Searching for Containers
Use the search tokens below to search for containers. Looking for help with writing your query? click here
argumentsarguments
Use a text value ##### to define a command line argument of interest.
Example
Show containers run with this command argument
arguments: family
cloudProvider.aws.ec2.instanceIdcloudProvider.aws.ec2.instanceId
Use a text value ##### to find containers deployed on an AWS EC2 instance using the EC2 instance ID.
Example
Show containers deployed on a AWS EC2 instance with this instance ID.
cloudProvider.aws.ec2.instanceId:"i-0ab8d3318979f529c"
cloudProvider.aws.ecs.accountIdcloudProvider.aws.ecs.accountId
Use a text value ##### to find AWS Fargate containers by the AWS ECS account ID.
Example
Show AWS Fargate containers with this AWS ECS account ID
cloudProvider.aws.ecs.accountId: 123456789012
cloudProvider.aws.ecs.clusterNamecloudProvider.aws.ecs.clusterName
Use a text value ##### to find AWS Fargate containers by the cluster name.
Example
Show AWS Fargate containers with this cluster name
cloudProvider.aws.ecs.clusterName: my-cluster
cloudProvider.aws.ecs.container.idcloudProvider.aws.ecs.container.id
Use a text value ##### to find AWS Fargate containers by the container ID.
Example
Show AWS Fargate containers with this container ID
cloudProvider.aws.ecs.container.id: 1234bafa-d5ac-6789-0ae1-23b4d5f67baa
cloudProvider.aws.ecs.container.macAddresscloudProvider.aws.ecs.container.macAddress
Use a text value ##### to find AWS Fargate containers by the container MAC address.
Example
Show AWS Fargate containers with this container MAC address
cloudProvider.aws.ecs.container.macAddress: 01:2d:a3:45:67:d8
cloudProvider.aws.ecs.container.subnetIdcloudProvider.aws.ecs.container.subnetId
Use a text value ##### to find AWS Fargate containers by the container subnet ID.
Example
Show AWS Fargate containers with this container subnet ID
cloudProvider.aws.ecs.container.subnetId: subnet-0b12c3a456fdaab78
cloudProvider.aws.ecs.region.codecloudProvider.aws.ecs.region.code
Use a text value ##### to find AWS Fargate containers by the region code.
Example
Show AWS Fargate containers with this region code
cloudProvider.aws.ecs.region.code: us-west-2
cluster.k8s.node.isMastercluster.k8s.node.isMaster
Use the values true | false to find containers running on the master node.
Example
Show containers running on master node
cluster.k8s.node.isMaster: true
cluster.k8s.node.namecluster.k8s.node.name
Use a text value ##### to find containers by the Kubernetes cluster node name.
Example
Show containers with this node name
cluster.k8s.node.name: my-node
cluster.k8s.pod.controller.namecluster.k8s.pod.controller.name
Use a text value ##### to find containers by the Kubernetes cluster pod controller name.
Example
Show containers with this pod controller name
cluster.k8s.pod.controller.name: my-controller
cluster.k8s.pod.controller.typecluster.k8s.pod.controller.type
Use a text value ##### to find containers by the Kubernetes cluster pod controller type (CronJob, DaemonSet, Deployment, Job, Node, ReplicaSet, ReplicationController, StatefulSet).
Example
Show containers with this pod controller type
cluster.k8s.pod.controller.type: ReplicationController
cluster.k8s.pod.controller.uuidcluster.k8s.pod.controller.uuid
Use a text value ##### to find containers by the Kubernetes cluster pod controller uuid.
Example
Show containers with this pod controller uuid
cluster.k8s.pod.controller.uuid: 01234567-89ab-cdef-0123-456789abcdef
cluster.k8s.pod.label.keycluster.k8s.pod.label.key
Use a text value ##### to find containers by a label name (key) assigned to the Kubernetes cluster pod.
Example
Show containers with this pod label name
cluster.k8s.pod.label.key: environment
cluster.k8s.pod.label.valuecluster.k8s.pod.label.value
Use a text value ##### to find containers by a label value assigned to the Kubernetes cluster pod.
Example
Show containers with this pod label value
cluster.k8s.pod.label.value: production
cluster.k8s.pod.namecluster.k8s.pod.name
Use a text value ##### to find containers by the Kubernetes cluster pod name.
Example
Show containers with this pod name
cluster.k8s.pod.name: my-pod
cluster.k8s.pod.namespacecluster.k8s.pod.namespace
Use a text value ##### to find containers by the Kubernetes cluster pod namespace.
Example
Show containers with this pod namespace
cluster.k8s.pod.namespace: my.namespace.example.com
cluster.k8s.pod.namespaceMetadata.labelscluster.k8s.pod.namespaceMetadata.labels
Use a text value ##### to find containers using labels assigned to a namespace.
Example
Show containers within a namespace using these labels assigned to the namespace.
cluster.k8s.pod.namespaceMetadata.labels:"label1:value1"
cluster.k8s.pod.namespaceMetadata.annotationscluster.k8s.pod.namespaceMetadata.annotations
Use a text value ##### to find containers using annotations assigned to a namespace.
Example
Show containers within a namespace using these annotations assigned to the namespace.
cluster.k8s.pod.namespaceMetadata.annotations:"annotation1:value1"
cluster.k8s.pod.uuidcluster.k8s.pod.uuid
Use a text value ##### to find containers by the Kubernetes cluster pod uuid.
Example
Show containers with this pod uuid
cluster.k8s.pod.uuid: 01234567-89ab-cdef-0123-456789abcdef
cluster.k8s.projectcluster.k8s.project
Use a text value ##### to find containers by the Kubernetes cluster project name.
Example
Show containers with this Kubernetes cluster project
cluster.k8s.project: my-project
cluster.typecluster.type
Use a text value ##### to find containers by the cluster type (KUBERNETES).
Example
Show containers with the Kubernetes cluster type
cluster.type: KUBERNETES
commandcommand
Use a text value ##### to define a command you're looking for.
Example
Show containers run with this command
command: /run.sh
containerIdcontainerId
Use a text value ##### to find a container ID.
Example
Show container with this ID
containerId: ed46df944e1c
controls.controlIdcontrols.controlId
Use a text value ##### to find controls by control ID.
Example
Show containers with this control ID
controls.controlId: 10826
controls.criticalitycontrols.criticality
Use a text value ##### to find controls by criticality level (MINIMAL, MEDIUM, SERIOUS, CRITICAL, URGENT).
Example
Show containers with URGENT controls
controls.criticality: "URGENT"
controls.posturecontrols.posture
Use a text value ##### to find controls by compliance posture (PASS, FAIL).
Example
Show containers with failed controls
controls.posture: "FAIL"
createdcreated
Use a date range or specific date to define when containers were created.
Examples
Find containers created within certain dates
created: [2017-06-15 ... 2017-06-30]
Find containers created on specific date
created:'2017-08-15'
environmentenvironment
Use a text value ##### to define an environment variable name you're interested in.
Example
Show containers with this environment variable
environment: "my-variable"
exceptions.nameexceptions.name
Use a text value ##### to specify the names of exceptions.
Example
Show containers on which these exceptions are applied.
exceptions.name: [Exception1,Exception2]
hostArchitecturehostArchitecture
Use a text value ##### to find containers based on the host architecture (amd64, arm64, x86_64).
Example
Show findings with arm64 host architecture
hostArchitecture: arm64
host.hostnamehost.hostname
Use a text value ##### to define the hostname you're looking for.
Example
Show containers with this hostname
host.hostname: dockerhost07.mydomain.com
host.ipAddresshost.ipAddress
Use a text value ##### to define a host IP address you're interested in.
Example
Show container with this IP address
host.ipAddress: 10.44.92.127
imageIdimageId
Use a text value ##### to define a container image ID of interest.
Example
Show containers with this image ID
imageId: c2d1b73a90ec
imageShaimageSha
Use a text value ##### to define SHA 256 hash of container image.
Example
Show container image with this SHA value
imageSha: 163dc7f6b91a30bdaa867c28e7edc341e72da63b0f9056be497bd59a83bce695
ipv4ipv4
Use a text value ##### to define a container IPv4 address of interest.
Example
Show containers on this IPv4 address
ipv4: 172.17.0.2
ipv6ipv6
Use a text value ##### to define a container IPv6 address of interest.
Example
Show containers on this IPv6 address
ipv6: fe80:0:0:0:2502:b53c:4139:404b
isDriftisDrift
Use the values true | false to find drift containers.
Example
Show drift containers
isDrift: true
isRootisRoot
Use the values true | false to find containers running processes as root. It refers to the privilege the running container has been started with; containers inherit the privilege of the user/process starting the container unless explicitly changed.
Example
Show containers running processes as root
isRoot: true
drift.categorydrift.category
Use a text value ##### to find containers having drift software or vulnerabilities (Software or Vulnerability).
Example
Show containers with drift software
drift.category: Software
drift.reasondrift.reason
Use a text value ##### to find containers with specific state of drift software or vulnerabilities (Fixed, New, Removed, Varied).
Example
Show drift reason
drift.reason: Fixed
label.keylabel.key
Use a text value ##### to find containers with a certain label name.
Example
Show containers with label name "vendor"
label.key: vendor
label.valuelabel.value
Use a text value ##### to find containers with a certain label value.
Example
Show containers with label value "CentOS"
label.value: CentOS
lastComplianceScanDatelastComplianceScanDate
Use a date range or specific date to define when containers were last scanned for compliance.
Examples
Show containers with last compliance scan within certain dates
lastComplianceScanDate: [2021-01-01 ... 2021-01-30]
Show containers with last compliance scan starting 2020-10-15, ending 1 month ago
lastComplianceScanDate: [2020-10-15 ... now-1M]
Show containers with last compliance scan starting 2 weeks ago, ending 1 second ago
lastComplianceScanDate: [now-2w ... now-1s]
Show containers with last compliance scan on specific date
lastComplianceScanDate:'2021-01-18'
lastVmScanDatelastVmScanDate
Use a date range or specific date to define when containers were last scanned for vulnerabilities.
Examples
Show containers last scanned within certain dates
lastVmScanDate: [2021-01-01 ... 2021-01-30]
Show containers last scanned starting 2020-10-15, ending 1 month ago
lastVmScanDate: [2020-10-15 ... now-1M]
Show containers last scanned starting 2 weeks ago, ending 1 second ago
lastVmScanDate: [now-2w ... now-1s]
Show containers last scanned on specific date
lastVmScanDate:'2021-01-18'
macAddressmacAddress
Use a text value ##### to define a container MAC address you're interested in.
Example
Show container with this MAC address
macAddress: 00-50-56-A9-73-5A
namename
Use a text value ##### to define the container name you're interested in.
Example
Show this container name
name: my-container
pathpath
Use a text value ##### to define the container path you're looking for. Enclose the path in double quotes.
Example
Show containers installed at this path
path: "/usr/path/container/"
portMapping.hostIpportMapping.hostIp
Use a text value ##### to define a port mapping host of interest.
Example
Show containers with this host mapping host IP
portMapping.hostIp: xxx.xxx.xxx.xxx
portMapping.hostPortportMapping.hostPort
Use an integer value ##### to define a port mapping host port you're looking for.
Example
Show containers with this host mapping host port
portMapping.hostPort: xxxxx
portMapping.portportMapping.port
Use an integer value ##### to define a port number on the container that is bound to the host port.
Example
Show containers with this port mapping port
portMapping.port: xxxxx
portMapping.protocolportMapping.protocol
Use a text value ##### to define a port mapping protocol you're interested in.
Example
Show containers with this port mapping protocol
portMapping.protocol: UDP
privilegedprivileged
Use the values true | false to find containers with privilege status true or false.
Example
Show containers whose privilege status is true
privileged: true
qdsSeverityqdsSeverity
Use this value to help you find containers with the QDS severity you're interested in.
Example
Show all containers having QDS severity as 'HIGH'.
qdsSeverity: HIGH
drift.software.namedrift.software.name
Use a text value ##### to find drift software with certain software name.
Example
Show findings with software name
drift.software.name: my-app
drift.software.versiondrift.software.version
Use a text value ##### to find drift software with certain software version.
Example
Show findings with software version
drift.software.version: 8.0
drift.software.fixVersiondrift.software.fixVersion
Use a text value ##### to find drift software with certain fix version.
Example
Show findings with certain fix version
drift.software.fixVersion: 8.0
drift.software.vulnerabilities.authTypedrift.software.vulnerabilities.authType
Use a text value ##### to find drift software vulnerabilities with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc). See Authentication Types in online help for more options.
Example
Show findings with Windows auth type
drift.software.vulnerabilities.authType: "WINDOWS_AUTH"
drift.software.vulnerabilities.categorydrift.software.vulnerabilities.category
Use a text value ##### to find drift software vulnerabilities with a vulnerability category (CGI, Database, DNS, BIND, etc). See Vulnerability Categories in online help for category names.
Example
Show findings with category CGI
drift.software.vulnerabilities.category: "CGI"
drift.software.vulnerabilities.customerSeveritydrift.software.vulnerabilities.customerSeverity
Use an integer value ##### to find drift software vulnerabilities with this customer defined severity (1-5).
Examples
Show findings with customer-defined severity 4
drift.software.vulnerabilities.customerSeverity: "4"
Show findings with customer-defined severity 5 and category DNS
drift.software.vulnerabilities: (customerSeverity: "5" AND category: "DNS")
drift.software.vulnerabilities.cveidsdrift.software.vulnerabilities.cveids
Use a text value ##### to find drift software vulnerabilities with CVE Ids.
Example
Show findings with CVE Ids
drift.software.vulnerabilities.cveids: "CVE-2014-9999"
drift.software.vulnerabilities.cvssInfo.accessVectordrift.software.vulnerabilities.cvssInfo.accessVector
Use a text value ##### to find drift software vulnerabilities with specific CVSS access vector.
Example
Show findings with CVSS access vector
drift.software.vulnerabilities.cvssInfo.accessVector: "Local"
drift.software.vulnerabilities.cvssInfo.baseScoredrift.software.vulnerabilities.cvssInfo.baseScore
Use a integer value ##### to find drift software vulnerabilities with specific CVSS base score.
Example
Show findings with CVSS base score
drift.software.vulnerabilities.cvssInfo.baseScore: "7.2"
drift.software.vulnerabilities.cvssInfo.temporalScoredrift.software.vulnerabilities.cvssInfo.temporalScore
Use a integer value ##### to find drift software vulnerabilities with specific CVSS temporal score.
Example
Show findings with CVSS temporal score
drift.software.vulnerabilities.cvssInfo.temporalScore: "6.2"
drift.software.vulnerabilities.cvss3Info.baseScoredrift.software.vulnerabilities.cvss3Info.baseScore
Use a integer value ##### to find drift software vulnerabilities with specific CVSS3 base score.
Example
Show findings with CVSS3 base score
drift.software.vulnerabilities.cvss3Info.baseScore: "4.3"
drift.software.vulnerabilities.cvss3Info.temporalScoredrift.software.vulnerabilities.cvss3Info.temporalScore
Use a integer value ##### to find drift software vulnerabilities with specific CVSS3 temporal score.
Example
Show findings with CVSS3 temporal score
drift.software.vulnerabilities.cvss3Info.temporalScore: "3.8"
drift.software.vulnerabilities.discoveryTypedrift.software.vulnerabilities.discoveryType
Use a text value ##### to find drift software vulnerabilities with a discovery type (REMOTE or AUTHENTICATED).
Example
Show findings with Remote discovery type
drift.software.vulnerabilities.discoveryType: "REMOTE"
drift.software.vulnerabilities.firstFounddrift.software.vulnerabilities.firstFound
Use a date range or specific date to find when drift software vulnerabilities were first found.
Examples
Show findings first found within certain dates
drift.software.vulnerabilities.firstFound: [2017-10-01 ... 2017-10-12]
Show findings first found starting 2017-10-01, ending 1 month ago
drift.software.vulnerabilities.firstFound: [2017-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second ago
drift.software.vulnerabilities.firstFound: [now-2w ... now-1s]
Show findings first found on certain date
drift.software.vulnerabilities.firstFound:'2017-09-22'
Show findings first found in the past 10 days with severity 5
drift.software.vulnerabilities: (firstFound > now-10d AND severity: "5")
drift.software.vulnerabilities.lastFounddrift.software.vulnerabilities.lastFound
Use a date range or specific date to find when drift software vulnerabilities were last found.
Examples
Show findings last found within certain dates
drift.software.vulnerabilities.lastFound: [2017-10-02 ... 2017-10-15]
Show findings last found starting 2017-10-01, ending 1 month ago
drift.software.vulnerabilities.lastFound: [2017-10-01 ... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
drift.software.vulnerabilities.lastFound: [now-2w ... now-1s]
Show findings last found on certain date
drift.software.vulnerabilities.lastFound:'2017-10-11'
Show findings last found on 2017-10-12 and category CGI
drift.software.vulnerabilities: (lastFound: '2017-10-12' AND category: "CGI")
drift.software.vulnerabilities.resultdrift.software.vulnerabilities.result
Use a text value ##### to find drift software packages that have vulnerabilities. This is scan (QID) test result generated by signature.
Example
Show findings with libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4
drift.software.vulnerabilities.result: "libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4"
drift.software.vulnerabilities.riskdrift.software.vulnerabilities.risk
Use an integer value ##### to find drift software vulnerabilities having a certain risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.
Example
Show findings with risk 50
drift.software.vulnerabilities.risk: 50
drift.software.vulnerabilities.severitydrift.software.vulnerabilities.severity
Use an integer value ##### to find drift software vulnerabilities with this Qualys defined severity (1-5).
Examples
Show findings with severity 4
drift.software.vulnerabilities.severity: "4"
Show findings with severity 5 and category DNS
drift.software.vulnerabilities: (severity: "5" AND category: "DNS")
drift.software.vulnerabilities.supportedBydrift.software.vulnerabilities.supportedBy
Use a text value ##### to find drift software vulnerabilities that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows Agent, CA-Linux Agent, CA-Mac Agent).
Example
Show findings supported by VM
drift.software.vulnerabilities.supportedBy: "VM"
drift.software.vulnerabilities.threatInteldrift.software.vulnerabilities.threatIntel
Use a text value ##### to find drift software vulnerabilities that are exposed to real-time threats.
Examples
Show findings exposed to public exploit threats
drift.software.vulnerabilities.threatIntel: "publicExploit": true
Show findings exposed to multiple threats
drift.software.vulnerabilities.threatIntel: {"publicExploit" : true, "publicExploitNames" : ["Sambar Server 4.3/4.4 Beta 3 - Search CGI - The Exploit-DB Ref : 20223" ]}
drift.software.vulnerabilities.typeDetecteddrift.software.vulnerabilities.typeDetected
Use a text value ##### to find drift software vulnerabilities with a detection type (CONFIRMED or POTENTIAL).
Example
Show findings with this detection type
drift.software.vulnerabilities.typeDetected: "CONFIRMED"
drift.software.vulnerabilities.qiddrift.software.vulnerabilities.qid
Use an integer value ##### to provide a QID to find containers having vulnerabilities in certain drift software.
Example
Show findings with QID 90405
drift.software.vulnerabilities.qid: 90405
drift.software.vulnerabilities.titledrift.software.vulnerabilities.title
Use an text value ##### to provide a title to find containers having vulnerabilities in certain drift software.
Example
Show findings with title
drift.software.vulnerabilities.title: title text
drift.software.vulnerabilities.software.namedrift.software.vulnerabilities.software.name
Use a text value ##### to find vulnerabilities present in certain drift software.
Example
Show findings with software name
drift.software.vulnerabilities.software.name: my-app
drift.software.vulnerabilities.software.versiondrift.software.vulnerabilities.software.version
Use a text value ##### to find vulnerabilities present in certain version of a drift software.
Example
Show findings with software version
drift.software.vulnerabilities.software.version: 8.0
drift.software.vulnerabilities.software.fixVersiondrift.software.vulnerabilities.software.fixVersion
Use a text value ##### to find vulnerabilities present in certain fix version of a drift software.
Example
Show findings with certain fix version
drift.software.vulnerabilities.software.fixVersion: 8.0
drift.software.vulnerabilities.sourcedrift.software.vulnerabilities.source
Use a text value ##### to find drift software vulnerabilities from specific source (CONTAINER, IMAGE, BOTH).
Example
Show drift software from images
drift.software.vulnerabilities.source: IMAGE
drift.software.vulnerabilities.reasondrift.software.vulnerabilities.reason
Use a text value ##### to find drift software vulnerabilities with specific state (Fixed, New, Removed, Varied)
Example
Show drift software that is new
drift.software.vulnerabilities.reason: NEW
drift.software.vulnerabilities.threatIntel.activeAttacksdrift.software.vulnerabilities.threatIntel.activeAttacks
Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to active attacks.
Example
Show containers exposed to threats due to active attacks
drift.software.vulnerabilities.threatIntel.activeAttacks: true
drift.software.vulnerabilities.threatIntel.denialOfServicedrift.software.vulnerabilities.threatIntel.denialOfService
Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to denial of service.
Example
Show containers having threats due to denial of service
drift.software.vulnerabilities.threatIntel.denialOfService: true
drift.software.vulnerabilities.threatIntel.easyExploitdrift.software.vulnerabilities.threatIntel.easyExploit
Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to easy exploit.
Example
Show containers exposed to threats due to easy exploit
drift.software.vulnerabilities.threatIntel.easyExploit: true
drift.software.vulnerabilities.threatIntel.highDataLossdrift.software.vulnerabilities.threatIntel.highDataLoss
Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to high data loss.
Example
Show containers exposed to threats due to high data loss
drift.software.vulnerabilities.threatIntel.highDataLoss: true
drift.software.vulnerabilities.threatIntel.highLateralMovementdrift.software.vulnerabilities.threatIntel.highLateralMovement
Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to high lateral movement.
Example
Show containers exposed to threats due to high lateral movement
drift.software.vulnerabilities.threatIntel.highLateralMovement: true
drift.software.vulnerabilities.threatIntel.malwaredrift.software.vulnerabilities.threatIntel.malware
Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to malware.
Example
Show containers exposed to threats due to malware
drift.software.vulnerabilities.threatIntel.malware: true
drift.software.vulnerabilities.threatIntel.noPatchdrift.software.vulnerabilities.threatIntel.noPatch
Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to no patch available.
Example
Show containers exposed to threats due to no patch available
drift.software.vulnerabilities.threatIntel.noPatch: true
drift.software.vulnerabilities.threatIntel.publicExploitdrift.software.vulnerabilities.threatIntel.publicExploit
Use the values true | false to find containers with drift software having vulnerabilities leading to real-time threats due to public exploit.
Example
Show containers exposed to threats due to public exploit
drift.software.vulnerabilities.threatIntel.publicExploit: true
drift.software.sourcedrift.software.source
Use a text value ##### to find drift software from specific source (CONTAINER, IMAGE, BOTH).
Example
Show drift software from images
drift.software.source: IMAGE
drift.software.reasondrift.software.reason
Use a text value ##### to find drift software with specific state (Fixed, New, Removed, Varied)
Example
Show drift software that is new
drift.software.reason: NEW
drift.vulnerability.authTypedrift.vulnerability.authType
Use a text value ##### to find drift vulnerabilities with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc). See Authentication Types in online help for more options.
Example
Show findings with Windows auth type
drift.vulnerability.authType: "WINDOWS_AUTH"
drift.vulnerability.categorydrift.vulnerability.category
Use a text value ##### to find drift vulnerabilities with a vulnerability category (CGI, Database, DNS, BIND, etc). See Vulnerability Categories in online help for category names.
Example
Show findings with category CGI
drift.vulnerability.category: "CGI"
drift.vulnerability.customerSeveritydrift.vulnerability.customerSeverity
Use an integer value ##### to find drift vulnerabilities with this customer defined severity (1-5).
Examples
Show findings with customer-defined severity 4
drift.vulnerability.customerSeverity: "4"
Show findings with customer-defined severity 5 and category DNS
drift.vulnerability: (customerSeverity: "5" AND category: "DNS")
drift.vulnerability.cveidsdrift.vulnerability.cveids
Use a text value ##### to find drift vulnerabilities with CVE Ids.
Example
Show findings with CVE Ids
drift.vulnerability.cveids: "CVE-2014-9999"
drift.vulnerability.cvssInfo.accessVectordrift.vulnerability.cvssInfo.accessVector
Use a text value ##### to find drift vulnerabilities with specific CVSS access vector.
Example
Show findings with CVSS access vector
drift.vulnerability.cvssInfo.accessVector: "Local"
drift.vulnerability.cvssInfo.baseScoredrift.vulnerability.cvssInfo.baseScore
Use a integer value ##### to find drift vulnerabilities with specific CVSS base score.
Example
Show findings with CVSS base score
drift.vulnerability.cvssInfo.baseScore: "7.2"
drift.vulnerability.cvssInfo.temporalScoredrift.vulnerability.cvssInfo.temporalScore
Use a integer value ##### to find drift vulnerabilities with specific CVSS temporal score.
Example
Show findings with CVSS temporal score
drift.vulnerability.cvssInfo.temporalScore: "6.2"
drift.vulnerability.cvss3Info.baseScoredrift.vulnerability.cvss3Info.baseScore
Use a integer value ##### to find drift vulnerabilities with specific CVSS3 base score.
Example
Show findings with CVSS3 base score
drift.vulnerability.cvss3Info.baseScore: "4.3"
drift.vulnerability.cvss3Info.temporalScoredrift.vulnerability.cvss3Info.temporalScore
Use a integer value ##### to find drift vulnerabilities with specific CVSS3 temporal score.
Example
Show findings with CVSS3 temporal score
drift.vulnerability.cvss3Info.temporalScore: "3.8"
drift.vulnerability.discoveryTypedrift.vulnerability.discoveryType
Use a text value ##### to find drift vulnerabilities with a discovery type (REMOTE or AUTHENTICATED).
Example
Show findings with Remote discovery type
drift.vulnerability.discoveryType: "REMOTE"
drift.vulnerability.firstFounddrift.vulnerability.firstFound
Use a date range or specific date to find when drift vulnerabilities were first found.
Examples
Show findings first found within certain dates
drift.vulnerability.firstFound: [2017-10-01 ... 2017-10-12]
Show findings first found starting 2017-10-01, ending 1 month ago
drift.vulnerability.firstFound: [2017-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second ago
drift.vulnerability.firstFound: [now-2w ... now-1s]
Show findings first found on certain date
drift.vulnerability.firstFound:'2017-09-22'
Show findings first found in the past 10 days with severity 5
drift.vulnerability: (firstFound > now-10d AND severity: "5")
drift.vulnerability.fixeddrift.vulnerability.fixed
Use a date range or specific date to find fixed drift vulnerabilities.
Examples
Show findings first found within certain dates
drift.vulnerability.fixed: [2017-10-01 ... 2017-10-12]
Show findings first found starting 2017-10-01, ending 1 month ago
drift.vulnerability.fixed: [2017-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second ago
drift.vulnerability.fixed: [now-2w ... now-1s]
Show findings first found on certain date
drift.vulnerability.fixed:'2017-09-22'
Show findings first found in the past 10 days with severity 5
drift.vulnerability: (fixed > now-10d AND severity: "5")
drift.vulnerability.lastFounddrift.vulnerability.lastFound
Use a date range or specific date to find when drift vulnerabilities were last found.
Examples
Show findings last found within certain dates
drift.vulnerability.lastFound: [2017-10-02 ... 2017-10-15]
Show findings last found starting 2017-10-01, ending 1 month ago
drift.vulnerability.lastFound: [2017-10-01 ... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
drift.vulnerability.lastFound: [now-2w ... now-1s]
Show findings last found on certain date
drift.vulnerability.lastFound:'2017-10-11'
Show findings last found on 2017-10-12 and category CGI
drift.vulnerability: (lastFound: '2017-10-12' AND category: "CGI")
drift.vulnerability.resultdrift.vulnerability.result
Use a text value ##### to find software packages that have drift vulnerabilities. This is scan (QID) test result generated by signature.
Example
Show findings with libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4
drift.vulnerability.result: "libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4"
drift.vulnerability.riskdrift.vulnerability.risk
Use an integer value ##### to find drift vulnerabilities having a certain risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.
Example
Show findings with risk 50
drift.vulnerability.risk: 50
drift.vulnerability.severitydrift.vulnerability.severity
Use an integer value ##### to find drift vulnerabilities with this Qualys defined severity (1-5).
Examples
Show findings with severity 4
drift.vulnerability.severity: "4"
Show findings with severity 5 and category DNS
drift.vulnerability: (severity: "5" AND category: "DNS")
drift.vulnerability.statusdrift.vulnerability.status
Use a text value ##### to find drift vulnerabilities with a vulnerability status (OPEN, FIXED or REOPENED).
Example
Show findings with this status
drift.vulnerability.status: "OPEN"
drift.vulnerability.supportedBydrift.vulnerability.supportedBy
Use a text value ##### to find drift vulnerabilities that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows Agent, CA-Linux Agent, CA-Mac Agent).
Example
Show findings supported by VM
drift.vulnerability.supportedBy: "VM"
drift.vulnerability.threatInteldrift.vulnerability.threatIntel
Use a text value ##### to find drift vulnerabilities that are exposed to real-time threats.
Examples
Show findings exposed to public exploit threats
drift.vulnerability.threatIntel: "publicExploit": true
Show findings exposed to multiple threats
drift.vulnerability.threatIntel: {"publicExploit" : true, "publicExploitNames" : ["Sambar Server 4.3/4.4 Beta 3 - Search CGI - The Exploit-DB Ref : 20223" ]}
drift.vulnerability.typeDetecteddrift.vulnerability.typeDetected
Use a text value ##### to find drift vulnerabilities with a detection type (CONFIRMED or POTENTIAL).
Example
Show findings with this detection type
drift.vulnerability.typeDetected: "CONFIRMED"
drift.vulnerability.qiddrift.vulnerability.qid
Use an integer value ##### to provide a QID to find containers with certain drift vulnerability.
Example
Show findings with QID 90405
drift.vulnerability.qid: 90405
drift.vulnerability.titledrift.vulnerability.title
Use an text value ##### to provide a title to find containers with certain drift vulnerability.
Example
Show findings with title
drift.vulnerability.title: title text
drift.vulnerability.software.namedrift.vulnerability.software.name
Use a text value ##### to find drift vulnerability present in certain software.
Example
Show findings with software name
drift.vulnerability.software.name: my-app
drift.vulnerability.software.versiondrift.vulnerability.software.version
Use a text value ##### to find drift vulnerability present in certain software version.
Example
Show findings with software version
drift.vulnerability.software.version: 8.0
drift.vulnerability.software.fixVersiondrift.vulnerability.software.fixVersion
Use a text value ##### to find drift vulnerability present in certain software fix version.
Example
Show findings with certain fix version
drift.vulnerability.software.fixVersion: 8.0
drift.vulnerability.sourcedrift.vulnerability.source
Use a text value ##### to find drift vulnerability from specific source (CONTAINER, IMAGE, BOTH).
Example
Show drift software from images
drift.vulnerability.source: IMAGE
drift.vulnerability.reasondrift.vulnerability.reason
Use a text value ##### to find drift vulnerability with specific state (Fixed, New, Removed, Varied)
Example
Show drift software that is new
drift.vulnerability.reason: NEW
drift.vulnerability.threatIntel.activeAttacksdrift.vulnerability.threatIntel.activeAttacks
Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to active attacks.
Example
Show containers exposed to threats due to active attacks
drift.vulnerability.threatIntel.activeAttacks: true
drift.vulnerability.threatIntel.denialOfServicedrift.vulnerability.threatIntel.denialOfService
Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to denial of service.
Example
Show containers having threats due to denial of service
drift.vulnerability.threatIntel.denialOfService: true
drift.vulnerability.threatIntel.easyExploitdrift.vulnerability.threatIntel.easyExploit
Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to easy exploit.
Example
Show containers exposed to threats due to easy exploit
drift.vulnerability.threatIntel.easyExploit: true
drift.vulnerability.threatIntel.highDataLossdrift.vulnerability.threatIntel.highDataLoss
Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to high data loss.
Example
Show containers exposed to threats due to high data loss
drift.vulnerability.threatIntel.highDataLoss: true
drift.vulnerability.threatIntel.highLateralMovementdrift.vulnerability.threatIntel.highLateralMovement
Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to high lateral movement.
Example
Show containers exposed to threats due to high lateral movement
drift.vulnerability.threatIntel.highLateralMovement: true
drift.vulnerability.threatIntel.malwaredrift.vulnerability.threatIntel.malware
Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to malware.
Example
Show containers exposed to threats due to malware
drift.vulnerability.threatIntel.malware: true
drift.vulnerability.threatIntel.noPatchdrift.vulnerability.threatIntel.noPatch
Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to no patch available.
Example
Show containers exposed to threats due to no patch available
drift.vulnerability.threatIntel.noPatch: true
drift.vulnerability.threatIntel.publicExploitdrift.vulnerability.threatIntel.publicExploit
Use the values true | false to find containers with drift vulnerabilities leading to real-time threats due to public exploit.
Example
Show containers exposed to threats due to public exploit
drift.vulnerability.threatIntel.publicExploit: true
maxQdsScoremaxQdsScore
Specify the maximum QDS score. It shows the containers having maximum QDS score.
Example
Show containers having maximum value of QDS Score as 95.
maxQdsScore: 95
riskScoreriskScore
Use a number value ##### to find images having a certain risk score.
Example
Show findings with this tag.
riskScore: "60"
shasha
Use a text value ##### to define SHA 256 hash of container image.
Example
Show findings with this SHA value
sha: 163dc7f6b91a30bdaa867c28e7edc341e72da63b0f9056be497bd59a83bce695
software.namesoftware.name
Use a text value ##### to find the software application name you're looking for.
Example
Show containers with this software name
software.name: MyApp
software.versionsoftware.version
Use a text value ##### to find the software application version of interest.
Example
Show containers with this software version
software.version: 2.0.3
software.fixVersionsoftware.fixVersion
Use a text value ##### to find software with specific fix version.
Example
Show containers with this software version
software.fixVersion: 2.0.3
software.vulnerabilities.authTypesoftware.vulnerabilities.authType
Use a text value ##### to find software vulnerabilities with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc). See Authentication Types in online help for more options.
Example
Show findings with Windows auth type
software.vulnerabilities.authType: "WINDOWS_AUTH"
software.vulnerabilities.categorysoftware.vulnerabilities.category
Use a text value ##### to find software vulnerabilities with a vulnerability category (CGI, Database, DNS, BIND, etc). See Vulnerability Categories in online help for category names.
Example
Show findings with category CGI
software.vulnerabilities.category: "CGI"
software.vulnerabilities.customerSeveritysoftware.vulnerabilities.customerSeverity
Use an integer value ##### to find software vulnerabilities with this customer defined severity (1-5).
Examples
Show findings with customer-defined severity 4
software.vulnerabilities.customerSeverity: "4"
Show findings with customer-defined severity 5 and category DNS
software.vulnerabilities: (customerSeverity: "5" AND category: "DNS")
software.vulnerabilities.cveidssoftware.vulnerabilities.cveids
Use a text value ##### to find software vulnerabilities with CVE Ids.
Example
Show findings with CVE Ids
software.vulnerabilities.cveids: "CVE-2014-9999"
software.vulnerabilities.cvssInfo.accessVectorsoftware.vulnerabilities.cvssInfo.accessVector
Use a text value ##### to find containers having software vulnerabilities with specific CVSS access vector.
Example
Show findings with CVSS access vector
software.vulnerabilities.cvssInfo.accessVector: "Local"
software.vulnerabilities.cvssInfo.baseScoresoftware.vulnerabilities.cvssInfo.baseScore
Use a integer value ##### to find containers having software vulnerabilities with specific CVSS base score.
Example
Show findings with CVSS base score
software.vulnerabilities.cvssInfo.baseScore: "7.2"
software.vulnerabilities.cvssInfo.temporalScoresoftware.vulnerabilities.cvssInfo.temporalScore
Use a integer value ##### to find containers having software vulnerabilities with specific CVSS temporal score.
Example
Show findings with CVSS temporal score
software.vulnerabilities.cvssInfo.temporalScore: "6.2"
software.vulnerabilities.cvss3Info.baseScoresoftware.vulnerabilities.cvss3Info.baseScore
Use a integer value ##### to find containers having software vulnerabilities with specific CVSS3 base score.
Example
Show findings with CVSS3 base score
software.vulnerabilities.cvss3Info.baseScore: "4.3"
software.vulnerabilities.cvss3Info.temporalScoresoftware.vulnerabilities.cvss3Info.temporalScore
Use a integer value ##### to find containers having software vulnerabilities with specific CVSS3 temporal score.
Example
Show findings with CVSS3 temporal score
software.vulnerabilities.cvss3Info.temporalScore: "3.8"
software.vulnerabilities.discoveryTypesoftware.vulnerabilities.discoveryType
Use a text value ##### to find software vulnerabilities with a discovery type (REMOTE or AUTHENTICATED).
Example
Show findings with Remote discovery type
software.vulnerabilities.discoveryType: "REMOTE"
software.vulnerabilities.firstFoundsoftware.vulnerabilities.firstFound
Use a date range or specific date to find when software vulnerabilities were first found.
Examples
Show findings first found within certain dates
software.vulnerabilities.firstFound: [2017-10-01 ... 2017-10-12]
Show findings first found starting 2017-10-01, ending 1 month ago
software.vulnerabilities.firstFound: [2017-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second ago
software.vulnerabilities.firstFound: [now-2w ... now-1s]
Show findings first found on certain date
software.vulnerabilities.firstFound:'2017-09-22'
Show findings first found in the past 10 days with severity 5
software.vulnerabilities: (firstFound > now-10d AND severity: "5")
software.vulnerabilities.fixedsoftware.vulnerabilities.fixed
Use a date range or specific date to find software with vulnerabilities that are fixed.
Examples
Show findings first found within certain dates
software.vulnerabilities.fixed: [2017-10-01 ... 2017-10-12]
Show findings first found starting 2017-10-01, ending 1 month ago
software.vulnerabilities.fixed: [2017-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second ago
software.vulnerabilities.fixed: [now-2w ... now-1s]
Show findings first found on certain date
software.vulnerabilities.fixed:'2017-09-22'
Show findings first found in the past 10 days with severity 5
software.vulnerabilities: (fixed > now-10d AND severity: "5")
software.vulnerabilities.lastFoundsoftware.vulnerabilities.lastFound
Use a date range or specific date to find when software vulnerabilities were last found.
Examples
Show findings last found within certain dates
software.vulnerabilities.lastFound: [2017-10-02 ... 2017-10-15]
Show findings last found starting 2017-10-01, ending 1 month ago
software.vulnerabilities.lastFound: [2017-10-01 ... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
software.vulnerabilities.lastFound: [now-2w ... now-1s]
Show findings last found on certain date
software.vulnerabilities.lastFound:'2017-10-11'
Show findings last found on 2017-10-12 and category CGI
software.vulnerabilities: (lastFound: '2017-10-12' AND category: "CGI")
software.vulnerabilities.resultsoftware.vulnerabilities.result
Use a text value ##### to find software packages that have vulnerabilities. This is scan (QID) test result generated by signature.
Example
Show findings with libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4
software.vulnerabilities.result: "libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4"
software.vulnerabilities.risksoftware.vulnerabilities.risk
Use an integer value ##### to find software vulnerabilities having a certain risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.
Example
Show findings with risk 50
software.vulnerabilities.risk: 50
software.vulnerabilities.severitysoftware.vulnerabilities.severity
Use an integer value ##### to find software vulnerabilities with this Qualys defined severity (1-5).
Examples
Show findings with severity 4
software.vulnerabilities.severity: "4"
Show findings with severity 5 and category DNS
software.vulnerabilities: (severity: "5" AND category: "DNS")
software.vulnerabilities.supportedBysoftware.vulnerabilities.supportedBy
Use a text value ##### to find software vulnerabilities that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows Agent, CA-Linux Agent, CA-Mac Agent).
Example
Show findings supported by VM
software.vulnerabilities.supportedBy: "VM"
software.vulnerabilities.threatIntelsoftware.vulnerabilities.threatIntel
Use a text value ##### to find software vulnerabilities that are exposed to real-time threats.
Examples
Show findings exposed to public exploit threats
software.vulnerabilities.threatIntel: "publicExploit": true
Show findings exposed to multiple threats
software.vulnerabilities.threatIntel: {"publicExploit" : true, "publicExploitNames" : ["Sambar Server 4.3/4.4 Beta 3 - Search CGI - The Exploit-DB Ref : 20223" ]}
software.vulnerabilities.typeDetectedsoftware.vulnerabilities.typeDetected
Use a text value ##### to find software vulnerabilities with a detection type (CONFIRMED or POTENTIAL).
Example
Show findings with this detection type
software.vulnerabilities.typeDetected: "CONFIRMED"
software.vulnerabilities.qidsoftware.vulnerabilities.qid
Use an integer value ##### to provide a QID to find containers with software having certain vulnerability.
Example
Show findings with QID 90405
software.vulnerabilities.qid: 90405
software.vulnerabilities.titlesoftware.vulnerabilities.title
Use an text value ##### to provide a title to find containers with software having certain vulnerability.
Example
Show findings with title
software.vulnerabilities.title: title text
software.vulnerabilities.software.namesoftware.vulnerabilities.software.name
Use a text value ##### to find vulnerability present in certain software.
Example
Show findings with software name
software.vulnerabilities.software.name: my-app
software.vulnerabilities.software.versionsoftware.vulnerabilities.software.version
Use a text value ##### to find vulnerability present in certain software version.
Example
Show findings with software version
software.vulnerabilities.software.version: 8.0
software.vulnerabilities.software.fixVersionsoftware.vulnerabilities.software.fixVersion
Use a text value ##### to find vulnerability present in certain software fix version.
Example
Show findings with certain fix version
software.vulnerabilities.software.fixVersion: 8.0
software.vulnerabilities.sourcesoftware.vulnerabilities.source
Use a text value ##### to find software vulnerability from specific source (CONTAINER, IMAGE, BOTH).
Example
Show software software from images
software.vulnerabilities.source: IMAGE
software.vulnerabilities.reasonsoftware.vulnerabilities.reason
Use a text value ##### to find software vulnerability with specific state (Fixed, New, Removed, Varied)
Example
Show software software that is new
software.vulnerabilities.reason: NEW
software.vulnerabilities.threatIntel.activeAttackssoftware.vulnerabilities.threatIntel.activeAttacks
Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to active attacks.
Example
Show containers exposed to threats due to active attacks
software.vulnerabilities.threatIntel.activeAttacks: true
software.vulnerabilities.threatIntel.denialOfServicesoftware.vulnerabilities.threatIntel.denialOfService
Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to denial of service.
Example
Show containers having threats due to denial of service
software.vulnerabilities.threatIntel.denialOfService: true
software.vulnerabilities.threatIntel.easyExploitsoftware.vulnerabilities.threatIntel.easyExploit
Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to easy exploit.
Example
Show containers exposed to threats due to easy exploit
software.vulnerabilities.threatIntel.easyExploit: true
software.vulnerabilities.threatIntel.highDataLosssoftware.vulnerabilities.threatIntel.highDataLoss
Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to high data loss.
Example
Show containers exposed to threats due to high data loss
software.vulnerabilities.threatIntel.highDataLoss: true
software.vulnerabilities.threatIntel.highLateralMovementsoftware.vulnerabilities.threatIntel.highLateralMovement
Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to high lateral movement.
Example
Show containers exposed to threats due to high lateral movement
software.vulnerabilities.threatIntel.highLateralMovement: true
software.vulnerabilities.threatIntel.malwaresoftware.vulnerabilities.threatIntel.malware
Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to malware.
Example
Show containers exposed to threats due to malware
software.vulnerabilities.threatIntel.malware: true
software.vulnerabilities.threatIntel.noPatchsoftware.vulnerabilities.threatIntel.noPatch
Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to no patch available.
Example
Show containers exposed to threats due to no patch available
software.vulnerabilities.threatIntel.noPatch: true
software.vulnerabilities.threatIntel.publicExploitsoftware.vulnerabilities.threatIntel.publicExploit
Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to public exploit.
Example
Show containers exposed to threats due to public exploit
software.vulnerabilities.threatIntel.publicExploit: true
sourcesource
Use a text value ##### to find containers from specific source (GENERAL, HOST, SERVERLESS_FARGATE).
Example
Show containers on host
source: HOST
statestate
Use a text value ##### to find containers in certain state (CREATED, RUNNING, STOPPED, PAUSED, DELETED).
Example
Show containers in a certain state
state: "Running"
stateChangedstateChanged
Use a date range or specific date to define when containers changed state. When entering a date use YYYY-MM-DD format.
Examples
Show containers that changed state within certain dates
stateChanged: [2019-10-01 ... 2019-10-12]
Show containers that changed state starting October 1st and ending 1 month ago
stateChanged: [2019-10-01 ... now-1M]
Show containers that changed state starting 2 weeks ago, ending 1 second ago
stateChanged: [now-2w ... now-1s]
Show containers that changed state on certain date
stateChanged:'2019-09-22'
updatedupdated
Use a date range or specific date to define when containers were updated. The updated date is modified with each event on the container, and with vulnerability report processing for the container.
Examples
Find containers updated within certain dates
updated: [2019-06-15 ... 2019-06-30]
Find containers updated on specific date
updated:'2019-08-15'
usersusers
Use a text value ##### to find a user name configured inside a container image/running-container. The user can be any container user: root or non-root.
Example
Show findings with this user name
users: asmith
vulnerabilities.authTypevulnerabilities.authType
Use a text value ##### to find containers having vulnerabilities with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc). See Authentication Types in online help for more options.
Example
Show findings with Windows auth type
vulnerabilities.authType: "WINDOWS_AUTH"
vulnerabilities.categoryvulnerabilities.category
Use a text value ##### to find containers with vulnerabilities having a vulnerability category (CGI, Database, DNS, BIND, etc). See Vulnerability Categories in online help for category names.
Example
Show findings with category CGI
vulnerabilities.category: "CGI"
vulnerabilities.customerSeverityvulnerabilities.customerSeverity
Use an integer value ##### to find containers having vulnerabilities with this customer defined severity (1-5).
Examples
Show findings with customer-defined severity 4
vulnerabilities.customerSeverity: "4"
Show findings with customer-defined severity 5 and category DNS
vulnerabilities: (customerSeverity: "5" AND category: "DNS")
vulnerabilities.cveidsvulnerabilities.cveids
Use a text value ##### to find the CVE name you're interested in.
Example
Show findings with CVE name CVE-2015-0313
vulnerabilities.cveids: CVE-2015-0313
vulnerabilities.cvssInfo.accessVectorvulnerabilities.cvssInfo.accessVector
Use a text value ##### to find containers having vulnerabilities with specific CVSS access vector.
Example
Show findings with CVSS access vector
vulnerabilities.cvssInfo.accessVector: "Local"
vulnerabilities.cvssInfo.baseScorevulnerabilities.cvssInfo.baseScore
Use a integer value ##### to find containers having vulnerabilities with specific CVSS base score.
Example
Show findings with CVSS base score
vulnerabilities.cvssInfo.baseScore: "7.2"
vulnerabilities.cvssInfo.temporalScorevulnerabilities.cvssInfo.temporalScore
Use a integer value ##### to find containers having vulnerabilities with specific CVSS temporal score.
Example
Show findings with CVSS temporal score
vulnerabilities.cvssInfo.temporalScore: "6.2"
vulnerabilities.cvss3Info.baseScorevulnerabilities.cvss3Info.baseScore
Use a integer value ##### to find containers having vulnerabilities with specific CVSS3 base score.
Example
Show findings with CVSS3 base score
vulnerabilities.cvss3Info.baseScore: "4.3"
vulnerabilities.cvss3Info.temporalScorevulnerabilities.cvss3Info.temporalScore
Use a integer value ##### to find containers having vulnerabilities with specific CVSS3 temporal score.
Example
Show findings with CVSS3 temporal score
vulnerabilities.cvss3Info.temporalScore: "3.8"
vulnerabilities.discoveryTypevulnerabilities.discoveryType
Use a text value ##### to find containers having vulnerabilities with a discovery type (REMOTE or AUTHENTICATED).
Example
Show findings with Remote discovery type
vulnerabilities.discoveryType: "REMOTE"
vulnerabilities.firstFoundvulnerabilities.firstFound
Use a date range or specific date to define when vulnerabilities on container were first found.
Examples
Show findings first found within certain dates
vulnerabilities.firstFound: [2017-10-01 ... 2017-10-12]
Show findings first found starting 2017-10-01, ending 1 month ago
vulnerabilities.firstFound: [2017-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second ago
vulnerabilities.firstFound: [now-2w ... now-1s]
Show findings first found on certain date
vulnerabilities.firstFound:'2017-09-22'
Show findings first found in the past 10 days with severity 5
vulnerabilities: (firstFound > now-10d AND severity: "5")
vulnerabilities.fixedvulnerabilities.fixed
Use a date range or specific date to define when vulnerabilities on container were fixed.
Examples
Show findings fixed within certain dates
vulnerabilities.fixed: [2017-10-01 ... 2017-10-12]
Show findings fixed starting 2017-10-01, ending 1 month ago
vulnerabilities.fixed: [2017-10-01 ... now-1M]
Show findings fixed starting 2 weeks ago, ending 1 second ago
vulnerabilities.fixed: [now-2w ... now-1s]
Show findings fixed on certain date
vulnerabilities.fixed:'2017-09-22'
Show findings fixed in the past 10 days with severity 5
vulnerabilities: (fixed > now-10d AND severity: "5")
vulnerabilities.lastFoundvulnerabilities.lastFound
Use a date range or specific date to define when vulnerabilities on container were last found.
Examples
Show findings last found within certain dates
vulnerabilities.lastFound: [2017-10-02 ... 2017-10-15]
Show findings last found starting 2017-10-01, ending 1 month ago
vulnerabilities.lastFound: [2017-10-01 ... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
vulnerabilities.lastFound: [now-2w ... now-1s]
Show findings last found on certain date
vulnerabilities.lastFound:'2017-10-11'
Show findings last found on 2017-10-12 and category CGI
vulnerabilities: (lastFound: '2017-10-12' AND category: "CGI")
vulnerabilities.productvulnerabilities.product
Use a text value ##### to find containers having vulnerabilities on a certain vendor product (moodle, gnome, code-crafters, etc). See Product References in online help for vendor names.
Example
Show findings for this product
vulnerabilities.product: "moodle"
vulnerabilities.resultvulnerabilities.result
Use a text value ##### to find software packages that have vulnerabilities. This is scan (QID) test result generated by signature.
Example
Show findings with libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4
vulnerabilities.result: "libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4"
vulnerabilities.riskvulnerabilities.risk
Use an integer value ##### to find containers with vulnerabilities having a certain risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.
Example
Show findings with risk 50
vulnerabilities.risk: 50
vulnerabilities.severityvulnerabilities.severity
Use an integer value ##### to find containers having vulnerabilities with this Qualys defined severity (1-5).
Example
Show findings with severity 4
vulnerabilities.severity: "4"
Show findings with severity 5 and category DNS
vulnerabilities: (severity: "5" AND category: "DNS")
vulnerabilities.statusvulnerabilities.status
Use a text value ##### to find containers having vulnerabilities with a vulnerability status (OPEN, FIXED or REOPENED).
Example
Show findings with this status
vulnerabilities.status: "OPEN"
vulnerabilities.supportedByvulnerabilities.supportedBy
Use a text value ##### to find containers with vulnerabilities that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows Agent, CA-Linux Agent, CA-Mac Agent).
Example
Show findings supported by VM
vulnerabilities.supportedBy: "VM"
vulnerabilities.threatIntel.activeAttacksvulnerabilities.threatIntel.activeAttacks
Use the values true | false to find containers with vulnerabilities leading to real-time threats due to active attacks.
Example
Show containers exposed to threats due to active attacks
vulnerabilities.threatIntel.activeAttacks: true
vulnerabilities.threatIntel.denialOfServicevulnerabilities.threatIntel.denialOfService
Use the values true | false to find containers with vulnerabilities leading to real-time threats due to denial of service.
Example
Show containers having threats due to denial of service
vulnerabilities.threatIntel.denialOfService: true
vulnerabilities.threatIntel.easyExploitvulnerabilities.threatIntel.easyExploit
Use the values true | false to find containers with vulnerabilities leading to real-time threats due to easy exploit.
Example
Show containers exposed to threats due to easy exploit
vulnerabilities.threatIntel.easyExploit: true
vulnerabilities.threatIntel.highDataLossvulnerabilities.threatIntel.highDataLoss
Use the values true | false to find containers with vulnerabilities leading to real-time threats due to high data loss.
Example
Show containers exposed to threats due to high data loss
vulnerabilities.threatIntel.highDataLoss: true
vulnerabilities.threatIntel.highLateralMovementvulnerabilities.threatIntel.highLateralMovement
Use the values true | false to find containers with vulnerabilities leading to real-time threats due to high lateral movement.
Example
Show containers exposed to threats due to high lateral movement
vulnerabilities.threatIntel.highLateralMovement: true
vulnerabilities.threatIntel.malwarevulnerabilities.threatIntel.malware
Use the values true | false to find containers with vulnerabilities leading to real-time threats due to malware.
Example
Show containers exposed to threats due to malware
vulnerabilities.threatIntel.malware: true
vulnerabilities.threatIntel.noPatchvulnerabilities.threatIntel.noPatch
Use the values true | false to find containers with vulnerabilities leading to real-time threats due to no patch available.
Example
Show containers exposed to threats due to no patch available
vulnerabilities.threatIntel.noPatch: true
vulnerabilities.threatIntel.publicExploitvulnerabilities.threatIntel.publicExploit
Use the values true | false to find containers with vulnerabilities leading to real-time threats due to public exploit.
Example
Show containers exposed to threats due to public exploit
vulnerabilities.threatIntel.publicExploit: true
vulnerabilities.typeDetectedvulnerabilities.typeDetected
Use a text value ##### to find containers having vulnerabilities with a detection type (CONFIRMED or POTENTIAL).
Example
Show findings with this detection type
vulnerabilities.typeDetected: "CONFIRMED"
vulnerabilities.vendorvulnerabilities.vendor
Use a text value ##### to find containers having vulnerabilities on product from a certain vendor. See Vendor References in online help for vendor names.
Example
Show findings for this vendor
vulnerabilities.vendor: "vendor-name"
vulnerabilities.qidvulnerabilities.qid
Use an integer value ##### to provide a QID to find containers with certain vulnerability.
Example
Show findings with QID 90405
vulnerabilities.qid: 90405
vulnerabilities.titlevulnerabilities.title
Use an text value ##### to provide a title to find containers with certain vulnerability.
Example
Show findings with title
vulnerabilities.title: title text
vulnerabilities.software.namevulnerabilities.software.name
Use a text value ##### to find vulnerability present in certain software.
Example
Show findings with software name
vulnerabilities.software.name: my-app
vulnerabilities.software.versionvulnerabilities.software.version
Use a text value ##### to find vulnerability present in certain software version.
Example
Show findings with software version
vulnerabilities.software.version: 8.0
vulnerabilities.software.fixVersionvulnerabilities.software.fixVersion
Use a text value ##### to find vulnerability present in certain software fix version.
Example
Show findings with certain fix version
vulnerabilities.software.fixVersion: 8.0
services.nameservices.name
Use a text value ##### to find containers with specific services running on them.
Example
Show findings with service name
services.name: sshd
services.descriptionservices.description
Use a text value ##### to find containers with the description of specific services running on them.
Example
Show findings with service description
services.description: Secure Socket Shell
services.statusservices.status
Use a text value ##### to find containers with the status of specific services running on them. Status could be RUNNING, STOPPED, etc.
Example
Show findings with service status
services.status: RUNNING
andand
Use a Boolean query to express your query using AND logic.
Example
Show containers in Running state and running processes as root
state: RUNNING and isRoot: true
notnot
Use a Boolean query to express your query using NOT logic.
Example
Show containers that are not in Running state
not state: RUNNING
oror
Use a Boolean query to express your query using OR logic.
Example
Show containers that are in one of these states
state: DELETED or state: UNKNOWN
Also see,
Searching for Container Exceptions