Assets fields
Click to view navigation pane

Home

Assets Fields

The fields below are available for searching your assets on the Assets tab. See also Events Fields | Incidents Fields.

Tip - Click a grouping below like Asset Summary, or Show All for all details.

Show All.

Asset SummaryAsset Summary

accounts.username

Show assets with the username you're interested in. [string - exact match]

accounts.username: administrator

activatedForModules

Show assets activated for module name (VM, PC, WAS, WAF, FIM, EDR etc). Select the name from the drop-down menu. [string - selectable field]

activatedForModules: "VM"
activatedForModules: "VM" AND activatedForModules: "EDR"

connectors.connector.name

Show findings detected by the EC2 connector name you're interested in. [string - full text search]

connectors.connector.name: ec2

created

Show assets created within certain date range or on  specific date. [date]

For an asset scanned by a scanner appliance, this is when the asset is first scanned (specifically when scan processing completes). For an agent host, this is when the agent is installed (specifically when it is provisioned, i.e. first connects to the cloud platform).

created: [2015-01-01 .. 2015-06-30]

cpuCount

Show assets that have some number of CPUs. [integer]

cpuCount: 1

lastLoggedOnUser

Show assets last logged into by a certain user. [string - exact match]

lastLoggedOnUser: asmith

name

Show assets with a certain asset name. Use backticks for exact match. [string - full text search]

name: `QW2K12QP3-65-53`

netbiosName

Find the asset with a certain NetBIOS name. [string - exact match]

netbiosName: VISTASP2-24-208

operatingSystem

Find assets with a certain operating system. Use backticks for exact match. [string - full text search]

operatingSystem: "Windows 2012"
operatingSystem: `Windows 7 Ultimate Service Pack 1`

pendingActivationForModules

Show assets with an app that's pending activation (VM, PC, WAS, WAF, FIM, EDR, etc). Select the name from the drop-down menu [string - selectable field]

pendingActivationForModules: "VM"
pendingActivationForModules: "VM" AND pendingActivationForModules: "EDR"

tags.businessImpact

Find assets that have a certain business impact name. Select the name from the drop-down menu. [string - selectable field]

tags.businessImpact: "HIGH"

tags.name

Find assets that have a certain asset tag name. Use backticks for exact match. [string - full text search]

tags.name: `Cloud Agent`

updated

Find assets updated within a date range or on specific date. [date]

For an asset scanned by a scanner appliance, this happens every time the asset is re-scanned (specifically when scan processing completes). For an agent host, this happens every time the agent uploads host data to the cloud platform - inventory data and host metadata.

updated: [2015-11-30 .. now-1s]

Agent SummaryAgent Summary

agentActivations.key

Show agents activated using a certain activation key. [string - exact match]

agentActivations.key: key-value

agentActivations.status

Show assets based on agent status (ACTIVE or INACTIVE). [string - exact match]

agentActivations.status: ACTIVE

agentID

Show the asset with a certain agent ID. [string - exact match]

agentID: f0c8e682-e9cc-4e7d-b92a-0c905d81ec74

agentVersion

Show assets that have agents running a certain agent version. [string - exact match]

agentVersion: 1.1.36.0

configurationProfile

Show assets that have agents using a certain configuration profile name. [string - exact match]

configurationProfile: "HIGH"

lastCheckedIn

Show assets that have agents that last checked in (to the cloud platform) within a certain date range or on specific date. [date]

lastCheckedIn:  [2015-11-30 .. 2015-12-10]

lastFullScan

Show assets with last full scan conducted using Cloud Agent (CA) within a certain date range or on specific date. [date]

lastFullScan:  [now-1M .. now-1s]

lastInventory

Show assets with last inventory scan conducted by agents within a certain date range or on specific date. [date]

lastInventory: [2015-12-01.. now-1s]

Installed SoftwareInstalled Software

sofware.name

Show assets with the certain software name you're interested in. Use backticks for exact match. [string - full text search]

software.name: `VMware Tools`

software.version

Show assets with the software version you're interested in.  [string - exact match]

software.version: 8.6.10

InterfacesInterfaces

interfaces.address

Show the asset with IPv4 or IPv6 address. Use single quote around IPv6 address. [string - exact match]

interfaces.address: 10.10.100.20
interfaces.address: 'fe80:0:0:0:2501:b53c:4139:404b'

interfaces.dnsAddress

Find the asset with the DNS address of interest. [string - exact match]

interfaces.dnsAddress: 10.0.100.11

interfaces.hostname

Show findings with the hostname you're looking for. [string - full text search]

Show any findings related to name
interfaces.hostname: xpsp2-jp-26-111

Show any findings that contain parts of name
interfaces.hostname: "xpsp2-jp-26-111"

Show any findings that match exact value
interfaces.hostname: `xpsp2-jp-26-111`

Show any findings related to name (we'll match super domains)
interfaces.hostname: qcentos71sqp3.rdlab.acme.com

interfaces.gatewayAddress

Find assets with the default gateway address you're looking for. [string - exact match]

interfaces.gatewayAddress: 10.11.65.1

interfaces.interfaceName

Show the asset with the interface name you're looking for. [string - exact match]

interfaces.interfaceName: PRO/1000

interfaces.macAddress

Show the asset with the MAC address you're interested in. [string - exact match]

interfaces.macAddress: 00-50-56-A9-73-5A

Open PortsOpen Ports

openPorts.description

Show findings with the service description detected on an open port. Use backticks for an exact match. [string - full text search]

openPorts.description: `Windows Remote Desktop`

openPorts.detectedService

Show assets with a service name detected on an open port. Use backticks for exact match. [string - full text search]

openPorts.detectedService: `win_remote_desktop`

openPorts.port

Show assets with a certain open port number. [integer]

openPorts.port: 80

openPorts.protocol

Show assets with a certain port protocol (UDP or TCP). [string - exact match]

openPorts.protocol: TCP
openPorts: (port: 80 AND protocol: TCP)

ProcessorsProcessors

processors.description

Show assets with a certain processor description. Use backticks for exact match. [string - full text search]

processors.description: `intel`

processors.speed

Show assets with a certain processor speed. [integer]

processors.speed: 1995

Services - SystemServices - System

services.description

Show assets with a certain service description. Use backticks for exact match. [string - full text search]

services.description: "Windows Event Log"

services.name

Show assets with a service name you're interested in. Use backticks for exact match. [string - full text search]

services.name: eventlog

services.status

Find assets that are running. Use backticks for exact match. [string -  full text search]

services.status: `running`

system.biosDescription

Show assets with a certain BIOS description. Use backticks for exact match. [string - full text search]

system.biosDescription: `Phoenix Technologies`

system.lastBoot

Show assets last booted within a certain date range or on specific date. [date]

system.lastBoot: [now-2M .. now-1M]

system.manufacturer

Show assets with a certain system manufacturer. Use backticks for exact match. [string - full text search]

system.manufacturer: `dell`

system.model

Show assets with a certain system model name. Use backticks for exact match. [string - full text search]

system.model: `optiplex`

system.timezone

Show assets with a certain timezone set. [string - exact match]

system.timezone: "-08:00"

system.totalMemory

Show assets with a certain total system memory. [integer]

system.totalMemory: 1024

VolumesVolumes

volumes.free

Show assets with a certain amount of free space (MB).  [integer]

volumes.free: 448312320

volumes.name

Show assets with a certain volume name. [string - exact match]

volumes.name: /boot

volumes.size

Show assets with a certain size volume (MB). [integer]

volumes.size: 481529856

Vulnerability - BasicsVulnerability - Basics

vulnerabilities.vulnerability.qid

Show findings with a certain vulnerability QID. [integer]

vulnerabilities.vulnerability.qid: 90405

vulnerabilities.vulnerability.category

Show findings with a certain vulnerability category name in the KnowledgeBase (e.g. CGI, Database, DNS and BIND). Select the name from the drop-down menu [string - selectable field]

vulnerabilities.vulnerability.category: "CGI"

vulnerabilities.vulnerability.exploitability

Show assets with vulnerabilities associated with some known exploit description. Use backticks for exact match. [string - full text search]

vulnerabilities.vulnerability.exploitability: `GIF Parser Heap`

vulnerabilities.vulnerability.risk

Show assets with risk rating you're interested in. [integer]

For confirmed and potential vulnerabilities risk is 10 times severity level (e.g. 10, 20, 30, 40, 50). For Information Gathered it is severity level (e.g. 1, 2, 3, 4, 5).

vulnerabilities.vulnerability.risk: 50

vulnerabilities.severity

Show assets with a certain severity level (1-5). [integer]

vulnerabilities.severity: 4

vulnerabilities.vulnerability.title

Show assets with a certain vulnerability title. Use backticks for exact match. [string - full text search]

vulnerabilities.vulnerability.title: `Remote Code Execution Vulnerability`

vulnerabilities.vulnerability.types

Show assets with a certain vulnerability type (e.g. VULNERABILITY, POTENTIAL or INFORMATION). [string - exact match]

vulnerabilities.vulnerability.types: VULNERABILITY

Vulnerability - CVSSVulnerability - CVSS

vulnerabilities.cvssInfo.accessVector

Show findings with the CVSS access vector name you're interested in (e.g. UNDEFINED, LOCAL_ACCESS, ADJACENT_NETWORK, NETWORK). Select the name from the drop-down menu. [string - selectable field]

vulnerabilities.vulnerability.cvssInfo.accessVector: "NETWORK"

vulnerabilities.cvssInfo.baseScore

Show findings with the CVSS base score you're interested in. [integer]

vulnerabilities.vulnerability.cvssInfo.baseScore: 7.8

vulnerabilities.cvssInfo.temporalScore

Show findings with the CVSS temporal score you're interested in. [integer]

vulnerabilities.vulnerability.cvssInfo.temporalScore: 6.4

Vulnerability - DatesVulnerability - Dates

vulnerabilities.firstFound

Show assets with vulnerabilities first found within a certain date range or on specific date. [date]

vulnerabilities.firstFound: [2015-01-01 .. 2015-12-31]

vulnerabilities.lastFound

Show assets with vulnerabilities last found within a certain date range or on specific date. [date]

vulnerabilities.lastFound: [now-10d .. now-5m]

vulnerabilities.vulnerability.published

Show assets with vulnerabilities published (in out KnowledgeBase within a certain date range or on specific date. [date]

vulnerabilities.vulnerability.published: [now-6M .. now-1m]

vulnerabilities.vulnerability.updated

Show assets with vulnerabilities last updated (in our knowledgeBase) within a certain date range or on specific date. [date]

vulnerabilities.vulnerability.updated: [2014-09-30 .. 2015-10-07]

Vulnerability - DescriptionsVulnerability - Descriptions

vulnerabilities.vulnerability.consequence

Show assets with the consequence description you're looking for. Use backticks for exact match. [string - full text search]

vulnerabilities.vulnerability.consequence: "sensitive information"

vulnerabilities.vulnerability.description

Show assets with the vulnerability description you're looking for. Use backticks for exact match.. [string - full text search]

vulnerabilities.vulnerability.description: `remote code execution`

vulnerabilities.vulnerability.solution

Show assets with the vulnerability solution description you're looking for. Use backticks for exact match. [string - full text search]

vulnerabilities.vulnerability.solution: "Security Bulletin MS10-006"

Vulnerability - Detection InfoVulnerability - Detection Info

vulnerabilities.vulnerability.discoveryTypes

Show assets with the vulnerability type you're interested in (e.g. Remote or Authenticated). [string - exact match]

vulnerabilities.vulnerability.discoveryTypes: Remote

vulnerabilities.vulnerability.authTypes

Show assets with the authentication type required to detect the vulnerability by name (e.g. WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc). Select the name from the drop-down menu. [string - selectable field]

vulnerabilities.vulnerability.authTypes: "WINDOWS_AUTH"

vulnerabilities.vulnerability.os

Show assets with vulnerabilities detected on the operating system you're interested in. Use backticks for exact match. [string - full text search]

vulnerabilities.vulnerability.os: windows

Vulnerability - ListsVulnerability - Lists

vulnerabilities.vulnerability.flags

Show assets with the Qualys defined vulnerability property you're interested in. [string - exact match]

Discovery method (type) flag: REMOTE

Authentication type flags: WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, SNMP_AUTH, VMWARE_AUTH, DB2_AUTH, HTTP_BASIC_AUTH, FORM_AUTH

Vulnerability type flags: PCI_RELATED, VULNERABILITY (for potential vulnerability type), DANGEROUS (exploitive type, can take down services, crash systems, etc.), NAC_NAM_RELATED

vulnerabilities.vulnerability.flags: PCI_RELATED

vulnerabilities.vulnerability.lists

Show assets with vulnerabilities in the list you're interested in, such as SANS_20, QUALYS_20, QUALYS_INT_10 (internal vulnerabilities), and QUALYS_EXT_10 (external vulnerabilities). [string - exact match]

vulnerabilities.vulnerability.lists: SANS_20

vulnerabilities.vulnerability.sans20Categories

Show assets with vulnerabilities that belong to one of the SANS top 20 vulnerability category of interest. [string - exact match]

SANS 20 categories are: Anti-virus Software, Backup Software, Database Software, Email Clients, Excessive User Rights and Unauthorized Devices, Instant Messaging, Management Servers, Media Players, Office Software, Peer-to-Peer Programs, Phishing/Spear Phishing, Unencrypted Laptops and Removable Media, Unix and Mac OS Services, VoIP Servers and Phones, Web Applications, Web Browsers, Windows Services

vulnerabilities.vulnerability.sans20Categories: "Media Players"

Vulnerability - PatchesVulnerability - Patches

vulnerabilities.vulnerability.patchAvailable

Show assets with a patch is available (true) or not available (false). [boolean]

vulnerabilities.vulnerability.patchAvailable: true

vulnerabilities.vulnerability.patches

Show assets with a vulnerability that has a certain patch QID available. [integer]

vulnerabilities.vulnerability.patches: 90753

Vulnerability - ReferencesVulnerability - References

vulnerabilities.vulnerability.bugTraqIds

Show assets with vulnerabilities assigned the BugTraq number you're interested in. [string - exact match]

vulnerabilities.vulnerability.bugTraqIds: 22211

vulnerabilities.vulnerability.cveIds

Show assets with vulnerabilities assigned the CVE name you're interested in. [string - exact match]

vulnerabilities.vulnerability.cveIds: CVE-2015-0313

vulnerabilities.vulnerability.vendorRefs

Show assets with vulnerabilities assigned the vendor reference you're interested in. [string - exact match]

vulnerabilities.vulnerability.vendorRefs: KB3021953

Vulnerability - OtherVulnerability - Other

vulnerabilities.vulnerability.compliance.type

Show assets with vulnerabilities associated with the compliance type name you're interested in (e.g.COBIT, HIPAA, GLBA, SOX). Select the name from the drop-down menu. [string - selectable field]

vulnerabilities.vulnerability.compliance.type: "HIPAA"

vulnerabilities.vulnerability.compliance.section

Show assets with vulnerabilities associated with the compliance section you're interested in. Use backticks for exact match. [string - full text search]

vulnerabilities.vulnerability.compliance.section: 164.308

vulnerabilities.vulnerability.compliance.description

Show assets with vulnerabilities associated with the compliance policy or regulation you're interested in.  [string - full text search]

vulnerabilities.vulnerability.compliance.description: "malicious software"