Using Vulnerability and Patches Tokens in Combination to Create Linux Job
Use the vulnerability and patch tokens in combination to define criteria to create a QQL-based Linux job. Looking for help with writing your query? click here
Patches Tokens
Vulnerabilities Tokens
Patches Tokens
advisoryadvisory
Use a text value ##### to find patches applied to a certain advisory.
Example
Find patches for RHSA-2015:2241
advisory: "RHSA-2015:2241"
architecturearchitecture
Use a text value ##### to find patches applied to a certain architecture (x86, x64).
Example
Find patches for x64
architecture: x64
categorycategory
Use a text value ##### to find patches of certain category (Security, Software Distribution, Security Tools, Non-security Patches, Custom Actions).
Example
Show patches of category Security
category: `Security`
cvecve
Use a text value ##### to find patches by certain CVE ID.
Example
Find patches for this CVE ID
cve: CVE-208-0760
isSecurityisSecurity
Use the values true | false to find patches of type Security.
Example
Show security patches
isSecurity: true
modifiedDatemodifiedDate
Use a date range or specific date to find when patches were last modified.
Examples
Show patches modified within certain dates
modifiedDate: [2018-02-01 ... 2018-02-12]
Show patches modified starting 2018-02-01, ending 1 month ago
modifiedDate: [2018-02-01 ... now-1M]
Show patches modified starting 2 weeks ago, ending 1 second ago
modifiedDate: [now-2w ... now-1s]
Show patches modified on certain date
modifiedDate:'2018-02-22'
patchIdpatchId
Use a text value ##### to find patches by patch ID.
Example
Find patches with this ID
patchId: 8fc0797d-2c7b-3c08-8e7b-48c30585a702
publishedDatepublishedDate
Use a date range or specific date to find when patches were last published.
Examples
Show patches published within certain dates
publishedDate: [2018-02-01 ... 2018-02-12]
Show patches published starting 2018-02-01, ending 1 month ago
publishedDate: [2018-02-01 ... now-1M]
Show patches published starting 2 weeks ago, ending 1 second ago
publishedDate: [now-2w ... now-1s]
Show patches published on certain date
publishedDate:'2018-02-22'
qidqid
Use a text value ##### to find patches by certain QID.
Example
Find patches for this QID
qid: 3015321
rebootRequiredrebootRequired
Use the values true | false to find patches that require reboot.
Example
Show patches where reboot is required
rebootRequired: true
supportedOssupportedOs
Use a text value ##### to find patches applied to a certain OS.
Example
Find patches for Redhat
supportedOs: Redhat
vendorSeverityvendorSeverity
Use a text value ##### to find patches with certain vendor assigned severity level (Critical, Important, Moderate, Low, None).
Example
Find patches with this vendor assigned severity level
vendorSeverity: Critical
titletitle
Use values within quotes or backticks to find patches with certain title.
Examples
Find patches related to title
title: Security
Find patches that contain parts of title
title: "Security and Quality Rollup for the .Net Framework"
Find patches that match exact value
title: `Security for the .Net Framework`
Vulnerabilities Tokens
Use these tokens to define search criteria for vulnerabilities. You must have a subscription to VMDR app to use these tokens.
vulnerabilities.firstFoundvulnerabilities.firstFound
Use a date range or specific date to define when findings were first found.
Examples
Show findings first found within certain dates
vulnerabilities.firstFound:[2017-10-21 ... 2017-10-30]
Show findings first found starting 2015-10-01, ending 1 month ago
vulnerabilities.firstFound:[2015-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second ago
vulnerabilities.firstFound:[now-2w ... now-1s]
Show findings first found on certain date
vulnerabilities.firstFound:'2016-11-11'
vulnerabilities.hostAssetNamevulnerabilities.hostAssetName
Use quotes or backticks within values to help you find the host asset name you're looking for.
Examples
Show any findings related to name
vulnerabilities.hostAssetName:QK2K12QP3-65-53
Show any findings that contain parts of name
vulnerabilities.hostAssetName:"QK2K12QP3-65-53"
Show any findings that match exact value "QK2K12QP3-65-53"
vulnerabilities.hostAssetName:`QK2K12QP3-65-53`
vulnerabilities.hostOSvulnerabilities.hostOS
Use quotes or backticks within values to help you find the host operating system you're interested in.
Examples
Show any findings with this OS name
vulnerabilities.hostOS:Windows 2012
Show any findings that contain components of OS name
vulnerabilities.hostOS:"Windows 2012"
Show any findings that match exact value "Windows 2012"
vulnerabilities.hostOS:`Windows 2012`
vulnerabilities.foundvulnerabilities.found
Use the values true | false to define vulnerabilities are detected or not on the assets.
Examples
Show findings with vulnerabilities detected
vulnerabilities.found:TRUE
vulnerabilities.detectionScorevulnerabilities.detectionScore
Use an integer value (0-100) to help you find vulnerabilities based on specific detection score.
Examples
Show vulnerabilities with detection score 80
vulnerabilities.detectionScore:80
Show vulnerabilities with detection score 25
vulnerabilities.detectionScore:25
vulnerabilities.lastFixedvulnerabilities.lastFixed
Use a date range or specific date to define when findings were last fixed.
Examples
Show findings last fixed within certain dates
vulnerabilities.lastFixed:[2015-10-21 ... 2016-01-15]
Show findings last fixed starting 2016-01-01, ending 1 month ago
vulnerabilities.lastFixed:[2016-01-01 ... now-1M]
Show findings last fixed starting 2 weeks ago, ending 1 second ago
vulnerabilities.lastFixed:[now-2w ... now-1s]
Show findings last fixed on certain date
vulnerabilities.lastFixed:'2016-01-11'
Show findings last fixed within certain number of days
vulnerabilities.lastFixed: [91..180]
vulnerabilities.lastFoundvulnerabilities.lastFound
Use a date range or specific date to define when findings were last found.
Examples
Show findings last found within certain dates
vulnerabilities.lastFound:[2015-10-21 ... 2016-01-15]
Show findings last found starting 2016-01-01, ending 1 month ago
vulnerabilities.lastFound:[2016-01-01 ... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
vulnerabilities.lastFound:[now-2w ... now-1s]
Show findings last found on certain date
vulnerabilities.lastFound:'2016-01-11'
Show findings last found within certain number of days
vulnerabilities.lastFound: [91..180]
Show findings last found on 2017-01-12 with patch available
vulnerabilities: (lastFound:'2017-01-12' AND vulnerability.patchAvailable:TRUE)
vulnerabilities: (lastFound: AND vulnerability.patchAvailable:TRUE)
vulnerabilities.sslvulnerabilities.ssl
Use the values true | false to define vulnerabilities found on secure socket layer (SSL).
Examples
Show vulnerabilities associated with SSL
vulnerabilities.ssl:TRUE
vulnerabilities.statusvulnerabilities.status
Select a status (e.g. Active, Fixed, New, Reopened) to find vulnerabilities with certain status. Select from names in the drop-down menu.
If you select the status as Fixed, the list will only show vulnerabilities that are fixed in the last 365 days.
Example
Show vulnerabilities with New status
vulnerabilities.status:NEW
vulnerabilities.typeDetectedvulnerabilities.typeDetected
Select a detection type (e.g. Confirmed, Potential, Information) to find assets with vulnerabilities of this type. Select from names in the drop-down menu.
Example
Show findings with this type
vulnerabilities.typeDetected:Confirmed
vulnerabilities.vulnerability.compliance.descriptionvulnerabilities.vulnerability.compliance.description
Use quotes or backticks within values to help you find the compliance description you're looking for.
Examples
Show any findings related to this description
vulnerabilities.vulnerability.compliance.description:malicious software
Show any findings that contain "malicious" or "software" in description
vulnerabilities.vulnerability.compliance.description:"malicious software"
Show any findings that match exact value "malicious software"
vulnerabilities.vulnerability.compliance.description:`malicious software`
vulnerabilities.vulnerability.compliance.sectionvulnerabilities.vulnerability.compliance.section
Use quotes or backticks within values to help you find the compliance section you're looking for.
Examples
Show any findings related to this section
vulnerabilities.vulnerability.compliance.section:164.308
Show any findings that contain parts of section
vulnerabilities.vulnerability.compliance.section:"164.308"
Show any findings that match exact value "164.308"
vulnerabilities.vulnerability.compliance.section:`164.308`
vulnerabilities.vulnerability.impactvulnerabilities.vulnerability.impact
Use quotes or backticks within values to help you find the impact you're looking for.
Example
Show any findings related to impact
vulnerabilities.vulnerability.impact:sensitive information
Show any findings that contain "sensitive" or "information" in consequence
vulnerabilities.vulnerability.impact:"sensitive information"
Show any findings that match exact value "sensitive information"
vulnerabilities.vulnerability.impact:'sensitive information'
vulnerabilities.vulnerability.osvulnerabilities.vulnerability.os
Use quotes or backticks within values to help you find the operating system vulnerabilities were detected on.
Examples
Show any findings related to this OS value
vulnerabilities.vulnerability.os:windows
Show any findings that contain parts of OS value
vulnerabilities.vulnerability.os:"windows"
Show any findings that match exact value "windows"
vulnerabilities.vulnerability.os:`windows`
vulnerabilities.vulnerability.solutionvulnerabilities.vulnerability.solution
Use quotes or backticks within values to help you find the solution you're looking for.
Examples
Show any findings related to this solution
vulnerabilities.vulnerability.solution:Bulletin MS10-006
Show any findings that contain parts of solution
vulnerabilities.vulnerability.solution:"Bulletin MS10-006"
Show any findings that match exact value "Bulletin MS10-006"
vulnerabilities.vulnerability.solution:`Bulletin MS10-006`
vulnerabilities.vulnerability.titlevulnerabilities.vulnerability.title
Use quotes or backticks within values to help you find the title you're looking for.
Examples
Show any findings related to this title
vulnerabilities.vulnerability.title:Remote Code Execution
Show any findings that contain "Remote" or "Code" in title
vulnerabilities.vulnerability.title:"Remote Code"
Show any findings that match exact value "Remote Code"
vulnerabilities.vulnerability.title:`Remote Code`
vulnerabilities.vulnerability.patchReleasedvulnerabilities.vulnerability.patchReleased
Use a date range or specific date to define when patch was available.
Examples
Show findings last found within certain dates
vulnerabilities.vulnerability.patchReleased:[2018-10-21 ... 2019-01-15]
Show findings last found starting 2020-01-01, ending 1 month ago
vulnerabilities.vulnerability.patchReleased:[2020-01-01 ... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
vulnerabilities.vulnerability.patchReleased:[now-2w ... now-1s]
Show findings last found on certain date
vulnerabilities.vulnerability.patchReleased:'2020-01-02'
vulnerabilities.detectionAgevulnerabilities.detectionAge
Select the number of days from the range (00..30, 31..60, 61..90, 91..180,180..+) since the vulnerability was first detected (by a scanner or cloud agent) on the asset. Select the number of days from the drop-down menu.
Example
Show findings that were detected in the last 30 days.
vulnerabilities.detectionAge:[00..30]
vulnerabilities.vulnerability.descriptionvulnerabilities.vulnerability.description
Use quotes or backticks within values to help you find the vulnerability description you're looking for.
Examples
Show any findings related to description
vulnerabilities.vulnerability.description:remote code execution
Show any findings that contain "remote" or "code" in description
vulnerabilities.vulnerability.description:"remote code execution"
Show any findings that match exact value "remote code execution"
vulnerabilities.vulnerability.description:`remote code execution`
vulnerabilities.vulnerability.publishedvulnerabilities.vulnerability.published
Use a date range or specific date to define when vulnerabilities were first published in the KnowledgeBase.
Examples
Show findings for vulnerabilities published within certain dates
vulnerabilities.vulnerability.published:[2015-10-21 ... 2016-01-15]
Show findings for vulnerabilities published starting 2017-01-01, ending 1 month ago
vulnerabilities.vulnerability.published:[2017-01-01 ... now-1M]
Show findings for vulnerabilities published starting 2 weeks ago, ending 1 second ago
vulnerabilities.vulnerability.published:[now-2w ... now-1s]
Show findings for vulnerabilities published on certain date
vulnerabilities.vulnerability.published:'2018-01-15'
vulnerabilities.vulnerability.updatedvulnerabilities.vulnerability.updated
Use a date range or specific date to define when vulnerabilities were updated in the KnowledgeBase.
Examples
Show vulnerabilities updated within certain dates
vulnerabilities.vulnerability.updated:[2017-10-21 ... 2017-10-30]
Show vulnerabilities updated starting 2017-11-01, ending 1 month ago
vulnerabilities.vulnerability.updated:[2017-11-01 ... now-1M]
Show vulnerabilities updated stating 2 weeks ago, ending 1 second ago
vulnerabilities.vulnerability.updated:[now-2w ... now-1s]
Show vulnerabilities updated on certain date
vulnerabilities.vulnerability.updated:'2018-03-08'
RTIs
Use these tokens for searching Real-Time Threat Indicator (RTI) related vulnerabilities. You must have a subscription to the Threat Protection app to use these tokens.
vulnerabilities.vulnerability.threatIntel.publicExploitNamevulnerabilities.vulnerability.threatIntel.publicExploitName
Use quotes or backticks within values to help
you find the public exploit name of interest. Quotes can be used
when the value has more than one word.
Examples
Show any findings with this name
vulnerabilities.vulnerability.threatIntel.publicExploitName:
RealVNC NULL Authentication Mode Bypass
Show any findings that contain parts of name
vulnerabilities.vulnerability.threatIntel.publicExploitName:
"RealVNC NULL Authentication Mode Bypass"
Show any findings that match exact value
vulnerabilities.vulnerability.threatIntel.publicExploitName:
`RealVNC NULL Authentication Mode Bypass`