Using Vulnerability and Patches Tokens in Combination to Create Linux Job

Use the vulnerability and patch tokens in combination to define criteria to create a QQL-based Linux job. Looking for help with writing your query? click here

Patches Tokens

Vulnerabilities Tokens

Patches Tokens

advisoryadvisory

Use a text value ##### to find patches applied to a certain advisory.

Example

Find patches for RHSA-2015:2241

advisory: "RHSA-2015:2241"

architecturearchitecture

Use a text value ##### to find patches applied to a certain architecture (x86, x64).

Example

Find patches for x64

architecture: x64

categorycategory

Use a text value ##### to find patches of certain category (Security, Software Distribution, Security Tools, Non-security Patches, Custom Actions).

Example

Show patches of category Security

category: `Security`

cvecve

Use a text value ##### to find patches by certain CVE ID.

Example

Find patches for this CVE ID

cve: CVE-208-0760

isSecurityisSecurity

Use the values true | false to find patches of type Security.

Example

Show security patches

isSecurity: true

modifiedDatemodifiedDate

Use a date range or specific date to find when patches were last modified.

Examples

Show patches modified within certain dates

modifiedDate: [2018-02-01 ... 2018-02-12]

Show patches modified starting 2018-02-01, ending 1 month ago

modifiedDate: [2018-02-01 ... now-1M]

Show patches modified starting 2 weeks ago, ending 1 second ago

modifiedDate: [now-2w ... now-1s]

Show patches modified on certain date

modifiedDate:'2018-02-22'

patchIdpatchId

Use a text value ##### to find patches by patch ID.

Example

Find patches with this ID

patchId: 8fc0797d-2c7b-3c08-8e7b-48c30585a702

publishedDatepublishedDate

Use a date range or specific date to find when patches were last published.

Examples

Show patches published within certain dates

publishedDate: [2018-02-01 ... 2018-02-12]

Show patches published starting 2018-02-01, ending 1 month ago

publishedDate: [2018-02-01 ... now-1M]

Show patches published starting 2 weeks ago, ending 1 second ago

publishedDate: [now-2w ... now-1s]

Show patches published on certain date

publishedDate:'2018-02-22'

qidqid

Use a text value ##### to find patches by certain QID.

Example

Find patches for this QID

qid: 3015321

rebootRequiredrebootRequired

Use the values true | false to find patches that require reboot.

Example

Show patches where reboot is required

rebootRequired: true

supportedOssupportedOs

Use a text value ##### to find patches applied to a certain OS.

Example

Find patches for Redhat

supportedOs: Redhat

vendorSeverityvendorSeverity

Use a text value ##### to find patches with certain vendor assigned severity level (Critical, Important, Moderate, Low, None).

Example

Find patches with this vendor assigned severity level

vendorSeverity: Critical

titletitle

Use values within quotes or backticks to find patches with certain title.

Examples

Find patches related to title

title: Security

Find patches that contain parts of title

title: "Security and Quality Rollup for the .Net Framework"

Find patches that match exact value

title: `Security for the .Net Framework`

 

 

Vulnerabilities Tokens

Use these tokens to define search criteria for vulnerabilities. You must have a subscription to VMDR app to use these tokens.

vulnerabilities.firstFoundvulnerabilities.firstFound

Use a date range or specific date to define when findings were first found.

Examples

Show findings first found within certain dates

vulnerabilities.firstFound:[2017-10-21 ... 2017-10-30]

Show findings first found starting 2015-10-01, ending 1 month ago

vulnerabilities.firstFound:[2015-10-01 ... now-1M]

Show findings first found starting 2 weeks ago, ending 1 second ago

vulnerabilities.firstFound:[now-2w ... now-1s]

Show findings first found on certain date

vulnerabilities.firstFound:'2016-11-11'

vulnerabilities.hostAssetNamevulnerabilities.hostAssetName

Use quotes or backticks within values to help you find the host asset name you're looking for.

Examples

Show any findings related to name

vulnerabilities.hostAssetName:QK2K12QP3-65-53

Show any findings that contain parts of name

vulnerabilities.hostAssetName:"QK2K12QP3-65-53"

Show any findings that match exact value "QK2K12QP3-65-53"

vulnerabilities.hostAssetName:`QK2K12QP3-65-53`

vulnerabilities.hostOSvulnerabilities.hostOS

Use quotes or backticks within values to help you find the host operating system you're interested in.

Examples

Show any findings with this OS name

vulnerabilities.hostOS:Windows 2012

Show any findings that contain components of OS name

vulnerabilities.hostOS:"Windows 2012"

Show any findings that match exact value "Windows 2012"

vulnerabilities.hostOS:`Windows 2012`

vulnerabilities.foundvulnerabilities.found

Use the values true | false to define vulnerabilities are detected or not on the assets.

Examples

Show findings with vulnerabilities detected

vulnerabilities.found:TRUE

vulnerabilities.detectionScorevulnerabilities.detectionScore

Use an integer value (0-100) to help you find vulnerabilities based on specific detection score.

Examples

Show vulnerabilities with detection score 80

vulnerabilities.detectionScore:80

Show vulnerabilities with detection score 25

vulnerabilities.detectionScore:25

vulnerabilities.disabledvulnerabilities.disabled

Use the values true | false to define vulnerabilities are disabled or enabled.

Examples

Show findings with vulnerabilities disabled

vulnerabilities.disabled:TRUE

vulnerabilities.lastFixedvulnerabilities.lastFixed

Use a date range or specific date to define when findings were last fixed.

Examples

Show findings last fixed within certain dates

vulnerabilities.lastFixed:[2015-10-21 ... 2016-01-15]

Show findings last fixed starting 2016-01-01, ending 1 month ago

vulnerabilities.lastFixed:[2016-01-01 ... now-1M]

Show findings last fixed starting 2 weeks ago, ending 1 second ago

vulnerabilities.lastFixed:[now-2w ... now-1s]

Show findings last fixed on certain date

vulnerabilities.lastFixed:'2016-01-11'

Show findings last fixed within certain number of days

vulnerabilities.lastFixed: [91..180]

vulnerabilities.lastFoundvulnerabilities.lastFound

Use a date range or specific date to define when findings were last found.

Examples

Show findings last found within certain dates

vulnerabilities.lastFound:[2015-10-21 ... 2016-01-15]

Show findings last found starting 2016-01-01, ending 1 month ago

vulnerabilities.lastFound:[2016-01-01 ... now-1M]

Show findings last found starting 2 weeks ago, ending 1 second ago

vulnerabilities.lastFound:[now-2w ... now-1s]

Show findings last found on certain date

vulnerabilities.lastFound:'2016-01-11'

Show findings last found within certain number of days

vulnerabilities.lastFound: [91..180]

Show findings last found on 2017-01-12 with patch available

vulnerabilities: (lastFound:'2017-01-12' AND vulnerability.patchAvailable:TRUE)

vulnerabilities: (lastFound: AND vulnerability.patchAvailable:TRUE)

vulnerabilities.nonExploitableConfigvulnerabilities.nonExploitableConfig

Use the values true | false to define vulnerabilities with non-exploitable configurations.

Examples

Show findings with non exploitable configurations

vulnerabilities.nonExploitableConfig:TRUE

Show findings with exploitable configurations

vulnerabilities.nonExploitableConfig:FALSE

vulnerabilities.nonRunningKernelvulnerabilities.nonRunningKernel

Use the values true | false to view vulnerabilities found on non-running kernels.

Examples

Show detections found on non-running Kernal

vulnerabilities.nonRunningKernel:TRUE

Show detections found on running Kernal

vulnerabilities.nonRunningKernel:FALSE

vulnerabilities.sslvulnerabilities.ssl

Use the values true | false to define vulnerabilities found on secure socket layer (SSL).

Examples

Show vulnerabilities associated with SSL

vulnerabilities.ssl:TRUE

vulnerabilities.portvulnerabilities.port

Use an integer value ##### to help you find vulnerabilities found on a certain port.

Example

Show vulnerabilities found on this port

vulnerabilities.port:443

vulnerabilities.protocolvulnerabilities.protocol

Use a text value ##### (UDP or TCP) to define the port protocol you're interested in.

Example

Show vulnerabilities found on TCP protocol

vulnerabilities.protocol:TCP

vulnerabilities.ignoredvulnerabilities.ignored

Use an integer value ##### to help you find vulnerabilities that have been marked as ignored.

Example

Show vulnerabilities that are marked as ignored

vulnerabilities.ignored:TRUE

vulnerabilities.instancevulnerabilities.instance

Use an integer value ##### to help you find vulnerabilities found on a certain instance.

Example

Show vulnerabilities found on this instance

vulnerabilities.instance: 354216

vulnerabilities.severityvulnerabilities.severity

Select a severity (1-5) to find assets having vulnerabilities with this severity. Select from values in the drop-down menu.

Example

Show findings with severity 5

vulnerabilities.severity:5

vulnerabilities.statusvulnerabilities.status

Select a status (e.g. Active, Fixed, New, Reopened) to find vulnerabilities with certain status. Select from names in the drop-down menu.

If you select the status as Fixed, the list will only show vulnerabilities that are fixed in the last 365 days.

Example

Show vulnerabilities with New status

vulnerabilities.status:NEW

vulnerabilities.typeDetectedvulnerabilities.typeDetected

Select a detection type (e.g. Confirmed, Potential, Information) to find assets with vulnerabilities of this type. Select from names in the drop-down menu.

Example

Show findings with this type

vulnerabilities.typeDetected:Confirmed

vulnerabilities.vulnerability.authTypesvulnerabilities.vulnerability.authTypes

Select the name (WINDOWS_AUTH, UNIX_AUTH, ORACLE_AUTH, etc) of an authentication type you're interested in. Select from names in the drop-down menu.

Example

Show findings with Windows auth type

vulnerabilities.vulnerability.authTypes:WINDOWS_AUTH

vulnerabilities.vulnerability.bugTraqIdsvulnerabilities.vulnerability.bugTraqIds

Use a text value ##### to find a BugTraq number you're interested in.

Example

Show findings with BugTraq ID 22211

vulnerabilities.vulnerability.bugTraqIds:22211

vulnerabilities.vulnerability.categoryvulnerabilities.vulnerability.category

Select a category (CGI, Database, DNS, BIND, etc) to find vulnerabilities with this category. Select from names in the drop-down menu.

Example

Show findings with category CGI

vulnerabilities.vulnerability.category:CGI

vulnerabilities.vulnerability.compliance.descriptionvulnerabilities.vulnerability.compliance.description

Use quotes or backticks within values to help you find the compliance description you're looking for.

Examples

Show any findings related to this description

vulnerabilities.vulnerability.compliance.description:malicious software

Show any findings that contain "malicious" or "software" in description

vulnerabilities.vulnerability.compliance.description:"malicious software"

Show any findings that match exact value "malicious software"

vulnerabilities.vulnerability.compliance.description:`malicious software`

vulnerabilities.vulnerability.compliance.sectionvulnerabilities.vulnerability.compliance.section

Use quotes or backticks within values to help you find the compliance section you're looking for.

Examples

Show any findings related to this section

vulnerabilities.vulnerability.compliance.section:164.308

Show any findings that contain parts of section

vulnerabilities.vulnerability.compliance.section:"164.308"

Show any findings that match exact value "164.308"

vulnerabilities.vulnerability.compliance.section:`164.308`

vulnerabilities.vulnerability.compliance.typevulnerabilities.vulnerability.compliance.type

Select the name ##### of a compliance type you're interested in (e.g. COBIT, HIPAA, GLBA, SOX). Select from names in the drop-down menu.

Example

Show findings with the compliance type HIPAA

vulnerabilities.vulnerability.compliance.type:HIPAA

vulnerabilities.vulnerability.impactvulnerabilities.vulnerability.impact

Use quotes or backticks within values to help you find the impact you're looking for.

Example

Show any findings related to impact

vulnerabilities.vulnerability.impact:sensitive information

Show any findings that contain "sensitive" or "information" in consequence

vulnerabilities.vulnerability.impact:"sensitive information"

Show any findings that match exact value "sensitive information"

vulnerabilities.vulnerability.impact:'sensitive information'

vulnerabilities.vulnerability.cveIdsvulnerabilities.vulnerability.cveIds

Use a text value ##### to find the CVE name you're interested in.

Example

Show findings with CVE name CVE-2015-0313

vulnerabilities.vulnerability.cveIds:CVE-2015-0313

vulnerabilities.vulnerability.cvss3_1Info.temporalScorevulnerabilities.vulnerability.cvss3_1Info.temporalScore

Use an integer value ##### to help you find the CVSSv3 temporal score you're interested in.

Example

Show assets with this score

vulnerabilities.vulnerability.cvss3_1Info.temporalScore:6.4

vulnerabilities.vulnerability.cvss3_1Info.baseScorevulnerabilities.vulnerability.cvss3_1Info.baseScore

Use an integer value ##### to help you find the CVSSv3 base score you're interested in.

Example

Show assets with this score

vulnerabilities.vulnerability.cvss3_1Info.baseScore:7.8

vulnerabilities.vulnerability.cvss2Info.accessVectorvulnerabilities.vulnerability.cvss2Info.accessVector

Select the name ##### of a CVSS2 access vector you'd like to find (e.g. UNDEFINED, LOCAL_ACCESS, ADJACENT_NETWORK, NETWORK). Select from names in the drop-down menu.

Example

Show findings with this name

vulnerabilities.vulnerability.cvss2Info.accessVector:NETWORK

vulnerabilities.vulnerability.cvss2Info.baseScorevulnerabilities.vulnerability.cvss2Info.baseScore

Use an integer value ##### to help you find the CVSS2 base score you're interested in.

Example

Show assets with this score

vulnerabilities.vulnerability.cvss2Info.baseScore:7.8

vulnerabilities.vulnerability.cvss2Info.temporalScorevulnerabilities.vulnerability.cvss2Info.temporalScore

Use an integer value ##### to help you find the CVSS2 temporal score you're interested in.

Example

Show assets with this score

vulnerabilities.vulnerability.cvss2Info.temporalScore:6.4

vulnerabilities.vulnerability.discoveryTypesvulnerabilities.vulnerability.discoveryTypes

Select a discovery type (Remote or Authenticated) to find assets with vulnerabilities having this discovery type. Select from names in the drop-down menu.

Example

Show findings with Remote discovery type

vulnerabilities.vulnerability.discoveryTypes:REMOTE

vulnerabilities.vulnerability.flagsvulnerabilities.vulnerability.flags

Use a text value ##### to find the Qualys defined vulnerability property of interest (e.g. REMOTE, WINDOWS_AUTH, UNIX_AUTH, PCI_RELATED etc).

Example

Show findings with this flag

vulnerabilities.vulnerability.flags:PCI_RELATED

vulnerabilities.vulnerability.osvulnerabilities.vulnerability.os

Use quotes or backticks within values to help you find the operating system vulnerabilities were detected on.

Examples

Show any findings related to this OS value

vulnerabilities.vulnerability.os:windows

Show any findings that contain parts of OS value

vulnerabilities.vulnerability.os:"windows"

Show any findings that match exact value "windows"

vulnerabilities.vulnerability.os:`windows`

vulnerabilities.vulnerability.patchAvailablevulnerabilities.vulnerability.patchAvailable

Use the values true | false to define vulnerabilities with patch available.

Examples

Show findings with patch available

vulnerabilities.vulnerability.patchAvailable:TRUE

Show findings with no patch available

vulnerabilities.vulnerability.patchAvailable:FALSE

vulnerabilities.vulnerability.pcivulnerabilities.vulnerability.pci

Use the values true | false to find vulnerabilities that must be fixed for PCI Compliance (per PCI DSS).

Examples

Show PCI vulnerabilities

vulnerabilities.vulnerability.pci:TRUE

Do not show PCI vulnerabilities

vulnerabilities.vulnerability.pci:FALSE

vulnerabilities.vulnerability.rebootRequiredvulnerabilities.vulnerability.rebootRequired

Use the values true | false to find vulnerabilities that need reboot.

Examples

Show vulnerabilities that need reboot.

vulnerabilities.vulnerability.rebootRequired: TRUE

vulnerabilities.vulnerability.qidvulnerabilities.vulnerability.qid

Use an integer value ##### to define the QID in question.

Example

Show findings with QID 90405

vulnerabilities.vulnerability.qid: 90405

vulnerabilities.vulnerability.sans20Categoriesvulnerabilities.vulnerability.sans20Categories

Use a text value ##### to find vulnerabilities in the SANS 20 category you're interested in (e.g. Anti-virus Software, Backup Software, etc).

Example

Show findings with this category name

vulnerabilities.vulnerability.sans20Categories:Media Players

vulnerabilities.vulnerability.solutionvulnerabilities.vulnerability.solution

Use quotes or backticks within values to help you find the solution you're looking for.

Examples

Show any findings related to this solution

vulnerabilities.vulnerability.solution:Bulletin MS10-006

Show any findings that contain parts of solution

vulnerabilities.vulnerability.solution:"Bulletin MS10-006"

Show any findings that match exact value "Bulletin MS10-006"

vulnerabilities.vulnerability.solution:`Bulletin MS10-006`

vulnerabilities.vulnerability.supportedByvulnerabilities.vulnerability.supportedBy

Select a Qualys service (VM, Agent type, etc) to show vulnerabilities that can be detected by this service. Select from names in the drop-down menu.

Example

Show vulnerabilities supported by Linux Agent

vulnerabilities.vulnerability.supportedBy:LINUX_AGENT

vulnerabilities.vulnerability.titlevulnerabilities.vulnerability.title

Use quotes or backticks within values to help you find the title you're looking for.

Examples

Show any findings related to this title

vulnerabilities.vulnerability.title:Remote Code Execution

Show any findings that contain "Remote" or "Code" in title

vulnerabilities.vulnerability.title:"Remote Code"

Show any findings that match exact value "Remote Code"

vulnerabilities.vulnerability.title:`Remote Code`

vulnerabilities.vulnerability.vendorRefsvulnerabilities.vulnerability.vendorRefs

Use a text value ##### to find the vendor reference you're interested in.

Example

Show this vendor reference

vulnerabilities.vulnerability.vendorRefs:KB3021953

vulnerabilities.vulnerability.vendors.productNamevulnerabilities.vulnerability.vendors.productName

Use a text value ##### to find the vendor product name you're interested in.

Example

Show findings with this vendor product name

vulnerabilities.vulnerability.vendors.productName:Windows

vulnerabilities.vulnerability.vendors.vendorNamevulnerabilities.vulnerability.vendors.vendorName

Use a text value ##### to find the vendor name you're interested in.

Example

Show findings with this vendor name

vulnerabilities.vulnerability.vendors.vendorName:Adobe

vulnerabilities.nonExploitableKernelvulnerabilities.nonExploitableKernel

Use the values true | false to define vulnerabilities that exist on non exploitable kernels.

Examples

Show findings on non-exploitable kernels

vulnerabilities.nonExploitableKernel:TRUE

vulnerabilities.nonExploitableServicevulnerabilities.nonExploitableService

`Use the values true | false to define vulnerabilities that exist on non exploitable services.

Examples

Show findings on non-exploitable services

vulnerabilities.nonExploitableService:TRUE

vulnerabilities.vulnerability.patchReleasedvulnerabilities.vulnerability.patchReleased

Use a date range or specific date to define when patch was available.

Examples

Show findings last found within certain dates

vulnerabilities.vulnerability.patchReleased:[2018-10-21 ... 2019-01-15]

Show findings last found starting 2020-01-01, ending 1 month ago

vulnerabilities.vulnerability.patchReleased:[2020-01-01 ... now-1M]

Show findings last found starting 2 weeks ago, ending 1 second ago

vulnerabilities.vulnerability.patchReleased:[now-2w ... now-1s]

Show findings last found on certain date

vulnerabilities.vulnerability.patchReleased:'2020-01-02'

vulnerabilities.timesFoundvulnerabilities.timesFound

Show findings that were detected for the specified number of times.

Examples

Show findings last found 3 times

vulnerabilities.timesFound:3

vulnerabilities.vulnerability.kbAgevulnerabilities.vulnerability.kbAge

Select the number of days from the range (00..30, 31..60, 61..90, 91..180,180..+) since the vulnerability was disclosed. Select the number of days from the drop-down menu.

Example

Show findings that were disclosed in the last 30 days

vulnerabilities.vulnerability.kbAge:[00..30]

vulnerabilities.detectionAgevulnerabilities.detectionAge

Select the number of days from the range (00..30, 31..60, 61..90, 91..180,180..+) since the vulnerability was first detected (by a scanner or cloud agent) on the asset. Select the number of days from the drop-down menu.

Example

Show findings that were detected in the last 30 days.

vulnerabilities.detectionAge:[00..30]

vulnerabilities.vulnerability.descriptionvulnerabilities.vulnerability.description

Use quotes or backticks within values to help you find the vulnerability description you're looking for.

Examples

Show any findings related to description

vulnerabilities.vulnerability.description:remote code execution

Show any findings that contain "remote" or "code" in description

vulnerabilities.vulnerability.description:"remote code execution"

Show any findings that match exact value "remote code execution"

vulnerabilities.vulnerability.description:`remote code execution`

vulnerabilities.vulnerability.listsvulnerabilities.vulnerability.lists

Use a text value ##### to find the vulnerability list of interest (e.g. SANS_20, QUALYS_20, QUALYS_INT_10, QUALYS_EXT_10).

Example

Show findings with vulnerabilities in SANS Top 20

vulnerabilities.vulnerability.lists:SANS_20

vulnerabilities.vulnerability.publishedvulnerabilities.vulnerability.published

Use a date range or specific date to define when vulnerabilities were first published in the KnowledgeBase.

Examples

Show findings for vulnerabilities published within certain dates

vulnerabilities.vulnerability.published:[2015-10-21 ... 2016-01-15]

Show findings for vulnerabilities published starting 2017-01-01, ending 1 month ago

vulnerabilities.vulnerability.published:[2017-01-01 ... now-1M]

Show findings for vulnerabilities published starting 2 weeks ago, ending 1 second ago

vulnerabilities.vulnerability.published:[now-2w ... now-1s]

Show findings for vulnerabilities published on certain date

vulnerabilities.vulnerability.published:'2018-01-15'

vulnerabilities.vulnerability.ransomware.namevulnerabilities.vulnerability.ransomware.name

Use quotes or backticks within values to help you find the ransomware name you're looking for. Quotes can be used when the value has more than one word.

Example

Show findings with this name

vulnerabilities.vulnerability.ransomware.name: Locky

Show findings that match exact value

vulnerabilities.vulnerability.ransomware.name: Locky

vulnerabilities.vulnerability.riskvulnerabilities.vulnerability.risk

Use an integer value ##### to define the vulnerability risk rating you're interested in. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.

Example

Show findings with risk 50

vulnerabilities.vulnerability.risk:50

vulnerabilities.vulnerability.qualysPatchablevulnerabilities.vulnerability.qualysPatchable

Use the valuesvulnerabilities true | false to define that can be patched at Qualys.

Examples

Show vulnerabilities with patch available at Qualys

vulnerabilities.vulnerability.qualysPatchable: "true"

Show vulnerabilities with patch not available at Qualys

vulnerabilities.vulnerability.qualysPatchable: "false"

vulnerabilities.vulnerability.criticalityvulnerabilities.vulnerability.criticality

Select a criticality (e.g. "CRITICAL","HIGH","MEDIUM","LOW","NONE") to find assets with vulnerabilities of this type. Select from names in the drop-down menu.

Examples

Show vulnerabilities with HIGH criticality

vulnerabilities.vulnerability.criticality: "HIGH"

vulnerabilities.vulnerability.updatedvulnerabilities.vulnerability.updated

Use a date range or specific date to define when vulnerabilities were updated in the KnowledgeBase.

Examples

Show vulnerabilities updated within certain dates

vulnerabilities.vulnerability.updated:[2017-10-21 ... 2017-10-30]

Show vulnerabilities updated starting 2017-11-01, ending 1 month ago

vulnerabilities.vulnerability.updated:[2017-11-01 ... now-1M]

Show vulnerabilities updated stating 2 weeks ago, ending 1 second ago

vulnerabilities.vulnerability.updated:[now-2w ... now-1s]

Show vulnerabilities updated on certain date

vulnerabilities.vulnerability.updated:'2018-03-08'

vulnerabilities.vulnerability.mitre.attack.tactic.idvulnerabilities.vulnerability.mitre.attack.tactic.id

Use the text value within quotes or backticks for the tactics id that represents the why of the ATT&CK technique or sub-technique.

Example

Show findings with the Tactic ID TA0007

vulnerabilities.vulnerability.mitre.attack.tactic.id:`TA0007`

vulnerabilities.vulnerability.mitre.attack.tactic.namevulnerabilities.vulnerability.mitre.attack.tactic.name

Use the text value within quotes or backticks to view for the tactics name that represents it's respective tactic id.

Example

Show findings with the tactic name inital-access

vulnerabilities.vulnerability.mitre.attack.tactic.name:`inital-access`

vulnerabilities.vulnerability.mitre.attack.technique.idvulnerabilities.vulnerability.mitre.attack.technique.id

Use the text value within quotes or backticks for the technique id that represents how a tactical goal can be achieved.

Example

Show findings with the Technique ID T1562.010

vulnerabilities.vulnerability.mitre.attack.technique.id:"T1562.010"

vulnerabilities.vulnerability.mitre.attack.technique.namevulnerabilities.vulnerability.mitre.attack.technique.name

Use the text value within quotes or backticks to view for the technique name that represents it's respective technique id.

Example

Show findings with the tactic name Downgrade Attack

vulnerabilities.vulnerability.mitre.attack.technique.name:"Downgrade Attack"

vulnerabilities.vulnerability.mitre.attack.tactic.id:TA0001vulnerabilities.vulnerability.mitre.attack.tactic.id:TA0001

Type your dropdown text here

vulnerabilities.vulnerability.mitre.attack.tactic.id:TA0002vulnerabilities.vulnerability.mitre.attack.tactic.id:TA0002

Type your dropdown text here

vulnerabilities.vulnerability.mitre.attack.tactic.id:TA0003vulnerabilities.vulnerability.mitre.attack.tactic.id:TA0003

Type your dropdown text here

vulnerabilities.vulnerability.mitre.attack.tactic.id:TA0004vulnerabilities.vulnerability.mitre.attack.tactic.id:TA0004

Type your dropdown text here

vulnerabilities.vulnerability.mitre.attack.tactic.id:TA0005vulnerabilities.vulnerability.mitre.attack.tactic.id:TA0005

Type your dropdown text here

vulnerabilities.vulnerability.mitre.attack.tactic.id:TA0006vulnerabilities.vulnerability.mitre.attack.tactic.id:TA0006

Type your dropdown text here

vulnerabilities.vulnerability.mitre.attack.tactic.id:TA0008vulnerabilities.vulnerability.mitre.attack.tactic.id:TA0008

Type your dropdown text here

vulnerabilities.vulnerability.mitre.attack.tactic.id:TA0009vulnerabilities.vulnerability.mitre.attack.tactic.id:TA0009

Type your dropdown text here

vulnerabilities.vulnerability.mitre.attack.tactic.id:TA0040vulnerabilities.vulnerability.mitre.attack.tactic.id:TA0040

Type your dropdown text here

 

RTIs

Use these tokens for searching Real-Time Threat Indicator (RTI) related vulnerabilities. You must have a subscription to the Threat Protection app to use these tokens. 

vulnerabilities.vulnerability.threatIntel.activeAttacksvulnerabilities.vulnerability.threatIntel.activeAttacks

Use the values true | false to define real-time threats due to active attacks.

Examples

Show assets with threats due to active attacks

vulnerabilities.vulnerability.threatIntel.activeAttacks: true

Show assets that don't have threats due to active attacks

vulnerabilities.vulnerability.threatIntel.activeAttacks: false

vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulnsvulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns

Use the values true | false to define real-time threats due to CISA Exploits.

Examples

Show assets with threats due to CISA exploit

vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns: true

Show assets that don't have threats due to CISA exploit

vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns: false

vulnerabilities.vulnerability.threatIntel.denialOfServicevulnerabilities.vulnerability.threatIntel.denialOfService

Use the values true | false to define real-time threats due to denial of service.

Examples

Show assets with threats due to denial of service

vulnerabilities.vulnerability.threatIntel.denialOfService: true

Show assets that don't have threats due to denial of service

vulnerabilities.vulnerability.threatIntel.denialOfService: false

vulnerabilities.vulnerability.threatIntel.easyExploitvulnerabilities.vulnerability.threatIntel.easyExploit

Use the values true | false to define real-time threats due to easy exploit.

Examples

Show assets with threats due to easy exploit

vulnerabilities.vulnerability.threatIntel.easyExploit: true

Show assets that don't have threats due to easy exploit

vulnerabilities.vulnerability.threatIntel.easyExploit: false

vulnerabilities.vulnerability.threatIntel.exploitKitvulnerabilities.vulnerability.threatIntel.exploitKit

Use the values true | false to define real-time threats due to exploit kit.

Examples

Show assets with threats due to exploit kit

vulnerabilities.vulnerability.threatIntel.exploitKit: true

Show assets that don't have threats due to exploit kit

vulnerabilities.vulnerability.threatIntel.exploitKit: false

vulnerabilities.vulnerability.threatIntel.exploitKitNamevulnerabilities.vulnerability.threatIntel.exploitKitName

Use quotes or backticks within values to help you find the exploit kit name you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings with this name

vulnerabilities.vulnerability.threatIntel.exploitKitName: Angler

Show any findings that match exact value

vulnerabilities.vulnerability.threatIntel.exploitKitName: `Angler`

vulnerabilities.vulnerability.threatIntel.highDataLossvulnerabilities.vulnerability.threatIntel.highDataLoss

Use the values true | false to define real-time threats due to high data loss.

Examples

Show assets with threats due to high data loss

vulnerabilities.vulnerability.threatIntel.highDataLoss: true

Show assets that don't have threats due to high data loss

vulnerabilities.vulnerability.threatIntel.highDataLoss: false

vulnerabilities.vulnerability.threatIntel.highLateralMovementvulnerabilities.vulnerability.threatIntel.highLateralMovement

Use the values true | false to define real-time threats due to high lateral movement.

Examples

Show assets with threats due to high lateral movement

vulnerabilities.vulnerability.threatIntel.highLateralMovement: true

Show assets that don't have threats due to high lateral movement

vulnerabilities.vulnerability.threatIntel.highLateralMovement: false

vulnerabilities.vulnerability.threatIntel.malwarevulnerabilities.vulnerability.threatIntel.malware

Use the values true | false to define real-time threats due to malware.

Examples

Show assets with threats due to malware

vulnerabilities.vulnerability.threatIntel.malware: true

Show assets that don't have threats due to malware

vulnerabilities.vulnerability.threatIntel.malware: false

vulnerabilities.vulnerability.threatIntel.malwareNamevulnerabilities.vulnerability.threatIntel.malwareName

Use quotes or backticks within values to help you find the malware name you're looking for. Quotes can be used when the value has more than one word.

Examples

Show any findings with this name

vulnerabilities.vulnerability.threatIntel.malwareName: TROJ_PDFKA.DQ

Show any findings that match exact value

vulnerabilities.vulnerability.threatIntel.malwareName: `TROJ_PDFKA.DQ`

vulnerabilities.vulnerability.threatIntel.noPatchvulnerabilities.vulnerability.threatIntel.noPatch

Use the values true | false to define real-time threats due to no patch available.

Examples

Show assets with threats due to no patch available

vulnerabilities.vulnerability.threatIntel.noPatch: true

Show assets that don't have threats due to no patch available

vulnerabilities.vulnerability.threatIntel.noPatch: false

vulnerabilities.vulnerability.threatIntel.publicExploitvulnerabilities.vulnerability.threatIntel.publicExploit

Use the values true | false to define real-time threats due to public exploit.

Example

Show assets with threats due to public exploit

vulnerabilities.vulnerability.threatIntel.publicExploit: true

Show assets that don't have threats due to public exploit

vulnerabilities.vulnerability.threatIntel.publicExploit: false

vulnerabilities.vulnerability.threatIntel.publicExploitNamevulnerabilities.vulnerability.threatIntel.publicExploitName

Use quotes or backticks within values to help you find the public exploit name of interest. Quotes can be used when the value has more than one word.

Examples

Show any findings with this name

vulnerabilities.vulnerability.threatIntel.publicExploitName: RealVNC NULL Authentication Mode Bypass

Show any findings that contain parts of name

vulnerabilities.vulnerability.threatIntel.publicExploitName: "RealVNC NULL Authentication Mode Bypass"

Show any findings that match exact value

vulnerabilities.vulnerability.threatIntel.publicExploitName: `RealVNC NULL Authentication Mode Bypass`

vulnerabilities.vulnerability.threatIntel.zeroDayvulnerabilities.vulnerability.threatIntel.zeroDay

Use the values true | false to define real-time threats due to zero day exploit.

Examples

Show assets with threats due to zero day exploit

vulnerabilities.vulnerability.threatIntel.zeroDay: true

Show assets that don't have threats due to zero day exploit

vulnerabilities.vulnerability.threatIntel.zeroDay: false

vulnerabilities.vulnerability.threatIntel.wormablevulnerabilities.vulnerability.threatIntel.wormable

Use the values true | false to define real-time wormable threats.

Examples

Show assets with wormable threats

vulnerabilities.vulnerability.threatIntel.wormable: "true"

vulnerabilities.vulnerability.threatIntel.predictedHighRiskvulnerabilities.vulnerability.threatIntel.predictedHighRisk

Use the values true | false to define real-time threats due to predicted high risk.

Examples

Show assets with predicted high risk threat

vulnerabilities.vulnerability.threatIntel.predictedHighRisk: "true"

vulnerabilities.vulnerability.threatIntel.unauthenticatedExploitationvulnerabilities.vulnerability.threatIntel.unauthenticatedExploitation

Use the values true | false to define real-time threats due to unauthenticated exploitation risk.

Examples

Show assets with unauthenticated exploitation threat

vulnerabilities.vulnerability.threatIntel.unauthenticatedExploitation: "true"

vulnerabilities.vulnerability.threatIntel.remoteCodeExecutionvulnerabilities.vulnerability.threatIntel.remoteCodeExecution

Use the values true | false to define real-time threats due to remote code execution risk.

Examples

Show assets with remote code execution threat

vulnerabilities.vulnerability.threatIntel.remoteCodeExecution: "true"

vulnerabilities.vulnerability.threatIntel.ransomwarevulnerabilities.vulnerability.threatIntel.ransomware

Use the values true | false to define real-time threats due to ransomeware vulnerability.

Examples

Show assets with ransomeware threat

vulnerabilities.vulnerability.threatIntel.ransomware: "true"

vulnerabilities.vulnerability.threatIntel.privilegeEscalationvulnerabilities.vulnerability.threatIntel.privilegeEscalation

Use the values true | false to define real-time threats due to privilege escalation risk.

Examples

Show assets with privilege escalation threat

vulnerabilities.vulnerability.threatIntel.privilegeEscalation: "true"

vulnerabilities.vulnerability.threatIntel.solorigateSunburstvulnerabilities.vulnerability.threatIntel.solorigateSunburst

Use the values true | false to filter real-time threats due to Solorigate/Sunburst risk.

Examples

Show assets with Solorigate/Sunburst threat

vulnerabilities.vulnerability.threatIntel.solorigateSunburst: "true"