1. home icon for breadcrumbs >
  2. Search Tokens >
  3. Advanced Query Tokens

Advanced Query Tokens

You can use the following search tokens to search for information about events on the Advanced Hunting tab:

query.namequery.name

Use a text value to search events by query name.

Example

Show event(s) that have a query name

query.name:BitLockerToGo Execution

query.typequery.type

Use a string value to help you find events by query type (SYSTEM, USER).

Example

Show event(s) with this query type

query.type:SYSTEM

query.categoryquery.category

Use a string value to help you find events by query category.

Example

Show event(s) with this query category:

query.category:Common Hunting

query.useridquery.userid

Use a text value to help you find the unique identifier associated with the user who created or owns the query.

Example

Show event(s) with this query userid:

query.userid:user12345

query.usernamequery.username

Use a text value to help you find the user's name who created or owns the query.

Example

Show event(s) with this query username:

query.username:jdoe

query.isfavoritequery.isfavorite

Use a boolean value to help you find whether a query has been marked as a favorite by the user.

Example

Show event(s) with this query:

query.isfavorite:TRUE

 

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.