Search Tokens for Qualys Flow
On the QFlow tab of the Qualys Flow application, use the following tokens to search for the information related to QFlows in your account. Build your search queries by using various combinations of these tokens. Click each token for information about how to use it.
Use values within quotes to find qflows with a specific name.
Examples
Show findings with this name
qflow.name: Publicly accessible RDS DB Instances
Show any findings that contain parts of the name
qflow.name: "Publicly accessible RDS DB Instances"
Search the qflows based on their status as Error or Success.
Examples
Show findings with qflow status as error
qflow.status: Error
Show findings with qflow status as success
qflow.status: Success
Search the qflows based on their state as Enabled or Disabled.
Examples
Show findings with qflow state as enabled
qflow.state: Enabled
Show findings with qflow state as disabled
qflow.state: Disabled
Search the qflows based on categories from: AWS Best Practices, AWS CIS, Auto Remediation, Custom, Operational Excellence, Security.
Examples
Show findings with Security category
qflow.category: Security
Show findings with AWS CIS category
qflow.category: AWS CIS
Search the qflows which are adopted in a specific module like TotalCloud.
Example
Show findings with this name
qflow.module: TotalCloud
qflow.account.idqflow.account.id
Use a text value ##### to show resources based on the unique account ID associated with the connector/ARN at the time of creation.
Example
Show findings with this account ID
qflow.account.id: 205767712438
qflow.createdByUsernameqflow.createdByUsername
Use the text value ##### for the username to search for the qflows created by the user
Example
Show findings with this user name.
qflow.createdByUsername: doe_john
qflow.createdByNameqflow.createdByName
Use the first or last name of the users to serach for qflows created by them.
Example
Show findings with this user name
qflow.createdByName: John
Use a text value ##### to show resources based on the unique qflow ID associated with the qflow at the time of creation.
Example
Show qflow with this unique qflow ID
qflow.id: 0cbc3157-9b21-48a6-8652-28248741ebd
Search the qflows based on the cloud provider.
Examples
Show QFlows for AWS cloud provider
qflow.provider: AWS
Show QFlows for AZURE cloud provider
qflow.provider: AZURE
Search the execution details based on the source from where the qflow is triggered. Select the token from Batch, TC, Event, QSS, SNAPSHOT, SSM, or UI.
Example
Show execution details triggered from TotalCloud
source: TC
Search the execution details based on the execution ID.
Example
Show execution details for the given execution ID
source: 4d89bea0-172b-476f-a9c3-a5cf8f9d70cc
Search the execution details based on execution status. Select the token from Error, Queued, Running, or Success.
Example
Show execution details with status as Sucesstriggered from TotalCloud
status: Success
Search the AWS execution details based on the region.
Example
Show AWS execution details
regions: us-east-1
resource_groupsresource_groups
Search the AZURE execution details based resource group.
Example
Show AZURE execution details
resource_groups: cloud-shell-storage-india
Supported Boolean Operators
The Qualys Query Language (QQL) supports the following logical or Boolean query operators. Use these operators in your queries to narrow down or broaden your search.
Narrow down the search by using the and operator in the Boolean query. The values where all conditions are true return results.
Example
Show the AWS executions that have a successful status.
certificate:(expiryGroup:In 30 Days and issuer.name:DigiCert)
Expand the search by using the or operator in the Boolean query. The values where either conditions are true return results.
Example
Show workflows that belong to Custom or AWS Best Practices.
category.qflow.category:Custom or qflow.category:AWS Best Practices and issuer.name:DigiCert)
Narrow down the search by using the not operator in the Boolean query. The values where the conditions are false return results.
Show workflows that do not use AWS or Azure cloud.
qflow.provider not([AWS , AZURE])
Narrow down the search by using the not in operator in the Boolean query. The query returns results that don't match any of the specified values.
Example
Show workflows that are not in AWS or Azure cloud.
qflow.provider not in([AWS , AZURE])