Syntax help displayed in UI for tokens. Click each token to learn more about it.
Use these tokens when searching Microsoft Azure assets on the Assets list.
Example
Find Azure instances with a tag with name "abc" and value "xyz"
azure.tags: (name:abc and value:xyz)
Examples
Find Azure instances with name "devops"
azure.tags.name: devops
Find Azure instances with name starting "dev"
azure.tags.name: dev*
Find Azure instances with name ending "ops"
azure.tags.name: *ops
Examples
Find Azure instances with tag value "dailybuild"
azure.tags.value: dailybuild
Find Azure instances with tag value starting "daily"
azure.tags.value: daily*
Find Azure instances with tag value ending "build"
azure.tags.value: *build
Examples
Find Azure instances related to name
azure.vm.imageOffer: UbuntuServer
Find Azure instances that match exact value
azure.vm.imageOffer: `UbuntuServer`
Examples
Find Azure instances related to name
azure.vm.imagePublisher: Canonical
Find Azure instances that match exact value
azure.vm.imagePublisher: `Canonical`
Example
Find Azure instances with this sku version
azure.vm.imageVersion: 16.04.201708030
Example
Find Azure instances in this location
azure.vm.location: westus
Example
Find Azure instances with this MAC address
azure.vm.macAddress: '000D3A36DDED'
Examples
Find Azure instances related to name
azure.vm.name: avset2
Find Azure instances that match exact value
azure.vm.name: `avset2`
Example
Find Azure instances on Windows platform
azure.vm.platform: Windows
Examples
Find Azure instances with this private IP
azure.vm.privateIpAddress: 10.1.2.5
Find Azure instances within this IP range
azure.vm.privateIpAddress: [10.1.2.5 ... 10.1.2.33]
Examples
Find Azure instances with this public IP
azure.vm.publicIpAddress: 13.126.125.189
Find Azure instances within this IP range
azure.vm.publicIpAddress: [13.126.125.180 ...
13.126.125.255]
Examples
Find Azure instances related to name
azure.vm.resourceGroupName: my-eastus-rg
Find Azure instances that match exact value
azure.vm.resourceGroupName: `my-eastus-rg`
Example
Find Azure instances with this size
azure.vm.size: Standard_D1
Example
Find running Azure instances
azure.vm.state: RUNNING
Example
Find Azure instances with this subnet
azure.vm.subnet: 10.1.2.0
Example
Find Azure instances with this subscription ID
azure.vm.subscriptionId: fbb9ea64-abda-452e-adfa-83442409
Example
Find Azure instances with this ID
azure.vm.vmId: 13f56399-bd52-4150-9748-7190aae1ff21
Examples
Find Azure instances related to virtual network
azure.vm.virtualNetwork: cli-vnet
Find Azure instances that match exact value of virtual network
azure.vm.virtualNetwork: `cli-vnet`
Example
Find Azure instances with agents
azure.vm.hasAgent: "true"
The Qualys Query Language (QQL) supports the following logical or Boolean query operators. Use these operators in your queries to narrow down or broaden your search.
Narrow down your search by using the 'and' operator in your Boolean query. The result contains all the token values that you provide in your query.
Example
asset.status: Enrolled and asset.assetID: 122855563
The asset having the ID 122855563 and with status as Enrolled is returned in the result.
Narrow down your search by using the 'not' operator in your Boolean query. The result contains all the other values except the one that you specify after 'not' in your query.
Example
not tags.name: Windows
Assets with the Windows tag are excluded from search results.
Broaden your search by using the 'or' operator in your Boolean query. The result contains any of the token values that you provide in your query.
Example
tags.name:Cloud Agent or tags.name:Windows
The assets that have the Cloud Agent tag or the Windows tag are returned in the result.