Old and New Search Token Mappings
The token standardization for the Qualys Query Language (QQL) search tokens follows a standard naming convention.
The new token format follows the syntax: entity.attribute
For example, in the new token, control.criticality, control is the entity, and criticality is the attribute.
The assets and controls tokens, along with the tokens common to all Qualys applications, are now updated.
- Only the new tokens are displayed in the auto-suggestion in the search bars. However, if you type the old token name manually, the QQL query still works. Old token names' visibility is removed.
- The existing Dashboard widgets and Saved Search Queries will continue to support the old tokens. You can edit search queries and widgets to update the new tokens.
The old and new tokens mapping list is as follows:
| Old Token Name | New Token Name |
| asset.created | asset.createdDate |
| asset.operatingSystem | operatingSystem.name |
| auth.lastComplianceSuccessDate | asset.authLastComplianceSuccessDate |
| auth.status | asset.authStatus |
| auth.type | asset.authType |
| tags.name | asset.tag.name |
| asset.truRiskScore | asset.truRisk |
| asset.hostId | compute.hostId |
| sensor.lastComplianceScanDate | qualys.scan.lastComplianceScanDate |
| Old Token Name | New Token Name |
| criticality |
control.criticality |
| posture.modifiedDate |
posture.updatedDate |
| mitreAttack.mapping |
finding.mitre.attack.mapping |
| mitreAttack.tacticId |
finding.mitre.attack.tactic.id |
| mitreAttack.tacticName |
finding.mitre.attack.tactic.name |
| mitreAttack.techniqueId |
finding.mitre.attack.technique.id |
| mitreAttack.techniqueName |
finding.mitre.attack.technique.name |
| mitreAttack.subTechniqueId |
finding.mitre.attack.subTechnique.id |
| mitreAttack.subTechniqueName |
finding.mitre.attack.subTechnique.name |
Remediation Job TokensRemediation Job Tokens
| Old Token Name | New Token Name |
| job.schedule.frequency |
job.scheduleFrequency |
| job.schedule.type |
job.scheduleType |