Search Tokens for Vulnerabilities
Supported Boolean Operators
The Qualys Query Language (QQL) supports the following logical or Boolean query operators. Use these operators in your queries to narrow down or broaden your search.
Narrow down your search by using the 'and' operator in your Boolean query. The result contains all the token values that you provide in your query.
Example
vulnerabilities.isDisabled: TRUE and vulnerabilities.detectionScore:80
The vulnerabilities that are disabled and have a detection score of 80 are returned in the result.
Broaden your search by using the 'or' operator in your Boolean query. The result contains any of the token values that you provide in your query.
Example
vulnerabilities.isDisabled: TRUE or vulnerabilities.detectionScore:80
The vulnerabilities that are disabled or the vulnerabilities that have a detection score of 80 are returned in the result.
Vulnerability Tokens
Use these tokens to define search criteria for vulnerabilities.
vulnerabilities.isDisabledvulnerabilities.isDisabled
Use the values true or false to define whether vulnerabilities are disabled or enabled.
Example
Show findings with vulnerabilities disabled
vulnerabilities.isDisabled:TRUE
vulnerabilities.detectionScorevulnerabilities.detectionScore
Use an integer value (0-100) to help you find vulnerabilities based on specific detection score.
Examples
- Show vulnerabilities with detection score 80
vulnerabilities.detectionScore:80 - Show vulnerabilities with detection score 25
vulnerabilities.detectionScore:25
vulnerabilities.isFoundvulnerabilities.isFound
Use the values true or false to define vulnerabilities are detected or not on the assets.
Example
Show findings with vulnerabilities detected
vulnerabilities.isFound:TRUE
vulnerabilities.firstFoundDatevulnerabilities.firstFoundDate
Use the date range or specific date to define when findings were first found.
Examples
- Show findings first found within certain dates
vulnerabilities.firstFoundDate:[2017-10-21 ... 2017-10-30] - Show findings first found starting 2015-10-01, ending 1 month ago
vulnerabilities.firstFoundDate:[2015-10-01 ... now-1M] - Show findings first found starting 2 weeks ago, ending 1 second ago
vulnerabilities.firstFoundDate:[now-2w ... now-1s] - Show findings first found on certain date
vulnerabilities.firstFoundDate:'2016-11-11'
vulnerabilities.isIgnoredvulnerabilities.isIgnored
Use an integer value to find vulnerabilities that have been marked as ignored.
Example
Show vulnerabilities that are marked as ignored
vulnerabilities.isIgnored:TRUE
vulnerabilities.instancevulnerabilities.instance
Use a text value to find vulnerabilities found on a certain instance.
Example
Show vulnerabilities found in this instance
vulnerabilities.instance: oracle
vulnerabilities.lastFixedDatevulnerabilities.lastFixedDate
Use a date range or specific date to define when findings were last fixed.
Examples
- Show findings last fixed within certain dates
vulnerabilities.lastFixedDate:[2015-10-21 ... 2016-01-15] - Show findings last fixed starting 2016-01-01, ending 1 month ago
vulnerabilities.lastFixedDate:[2016-01-01 ... now-1M] - Show findings last fixed starting 2 weeks ago, ending 1 second ago
vulnerabilities.lastFixedDate:[now-2w ... now-1s] - Show findings last fixed on certain date
vulnerabilities.lastFixedDate:'2016-01-11' - Show findings last fixed within certain number of days
vulnerabilities.lastFixedDate: [91..180]
vulnerabilities.lastFoundDatevulnerabilities.lastFoundDate
Use a date range or specific date to define when findings were last found.
Examples
- Show findings last found within certain dates
vulnerabilities.lastFoundDate:[2015-10-21 ... 2016-01-15] - Show findings last found starting 2016-01-01, ending 1 month ago
vulnerabilities.lastFoundDate:[2016-01-01 ... now-1M] - Show findings last found starting 2 weeks ago, ending 1 second ago
vulnerabilities.lastFoundDate:[now-2w ... now-1s] - Show findings last found on certain date
vulnerabilities.lastFoundDate:'2016-01-11' - Show findings last found within certain number of days
vulnerabilities.lastFoundDate: [91..180] - Show findings last found on 2017-01-12 with patch available
vulnerabilities: (lastFound:'2017-01-12' AND vulnerabilities.vulnerability.isPatchAvailable:TRUE)
vulnerabilities.nonExploitableConfigvulnerabilities.nonExploitableConfig
Use the values true or false to define vulnerabilities with non-exploitable configurations.
Examples
- Show findings with non exploitable configurations
vulnerabilities.nonExploitableConfig:TRUE - Show findings with exploitable configurations
vulnerabilities.nonExploitableConfig:FALSE
vulnerabilities.nonRunningKernelvulnerabilities.nonRunningKernel
Use the values true or false to view vulnerabilities found on non-running kernels.
Examples
- Show detections found on non-running Kernal
vulnerabilities.nonRunningKernel:TRUE - Show detections found on running Kernal
vulnerabilities.nonRunningKernel:FALSE
vulnerabilities.portvulnerabilities.port
Use an integer value to find vulnerabilities found on a certain port.
Example
Show vulnerabilities found on this port
vulnerabilities.port:443
vulnerabilities.protocolvulnerabilities.protocol
Use a text value UDP or TCP to define the port protocol.
Example
Show vulnerabilities found on TCP protocol
vulnerabilities.protocol:TCP
vulnerabilities.sslvulnerabilities.ssl
Use the values true or false to define vulnerabilities found on secure socket layer (SSL).
Example
Show vulnerabilities associated with SSL
vulnerabilities.ssl:TRUE
vulnerabilities.severityvulnerabilities.severity
Use an integer value to view the severity level set by you to find assets having vulnerabilities. The severity level ranges between 1-5. Select from values in the drop-down menu. If you do not set the severity level, its level will be the same as the level set by Qualys.
Example
Show findings with severity by 5
vulnerabilities.severity:5
For information about customer and Qualys severity, see Customer and Kb Severity Level
vulnerabilities.statusvulnerabilities.status
From the drop-down, select a status Active, Fixed, New, and Reopened to find vulnerabilities with certain status.
If you select the status as Fixed, the list will only show vulnerabilities that have been fixed in the last 365 days.
Example
Show vulnerabilities with New status
vulnerabilities.status:Fixed
vulnerabilities.typeDetectedvulnerabilities.typeDetected
From the drop-down, select a detection type, such as, Confirmed, Potential, and Information to find assets with vulnerabilities of this type.
Example
Show findings with this type
vulnerabilities.typeDetected:Confirmed
vulnerabilities.authTypevulnerabilities.authType
From the drop-down, select the asset.name, such as, WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH of an authentication type.
Example
Show findings with Windows auth type
vulnerabilities.authType:WINDOWS_AUTH
vulnerabilities.vulnerability.bugTraqIdvulnerabilities.vulnerability.bugTraqId
Use a text value to find a BugTraq number.
Example
Show findings with BugTraq ID 22211
vulnerabilities.vulnerability.bugTraqId:22211
vulnerabilities.vulnerability.categoryvulnerabilities.vulnerability.category
From the drop-down, select a category, such as, `CGI`, `Database`, `DNS and BIND`, `Custom QID` to find vulnerabilities with this category.
Example
- Show findings with category `CGI`
vulnerabilities.vulnerability.category:`CGI`
Use quotes or backticks within values to help you find the compliance description.
Examples
- Show any findings related to this description
vulnerabilities.vulnerability.compliance.description:malicious software - Show any findings that contain "malicious" or "software" in description
vulnerabilities.vulnerability.compliance.description:"malicious software" - Show any findings that match exact value "malicious software"
vulnerabilities.vulnerability.compliance.description:`malicious software`
vulnerabilities.vulnerability.compliance.sectionvulnerabilities.vulnerability.compliance.section
Use quotes or backticks within values to help you find the compliance section.
Examples
- Show any findings related to this section
vulnerabilities.vulnerability.compliance.section:164.308 - Show any findings that contain parts of section
vulnerabilities.vulnerability.compliance.section:"164.308" - Show any findings that match exact value "164.308"
vulnerabilities.vulnerability.compliance.section:`164.308`
vulnerabilities.vulnerability.compliance.typevulnerabilities.vulnerability.compliance.type
From the drop-down, select the asset.name of a compliance type:
COBIT, HIPAA, GLBA, SOX, PCI
Example
Show findings with the compliance type HIPAA
vulnerabilities.vulnerability.compliance.type:HIPAA
Show findings with the compliance type SOX
vulnerabilities.vulnerability.compliance.type:SOX
Show findings with the compliance type COBIT
vulnerabilities.vulnerability.compliance.type:COBIT
vulnerabilities.vulnerability.impactvulnerabilities.vulnerability.impact
Use quotes or backtick within values to find the impact.
Examples
- Show any findings related to impact
vulnerabilities.vulnerability.impact:sensitive information - Show any findings that contain "identity" or "theft" in consequence
vulnerabilities.vulnerability.impact:"identity theft" - Show any findings that match exact value "financial loss"
vulnerabilities.vulnerability.impact:`financial loss`
vulnerabilities.vulnerability.cveIdvulnerabilities.vulnerability.cveId
Use a text value to find the CVE name.
Example
Show findings with CVE asset.name CVE-2015-0313
vulnerabilities.vulnerability.cveId:CVE-2015-0313
Note: The CVE in the query is case sensitive and must be used in capital case.
vulnerabilities.vulnerability.cvss3BaseScorevulnerabilities.vulnerability.cvss3BaseScore
Use an integer value to find the CVSSv3.1 base score.
Example
Show assets with this score
vulnerabilities.vulnerability.cvss3BaseScore:7.8
vulnerabilities.vulnerability.cvss3TemporalScorevulnerabilities.vulnerability.cvss3TemporalScore
Use an integer value tofind the CVSSv3.1 temporal score.
Example
Show assets with this score
vulnerabilities.vulnerability.cvss3TemporalScore:6.4
vulnerabilities.vulnerability.cvss2AccessVectorvulnerabilities.vulnerability.cvss2AccessVector
Select the asset.name of a CVSS2 access vector, for example, UNDEFINED, LOCAL_ACCESS, ADJACENT_NETWORK, NETWORK. Select from names in the drop-down menu.
Example
Show findings with this asset.name
vulnerabilities.vulnerability.cvss2AccessVector:NETWORK
vulnerabilities.vulnerability.cvss2BaseScorevulnerabilities.vulnerability.cvss2BaseScore
Use an integer value to help you find the CVSS2 base score.
Example
Show assets with this score
vulnerabilities.vulnerability.cvss2BaseScore:7.8
vulnerabilities.vulnerability.cvss2TemporalScorevulnerabilities.vulnerability.cvss2TemporalScore
Use an integer value to help you find the CVSS2 temporal score.
Example
Show assets with this score
vulnerabilities.vulnerability.cvss2TemporalScore:6.4
vulnerabilities.vulnerability.discoveryTypevulnerabilities.vulnerability.discoveryType
Select a discovery type (Remote or Authenticated) to find assets with vulnerabilities having this discovery type. Select from names in the drop-down menu.
Example
Show findings with Remote discovery type
vulnerabilities.vulnerability.discoveryType:REMOTE
vulnerabilities.vulnerability.flagvulnerabilities.vulnerability.flag
Use a text value to find the Qualys defined vulnerability property, for example, REMOTE, WINDOWS_AUTH, UNIX_AUTH, PCI_RELATED etc.
Example
Show findings with this flag
vulnerabilities.vulnerability.flag:PCI_RELATED
Use the text value within quotes or backticks for the tactics id that represents the why of the ATT&CK technique or sub-technique.
Example
Show findings with the Tactic ID TA0007
vulnerabilities.vulnerability.mitre.attack.tactic.id:`TA0007`
Use the text value within quotes or backticks to view for the tactics asset.name that represents it's respective tactic id.
Example
Show findings with the tactic asset.name inital-access
vulnerabilities.vulnerability.mitre.attack.tactic.name:`inital-access`
Use the text value within quotes or backticks for the technique id that represents how a tactical goal can be achieved.
Example
Show findings with the Technique ID T1562.010
vulnerabilities.vulnerability.mitre.attack.technique.id:"T1562.010"
Use the text value within quotes or backticks to view for the technique asset.name that represents it's respective technique id.
Example
Show findings with the tactic asset.name Downgrade Attack
vulnerabilities.vulnerability.mitre.attack.technique.name:"Downgrade Attack"
vulnerabilities.vulnerability.isPatchAvailablevulnerabilities.vulnerability.isPatchAvailable
Use the values true |false to define vulnerabilities with patch available.
Examples
Show findings with patch available
vulnerabilities.vulnerability.isPatchAvailable:TRUE
Show findings with no patch available
vulnerabilities.vulnerability.isPatchAvailable:FALSE
vulnerabilities.vulnerability.isRebootRequiredvulnerabilities.vulnerability.isRebootRequired
Use the values true | false to find vulnerabilities that need reboot.
Examples
Show vulnerabilities that need reboot.
vulnerabilities.vulnerability.isRebootRequired: TRUE
vulnerabilities.vulnerability.qidvulnerabilities.vulnerability.qid
Use an integer value to define the QID in question.
Example
Show findings with QID 90405
vulnerabilities.vulnerability.qid: 90405
vulnerabilities.vulnerability.ransomware.namevulnerabilities.vulnerability.ransomware.name
Use quotes or backticks within values to help you find the ransomware asset.name you're looking for. Quotes can be used when the value has more than one word.
Examples
Show findings with this asset.name
vulnerabilities.vulnerability.ransomware.name: Locky
Show findings that match exact value
vulnerabilities.vulnerability.ransomware.name: Locky
vulnerabilities.vulnerability.sans20Categoriesvulnerabilities.vulnerability.sans20Categories
Use a text value to find vulnerabilities in the SANS 20 category, for example, Anti-virus Software, Backup Software, etc.
Example
Show findings with this category asset.name
vulnerabilities.vulnerability.sans20Categories:Media
Players
vulnerabilities.vulnerability.severityvulnerabilities.vulnerability.severity
Use an integer value to view the severity level set by Qualys to find assets having vulnerabilities. The severity level ranges between 1-5. Select from values in the drop-down menu.
Example
Show findings with severity set by Qualys as 5
vulnerabilities.vulnerability.severity:5
For information about customer and Qualys severity, see Customer and Kb Severity Level
vulnerabilities.vulnerability.solutionvulnerabilities.vulnerability.solution
Use quotes or backticks within values to help you find the solution.
Examples
Show any findings related to this solution
vulnerabilities.vulnerability.solution:Bulletin
MS10-006
Show any findings that contain parts of solution
vulnerabilities.vulnerability.solution:"Bulletin
MS10-006"
Show any findings that match exact value "Bulletin MS10-006"
vulnerabilities.vulnerability.solution:`Bulletin
MS10-006`
vulnerabilities.vulnerability.titlevulnerabilities.vulnerability.title
Use quotes or backticks within values to help you find the title.
Examples
Show any findings related to this title
vulnerabilities.vulnerability.title:Remote Code
Execution
Show any findings that contain "Remote" or "Code" in title
vulnerabilities.vulnerability.title:"Remote
Code"
Show any findings that match exact value "Remote Code"
vulnerabilities.vulnerability.title:`Remote Code`
vulnerabilities.vulnerability.vendorRefvulnerabilities.vulnerability.vendorRef
Use a text value to find the vendor reference.
Example
Show this vendor reference
vulnerabilities.vulnerability.vendorRef:KB3021953
vulnerabilities.vulnerability.vendorProductNamevulnerabilities.vulnerability.vendorProductName
Use a text value to find the vendor product name.
Example
Show findings with this vendor product asset.name
vulnerabilities.vulnerability.vendorProductName:Windows
vulnerabilities.vulnerability.vendorNamevulnerabilities.vulnerability.vendorName
Use a text value to find the vendor name.
Example
Show findings with this vendor asset.name
vulnerabilities.vulnerability.vendorName:Adobe
vulnerabilities.nonExploitableServicevulnerabilities.nonExploitableService
`Use the values true | false to define vulnerabilities that exist on non exploitable services.
Examples
Show findings on non-exploitable services
vulnerabilities.nonExploitableService:TRUE
vulnerabilities.vulnerability.patchReleasedDatevulnerabilities.vulnerability.patchReleasedDate
Use a date range or specific date to define when patch was available.
Examples
Show findings last found within certain dates
vulnerabilities.vulnerability.patchReleasedDate:[2018-10-21
... 2019-01-15]
Show findings last found starting 2020-01-01, ending 1 month ago
vulnerabilities.vulnerability.patchReleasedDate:[2020-01-01
... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
vulnerabilities.vulnerability.patchReleasedDate:[now-2w
... now-1s]
Show findings last found on certain date
vulnerabilities.vulnerability.patchReleasedDate:'2020-01-02'
vulnerabilities.timesFoundvulnerabilities.timesFound
Show findings that were detected for the specified number of times.
Examples
Show findings last found 3 times
vulnerabilities.timesFound:3
vulnerabilities.detectionAgevulnerabilities.detectionAge
Select the number of days from the range (00..30, 31..60, 61..90, 91..180,180..+) since the vulnerability was first detected (by a scanner or cloud agent) on the asset till the current date. The age is calculated irrespective of the vulnerability status.
Example
Show findings that were detected in the last 30 days.
vulnerabilities.detectionAge:[00..30]
vulnerabilities.vulnerability.descriptionvulnerabilities.vulnerability.description
Use quotes or backticks within values to help you find the vulnerability description.
Examples
Show any findings related to description
vulnerabilities.vulnerability.description:remote
code execution
Show any findings that contain "remote" or "code" in description
vulnerabilities.vulnerability.description:"remote
code execution"
Show any findings that match exact value "remote code execution"
vulnerabilities.vulnerability.description:`remote
code execution`
vulnerabilities.vulnerability.listvulnerabilities.vulnerability.list
Use a text value to find the vulnerability list of interest, for example, SANS_20, QUALYS_20, QUALYS_INT_10, QUALYS_EXT_10).
Example
Show findings with vulnerabilities in SANS Top 20
vulnerabilities.vulnerability.list:SANS_20
vulnerabilities.vulnerability.publishedDatevulnerabilities.vulnerability.publishedDate
Use a date range or specific date to define when vulnerabilities were first published in the KnowledgeBase.
Examples
Show findings for vulnerabilities published within certain dates
vulnerabilities.vulnerability.publishedDate:[2015-10-21
... 2016-01-15]
Show findings for vulnerabilities published starting 2017-01-01, ending 1 month ago
vulnerabilities.vulnerability.publishedDate:[2017-01-01
... now-1M]
Show findings for vulnerabilities published starting 2 weeks ago, ending 1 second ago
vulnerabilities.vulnerability.publishedDate:[now-2w
... now-1s]
Show findings for vulnerabilities published on certain date
vulnerabilities.vulnerability.publishedDate:'2018-01-15'
vulnerabilities.vulnerability.riskvulnerabilities.vulnerability.risk
Use an integer value to define the vulnerability risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.
Example
Show findings with risk 50
vulnerabilities.vulnerability.risk:50
vulnerabilities.vulnerability.criticalityvulnerabilities.vulnerability.criticality
Select a criticality (e.g. "CRITICAL","HIGH","MEDIUM","LOW","NONE") to find assets with vulnerabilities of this type. Select from names in the drop-down menu.
If a QID does not have a CVSSv3 Base score, the CVSSv2 Base score takes the priority.
The following list of criticality defines the CVSS Score from 0.0 to 10.0:
- None: 0.0
- Low: 0.1-3.9
- Medium: 4.0-6.9
- High: 7.0-8.9
- Critical: 9.0-10.0
Examples
Show vulnerabilities with HIGH criticality
vulnerabilities.vulnerability.criticality: "HIGH"
vulnerabilities.vulnerability.updatedDatevulnerabilities.vulnerability.updatedDate
Use a date range or specific date to define when vulnerabilities were asset.lastUpdatedDate in the KnowledgeBase.
Examples
Show vulnerabilities asset.lastUpdatedDate within certain dates
vulnerabilities.vulnerability.updatedDate:[2017-10-21
... 2017-10-30]
Show vulnerabilities asset.lastUpdatedDate starting 2017-11-01, ending 1 month ago
vulnerabilities.vulnerability.updatedDate:[2017-11-01
... now-1M]
Show vulnerabilities asset.lastUpdatedDate stating 2 weeks ago, ending 1 second ago
vulnerabilities.vulnerability.updatedDate:[now-2w
... now-1s]
Show vulnerabilities asset.lastUpdatedDate on certain date
vulnerabilities.vulnerability.updatedDate:'2018-03-08'
vulnerabilities.isQualysPatchablevulnerabilities.isQualysPatchable
Use the values true | false to indicate whether Qualys can patch a detected vulnerability.
Example
Show findings with vulnerabilities that can be patched
vulnerabilities.isQualysPatchable:TRUE
Use the values true | false to define real-time threats due to active attacks.
Examples
Show assets with threats due to active attacks
vulnerabilities.vulnerability.threatIntel.isActiveAttack: true
Show assets that don't have threats due to active attack
vulnerabilities.vulnerability.threatIntel.isActiveAttack: false
Use the values true | false to define real-time threats due to CISA Exploits.
Examples
Show assets with threats due to CISA exploit
vulnerabilities.vulnerability.threatIntel.isCisaKnownExploitedVuln: true
Show assets that don't have threats due to CISA exploit
vulnerabilities.vulnerability.threatIntel.isCisaKnownExploitedVuln: false
Use the values true | false to define real-time threats due to easy exploit.
Examples
Show assets with threats due to easy exploit
vulnerabilities.vulnerability.threatIntel.isEasyExploit: true
Show assets that don't have threats due to easy exploit
vulnerabilities.vulnerability.threatIntel.isEasyExploit: false
Use the values true | false to define real-time threats due to high data loss.
Examples
Show assets with threats due to high data loss
vulnerabilities.vulnerability.threatIntel.isHighDataLoss: true
Show assets that don't have threats due to high data loss
vulnerabilities.vulnerability.threatIntel.isHighDataLoss: false
Use the values true | false to define real-time threats due to high lateral movement.
Examples
Show assets with threats due to high lateral movement
vulnerabilities.vulnerability.threatIntel.isHighLateralMovement: true
Show assets that don't have threats due to high lateral movement
vulnerabilities.vulnerability.threatIntel.isHighLateralMovement: false
Use the values true | false to define real-time threats due to malware.
Examples
Show assets with threats due to malware
vulnerabilities.vulnerability.threatIntel.isMalware: true
Show assets that don't have threats due to malware
vulnerabilities.vulnerability.threatIntel.isMalware: false
Use the values true | false to define real-time threats due to no patch available.
Examples
Show assets with threats due to no patch available
vulnerabilities.vulnerability.threatIntel.hasNoPatch: true
Show assets that don't have threats due to no patch available
vulnerabilities.vulnerability.threatIntel.hasNoPatch: false
Use the values true | false to define real-time threats due to predicted high risk.
Examples
Show assets with predicted high-risk threat
vulnerabilities.vulnerability.threatIntel.isPredictedHighRisk: true
Show assets without predicted high-risk threat
vulnerabilities.vulnerability.threatIntel.isPredictedHighRisk: false
Use the values true | false to define real-time threats due to privilege escalation risk.
Examples
Show assets with privilege escalation threat
vulnerabilities.vulnerability.threatIntel.isPrivilegeEscalation: true
Show assets without privilege escalation threat
vulnerabilities.vulnerability.threatIntel.isPrivilegeEscalation: false
Use the values true | false to define real-time threats due to public exploit.
Examples
Show assets with threats due to public exploit
vulnerabilities.vulnerability.threatIntel.isPublicExploit: true
Show assets that don't have threats due to public exploit
vulnerabilities.vulnerability.threatIntel.isPublicExploit: false
Use the values true | false to define real-time threats due to ransomeware vulnerability.
Examples
Show assets with ransomeware threat
vulnerabilities.vulnerability.threatIntel.isRansomware: true
Show assets not linked to ransomware threat
vulnerabilities.vulnerability.threatIntel.isRansomware: false
Use the values true | false to define real-time threats due to remote code execution risk.
Examples
Show assets with remote code execution threat
vulnerabilities.vulnerability.threatIntel.isRemoteCodeExecution: true
Show assets without remote code execution threat
vulnerabilities.vulnerability.threatIntel.isRemoteCodeExecution: false
Use the values true | false to filter real-time threats due to Solorigate/Sunburst risk.
Examples
Show assets impacted by Solorigate/SUNBURST-related threat
vulnerabilities.vulnerability.threatIntel.isSolorigateSunburst: true
Show assets not impacted by Solorigate/SUNBURST
vulnerabilities.vulnerability.threatIntel.isSolorigateSunburst: false
Use the values true | false to define real-time threats due to unauthenticated exploitation risk.
Examples
Show assets with unauthenticated exploitation vulnerabilities
vulnerabilities.vulnerability.threatIntel.isUnauthenticatedExploitation: true
Show assets requiring authentication to exploit
vulnerabilities.vulnerability.threatIntel.isUnauthenticatedExploitation: false
Use the values true | false to define real-time wormable threats.
Examples
Show assets with wormable vulnerabilities
vulnerabilities.vulnerability.threatIntel.isWormable: true
Show assets without wormable vulnerabilities
vulnerabilities.vulnerability.threatIntel.isWormable: false
Use the values true | false to define real-time threats due to zero day exploit.
Examples
Show assets with threats due to zero day exploit
vulnerabilities.vulnerability.threatIntel.isZeroDay: true
Show assets not affected by zero-day exploit
vulnerabilities.vulnerability.threatIntel.isZeroDay: false
Use the values true | false to define real-time threats due to denial of service.
Examples
Show assets with threats due to denial of service
vulnerabilities.vulnerability.threatIntel.denialOfService: true
Show assets that don't have threats due to denial of service
vulnerabilities.vulnerability.threatIntel.denialOfService: false
vulnerabilities.hostOS vulnerabilities.hostOS
Use quotes or backticks within values to help you find the host operating system.
Examples
Show any findings with this OS name
vulnerabilities.hostOS:Windows 2012
Show any findings that contain components of OS name
vulnerabilities.hostOS:"Windows 2012"
Show any findings that match exact value "Windows 2012"
vulnerabilities.hostOS:`Windows 2012`
vulnerabilities.vulnerability.pci vulnerabilities.vulnerability.pci
Use the values true | false to find vulnerabilities that must be fixed for PCI Compliance (per PCI DSS).
Examples
Show PCI-related vulnerabilities
vulnerabilities.vulnerability.pci: true
Show non-PCI vulnerabilities
vulnerabilities.vulnerability.pci: false
vulnerabilities.vulnerability.supportedBy vulnerabilities.vulnerability.supportedBy
Select a Qualys service (VM, Agent type, etc) to show vulnerabilities that can be detected by this service. Select from names in the drop-down menu.
Examples
Show vulnerabilities supported by Linux Agent
vulnerabilities.vulnerability.supportedBy:CA-Linux Agent
Use the values true | false to define real-time threats due to the exploit kit.
Examples
Show assets with threats due to exploit kit
vulnerabilities.vulnerability.threatIntel.exploitKit: true
Show assets that don't have threats due to exploit kit
vulnerabilities.vulnerability.threatIntel.exploitKit: false
Use quotes or backticks within values to help you find the exploit kit name. Quotes can be used when the value has more than one word.
Examples
Show any findings with this name
vulnerabilities.vulnerability.threatIntel.exploitKitName: Angler
Show any findings that match the exact value
vulnerabilities.vulnerability.threatIntel.exploitKitName: `Angler`
Use quotes or backticks within values to help you find the malware name. Quotes can be used when the value has more than one word.
Examples
Show any findings with this name
vulnerabilities.vulnerability.threatIntel.malwareName: TROJ_PDFKA.DQ
Show any findings that match exact value
vulnerabilities.vulnerability.threatIntel.malwareName: `TROJ_PDFKA.DQ`
Use quotes or backticks within values to help you find the public exploit name of interest. Quotes can be used when the value has more than one word.
Examples
Show any findings with this name
vulnerabilities.vulnerability.threatIntel.publicExploitName: RealVNC NULL Authentication Mode Bypass
Show assets that don't have threats due to public exploit
vulnerabilities.vulnerability.threatIntel.publicExploitName: "RealVNC NULL Authentication Mode Bypass"
Show assets that don't have threats due to public exploit
vulnerabilities.vulnerability.threatIntel.publicExploitName: `RealVNC NULL Authentication Mode Bypass`