Searching for Software
Use the search tokens below to search installed software within Container and Image details. Looking for help with writing your query? click here
fixVersionfixVersion
Use a text value ##### to find software with specific fix version.
Example
Show containers with this software version
fixVersion: 2.0.3
namename
Use a text value ##### to find the software application name you're looking for.
Example
Show containers with this software name
name: MyApp
scanTypescanType
Use a text value ##### to find software based on the type of scan (STATIC, DYNAMIC, SCA) used to detect the software. (Only supported when searching Image Details.)
Example
Show software detected by SCA scan type
scanType: SCA
versionversion
Use a text value ##### to find the software application version of interest.
Example
Show containers with this software version
version: 2.0.3
vulnerabilities.authTypevulnerabilities.authType
Use a text value ##### to find software vulnerabilities with an authentication type (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc). See Authentication Types in online help for more options.
Example
Show findings with Windows auth type
vulnerabilities.authType: "WINDOWS_AUTH"
vulnerabilities.categoryvulnerabilities.category
Use a text value ##### to find software vulnerabilities with a vulnerability category (CGI, Database, DNS, BIND, etc). See Vulnerability Categories in online help for category names.
Example
Show findings with category CGI
vulnerabilities.category: "CGI"
vulnerabilities.customerSeverityvulnerabilities.customerSeverity
Use an integer value ##### to find software vulnerabilities with this customer defined severity (1-5).
Examples
Show findings with customer-defined severity 4
vulnerabilities.customerSeverity: "4"
Show findings with customer-defined severity 5 and category DNS
vulnerabilities: (customerSeverity: "5" AND category: "DNS")
vulnerabilities.cveidsvulnerabilities.cveids
Use a text value ##### to find software vulnerabilities with CVE Ids.
Example
Show findings with CVE Ids
vulnerabilities.cveids: "CVE-2014-9999"
vulnerabilities.cvssInfo.accessVectorvulnerabilities.cvssInfo.accessVector
Use a text value ##### to find containers having software vulnerabilities with specific CVSS access vector.
Example
Show findings with CVSS access vector
vulnerabilities.cvssInfo.accessVector: "Local"
vulnerabilities.cvssInfo.baseScorevulnerabilities.cvssInfo.baseScore
Use a integer value ##### to find containers having software vulnerabilities with specific CVSS base score.
Example
Show findings with CVSS base score
vulnerabilities.cvssInfo.baseScore: "7.2"
vulnerabilities.cvssInfo.temporalScorevulnerabilities.cvssInfo.temporalScore
Use a integer value ##### to find containers having software vulnerabilities with specific CVSS temporal score.
Example
Show findings with CVSS temporal score
vulnerabilities.cvssInfo.temporalScore: "6.2"
vulnerabilities.cvss3Info.baseScorevulnerabilities.cvss3Info.baseScore
Use a integer value ##### to find containers having software vulnerabilities with specific CVSS3 base score.
Example
Show findings with CVSS3 base score
vulnerabilities.cvss3Info.baseScore: "4.3"
vulnerabilities.cvss3Info.temporalScorevulnerabilities.cvss3Info.temporalScore
Use a integer value ##### to find containers having software vulnerabilities with specific CVSS3 temporal score.
Example
Show findings with CVSS3 temporal score
vulnerabilities.cvss3Info.temporalScore: "3.8"
vulnerabilities.discoveryTypevulnerabilities.discoveryType
Use a text value ##### to find software vulnerabilities with a discovery type (REMOTE or AUTHENTICATED).
Example
Show findings with Remote discovery type
vulnerabilities.discoveryType: "REMOTE"
vulnerabilities.firstFoundvulnerabilities.firstFound
Use a date range or specific date to find when software vulnerabilities were first found.
Examples
Show findings first found within certain dates
vulnerabilities.firstFound: [2017-10-01 ... 2017-10-12]
Show findings first found starting 2017-10-01, ending 1 month ago
vulnerabilities.firstFound: [2017-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second ago
vulnerabilities.firstFound: [now-2w ... now-1s]
Show findings first found on certain date
vulnerabilities.firstFound:'2017-09-22'
Show findings first found in the past 10 days with severity 5
vulnerabilities: (firstFound > now-10d AND severity: "5")
vulnerabilities.lastFoundvulnerabilities.lastFound
Use a date range or specific date to find when software vulnerabilities were last found.
Examples
Show findings last found within certain dates
vulnerabilities.lastFound: [2017-10-02 ... 2017-10-15]
Show findings last found starting 2017-10-01, ending 1 month ago
vulnerabilities.lastFound: [2017-10-01 ... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
vulnerabilities.lastFound: [now-2w ... now-1s]
Show findings last found on certain date
vulnerabilities.lastFound:'2017-10-11'
Show findings last found on 2017-10-12 and category CGI
vulnerabilities: (lastFound: '2017-10-12' AND category: "CGI")
vulnerabilities.resultvulnerabilities.result
Use a text value ##### to find software packages that have vulnerabilities. This is scan (QID) test result generated by signature.
Example
Show findings with libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4
vulnerabilities.result: "libexpat1 2.1.0-6+deb8u3 2.1.0-6+deb8u4"
vulnerabilities.riskvulnerabilities.risk
Use an integer value ##### to find software vulnerabilities having a certain risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.
Example
Show findings with risk 50
vulnerabilities.risk: 50
vulnerabilities.severityvulnerabilities.severity
Use an integer value ##### to find software vulnerabilities with this Qualys defined severity (1-5).
Examples
Show findings with severity 4
vulnerabilities.severity: "4"
Show findings with severity 5 and category DNS
vulnerabilities: (severity: "5" AND category: "DNS")
vulnerabilities.supportedByvulnerabilities.supportedBy
Use a text value ##### to find software vulnerabilities that are supported by a Qualys product (VM, WAS, MD, WAF, CA-Windows Agent, CA-Linux Agent, CA-Mac Agent).
Example
Show findings supported by VM
vulnerabilities.supportedBy: "VM"
vulnerabilities.threatIntelvulnerabilities.threatIntel
Use a text value ##### to find software vulnerabilities that are exposed to real-time threats.
Examples
Show findings exposed to public exploit threats
vulnerabilities.threatIntel: "publicExploit": true
Show findings exposed to multiple threats
vulnerabilities.threatIntel: {"publicExploit" : true, "publicExploitNames" : ["Sambar Server 4.3/4.4 Beta 3 - Search CGI - The Exploit-DB Ref : 20223" ]}
vulnerabilities.typeDetectedvulnerabilities.typeDetected
Use a text value ##### to find software vulnerabilities with a detection type (CONFIRMED or POTENTIAL).
Example
Show findings with this detection type
vulnerabilities.typeDetected: "CONFIRMED"
vulnerabilities.qidvulnerabilities.qid
Use an integer value ##### to provide a QID to find containers with software having certain vulnerability.
Example
Show findings with QID 90405
vulnerabilities.qid: 90405
vulnerabilities.titlevulnerabilities.title
Use an text value ##### to provide a title to find containers with software having certain vulnerability.
Example
Show findings with title
vulnerabilities.title: title text
vulnerabilities.sourcevulnerabilities.source
Use a text value ##### to find software vulnerability from specific source (CONTAINER, IMAGE, BOTH).
Example
Show software software from images
vulnerabilities.source: IMAGE
vulnerabilities.reasonvulnerabilities.reason
Use a text value ##### to find software vulnerability with specific state (Fixed, New, Removed, Varied)
Example
Show software software that is new
vulnerabilities.reason: NEW
vulnerabilities.threatIntel.activeAttacksvulnerabilities.threatIntel.activeAttacks
Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to active attacks.
Example
Show containers exposed to threats due to active attacks
vulnerabilities.threatIntel.activeAttacks: true
vulnerabilities.threatIntel.denialOfServicevulnerabilities.threatIntel.denialOfService
Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to denial of service.
Example
Show containers having threats due to denial of service
vulnerabilities.threatIntel.denialOfService: true
vulnerabilities.threatIntel.easyExploitvulnerabilities.threatIntel.easyExploit
Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to easy exploit.
Example
Show containers exposed to threats due to easy exploit
vulnerabilities.threatIntel.easyExploit: true
vulnerabilities.threatIntel.highDataLossvulnerabilities.threatIntel.highDataLoss
Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to high data loss.
Example
Show containers exposed to threats due to high data loss
vulnerabilities.threatIntel.highDataLoss: true
vulnerabilities.threatIntel.highLateralMovementvulnerabilities.threatIntel.highLateralMovement
Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to high lateral movement.
Example
Show containers exposed to threats due to high lateral movement
vulnerabilities.threatIntel.highLateralMovement: true
vulnerabilities.threatIntel.malwarevulnerabilities.threatIntel.malware
Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to malware.
Example
Show containers exposed to threats due to malware
vulnerabilities.threatIntel.malware: true
vulnerabilities.threatIntel.noPatchvulnerabilities.threatIntel.noPatch
Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to no patch available.
Example
Show containers exposed to threats due to no patch available
vulnerabilities.threatIntel.noPatch: true
vulnerabilities.threatIntel.publicExploitvulnerabilities.threatIntel.publicExploit
Use the values true | false to find containers with software vulnerabilities leading to real-time threats due to public exploit.
Example
Show containers exposed to threats due to public exploit
vulnerabilities.threatIntel.publicExploit: true
andand
Use a boolean query to express your query using AND logic.
Example
Show findings with detection type Confirmed and severity 5
vulnerabilities.typeDetected: CONFIRMED and vulnerabilities.severity: 5
notnot
Use a boolean query to express your query using NOT logic.
Example
Show findings that don't have Remote discovery type
not vulnerabilities.discoveryType: REMOTE
oror
Use a boolean query to express your query using OR logic.
Example
Show findings with one of severity levels
vulnerabilities.severity: 5 or vulnerabilities.severity: 4