Search Tokens for Rules

Syntax help displayed in UI for tokens. Click each token to learn more about it.

Alerting use-cases support limited search tokens, since alerts flag incidents other than the normal or beyond the defined threshold. Only tokens that help in asset scoping OR directly related to the alert evaluation are supported for alerting rule creation.

Note:

- For all the date-related tokens, the date search is evaluated only for UTC format. The actual search results might show you the date as per your time zone.

- For the range searches, remember that the QQL search tokens are case-sensitive. Hence, make sure that you enter the correct token syntax. For more information, see Range Searches.

 

 

asset.createdasset.created

Use a date range or specific date to define when assets were created.

Examples

Show assets created within certain dates

asset.created:[2019-01-01 ... 2019-01-15]

Show assets created starting 2019-01-15, ending 1 month ago

asset.created:[2019-01-15 ... now-1M]

Show assets created starting 2 weeks ago, ending 1 second ago

asset.created:[now-2w ... now-1s]

Show assets created on a specific date

asset.created:'2019-03-18'

asset.lastLoggedOnUserasset.lastLoggedOnUser

Use a text value ##### to help you find assets last logged into by a user of interest.

Examples

Show assets with last logon by user asmith

asset.lastLoggedOnUser:asmith

asset.lastUpdatedasset.lastUpdated

Use a date range or specific date to define when assets were last updated.

Examples

Show assets last updated within certain dates

asset.lastUpdated:[2019-01-01 ... 2019-01-15]

Show assets last updated starting 2019-01-15, ending 1 month ago

asset.lastUpdated:[2019-01-15 ... now-1M]

Show assets last updated starting 2 weeks ago, ending 1 second ago

asset.lastUpdated:[now-2w ... now-1s]

Show assets last updated on a specific date

asset.lastUpdated:'2019-03-18'

asset.lastLocation.countryasset.lastLocation.country

Use a text value ##### to help you find assets based on country of the last location.

Example

Show assets with last location country as United States

asset.lastLocation.country: United States

sensors.lastVmScansensors.lastVmScan

Use a date range or specific date to define when last VM scan was performed.

Examples

Show last VM scan within certain dates

sensors.lastVmScan:[2019-01-01 ... 2019-01-15]

Show last VM scan starting 2019-01-15, ending 1 month ago

sensors.lastVmScan:[2019-01-15 ... now-1M]

Show last VM scan starting 2 weeks ago, ending 1 second ago

sensors.lastVmScan:[now-2w ... now-1s]

Show last VM scan on a specific date

sensors.lastVmScan:'2019-03-18'

asset.nameasset.name

Use values within quotes or backticks to help you find the asset name you're looking for.

Examples

Show any findings that match the beginning of any substrings within the asset name

asset.name:"ACMENVT7"

Show any findings that match exact value "ACMENVT7"

asset.name:`ACMENVT7`

asset.domainRoleasset.domainRole

Use values within quotes or backticks to help you find the assets with certain domain role (Standalone Workstation, Member Workstation, Standalone Server, Member Server, Backup Domain Controller, and Primary Domain Controller). Select from values in the drop-down menu.

Examples

Show any findings that contain parts of name

asset.domainRole:"Member Ser"

Show any findings that match exact value "Member Server"

asset.domainRole:`Member Server`

asset.netbiosNameasset.netbiosName

Use a text value ##### to define the asset NetBIOS name you're interested in.

Examples

Show the asset with this name

asset.netbiosName:ACMENVT7

asset.trackingMethodasset.trackingMethod

Find assets with certain tracking method (QAGENT, IP, DNSNAME, NETBIOS, INSTANCE_ID, OCA, VIRTUAL_MACHINE_ID, SEM, and GCP_INSTANCE_ID). Select from values in the drop-down menu.

Example

Find assets with this tracking method

asset.trackingMethod: QAGENT

asset.lastLocationasset.lastLocation

Use a text value ##### to help you find assets based on last location.

Example

Show assets with last location as Redwood City, California - United States

asset.lastLocation: 'Redwood City, California - United States'

Example

Show assets with last location with exact string

asset.lastLocation: `Redwood City, California - United States`

asset.criticalityScoreasset.criticalityScore

Use values within quotes or backticks to help you find the assets you're looking for based on the asset criticality score. The supported values are 1 to 5.

Examples

Show assets based on the asset criticality score 1

asset.criticalityScore:`1`

asset.riskScoreasset.riskScore

Use a numerical value ##### to search all the assets with their severity based on the calculated risk score between 0 to 1000.

Examples

Show all the assets with a risk score 900

asset.riskScore:900

Show all the assets with risk score between the range 800 to 1000

asset.riskScore:[800 ... 1000]

Show all the assets with a risk score greater than 500

asset.riskScore >500

Show all the assets with a risk score less than or equal to 800

asset.riskScore <=800

asset.assetIDasset.assetID

Use an integer value ##### to help you find systems with a Qualys asset ID of interest.

Example

Show findings with this asset ID

asset.assetID:122855563

asset.operationalStatusasset.operationalStatus

Use a text value ##### to help you find assets based on operational status.

Example

Show assets with operational status as Repair

asset.operationalStatus: Repair

asset.environmentasset.environment

Use a text value ##### to help you find assets based on environment.

Example

Show assets with environment as Production

asset.environment: Production

asset.ownedByasset.ownedBy

Use values within quotes or backticks to help you find assets owned by.

Examples

Show any findings that contain parts of name

asset.ownedBy:"Joey"

Show any findings that match exact value "Joey Bolick"

asset.ownedBy:`Joey Bolick`

asset.managedByasset.managedBy

Use values within quotes or backticks to help you find assets managed by.

Examples

Show any findings that contain parts of name

asset.managedBy:"Byron"

Show any findings that match exact value "Byron Fortuna"

asset.managedBy:`Byron Fortuna`

asset.supportedByasset.supportedBy

Use values within quotes or backticks to help you find assets supported by.

Examples

Show any findings that contain parts of name

asset.supportedBy:"John"

Show any findings that match exact value "John Doe"

asset.supportedBy:`John Doe`

asset.supportGroupasset.supportGroup

Use values within quotes or backticks to help you find assets with support group.

Examples

Show any findings that contain parts of name

asset.supportGroup:"Compliance"

Show any findings that match exact value "Compliance Managers"

asset.supportGroup:`Compliance Managers`

asset.org.companyasset.org.company

Use a text value ##### to help you find assets with company.

Example

Show assets with company as Qualys

asset.org.company: Qualys

asset.assignedLocation.cityasset.assignedLocation.city

Use a text value ##### to help you find assets with city of the assigned location.

Example

Show assets with assigned location city as Miami

asset.assignedLocation.city: Miami

asset.assignedLocation.countryasset.assignedLocation.country

Use a text value ##### to help you find assets with country of the assigned location.

Example

Show assets with assigned location country as USA

asset.assignedLocation.country: USA

asset.lastLocation.stateasset.lastLocation.state

Use a text value ##### to help you find assets based on state of the last location.

Example

Show assets with last location state as California

asset.lastLocation.state: California

asset.hasMissingSoftwareasset.hasMissingSoftware

Use the values true | false to define whether asset has a missing software.

Example

Show asset that has a missing software

asset.hasMissingSoftware: "true"

missingSoftware.category1missingSoftware.category1

Use text value ##### to help you find the missing software category 1 value you're looking for.

Example

If you are searching for assets missing testing software, then category1 is Application Development and category2 is Testing.

Show any findings that match exact value

missingSoftware.category1:Application Development

missingSoftware.category2missingSoftware.category2

Example

If you are searching for assets missing testing software, then category1 is Application Development and category2 is Testing.

Show any findings that match exact value

missingSoftware.category2:Testing

missingSoftware.publishermissingSoftware.publisher

Use a text value ##### to find a software without publisher.

Example

Show findings without this software publisher

missingSoftware.publisher:Microsoft

missingSoftware.productmissingSoftware.product

Use a text value ##### to find a software without product name.

Example

Show findings with this exact product name

missingSoftware.product:Office

businessApp.namebusinessApp.name

Use values within quotes or backticks to help you find the business application name you're looking for.

Examples

Show any findings that contain parts of name

businessApp:(name:"HR")

Show any findings that match exact value "HR Intranet"

businessApp:(name:`HR Intranet`)

businessApp.businessCriticalitybusinessApp.businessCriticality

Use values within quotes or backticks to help you find the business application you're looking for.

Examples

Show any findings that contain parts of name

businessApp:(businessCriticality:"1 - most")

Show any findings that match exact value "1 - most critical"

businessApp:(businessCriticality:`1 - most critical`)

businessApp.ownedBybusinessApp.ownedBy

Use values within quotes or backticks to help you find business applications owned by.

Examples

Show any findings that contain parts of name

businessApp:(ownedBy:"Joey")

Show any findings that match exact value "Joey Bolick"

businessApp:(ownedBy:`Joey Bolick`)

businessApp.managedBybusinessApp.managedBy

Use values within quotes or backticks to help you find business applications managed by.

Examples

Show any findings that contain parts of name

businessApp:(managedBy:"Byron")

Show any findings that match exact value "Byron Fortuna"

businessApp:(managedBy:`Byron Fortuna`)

businessApp.supportedBybusinessApp.supportedBy

Use values within quotes or backticks to help you find business applications supported by.

Examples

Show any findings that contain parts of name

businessApp:(supportedBy:"John")

Show any findings that match exact value "John Doe"

businessApp:(supportedBy:`John Doe`)

businessApp.supportGroupbusinessApp.supportGroup

Use a text value ##### to help you find business applications with support group.

Example

Show assets with business application support group as Security

businessApp:(supportGroup: Security)

hardwarehardware

Use values within quotes or backticks to help you find the hardware name you're looking for.

Examples

Show any findings that contain parts of name

hardware:"Dell Latitude e7470"

Show any findings that match exact value

hardware:`Dell Latitude e7470`

hardware.categoryhardware.category

Use values within quotes or backticks to help you find the hardware category you're looking for.

Examples

Show any findings that match exact value

hardware.category:Printers/Laser

hardware.category1hardware.category1

Use text value ##### to find assets with hardware category 1 value.

Example

If you are searching for assets that are laser printers, then category1 is Printers and category2 is Laser.

Show any findings that match exact value

hardware.category1:Printers

hardware.category2hardware.category2

Use text value ##### to find assets with hardware category 2 value.

Example

If you are searching for assets that are laser printers, then category1 is Printers and category2 is Laser.

Show any findings that match exact value

hardware.category2:Laser

hardware.lifecycle.eoshardware.lifecycle.eos

Use a date range or specific date to define a hardware End-of-Sale date of interest.

Examples

Show findings with hardware End-of-Sale date in this date range

hardware.lifecycle.eos:[2019-01-01 ... 2019-01-15]

Show findings with hardware End-of-Sale date starting 2019-01-15, ending 1 month ago

hardware.lifecycle.eos:[2019-01-15 ... now-1M]

Show findings with hardware End-of-Sale date starting 2 weeks ago, ending 1 second ago

hardware.lifecycle.eos:[now-2w ... now-1s]

Show findings with this hardware End-of-Sale date

hardware.lifecycle.eos:'2019-03-18'

hardware.lifecycle.obshardware.lifecycle.obs

Use a date range or specific date to define a hardware obsolete date of interest.

Examples

Show findings with hardware obsolete date in this date range

hardware.lifecycle.obs:[2019-01-01 ... 2019-01-15]

Show findings with hardware obsolete date starting 2019-01-15, ending 1 month ago

hardware.lifecycle.obs:[2019-01-15 ... now-1M]

Show findings with hardware obsolete date starting 2 weeks ago, ending 1 second ago

hardware.lifecycle.obs:[now-2w ... now-1s]

Show findings with this hardware obsolete date

hardware.lifecycle.obs:'2019-03-18'

hardware.lifecycle.stagehardware.lifecycle.stage

Use a text value ##### in quotes to define the hardware lifecycle stage (INTRO, GA, EOS, OBS)

Example

Show End-of-Sale hardware

hardware.lifecycle.stage:"EOS"

hardware.manufacturerhardware.manufacturer

Use values within quotes or backticks to find assets having a certain hardware manufacturer.

Example

Show any findings that match exact value "Dell"

hardware.manufacturer:`Dell`

hardware.modelhardware.model

Use values within quotes or backticks to find assets having a certain hardware model.

Example

Show any findings that match exact value "e7470"

hardware.model:`De7470`

hardware.producthardware.product

Use values within quotes or backticks to find assets having a certain hardware product.

Example

Show any findings that match exact value "Latitude"

hardware.product:`Latitude`

interfaces:(addressinterfaces:(address

Use values to define an IP address you're interested in.

Examples

Show the exact match of the IP address

interfaces:(address:`10.10.100.20`)

Show any findings that contain parts of the IP address

interfaces:(address:"10.10.100.2")
interfaces:(address: 10.10.100.2)

interfaces:(hostnameinterfaces:(hostname

Use values within quotes or backticks to help you find the hostname you're looking for.

Examples

Show any findings related to name

interfaces:(hostname: xpsp2-jp-26-111)

Show any findings that contain parts of name

interfaces:(hostname: "xpsp2-jp-26-111")

Show any findings that match exact value "xpsp2-jp-26-111"

interfaces:(hostname: `xpsp2-jp-26-111`)

Show any findings related to name (we'll match super domains)

interfaces:(hostname: qcentos71sqp3.rdlab.acme.com)

Show any findings that match exact value "qcentos71sqp3.rdlab.acme.com"

interfaces:(hostname: `qcentos71sqp3.rdlab.acme.com`)

Show findings according to values entered in the square brackets.

Note: You can add multiple values in []. However, it's important to understand that partial values are not supported. You must enter the exact match value.

Example with correct syntax - interfaces:(hostname: [win7-181, bridge.vuln.qa.qualys.com])

Example with incorrect syntax - interfaces:(hostname: [win7, bridge.vuln.qa])

interfaces:(gatewayAddressinterfaces:(gatewayAddress

Use a text value ##### to help you find assets with a certain default gateway address.

Example

Show assets with this default gateway address

interfaces:(gatewayAddress:10.11.65.1)

inventory.createdinventory.created

Use a date range or specific date to define when assets were created (i.e. when first scanned by a scanner appliance, or when agent was installed).

Examples

Show assets created within certain dates

inventory.created:[2019-01-01 ... 2019-01-15]

Show assets created starting 2019-01-15, ending 1 month ago

inventory.created:[2019-01-15 ... now-1M]

Show assets created starting 2 weeks ago, ending 1 second ago

inventory.created:[now-2w ... now-1s]

Show assets created on specific date

inventory.created:'2019-03-18'

inventory.lastUpdatedinventory.lastUpdated

Use a date range or specific date to define when assets were updated (i.e. when re-scanned by a scanner appliance, or when host data uploaded to the Qualys Enterprise TruRisk™ Platform by an agent).

Examples

Show assets updated within certain dates

inventory.lastUpdated: [2019-01-01 ... 2019-01-15]

Show assets updated starting 2019-01-15, ending 3 months ago

inventory.lastUpdated: [2019-01-15 ... now-3M]

Show assets updated starting 2 weeks ago, ending 1 second ago

inventory.lastUpdated: [now-2w ... now-1s]

Show assets updated on a specific date

inventory.lastUpdated:'2019-03-18'

inventory.sourceinventory.source

Use a text value ##### to help you find assets from a certain Qualys source (QAGENT, IP, DNSNAME, NETBIOS, INSTANCE_ID, OCA, VIRTUAL_MACHINE_ID, SEM, and GCP_INSTANCE_ID). Select from values in the drop-down menu.

Example

Show findings from cloud agents

inventory.source:QAGENT

openPorts.firstFoundopenPorts.firstFound

Use a date range or specific date to define when open ports were first found.

Examples

Show open ports found within certain dates

openPorts:(firstFound: [2019-01-01 ... 2019-01-15])

Show open ports found starting 2019-01-15, ending 3 months ago

openPorts:(firstFound: [2019-01-15 ... now-3M])

Show open ports found starting 2 weeks ago, ending 1 second ago

openPorts:(firstFound: [now-2w ... now-1s])

Show open ports found on a specific date

openPorts:(firstFound:'2019-03-18')

openPorts.lastUpdatedopenPorts.lastUpdated

Use a date range or specific date to define when open ports were last updated.

Examples

Show open ports last updated within certain dates

openPorts:(lastUpdated:[2019-01-01 ... 2019-01-15])

Show open ports last updated starting 2019-01-15, ending 1 month ago

openPorts:(lastUpdated:[2019-01-15 ... now-1M])

Show open ports last updated starting 2 weeks ago, ending 1 second ago

openPorts:(lastUpdated:[now-2w ... now-1s])

Show open ports last updated on a specific date

openPorts:(lastUpdated:'2019-03-18')

openPorts.portopenPorts.port

Use an integer value ##### to help you find assets with some open port.

Example

Show assets with open port 80

openPorts:(port:80)

operatingSystemoperatingSystem

Use values within quotes or backticks to help you find the full operating system name you're looking for.

Examples

Show any findings that contain components of OS name

operatingSystem:"Windows 7 SP2 Enterprise"

Show any findings that match exact value

operatingSystem:`Windows 7 SP2 Enterprise`

operatingSystem.architectureoperatingSystem.architecture

Use text value ##### to help you find the operating system architecture you're looking for, i.e. 32-Bit or 64-Bit.

Example

Show any findings that match exact value

operatingSystem.architecture:64-Bit

operatingSystem.categoryoperatingSystem.category

Use text value ##### to help you find the full operating system category name you're looking for, i.e. Windows, Unix, Linux, Mac and more.

Example

Show any findings that match exact value

operatingSystem.category:Windows/Embedded

operatingSystem.category1operatingSystem.category1

Use text value ##### to help you find the operating system category 1 value you're looking for.

Example

Show any findings that match exact value

If you are searching for assets with Windows Embedded operating system, then category1 is Windows and category2 is Embedded.

operatingSystem.category1:Windows

operatingSystem.category2operatingSystem.category2

Use values within quotes or backticks to help you find the operating system category 1 value you're looking for.

Example

If you are searching for assets with Windows Embedded operating system, then category1 is Windows and category2 is Embedded.

Show any findings that match exact value

operatingSystem.category2:Embedded

operatingSystem.editionoperatingSystem.edition

Use text value ##### to help you find the operating system edition you're looking for.

Example

Show any findings that match exact value

operatingSystem.edition:Enterprise

operatingSystem.installDateoperatingSystem.installDate

Use a date range or specific date to define an operating system install date of interest.

Examples

Show findings with operating system install date in this date range

operatingSystem.installDate:[2019-01-01 ... 2019-01-15]

Show findings with operating system install date starting 2019-01-15, ending 1 month ago

operatingSystem.installDate:[2019-01-15 ... now-1M]

Show findings with operating system install date starting 2 weeks ago, ending 1 second ago

operatingSystem.installDate:[now-2w ... now-1s]

Show findings with this operating system install date

operatingSystem.installDate:'2019-03-18'

operatingSystem.lifecycle.eoloperatingSystem.lifecycle.eol

Use a date range or specific date to define an operating system End-of-Life date of interest.

Examples

Show findings with operating system End-of-Life date in this date range

operatingSystem.lifecycle.eol:[2019-01-01 ... 2019-01-15]

Show findings with operating system End-of-Life date starting 2019-01-15, ending 1 month ago

operatingSystem.lifecycle.eol:[2019-01-15 ... now-1M]

Show findings with operating system End-of-Life date starting 2 weeks ago, ending 1 second ago

operatingSystem.lifecycle.eol:[now-2w ... now-1s]

Show findings with this operating system End-of-Life date

operatingSystem.lifecycle.eol:'2019-03-18'

operatingSystem.lifecycle.eosoperatingSystem.lifecycle.eos

Use a date range or specific date to define an operating system End-of-Support date of interest.

Examples

Show findings with operating system End-of-Support date in this date range

operatingSystem.lifecycle.eos:[2019-01-01 ... 2019-01-15]

Show findings with operating system End-of-Support date starting 2019-01-15, ending 1 month ago

operatingSystem.lifecycle.eos:[2019-01-15 ... now-1M]

Show findings with operating system End-of-Support date starting 2 weeks ago, ending 1 second ago

operatingSystem.lifecycle.eos:[now-2w ... now-1s]

Show findings with this operating system End-of-Support date

operatingSystem.lifecycle.eos:'2019-03-18'

operatingSystem.lifecycle.stageoperatingSystem.lifecycle.stage

Use a text value ##### to define an OS lifecycle stage you're looking for, i.e. active, eol, obsolete.

Examples

Show findings having this OS lifecycle stage

operatingSystem.lifecycle.stage:eol

Show findings with OS category Windows and OS lifecycle stage "active"

operatingSystem:(category:Windows AND lifecycle.stage:eol)

operatingSystem.marketVersionoperatingSystem.marketVersion

Use text value ##### to help you find the operating system market version, e.g. Windows OS.

Example

Show any findings that match exact value

operatingSystem.marketVersion:7

operatingSystem.nameoperatingSystem.name

Use text value ##### to help you find the operating system brand name you're looking for, e.g. Windows OS.

Example

Show any findings that match exact value

operatingSystem.name:Windows 10

operatingSystem.publisheroperatingSystem.publisher

Use a text value ##### to define an operating system manufacturer you're looking for.

Example

Show findings with this exact software publisher

operatingSystem.publisher:Microsoft

operatingSystem.updateoperatingSystem.update

Use a text value ##### to define an OS update version of interest.

Example

Show findings with this exact OS update version

operatingSystem.update:SP2

operatingSystem.versionoperatingSystem.version

Use a text value ##### to define the OS version you're interested in.

Example

Show findings with this exact OS version

operatingSystem.version:16.1

software:(architecturesoftware:(architecture

Use text value ##### to help you find the software architecture you're looking for, i.e 32-Bit or 64-Bit.

Example

Show any findings that match exact value

software:(architecture:64-Bit)

software:(categorysoftware:(category

Use values within quotes or backticks to help you find a software category.

Example

Show any findings that match exact value

software:(category:`Application Development/Testing`)

software:(category1software:(category1

Use text value ##### to help you find the software category 1 value you're looking for.

Example

If you are searching for assets having testing software, then category1 is Application Development and category2 is Testing.

Show any findings that match exact value

software:(category1:Application Development)

software:(category2software:(category2

Use text value ##### to help you find the software category 2 value you're looking for.

Example

If you are searching for assets having testing software, then category1 is Application Development and category2 is Testing.

Show any findings that match exact value

software:(category2:Testing)

software:(editionsoftware:(edition

Use text value ##### to help you find the software edition you're looking for.

Example

Show any findings that match exact value

software:(edition:Professional)

software:(installDatesoftware:(installDate

Use a date range or specific date to define when software was installed.

Examples

Show software installed within certain dates

software:(installDate:[2019-01-01 ... 2019-01-15])

Show software installed starting 2019-01-15, ending 1 month ago

software:(installDate:[2019-01-15 ... now-1M])

Show software installed starting 2 weeks ago, ending 1 second ago

software:(installDate:[now-2w ... now-1s])

Show software installed on a specific date

software:(installDate:'2019-03-18')

software:(lastUpdatedsoftware:(lastUpdated

Use a date range or specific date to define when a software was last updated.

Examples

Show software last updated within certain dates

software:(lastUpdated:[2019-01-01 ... 2019-01-15])

Show software last updated starting 2019-01-15, ending 1 month ago

software:(lastUpdated:[2019-01-15 ... now-1M])

Show software last updated starting 2 weeks ago, ending 1 second ago

software:(lastUpdated:[now-2w ... now-1s])

Show software last updated on a specific date

software:(lastUpdated:'2019-03-18')

software:(lastUseDatesoftware:(lastUseDate

Use a date range or specific date to define when a software was last used.

Examples

Show software last used within certain dates

software:(lastUseDate:[2019-01-01 ... 2019-01-15])

Show software last used starting 2019-01-15, ending 1 month ago

software:(lastUseDate:[2019-01-15 ... now-1M])

Show software last used starting 2 weeks ago, ending 1 second ago

software:(lastUseDate:[now-2w ... now-1s])

Show software last used on a specific date

software:(lastUseDate:'2019-03-18')

software:(license.categorysoftware:(license.category

Use text value ##### to help you find a software license category, i.e. Open Source, Commercial.

Example

Show any findings that match exact value

software:(license.category:`Open Source`)

software:(lifecycle.eolsoftware:(lifecycle.eol

Use a date range or specific date to define an software End-of-Life date of interest.

Examples

Show findings with software End-of-Life date in this date range

software:(lifecycle.eol:[2019-01-01 ... 2019-01-15])

Show findings with software End-of-Life date starting 2019-01-15, ending 1 month ago

software:(lifecycle.eol:[2019-01-15 ... now-1M])

Show findings with software End-of-Life date starting 2 weeks ago, ending 1 second ago

software:(lifecycle.eol:[now-2w ... now-1s])

Show findings with this software End-of-Life date

software:(lifecycle.eol:'2019-03-18')

software:(lifecycle.eossoftware:(lifecycle.eos

Use a date range or specific date to define an software End-of-Support date of interest.

Examples

Show findings with software End-of-Support date in this date range

software:(lifecycle.eos:[2019-01-01 ... 2019-01-15])

Show findings with software End-of-Support date starting 2019-01-15, ending 1 month ago

software:(lifecycle.eos:[2019-01-15 ... now-1M])

Show findings with software End-of-Support date starting 2 weeks ago, ending 1 second ago

software:(lifecycle.eos:[now-2w ... now-1s])

Show findings with this software End-of-Support date

software:(lifecycle.eos:'2019-03-18')

software:(lifecycle.stagesoftware:(lifecycle.stage

Use a text value ##### to define a software lifecycle stage you're looking for, i.e. active, eol, obsolete.

Examples

Show findings having this software lifecycle stage

software:(lifecycle.stage:eol)

Show findings having software category Windows and software lifecycle stage "active"

software:(category:Windows AND lifecycle.stage:eol)

software:(marketVersionsoftware:(marketVersion

Use text value ##### to help you find a software market version, e.g. Windows OS.

Example

Show any findings that match exact value

software:(marketVersion:7)

software:(namesoftware:(name

Use values within quotes or backticks to help you find the software name you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings with this name

software:(name: VMware Tools)

Show any findings that contain parts of name

software:(name: "VMware Tools")

Show any findings that match exact value

software:(name: `VMware Tools`)

Find assets with certain tag and software installed

tags.name:`Cloud Agent` AND software: (name: "Cisco AnyConnect Secure Mobility Client" AND version: `3.1.12345`)

software:(productsoftware:(product

Use a text value ##### to define a software product name you're looking for.

Example

Show findings with this exact product name

software:(product:Office)

software:(authorizationsoftware:(authorization

Use text value ##### to help you find the installations of the software with authorization you're looking for, i.e. Authorized, Unauthorized, or Needs Review.

Example

Show installations of the software that was marked as Authorized.

software:(authorization:`Authorized`)

Show installations of the software that was marked as Unauthorized.

software:(authorization:`Unauthorized`)

Show installations of the software that needs review.

software:(authorization:`Needs Review`)

software:(publishersoftware:(publisher

Use a text value ##### to define a software manufacturer you're looking for.

Example

Show findings with this exact software publisher

software:(publisher:Microsoft)

software:(updatesoftware:(update

Use a text value ##### to define a software update version of interest.

Example

Show findings with this exact software update version

software:(update:16.0.1.2)

Show findings with software update version greater than 16.0.1.2

software:(update>16.0.1.2)

Show findings with software update version greater than or equal to 16.0.1.2

software:(update>=16.0.1.2)

Show findings with software update version less than 16.0.1.2

software:(update<16.0.1.2)

Show findings with software update version less than or equal to 16.0.1.2

software:(update<=16.0.1.2)

Show findings with software update version within this version range

software:(update:[16.0.1.2 ... 16.0.1.5])

software:(versionsoftware:(version

Use a text value ##### to define the software version you're interested in.

Example

Show findings with this exact software version

software:(version:16.0)

Show findings with software version greater than 16.0

software:(version>16.0)

Show findings with software version greater than or equal to 16.0

software:(version>=16.0)

Show findings with software version less than 16.0

software:(version<16.0)

Show findings with software version less than or equal to 16.0

software:(version<=16.0)

Show findings with software version within this version range

software:(version:[16.0 ... 20.0])

software:(componentsoftware:(component

Use a value Client, Server or " " (empty field) to identify the software component.

Example

Show findings with Client software component

software:(component:Client)

software:(firstFoundsoftware:(firstFound

Use a date range or specific date to define when software was first found.

Examples

Show assets with software first found within certain dates

software:(firstFound: [2017-06-15 ... 2017-06-30])

Show assets with software first found starting 2017-06-22, ending 1 month ago

software:(firstFound: [2017-06-22 ... now-1M])

Show assets with software first found starting 2 weeks ago, ending 1 second ago

software:(firstFound: [now-2w ... now-1s])

Show assets with software first found on specific date

software:(firstFound:'2017-06-14')

software:(isPCSupportedsoftware:(isPCSupported

Use the values true | false to define whether software is PC supported.

Example

Show software that is PC supported

software:(isPCSupported: "true")

software:(hasRunningInstancesoftware:(hasRunningInstance

Use the values true | false to find whether software has a running instance.

Example

Show software that has a running instance

software:(hasRunningInstance: "true")

tags.nametags.name

Use values within quotes or backticks to help you find the asset tag you're looking for.

Examples

Show any findings that contain "network" and "blue" in name

tags.name: "network blue"

Show any findings that contain "network" or "blue" in name (another method)

tags.name: "network" OR tags.name: blue"

Show any findings that match exact value "Cloud Agent"

tags.name: `Cloud Agent`

volumes.freevolumes.free

Use an integer value ##### to help you find assets with a certain free volume space (GB).

Examples

Show findings with free volume space greater than 90 GB

volumes:(free>90)

Show findings with free volume space greater than or equal to 90 GB

volumes:(free>=90)

Show findings with free volume space less than 30 GB

volumes:(free<30)

Show findings with free volume space less than or equal to 30 GB

volumes:(free<=30)

providerprovider

Find assets synced from a certain cloud provider (AWS, AZURE, GCP). Select from names in the drop-down menu.

Examples

Show assets synced from Amazon AWS

provider: "AWS"

aws.ec2.availabilityZoneaws.ec2.availabilityZone

Use a text value ##### to find EC2 instances by the availability zone in which the instance launched.

Example

Find EC2 instances in the us-east-1a availability zone

aws.ec2.availabilityZone: us-east-1a

aws.ec2.imageIdaws.ec2.imageId

Use a text value ##### to find EC2 instances with a certain Image (AMI) ID.

Examples

Find instances related to the Image ID

aws.ec2.imageId: ami-2ea83347

Find instances that match exact value

aws.ec2.imageId: `ami-2ea83347`

aws.ec2.instanceStateaws.ec2.instanceState

Select the name of the instance state (PENDING, RUNNING, TERMINATED, STOPPED, STOPPING, SHUTTING-DOWN) you're interested in. Select from names in the drop-down menu.

Example

Find running EC2 instances

aws.ec2.instanceState: RUNNING

aws.ec2.instanceIdaws.ec2.instanceId

Use a text value ##### to find EC2 instances by the instance ID.

Example

Find EC2 instances with this ID

aws.ec2.instanceId: i-1234567890abcdef0

aws.ec2.accountIdaws.ec2.accountId

Use a text value ##### to find EC2 instances with a certain account ID.

Examples

Find EC2 instances that match this account ID

aws.ec2.accountId: 123456789012

Find EC2 instances with account ID starting "12345"

aws.ec2.accountId: 12345*

Find EC2 instances where account ID is null (remove the colon)

aws.ec2.accountId is null

aws.ec2.instanceTypeaws.ec2.instanceType

Select the type of instance you're interested in. Select from names in the drop-down menu.

Example

Find EC2 instances with instance type t2.micro

aws.ec2.instanceType: t2.micro

aws.ec2.launchDateaws.ec2.launchDate

Use a date range or specific date to define when the EC2 instance launched. Enter dates in yyyy-mm-dd format.

Examples

Find EC2 instances launched within certain dates

aws.ec2.launchDate: [2017-06-15 ... 2017-06-30]

Find EC2 instances launched on specific date

aws.ec2.launchDate:'2017-08-15'

aws.ec2.privateIpAddressaws.ec2.privateIpAddress

Use a text value ##### to define a private IPv4 address or range of IPs you're interested in.

Examples

Find EC2 instances with this private IP address

aws.ec2.privateIpAddress: 10.90.0.119

Find EC2 instances within this IP range

aws.ec2.privateIpAddress: [10.1.78.23 ... 10.100.78.235]

aws.ec2.publicIpAddressaws.ec2.publicIpAddress

Use a text value ##### to define a public IPv4 address or range of IPs you're interested in.

Examples

Find EC2 instances with this public IP address

aws.ec2.publicIpAddress: 52.70.141.154

Find EC2 instances within this IP range

aws.ec2.publicIpAddress: [52.70.141.154 ... 52.70.141.164]

aws.ec2.region.codeaws.ec2.region.code

Select the code of the region you're interested in. Select from codes in the drop-down menu.

Example

Find EC2 instances in the us-east-1 region

aws.ec2.region.code: us-east-1

aws.ec2.subnetIdaws.ec2.subnetId

Use a text value ##### to find EC2 instances by the ID of the subnet in which the interface resides.

Example

Find EC2 instances with this subnet ID

aws.ec2.subnetId: subnet-bc02c0d4

aws.ec2.vpcIdaws.ec2.vpcId

Use a text value ##### to find EC2 instances by the ID of the VPC in which the interface resides.

Example

Find EC2 instances with this VPC ID

aws.ec2.vpcId: vpc-1e37cd76

azure.vm.locationazure.vm.location

Use a text value ##### to define the region you're interested in.

Example

Find Azure instances in this location

azure.vm.location: westus

azure.vm.nameazure.vm.name

Use a text value ##### to find the Azure virtual machine name you're looking for.

Examples

Find Azure instances related to name

azure.vm.name: avset2

Find Azure instances that match exact value

azure.vm.name: `avset2`

azure.vm.privateIpAddressazure.vm.privateIpAddress

Use a text value ##### to define a private IPv4 address or range of IPs you're interested in.

Examples

Find Azure instances with this private IP

azure.vm.privateIpAddress: 10.1.2.5

Find Azure instances within this IP range

azure.vm.privateIpAddress: [10.1.2.5 ... 10.1.2.33]

azure.vm.publicIpAddressazure.vm.publicIpAddress

Use a text value ##### to define a public IPv4 address or range of IPs you're interested in.

Examples

Find Azure instances with this public IP

azure.vm.publicIpAddress: 13.126.125.189

Find Azure instances within this IP range

azure.vm.publicIpAddress: [13.126.125.180 ... 13.126.125.255]

azure.vm.resourceGroupNameazure.vm.resourceGroupName

Use a text value ##### to define the name of the resource group you're interested in.

Examples

Find Azure instances related to name

azure.vm.resourceGroupName: my-eastus-rg

Find Azure instances that match exact value

azure.vm.resourceGroupName: `my-eastus-rg`

azure.vm.sizeazure.vm.size

Use a text value ##### to help you find Azure VM instances with a certain virtual machine size.

Example

Find Azure instances with this size

azure.vm.size: Standard_D1

azure.vm.stateazure.vm.state

Select the name of the instance state (DEALLOCATED, DEALLOCATING, DELETED, RUNNING, STARTING, STOPPED, STOPPING) you're interested in. Select from names in the drop-down menu.

Example

Find running Azure instances

azure.vm.state: RUNNING

azure.vm.subnetazure.vm.subnet

Use a text value ##### to define the Azure virtual machine subnet you're interested in.

Example

Find Azure instances with this subnet

azure.vm.subnet: 10.1.2.0

azure.vm.subscriptionIdazure.vm.subscriptionId

Use a text value ##### to define the subscription ID of the Azure virtual machine subscription.

Example

Find Azure instances with this subscription ID

azure.vm.subscriptionId: fbb9ea64-abda-452e-adfa-83442409

azure.vm.vmIdazure.vm.vmId

Use a text value ##### to define the Azure virtual machine ID you're looking for.

Example

Find Azure instances with this ID

azure.vm.vmId: 13f56399-bd52-4150-9748-7190aae1ff21

gcp.compute.hostnamegcp.compute.hostname

Use a text value ##### to define the hostname you're looking for.

Examples

Find GCP instances related to name

gcp.compute.hostname: instance-5.c.qvsa-dev.internal

Find GCP instances that match exact value

gcp.compute.hostname: `instance-5.c.qvsa-dev.internal`

gcp.compute.machineTypegcp.compute.machineType

Use a text value ##### to define the machine type of the virtual machine instance you're interested in.

Examples

Find GCP instances related to name

gcp.compute.machineType: n1-standard-1

Find GCP instances that match exact value

gcp.compute.machineType: `n1-standard-1`

gcp.compute.networkgcp.compute.network

Use a text value ##### to find GCP instances by the VPC network the instance belongs to.

Example

Find GCP instances with this network

gcp.compute.network: 000D3A36DDED

gcp.compute.privateIpAddressgcp.compute.privateIpAddress

Use a text value ##### to define a private IPv4 address or range of IPs you're interested in.

Examples

Find GCP instances with this private IP

gcp.compute.privateIpAddress: 10.240.0.7

Find GCP instances with this private IP range

gcp.compute.privateIpAddress: [10.240.0.7 ... 10.240.0.30]

gcp.compute.projectIdgcp.compute.projectId

Use a text value ##### to define the project ID assigned to the GCP Console project the instance belongs to.

Examples

Find GCP instances related to ID

gcp.compute.projectId: qvsa-dev

Find GCP instances that match exact value

gcp.compute.projectId: `qvsa-dev`

gcp.compute.projectNumbergcp.compute.projectNumber

Use an integer value ##### to define the project number assigned to the GCP Console project the instance belongs to.

Examples

Find GCP instances related to this number

gcp.compute.projectNumber: 1035365309337

Find GCP instances that match exact value

gcp.compute.projectNumber: `1035365309337`

gcp.compute.publicIpAddressgcp.compute.publicIpAddress

Use a text value ##### to define a public IPv4 address or range of IPs you're interested in.

Examples

Find GCP instances with this public IP

gcp.compute.publicIpAddress: 104.196.57.216

Find GCP instances within this IP range

gcp.compute.publicIpAddress: [104.196.57.216 ... 104.196.57.218]

gcp.compute.stategcp.compute.state

Type your drop-dowSelect the name of the instance state (PENDING, RUNNING, STOPPED, TERMINATED, STOPPING, SHUTTING_DOWN, DEALLOCATED) you're interested in. Select from names in the drop-down menu.

Example

Find running GCP instances

gcp.compute.state: RUNNING

gcp.compute.zonegcp.compute.zone

Use a text value ##### to define the zone of the GCP instance you're looking for

Examples

Find GCP instances related to name

gcp.compute.zone: us-east1-d

Find GCP instances that match exact value

gcp.compute.zone: `us-east1-d`

gcp.compute.instanceIdgcp.compute.instanceId

Use a text value ##### to define the Google Compute instance ID you're looking for.

Example

Find GCP instances with this ID

gcp.compute.instanceId: 4392196237934605253

gcp.labels.namegcp.labels.name

Use a text value ##### to find VM instances with a certain GCP labels name (case insensitive).

Examples

Find VM instances with key "department"

gcp.labels:(name: department)

Find VM instances that match exact key value "department"

gcp.labels:(name: 'department')

Find VM instances with key starting "dep"

gcp.labels:(name: dep*)

gcp.labels.valuegcp.labels.value

Use a text value ##### to find VM instances with a certain GCP labels value (case insensitive).

Examples

Find VM instances with tag value "product-management"

gcp.labels:(value: product-management)

Find VM instances that match exact key value "product-management"

gcp.labels:(value: 'product-management')

Find VM instances with tag value starting "product"

gcp.labels:(value: product*)

oci.compute.availabilityDomainoci.compute.availabilityDomain

Use a text value ##### to search all assets with the specified available domain.

Example

Show all assets with the available domain Lhkx:US-ASHBURN-AD-1

oci.compute.availabilityDomain:"Lhkx:US-ASHBURN-AD-1"

oci.compute.compartmentIdoci.compute.compartmentId

Use a text value ##### to search all assets with the specified OCI compartment ID.

Example

Show assets with this OCI compartment ID

oci.compute.compartmentId:"ocid1.compartment.oc1..123452sjze35z6bkhvwjtzzgcp534zj4o75tgsizg3q36wl447jvfg6dq"

oci.compute.compartmentNameoci.compute.compartmentName

Use a text value ##### to search all assets with the specified OCI compartment name.

Example

Show assets with this OCI compartment name

oci.compute.compartmentName:"ocid1.compartment.abc"

oci.compute.faultDomainoci.compute.faultDomain

Use a text value ##### to search all assets with the specified fault domain.

Example

Show all assets with fault domain FAULT-DOMAIN-1

oci.compute.faultDomain:"FAULT-DOMAIN-1"

oci.compute.imageIdoci.compute.imageId

Use a text value ##### to search all assets with the specified image ID.

Example

Show all assets with the  ocid1.image.oc1.iad.aaaaaaaaffp3cnkpfxibzrdkfnxbitkgxk7al33rrhpzhfnrhfv7ml2xdpyq image ID

oci.compute.imageId:"ocid1.image.oc1.iad.aaaaaaaaffp3cnkpfxibzrdkfnxbitkgxk7al33rrhpzhfnrhfv7ml2xdpyq"

oci.compute.ociIdoci.compute.ociId

Use a text value ##### to search all assets with the specified OCI ID.

Example

Show assets with this OCI ID

oci.compute.ociId:"ocid1.compartment.oc1..1234567lbhcx2ajiagh57wrurvqs2ubd4ttaimgy22cxh3r6brpmmugq"

oci.compute.regionoci.compute.region

Use a text value ##### to search all assets in the specified region.

Example

Show all assets with the region us-east-1

oci.compute.region:"us-east-1"

oci.compute.shapeoci.compute.shape

Use a text value ##### to search all assets with the specified shape.

Example

Show all assets with the shape x5-2.36.512

oci.compute.shape:"x5-2.36.512"

oci.compute.stateoci.compute.state

Use a text value ##### to search all assets with specific compute state.

Example

Show all assets with the compute state Starting

oci.compute.state:STARTING

oci.compute.tenantIdoci.compute.tenantId

Use a text value ##### to search all assets with specific tenant ID.

Example

Show all assets with the specific tenant ID

oci.compute.tenantId:"ocid1.tenancy.oc1..aaaaaaaax2gwhq3hszjqhte5pgzijgyge6gvlsrqar6kxn7itwhk7keokamq"

oci.compute.tenantNameoci.compute.tenantName

Use a text value ##### to search all assets with specific tenant name.

Example

Show all assets with the specific tenant name

oci.compute.tenantName:"oraclecengg1"

oci.compute.timeCreatedoci.compute.timeCreated

Use a text value ##### to search all assets created at the specified time.

Example

Show findings with last check in within a specific date range.

oci.compute.timeCreated:[2020-01-01 ... 2020-01-10]

Show findings with last check in starting 2019-11-01, ending 1 month ago.

oci.compute.timeCreated:[2019-11-01 ... now-1M]

Show findings with last check in starting 2 weeks ago, ending 1 second ago.

oci.tags.keyoci.tags.key

Use a text value ##### to search all assets with the specified tag key.

Example

Show all assets with the tag key CreatedBy

oci.tags(key:CreatedBy)

oci.tags.namespaceoci.tags.namespace

Use a text value ##### to search all assets with the specified namespace.

Example

Show all assets with the namespace Oracle-Tags

oci.tags(namespace:"Oracle-Tags")

oci.tags.typeoci.tags.type

Use a text value ##### to search all assets with specific tag type.

Example

Show all assets with the specific tag type

oci.tags(type:DEFINED)

oci.tags.valueoci.tags.value

Use a text value ##### to search all assets with the specified tag value.

Example

Show all assets with the tag value 2021-02-09

oci.tags(value:"2021-02-09")

oci.vnic.macAddroci.vnic.macAddr

Use a text value ##### to search all assets with the specified MAC address.

Example

Show all assets with the MAC address 02:00:17:06:bd:b3

oci.vnic(macAddr:"02:00:17:06:bd:b3")

oci.vnic.nicIndexoci.vnic.nicIndex

Use a text value ##### to search all assets with the specified index.

Example

Show all assets with the index 1

oci.vnic(nicIndex:1)

oci.vnic.privateIpoci.vnic.privateIp

Use a text value ##### to search all assets with the specified private IP.

Example

Show all assets with this private IP

oci.vnic(privateIp:10.0.0.222)

oci.vnic.publicIpoci.vnic.publicIp

Use a text value ##### to search all assets with the specified public IP.

Example

Show all assets with this public IP

oci.vnic(publicIp:10.0.0.222)

oci.vnic.subnetCidrBlockoci.vnic.subnetCidrBlock

Use a text value ##### to search all assets with the specified block.

Example

Show all assets with the block 10.0.0.0/24

oci.vnic(subnetCidrBlock:10.0.0.0/24)

oci.vnic.subnetIdoci.vnic.subnetId

Use a text value ##### to find OCI instances by the ID of the subnet in which the interface resides.

Example

Find OCI instances with this subnet ID

oci.vnic(subnetId: "subnet-bc02c0d4")

oci.vnic.subnetNameoci.vnic.subnetName

Use a text value ##### to find OCI instances by the name of the subnet in which the interface resides.

Example

Find OCI instances with this subnet name

oci.vnic(subnetName: "subnet-abc")

oci.vnic.vcnIdoci.vnic.vcnId

Use a text value ##### to search all assets with the specified VCN ID.

Example

Show all assets with this VCN ID

oci.vnic(vcnId:"ocid1.vnic.oc1.iad.abuwcljt6cdjcuwhkce37madk4p6bd6ocjknilpwzai5rsyjejteiodyp22q")

oci.vnic.vcnNameoci.vnic.vcnName

Use a text value ##### to search all assets with the specified vcn name.

Example

Show all assets with this vcn name

oci.vnic(vcnName:"abc")

oci.vnic.virtualRouterIpoci.vnic.virtualRouterIp

Use a text value ##### to search all assets with the specified router IP.

Example

Show all assets with the router IP 10.0.0.1

oci.vnic(virtualRouterIp:10.0.0.1)

oci.vnic.vlanTagoci.vnic.vlanTag

Use a text value ##### to search all assets with the specified vlan tag.

Example

Show all assets with the vlan tag 1

oci.vnic(vlanTag:1)

oci.vnic.vnicId

ibm.tags.nameibm.tags.name

Use a text value ##### to find IBM instances with a certain tag name (case insensitive).

Examples

Find IBM instances with name "devops"

ibm.tags.name: devops

Find IBM instances with name starting "dev"

ibm:tags.name: dev*

Find IBM instances with name ending "ops"

ibm.tags.name: *ops

ibm.tags.valueibm.tags.value

Use a text value ##### to find IBM instances with a certain tag value (case insensitive).

Examples

Find IBM instances with tag value "dailybuild"

ibm.tags.value: dailybuild

Find IBM instances with tag value starting "daily"

ibm.tags.value: daily*

Find IBM instances with tag value ending "build"

ibm.tags.value: *build

ibm.virtualServer.datacenterIdibm.virtualServer.datacenterId

Use a text value ##### to find IBM instances with datacenter ID .

Example

Find IBM instances with this datacenter ID

ibm.virtualServer.datacenterId: 1854895

ibm.virtualServer.deviceNameibm.virtualServer.deviceName

Use a text value ##### to find IBM instances with virtual server device name.

Examples

Find IBM instances related to name

ibm.virtualServer.deviceName: "virtualserver01.Qualys-Inc.cloud"

Find IBM instances that match exact value

ibm.virtualServer.deviceName: `virtualserver01.Qualys-Inc.cloud`

ibm.virtualServer.domainibm.virtualServer.domain

Use a text value ##### to search all assets with the specified virtual server domain.

Example

Show all assets with virtual server domain Qualys-Inc.cloud

ibm.virtualServer.domain:"Qualys-Inc.cloud"

ibm.virtualServer.idibm.virtualServer.id

Use a text value ##### to search all assets with the specified virtual server ID.

Example

Show all assets with the  8998892 virtual server ID

ibm.virtualServer.id:8998892

ibm.virtualServer.locationibm.virtualServer.location

Use a text value ##### to define the region you're interested in.

Example

Find IBM instances in this location

ibm.virtualServer.location: westus

ibm.virtualServer.privateIpAddressibm.virtualServer.privateIpAddress

Use a text value ##### to define a private IPv4 address or range of IPs you're interested in.

Examples

Find IBM instances with this private IP

ibm.virtualServer.privateIpAddress: 10.240.0.7

Find IBM instances with this private IP range

ibm.virtualServer.privateIpAddress: [10.240.0.7 ... 10.240.0.30]

ibm.virtualServer.publicIpAddressibm.virtualServer.publicIpAddress

Use a text value ##### to define a public IPv4 address or range of IPs you're interested in.

Examples

Find IBM instances with this public IP

ibm.virtualServer.publicIpAddress: 10.240.0.7

Find IBM instances with this public IP range

ibm.virtualServer.publicIpAddress: [10.240.0.7 ... 10.240.0.30]

ibm.virtualServer.stateibm.virtualServer.state

Use a text value ##### to search all assets with specific virtual server state.

Example

Show all assets with the virtual server state Starting

ibm.virtualServer.state:STARTING

asset.org.nameasset.org.name

Use values within quotes or backticks to help you find the assets with the organization name you're looking for.

Examples

Show assets details that match the exact value of the organization name

asset.org.name: `Qualys, Inc.`

Show assets details that contain parts of the organization name

asset.org.name: "Qualys,"

asset.ispasset.isp

Use values within quotes or backticks to help you find the assets with the Internet Service Provider (ISP) name you're looking for.

Examples

Show assets that match the exact ISP name

asset.isp: `amazon.com, Inc.`

Show assets that are with the parts of the ISP name

asset.isp: "amazon.com,"

asset.asnasset.asn

Use values within quotes or backticks to help you find the assets with the ASN value you're looking for.

Examples

Show assets that match the exact value of ASN

asset.asn: `AS8075`

Show assets that are with the parts of the ASN

asset.asn: "AS807"

asset.domainasset.domain

Use values within quotes or backticks to help you find the assets with their domain.

Examples

Show assets that match the exact value of the domain

asset.domain: `qualys.com`

Show assets that contain parts of the domain

asset.domain: "qualys."

asset.subdomainasset.subdomain

Use values within quotes or backticks to help you find assets using their subdomains.

Examples

Show assets that match the exact value of the subdomains

asset.subdomain: `doc.qualys.com`

Show assets that contain the parts of the subdomains

asset.subdomain: "doc.qualys."

whoIs.creationDatewhoIs.creationDate

Use a date range or specific date to find all the assets with the whoIs creation date.

Examples

Show assets with whoIs creation date within certain dates

whoIs:(creationDate: [2019-01-01 ... 2019-01-15])

Show assets with whoIs creation date starting 2019-01-15, ending 1 month ago

whoIs:(creationDate: [2019-01-15 ... now-1M])

Show assets with whoIs creation date starting 2 weeks ago, ending 1-second ago

whoIs:(creationDate: [now-2w ... now-1s])

Show assets with whoIs creation date last updated on a specific date

whoIs:(creationDate: `2022-06-04`)

whoIs.registrantOrgwhoIs.registrantOrg

Use values within quotes or backticks to find all the assets using the registrant organization of domain or subdomain.

Examples

Show all the assets for which the exact registrant organization of domain/subdomain matches

whoIs:(registrantOrg: `Qualys, Inc`)

Show all the assets for which the part of the registrant organization of domain/subdomain matches

whoIs:(registrantOrg: "Qualys,")

whoIs.registrantEmailIdwhoIs.registrantEmailId

Use values within quotes or backticks to find all the assets using the registrant email id of domain or subdomain.

Examples

Show all the assets for which the exact registrant email id of the domain or subdomain matches

whoIs:(registrantEmailId: `66aab8e6ace-49101@contact.qualys.net`)

Show all the assets for which the part of the registrant email id of the domain or subdomain matches

whoIs:(registrantEmailId: "66aab8e6ace-49101@contact.qualys.net")

whoIs.registrarwhoIs.registrar

Use values within quotes or backticks to find all the assets using the registrar.

Examples

Show all the assets for which the exact registrar matches

whoIs:(registrar: `abc net`)

Show all assets for which the part of the registrar matches

whoIs:(registrar: "abc net")

operatingSystem.lifecycle.detectionScoreoperatingSystem.lifecycle.detectionScore

Use a text value ##### to show findings that match the specified operating system lifecycle detection score

Examples

Show findings with the the operating system lifecycle detection score

operatingSystem.lifecycle.detectionScore: 20)

Show findings with the operating system lifecycle detection score

operatingSystem.lifecycle.detectionScore>20)

Show findings with the operating system lifecycle detection score

operatingSystem.lifecycle.detectionScore<20)

Show findings with the operating system lifecycle detection score

operatingSystem.lifecycle.detectionScore>=20)

Show findings with the operating system lifecycle detection score

operatingSystem.lifecycle.detectionScore<=20)

missingSoftware.detectionScoremissingSoftware.detectionScore

Use a text value ##### to show findings that match the missing software detection score

Examples

Show findings with the the missing software detection score

missingSoftware.detectionScore: 55)

Show findings with the missing software detection score

missingSoftware.detectionScore>55)

Show findings with the missing software detection score

missingSoftware.detectionScore<55)

Show findings with the missing software detection score

missingSoftware.detectionScore>=55)

Show findings with the missing software detection score

missingSoftware.detectionScore<=55)

Alibaba

Use these tokens when searching Alibaba assets.

alibaba.instance.accountIdalibaba.instance.accountId

Use a text value to define the instance id of the Alibaba cloud account.

Examples

Find Alibaba instances with the following account ID

alibaba.instance.accountId: 123456789012

Find Alibaba instances with account ID starting "12345"

alibaba.instance.accountId: 12345*

alibaba.instance.dnsServeralibaba.instance.dnsServer

Use an integer value to define the Domain Name System (DNS) configurations of the instance.

Example

Find Alibaba instances of the following DNS

alibaba.instance.dnsServer: 100.xxx.x.xxx

alibaba.instance.hasAgentalibaba.instance.hasAgent

Use the boolean value, true | false to define whether the Alibaba instance has a cloud agent installed on it.

Example

Find Alibaba instances with agents

alibaba.instance.hasAgent: true

alibaba.instance.hostNamealibaba.instance.hostName

Use a text value to find Alibaba hostname.

Example

Find Alibaba instances related to name

alibaba.instance.hostName: abc.qualys.com

alibaba.instance.imageIdalibaba.instance.imageId

Use a text value to find the Id of the image used during the instance creation process.

Example

Find instances related to image id

alibaba.instance.imageId: ubuntu_14_0405_64_20G_alibase_20170824.vhd

alibaba.instance.instanceIdalibaba.instance.instanceId

Use a text value to define the Alibaba instance id.

Example

Find Alibaba instances with this instance ID

alibaba.instance.instanceId: i-a2dxxxxsxxxxxhdfax

alibaba.instance.instanceTypealibaba.instance.instanceType

Use a text value to define the instance type.

Example

Find Alibaba instances with this instance type

alibaba.instance.instanceType: ecs.t5-lc1m1.small

alibaba.instance.interfaceIdalibaba.instance.interfaceId

Use a text value to define the identifier of the NIC.

Example

Find Alibaba instances of the following interface id

alibaba.instance.interfaceId: a2dxxxxaixxxtux572

alibaba.instance.instanceStatealibaba.instance.instanceState

Use a text value to define the state of the Alibaba instance. Some of the examples of the state of the instance are: MOVING, RUNNING, STARTED, STOPPED, STOPPING, and TERMINATED.

Example

Find Alibaba instances for the following state

alibaba.instance.instanceState: RUNNING

alibaba.instance.macAddressalibaba.instance.macAddress

Use a text value to define the MAC address.

Example

Find Alibaba instances with this MAC address

alibaba.instance.macAddress: 00:16:3e:0f:XX:XX

alibaba.instance.networkTypealibaba.instance.networkType

Use the network type values to find the Alibaba cloud instances. The network type can be vpc or classic.

Example

Find Alibaba instances with this network type

alibaba.instance.networkType: vpc

alibaba.instance.privateIpAddressalibaba.instance.privateIpAddress

Use an integer value to define a private IPv4 address or range of IPs.

Example

Find Alibaba instances with the following private IP address

alibaba.instance.privateIpAddress: 192.168.XX.XX

alibaba.instance.publicIpAddressalibaba.instance.publicIpAddress

Use an integer value to define a public IPv4 address or range of IPs.

Example

Find Alibaba instances with the following public IP address

alibaba.instance.publicIpAddress: 149.xx.xx.xx

alibaba.instance.region.codealibaba.instance.region.code

Use a text value to find the alibaba cloud instances that belong to the region with specific code. Some of the examples of codes are ap-northeast-1,  ap-south-1, nanjing, cn-chengdu, and eu-central-1.

Example

Find Alibaba instances for the following region code

alibaba.instance.region.code: cn-chengdu

alibaba.instance.region.namealibaba.instance.region.name

Use a text value to define the region name. Australia (Sydney), Beijing, China, Japan (Tokyo), India (Mumbai), and Philippines (Manila).

Example

Find Alibaba instances for the following region

alibaba.instance.region.name: US (Silicon Valley)

alibaba.instance.serialNumberalibaba.instance.serialNumber

Use a text value to define the serial number of the instance.

Example

Find Alibaba instances of the following serial number

alibaba.instance.serialNumber: 12trexxxxr-3xx-xxx-rtg4-xxxx6t45

alibaba.instance.vpcCidrBlockalibaba.instance.vpcCidrBlock

Use a text value to define the serial number of the instance.

Example

Find Alibaba instances of the following CIDR block

alibaba.instance.vpcCidrBlock: 172.xx.x.x/16

alibaba.instance.vpcIdalibaba.instance.vpcId

Use a text value to search all the Alibaba instances with the specified VPC ID.

Example

Show Alibaba instances with this VPC ID

alibaba.instance.vpcId: vpc-a2d6pxxxxvvdadd5yikj

alibaba.instance.vswitchIdalibaba.instance.vswitchId

Use a text value to search all the Alibaba instances with the specified vswitchId.

Example

Show Alibaba instances with of the following switch ID

alibaba.instance.vswitchId: vsw-a2dxxxoxxxxsqx1mxxxdd

alibaba.instance.vswitchCidrBlockalibaba.instance.vswitchCidrBlock

Use an integer value to define the CIDR block of the switch to which the Alibaba instance is connected.

Example

Find Alibaba instances of the following CIDR block of the switch

alibaba.instance.vswitchCidrBlock: 192.168.XX.XX/24

alibaba.instance.zoneIdalibaba.instance.zoneId

Use a text value to define the zone id.

Examples

Find Alibaba instances of the following zone id

alibaba.instance.zoneId: cn-chengdu-a

Supported Boolean Operators

The Qualys Query Language (QQL) supports the following logical or Boolean query operators. Use these operators in your queries to narrow down or broaden your search.

andand

Narrow down your search by using the 'and' operator in your Boolean query. The result contains all the token values that you provide in your query.

Example

asset.status: Enrolled and asset.assetID: 122855563

The asset having the ID 122855563 and with status as Enrolled is returned in the result.

notnot

Narrow down your search by using the 'not' operator in your Boolean query. The result contains all the other values except the one that you specify after 'not' in your query.

Example

not tags.name: Windows

Assets with the Windows tag are excluded from search results.

oror

Broaden your search by using the 'or' operator in your Boolean query. The result contains any of the token values that you provide in your query.

Example

tags.name:Cloud Agent or tags.name:Windows

The assets that have the Cloud Agent tag or the Windows tag are returned in the result.

© July 2025 Qualys, Inc. All rights reserved. Privacy Policy.