Token Support for Reports APIs

Refer to the table below for details about the tokens supported in the Reports APIs.

Token/Description Example

Token/Description	Example
finding.cveId Use a text value to search for findings based on the CVE ID of the vulnerability.	`finding.cveId: CVE-2020-27814`
finding.cvss2Base Provide a numeric value (0.0 to 10.0) to find vulnerabilities with a specific CVSS 2.0 Base score.	`finding.cvss2Base: 7.5`
finding.cvss2Temporal Provide a numeric value (0.0 to 10.0) to find vulnerabilities with a specific CVSS 2.0 Temporal score.	`finding.cvss2Temporal: 6.5`
finding.cvss3Base Provide a numeric value (0.0 to 10.0) to find vulnerabilities with a specific CVSS 3.0 Base score.	`finding.cvss3Base: 9.1`
finding.cvss3Temporal Provide a numeric value (0.0 to 10.0) to find vulnerabilities with a specific CVSS 3.0 Temporal score.	`finding.cvss3Temporal:8.3`
finding.description Use quotes or backticks within values to help you find the finding with a matching description. After the colon, enter the description.	`finding.description: "Remote Code"`
finding.detectionAge Select the number of days from the range (00..30, 31..60, 61..90, 91..180,180..+) since the vulnerability was first detected (by a scanner or cloud agent) on the asset till the current date. The age is calculated irrespective of the vulnerability status.	`finding.detectionAge: [00..30]`
finding.disabled Select (True or False) to find vulnerabilities that are disabled or enabled in the vendor system.	`finding.disabled: true`
finding.epssScore Use an integer value to help you search findings based on an EPSS score.	`finding.epssScore: 0.7088`
finding.firstFound Use the date range or specific date to define when findings were first found.	`finding.firstFound:[2015-10-21 .. 2016-01-15]` `finding.firstFound:[2016-01-01 .. now-1M]`
finding.id Use an integer value to help you search findings based on a rule ID.	`finding.id: 7088`
finding.ignored Select (True or False) to find vulnerabilities that are marked as ignored or not ignored.	`finding.ignored: false`
finding.ingestedOn Use the token to search for the findings based on the timestamp indicating when the finding was ingested into the system.	`finding.ingestedOn> 1735061707155`
finding.lastFixed Use a date range or specific date to define when findings were last fixed.	`finding.lastFixed:[2015-10-21..2016-01-15]` `finding.lastFixed:[2016-01-01..now-1M]`
finding.lastFound Use the date range or specific date to define when findings were last found.	`finding.lastFound:[2015-10-21..2016-01-15]` `finding.lastFound:[2016-01-01..now-1M]`
finding.lastUpdated Use the token to search for the findings based on the timestamp indicating when the finding is last updated in the system. Note: The timestamp was in Epoch format.	`finding.lastUpdated> 1735061707155`
finding.port Use an integer value to help search findings discovered on a specific port.	`finding.port: 443`
finding.protocol Use a text value (UDP or TCP) to define the port protocol.	`finding.protocol: TCP`
finding.qds Use an integer value (0-100) to help you find vulnerabilities based on a specific detection score. After the colon, enter the value	`finding.qds: 80` `finding.qds > 80`
finding.reopened Use the date range or specific date to define when findings were reopened	`finding.reopened:[2015-10-21..2016-01-15]` `finding.reopened:[2016-01-01..now-1M]`
finding.riskFactor.cisaKnownExploits Select (True, False) to find vulnerabilities that are or are not listed in CISA's Known Exploited Vulnerabilities Catalog.	`finding.riskFactor.cisaKnownExploits: true`
finding.riskFactor.exploitCodeMaturity Select from the drop-down menu (poc, weaponized) to find vulnerabilities based on the maturity level of their exploit code.	`finding.riskFactor.exploitCodeMaturity: poc`
finding.riskFactor.malwareName Provide a string value to find vulnerabilities associated with a specific malware.	`finding.riskFactor.malwareName: WannaCry`
finding.riskFactor.rti Use the token value from drop down menu to find vulnerabilities based on the Real-time Threat Indicators. Available tokens are Exploit_Public, Active_Attacks, Easy_Exploit, Remote_Code_Execution, Privilege_Escalation, or Predicted_High_Risk.	`finding.riskFactor.rti: Easy_Exploit`
finding.riskFactor.threatActorName Provide a string value to find vulnerabilities associated with a specific threat actor or group.	`finding.riskFactor.threatActorName: APT29`
finding.severity Use an integer value to view the severity level set by Qualys to search findings. The severity level ranges between 1-5. Select from values in the drop-down menu.	`finding.severity: 3`
finding.sourceId Use a text value to search for findings based on the ID used by the source vendor.	`finding.sourceId: 500034`
finding.status Select a status (for example, Active, Fixed, New, or Reopened) to search findings with certain statuses. Select from names in the drop-down menu. If you select the status as Fixed, the list will only show vulnerabilities that have been fixed in the last 365 days.	`finding.status: Fixed`
finding.subType Use sub type as token to search findings.	`finding.SubType: EOL/EOS`
finding.title Use quotes or backticks within values to help you find the title. After the colon, enter the title.	`finding.title: 'Remote Code Execution` `finding.title: "Remote Code"`
finding.type Select a finding type (Vulnerability, Misconfiguration, Malware, Compliance) to search findings of this type. Select from names in the drop-down menu.	`finding. type: Compliance`
finding.typeDetected Select a detection type (Confirmed, Potential, or Information) to search for findings of this type. Select from names in the drop-down menu.	`finding.typeDetected: confirmed`
finding.vendorName Select a detection source (Wiz, Qualys, Microsoft) to search findings from the specified source. Select from names in the drop-down menu.	`finding.vendorName: Qualys`
finding.vendorProductName Select a detection source's product name to search findings with the product name of the detection source. Select from names in the drop-down menu	`finding.vendorProductName: Nessus`
tags.name Use a text value to find assets with the specified tag. After the colon, enter the value.	`tags.name: Oracle-Tags`
finding.customNumber1 Provide a numeric value to search for findings with a specific value or within a range of values.	`finding.customNumber1: 80` Note: To avail this feature, connect to your TAM or Qualys Support.
finding.customNumber2 Provide a numeric value to search for findings with a specific value or within a range of values.	`finding.customNumber2> 100` Note: To avail this feature, connect to your TAM or Qualys Support.
finding.customNumber3 Provide a numeric value to search for findings with a specific value or within a range of values.	`finding.customNumber3> 500` Note: To avail this feature, connect to your TAM or Qualys Support.
finding.customNumber4 Provide a numeric value to search for findings with a specific value or within a range of values.	`finding.customNumber4: 1800` Note: To avail this feature, connect to your TAM or Qualys Support.
finding.customNumber5 Provide a numeric value to search for findings with a specific value or within a range of values.	`finding.customNumber5: 2500` Note: To avail this feature, connect to your TAM or Qualys Support.
asset.name Use quotes or backticks within values to find the asset with specified asset name. After the colon, enter the value.	`asset.name: QK2K12QP3-65-53`
asset.assetID Use an integer value to help you find certain Qualys asset IDs (UUIDs), assigned by an agent or a scanner appliance when Agentless Tracking is used.	`asset.assetID: [3546997..12945655]`
asset.operatingSystem Use quotes or backticks within the values to find assets based on the operating system. After the colon, enter the value.	`asset.operatingSystem: Windows 20212`
asset.truRisk Use an integer value (0-1000) to find assets based on a specific risk score. After the colon, enter the value.	`asset.truRisk: 60`
asset.criticalityScore Use an integer value (1-5) to help you find assets based on specific criticality score. After the colon, enter the value.	`asset.criticalityScore:2`
asset.type Find assets of a certain type (SCANNER and HOST). Select from the asset types in the drop-down menu.	asset.type: `HOST`

finding.cveId

Use a text value to search for findings based on the CVE ID of the vulnerability.

finding.cveId: CVE-2020-27814

finding.cvss2Base

Provide a numeric value (0.0 to 10.0) to find vulnerabilities with a specific CVSS 2.0 Base score.

finding.cvss2Base: 7.5

finding.cvss2Temporal

Provide a numeric value (0.0 to 10.0) to find vulnerabilities with a specific CVSS 2.0 Temporal score.

finding.cvss2Temporal: 6.5

finding.cvss3Base

Provide a numeric value (0.0 to 10.0) to find vulnerabilities with a specific CVSS 3.0 Base score.

finding.cvss3Base: 9.1

finding.cvss3Temporal

Provide a numeric value (0.0 to 10.0) to find vulnerabilities with a specific CVSS 3.0 Temporal score.

finding.cvss3Temporal:8.3

finding.description

Use quotes or backticks within values to help you find the finding with a matching description. After the colon, enter the description.

finding.description: "Remote Code"

finding.detectionAge

Select the number of days from the range (00..30, 31..60, 61..90, 91..180,180..+) since the vulnerability was first detected (by a scanner or cloud agent) on the asset till the current date. The age is calculated irrespective of the vulnerability status.

finding.detectionAge: [00..30]

finding.disabled

Select (True or False) to find vulnerabilities that are disabled or enabled in the vendor system.

finding.disabled: true

finding.epssScore

Use an integer value to help you search findings based on an EPSS score.

finding.epssScore: 0.7088

finding.firstFound

Use the date range or specific date to define when findings were first found.

finding.firstFound:[2015-10-21 .. 2016-01-15]
finding.firstFound:[2016-01-01 .. now-1M]

finding.id

Use an integer value to help you search findings based on a rule ID.

finding.id: 7088

finding.ignored

Select (True or False) to find vulnerabilities that are marked as ignored or not ignored.

finding.ignored: false

finding.ingestedOn

Use the token to search for the findings based on the timestamp indicating when the finding was ingested into the system.

finding.ingestedOn> 1735061707155

finding.lastFixed

Use a date range or specific date to define when findings were last fixed.

finding.lastFixed:[2015-10-21..2016-01-15]
finding.lastFixed:[2016-01-01..now-1M]

finding.lastFound

Use the date range or specific date to define when findings were last found.

finding.lastFound:[2015-10-21..2016-01-15]
finding.lastFound:[2016-01-01..now-1M]

finding.lastUpdated

Use the token to search for the findings based on the timestamp indicating when the finding is last updated in the system. Note: The timestamp was in Epoch format.

finding.lastUpdated> 1735061707155

finding.port

Use an integer value to help search findings discovered on a specific port.

finding.port: 443

finding.protocol

Use a text value (UDP or TCP) to define the port protocol.

finding.protocol: TCP

finding.qds

Use an integer value (0-100) to help you find vulnerabilities based on a specific detection score. After the colon, enter the value

finding.qds: 80
finding.qds > 80

finding.reopened

Use the date range or specific date to define when findings were reopened

finding.reopened:[2015-10-21..2016-01-15]
finding.reopened:[2016-01-01..now-1M]

finding.riskFactor.cisaKnownExploits

Select (True, False) to find vulnerabilities that are or are not listed in CISA's Known Exploited Vulnerabilities Catalog.

finding.riskFactor.cisaKnownExploits: true

finding.riskFactor.exploitCodeMaturity

Select from the drop-down menu (poc, weaponized) to find vulnerabilities based on the maturity level of their exploit code.

finding.riskFactor.exploitCodeMaturity: poc

finding.riskFactor.malwareName

Provide a string value to find vulnerabilities associated with a specific malware.

finding.riskFactor.malwareName: WannaCry

finding.riskFactor.rti

Use the token value from drop down menu to find vulnerabilities based on the Real-time Threat Indicators. Available tokens are Exploit_Public, Active_Attacks, Easy_Exploit, Remote_Code_Execution, Privilege_Escalation, or Predicted_High_Risk.

finding.riskFactor.rti: Easy_Exploit

finding.riskFactor.threatActorName

Provide a string value to find vulnerabilities associated with a specific threat actor or group.

finding.riskFactor.threatActorName: APT29

finding.severity

Use an integer value to view the severity level set by Qualys to search findings. The severity level ranges between 1-5. Select from values in the drop-down menu.

finding.severity: 3

finding.sourceId

Use a text value to search for findings based on the ID used by the source vendor.

finding.sourceId: 500034

finding.status

Select a status (for example, Active, Fixed, New, or Reopened) to search findings with certain statuses. Select from names in the drop-down menu. If you select the status as Fixed, the list will only show vulnerabilities that have been fixed in the last 365 days.

finding.status: Fixed

finding.subType

Use sub type as token to search findings.

finding.SubType: EOL/EOS

finding.title

Use quotes or backticks within values to help you find the title. After the colon, enter the title.

finding.title: 'Remote Code Execution
finding.title: "Remote Code"

finding.type

Select a finding type (Vulnerability, Misconfiguration, Malware, Compliance) to search findings of this type. Select from names in the drop-down menu.

finding. type: Compliance

finding.typeDetected

Select a detection type (Confirmed, Potential, or Information) to search for findings of this type. Select from names in the drop-down menu.

finding.typeDetected: confirmed

finding.vendorName

Select a detection source (Wiz, Qualys, Microsoft) to search findings from the specified source. Select from names in the drop-down menu.

finding.vendorName: Qualys

finding.vendorProductName

Select a detection source's product name to search findings with the product name of the detection source. Select from names in the drop-down menu

finding.vendorProductName: Nessus

tags.name

Use a text value to find assets with the specified tag. After the colon, enter the value.

tags.name: Oracle-Tags

finding.customNumber1

Provide a numeric value to search for findings with a specific value or within a range of values.

finding.customNumber1: 80