Search Tokens for Rules
Syntax help displayed in UI for tokens. Click each token to learn more about it.
Alerting use-cases support limited search tokens, since alerts flag incidents other than the normal or beyond the defined threshold. Only tokens that help in asset scoping OR directly related to the alert evaluation are supported for alerting rule creation.
Note:
- For all the date-related tokens, the date search is evaluated only for UTC format. The actual search results might show you the date as per your time zone.
- For the range searches, remember that the QQL search tokens are case-sensitive. Hence, make sure that you enter the correct token syntax. For more information, see Range Searches.
Use a date range or specific date to define when assets were created.
Examples
Show assets created within certain dates
asset.created:[2019-01-01 ... 2019-01-15]
Show assets created starting 2019-01-15, ending 1 month ago
asset.created:[2019-01-15
... now-1M]
Show assets created starting 2 weeks ago, ending 1 second ago
asset.created:[now-2w ... now-1s]
Show assets created on a specific date
asset.created:'2019-03-18'
asset.lastLoggedOnUserasset.lastLoggedOnUser
Use a text value ##### to help you find assets last logged into by a user of interest.
Examples
Show assets with last logon by user asmith
asset.lastLoggedOnUser:asmith
asset.lastUpdatedasset.lastUpdated
Use a date range or specific date to define when assets were last updated.
Examples
Show assets last updated within certain dates
asset.lastUpdated:[2019-01-01 ... 2019-01-15]
Show assets last updated starting 2019-01-15, ending 1 month ago
asset.lastUpdated:[2019-01-15
... now-1M]
Show assets last updated starting 2 weeks ago, ending 1 second ago
asset.lastUpdated:[now-2w ... now-1s]
Show assets last updated on a specific date
asset.lastUpdated:'2019-03-18'
asset.lastLocation.countryasset.lastLocation.country
Use a text value ##### to help you find assets based on country of the last location.
Example
Show assets with last location country as United States
asset.lastLocation.country: United States
sensors.lastVmScansensors.lastVmScan
Use a date range or specific date to define when last VM scan was performed.
Examples
Show last VM scan within certain dates
sensors.lastVmScan:[2019-01-01 ... 2019-01-15]
Show last VM scan starting 2019-01-15, ending 1 month ago
sensors.lastVmScan:[2019-01-15 ... now-1M]
Show last VM scan starting 2 weeks ago, ending 1 second ago
sensors.lastVmScan:[now-2w ... now-1s]
Show last VM scan on a specific date
sensors.lastVmScan:'2019-03-18'
Use values within quotes or backticks to help you find the asset name you're looking for.
Examples
Show any findings that match the beginning of any substrings within the asset name
asset.name:"ACMENVT7"
Show any findings that match exact value "ACMENVT7"
asset.name:`ACMENVT7`
asset.domainRoleasset.domainRole
Use values within quotes or backticks to help you find the assets with certain domain role (Standalone Workstation, Member Workstation, Standalone Server, Member Server, Backup Domain Controller, and Primary Domain Controller). Select from values in the drop-down menu.
Examples
Show any findings that contain parts of name
asset.domainRole:"Member Ser"
Show any findings that match exact value "Member Server"
asset.domainRole:`Member Server`
asset.netbiosNameasset.netbiosName
Use a text value ##### to define the asset NetBIOS name you're interested in.
Examples
Show the asset with this name
asset.netbiosName:ACMENVT7
asset.trackingMethodasset.trackingMethod
Find assets with certain tracking method (QAGENT, IP, DNSNAME, NETBIOS, INSTANCE_ID, OCA, VIRTUAL_MACHINE_ID, SEM, and GCP_INSTANCE_ID). Select from values in the drop-down menu.
Example
Find assets with this tracking method
asset.trackingMethod: QAGENT
asset.lastLocationasset.lastLocation
Use a text value ##### to help you find assets based on last location.
Example
Show assets with last location as Redwood City, California - United States
asset.lastLocation: 'Redwood City, California
- United States'
Example
Show assets with last location with exact string
asset.lastLocation: `Redwood City, California
- United States`
asset.criticalityScoreasset.criticalityScore
Use values within quotes or backticks to help you find the assets you're looking for based on the asset criticality score. The supported values are 1 to 5.
Examples
Show assets based on the asset criticality score 1
asset.criticalityScore:`1`
asset.riskScoreasset.riskScore
Use a numerical value ##### to search all the assets with their severity based on the calculated risk score between 0 to 1000.
Examples
Show all the assets with a risk score 900
asset.riskScore:900
Show all the assets with risk score between the range 800 to 1000
asset.riskScore:[800 ... 1000]
Show all the assets with a risk score greater than 500
asset.riskScore >500
Show all the assets with a risk score less than or equal to 800
asset.riskScore <=800
Use an integer value ##### to help you find systems with a Qualys asset ID of interest.
Example
Show findings with this asset ID
asset.assetID:122855563
asset.operationalStatusasset.operationalStatus
Use a text value ##### to help you find assets based on operational status.
Example
Show assets with operational status as Repair
asset.operationalStatus: Repair
asset.environmentasset.environment
Use a text value ##### to help you find assets based on environment.
Example
Show assets with environment as Production
asset.environment: Production
Use values within quotes or backticks to help you find assets owned by.
Examples
Show any findings that contain parts of name
asset.ownedBy:"Joey"
Show any findings that match exact value "Joey Bolick"
asset.ownedBy:`Joey Bolick`
asset.managedByasset.managedBy
Use values within quotes or backticks to help you find assets managed by.
Examples
Show any findings that contain parts of name
asset.managedBy:"Byron"
Show any findings that match exact value "Byron Fortuna"
asset.managedBy:`Byron Fortuna`
asset.supportedByasset.supportedBy
Use values within quotes or backticks to help you find assets supported by.
Examples
Show any findings that contain parts of name
asset.supportedBy:"John"
Show any findings that match exact value "John Doe"
asset.supportedBy:`John Doe`
asset.supportGroupasset.supportGroup
Use values within quotes or backticks to help you find assets with support group.
Examples
Show any findings that contain parts of name
asset.supportGroup:"Compliance"
Show any findings that match exact value "Compliance Managers"
asset.supportGroup:`Compliance Managers`
asset.org.companyasset.org.company
Use a text value ##### to help you find assets with company.
Example
Show assets with company as Qualys
asset.org.company: Qualys
asset.assignedLocation.cityasset.assignedLocation.city
Use a text value ##### to help you find assets with city of the assigned location.
Example
Show assets with assigned location city as Miami
asset.assignedLocation.city: Miami
asset.assignedLocation.countryasset.assignedLocation.country
Use a text value ##### to help you find assets with country of the assigned location.
Example
Show assets with assigned location country as USA
asset.assignedLocation.country: USA
asset.lastLocation.stateasset.lastLocation.state
Use a text value ##### to help you find assets based on state of the last location.
Example
Show assets with last location state as California
asset.lastLocation.state: California
asset.hasMissingSoftwareasset.hasMissingSoftware
Use the values true | false to define whether asset has a missing software.
Example
Show asset that has a missing software
asset.hasMissingSoftware: "true"
missingSoftware.category1missingSoftware.category1
Use text value ##### to help you find the missing software category 1 value you're looking for.
Example
If you are searching for assets missing testing software, then category1 is Application Development and category2 is Testing.
Show any findings that match exact value
missingSoftware.category1:Application Development
missingSoftware.category2missingSoftware.category2
Example
If you are searching for assets missing testing software, then category1 is Application Development and category2 is Testing.
Show any findings that match exact value
missingSoftware.category2:Testing
missingSoftware.publishermissingSoftware.publisher
Use a text value ##### to find a software without publisher.
Example
Show findings without this software publisher
missingSoftware.publisher:Microsoft
missingSoftware.productmissingSoftware.product
Use a text value ##### to find a software without product name.
Example
Show findings with this exact product name
missingSoftware.product:Office
businessApp.namebusinessApp.name
Use values within quotes or backticks to help you find the business application name you're looking for.
Examples
Show any findings that contain parts of name
businessApp:(name:"HR")
Show any findings that match exact value "HR Intranet"
businessApp:(name:`HR Intranet`)
businessApp.businessCriticalitybusinessApp.businessCriticality
Use values within quotes or backticks to help you find the business application you're looking for.
Examples
Show any findings that contain parts of name
businessApp:(businessCriticality:"1 - most")
Show any findings that match exact value "1 - most critical"
businessApp:(businessCriticality:`1 - most critical`)
businessApp.ownedBybusinessApp.ownedBy
Use values within quotes or backticks to help you find business applications owned by.
Examples
Show any findings that contain parts of name
businessApp:(ownedBy:"Joey")
Show any findings that match exact value "Joey Bolick"
businessApp:(ownedBy:`Joey Bolick`)
businessApp.managedBybusinessApp.managedBy
Use values within quotes or backticks to help you find business applications managed by.
Examples
Show any findings that contain parts of name
businessApp:(managedBy:"Byron")
Show any findings that match exact value "Byron Fortuna"
businessApp:(managedBy:`Byron Fortuna`)
businessApp.supportedBybusinessApp.supportedBy
Use values within quotes or backticks to help you find business applications supported by.
Examples
Show any findings that contain parts of name
businessApp:(supportedBy:"John")
Show any findings that match exact value "John Doe"
businessApp:(supportedBy:`John Doe`)
businessApp.supportGroupbusinessApp.supportGroup
Use a text value ##### to help you find business applications with support group.
Example
Show assets with business application support group as Security
businessApp:(supportGroup: Security)
Use values within quotes or backticks to help you find the hardware name you're looking for.
Examples
Show any findings that contain parts of name
hardware:"Dell Latitude e7470"
Show any findings that match exact value
hardware:`Dell Latitude e7470`
hardware.categoryhardware.category
Use values within quotes or backticks to help you find the hardware category you're looking for.
Examples
Show any findings that match exact value
hardware.category:Printers/Laser
hardware.category1hardware.category1
Use text value ##### to find assets with hardware category 1 value.
Example
If you are searching for assets that are laser printers, then category1 is Printers and category2 is Laser.
Show any findings that match exact value
hardware.category1:Printers
hardware.category2hardware.category2
Use text value ##### to find assets with hardware category 2 value.
Example
If you are searching for assets that are laser printers, then category1 is Printers and category2 is Laser.
Show any findings that match exact value
hardware.category2:Laser
hardware.lifecycle.eoshardware.lifecycle.eos
Use a date range or specific date to define a hardware End-of-Sale date of interest.
Examples
Show findings with hardware End-of-Sale date in this date range
hardware.lifecycle.eos:[2019-01-01 ... 2019-01-15]
Show findings with hardware End-of-Sale date starting 2019-01-15, ending 1 month ago
hardware.lifecycle.eos:[2019-01-15 ... now-1M]
Show findings with hardware End-of-Sale date starting 2 weeks ago, ending 1 second ago
hardware.lifecycle.eos:[now-2w ... now-1s]
Show findings with this hardware End-of-Sale date
hardware.lifecycle.eos:'2019-03-18'
hardware.lifecycle.obshardware.lifecycle.obs
Use a date range or specific date to define a hardware obsolete date of interest.
Examples
Show findings with hardware obsolete date in this date range
hardware.lifecycle.obs:[2019-01-01 ... 2019-01-15]
Show findings with hardware obsolete date starting 2019-01-15, ending 1 month ago
hardware.lifecycle.obs:[2019-01-15 ... now-1M]
Show findings with hardware obsolete date starting 2 weeks ago, ending 1 second ago
hardware.lifecycle.obs:[now-2w ... now-1s]
Show findings with this hardware obsolete date
hardware.lifecycle.obs:'2019-03-18'
hardware.lifecycle.stagehardware.lifecycle.stage
Use a text value ##### in quotes to define the hardware lifecycle stage (INTRO, GA, EOS, OBS)
Example
Show End-of-Sale hardware
hardware.lifecycle.stage:"EOS"
hardware.manufacturerhardware.manufacturer
Use values within quotes or backticks to find assets having a certain hardware manufacturer.
Example
Show any findings that match exact value "Dell"
hardware.manufacturer:`Dell`
Use values within quotes or backticks to find assets having a certain hardware model.
Example
Show any findings that match exact value "e7470"
hardware.model:`De7470`
hardware.producthardware.product
Use values within quotes or backticks to find assets having a certain hardware product.
Example
Show any findings that match exact value "Latitude"
hardware.product:`Latitude`
interfaces:(addressinterfaces:(address
Use values to define an IP address you're interested in.
Examples
Show the exact match of the IP address
interfaces:(address:`10.10.100.20`)
Show any findings that contain parts of the IP address
interfaces:(address:"10.10.100.2")
interfaces:(address: 10.10.100.2)
interfaces:(hostnameinterfaces:(hostname
Use values within quotes or backticks to help you find the hostname you're looking for.
Examples
Show any findings related to name
interfaces:(hostname: xpsp2-jp-26-111)
Show any findings that contain parts of name
interfaces:(hostname: "xpsp2-jp-26-111")
Show any findings that match exact value "xpsp2-jp-26-111"
interfaces:(hostname: `xpsp2-jp-26-111`)
Show any findings related to name (we'll match super domains)
interfaces:(hostname: qcentos71sqp3.rdlab.acme.com)
Show any findings that match exact value "qcentos71sqp3.rdlab.acme.com"
interfaces:(hostname: `qcentos71sqp3.rdlab.acme.com`)
Show findings according to values entered in the square brackets.
Note: You can add multiple values in []. However, it's important to understand that partial values are not supported. You must enter the exact match value.
Example with correct syntax - interfaces:(hostname: [win7-181, bridge.vuln.qa.qualys.com])
Example with incorrect syntax - interfaces:(hostname: [win7, bridge.vuln.qa])
interfaces:(gatewayAddressinterfaces:(gatewayAddress
Use a text value ##### to help you find assets with a certain default gateway address.
Example
Show assets with this default gateway address
interfaces:(gatewayAddress:10.11.65.1)
inventory.createdinventory.created
Use a date range or specific date to define when assets were created (i.e. when first scanned by a scanner appliance, or when agent was installed).
Examples
Show assets created within certain dates
inventory.created:[2019-01-01 ... 2019-01-15]
Show assets created starting 2019-01-15, ending 1 month ago
inventory.created:[2019-01-15 ... now-1M]
Show assets created starting 2 weeks ago, ending 1 second ago
inventory.created:[now-2w ... now-1s]
Show assets created on specific date
inventory.created:'2019-03-18'
inventory.lastUpdatedinventory.lastUpdated
Use a date range or specific date to define when assets were updated (i.e. when re-scanned by a scanner appliance, or when host data uploaded to the Qualys Enterprise TruRisk™ Platform by an agent).
Examples
Show assets updated within certain dates
inventory.lastUpdated: [2019-01-01 ... 2019-01-15]
Show assets updated starting 2019-01-15, ending 3 months ago
inventory.lastUpdated: [2019-01-15 ... now-3M]
Show assets updated starting 2 weeks ago, ending 1 second ago
inventory.lastUpdated: [now-2w ... now-1s]
Show assets updated on a specific date
inventory.lastUpdated:'2019-03-18'
inventory.sourceinventory.source
Use a text value ##### to help you find assets from a certain Qualys source (QAGENT, IP, DNSNAME, NETBIOS, INSTANCE_ID, OCA, VIRTUAL_MACHINE_ID, SEM, and GCP_INSTANCE_ID). Select from values in the drop-down menu.
Example
Show findings from cloud agents
inventory.source:QAGENT
openPorts.firstFoundopenPorts.firstFound
Use a date range or specific date to define when open ports were first found.
Examples
Show open ports found within certain dates
openPorts:(firstFound: [2019-01-01 ... 2019-01-15])
Show open ports found starting 2019-01-15, ending 3 months ago
openPorts:(firstFound: [2019-01-15 ... now-3M])
Show open ports found starting 2 weeks ago, ending 1 second ago
openPorts:(firstFound: [now-2w ... now-1s])
Show open ports found on a specific date
openPorts:(firstFound:'2019-03-18')
openPorts.lastUpdatedopenPorts.lastUpdated
Use a date range or specific date to define when open ports were last updated.
Examples
Show open ports last updated within certain dates
openPorts:(lastUpdated:[2019-01-01 ... 2019-01-15])
Show open ports last updated starting 2019-01-15, ending 1 month ago
openPorts:(lastUpdated:[2019-01-15 ... now-1M])
Show open ports last updated starting 2 weeks ago, ending 1 second ago
openPorts:(lastUpdated:[now-2w ... now-1s])
Show open ports last updated on a specific date
openPorts:(lastUpdated:'2019-03-18')
Use an integer value ##### to help you find assets with some open port.
Example
Show assets with open port 80
openPorts:(port:80)
software:(architecturesoftware:(architecture
Use text value ##### to help you find the software architecture you're looking for, i.e 32-Bit or 64-Bit.
Example
Show any findings that match exact value
software:(architecture:64-Bit)
software:(categorysoftware:(category
Use values within quotes or backticks to help you find a software category.
Example
Show any findings that match exact value
software:(category:`Application
Development/Testing`)
software:(category1software:(category1
Use text value ##### to help you find the software category 1 value you're looking for.
Example
If you are searching for assets having testing software, then category1 is Application Development and category2 is Testing.
Show any findings that match exact value
software:(category1:Application Development)
software:(category2software:(category2
Use text value ##### to help you find the software category 2 value you're looking for.
Example
If you are searching for assets having testing software, then category1 is Application Development and category2 is Testing.
Show any findings that match exact value
software:(category2:Testing)
software:(editionsoftware:(edition
Use text value ##### to help you find the software edition you're looking for.
Example
Show any findings that match exact value
software:(edition:Professional)
software:(installDatesoftware:(installDate
Use a date range or specific date to define when software was installed.
Examples
Show software installed within certain dates
software:(installDate:[2019-01-01 ... 2019-01-15])
Show software installed starting 2019-01-15, ending 1 month ago
software:(installDate:[2019-01-15 ... now-1M])
Show software installed starting 2 weeks ago, ending 1 second ago
software:(installDate:[now-2w ... now-1s])
Show software installed on a specific date
software:(installDate:'2019-03-18')
software:(lastUpdatedsoftware:(lastUpdated
Use a date range or specific date to define when a software was last updated.
Examples
Show software last updated within certain dates
software:(lastUpdated:[2019-01-01 ... 2019-01-15])
Show software last updated starting 2019-01-15, ending 1 month ago
software:(lastUpdated:[2019-01-15 ... now-1M])
Show software last updated starting 2 weeks ago, ending 1 second ago
software:(lastUpdated:[now-2w ... now-1s])
Show software last updated on a specific date
software:(lastUpdated:'2019-03-18')
software:(lastUseDatesoftware:(lastUseDate
Use a date range or specific date to define when a software was last used.
Examples
Show software last used within certain dates
software:(lastUseDate:[2019-01-01 ... 2019-01-15])
Show software last used starting 2019-01-15, ending 1 month ago
software:(lastUseDate:[2019-01-15 ... now-1M])
Show software last used starting 2 weeks ago, ending 1 second ago
software:(lastUseDate:[now-2w ... now-1s])
Show software last used on a specific date
software:(lastUseDate:'2019-03-18')
software:(license.categorysoftware:(license.category
Use text value ##### to help you find a software license category, i.e. Open Source, Commercial.
Example
Show any findings that match exact value
software:(license.category:`Open Source`)
software:(lifecycle.eolsoftware:(lifecycle.eol
Use a date range or specific date to define an software End-of-Life date of interest.
Examples
Show findings with software End-of-Life date in this date range
software:(lifecycle.eol:[2019-01-01 ... 2019-01-15])
Show findings with software End-of-Life date starting 2019-01-15, ending 1 month ago
software:(lifecycle.eol:[2019-01-15 ... now-1M])
Show findings with software End-of-Life date starting 2 weeks ago, ending 1 second ago
software:(lifecycle.eol:[now-2w ... now-1s])
Show findings with this software End-of-Life date
software:(lifecycle.eol:'2019-03-18')
software:(lifecycle.eossoftware:(lifecycle.eos
Use a date range or specific date to define an software End-of-Support date of interest.
Examples
Show findings with software End-of-Support date in this date range
software:(lifecycle.eos:[2019-01-01 ... 2019-01-15])
Show findings with software End-of-Support date starting 2019-01-15, ending 1 month ago
software:(lifecycle.eos:[2019-01-15 ... now-1M])
Show findings with software End-of-Support date starting 2 weeks ago, ending 1 second ago
software:(lifecycle.eos:[now-2w ... now-1s])
Show findings with this software End-of-Support date
software:(lifecycle.eos:'2019-03-18')
software:(lifecycle.stagesoftware:(lifecycle.stage
Use a text value ##### to define a software lifecycle stage you're looking for, i.e. active, eol, obsolete.
Examples
Show findings having this software lifecycle stage
software:(lifecycle.stage:eol)
Show findings having software category Windows and software lifecycle stage "active"
software:(category:Windows AND lifecycle.stage:eol)
software:(marketVersionsoftware:(marketVersion
Use text value ##### to help you find a software market version, e.g. Windows OS.
Example
Show any findings that match exact value
software:(marketVersion:7)
Use values within quotes or backticks to help you find the software name you're looking for. Quotes can be used when the value has more than one word.
Examples
Show any findings with this name
software:(name: VMware Tools)
Show any findings that contain parts of name
software:(name: "VMware Tools")
Show any findings that match exact value
software:(name: `VMware Tools`)
Find assets with certain tag and software installed
tags.name:`Cloud Agent` AND software: (name: "Cisco AnyConnect Secure Mobility Client" AND version: `3.1.12345`)
software:(productsoftware:(product
Use a text value ##### to define a software product name you're looking for.
Example
Show findings with this exact product name
software:(product:Office)
software:(publishersoftware:(publisher
Use a text value ##### to define a software manufacturer you're looking for.
Example
Show findings with this exact software publisher
software:(publisher:Microsoft)
software:(updatesoftware:(update
Use a text value ##### to define a software update version of interest.
Example
Show findings with this exact software update version
software:(update:16.0.1.2)
Show findings with software update version greater than 16.0.1.2
software:(update>16.0.1.2)
Show findings with software update version greater than or equal to 16.0.1.2
software:(update>=16.0.1.2)
Show findings with software update version less than 16.0.1.2
software:(update<16.0.1.2)
Show findings with software update version less than or equal to 16.0.1.2
software:(update<=16.0.1.2)
Show findings with software update version within this version range
software:(update:[16.0.1.2 ... 16.0.1.5])
software:(versionsoftware:(version
Use a text value ##### to define the software version you're interested in.
Example
Show findings with this exact software version
software:(version:16.0)
Show findings with software version greater than 16.0
software:(version>16.0)
Show findings with software version greater than or equal to 16.0
software:(version>=16.0)
Show findings with software version less than 16.0
software:(version<16.0)
Show findings with software version less than or equal to 16.0
software:(version<=16.0)
Show findings with software version within this version range
software:(version:[16.0 ... 20.0])
software:(componentsoftware:(component
Use a value Client, Server or " " (empty field) to identify the software component.
Example
Show findings with Client software component
software:(component:Client)
software:(firstFoundsoftware:(firstFound
Use a date range or specific date to define when software was first found.
Examples
Show assets with software first found within certain dates
software:(firstFound: [2017-06-15 ... 2017-06-30])
Show assets with software first found starting 2017-06-22, ending 1 month ago
software:(firstFound: [2017-06-22 ... now-1M])
Show assets with software first found starting 2 weeks ago, ending 1 second ago
software:(firstFound: [now-2w ... now-1s])
Show assets with software first found on specific date
software:(firstFound:'2017-06-14')
software:(isPCSupportedsoftware:(isPCSupported
Use the values true | false to define whether software is PC supported.
Example
Show software that is PC supported
software:(isPCSupported: "true")
software:(hasRunningInstancesoftware:(hasRunningInstance
Use the values true | false to find whether software has a running instance.
Example
Show software that has a running instance
software:(hasRunningInstance: "true")
Use an integer value ##### to help you find assets with a certain free volume space (GB).
Examples
Show findings with free volume space greater than 90 GB
volumes:(free>90)
Show findings with free volume space greater than or equal to 90 GB
volumes:(free>=90)
Show findings with free volume space less than 30 GB
volumes:(free<30)
Show findings with free volume space less than or equal to 30 GB
volumes:(free<=30)
Find assets synced from a certain cloud provider (AWS, AZURE, GCP). Select from names in the drop-down menu.
Examples
Show assets synced from Amazon AWS
provider: "AWS"
aws.ec2.availabilityZoneaws.ec2.availabilityZone
Use a text value ##### to find EC2 instances by the availability zone in which the instance launched.
Example
Find EC2 instances in the us-east-1a availability zone
aws.ec2.availabilityZone: us-east-1a
aws.ec2.imageIdaws.ec2.imageId
Use a text value ##### to find EC2 instances with a certain Image (AMI) ID.
Examples
Find instances related to the Image ID
aws.ec2.imageId: ami-2ea83347
Find instances that match exact value
aws.ec2.imageId: `ami-2ea83347`
aws.ec2.instanceStateaws.ec2.instanceState
Select the name of the instance state (PENDING, RUNNING, TERMINATED, STOPPED, STOPPING, SHUTTING-DOWN) you're interested in. Select from names in the drop-down menu.
Example
Find running EC2 instances
aws.ec2.instanceState: RUNNING
aws.ec2.instanceIdaws.ec2.instanceId
Use a text value ##### to find EC2 instances by the instance ID.
Example
Find EC2 instances with this ID
aws.ec2.instanceId: i-1234567890abcdef0
aws.ec2.accountIdaws.ec2.accountId
Use a text value ##### to find EC2 instances with a certain account ID.
Examples
Find EC2 instances that match this account ID
aws.ec2.accountId: 123456789012
Find EC2 instances with account ID starting "12345"
aws.ec2.accountId: 12345*
Find EC2 instances where account ID is null (remove the colon)
aws.ec2.accountId is null
aws.ec2.instanceTypeaws.ec2.instanceType
Select the type of instance you're interested in. Select from names in the drop-down menu.
Example
Find EC2 instances with instance type t2.micro
aws.ec2.instanceType: t2.micro
aws.ec2.launchDateaws.ec2.launchDate
Use a date range or specific date to define when the EC2 instance launched. Enter dates in yyyy-mm-dd format.
Examples
Find EC2 instances launched within certain dates
aws.ec2.launchDate: [2017-06-15 ... 2017-06-30]
Find EC2 instances launched on specific date
aws.ec2.launchDate:'2017-08-15'
aws.ec2.privateIpAddressaws.ec2.privateIpAddress
Use a text value ##### to define a private IPv4 address or range of IPs you're interested in.
Examples
Find EC2 instances with this private IP address
aws.ec2.privateIpAddress: 10.90.0.119
Find EC2 instances within this IP range
aws.ec2.privateIpAddress: [10.1.78.23 ... 10.100.78.235]
aws.ec2.publicIpAddressaws.ec2.publicIpAddress
Use a text value ##### to define a public IPv4 address or range of IPs you're interested in.
Examples
Find EC2 instances with this public IP address
aws.ec2.publicIpAddress: 52.70.141.154
Find EC2 instances within this IP range
aws.ec2.publicIpAddress: [52.70.141.154 ... 52.70.141.164]
aws.ec2.region.codeaws.ec2.region.code
Select the code of the region you're interested in. Select from codes in the drop-down menu.
Example
Find EC2 instances in the us-east-1 region
aws.ec2.region.code: us-east-1
aws.ec2.subnetIdaws.ec2.subnetId
Use a text value ##### to find EC2 instances by the ID of the subnet in which the interface resides.
Example
Find EC2 instances with this subnet ID
aws.ec2.subnetId: subnet-bc02c0d4
Use a text value ##### to find EC2 instances by the ID of the VPC in which the interface resides.
Example
Find EC2 instances with this VPC ID
aws.ec2.vpcId: vpc-1e37cd76
azure.vm.locationazure.vm.location
Use a text value ##### to define the region you're interested in.
Example
Find Azure instances in this location
azure.vm.location: westus
Use a text value ##### to find the Azure virtual machine name you're looking for.
Examples
Find Azure instances related to name
azure.vm.name: avset2
Find Azure instances that match exact value
azure.vm.name: `avset2`
azure.vm.privateIpAddressazure.vm.privateIpAddress
Use a text value ##### to define a private IPv4 address or range of IPs you're interested in.
Examples
Find Azure instances with this private IP
azure.vm.privateIpAddress: 10.1.2.5
Find Azure instances within this IP range
azure.vm.privateIpAddress: [10.1.2.5 ... 10.1.2.33]
azure.vm.publicIpAddressazure.vm.publicIpAddress
Use a text value ##### to define a public IPv4 address or range of IPs you're interested in.
Examples
Find Azure instances with this public IP
azure.vm.publicIpAddress: 13.126.125.189
Find Azure instances within this IP range
azure.vm.publicIpAddress: [13.126.125.180 ...
13.126.125.255]
azure.vm.resourceGroupNameazure.vm.resourceGroupName
Use a text value ##### to define the name of the resource group you're interested in.
Examples
Find Azure instances related to name
azure.vm.resourceGroupName: my-eastus-rg
Find Azure instances that match exact value
azure.vm.resourceGroupName: `my-eastus-rg`
Use a text value ##### to help you find Azure VM instances with a certain virtual machine size.
Example
Find Azure instances with this size
azure.vm.size: Standard_D1
Select the name of the instance state (DEALLOCATED, DEALLOCATING, DELETED, RUNNING, STARTING, STOPPED, STOPPING) you're interested in. Select from names in the drop-down menu.
Example
Find running Azure instances
azure.vm.state: RUNNING
azure.vm.subnetazure.vm.subnet
Use a text value ##### to define the Azure virtual machine subnet you're interested in.
Example
Find Azure instances with this subnet
azure.vm.subnet: 10.1.2.0
azure.vm.subscriptionIdazure.vm.subscriptionId
Use a text value ##### to define the subscription ID of the Azure virtual machine subscription.
Example
Find Azure instances with this subscription ID
azure.vm.subscriptionId: fbb9ea64-abda-452e-adfa-83442409
Use a text value ##### to define the Azure virtual machine ID you're looking for.
Example
Find Azure instances with this ID
azure.vm.vmId: 13f56399-bd52-4150-9748-7190aae1ff21
gcp.compute.hostnamegcp.compute.hostname
Use a text value ##### to define the hostname you're looking for.
Examples
Find GCP instances related to name
gcp.compute.hostname: instance-5.c.qvsa-dev.internal
Find GCP instances that match exact value
gcp.compute.hostname: `instance-5.c.qvsa-dev.internal`
gcp.compute.machineTypegcp.compute.machineType
Use a text value ##### to define the machine type of the virtual machine instance you're interested in.
Examples
Find GCP instances related to name
gcp.compute.machineType: n1-standard-1
Find GCP instances that match exact value
gcp.compute.machineType: `n1-standard-1`
gcp.compute.networkgcp.compute.network
Use a text value ##### to find GCP instances by the VPC network the instance belongs to.
Example
Find GCP instances with this network
gcp.compute.network: 000D3A36DDED
gcp.compute.privateIpAddressgcp.compute.privateIpAddress
Use a text value ##### to define a private IPv4 address or range of IPs you're interested in.
Examples
Find GCP instances with this private IP
gcp.compute.privateIpAddress: 10.240.0.7
Find GCP instances with this private IP range
gcp.compute.privateIpAddress: [10.240.0.7 ...
10.240.0.30]
gcp.compute.projectIdgcp.compute.projectId
Use a text value ##### to define the project ID assigned to the GCP Console project the instance belongs to.
Examples
Find GCP instances related to ID
gcp.compute.projectId: qvsa-dev
Find GCP instances that match exact value
gcp.compute.projectId: `qvsa-dev`
gcp.compute.projectNumbergcp.compute.projectNumber
Use an integer value ##### to define the project number assigned to the GCP Console project the instance belongs to.
Examples
Find GCP instances related to this number
gcp.compute.projectNumber: 1035365309337
Find GCP instances that match exact value
gcp.compute.projectNumber: `1035365309337`
gcp.compute.publicIpAddressgcp.compute.publicIpAddress
Use a text value ##### to define a public IPv4 address or range of IPs you're interested in.
Examples
Find GCP instances with this public IP
gcp.compute.publicIpAddress: 104.196.57.216
Find GCP instances within this IP range
gcp.compute.publicIpAddress: [104.196.57.216 ...
104.196.57.218]
gcp.compute.stategcp.compute.state
Type your drop-dowSelect the name of the instance state (PENDING, RUNNING, STOPPED, TERMINATED, STOPPING, SHUTTING_DOWN, DEALLOCATED) you're interested in. Select from names in the drop-down menu.
Example
Find running GCP instances
gcp.compute.state: RUNNING
gcp.compute.zonegcp.compute.zone
Use a text value ##### to define the zone of the GCP instance you're looking for
Examples
Find GCP instances related to name
gcp.compute.zone: us-east1-d
Find GCP instances that match exact value
gcp.compute.zone: `us-east1-d`
gcp.compute.instanceIdgcp.compute.instanceId
Use a text value ##### to define the Google Compute instance ID you're looking for.
Example
Find GCP instances with this ID
gcp.compute.instanceId: 4392196237934605253
gcp.labels.namegcp.labels.name
Use a text value ##### to find VM instances with a certain GCP labels name (case insensitive).
Examples
Find VM instances with key "department"
gcp.labels:(name: department)
Find VM instances that match exact key value "department"
gcp.labels:(name: 'department')
Find VM instances with key starting "dep"
gcp.labels:(name: dep*)
gcp.labels.valuegcp.labels.value
Use a text value ##### to find VM instances with a certain GCP labels value (case insensitive).
Examples
Find VM instances with tag value "product-management"
gcp.labels:(value: product-management)
Find VM instances that match exact key value "product-management"
gcp.labels:(value: 'product-management')
Find VM instances with tag value starting "product"
gcp.labels:(value: product*)
oci.compute.availabilityDomainoci.compute.availabilityDomain
Use a text value ##### to search all assets with the specified available domain.
Example
Show all assets with the available domain Lhkx:US-ASHBURN-AD-1
oci.compute.availabilityDomain:"Lhkx:US-ASHBURN-AD-1"
oci.compute.compartmentIdoci.compute.compartmentId
Use a text value ##### to search all assets with the specified OCI compartment ID.
Example
Show assets with this OCI compartment ID
oci.compute.compartmentId:"ocid1.compartment.oc1..123452sjze35z6bkhvwjtzzgcp534zj4o75tgsizg3q36wl447jvfg6dq"
oci.compute.compartmentNameoci.compute.compartmentName
Use a text value ##### to search all assets with the specified OCI compartment name.
Example
Show assets with this OCI compartment name
oci.compute.compartmentName:"ocid1.compartment.abc"
oci.compute.faultDomainoci.compute.faultDomain
Use a text value ##### to search all assets with the specified fault domain.
Example
Show all assets with fault domain FAULT-DOMAIN-1
oci.compute.faultDomain:"FAULT-DOMAIN-1"
oci.compute.imageIdoci.compute.imageId
Use a text value ##### to search all assets with the specified image ID.
Example
Show all assets with the ocid1.image.oc1.iad.aaaaaaaaffp3cnkpfxibzrdkfnxbitkgxk7al33rrhpzhfnrhfv7ml2xdpyq image ID
oci.compute.imageId:"ocid1.image.oc1.iad.aaaaaaaaffp3cnkpfxibzrdkfnxbitkgxk7al33rrhpzhfnrhfv7ml2xdpyq"
oci.compute.ociIdoci.compute.ociId
Use a text value ##### to search all assets with the specified OCI ID.
Example
Show assets with this OCI ID
oci.compute.ociId:"ocid1.compartment.oc1..1234567lbhcx2ajiagh57wrurvqs2ubd4ttaimgy22cxh3r6brpmmugq"
oci.compute.regionoci.compute.region
Use a text value ##### to search all assets in the specified region.
Example
Show all assets with the region us-east-1
oci.compute.region:"us-east-1"
oci.compute.shapeoci.compute.shape
Use a text value ##### to search all assets with the specified shape.
Example
Show all assets with the shape x5-2.36.512
oci.compute.shape:"x5-2.36.512"
oci.compute.stateoci.compute.state
Use a text value ##### to search all assets with specific compute state.
Example
Show all assets with the compute state Starting
oci.compute.state:STARTING
oci.compute.tenantIdoci.compute.tenantId
Use a text value ##### to search all assets with specific tenant ID.
Example
Show all assets with the specific tenant ID
oci.compute.tenantId:"ocid1.tenancy.oc1..aaaaaaaax2gwhq3hszjqhte5pgzijgyge6gvlsrqar6kxn7itwhk7keokamq"
oci.compute.tenantNameoci.compute.tenantName
Use a text value ##### to search all assets with specific tenant name.
Example
Show all assets with the specific tenant name
oci.compute.tenantName:"oraclecengg1"
oci.compute.timeCreatedoci.compute.timeCreated
Use a text value ##### to search all assets created at the specified time.
Example
Show findings with last check in within a specific date range.
oci.compute.timeCreated:[2020-01-01 ... 2020-01-10]
Show findings with last check in starting 2019-11-01, ending 1 month ago.
oci.compute.timeCreated:[2019-11-01 ... now-1M]
Show findings with last check in starting 2 weeks ago, ending 1 second ago.
oci.vnic.macAddroci.vnic.macAddr
Use a text value ##### to search all assets with the specified MAC address.
Example
Show all assets with the MAC address 02:00:17:06:bd:b3
oci.vnic(macAddr:"02:00:17:06:bd:b3")
oci.vnic.nicIndexoci.vnic.nicIndex
Use a text value ##### to search all assets with the specified index.
Example
Show all assets with the index 1
oci.vnic(nicIndex:1)
oci.vnic.privateIpoci.vnic.privateIp
Use a text value ##### to search all assets with the specified private IP.
Example
Show all assets with this private IP
oci.vnic(privateIp:10.0.0.222)
oci.vnic.publicIpoci.vnic.publicIp
Use a text value ##### to search all assets with the specified public IP.
Example
Show all assets with this public IP
oci.vnic(publicIp:10.0.0.222)
oci.vnic.subnetCidrBlockoci.vnic.subnetCidrBlock
Use a text value ##### to search all assets with the specified block.
Example
Show all assets with the block 10.0.0.0/24
oci.vnic(subnetCidrBlock:10.0.0.0/24)
oci.vnic.subnetIdoci.vnic.subnetId
Use a text value ##### to find OCI instances by the ID of the subnet in which the interface resides.
Example
Find OCI instances with this subnet ID
oci.vnic(subnetId: "subnet-bc02c0d4")
oci.vnic.subnetNameoci.vnic.subnetName
Use a text value ##### to find OCI instances by the name of the subnet in which the interface resides.
Example
Find OCI instances with this subnet name
oci.vnic(subnetName: "subnet-abc")
Use a text value ##### to search all assets with the specified VCN ID.
Example
Show all assets with this VCN ID
oci.vnic(vcnId:"ocid1.vnic.oc1.iad.abuwcljt6cdjcuwhkce37madk4p6bd6ocjknilpwzai5rsyjejteiodyp22q")
oci.vnic.vcnNameoci.vnic.vcnName
Use a text value ##### to search all assets with the specified vcn name.
Example
Show all assets with this vcn name
oci.vnic(vcnName:"abc")
oci.vnic.virtualRouterIpoci.vnic.virtualRouterIp
Use a text value ##### to search all assets with the specified router IP.
Example
Show all assets with the router IP 10.0.0.1
oci.vnic(virtualRouterIp:10.0.0.1)
oci.vnic.vlanTagoci.vnic.vlanTag
Use a text value ##### to search all assets with the specified vlan tag.
Example
Show all assets with the vlan tag 1
oci.vnic(vlanTag:1)
ibm.virtualServer.datacenterIdibm.virtualServer.datacenterId
Use a text value ##### to find IBM instances with datacenter ID .
Example
Find IBM instances with this datacenter ID
ibm.virtualServer.datacenterId: 1854895
ibm.virtualServer.deviceNameibm.virtualServer.deviceName
Use a text value ##### to find IBM instances with virtual server device name.
Examples
Find IBM instances related to name
ibm.virtualServer.deviceName: "virtualserver01.Qualys-Inc.cloud"
Find IBM instances that match exact value
ibm.virtualServer.deviceName: `virtualserver01.Qualys-Inc.cloud`
ibm.virtualServer.domainibm.virtualServer.domain
Use a text value ##### to search all assets with the specified virtual server domain.
Example
Show all assets with virtual server domain Qualys-Inc.cloud
ibm.virtualServer.domain:"Qualys-Inc.cloud"
ibm.virtualServer.idibm.virtualServer.id
Use a text value ##### to search all assets with the specified virtual server ID.
Example
Show all assets with the 8998892 virtual server ID
ibm.virtualServer.id:8998892
ibm.virtualServer.locationibm.virtualServer.location
Use a text value ##### to define the region you're interested in.
Example
Find IBM instances in this location
ibm.virtualServer.location: westus
ibm.virtualServer.privateIpAddressibm.virtualServer.privateIpAddress
Use a text value ##### to define a private IPv4 address or range of IPs you're interested in.
Examples
Find IBM instances with this private IP
ibm.virtualServer.privateIpAddress: 10.240.0.7
Find IBM instances with this private IP range
ibm.virtualServer.privateIpAddress: [10.240.0.7
... 10.240.0.30]
ibm.virtualServer.publicIpAddressibm.virtualServer.publicIpAddress
Use a text value ##### to define a public IPv4 address or range of IPs you're interested in.
Examples
Find IBM instances with this public IP
ibm.virtualServer.publicIpAddress: 10.240.0.7
Find IBM instances with this public IP range
ibm.virtualServer.publicIpAddress: [10.240.0.7
... 10.240.0.30]
ibm.virtualServer.stateibm.virtualServer.state
Use a text value ##### to search all assets with specific virtual server state.
Example
Show all assets with the virtual server state Starting
ibm.virtualServer.state:STARTING
Use values within quotes or backticks to help you find the assets with the organization name you're looking for.
Examples
Show assets details that match the exact value of the organization name
asset.org.name: `Qualys, Inc.`
Show assets details that contain parts of the organization name
asset.org.name: "Qualys,"
Use values within quotes or backticks to help you find the assets with the Internet Service Provider (ISP) name you're looking for.
Examples
Show assets that match the exact ISP name
asset.isp: `amazon.com, Inc.`
Show assets that are with the parts of the ISP name
asset.isp: "amazon.com,"
Use values within quotes or backticks to help you find the assets with the ASN value you're looking for.
Examples
Show assets that match the exact value of ASN
asset.asn: `AS8075`
Show assets that are with the parts of the ASN
asset.asn: "AS807"
Use values within quotes or backticks to help you find the assets with their domain.
Examples
Show assets that match the exact value of the domain
asset.domain: `qualys.com`
Show assets that contain parts of the domain
asset.domain: "qualys."
asset.subdomainasset.subdomain
Use values within quotes or backticks to help you find assets using their subdomains.
Examples
Show assets that match the exact value of the subdomains
asset.subdomain: `doc.qualys.com`
Show assets that contain the parts of the subdomains
asset.subdomain: "doc.qualys."
whoIs.creationDatewhoIs.creationDate
Use a date range or specific date to find all the assets with the whoIs creation date.
Examples
Show assets with whoIs creation date within certain dates
whoIs:(creationDate: [2019-01-01 ... 2019-01-15])
Show assets with whoIs creation date starting 2019-01-15, ending 1 month ago
whoIs:(creationDate: [2019-01-15 ... now-1M])
Show assets with whoIs creation date starting 2 weeks ago, ending 1-second ago
whoIs:(creationDate: [now-2w ... now-1s])
Show assets with whoIs creation date last updated on a specific date
whoIs:(creationDate: `2022-06-04`)
whoIs.registrantOrgwhoIs.registrantOrg
Use values within quotes or backticks to find all the assets using the registrant organization of domain or subdomain.
Examples
Show all the assets for which the exact registrant organization of domain/subdomain matches
whoIs:(registrantOrg: `Qualys, Inc`)
Show all the assets for which the part of the registrant organization of domain/subdomain matches
whoIs:(registrantOrg: "Qualys,")
whoIs.registrantEmailIdwhoIs.registrantEmailId
Use values within quotes or backticks to find all the assets using the registrant email id of domain or subdomain.
Examples
Show all the assets for which the exact registrant email id of the domain or subdomain matches
whoIs:(registrantEmailId: `66aab8e6ace-49101@contact.qualys.net`)
Show all the assets for which the part of the registrant email
id of the domain or subdomain matches
whoIs:(registrantEmailId: "66aab8e6ace-49101@contact.qualys.net")
whoIs.registrarwhoIs.registrar
Use values within quotes or backticks to find all the assets using the registrar.
Examples
Show all the assets for which the exact registrar matches
whoIs:(registrar: `abc net`)
Show all assets for which the part of the registrar matches
whoIs:(registrar: "abc net")
missingSoftware.detectionScoremissingSoftware.detectionScore
Use a text value ##### to show findings that match the missing software detection score
Examples
Show findings with the the missing software detection score
missingSoftware.detectionScore: 55)
Show findings with the missing software detection score
missingSoftware.detectionScore>55)
Show findings with the missing software detection score
missingSoftware.detectionScore<55)
Show findings with the missing software detection score
missingSoftware.detectionScore>=55)
Show findings with the missing software detection score
missingSoftware.detectionScore<=55)
Alibaba
Use these tokens when searching Alibaba assets.
alibaba.instance.accountIdalibaba.instance.accountId
Use a text value to define the instance id of the Alibaba cloud account.
Examples
Find Alibaba instances with the following account ID
alibaba.instance.accountId: 123456789012
Find Alibaba instances with account ID starting "12345"
alibaba.instance.accountId: 12345*
alibaba.instance.dnsServeralibaba.instance.dnsServer
Use an integer value to define the Domain Name System (DNS) configurations of the instance.
Example
Find Alibaba instances of the following DNS
alibaba.instance.dnsServer: 100.xxx.x.xxx
alibaba.instance.hasAgentalibaba.instance.hasAgent
Use the boolean value, true | false to define whether the Alibaba instance has a cloud agent installed on it.
Example
Find Alibaba instances with agents
alibaba.instance.hasAgent: true
alibaba.instance.hostNamealibaba.instance.hostName
Use a text value to find Alibaba hostname.
Example
Find Alibaba instances related to name
alibaba.instance.hostName: abc.qualys.com
alibaba.instance.imageIdalibaba.instance.imageId
Use a text value to find the Id of the image used during the instance creation process.
Example
Find instances related to image id
alibaba.instance.imageId: ubuntu_14_0405_64_20G_alibase_20170824.vhd
alibaba.instance.instanceIdalibaba.instance.instanceId
Use a text value to define the Alibaba instance id.
Example
Find Alibaba instances with this instance ID
alibaba.instance.instanceId: i-a2dxxxxsxxxxxhdfax
alibaba.instance.instanceTypealibaba.instance.instanceType
Use a text value to define the instance type.
Example
Find Alibaba instances with this instance type
alibaba.instance.instanceType: ecs.t5-lc1m1.small
alibaba.instance.interfaceIdalibaba.instance.interfaceId
Use a text value to define the identifier of the NIC.
Example
Find Alibaba instances of the following interface id
alibaba.instance.interfaceId: a2dxxxxaixxxtux572
alibaba.instance.instanceStatealibaba.instance.instanceState
Use a text value to define the state of the Alibaba instance. Some of the examples of the state of the instance are: MOVING, RUNNING, STARTED, STOPPED, STOPPING, and TERMINATED.
Example
Find Alibaba instances for the following state
alibaba.instance.instanceState: RUNNING
alibaba.instance.macAddressalibaba.instance.macAddress
Use a text value to define the MAC address.
Example
Find Alibaba instances with this MAC address
alibaba.instance.macAddress: 00:16:3e:0f:XX:XX
alibaba.instance.networkTypealibaba.instance.networkType
Use the network type values to find the Alibaba cloud instances. The network type can be vpc or classic.
Example
Find Alibaba instances with this network type
alibaba.instance.networkType: vpc
alibaba.instance.privateIpAddressalibaba.instance.privateIpAddress
Use an integer value to define a private IPv4 address or range of IPs.
Example
Find Alibaba instances with the following private IP address
alibaba.instance.privateIpAddress: 192.168.XX.XX
alibaba.instance.publicIpAddressalibaba.instance.publicIpAddress
Use an integer value to define a public IPv4 address or range of IPs.
Example
Find Alibaba instances with the following public IP address
alibaba.instance.publicIpAddress: 149.xx.xx.xx
alibaba.instance.region.codealibaba.instance.region.code
Use a text value to find the alibaba cloud instances that belong to the region with specific code. Some of the examples of codes are ap-northeast-1, ap-south-1, nanjing, cn-chengdu, and eu-central-1.
Example
Find Alibaba instances for the following region code
alibaba.instance.region.code: cn-chengdu
alibaba.instance.region.namealibaba.instance.region.name
Use a text value to define the region name. Australia (Sydney), Beijing, China, Japan (Tokyo), India (Mumbai), and Philippines (Manila).
Example
Find Alibaba instances for the following region
alibaba.instance.region.name: US (Silicon Valley)
alibaba.instance.serialNumberalibaba.instance.serialNumber
Use a text value to define the serial number of the instance.
Example
Find Alibaba instances of the following serial number
alibaba.instance.serialNumber: 12trexxxxr-3xx-xxx-rtg4-xxxx6t45
alibaba.instance.vpcCidrBlockalibaba.instance.vpcCidrBlock
Use a text value to define the serial number of the instance.
Example
Find Alibaba instances of the following CIDR block
alibaba.instance.vpcCidrBlock: 172.xx.x.x/16
alibaba.instance.vpcIdalibaba.instance.vpcId
Use a text value to search all the Alibaba instances with the specified VPC ID.
Example
Show Alibaba instances with this VPC ID
alibaba.instance.vpcId: vpc-a2d6pxxxxvvdadd5yikj
alibaba.instance.vswitchIdalibaba.instance.vswitchId
Use a text value to search all the Alibaba instances with the specified vswitchId.
Example
Show Alibaba instances with of the following switch ID
alibaba.instance.vswitchId: vsw-a2dxxxoxxxxsqx1mxxxdd
alibaba.instance.vswitchCidrBlockalibaba.instance.vswitchCidrBlock
Use an integer value to define the CIDR block of the switch to which the Alibaba instance is connected.
Example
Find Alibaba instances of the following CIDR block of the switch
alibaba.instance.vswitchCidrBlock: 192.168.XX.XX/24
alibaba.instance.zoneIdalibaba.instance.zoneId
Use a text value to define the zone id.
Examples
Find Alibaba instances of the following zone id
alibaba.instance.zoneId: cn-chengdu-a
Supported Boolean Operators
The Qualys Query Language (QQL) supports the following logical or Boolean query operators. Use these operators in your queries to narrow down or broaden your search.
Narrow down your search by using the 'and' operator in your Boolean query. The result contains all the token values that you provide in your query.
Example
asset.status: Enrolled and asset.assetID: 122855563
The asset having the ID 122855563 and with status as Enrolled is returned in the result.
Narrow down your search by using the 'not' operator in your Boolean query. The result contains all the other values except the one that you specify after 'not' in your query.
Example
not tags.name: Windows
Assets with the Windows tag are excluded from search results.
Broaden your search by using the 'or' operator in your Boolean query. The result contains any of the token values that you provide in your query.
Example
tags.name:Cloud Agent or tags.name:Windows
The assets that have the Cloud Agent tag or the Windows tag are returned in the result.