Using Vulnerability and Patches Tokens in Combination to Create Linux Job
Use the vulnerability and patch tokens in combination to define criteria to create a QQL-based Linux job. Looking for help with writing your query? click here
Patches Tokens
Use a text value ##### to find patches applied to a certain advisory.
Example
Find patches for RHSA-2015:2241
advisory: "RHSA-2015:2241"
Use a text value ##### to find patches applied to a certain architecture (x86, x64).
Example
Find patches for x64
architecture: x64
Use a text value ##### to find patches of certain category (Security, Software Distribution, Security Tools, Non-security Patches, Custom Actions).
Example
Show patches of category Security
category: `Security`
Use a text value ##### to find patches by certain CVE ID.
Example
Find patches for this CVE ID
cve: CVE-208-0760
Use the values true | false to find patches of type Security.
Example
Show security patches
isSecurity: true
Use a date range or specific date to find when patches were last modified.
Examples
Show patches modified within certain dates
modifiedDate: [2018-02-01 ... 2018-02-12]
Show patches modified starting 2018-02-01, ending 1 month ago
modifiedDate: [2018-02-01 ... now-1M]
Show patches modified starting 2 weeks ago, ending 1 second ago
modifiedDate: [now-2w ... now-1s]
Show patches modified on certain date
modifiedDate:'2018-02-22'
Use a text value ##### to find patches by patch ID.
Example
Find patches with this ID
patchId: 8fc0797d-2c7b-3c08-8e7b-48c30585a702
Use a date range or specific date to find when patches were last published.
Examples
Show patches published within certain dates
publishedDate: [2018-02-01 ... 2018-02-12]
Show patches published starting 2018-02-01, ending 1 month ago
publishedDate: [2018-02-01 ... now-1M]
Show patches published starting 2 weeks ago, ending 1 second ago
publishedDate: [now-2w ... now-1s]
Show patches published on certain date
publishedDate:'2018-02-22'
Use a text value ##### to find patches by certain QID.
Example
Find patches for this QID
qid: 3015321
Use the values true | false to find patches that require reboot.
Example
Show patches where reboot is required
rebootRequired: true
Use a text value ##### to find patches applied to a certain OS.
Example
Find patches for Redhat
supportedOs: Redhat
Use a text value ##### to find patches with certain vendor assigned severity level (Critical, Important, Moderate, Low, None).
Example
Find patches with this vendor assigned severity level
vendorSeverity: Critical
Use values within quotes or backticks to find patches with certain title.
Examples
Find patches related to title
title: Security
Find patches that contain parts of title
title: "Security and Quality Rollup for the .Net Framework"
Find patches that match exact value
title: `Security for the .Net Framework`
Vulnerabilities Tokens
Use these tokens to define search criteria for vulnerabilities. You must have a subscription to VMDR app to use these tokens.
vulnerabilities.firstFoundvulnerabilities.firstFound
Use a date range or specific date to define when findings were first found.
Examples
Show findings first found within certain dates
vulnerabilities.firstFound:[2017-10-21 ... 2017-10-30]
Show findings first found starting 2015-10-01, ending 1 month ago
vulnerabilities.firstFound:[2015-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second ago
vulnerabilities.firstFound:[now-2w ... now-1s]
Show findings first found on certain date
vulnerabilities.firstFound:'2016-11-11'
vulnerabilities.hostAssetNamevulnerabilities.hostAssetName
Use quotes or backticks within values to help you find the host asset name you're looking for.
Examples
Show any findings related to name
vulnerabilities.hostAssetName:QK2K12QP3-65-53
Show any findings that contain parts of name
vulnerabilities.hostAssetName:"QK2K12QP3-65-53"
Show any findings that match exact value "QK2K12QP3-65-53"
vulnerabilities.hostAssetName:`QK2K12QP3-65-53`
vulnerabilities.hostOSvulnerabilities.hostOS
Use quotes or backticks within values to help you find the host operating system you're interested in.
Examples
Show any findings with this OS name
vulnerabilities.hostOS:Windows 2012
Show any findings that contain components of OS name
vulnerabilities.hostOS:"Windows 2012"
Show any findings that match exact value "Windows 2012"
vulnerabilities.hostOS:`Windows 2012`
vulnerabilities.foundvulnerabilities.found
Use the values true | false to define vulnerabilities are detected or not on the assets.
Examples
Show findings with vulnerabilities detected
vulnerabilities.found:TRUE
vulnerabilities.detectionScorevulnerabilities.detectionScore
Use an integer value (0-100) to help you find vulnerabilities based on specific detection score.
Examples
Show vulnerabilities with detection score 80
vulnerabilities.detectionScore:80
Show vulnerabilities with detection score 25
vulnerabilities.detectionScore:25
vulnerabilities.disabledvulnerabilities.disabled
Use the values true | false to define vulnerabilities are disabled or enabled.
Examples
Show findings with vulnerabilities disabled
vulnerabilities.disabled:TRUE
vulnerabilities.lastFixedvulnerabilities.lastFixed
Use a date range or specific date to define when findings were last fixed.
Examples
Show findings last fixed within certain dates
vulnerabilities.lastFixed:[2015-10-21 ... 2016-01-15]
Show findings last fixed starting 2016-01-01, ending 1 month ago
vulnerabilities.lastFixed:[2016-01-01 ... now-1M]
Show findings last fixed starting 2 weeks ago, ending 1 second ago
vulnerabilities.lastFixed:[now-2w ... now-1s]
Show findings last fixed on certain date
vulnerabilities.lastFixed:'2016-01-11'
Show findings last fixed within certain number of days
vulnerabilities.lastFixed: [91..180]
vulnerabilities.lastFoundvulnerabilities.lastFound
Use a date range or specific date to define when findings were last found.
Examples
Show findings last found within certain dates
vulnerabilities.lastFound:[2015-10-21 ... 2016-01-15]
Show findings last found starting 2016-01-01, ending 1 month ago
vulnerabilities.lastFound:[2016-01-01 ... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
vulnerabilities.lastFound:[now-2w ... now-1s]
Show findings last found on certain date
vulnerabilities.lastFound:'2016-01-11'
Show findings last found within certain number of days
vulnerabilities.lastFound: [91..180]
Show findings last found on 2017-01-12 with patch available
vulnerabilities: (lastFound:'2017-01-12' AND vulnerability.patchAvailable:TRUE)
vulnerabilities: (lastFound: AND vulnerability.patchAvailable:TRUE)
vulnerabilities.nonExploitableConfigvulnerabilities.nonExploitableConfig
Use the values true | false to define vulnerabilities with non-exploitable configurations.
Examples
Show findings with non exploitable configurations
vulnerabilities.nonExploitableConfig:TRUE
Show findings with exploitable configurations
vulnerabilities.nonExploitableConfig:FALSE
vulnerabilities.nonRunningKernelvulnerabilities.nonRunningKernel
Use the values true | false to view vulnerabilities found on non-running kernels.
Examples
Show detections found on non-running Kernal
vulnerabilities.nonRunningKernel:TRUE
Show detections found on running Kernal
vulnerabilities.nonRunningKernel:FALSE
vulnerabilities.sslvulnerabilities.ssl
Use the values true | false to define vulnerabilities found on secure socket layer (SSL).
Examples
Show vulnerabilities associated with SSL
vulnerabilities.ssl:TRUE
vulnerabilities.portvulnerabilities.port
Use an integer value ##### to help you find vulnerabilities found on a certain port.
Example
Show vulnerabilities found on this port
vulnerabilities.port:443
vulnerabilities.protocolvulnerabilities.protocol
Use a text value ##### (UDP or TCP) to define the port protocol you're interested in.
Example
Show vulnerabilities found on TCP protocol
vulnerabilities.protocol:TCP
vulnerabilities.ignoredvulnerabilities.ignored
Use an integer value ##### to help you find vulnerabilities that have been marked as ignored.
Example
Show vulnerabilities that are marked as ignored
vulnerabilities.ignored:TRUE
vulnerabilities.instancevulnerabilities.instance
Use an integer value ##### to help you find vulnerabilities found on a certain instance.
Example
Show vulnerabilities found on this instance
vulnerabilities.instance: 354216
vulnerabilities.severityvulnerabilities.severity
Select a severity (1-5) to find assets having vulnerabilities with this severity. Select from values in the drop-down menu.
Example
Show findings with severity 5
vulnerabilities.severity:5
vulnerabilities.statusvulnerabilities.status
Select a status (e.g. Active, Fixed, New, Reopened) to find vulnerabilities with certain status. Select from names in the drop-down menu.
If you select the status as Fixed, the list will only show vulnerabilities that are fixed in the last 365 days.
Example
Show vulnerabilities with New status
vulnerabilities.status:NEW
vulnerabilities.typeDetectedvulnerabilities.typeDetected
Select a detection type (e.g. Confirmed, Potential, Information) to find assets with vulnerabilities of this type. Select from names in the drop-down menu.
Example
Show findings with this type
vulnerabilities.typeDetected:Confirmed
vulnerabilities.vulnerability.authTypesvulnerabilities.vulnerability.authTypes
Select the name (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc) of an authentication type you're interested in. Select from names in the drop-down menu.
Example
Show findings with Windows auth type
vulnerabilities.vulnerability.authTypes:WINDOWS_AUTH
vulnerabilities.vulnerability.bugTraqIdsvulnerabilities.vulnerability.bugTraqIds
Use a text value ##### to find a BugTraq number you're interested in.
Example
Show findings with BugTraq ID 22211
vulnerabilities.vulnerability.bugTraqIds:22211
vulnerabilities.vulnerability.categoryvulnerabilities.vulnerability.category
Select a category (CGI, Database, DNS, BIND, etc) to find vulnerabilities with this category. Select from names in the drop-down menu.
Example
Show findings with category CGI
vulnerabilities.vulnerability.category:CGI
Use quotes or backticks within values to help you find the compliance description you're looking for.
Examples
Show any findings related to this description
vulnerabilities.vulnerability.compliance.description:malicious software
Show any findings that contain "malicious" or "software" in description
vulnerabilities.vulnerability.compliance.description:"malicious software"
Show any findings that match exact value "malicious software"
vulnerabilities.vulnerability.compliance.description:`malicious software`
vulnerabilities.vulnerability.compliance.sectionvulnerabilities.vulnerability.compliance.section
Use quotes or backticks within values to help you find the compliance section you're looking for.
Examples
Show any findings related to this section
vulnerabilities.vulnerability.compliance.section:164.308
Show any findings that contain parts of section
vulnerabilities.vulnerability.compliance.section:"164.308"
Show any findings that match exact value "164.308"
vulnerabilities.vulnerability.compliance.section:`164.308`
vulnerabilities.vulnerability.compliance.typevulnerabilities.vulnerability.compliance.type
Select the name ##### of a compliance type you're interested in (e.g. COBIT, HIPAA, GLBA, SOX). Select from names in the drop-down menu.
Example
Show findings with the compliance type HIPAA
vulnerabilities.vulnerability.compliance.type:HIPAA
vulnerabilities.vulnerability.impactvulnerabilities.vulnerability.impact
Use quotes or backticks within values to help you find the impact you're looking for.
Example
Show any findings related to impact
vulnerabilities.vulnerability.impact:sensitive information
Show any findings that contain "sensitive" or "information" in consequence
vulnerabilities.vulnerability.impact:"sensitive information"
Show any findings that match exact value "sensitive information"
vulnerabilities.vulnerability.impact:'sensitive information'
vulnerabilities.vulnerability.cveIdsvulnerabilities.vulnerability.cveIds
Use a text value ##### to find the CVE name you're interested in.
Example
Show findings with CVE name CVE-2015-0313
vulnerabilities.vulnerability.cveIds:CVE-2015-0313
Use an integer value ##### to help you find the CVSSv3 temporal score you're interested in.
Example
Show assets with this score
vulnerabilities.vulnerability.cvss3_1Info.temporalScore:6.4
Use an integer value ##### to help you find the CVSSv3 base score you're interested in.
Example
Show assets with this score
vulnerabilities.vulnerability.cvss3_1Info.baseScore:7.8
Select the name ##### of a CVSS2 access vector you'd like to find (e.g. UNDEFINED, LOCAL_ACCESS, ADJACENT_NETWORK, NETWORK). Select from names in the drop-down menu.
Example
Show findings with this name
vulnerabilities.vulnerability.cvss2Info.accessVector:NETWORK
vulnerabilities.vulnerability.cvss2Info.baseScorevulnerabilities.vulnerability.cvss2Info.baseScore
Use an integer value ##### to help you find the CVSS2 base score you're interested in.
Example
Show assets with this score
vulnerabilities.vulnerability.cvss2Info.baseScore:7.8
Use an integer value ##### to help you find the CVSS2 temporal score you're interested in.
Example
Show assets with this score
vulnerabilities.vulnerability.cvss2Info.temporalScore:6.4
vulnerabilities.vulnerability.discoveryTypesvulnerabilities.vulnerability.discoveryTypes
Select a discovery type (Remote or Authenticated) to find assets with vulnerabilities having this discovery type. Select from names in the drop-down menu.
Example
Show findings with Remote discovery type
vulnerabilities.vulnerability.discoveryTypes:REMOTE
vulnerabilities.vulnerability.flagsvulnerabilities.vulnerability.flags
Use a text value ##### to find the Qualys defined vulnerability property of interest (e.g. REMOTE, WINDOWS_AUTH, UNIX_AUTH, PCI_RELATED etc).
Example
Show findings with this flag
vulnerabilities.vulnerability.flags:PCI_RELATED
vulnerabilities.vulnerability.osvulnerabilities.vulnerability.os
Use quotes or backticks within values to help you find the operating system vulnerabilities were detected on.
Examples
Show any findings related to this OS value
vulnerabilities.vulnerability.os:windows
Show any findings that contain parts of OS value
vulnerabilities.vulnerability.os:"windows"
Show any findings that match exact value "windows"
vulnerabilities.vulnerability.os:`windows`
vulnerabilities.vulnerability.patchAvailablevulnerabilities.vulnerability.patchAvailable
Use the values true | false to define vulnerabilities with patch available.
Examples
Show findings with patch available
vulnerabilities.vulnerability.patchAvailable:TRUE
Show findings with no patch available
vulnerabilities.vulnerability.patchAvailable:FALSE
vulnerabilities.vulnerability.pcivulnerabilities.vulnerability.pci
Use the values true | false to find vulnerabilities that must be fixed for PCI Compliance (per PCI DSS).
Examples
Show PCI vulnerabilities
vulnerabilities.vulnerability.pci:TRUE
Do not show PCI vulnerabilities
vulnerabilities.vulnerability.pci:FALSE
vulnerabilities.vulnerability.rebootRequiredvulnerabilities.vulnerability.rebootRequired
Use the values true | false to find vulnerabilities that need reboot.
Examples
Show vulnerabilities that need reboot.
vulnerabilities.vulnerability.rebootRequired: TRUE
vulnerabilities.vulnerability.qidvulnerabilities.vulnerability.qid
Use an integer value ##### to define the QID in question.
Example
Show findings with QID 90405
vulnerabilities.vulnerability.qid: 90405
vulnerabilities.vulnerability.sans20Categoriesvulnerabilities.vulnerability.sans20Categories
Use a text value ##### to find vulnerabilities in the SANS 20 category you're interested in (e.g. Anti-virus Software, Backup Software, etc).
Example
Show findings with this category name
vulnerabilities.vulnerability.sans20Categories:Media Players
vulnerabilities.vulnerability.solutionvulnerabilities.vulnerability.solution
Use quotes or backticks within values to help you find the solution you're looking for.
Examples
Show any findings related to this solution
vulnerabilities.vulnerability.solution:Bulletin MS10-006
Show any findings that contain parts of solution
vulnerabilities.vulnerability.solution:"Bulletin MS10-006"
Show any findings that match exact value "Bulletin MS10-006"
vulnerabilities.vulnerability.solution:`Bulletin MS10-006`
vulnerabilities.vulnerability.supportedByvulnerabilities.vulnerability.supportedBy
Select a Qualys service (VM, Agent type, etc) to show vulnerabilities that can be detected by this service. Select from names in the drop-down menu.
Example
Show vulnerabilities supported by Linux Agent
vulnerabilities.vulnerability.supportedBy:LINUX_AGENT
vulnerabilities.vulnerability.titlevulnerabilities.vulnerability.title
Use quotes or backticks within values to help you find the title you're looking for.
Examples
Show any findings related to this title
vulnerabilities.vulnerability.title:Remote Code Execution
Show any findings that contain "Remote" or "Code" in title
vulnerabilities.vulnerability.title:"Remote Code"
Show any findings that match exact value "Remote Code"
vulnerabilities.vulnerability.title:`Remote Code`
vulnerabilities.vulnerability.vendorRefsvulnerabilities.vulnerability.vendorRefs
Use a text value ##### to find the vendor reference you're interested in.
Example
Show this vendor reference
vulnerabilities.vulnerability.vendorRefs:KB3021953
vulnerabilities.vulnerability.vendors.productNamevulnerabilities.vulnerability.vendors.productName
Use a text value ##### to find the vendor product name you're interested in.
Example
Show findings with this vendor product name
vulnerabilities.vulnerability.vendors.productName:Windows
vulnerabilities.vulnerability.vendors.vendorNamevulnerabilities.vulnerability.vendors.vendorName
Use a text value ##### to find the vendor name you're interested in.
Example
Show findings with this vendor name
vulnerabilities.vulnerability.vendors.vendorName:Adobe
vulnerabilities.nonExploitableKernelvulnerabilities.nonExploitableKernel
Use the values true | false to define vulnerabilities that exist on non exploitable kernels.
Examples
Show findings on non-exploitable kernels
vulnerabilities.nonExploitableKernel:TRUE
vulnerabilities.nonExploitableServicevulnerabilities.nonExploitableService
`Use the values true | false to define vulnerabilities that exist on non exploitable services.
Examples
Show findings on non-exploitable services
vulnerabilities.nonExploitableService:TRUE
vulnerabilities.vulnerability.patchReleasedvulnerabilities.vulnerability.patchReleased
Use a date range or specific date to define when patch was available.
Examples
Show findings last found within certain dates
vulnerabilities.vulnerability.patchReleased:[2018-10-21 ... 2019-01-15]
Show findings last found starting 2020-01-01, ending 1 month ago
vulnerabilities.vulnerability.patchReleased:[2020-01-01 ... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
vulnerabilities.vulnerability.patchReleased:[now-2w ... now-1s]
Show findings last found on certain date
vulnerabilities.vulnerability.patchReleased:'2020-01-02'
vulnerabilities.timesFoundvulnerabilities.timesFound
Show findings that were detected for the specified number of times.
Examples
Show findings last found 3 times
vulnerabilities.timesFound:3
vulnerabilities.vulnerability.kbAgevulnerabilities.vulnerability.kbAge
Select the number of days from the range (00..30, 31..60, 61..90, 91..180,180..+) since the vulnerability was disclosed. Select the number of days from the drop-down menu.
Example
Show findings that were disclosed in the last 30 days
vulnerabilities.vulnerability.kbAge:[00..30]
vulnerabilities.detectionAgevulnerabilities.detectionAge
Select the number of days from the range (00..30, 31..60, 61..90, 91..180,180..+) since the vulnerability was first detected (by a scanner or cloud agent) on the asset. Select the number of days from the drop-down menu.
Example
Show findings that were detected in the last 30 days.
vulnerabilities.detectionAge:[00..30]
vulnerabilities.vulnerability.descriptionvulnerabilities.vulnerability.description
Use quotes or backticks within values to help you find the vulnerability description you're looking for.
Examples
Show any findings related to description
vulnerabilities.vulnerability.description:remote code execution
Show any findings that contain "remote" or "code" in description
vulnerabilities.vulnerability.description:"remote code execution"
Show any findings that match exact value "remote code execution"
vulnerabilities.vulnerability.description:`remote code execution`
vulnerabilities.vulnerability.listsvulnerabilities.vulnerability.lists
Use a text value ##### to find the vulnerability list of interest (e.g. SANS_20, QUALYS_20, QUALYS_INT_10, QUALYS_EXT_10).
Example
Show findings with vulnerabilities in SANS Top 20
vulnerabilities.vulnerability.lists:SANS_20
vulnerabilities.vulnerability.publishedvulnerabilities.vulnerability.published
Use a date range or specific date to define when vulnerabilities were first published in the KnowledgeBase.
Examples
Show findings for vulnerabilities published within certain dates
vulnerabilities.vulnerability.published:[2015-10-21 ... 2016-01-15]
Show findings for vulnerabilities published starting 2017-01-01, ending 1 month ago
vulnerabilities.vulnerability.published:[2017-01-01 ... now-1M]
Show findings for vulnerabilities published starting 2 weeks ago, ending 1 second ago
vulnerabilities.vulnerability.published:[now-2w ... now-1s]
Show findings for vulnerabilities published on certain date
vulnerabilities.vulnerability.published:'2018-01-15'
vulnerabilities.vulnerability.ransomware.namevulnerabilities.vulnerability.ransomware.name
Use quotes or backticks within values to help you find the ransomware name you're looking for. Quotes can be used when the value has more than one word.
Example
Show findings with this name
vulnerabilities.vulnerability.ransomware.name: Locky
Show findings that match exact value
vulnerabilities.vulnerability.ransomware.name: Locky
vulnerabilities.vulnerability.riskvulnerabilities.vulnerability.risk
Use an integer value ##### to define the vulnerability risk rating you're interested in. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.
Example
Show findings with risk 50
vulnerabilities.vulnerability.risk:50
vulnerabilities.vulnerability.qualysPatchablevulnerabilities.vulnerability.qualysPatchable
Use the valuesvulnerabilities true | false to define that can be patched at Qualys.
Examples
Show vulnerabilities with patch available at Qualys
vulnerabilities.vulnerability.qualysPatchable: "true"
Show vulnerabilities with patch not available at Qualys
vulnerabilities.vulnerability.qualysPatchable: "false"
vulnerabilities.vulnerability.criticalityvulnerabilities.vulnerability.criticality
Select a criticality (e.g. "CRITICAL","HIGH","MEDIUM","LOW","NONE") to find assets with vulnerabilities of this type. Select from names in the drop-down menu.
Examples
Show vulnerabilities with HIGH criticality
vulnerabilities.vulnerability.criticality: "HIGH"
vulnerabilities.vulnerability.updatedvulnerabilities.vulnerability.updated
Use a date range or specific date to define when vulnerabilities were updated in the KnowledgeBase.
Examples
Show vulnerabilities updated within certain dates
vulnerabilities.vulnerability.updated:[2017-10-21 ... 2017-10-30]
Show vulnerabilities updated starting 2017-11-01, ending 1 month ago
vulnerabilities.vulnerability.updated:[2017-11-01 ... now-1M]
Show vulnerabilities updated stating 2 weeks ago, ending 1 second ago
vulnerabilities.vulnerability.updated:[now-2w ... now-1s]
Show vulnerabilities updated on certain date
vulnerabilities.vulnerability.updated:'2018-03-08'
Use the text value within quotes or backticks for the tactics id that represents the why of the ATT&CK technique or sub-technique.
Example
Show findings with the Tactic ID TA0007
vulnerabilities.vulnerability.mitre.attack.tactic.id:`TA0007`
Use the text value within quotes or backticks to view for the tactics name that represents it's respective tactic id.
Example
Show findings with the tactic name inital-access
vulnerabilities.vulnerability.mitre.attack.tactic.name:`inital-access`
Use the text value within quotes or backticks for the technique id that represents how a tactical goal can be achieved.
Example
Show findings with the Technique ID T1562.010
vulnerabilities.vulnerability.mitre.attack.technique.id:"T1562.010"
Use the text value within quotes or backticks to view for the technique name that represents it's respective technique id.
Example
Show findings with the tactic name Downgrade Attack
vulnerabilities.vulnerability.mitre.attack.technique.name:"Downgrade Attack"
Type your dropdown text here
Type your dropdown text here
Type your dropdown text here
Type your dropdown text here
Type your dropdown text here
Type your dropdown text here
Type your dropdown text here
Type your dropdown text here
Type your dropdown text here
RTIs
Use these tokens for searching Real-Time Threat Indicator (RTI) related vulnerabilities. You must have a subscription to the Threat Protection app to use these tokens.
Use the values true | false to define real-time threats due to active attacks.
Examples
Show assets with threats due to active attacks
vulnerabilities.vulnerability.threatIntel.activeAttacks:
true
Show assets that don't have threats due to active attacks
vulnerabilities.vulnerability.threatIntel.activeAttacks:
false
Use the values true | false to define real-time threats due to CISA Exploits.
Examples
Show assets with threats due to CISA exploit
vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns:
true
Show assets that don't have threats due to CISA exploit
vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns:
false
Use the values true | false to define real-time threats due to denial of service.
Examples
Show assets with threats due to denial of service
vulnerabilities.vulnerability.threatIntel.denialOfService:
true
Show assets that don't have threats due to denial of service
vulnerabilities.vulnerability.threatIntel.denialOfService:
false
Use the values true | false to define real-time threats due to easy exploit.
Examples
Show assets with threats due to easy exploit
vulnerabilities.vulnerability.threatIntel.easyExploit:
true
Show assets that don't have threats due to easy exploit
vulnerabilities.vulnerability.threatIntel.easyExploit:
false
Use the values true | false to define real-time threats due to exploit kit.
Examples
Show assets with threats due to exploit kit
vulnerabilities.vulnerability.threatIntel.exploitKit:
true
Show assets that don't have threats due to exploit kit
vulnerabilities.vulnerability.threatIntel.exploitKit:
false
Use quotes or backticks within values to help you find the exploit kit name you're looking for. Quotes can be used when the value has more than one word.
Examples
Show any findings with this name
vulnerabilities.vulnerability.threatIntel.exploitKitName:
Angler
Show any findings that match exact value
vulnerabilities.vulnerability.threatIntel.exploitKitName:
`Angler`
Use the values true | false to define real-time threats due to high data loss.
Examples
Show assets with threats due to high data loss
vulnerabilities.vulnerability.threatIntel.highDataLoss:
true
Show assets that don't have threats due to high data loss
vulnerabilities.vulnerability.threatIntel.highDataLoss:
false
Use the values true | false to define real-time threats due to high lateral movement.
Examples
Show assets with threats due to high lateral movement
vulnerabilities.vulnerability.threatIntel.highLateralMovement:
true
Show assets that don't have threats due to high lateral movement
vulnerabilities.vulnerability.threatIntel.highLateralMovement:
false
vulnerabilities.vulnerability.threatIntel.malwarevulnerabilities.vulnerability.threatIntel.malware
Use the values true | false to define real-time threats due to malware.
Examples
Show assets with threats due to malware
vulnerabilities.vulnerability.threatIntel.malware: true
Show assets that don't have threats due to malware
vulnerabilities.vulnerability.threatIntel.malware: false
Use quotes or backticks within values to help you find the malware name you're looking for. Quotes can be used when the value has more than one word.
Examples
Show any findings with this name
vulnerabilities.vulnerability.threatIntel.malwareName:
TROJ_PDFKA.DQ
Show any findings that match exact value
vulnerabilities.vulnerability.threatIntel.malwareName:
`TROJ_PDFKA.DQ`
vulnerabilities.vulnerability.threatIntel.noPatchvulnerabilities.vulnerability.threatIntel.noPatch
Use the values true | false to define real-time threats due to no patch available.
Examples
Show assets with threats due to no patch available
vulnerabilities.vulnerability.threatIntel.noPatch: true
Show assets that don't have threats due to no patch available
vulnerabilities.vulnerability.threatIntel.noPatch: false
Use the values true | false to define real-time threats due to public exploit.
Example
Show assets with threats due to public exploit
vulnerabilities.vulnerability.threatIntel.publicExploit:
true
Show assets that don't have threats due to public exploit
vulnerabilities.vulnerability.threatIntel.publicExploit:
false
Use quotes or backticks within values to help you find the public exploit name of interest. Quotes can be used when the value has more than one word.
Examples
Show any findings with this name
vulnerabilities.vulnerability.threatIntel.publicExploitName:
RealVNC NULL Authentication Mode Bypass
Show any findings that contain parts of name
vulnerabilities.vulnerability.threatIntel.publicExploitName:
"RealVNC NULL Authentication Mode Bypass"
Show any findings that match exact value
vulnerabilities.vulnerability.threatIntel.publicExploitName:
`RealVNC NULL Authentication Mode Bypass`
vulnerabilities.vulnerability.threatIntel.zeroDayvulnerabilities.vulnerability.threatIntel.zeroDay
Use the values true | false to define real-time threats due to zero day exploit.
Examples
Show assets with threats due to zero day exploit
vulnerabilities.vulnerability.threatIntel.zeroDay: true
Show assets that don't have threats due to zero day exploit
vulnerabilities.vulnerability.threatIntel.zeroDay: false
vulnerabilities.vulnerability.threatIntel.wormablevulnerabilities.vulnerability.threatIntel.wormable
Use the values true | false to define real-time wormable threats.
Examples
Show assets with wormable threats
vulnerabilities.vulnerability.threatIntel.wormable: "true"
Use the values true | false to define real-time threats due to predicted high risk.
Examples
Show assets with predicted high risk threat
vulnerabilities.vulnerability.threatIntel.predictedHighRisk:
"true"
Use the values true | false to define real-time threats due to unauthenticated exploitation risk.
Examples
Show assets with unauthenticated exploitation threat
vulnerabilities.vulnerability.threatIntel.unauthenticatedExploitation:
"true"
Use the values true | false to define real-time threats due to remote code execution risk.
Examples
Show assets with remote code execution threat
vulnerabilities.vulnerability.threatIntel.remoteCodeExecution:
"true"
Use the values true | false to define real-time threats due to ransomeware vulnerability.
Examples
Show assets with ransomeware threat
vulnerabilities.vulnerability.threatIntel.ransomware:
"true"
Use the values true | false to define real-time threats due to privilege escalation risk.
Examples
Show assets with privilege escalation threat
vulnerabilities.vulnerability.threatIntel.privilegeEscalation:
"true"
Use the values true | false to filter real-time threats due to Solorigate/Sunburst risk.
Examples
Show assets with Solorigate/Sunburst threat
vulnerabilities.vulnerability.threatIntel.solorigateSunburst:
"true"