having vulnerabilities in certain drift software.
Example
Show findings with title
drift.software.vulnerabilities.title: title text
drift.software.vulnerabilities.software.namedrift.software.vulnerabilities.software.name
Use a text value ##### to find vulnerabilities present in certain drift software.
Example
Show findings with software container.instance.name
drift.software.vulnerabilities.software.name: my-app
drift.software.vulnerabilities.software.versiondrift.software.vulnerabilities.software.version
Use a text value ##### to find vulnerabilities present in certain version of a drift software.
Example
Show findings with software version
drift.software.vulnerabilities.software.version: 8.0
drift.software.vulnerabilities.software.fixVersiondrift.software.vulnerabilities.software.fixVersion
Use a text value ##### to find vulnerabilities present in certain fix version of a drift software.
Example
Show findings with certain fix version
drift.software.vulnerabilities.software.fixVersion: 8.0
drift.software.vulnerabilities.sourcedrift.software.vulnerabilities.source
Use a text value ##### to find drift software vulnerabilities from specific container.source (CONTAINER, IMAGE, BOTH).
Example
Show drift software from images
drift.software.vulnerabilities.source: IMAGE
drift.software.vulnerabilities.reasondrift.software.vulnerabilities.reason
Use a text value ##### to find drift software vulnerabilities with specific container.instance.state (Fixed, New, Removed, Varied)
Example
Show drift software that is new
drift.software.vulnerabilities.reason: NEW
drift.software.vulnerabilities.threatIntel.activeAttacksdrift.software.vulnerabilities.threatIntel.activeAttacks
Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to active attacks.
Example
Show containers exposed to threats due to active attacks
drift.software.vulnerabilities.threatIntel.activeAttacks: true
drift.software.vulnerabilities.threatIntel.denialOfServicedrift.software.vulnerabilities.threatIntel.denialOfService
Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to denial of service.
Example
Show containers having threats due to denial of service
drift.software.vulnerabilities.threatIntel.denialOfService: true
drift.software.vulnerabilities.threatIntel.easyExploitdrift.software.vulnerabilities.threatIntel.easyExploit
Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to easy exploit.
Example
Show containers exposed to threats due to easy exploit
drift.software.vulnerabilities.threatIntel.easyExploit: true
drift.software.vulnerabilities.threatIntel.highDataLossdrift.software.vulnerabilities.threatIntel.highDataLoss
Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to high data loss.
Example
Show containers exposed to threats due to high data loss
drift.software.vulnerabilities.threatIntel.highDataLoss: true
drift.software.vulnerabilities.threatIntel.highLateralMovementdrift.software.vulnerabilities.threatIntel.highLateralMovement
Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to high lateral movement.
Example
Show containers exposed to threats due to high lateral movement
drift.software.vulnerabilities.threatIntel.highLateralMovement: true
drift.software.vulnerabilities.threatIntel.malwaredrift.software.vulnerabilities.threatIntel.malware
Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to malware.
Example
Show containers exposed to threats due to malware
drift.software.vulnerabilities.threatIntel.malware: true
drift.software.vulnerabilities.threatIntel.noPatchdrift.software.vulnerabilities.threatIntel.noPatch
Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to no patch available.
Example
Show containers exposed to threats due to no patch available
drift.software.vulnerabilities.threatIntel.noPatch: true
drift.software.vulnerabilities.threatIntel.publicExploitdrift.software.vulnerabilities.threatIntel.publicExploit
Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to public exploit.
Example
Show containers exposed to threats due to public exploit
drift.software.vulnerabilities.threatIntel.publicExploit: true
drift.software.sourcedrift.software.source
Use a text value ##### to find drift software from specific container.source (CONTAINER, IMAGE, BOTH).
Example
Show drift software from images
drift.software.source: IMAGE
drift.software.reasondrift.software.reason
Use a text value ##### to find drift software with specific container.instance.state (Fixed, New, Removed, Varied)
Example
Show drift software that is new
drift.software.reason: NEW
drift.vulnerability.authTypedrift.vulnerability.authType
Use a text value ##### to find drift vulnerabilities with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc). See Authentication Types in online help for more options.
Example
Show findings with Windows auth type
drift.vulnerability.authType: "WINDOWS_AUTH"
drift.vulnerability.categorydrift.vulnerability.category
Use a text value ##### to find drift vulnerabilities with a vulnerability category (CGI, Database, DNS, BIND, etc). See Vulnerability Categories in online help for category names.
Example
Show findings with category CGI
drift.vulnerability.category: "CGI"
drift.vulnerability.customerSeveritydrift.vulnerability.customerSeverity
Use an integer value ##### to find drift vulnerabilities with this customer defined severity (1-5).
Examples
Show findings with customer-defined severity 4
drift.vulnerability.customerSeverity: "4"
Show findings with customer-defined severity 5 and category DNS
drift.vulnerability: (customerSeverity: "5" AND category: "DNS")
drift.vulnerability.cveidsdrift.vulnerability.cveids
Use a text value ##### to find drift vulnerabilities with CVE Ids.
Example
Show findings with CVE Ids
drift.vulnerability.cveids: "CVE-2014-9999"
drift.vulnerability.cvssInfo.accessVectordrift.vulnerability.cvssInfo.accessVector
Use a text value ##### to find drift vulnerabilities with specific CVSS access vector.
Example
Show findings with CVSS access vector
drift.vulnerability.cvssInfo.accessVector: "Local"
drift.vulnerability.cvssInfo.baseScoredrift.vulnerability.cvssInfo.baseScore
Use a integer value ##### to find drift vulnerabilities with specific CVSS base score.
Example
Show findings with CVSS base score
drift.vulnerability.cvssInfo.baseScore: "7.2"
drift.vulnerability.cvssInfo.temporalScoredrift.vulnerability.cvssInfo.temporalScore
Use a integer value ##### to find drift vulnerabilities with specific CVSS temporal score.
Example
Show findings with CVSS temporal score
drift.vulnerability.cvssInfo.temporalScore: "6.2"
drift.vulnerability.cvss3Info.baseScoredrift.vulnerability.cvss3Info.baseScore
Use a integer value ##### to find drift vulnerabilities with specific CVSS3 base score.
Example
Show findings with CVSS3 base score
drift.vulnerability.cvss3Info.baseScore: "4.3"
drift.vulnerability.cvss3Info.temporalScoredrift.vulnerability.cvss3Info.temporalScore
Use a integer value ##### to find drift vulnerabilities with specific CVSS3 temporal score.
Example
Show findings with CVSS3 temporal score
drift.vulnerability.cvss3Info.temporalScore: "3.8"
drift.vulnerability.discoveryTypedrift.vulnerability.discoveryType
Use a text value ##### to find drift vulnerabilities with a discovery type (REMOTE or AUTHENTICATED).
Example
Show findings with Remote discovery type
drift.vulnerability.discoveryType: "REMOTE"
drift.vulnerability.firstFounddrift.vulnerability.firstFound
Use a date range or specific date to find when drift vulnerabilities were first found.
Examples
Show findings first found within certain dates
drift.vulnerability.firstFound: [2017-10-01 ... 2017-10-12]
Show findings first found starting 2017-10-01, ending 1 month ago
drift.vulnerability.firstFound: [2017-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second ago
drift.vulnerability.firstFound: [now-2w ... now-1s]
Show findings first found on certain date
drift.vulnerability.firstFound:'2017-09-22'
Show findings first found in the past 10 days with severity 5
drift.vulnerability: (firstFound > now-10d AND severity: "5")
drift.vulnerability.fixeddrift.vulnerability.fixed
Use a date range or specific date to find fixed drift vulnerabilities.
Examples
Show findings first found within certain dates
drift.vulnerability.fixed: [2017-10-01 ... 2017-10-12]
Show findings first found starting 2017-10-01, ending 1 month ago
drift.vulnerability.fixed: [2017-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second ago
drift.vulnerability.fixed: [now-2w ... now-1s]
Show findings first found on certain date
drift.vulnerability.fixed:'2017-09-22'
Show findings first found in the past 10 days with severity 5
drift.vulnerability: (fixed > now-10d AND severity: "5")
drift.vulnerability.lastFounddrift.vulnerability.lastFound
Use a date range or specific date to find when drift vulnerabilities were last found.
Examples
Show findings last found within certain dates
drift.vulnerability.lastFound: [2017-10-02 ... 2017-10-15]
Show findings last found starting 2017-10-01, ending 1 month ago
drift.vulnerability.lastFound: [2017-10-01 ... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
drift.vulnerability.lastFound: [now-2w ... now-1s]
Show findings last found on certain date
drift.vulnerability.lastFound:'2017-10-11'
Show findings last found on 2017-10-12 and category CGI
drift.vulnerability: (lastFound: '2017-10-12' AND category: "CGI")
drift.vulnerability.resultdrift.vulnerability.result
Use a text value ##### to find software packages that have drift vulnerabilities. This is scan (QID) test result generated by signature.
Example
Show findings with libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4
drift.vulnerability.result: "libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4"
drift.vulnerability.riskdrift.vulnerability.risk
Use an integer value ##### to find drift vulnerabilities having a certain risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.
Example
Show findings with risk 50
drift.vulnerability.risk: 50
drift.vulnerability.severitydrift.vulnerability.severity
Use an integer value ##### to find drift vulnerabilities with this Qualys defined severity (1-5).
Examples
Show findings with severity 4
drift.vulnerability.severity: "4"
Show findings with severity 5 and category DNS
drift.vulnerability: (severity: "5" AND category: "DNS")
drift.vulnerability.statusdrift.vulnerability.status
Use a text value ##### to find drift vulnerabilities with a vulnerability status (OPEN, FIXED or REOPENED).
Example
Show findings with this status
drift.vulnerability.status: "OPEN"
drift.vulnerability.supportedBydrift.vulnerability.supportedBy
Use a text value ##### to find drift vulnerabilities that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows Agent, CA-Linux Agent, CA-Mac Agent).
Example
Show findings supported by VM
drift.vulnerability.supportedBy: "VM"
drift.vulnerability.threatInteldrift.vulnerability.threatIntel
Use a text value ##### to find drift vulnerabilities that are exposed to real-time threats.
Examples
Show findings exposed to public exploit threats
drift.vulnerability.threatIntel: "publicExploit": true
Show findings exposed to multiple threats
drift.vulnerability.threatIntel: {"publicExploit" : true, "publicExploitNames" : ["Sambar Server 4.3/4.4 Beta 3 - Search CGI - The Exploit-DB Ref : 20223" ]}
drift.vulnerability.typeDetecteddrift.vulnerability.typeDetected
Use a text value ##### to find drift vulnerabilities with a detection type (CONFIRMED or POTENTIAL).
Example
Show findings with this detection type
drift.vulnerability.typeDetected: "CONFIRMED"
drift.vulnerability.qiddrift.vulnerability.qid
Use an integer value ##### to provide a QID to find containers with certain drift vulnerability.
Example
Show findings with QID 90405
drift.vulnerability.qid: 90405
drift.vulnerability.titledrift.vulnerability.title
Use an text value ##### to provide a title to find containers with certain drift vulnerability.
Example
Show findings with title
drift.vulnerability.title: title text
drift.vulnerability.software.namedrift.vulnerability.software.name
Use a text value ##### to find drift vulnerability present in certain software.
Example
Show findings with software container.instance.name
drift.vulnerability.software.name: my-app
drift.vulnerability.software.versiondrift.vulnerability.software.version
Use a text value ##### to find drift vulnerability present in certain software version.
Example
Show findings with software version
drift.vulnerability.software.version: 8.0
drift.vulnerability.software.fixVersiondrift.vulnerability.software.fixVersion
Use a text value ##### to find drift vulnerability present in certain software fix version.
Example
Show findings with certain fix version
drift.vulnerability.software.fixVersion: 8.0
drift.vulnerability.sourcedrift.vulnerability.source
Use a text value ##### to find drift vulnerability from specific container.source (CONTAINER, IMAGE, BOTH).
Example
Show drift software from images
drift.vulnerability.source: IMAGE
drift.vulnerability.reasondrift.vulnerability.reason
Use a text value ##### to find drift vulnerability with specific container.instance.state (Fixed, New, Removed, Varied)
Example
Show drift software that is new
drift.vulnerability.reason: NEW
drift.vulnerability.threatIntel.activeAttacksdrift.vulnerability.threatIntel.activeAttacks
Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to active attacks.
Example
Show containers exposed to threats due to active attacks
drift.vulnerability.threatIntel.activeAttacks: true
drift.vulnerability.threatIntel.denialOfServicedrift.vulnerability.threatIntel.denialOfService
Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to denial of service.
Example
Show containers having threats due to denial of service
drift.vulnerability.threatIntel.denialOfService: true
drift.vulnerability.threatIntel.easyExploitdrift.vulnerability.threatIntel.easyExploit
Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to easy exploit.
Example
Show containers exposed to threats due to easy exploit
drift.vulnerability.threatIntel.easyExploit: true
drift.vulnerability.threatIntel.highDataLossdrift.vulnerability.threatIntel.highDataLoss
Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to high data loss.
Example
Show containers exposed to threats due to high data loss
drift.vulnerability.threatIntel.highDataLoss: true
drift.vulnerability.threatIntel.highLateralMovementdrift.vulnerability.threatIntel.highLateralMovement
Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to high lateral movement.
Example
Show containers exposed to threats due to high lateral movement
drift.vulnerability.threatIntel.highLateralMovement: true
drift.vulnerability.threatIntel.malwaredrift.vulnerability.threatIntel.malware
Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to malware.
Example
Show containers exposed to threats due to malware
drift.vulnerability.threatIntel.malware: true
drift.vulnerability.threatIntel.noPatchdrift.vulnerability.threatIntel.noPatch
Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to no patch available.
Example
Show containers exposed to threats due to no patch available
drift.vulnerability.threatIntel.noPatch: true
drift.vulnerability.threatIntel.publicExploitdrift.vulnerability.threatIntel.publicExploit
Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to public exploit.
Example
Show containers exposed to threats due to public exploit
drift.vulnerability.threatIntel.publicExploit: true
container.instance.maxQdsScorecontainer.instance.maxQdsScore
Specify the maximum QDS score. It shows the containers having maximum QDS score.
Example
Show containers having maximum value of QDS Score as 95.
container.instance.maxQdsScore: 95
asset.truRiskasset.truRisk
Use a number value ##### to find images having a certain risk score.
Example
Show findings with this tag.
asset.truRisk: "60"
container.instance.shacontainer.instance.sha
Use a text value ##### to define SHA 256 hash of container image.
Example
Show findings with this SHA value
container.instance.sha: 163dc7f6b91a30bdaa867c28e7edc341e72da63b0f9056be497bd59a83bce695
software.namesoftware.name
Use a text value ##### to find the software application container.instance.name you're looking for.
Example
Show containers with this software container.instance.name
software.name: MyApp
software.versionsoftware.version
Use a text value ##### to find the software application version of interest.
Example
Show containers with this software version
software.version: 2.0.3
software.fixVersionsoftware.fixVersion
Use a text value ##### to find software with specific fix version.
Example
Show containers with this software version
software.fixVersion: 2.0.3
software.vulnerabilities.authTypesoftware.vulnerabilities.authType
Use a text value ##### to find software vulnerabilities with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc). See Authentication Types in online help for more options.
Example
Show findings with Windows auth type
software.vulnerabilities.authType: "WINDOWS_AUTH"
software.vulnerabilities.categorysoftware.vulnerabilities.category
Use a text value ##### to find software vulnerabilities with a vulnerability category (CGI, Database, DNS, BIND, etc). See Vulnerability Categories in online help for category names.
Example
Show findings with category CGI
software.vulnerabilities.category: "CGI"
software.vulnerabilities.customerSeveritysoftware.vulnerabilities.customerSeverity
Use an integer value ##### to find software vulnerabilities with this customer defined severity (1-5).
Examples
Show findings with customer-defined severity 4
software.vulnerabilities.customerSeverity: "4"
Show findings with customer-defined severity 5 and category DNS
software.vulnerabilities: (customerSeverity: "5" AND category: "DNS")
software.vulnerabilities.cveidssoftware.vulnerabilities.cveids
Use a text value ##### to find software vulnerabilities with CVE Ids.
Example
Show findings with CVE Ids
software.vulnerabilities.cveids: "CVE-2014-9999"
software.vulnerabilities.cvssInfo.accessVectorsoftware.vulnerabilities.cvssInfo.accessVector
Use a text value ##### to find containers having software vulnerabilities with specific CVSS access vector.
Example
Show findings with CVSS access vector
software.vulnerabilities.cvssInfo.accessVector: "Local"
software.vulnerabilities.cvssInfo.baseScoresoftware.vulnerabilities.cvssInfo.baseScore
Use a integer value ##### to find containers having software vulnerabilities with specific CVSS base score.
Example
Show findings with CVSS base score
software.vulnerabilities.cvssInfo.baseScore: "7.2"
software.vulnerabilities.cvssInfo.temporalScoresoftware.vulnerabilities.cvssInfo.temporalScore
Use a integer value ##### to find containers having software vulnerabilities with specific CVSS temporal score.
Example
Show findings with CVSS temporal score
software.vulnerabilities.cvssInfo.temporalScore: "6.2"
software.vulnerabilities.cvss3Info.baseScoresoftware.vulnerabilities.cvss3Info.baseScore
Use a integer value ##### to find containers having software vulnerabilities with specific CVSS3 base score.
Example
Show findings with CVSS3 base score
software.vulnerabilities.cvss3Info.baseScore: "4.3"
software.vulnerabilities.cvss3Info.temporalScoresoftware.vulnerabilities.cvss3Info.temporalScore
Use a integer value ##### to find containers having software vulnerabilities with specific CVSS3 temporal score.
Example
Show findings with CVSS3 temporal score
software.vulnerabilities.cvss3Info.temporalScore: "3.8"
software.vulnerabilities.discoveryTypesoftware.vulnerabilities.discoveryType
Use a text value ##### to find software vulnerabilities with a discovery type (REMOTE or AUTHENTICATED).
Example
Show findings with Remote discovery type
software.vulnerabilities.discoveryType: "REMOTE"
software.vulnerabilities.firstFoundsoftware.vulnerabilities.firstFound
Use a date range or specific date to find when software vulnerabilities were first found.
Examples
Show findings first found within certain dates
software.vulnerabilities.firstFound: [2017-10-01 ... 2017-10-12]
Show findings first found starting 2017-10-01, ending 1 month ago
software.vulnerabilities.firstFound: [2017-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second ago
software.vulnerabilities.firstFound: [now-2w ... now-1s]
Show findings first found on certain date
software.vulnerabilities.firstFound:'2017-09-22'
Show findings first found in the past 10 days with severity 5
software.vulnerabilities: (firstFound > now-10d AND severity: "5")
software.vulnerabilities.fixedsoftware.vulnerabilities.fixed
Use a date range or specific date to find software with vulnerabilities that are fixed.
Examples
Show findings first found within certain dates
software.vulnerabilities.fixed: [2017-10-01 ... 2017-10-12]
Show findings first found starting 2017-10-01, ending 1 month ago
software.vulnerabilities.fixed: [2017-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second ago
software.vulnerabilities.fixed: [now-2w ... now-1s]
Show findings first found on certain date
software.vulnerabilities.fixed:'2017-09-22'
Show findings first found in the past 10 days with severity 5
software.vulnerabilities: (fixed > now-10d AND severity: "5")
software.vulnerabilities.lastFoundsoftware.vulnerabilities.lastFound
Use a date range or specific date to find when software vulnerabilities were last found.
Examples
Show findings last found within certain dates
software.vulnerabilities.lastFound: [2017-10-02 ... 2017-10-15]
Show findings last found starting 2017-10-01, ending 1 month ago
software.vulnerabilities.lastFound: [2017-10-01 ... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
software.vulnerabilities.lastFound: [now-2w ... now-1s]
Show findings last found on certain date
software.vulnerabilities.lastFound:'2017-10-11'
Show findings last found on 2017-10-12 and category CGI
software.vulnerabilities: (lastFound: '2017-10-12' AND category: "CGI")
software.vulnerabilities.resultsoftware.vulnerabilities.result
Use a text value ##### to find software packages that have vulnerabilities. This is scan (QID) test result generated by signature.
Example
Show findings with libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4
software.vulnerabilities.result: "libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4"
software.vulnerabilities.risksoftware.vulnerabilities.risk
Use an integer value ##### to find software vulnerabilities having a certain risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.
Example
Show findings with risk 50
software.vulnerabilities.risk: 50
software.vulnerabilities.severitysoftware.vulnerabilities.severity
Use an integer value ##### to find software vulnerabilities with this Qualys defined severity (1-5).
Examples
Show findings with severity 4
software.vulnerabilities.severity: "4"
Show findings with severity 5 and category DNS
software.vulnerabilities: (severity: "5" AND category: "DNS")
software.vulnerabilities.supportedBysoftware.vulnerabilities.supportedBy
Use a text value ##### to find software vulnerabilities that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows Agent, CA-Linux Agent, CA-Mac Agent).
Example
Show findings supported by VM
software.vulnerabilities.supportedBy: "VM"
software.vulnerabilities.threatIntelsoftware.vulnerabilities.threatIntel
Use a text value ##### to find software vulnerabilities that are exposed to real-time threats.
Examples
Show findings exposed to public exploit threats
software.vulnerabilities.threatIntel: "publicExploit": true
Show findings exposed to multiple threats
software.vulnerabilities.threatIntel: {"publicExploit" : true, "publicExploitNames" : ["Sambar Server 4.3/4.4 Beta 3 - Search CGI - The Exploit-DB Ref : 20223" ]}
software.vulnerabilities.typeDetectedsoftware.vulnerabilities.typeDetected
Use a text value ##### to find software vulnerabilities with a detection type (CONFIRMED or POTENTIAL).
Example
Show findings with this detection type
software.vulnerabilities.typeDetected: "CONFIRMED"
software.vulnerabilities.qidsoftware.vulnerabilities.qid
Use an integer value ##### to provide a QID to find containers with software having certain vulnerability.
Example
Show findings with QID 90405
software.vulnerabilities.qid: 90405
software.vulnerabilities.titlesoftware.vulnerabilities.title
Use an text value ##### to provide a title to find containers with software having certain vulnerability.
Example
Show findings with title
software.vulnerabilities.title: title text
software.vulnerabilities.software.namesoftware.vulnerabilities.software.name
Use a text value ##### to find vulnerability present in certain software.
Example
Show findings with software container.instance.name
software.vulnerabilities.software.name: my-app
software.vulnerabilities.software.versionsoftware.vulnerabilities.software.version
Use a text value ##### to find vulnerability present in certain software version.
Example
Show findings with software version
software.vulnerabilities.software.version: 8.0
software.vulnerabilities.software.fixVersionsoftware.vulnerabilities.software.fixVersion
Use a text value ##### to find vulnerability present in certain software fix version.
Example
Show findings with certain fix version
software.vulnerabilities.software.fixVersion: 8.0
software.vulnerabilities.sourcesoftware.vulnerabilities.source
Use a text value ##### to find software vulnerability from specific container.source (CONTAINER, IMAGE, BOTH).
Example
Show software software from images
software.vulnerabilities.source: IMAGE
software.vulnerabilities.reasonsoftware.vulnerabilities.reason
Use a text value ##### to find software vulnerability with specific container.instance.state (Fixed, New, Removed, Varied)
Example
Show software software that is new
software.vulnerabilities.reason: NEW
software.vulnerabilities.threatIntel.activeAttackssoftware.vulnerabilities.threatIntel.activeAttacks
Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to active attacks.
Example
Show containers exposed to threats due to active attacks
software.vulnerabilities.threatIntel.activeAttacks: true
software.vulnerabilities.threatIntel.denialOfServicesoftware.vulnerabilities.threatIntel.denialOfService
Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to denial of service.
Example
Show containers having threats due to denial of service
software.vulnerabilities.threatIntel.denialOfService: true
software.vulnerabilities.threatIntel.easyExploitsoftware.vulnerabilities.threatIntel.easyExploit
Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to easy exploit.
Example
Show containers exposed to threats due to easy exploit
software.vulnerabilities.threatIntel.easyExploit: true
software.vulnerabilities.threatIntel.highDataLosssoftware.vulnerabilities.threatIntel.highDataLoss
Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to high data loss.
Example
Show containers exposed to threats due to high data loss
software.vulnerabilities.threatIntel.highDataLoss: true
software.vulnerabilities.threatIntel.highLateralMovementsoftware.vulnerabilities.threatIntel.highLateralMovement
Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to high lateral movement.
Example
Show containers exposed to threats due to high lateral movement
software.vulnerabilities.threatIntel.highLateralMovement: true
software.vulnerabilities.threatIntel.malwaresoftware.vulnerabilities.threatIntel.malware
Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to malware.
Example
Show containers exposed to threats due to malware
software.vulnerabilities.threatIntel.malware: true
software.vulnerabilities.threatIntel.noPatchsoftware.vulnerabilities.threatIntel.noPatch
Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to no patch available.
Example
Show containers exposed to threats due to no patch available
software.vulnerabilities.threatIntel.noPatch: true
software.vulnerabilities.threatIntel.publicExploitsoftware.vulnerabilities.threatIntel.publicExploit
Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to public exploit.
Example
Show containers exposed to threats due to public exploit
software.vulnerabilities.threatIntel.publicExploit: true
container.sourcecontainer.source
Use a text value ##### to find containers from specific container.source (GENERAL, HOST, SERVERLESS_FARGATE).
Example
Show containers on host
container.source: HOST
container.instance.statecontainer.instance.state
Use a text value ##### to find containers in certain container.instance.state (CREATED, RUNNING, STOPPED, PAUSED, DELETED, UNKNOWN).
Example
Show containers in a certain container.instance.state
container.instance.state: "Running"
container.instance.isStateChangedcontainer.instance.isStateChanged
Use a date range or specific date to define when containers changed state. When entering a date use YYYY-MM-DD format.
Examples
Show containers that changed container.instance.state within certain dates
container.instance.isStateChanged: [2019-10-01 ... 2019-10-12]
Show containers that changed container.instance.state starting October 1st and ending 1 month ago
container.instance.isStateChanged: [2019-10-01 ... now-1M]
Show containers that changed container.instance.state starting 2 weeks ago, ending 1 second ago
container.instance.isStateChanged: [now-2w ... now-1s]
Show containers that changed container.instance.state on certain date
container.instance.isStateChanged:'2019-09-22'
asset.container.instance.tag.nameasset.container.instance.tag.name
Use a text value ##### to find containers that are assigned with this tag.
Example
Show containers assigned with the tag 'TestContainer'
asset.container.instance.tag.name: TestContainer
container.instance.updatedDatecontainer.instance.updatedDate
Use a date range or specific date to define when containers were updated. The container.instance.updatedDate date is modified with each event on the container, and with vulnerability report processing for the container.
Examples
Find containers container.instance.updatedDate within certain dates
container.instance.updatedDate: [2019-06-15 ... 2019-06-30]
Find containers container.instance.updatedDate on specific date
container.instance.updatedDate:'2019-08-15'
container.instance.user.usernamecontainer.instance.user.username
Use a text value ##### to find a user container.instance.name configured inside a container image/running-container. The user can be any container user: root or non-root.
Example
Show findings with this user container.instance.name
container.instance.user.username: asmith
vulnerabilities.authTypevulnerabilities.authType
Use a text value ##### to find containers having vulnerabilities with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc). See Authentication Types in online help for more options.
Example
Show findings with Windows auth type
vulnerabilities.authType: "WINDOWS_AUTH"
vulnerabilities.categoryvulnerabilities.category
Use a text value ##### to find containers with vulnerabilities having a vulnerability category (CGI, Database, DNS, BIND, etc). See Vulnerability Categories in online help for category names.
Example
Show findings with category CGI
vulnerabilities.category: "CGI"
vulnerabilities.customerSeverityvulnerabilities.customerSeverity
Use an integer value ##### to find containers having vulnerabilities with this customer defined severity (1-5).
Examples
Show findings with customer-defined severity 4
vulnerabilities.customerSeverity: "4"
Show findings with customer-defined severity 5 and category DNS
vulnerabilities: (customerSeverity: "5" AND category: "DNS")
vulnerabilities.cveidsvulnerabilities.cveids
Use a text value ##### to find the CVE container.instance.name you're interested in.
Example
Show findings with CVE container.instance.name CVE-2015-0313
vulnerabilities.cveids: CVE-2015-0313
vulnerabilities.cvssInfo.accessVectorvulnerabilities.cvssInfo.accessVector
Use a text value ##### to find containers having vulnerabilities with specific CVSS access vector.
Example
Show findings with CVSS access vector
vulnerabilities.cvssInfo.accessVector: "Local"
vulnerabilities.cvssInfo.baseScorevulnerabilities.cvssInfo.baseScore
Use a integer value ##### to find containers having vulnerabilities with specific CVSS base score.
Example
Show findings with CVSS base score
vulnerabilities.cvssInfo.baseScore: "7.2"
vulnerabilities.cvssInfo.temporalScorevulnerabilities.cvssInfo.temporalScore
Use a integer value ##### to find containers having vulnerabilities with specific CVSS temporal score.
Example
Show findings with CVSS temporal score
vulnerabilities.cvssInfo.temporalScore: "6.2"
vulnerabilities.cvss3Info.baseScorevulnerabilities.cvss3Info.baseScore
Use a integer value ##### to find containers having vulnerabilities with specific CVSS3 base score.
Example
Show findings with CVSS3 base score
vulnerabilities.cvss3Info.baseScore: "4.3"
vulnerabilities.cvss3Info.temporalScorevulnerabilities.cvss3Info.temporalScore
Use a integer value ##### to find containers having vulnerabilities with specific CVSS3 temporal score.
Example
Show findings with CVSS3 temporal score
vulnerabilities.cvss3Info.temporalScore: "3.8"
vulnerabilities.discoveryTypevulnerabilities.discoveryType
Use a text value ##### to find containers having vulnerabilities with a discovery type (REMOTE or AUTHENTICATED).
Example
Show findings with Remote discovery type
vulnerabilities.discoveryType: "REMOTE"
vulnerabilities.firstFoundvulnerabilities.firstFound
Use a date range or specific date to define when vulnerabilities on container were first found.
Examples
Show findings first found within certain dates
vulnerabilities.firstFound: [2017-10-01 ... 2017-10-12]
Show findings first found starting 2017-10-01, ending 1 month ago
vulnerabilities.firstFound: [2017-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second ago
vulnerabilities.firstFound: [now-2w ... now-1s]
Show findings first found on certain date
vulnerabilities.firstFound:'2017-09-22'
Show findings first found in the past 10 days with severity 5
vulnerabilities: (firstFound > now-10d AND severity: "5")
vulnerabilities.fixedvulnerabilities.fixed
Use a date range or specific date to define when vulnerabilities on container were fixed.
Examples
Show findings fixed within certain dates
vulnerabilities.fixed: [2017-10-01 ... 2017-10-12]
Show findings fixed starting 2017-10-01, ending 1 month ago
vulnerabilities.fixed: [2017-10-01 ... now-1M]
Show findings fixed starting 2 weeks ago, ending 1 second ago
vulnerabilities.fixed: [now-2w ... now-1s]
Show findings fixed on certain date
vulnerabilities.fixed:'2017-09-22'
Show findings fixed in the past 10 days with severity 5
vulnerabilities: (fixed > now-10d AND severity: "5")
vulnerabilities.lastFoundvulnerabilities.lastFound
Use a date range or specific date to define when vulnerabilities on container were last found.
Examples
Show findings last found within certain dates
vulnerabilities.lastFound: [2017-10-02 ... 2017-10-15]
Show findings last found starting 2017-10-01, ending 1 month ago
vulnerabilities.lastFound: [2017-10-01 ... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
vulnerabilities.lastFound: [now-2w ... now-1s]
Show findings last found on certain date
vulnerabilities.lastFound:'2017-10-11'
Show findings last found on 2017-10-12 and category CGI
vulnerabilities: (lastFound: '2017-10-12' AND category: "CGI")
vulnerabilities.productvulnerabilities.product
Use a text value ##### to find containers having vulnerabilities on a certain vendor product (moodle, gnome, code-crafters, etc). See Product References in online help for vendor names.
Example
Show findings for this product
vulnerabilities.product: "moodle"
vulnerabilities.resultvulnerabilities.result
Use a text value ##### to find software packages that have vulnerabilities. This is scan (QID) test result generated by signature.
Example
Show findings with libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4
vulnerabilities.result: "libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4"
vulnerabilities.riskvulnerabilities.risk
Use an integer value ##### to find containers with vulnerabilities having a certain risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.
Example
Show findings with risk 50
vulnerabilities.risk: 50
vulnerabilities.severityvulnerabilities.severity
Use an integer value ##### to find containers having vulnerabilities with this Qualys defined severity (1-5).
Example
Show findings with severity 4
vulnerabilities.severity: "4"
Show findings with severity 5 and category DNS
vulnerabilities: (severity: "5" AND category: "DNS")
vulnerabilities.statusvulnerabilities.status
Use a text value ##### to find containers having vulnerabilities with a vulnerability status (OPEN, FIXED or REOPENED).
Example
Show findings with this status
vulnerabilities.status: "OPEN"
vulnerabilities.supportedByvulnerabilities.supportedBy
Use a text value ##### to find containers with vulnerabilities that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows Agent, CA-Linux Agent, CA-Mac Agent).
Example
Show findings supported by VM
vulnerabilities.supportedBy: "VM"
vulnerabilities.threatIntel.activeAttacksvulnerabilities.threatIntel.activeAttacks
Use the values true | false to find containers with vulnerabilities leading to real-time threats due to active attacks.
Example
Show containers exposed to threats due to active attacks
vulnerabilities.threatIntel.activeAttacks: true
vulnerabilities.threatIntel.denialOfServicevulnerabilities.threatIntel.denialOfService
Use the values true | false to find containers with vulnerabilities leading to real-time threats due to denial of service.
Example
Show containers having threats due to denial of service
vulnerabilities.threatIntel.denialOfService: true
vulnerabilities.threatIntel.easyExploitvulnerabilities.threatIntel.easyExploit
Use the values true | false to find containers with vulnerabilities leading to real-time threats due to easy exploit.
Example
Show containers exposed to threats due to easy exploit
vulnerabilities.threatIntel.easyExploit: true
vulnerabilities.threatIntel.highDataLossvulnerabilities.threatIntel.highDataLoss
Use the values true | false to find containers with vulnerabilities leading to real-time threats due to high data loss.
Example
Show containers exposed to threats due to high data loss
vulnerabilities.threatIntel.highDataLoss: true
vulnerabilities.threatIntel.highLateralMovementvulnerabilities.threatIntel.highLateralMovement
Use the values true | false to find containers with vulnerabilities leading to real-time threats due to high lateral movement.
Example
Show containers exposed to threats due to high lateral movement
vulnerabilities.threatIntel.highLateralMovement: true
vulnerabilities.threatIntel.malwarevulnerabilities.threatIntel.malware
Use the values true | false to find containers with vulnerabilities leading to real-time threats due to malware.
Example
Show containers exposed to threats due to malware
vulnerabilities.threatIntel.malware: true
vulnerabilities.threatIntel.noPatchvulnerabilities.threatIntel.noPatch
Use the values true | false to find containers with vulnerabilities leading to real-time threats due to no patch available.
Example
Show containers exposed to threats due to no patch available
vulnerabilities.threatIntel.noPatch: true
vulnerabilities.threatIntel.publicExploitvulnerabilities.threatIntel.publicExploit
Use the values true | false to find containers with vulnerabilities leading to real-time threats due to public exploit.
Example
Show containers exposed to threats due to public exploit
vulnerabilities.threatIntel.publicExploit: true
vulnerabilities.typeDetectedvulnerabilities.typeDetected
Use a text value ##### to find containers having vulnerabilities with a detection type (CONFIRMED or POTENTIAL).
Example
Show findings with this detection type
vulnerabilities.typeDetected: "CONFIRMED"
vulnerabilities.vendorvulnerabilities.vendor
Use a text value ##### to find containers having vulnerabilities on product from a certain vendor. See Vendor References in online help for vendor names.
Example
Show findings for this vendor
vulnerabilities.vendor: "vendor-name"
vulnerabilities.qidvulnerabilities.qid
Use an integer value ##### to provide a QID to find containers with certain vulnerability.
Example
Show findings with QID 90405
vulnerabilities.qid: 90405
vulnerabilities.titlevulnerabilities.title
Use an text value ##### to provide a title to find containers with certain vulnerability.
Example
Show findings with title
vulnerabilities.title: title text
vulnerabilities.software.namevulnerabilities.software.name
Use a text value ##### to find vulnerability present in certain software.
Example
Show findings with software container.instance.name
vulnerabilities.software.name: my-app
vulnerabilities.software.versionvulnerabilities.software.version
Use a text value ##### to find vulnerability present in certain software version.
Example
Show findings with software version
vulnerabilities.software.version: 8.0
vulnerabilities.software.fixVersionvulnerabilities.software.fixVersion
Use a text value ##### to find vulnerability present in certain software fix version.
Example
Show findings with certain fix version
vulnerabilities.software.fixVersion: 8.0
container.service.namecontainer.service.name
Use a text value ##### to find containers with specific services running on them.
Example
Show findings with service container.instance.name
container.service.name: sshd
container.service.descriptioncontainer.service.description
Use a text value ##### to find containers with the description of specific services running on them.
Example
Show findings with service description
container.service.description: Secure Socket Shell
container.service.statuscontainer.service.status
Use a text value ##### to find containers with the status of specific services running on them. Status could be RUNNING, STOPPED, etc.
Example
Show findings with service status
container.service.status: RUNNING
andand
Use a Boolean query to express your query using AND logic.
Example
Show containers in Running container.instance.state and running processes as root
container.instance.state: RUNNING and container..instance.isRoot: true
notnot
Use a Boolean query to express your query using NOT logic.
Example
Show containers that are not in Running container.instance.state
not container.instance.state: RUNNING
oror
Use a Boolean query to express your query using OR logic.
Example
Show containers that are in one of these states
container.instance.state: DELETED or container.instance.state: UNKNOWN
vendorData.rhsa.severityvendorData.rhsa.severity
Use a text value ##### to find containers with the RHSA Severity of specific VendorData. RHSA severity could be moderate, important, low, or critical.
Example
Show images with vendorData.rhsa.severity to be 'moderate'.
vendorData.rhsa.severity: moderate
vendorData.rhsa.idvendorData.rhsa.id
Use a value ##### to find containers with a specific RHSA ID of the VendorData.
Example
Show images with RHSA ID RHSA-2023:5476 of the VendorData.
vendorData.rhsa-id: "RHSA-2023:5476"
vendorData.rhsa.cve.severityvendorData.rhsa.cve.severity
Use a text value ##### to find containers with the RHSA CVE Severity of the specific VendorData. RHSA CVE Severity could be moderate, important, low, or critical.
Example
Show images with vendorData.rhsa.cve.severity to be 'critical'.
vendorData.rhsa.cve.severity: critical
vendorData.rhsa.cve.cvss2.baseScorevendorData.rhsa.cve.cvss2.baseScore
Use a text value ##### to find containers with the RHSA CVE CVSS2 BaseScore of the VendorData. Allowed values - '0' to '10'.
Example
Show images with vendorData.rhsa.cve.cvss2.basescore to be '10'.
vendorData.rhsa.cve.cvss2.baseScore:10
vendorData.rhsa.cve.cvss3.baseScorevendorData.rhsa.cve.cvss3.baseScore
Use a text value ##### to find containers with the RHSA CVE CVSS3 BaseScore of the VendorData. Allowed values - '0' to '10'.
Example
Show images with vendorData.rhsa.cve.cvss3.basescore to be '8'.
vendorData.rhsa.cve.cvss3.baseScore:8
container.instance.account.qlpcontainer.instance.account.qlp
Use a text value ##### to find containers with account qlp.
Example
Show containers with account qlp - aws://eks/us-west-2/123456789012.
container.instance.account.qlp: aws://eks/us-west-2/123456789012
container.instance.cluster.qlpcontainer.instance.cluster.qlp
Use a text value ##### to find containers with cluster qlp.
Example
Show containers with cluster qlp - aws://eks/us-west-2/123456789012/my-eks-cluster.
container.instance.cluster.qlp:aws://eks/us-west-2/123456789012/my-eks-cluster
container.instance.namespace.qlpcontainer.instance.namespace.qlp
Use a text value ##### to find containers with namespace qlp.
Example
Show containers with namespace qlp - aws://eks/us-west-2/123456789012/my-eks-cluster/prod-namespace.
container.instance.namespace.qlp: aws://eks/us-west-2/123456789012/my-eks-cluster/prod-namespace
container.instance.pod.qlpcontainer.instance.pod.qlp
Use a text value ##### to find containers with POD qlp.
Example
Show containers with namespace qlp - aws://eks/us-west-2/123456789012/my-eks-cluster/prod-namespace/nginx-pod.
container.instance.pod.qlp: aws://eks/us-west-2/123456789012/my-eks-cluster/prod-namespace/nginx-pod
container.instance.qlpcontainer.instance.qlp
Use a text value ##### to find containers its qlp.
Example
Show container based on its qlp - aws://eks/us-west-2/123456789012/my-eks-cluster/prod-namespace/nginx-pod/nginx-app
container.instance.qlp: aws://eks/us-west-2/123456789012/my-eks-cluster/prod-namespace/nginx-pod/nginx-app
Also see,
Searching for Container Exceptions