Search Tokens for Qualys Flow
On the QFlow tab of the Qualys Flow application, use the following tokens to search for the information related to QFlows in your account. Build your search queries by using various combinations of these tokens. Click each token for information about how to use it.
Use values within quotes to find qflows with a specific name.
Examples
Show findings with this name
qflow.name: Publicly accessible RDS DB Instances
Show any findings that contain parts of the name
qflow.name: "Publicly accessible RDS DB Instances"
qflow.lastExecutionStatusqflow.lastExecutionStatus
Search the qflows based on their status as Error or Success.
Examples
Show findings with qflow status as error
qflow.lastExecutionStatus: Error
Show findings with qflow status as success
qflow.lastExecutionStatus: Success
qflow.isDeployedqflow.isDeployed
Search the qflows based on their state as Enabled or Disabled.
Examples
Show findings with qflow state as enabled
qflow.isDeployed: Enabled
Show findings with qflow state as disabled
qflow.isDeployed: Disabled
Search the qflows based on categories from: AWS Best Practices, AWS CIS, Auto Remediation, Custom, Operational Excellence, Security.
Examples
Show findings with Security category
qflow.category: Security
Show findings with AWS CIS category
qflow.category: AWS CIS
Search the qflows which are adopted in a specific module like TotalCloud.
Example
Show findings with this name
module.code : TotalCloud
cloud.accountIdcloud.accountId
Use a text value ##### to show resources based on the unique account ID associated with the connector/ARN at the time of creation.
Example
Show findings with this account ID
cloud.accountId: 205767712438
qflow.createdBy.username qflow.createdBy.username
Use the text value ##### for the username to search for the qflows created by the user
Example
Show findings with this user name.
qflow.createdBy.username : doe_john
qflow.createdBy.nameqflow.createdBy.name
Use the first or last name of the users to serach for qflows created by them.
Example
Show findings with this user name
qflow.createdBy.name: John
Use a text value ##### to show resources based on the unique qflow ID associated with the qflow at the time of creation.
Example
Show qflow with this unique qflow ID
qflow.id: 0cbc3157-9b21-48a6-8652-28248741ebd
Search the qflows/templates based on the cloud provider.
Examples
Show QFlows for AWS cloud provider
cloud.provider: AWS
Show QFlows for AZURE cloud provider
cloud.provider: AZURE
Show templates for AWS cloud provider
cloud.provider: AWS
execution.sourceexecution.source
Search the execution details based on the source from where the qflow is triggered. Select the token from Batch, TC, Event, QSS, SNAPSHOT, SSM, or UI.
Example
Show execution details triggered from TotalCloud
execution.source: TC
Search the execution details based on the execution ID.
Example
Show execution details for the given execution ID
execution.id: 4d89bea0-xxxx-xxxx-a9c3-a5cf8f9d70cc
execution.statusexecution.status
Search the execution details based on execution status. Select the token from Error, Queued, Running, or Success.
Example
Show execution details with status as Sucsess triggered from TotalCloud
execution.status: Success
Search the AWS execution details based on the region.
Example
Show AWS execution details
cloud.region: us-east-1
cloud.resourceGroupNamecloud.resourceGroupName
Search the AZURE execution details based resource group.
Example
Show AZURE execution details
cloud.resourceGroupName: cloud-shell-storage-india
Find templates associated with the specified services
Example
Show EC2 templates
cloud.services: EC2
Use values within quotes to find templates with a specific name.
Examples
Show templates with this name
Show any templates that contain parts of the name
playbook.name: aws-flow
Supported Boolean Operators
The Qualys Query Language (QQL) supports the following logical or Boolean query operators. Use these operators in your queries to narrow down or broaden your search.
Narrow down the search by using the and operator in the Boolean query. The values where all conditions are true return results.
Example
Show the AWS executions that have a successful status.
certificate:(expiryGroup:In 30 Days and issuer.name:DigiCert)
Expand the search by using the or operator in the Boolean query. The values where either conditions are true return results.
Example
Show workflows that belong to Custom or AWS Best Practices.
category.qflow.category:Custom or qflow.category:AWS Best Practices and issuer.name:DigiCert)
Narrow down the search by using the not operator in the Boolean query. The values where the conditions are false return results.
Show qflows that do not use AWS or Azure cloud.
cloud.provider not([AWS , AZURE])
Narrow down the search by using the not in operator in the Boolean query. The query returns results that don't match any of the specified values.
Example
Shows qflows that does not have error or success as status.
cloud.provider not in( [Error , Success])