Old and New Tokens Mapping
The token standardization for the Qualys Query Language (QQL) search tokens follows a standard naming convention.
The new token format follows the syntax: entity.attribute
For example, in the new token, asset.id, asset is the entity, and id is the attribute.
All tokens now adhere to a standardized naming convention.
- Only new tokens are displayed in the auto-suggestion in the search bars within the UI. However, if you type the old token name manually, the QQL query still works. Old token name visibility from the UI is removed.
- The existing Dashboard widgets and Saved Search Queries will continue to support the old tokens. You can edit search queries and widgets to update the new tokens.
The following is the old and new tokens mapping list:
| Old Token | New Token |
|---|---|
| provider | cloud.provider |
| asset.lastLocation | asset.lastLocation.name |
| businessApp:(managedBy | businessApp:(managedBy.username |
| businessApp:(ownedBy | businessApp:(ownedBy.username |
| businessApp:(supportedBy | businessApp:(supportedBy.username |
| sensors.activatedForModules | sensor.activatedForModules |
| asset.riskScore | asset.truRisk |
| interfaces:(address | asset.interface:(address |
| interfaces:(dnsAddress | asset.interface:(dnsAddress |
| interfaces:(gatewayAddress | asset.interface:(gatewayAddress |
| interfaces:(hostname | asset.interface:(hostname |
| interfaces:(interfaceName | asset.interface:(name |
| interfaces:(macAddress | asset.interface:(macAddress |
| interfaces:(manufacturer | asset.interface:(manufacturer |
| interfaces:(netmask | asset.interface:(netmask |
| agent.agentID | qualys.agent.id |
| agent.activations.key | qualys.agent.activationKey.uuid |
| agent.activations.status | qualys.agent.activationKey.status |
| agent.lastActivity | qualys.agent.lastActivityDate |
| agent.lastCheckedIn | qualys.agent.lastCheckedInDate |
| agent.lastInventory | qualys.agent.lastInventoryDate |
| agent.udcManifestAssigned | qualys.agent.isUdcManifestAssigned |
| alibaba.instance.region.code | alibaba.instance.regionCode |
| alibaba.instance.region.name | alibaba.instance.regionName |
| inventory:(created | asset.inventory:(createdDate |
| inventory:(lastUpdated | asset.inventory:(lastUpdatedDate |
| hardware | hardware.name |
| operatingSystem | operatingSystem |
| asset.assetID | asset.id |
| asset.biosHardwareUUID | asset.biosHardwareUuid |
| asset.created | asset.createdDate |
| asset.isolated | asset.isIsolated |
| asset.lastBoot | asset.lastBootDate |
| asset.lastUpdated | asset.lastUpdatedDate |
| asset.lparID | qualys.passiveSensor.lparId |
| asset.managedBy | asset.managedBy.username |
| asset.subdomain | asset.subDomain |
| accounts.username | account.username |
| aws.tags:(key | aws.tag:(key |
| aws.tags:(value | aws.tag:(value |
| aws.ec2.publicDNS | aws.ec2.publicDns |
| aws.ec2.privteDNS | aws.ec2.privteDns |
| azure.tags:(name | azure.tag:(name |
| azure.tags:(value | azure.tag:(value |
| connectors.connector.name | connector.name |
| connectors.connectorId | connector.id |
| connectors.firstDiscovered | connector.firstFoundDate |
| connectors.lastDiscovered | connector.lastFoundDate |
| easm.tags.name | easm.tag.name |
| ibm.tags:(name | ibm.tag:(name |
| ibm.tags:(value | ibm.tag:(value |
| middlewareManifestVersion | qualys.agent.middlewareManifestVersion |
| pcManifestVersion | qualys.agent.pcManifestVersion |
| scaManifestVersion | qualys.agent.scaManifestVersion |
| qualysCorrelationID | agent.qualysCorrelationId |
| udcManifestVersion | qualys.agent.udcManifestVersion |
| vmManifestVersion | qualys.agent.vmManifestVersion |
| oci.tags:(key | oci.tag:(key |
| oci.tags:(namespace | oci.tag:(namespace |
| oci.tags:(type | oci.tag:(type |
| oci.tags:(value | oci.tag:(value |
| passiveSensor.lastUpdated | qualys.passiveSensor.lastUpdatedDate |
| processors | processor.name |
| processors.coresPerSocket | processor.coresPerSocket |
| processors.multithreadingStatus | processor.multiThreadingStatus |
| processors.numberOfCpu | processor.noOfCpu |
| processors.numberOfSockets | processor.noOfSockets |
| processors.speed | processor.speed |
| processors.threadsPerCore | processor.threadsPerCore |
| sensors.firstEasmScanDate | sensor.firstEasmScanDate |
| sensors.firstEasmVmScanDate | sensor.firstEasmVmScanDate |
| sensors.lastComplianceScan | sensor.lastComplianceScanDate |
| sensors.lastEasmScanDate | sensor.lastEasmScanDate |
| sensors.lastEasmVmScanDate | sensor.lastEasmVmScanDate |
| sensors.lastFullScan | sensor.lastFullScanDate |
| sensors.lastPcScanDateAgent | sensor.lastPcAgentScanDate |
| sensors.lastPcScanDateScanner | sensor.lastPcScannerScanDate |
| sensors.lastVmScan | sensor.lastVmScanDate |
| sensors.lastVmScanDateAgent | sensor.lastVmAgentScanDate |
| sensors.lastVmScanDateScanner | sensor.lastVmScannerScanDate |
| sensors.pendingActivationForModules | qualys.pendingActivationForModules |
| services:(description | service:(description |
| software:(firstFound | software:(firstFoundDate |
| software:(lastUpdated | software:(lastUpdatedDate |
| tags.businessImpact | asset.tag.businessImpact |
| tags.name | asset.tag.name |
| volumes:(free | volume:(free |
| volumes:(name | volume:(name |
| volumes:(size | volume:(size |
| whoIs:(creationDate | whoIs:(createdDate |
| inventory:(source | asset.inventory:(source |
| asset.org:(updatedBy | org:(updatedBy |
| asset.org:(name | org:(name |
| asset.org:(country | org:(country |
| asset.org:(businessValue | org:(businessValue |
| asset.org:(lastUpdated | org:(lastUpdated |
| asset.org.company | org:(company |
| asset.org.department | org:(department |
| gpu.tensorCores | compute.gpu.tensorCores |
| gpu.model | compute.gpu.name |
| gpu.manufacturer | compute.gpu.manufacturer |
| gpu.isAIModelSupported | compute.gpu.isAIModelSupported |
| gpu.chip | compute.gpu.chip |
| asset.totalMemory | compute.totalMemory |
| asset.timezone | compute.timezone |
| asset.lastBoot | compute.lastBootDate |
| asset.isContainerHost | compute.isContainerHost |
| asset.cpuCount | asset.noOfCpu |
| caps.dnsSuffix | qualys.caps.dnsSuffix |
| caps.leader | qualys.caps.leader |
| agent.version | qualys.agent.version |
| agent.status | qualys.agent.status |
| agent.platform | qualys.agent.platform |
| agent.isPassiveSensor | qualys.agent.isPassiveSensor |
| agent.errorStatus | qualys.agent.errorStatus |
| agent.connectedFrom | qualys.agent.connectedFrom |
| agent.configurationProfile | qualys.agent.configurationProfile |
Certificate TokensCertificate Tokens
| Old Token | New Token |
|---|---|
| asset.assetID | asset.id |
| asset.created | asset.createdDate |
| asset.lastUpdated | asset.lastUpdatedDate |
| asset.riskScore | asset.truRisk |
| instance:(lastFound | asset.instance:(lastFoundDate |
| inventory:(created | asset.inventory:(createdDate |
| inventory:(lastUpdated | asset.inventory:(lastUpdatedDate |
| operatingSystem | operatingSystem.name |
| provider | cloud.provider |
| sensors.activatedForModules | qualys.activatedForModules |
| tags.name | asset.tag.name |
| instance:(cipherSuites.value | asset.instance:(cipherSuites.value |
| instance:(fqdn | asset.instance:(fqdn |
| instance:(grade | asset.instance:(grade |
| instance:(lastEasmVmScanDate | asset.instance:(lastEasmVmScanDate |
| instance:(port | asset.instance:(port |
| instance:(service | asset.instance:(service |
| instance:(sources | asset.instance:(sources |
| instance:(sslProtocols | asset.instance:(sslProtocol |
| instance:(vulns.qid | asset.instance:(vulns.qid |
| instance:(vulns.severity | asset.instance:(vulns.severity |
| instance:(vulns.title | asset.instance:(vulns.title |
| interfaces:(address | asset.interface:(address |
| interfaces:(hostname | asset.interface:(hostname |
| inventory:(source | asset.inventory:(source |
| asset.org.name | org:(name |
| asset.subdomain | asset.subDomain |
Tag Rule TokensTag Rule Tokens
| Old Token | New Token |
|---|---|
| provider | cloud.provider |
| asset.lastLocation | asset.lastLocation.name |
| accounts.username | account.username |
| asset.riskScore | asset.truRisk |
| interfaces:(address | asset.interface:(address |
| interfaces:(dnsAddress | asset.interface:(dnsAddress |
| interfaces:(gatewayAddress | asset.interface:(gatewayAddress |
| interfaces:(hostname | asset.interface:(hostname |
| interfaces:(interfaceName | asset.interface:(name |
| interfaces:(macAddress | asset.interface:(macAddress |
| agent.agentID | qualys.agent.id |
| agent.activations.key | agent.activationsKey |
| agent.activations.status | agent.activationsStatus |
| agent.lastActivity | qualys.agent.lastActivityDate |
| agent.lastCheckedIn | qualys.agent.lastCheckedInDate |
| agent.lastInventory | qualys.agent.lastInventoryDate |
| alibaba.instance.region.code | alibaba.instance.regionCode |
| alibaba.instance.region.name | alibaba.instance.regionName |
| inventory:(created | asset.inventory:(createdDate |
| inventory:(lastUpdated | asset.inventory:(lastUpdatedDate |
| asset.biosHardwareUUID | asset.biosHardwareUuid |
| asset.lastBoot | asset.lastBootDate |
| asset.lastUpdated | asset.lastUpdatedDate |
| asset.subdomain | asset.subDomain |
| aws.ec2.privateDNS | aws.ec2.privateDns |
| aws.ec2.publicDNS | aws.ec2.publicDns |
| aws.tags:(key | aws.tag:(key |
| aws.tags:(value | aws.tag:(value |
| azure.tags:(name | azure.tag:(name |
| azure.tags:(value | azure.tag:(value |
| easm.tags.name | easm.tag.name |
| ibm.tags:(name | ibm.tag:(name |
| ibm.tags:(value | ibm.tag:(value |
| oci.compute.isQualysScanner | oci.compute.isQualysScanner |
| oci.compute.ociId | oci.compute.id |
| oci.compute.timeCreated | oci.compute.timeCreated |
| oci.tags:(key | oci.tag:(key |
| oci.tags:(namespace | oci.tag:(namespace |
| oci.tags:(type | oci.tag:(type |
| oci.tags:(value | oci.tag:(value |
| passiveSensor.lastUpdated | qualys.passiveSensor.lastUpdatedDate |
| services:(name | service:(name |
| services:(status | service:(status |
| software:(firstFound | software:(firstFoundDate |
| software:(lastUpdated | software:(lastUpdatedDate |
| whoIs:(creationDate | whoIs:(createdDate |
| Old Token | New Token |
|---|---|
| aws.ec2.privateDNS | aws.ec2.privateDns |
| aws.ec2.publicDNS | aws.ec2.publicDns |
| aws.tags:(key | aws.tag:(key |
| aws.tags:(value | aws.tag:(value |
| Old Token | New Token |
|---|---|
| azure.tags:(name | azure.tag:(name |
| azure.tags:(value | azure.tag:(value |
| Old Token | New Token |
|---|---|
| alibaba.instance.region.code | alibaba.instance.regionCode |
| alibaba.instance.region.name | alibaba.instance.regionName |
Business Information TokensBusiness Information Tokens
| Old Token | New Token |
|---|---|
| businessApp:(managedBy | businessApp:(managedBy.username |
| businessApp:(ownedBy | businessApp:(ownedBy.username |
| businessApp:(supportedBy | businessApp:(supportedBy.username |
| Old Token | New Token |
|---|---|
| report.template | report.template.name |
| createdBy | report.createdBy.username |
Vulnerability TokensVulnerability Tokens
| Old token | New Token |
|---|---|
| vulnerabilities.vulnerability.cveIds | vulnerabilities.vulnerability.cveId |
| vulnerabilities.disabled | vulnerabilities.isDisabled |
| vulnerabilities.firstFound | vulnerabilities.firstFoundDate |
| vulnerabilities.ignored | vulnerabilities.isIgnored |
| vulnerabilities.lastFound | vulnerabilities.lastFoundDate |
| vulnerabilities.vulnerability.vendors.vendorName | vulnerabilities.vulnerability.vendorName |
| vulnerabilities.vulnerability.vendors.productName | vulnerabilities.vulnerability.vendorProductName |
| vulnerabilities.vulnerability.cvss2Info.baseScore | vulnerabilities.vulnerability.cvss2BaseScore |
| vulnerabilities.vulnerability.cvss2Info.temporalScore | vulnerabilities.vulnerability.cvss2TemporalScore |
| vulnerabilities.vulnerability.cvss3_1Info.baseScore | vulnerabilities.vulnerability.cvss3BaseScore |
| vulnerabilities.vulnerability.cvss3_1Info.temporalScore | vulnerabilities.vulnerability.cvss3TemporalScore |
| vulnerabilities.found | vulnerabilities.isFound |
| vulnerabilities.lastFixed | vulnerabilities.lastFixedDate |
| vulnerabilities.vulnerability.authTypes | vulnerabilities.authType |
| vulnerabilities.vulnerability.bugTraqIds | vulnerabilities.vulnerability.bugTraqId |
| vulnerabilities.vulnerability.cvss2Info.accessVector | vulnerabilities.vulnerability.cvss2AccessVector |
| vulnerabilities.vulnerability.cvss3_1Info.temporalScore | vulnerabilities.vulnerability.cvss3TemporalScore |
| vulnerabilities.vulnerability.discoveryTypes | vulnerabilities.vulnerability.discoveryType |
| vulnerabilities.vulnerability.flags | vulnerabilities.vulnerability.flag |
| vulnerabilities.vulnerability.lists | vulnerabilities.vulnerability.list |
| vulnerabilities.vulnerability.os | vulnerabilities.vulnerability.operatingSystem.name |
| vulnerabilities.vulnerability.patchAvailable | vulnerabilities.vulnerability.isPatchAvailable |
| vulnerabilities.vulnerability.patchReleased | vulnerabilities.vulnerability.patchReleasedDate |
| vulnerabilities.vulnerability.published | vulnerabilities.vulnerability.publishedDate |
| vulnerabilities.vulnerability.qualysPatchable | vulnerabilities.isQualysPatchable |
| vulnerabilities.vulnerability.rebootRequired | vulnerabilities.vulnerability.isRebootRequired |
| vulnerabilities.vulnerability.threatIntel.activeAttacks | vulnerabilities.vulnerability.threatIntel.isActiveAttack |
| vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns | vulnerabilities.vulnerability.threatIntel.isCisaKnownExploitedVuln |
| vulnerabilities.vulnerability.threatIntel.denialOfService | vulnerabilities.vulnerability.threatIntel.isDenialOfService |
| vulnerabilities.vulnerability.threatIntel.easyExploit | vulnerabilities.vulnerability.threatIntel.isEasyExploit |
| vulnerabilities.vulnerability.threatIntel.highDataLoss | vulnerabilities.vulnerability.threatIntel.isHighDataLoss |
| vulnerabilities.vulnerability.threatIntel.highLateralMovement | vulnerabilities.vulnerability.threatIntel.isHighLateralMovement |
| vulnerabilities.vulnerability.threatIntel.malware | vulnerabilities.vulnerability.threatIntel.isMalware |
| vulnerabilities.vulnerability.threatIntel.noPatch | vulnerabilities.vulnerability.threatIntel.hasNoPatch |
| vulnerabilities.vulnerability.threatIntel.predictedHighRisk | vulnerabilities.vulnerability.threatIntel.isPredictedHighRisk |
| vulnerabilities.vulnerability.threatIntel.privilegeEscalation | vulnerabilities.vulnerability.threatIntel.isPrivilegeEscalation |
| vulnerabilities.vulnerability.threatIntel.publicExploit | vulnerabilities.vulnerability.threatIntel.isPublicExploit |
| vulnerabilities.vulnerability.threatIntel.ransomware | vulnerabilities.vulnerability.threatIntel.isRansomware |
| vulnerabilities.vulnerability.threatIntel.remoteCodeExecution | vulnerabilities.vulnerability.threatIntel.isRemoteCodeExecution |
| vulnerabilities.vulnerability.threatIntel.solorigateSunburst | vulnerabilities.vulnerability.threatIntel.isSolorigateSunburst |
| vulnerabilities.vulnerability.threatIntel.unauthenticatedExploitation | vulnerabilities.vulnerability.threatIntel.isUnauthenticatedExploitation |
| vulnerabilities.vulnerability.threatIntel.wormable | vulnerabilities.vulnerability.threatIntel.isWormable |
| vulnerabilities.vulnerability.threatIntel.zeroDay | vulnerabilities.vulnerability.threatIntel.isZeroDay |
| vulnerabilities.vulnerability.updated | vulnerabilities.vulnerability.updatedDate |
| vulnerabilities.vulnerability.vendorRefs | vulnerabilities.vulnerability.vendorRef |
Alerting Activity TokensAlerting Activity Tokens
| Old Token | New token |
|---|---|
| aggregate | rule.aggregate |
| createdBy | rule.createdBy.username |
| createdById | rule.createdBy.userId |
| index | rule.index |
| matches | rule.matches |
| ruleDescription | rule.description |
| ruleName | rule.name |
| status | rule.status |
| statusDate | rule.statusDate |
| statusMessage | rule.statusMessage |
| action.emailRecipient | action.email.recipient |
Alerting Action TokensAlerting Action Tokens
| Old token | New Token |
|---|---|
| action.createdBy | action.createdBy.username |
| action.createdById | action.createdBy.userId |
| action.emailFromAddress | action.email.fromAddress |
| action.emailRecipient | action.email.recipient |
| action.emailReplyTo | action.email.replyTo |
| action.emailSMTPServer | action.email.smtpServer |
| action.updatedBy | action.updatedBy.userId |
| action.updatedById | action.updatedBy.username |
Alerting Rule TokensAlerting Rule Tokens
| Old Token | New Token |
|---|---|
| action.emailRecipient | action.email.recipient |
| ruleDescription | rule.description |
| ruleName | rule.name |
| ruleQuery | rule.query |
| ruleSeverity | rule.severity |
| ruleState | rule.state |
| createdBy | rule.createdBy.username |
| createdById | rule.createdBy.userId |
| createdDate | rule.createdDate |
| updatedBy | rule.updatedBy.username |
| updatedById | rule.updatedBy.userId |
| updatedDate | rule.updatedDate |
| aggregate | rule.aggregate |
| aggregationGroup | rule.aggregationGroup |
| index | rule.index |
| lastRun | rule.lastRun |
| trigger | rule.trigger |