Search Tokens for Scans and Applications
You can use the search tokens available in the Scan List tab and refine your search results. Click each token to learn more about it.
Generic | Scan List | Applications
Generic
Use a boolean query to express your query using AND logic.
Example
Find web applications with certain scan status and tag
webapp.lastScanStatus:"SUBMITTED" AND webapp.tags.name: "MS WAS 1000 Webapp"
Use a boolean query to express your query using NOT logic.
Example
Show web applications that don't have last scan status as CANCELED
NOT webapp.lastScanStatus:"CANCELED"
Use a boolean query to express your query using OR logic.
Example
Show findings with one of these id values
vulnerability.id:3758394 OR vulnerability.id:3495166
Scan List Tokens
Use these search tokens to find scan list.
scan.authenticationRecord.namescan.authenticationRecord.name
Use values within quotes or backticks to find scans with given authentication record name.
Examples
Find scans with the authentication record that contains part of the given name
scan.authenticationRecord.name: "Test"
Find scans with the given authentication record name
scan.authenticationRecord.name: `Test`
scan.authStatusscan.authStatus
Select the authentication status to find scans with specified authentication status: FAILURE, NOT_USED, NO_AUTH, PARTIAL, SUCCESS
Example
Find scans with specified authentication status type
scan.authStatus:NOT_USED
scan.cancelledBy.firstNamescan.cancelledBy.firstName
Use values within quotes or backticks to find scans canceled by specified user’s first name.
Example
Find scans that are canceled by the user whose first name is Chandler
scan.cancelledBy.firstName: Chandler
scan.cancelledBy.lastNamescan.cancelledBy.lastName
Use values within quotes or backticks to find scans canceled by specified user’s last name.
Example
Find scans that are canceled by the user whose last name is Bing
scan.cancelledBy.lastName: Bing
scan.cancelledBy.usernamescan.cancelledBy.username
Use values within quotes or backticks to find scans canceled by specified user name.
Example
Find scans that are canceled by the user whose username is quays_pp
scan.cancelledBy.username: quays_pp
scan.cancelModescan.cancelMode
Select the cancel mode to find scans with the specified cancel mode: USER, SYSTEM.
Example
Find scans canceled by the user, that is, cancel mode as USER
scan.cancelMode:USER
Select a scan category to find scans with the specified category: MULTI, SINGLE, SLICE
Example
Find the scans with scan category as MULTI
scan.category: "MULTI"
scan.dnsOverride.namescan.dnsOverride.name
Use values within quotes or backticks to find scans with the specified DNS override record name.
Examples
Find scans that contain part of the given DNS override record name
scan.dnsOverride.name:"Test"
Find scans with the given DNS override record name
scan.dnsOverride.name:`Test`
Use a date range or specific date to find scans that ended in the given date range.
Examples
Find scans that ended in past 6 months
scan.endDate:[now-6M .. now]
Find scans that ended on specified date
scan.endDate: "2020-03-20"
Find scans that ended after a specified date
scan.endDate >"2020-03-20"
Find scans that ended between March 2020 to Dec 2020
scan.endDate:[2020-03-01 .. 2020-12-31]
scan.scanTrustEnabledscan.scanTrustEnabled
Use the values true | false to find scans for which scan trust is enabled or disabled.
Examples
Find scans for which the scan trust option is enabled
scan.scanTrustEnabled: true
Find scans for which the scan trust option is disabled
scan.scanTrustEnabled: false
scan.excludedQidsscan.excludedQids
Use an integer value to find scans with the given QID excluded from the scan.
Example
Find scans with given QID excluded
scan.excludedQids:150124
Use an integer value to find scans with the specified ID.
Example
Find the scan with the given ID
scan.id: 9725
Use an integer value to find the scan with the given Information Gathered detections count.
Example
Find scans that have Information Gathered detections count as 10
scan.igCount:10
scan.inScopeQidsscan.inScopeQids
Use an integer value to find scans with given QIDs in the scan scope.
Example
Find scans with given QIDs in scan scope
scan.inScopeQids:150124
scan.launchedBy.firstNamescan.launchedBy.firstName
Use values within quotes or backticks to find scans launched by the specified user’s first name.
Example
Find scans that are launched by the user whose first name is Chandler
scan.launchedBy.firstName: Chandler
scan.launchedBy.lastNamescan.launchedBy.lastName
Use values within quotes or backticks to find scans launched by the specified user’s last name.
Example
Find scans that are launched by the user whose last name is Bing
scan.launchedBy.lastName: Bing
scan.launchedBy.usernamescan.launchedBy.username
Use values within quotes or backticks to find scans launched by the specified user’s user name.
Example
Select scans which updated by the user whose username is quays_pp
scan.launchedBy.username: quays_pp
scan.linksCrawledscan.linksCrawled
Use an integer value to find scans with the given count of crawled links.
Example
Find scan with given links crawled count
scan.linksCrawled:100
scan.level1VulnCountscan.level1VulnCount
Use an integer value to find scans with the given level 1 vulnerability count.
Example
Find scans with given level 1 vulnerability count
scan.level1VulnCount:100
scan.level2VulnCountscan.level2VulnCount
Use an integer value to find scans with the given level 2 vulnerability count.
Example
Find scans with given level 2 vulnerability count
scan.level2VulnCount:100
scan.level3VulnCountscan.level3VulnCount
Use an integer value to find scans with the given level 3 vulnerability count.
Example
Find scans with given level 3 vulnerability count
scan.level3VulnCount:100
scan.level4VulnCountscan.level4VulnCount
Use an integer value to find scans with the given level 4 vulnerability count.
Example
Find scans with given level 4 vulnerability count
scan.level4VulnCount:100
scan.level5VulnCountscan.level5VulnCount
Use an integer value to find scans with the given level 5 vulnerability count.
Example
Find scans with given level 5 vulnerability count
scan.level5VulnCount:100
Select the scan mode to find scans in the selected mode: On-Demand API, On-Demand UI, and Scheduled.
Example
Find scans with specified scan mode
scan.mode:On-Demand API
Use values within quotes or backticks to find scans with the specified scan name.
Examples
Find scans that contain a part of the given name
scan.name:"TestScan"
Find scans with the given name
scan.name:`TestScan`
scan.optionProfile.namescan.optionProfile.name
Use values within quotes or backticks to find scans with the given option profile name.
Examples
Find scans that contain part of the given option profile name
scan.optionProfile.name:"TestScan"
Find scans with the given option profile name
scan.optionProfile.name:`TestScan`
scan.parent.namescan.parent.name
Use values within quotes or backticks to find the slice (child) scans with the given parent scan name.
Examples
Find slice (child) scans that contain part of the given parent scan name
scan.parent.name:"TestScan"
Find slice (child) scans with the given parent scan name
scan.parent.name:`TestScan`
scan.progressiveScanningEnabledscan.progressiveScanningEnabled
Use the values true | false to find scans for which progressive scanning is enabled or disabled.
Examples
Find scans for which progressive scanning is enabled
scan.progressiveScanningEnabled:true
Find scans for which progressive scanning is disabled
scan.progressiveScanningEnabled:false
scan.proxy.namescan.proxy.name
Use values within quotes or backticks to find scans with the given proxy name.
Example
Find scans that contain part of the given proxy name
scan.proxy.name:"TestProxy"
Find scans with the given proxy name
scan.proxy.name:`TestProxy`
scan.scannerAppliance.namescan.scannerAppliance.name
Use values within quotes or backticks to find scans with the given scanner appliance name.
Examples
Find scans that contain a part of the given Scanner Appliance name
scan.scannerAppliance.name:"TestProxy"
Find scans with the given Scanner Appliance name
scan.scannerAppliance.name:`TestProxy`
scan.scannerApplianceTags.namescan.scannerApplianceTags.name
Use values within quotes or backticks to find scans with the given tag name added to the scanner appliance.
Example
Find scans that contain part of the given tag name added to the scanner appliance
scan.scannerApplianceTags.name:"TestProxy"
Find scans with the given tag name added to the scanner appliance
scan.scannerApplianceTags.name:`TestProxy`
scan.scannerTypescan.scannerType
Select the scanner type to find scans with the selected scanner type: EXTERNAL, INTERNAL, SCANNER_TAGS.
Example
Find scans the with specified scanner type
scan.scannerType:EXTERNAL
Use a text value ##### to find scans with the given scan reference.
Example
Find scans with given scan reference
scan.reference:`abc`
Select the type of scan to find scans with the selected scan type: AUTHENTICATION_TEST, DISCOVERY, VULNERABILITY.
Example
Find scans with the specified scan type
scan.type:DISCOVERY
scan.schedule.namescan.schedule.name
Use values within quotes or backticks to find scans with the given scan schedule name.
Examples
Find scans that contain a part of the given scan schedule name
scan.schedule.name:"TestSchedule"
Find scans with the given scan schedule name
scan.schedule.name:`TestSchedule`
Use an integer value to find scans with the given scan risk.
Example
Find scans with given risk
scan.risk:4
scan.sensitiveContentCountscan.sensitiveContentCount
Use an integer value to find scans with the given sensitive content count.
Example
Find scans with the given sensitive content count
scan.sensitiveContentCount:40
Select a severity value to find scans with selected scan severity: HIGH, LOW, MEDIUM, NONE.
Example
Find scans with the specified scan severity
scan.severity:MEDIUM
Use a date range or specific date to find scans that were started on the given date or date range.
Examples
Find scans that started in past 6 months
scan.startDate:[now-6M .. now]
Find scans that started on specified date
scan.startDate:"2020-03-20"
Find scans that started after a specified date
scan.startDate>"2020-03-20"
Select scans started between March 2020 to Dec 2020
scan.startDate:[2020-03-01 .. 2020-12-31]
Select scan status to find scans with selected scan consolidated status: CANCELED, CANCELED WITH RESULTS, CANCELING, ERROR, FINISHED, MAX LINKS CRAWLED, NO HOST ALIVE, NO WEB SERVICE, PROCESSING, RUNNING, SCAN NOT LAUNCHED, SCANNER NOT AVAILABLE, SERVICE ERRORS DETECTED, SUBMITTED, TIME LIMIT EXCEEDED, TIME LIMIT REACHED.
Example
Find scans with the specified scan consolidated status
scan.status:FINISHED
scan.target.tags.namescan.target.tags.name
Use values within quotes or backticks to find scans with specified tag name added to the scan target.
Examples
Find scans with a part of the specified tags added to the scan target
scan.target.tags.name:"test"
Find scans with specified tags added to the scan target
scan.target.tags.name:`test`
scan.target.urlscan.target.url
Use values within quotes or backticks to find scans with the given target web application url.
Examples
Find scans that contain part of the given target url
scan.target.url:"https://www.qualys.com"
Find scans that contain the given target url
scan.target.url:`https://www.qualys.com`
scan.target.asset.namescan.target.asset.name
Use values within quotes or backticks to find scans with the given target web application name.
Examples
Find scans that contain part of the given target web application name
scan.target.asset.name:"assetName"
Find scans that contain the given target web application name
scan.target.asset.name:`assetName`
scan.totalVulnCountscan.totalVulnCount
Use an integer value to find scans with the given total vulnerability count.
Example
Find scans with given total vulnerability count
scan.totalVulnCount:50
Use a date range or specific date to find scans updated on the given date or date range.
Example
Find scans that were updated in past 6 months
scan.updated:[now-6M .. now]
Select scans that were updated on specified date
scan.updated:"2020-03-20"
Select scans that were updated after a specified date
scan.updated>"2020-03-20"
Select scans that were updated between March 2020 to Dec 2020
scan.updated:[2020-03-01 .. 2020-12-31]
Use text value to find scans with given scan uuid.
Example
Find scans with given scan uuid
scan.uuid:`17eeec0b2-abf4-4d7b-877a-13146ddadccf`
scan.findings.criticalityscan.findings.criticality
Select a criticality value to find scans with the specified detection's criticality.
Example
Find scans with specified detection criticality
scan.findings:(criticality:HIGH )
scan.findings.cvss3Info.baseScorescan.findings.cvss3Info.baseScore
Use an integer value ##### to find scans with given scan detections with the specified CVSS3 base score value.
Examples
Find scans with detection's CVSS3 base score greater than 7
scan.findings:(cvss3Info.baseScore >7)
Find scans with detection's CVSS3 base score less than or equal to 7
scan.findings:(cvss3Info.baseScore <=7)
Find scans with detection's CVSS3 base score equal to 7
scan.findings:(cvss3Info.baseScore:7)
scan.findings.cvss3Info.temporalScorescan.findings.cvss3Info.temporalScore
Use an integer value ##### to find scans with the specified CVSS3 temporal score value.
Examples
Find scans with detection's CVSS3 temporal score greater than 7
scan.finding:(cvss3Info.temporalScore>7)
Find scans with detection's CVSS3 temporal score less than or equal to 7
scan.findings:(cvss3Info.temporalScore<= 7)
Find scans with detection's CVSS3 temporal score equal to 7
scan.findings:(cvss3Info.temporalScore:7)
scan.findings.cweIdsscan.findings.cweIds
Use values within quotes or backticks to find scans with a given CWE Id associated with it.
Example
Find scans with the given CWE ID associated to scan detections
scan.findings:(cweIds:`CWE-56`)
scan.findings.groupNamescan.findings.groupName
Use values within quotes or backticks to find scans with the given scan detection's group name.
Example
Find scans that have given group name associated to scan detections
scan.findings:(groupName:`Cross-Site Scripting`)
scan.findings.groupTitlescan.findings.groupTitle
Use values within quotes or backticks to find scans with the given scan detection's group title.
Example
Find scans that have given group title associated to scan detections
scan.findings:(groupTitle:`XSS`)
scan.findings.titlescan.findings.title
Use values within quotes or backticks to find scans with the given scan detection's title.
Example
Find scans with the given scan detection's title
scan.findings:(title:`Test Detection`)
scan.findings.owaspTopTen.idscan.findings.owaspTopTen.id
Use an integer to find scans with the given scan detection's OWASP top ten category ID.
Example
Find scan where scan detection's owaspTopTen2021 category ID is 7
scan.findings:(owaspTopTen.id:7)
The following list provides the ID and corresponding vulnerability name.
1: Broken Access Control
2: Cryptographic Failures
3: Injection
4: Insecure Design
5: Security Misconfiguration
6: Vulnerable and Outdated Components
7: Identification and Authentication Failures
8: Software and Data Integrity Failures
9: Security Logging and Monitoring Failures
10: Server Side Request Forgery (SSRF)
scan.findings.owaspApiTopTen.idscan.findings.owaspApiTopTen.id
Use an integer to find scans with detections with the given OWASP API top ten 2023 category ID.
Example
Find scan where scan detection's owaspApiTopTen2023 category ID is 7
scan.findings:(owaspApiTopTen.id:7)
The following list provides the ID and corresponding vulnerability name.
1: Broken Object Level Authorization
2: Broken Authentication
3: Broken Object Property Level Authorization
4: Unrestricted Resource Consumption
5: Broken Function Level Authorization
6: Unrestricted Access to Sensitive Business Flows
7: Server Side Request Forgery
8: Security Misconfiguration
9: Improper Inventory Management
10: Unsafe Consumption of APIs
scan.findings.owaspTopTen.namescan.findings.owaspTopTen.name
Use a text value to find scans with given scan detection's owasp top ten category name.
Example
Find scans where scan detection's owaspTopTen2021 category name is "Identification and Authentication Failures"
scan.findings:(owaspTopTen.name:`Identification and Authentication Failures`)
scan.findings.owaspApiTopTen.namescan.findings.owaspApiTopTen.name
Use a text value to find scans with detections with the given OWASP API top ten 2023 category name.
Example
Find scans where scan detection's owaspApiTopTen2023 category name is "Server Side Request Forgery"
scan.findings:(owaspApiTopTen.name:`Server Side Request Forgery`)
scan.findings.paramscan.findings.param
Use a text value to find scans with the given parameter used for confirming scan's detection.
Example
Find scans where the parameter 'comment.comment from url' is used for confirming detection
scan.findings:(param:`comment.comment from url`)
scan.findings.paramTypescan.findings.paramType
Use a text value to find scans with the given parameter type used for confirming scan's detection.
Example
Select scans where parameter type 'cookie' is used for confirming detection
scan.findings:(paramType:`Cookie`)
scan.findings.qidscan.findings.qid
Use an integer to find scans with the scan's detection reported with the given qid.
Examples
Find scans with scan detection reported with the given qid
scan.findings:(qid: 150001)
Find scans with either of the scan detections qid from list
scan.findings:(qid:[150001, 150100, 150009])
scan.findings.severityscan.findings.severity
Use an integer value to find scans with the given scan detection's current severity level.
Examples
Find scans with scan detection's severity greater than 3
scan.findings:(severity>3)
Find scans with scan detection's severity less than or equal to 3
scan.findings:(severity<=3)
Select scans with scan detection's severity 3
scan.findings:(severity:3)
scan.findings.originalSeverityscan.findings.originalSeverity
Use an integer value to find scans with scan detection's original severity level.
Examples
Select scans with scan detection's original severity greater than 3
scan.findings:(originalSeverity>3)
Select scans with scan detection's original severity less than or equal to 3
scan.findings:(originalSeverity<=3)
Select scans with scan detection's original severity 3
scan.findings:(originalSeverity:3)
scan.findings.typeDetectedscan.findings.typeDetected
Select the detection type to find scans with the given scan detection's type: CONFIRMED VULNERABILITY, INFORMATION_GATHERED, POTENTIAL_VULNERABILITY, and SENSITIVE_CONTENT.
Examples
Find scans where detections of the scan are of CONFIRMED_VULNERABILITY type
scan.findings:(typeDetected:CONFIRMED_VULNERABILITY)
Find scans where detections of the scan are of either POTENTIAL_VULNERABILITY or SENSITIVE_CONTENT type
scan.findings:(typeDetected:[POTENTIAL_VULNERABILITY, SENSITIVE_CONTENT])
scan.findings.urlscan.findings.url
Use values within quotes or backticks to find scans with THE given URL associated with the scan detection.
Examples
Find scans with a part of the given URL associated with the scan detections
scan.findings:(url:"https://www.qualys.com")
Find scans with the given URL associated with the scan detections
scan.findings:(url:`https://www.qualys.com`)
scan.findings.uuidscan.findings.uuid
Use a text value to find scans with given uuid associated with the scan detections.
Example
Find scans with given scan's detection uuid
scan.findings:(uuid:`17eeec0b2-abf4-4d7b-877a-13146ddadccf`)
scan.findings.idscan.findings.id
Use an integer value to find scans with the given scan's detection id.
Example
Find scans with given scan's detection id
scan.findings:(id:`123`)
scan.findings.vulnerability.idscan.findings.vulnerability.id
Use an integer value to find scans with given local reference of the finding as provided in the scan result.
Example
Find scans with given local reference of the finding as provided in the scan result
scan.findings:(vulnerability.id:123)
Application Tokens
Use these search tokens to find web applications.
application.activatedForModulesapplication.activatedForModules
Use a text value ##### to find web applications that are activated for certain modules: WAS and WAF.
Examples
Find web applications activated for WAF.
application.activatedForModules:WAF
Find web applications which are activated for WAS or WAF modules.
application.activatedForModules:[WAS, WAF]
application.apiEndpointTypeapplication.apiEndpointType
Use a text value ##### to find applications that have certain endpoint types: BURP_PROXY, POSTMAN, SWAGGER, NONE.
Example
Find applications that have endpoint type as POSTMAN.
application.apiEndpointType:POSTMAN
application.attribute.nameapplication.attribute.name
Use values within quotes or backticks to find applications that have the given attribute name.
Examples
Find applications which have attribute name strut associated with it
application.attribute:(name:"strut")
Find applications which have attribute name strut and value 1.0.0
application.attribute:(name:"strut" and
value:"1.0.0")
application.attribute.valueapplication.attribute.value
Use values within quotes or backticks to find applications that have the given attribute value.
Examples
Find applications which have attribute value internal associated with it
application.attribute:(value:"internal")
Find applications which have attribute value internal and name app-type
application.attribute:(value:"internal" and
name:"app-type")
application.authenticationRecord.nameapplication.authenticationRecord.name
Use values within quotes or backticks to find applications that have authentication record with a given name.
Example
Find applications which have authentication record named Default Auth Record associated with it.
application.authenticationRecord:(name:"Default
Auth Record")
application.authenticationRecord.typeapplication.authenticationRecord.type
Use a text value ##### to find applications that have authentication records of certain types: AUTH_CODE, BASIC, CERTIFICATE, CLIENT_CREDS, CUSTOM, DIGEST, IMPLICIT, NTLM, PASSWORD, SELENIUM, STANDARD.
Examples
Find applications that have STANDARD type of authentication records associated with it.
application.authenticationRecord:(type:STANDARD)
Find applications with authentication record types as STANDARD, SELENIUM, or NTLM.
application.authenticationRecord:(type:[STANDARD, SELENIUM, NTLM])
application.authenticationRecord.categoryapplication.authenticationRecord.category
Use a text value ##### to find applications that have authentication records with certain categories: FORM_RECORD, OAUTH2_RECORD, SERVER_RECORD.
Example
Find applications that have authentication record category as FORM_RECORD.
application.authenticationRecord:(category:FORM_RECORD)
Use the values true | false to find applications that have authentication record(s) with client certificate enabled.
Examples
Find applications that have authentication record(s) with client certificate enabled
application.authenticationRecord:(hasClientCertificate:true)
Find a application(s) that has client certificate enabled for none of its authentication records
application.authenticationRecord:(hasClientCertificate:false)
application.authenticationRecord.hasVaultapplication.authenticationRecord.hasVault
Use the values true | false to find applications that have vault enabled.
Examples
Find a application(s) that has vault enabled for at least one of its authentication records
application.authenticationRecord:(hasVault:true)
Find a application(s) that has vault enabled for none of its authentication records
application.authenticationRecord:(hasVault:false)
Use a date range or specific date to find applications that were created on the given date or date range.
Examples
Show applications which were created in past 6 months
asset.created:[now-6M
... now]
Show applications which were created on a specified date
asset.created:"2021-07-20"
Show applications which were created after a specified date
asset.created>"2021-06-20"
Show applications created between March 2020 to July 2021
asset.created:[2020-03-01 .. 2021-7-31]
application.dnsOverride.nameapplication.dnsOverride.name
Use values within quotes or backticks to find applications that have given name for DNS override record.
Example
Find applications that have given DNS override record associated with it.
application.dnsOverride.name:"ProdDnsRecord"
application.hasDefaultAuthRecordapplication.hasDefaultAuthRecord
Use the values true | false to find applications that have default authentication record associated with it.
Examples
Find applications which have default authentication record associated with it
application.hasDefaultAuthRecord:true
Find applications which do not have any default authentication record associated with it
application.hasDefaultAuthRecord:false
Use an integer value ##### to find application with a given ID.
Example
Find application with a given ID
asset.id:83327
application.igCountapplication.igCount
Use an integer value ##### to find applications with a specified numbers of detections for information gathered.
Examples
Find applications for which greater than 30 detections of Information Gathered type are reported
application.igCount>30
Find applications for which less than or equal to 30 detections of Information Gathered type are reported
application.igCount<=30
Find applications for which 30 detections of Information Gathered type are reported
application.igCount=30
application.isScannedapplication.isScanned
Use the values true | false to find applications by their scan status.
Examples
Show applications which are scanned at least once
application.isScanned:true
Show applications which are never scanned
application.isScanned:false
application.lastScanAuthStatusapplication.lastScanAuthStatus
Use a text value ##### to find applications by authentication status of last scan launched: NOT_USED, NO_AUTH, SUCCESS, FAILURE, PARTIAL
Examples
Find applications for which authentication failed in their last scan
application.lastScanAuthStatus:FAILURE
Find applications for which authentication is either partially or completely successful in their last scan
application.lastScanAuthStatus:[SUCCESS, PARTIAL]
application.lastScannedapplication.lastScanned
Use a date range or specific date to find applications that were last scanned on the specified date or date range.
Examples
Find applications which were last scanned in past 6 months
application.lastScanned:[now-6M .. now]
Find applications which were last scanned on a specified date.
application.lastScanned:"2021-07-20"
Find applications which were last scanned after a specified date
application.lastScanned>"2021-07-20"
Find applications last scanned between December 2020 to July 2021
application.lastScanned:[2020-12-01 .. 2021-07-31]
application.lastScanStatusapplication.lastScanStatus
Use a text value ##### to find applications by last scan status: CANCELED, CANCELED WITH RESULTS, CANCELING, ERROR, FINISHED, NO HOST ALIVE, NO WEB SERVICE, PROCESSING, RUNNING, SCAN NOT LAUNCHED, SCANNER NOT AVAILABLE, SERVICE ERRORS DETECTED, SUBMITTED, TIME LIMIT EXCEEDED, TIME LIMIT REACHED.
Note: Use the single quotation marks for the values containing reserver characters - NOT. For example, 'SCANNER NOT LAUNCHED'.
Examples
Find applications whose last scan status was ERROR
application.lastScanStatus:ERROR
Find applications whose last scan status was SCAN NOT LAUNCHED
application.lastScanStatus:'SCAN NOT LAUNCHED'
Find applications whose last scan status was either FINISHED or CANCELED
application.lastScanStatus:[FINISHED, CANCELED]
application.lastScanTypeapplication.lastScanType
Use a text value ##### to find applications by type of last scan launched: VULNERABILITY, DISCOVERY, AUTHENTICATION_TEST.
Examples
Show applications whose last scan type was VULNERABILITY
application.lastScanType:VULNERABILITY
Show applications whose last scan type was either DISCOVERY OR AUTHENTICATION_TEST
application.lastScanType:[DISCOVERY, AUTHENTICATION_TEST]
application.lastScanUriCountapplication.lastScanUriCount
Use an integer value ##### to find applications by total number of URI detected in the last scan.
Examples
Find applications which have greater than 800 URI reported in the last scan.
application.lastScanUriCount>800
Find applications which have less than or equal to 800 URI reported in the last scan
application.lastScanUriCount<=800
Find applications which have 800 URI reported in the last scan
application.lastScanUriCount:800
application.level1VulnCountapplication.level1VulnCount
Use an integer value ##### to find applications by total number level 1 confirmed vulnerabilities .
Examples
Find applications which have greater than 30 vulnerabilities of level 1 reported
application.level1VulnCount>30
Find applications which have less than or equal to 30 vulnerabilities of level 1 reported
application.level1VulnCount<=30
Find applications which have 30 vulnerabilities of level 1 reported
application.level1VulnCount:30
application.level2VulnCountapplication.level2VulnCount
Use an integer value ##### to find applications by total number level 2 confirmed vulnerabilities .
Examples
Find applications which have greater than 26 vulnerabilities of level 2 reported
application.level2VulnCount>26
Find applications which have less than or equal to 26 vulnerabilities of level 2 reported
application.level2VulnCount<=26
Find applications which have 26 vulnerabilities of level 2 reported
application.level2VulnCount:26
application.level3VulnCountapplication.level3VulnCount
Use an integer value ##### to find applications by total number level 3 confirmed vulnerabilities.
Examples
Find applications which have greater than 24 vulnerabilities of level 3 reported
application.level3VulnCount>24
Find applications which have less than or equal to 24 vulnerabilities of level 3 reported
application.level3VulnCount<=24
Find applications which have 24 vulnerabilities of level 3 reported
application.level3VulnCount:24
application.level4VulnCountapplication.level4VulnCount
Use an integer value ##### to find applications by total number level 4 confirmed vulnerabilities .
Examples
Find applications which have greater than 14 vulnerabilities of level 4 reported
application.level4VulnCount>14
Find applications which have less than or equal to 14 vulnerabilities of level 4 reported
application.level4VulnCount<=14
Find applications which have 14 vulnerabilities of level 4 reported
application.level4VulnCount:14
application.level5VulnCountapplication.level5VulnCount
Use an integer value ##### to find applications by total number level 5 confirmed vulnerabilities .
Examples
Find applications which have greater than 7 vulnerabilities of level 5 reported
application.level5VulnCount>7
Find applications which have less than or equal to 7 vulnerabilities of level 5 reported
application.level5VulnCount<=7
Find applications which have 7 vulnerabilities of level 5 reported
application.level5VulnCount:7
application.malwareMonitoringEnabledapplication.malwareMonitoringEnabled
Use the values true | false to find applications for which malware monitoring is enabled.
Examples
Show applications for which malware monitoring is enabled
application.malwareMonitoringEnabled:true
Show applications for which malware monitoring is not enabled
application.malwareMonitoringEnabled:false
Use values within quotes or backticks to find applications with a given name.
Examples
Find applications that contain parts of name
asset.name:"qualys test vulnerable app"
Find application with exact name
asset.name:`qualys test vulnerable app`
application.optionProfile.nameapplication.optionProfile.name
Use values within quotes or backticks to find applications that have given option profile configured.
Examples
Find applications that contain parts of option profile name associated with it.
application.optionProfile.name:"WAS Options"
Find applications which have the given option profile associated with it.
application.optionProfile.name:`Initial WAS Options`
application.owner.firstNameapplication.owner.firstName
Use values within quotes or backticks to find applications with owner's first name.
Example
Find applications with owner's first name as Chandler
application.owner.firstName:"Chandler"
application.owner.lastNameapplication.owner.lastName
Use values within quotes or backticks to find applications with owner's last name.
Example
Find applications with owner's last name as Chandler
application.owner.lastName:"Bing"
application.owner.usernameapplication.owner.username
Use values within quotes or backticks to find applications with owner's username.
Example
Find applications with owner's username as user_ap
application.owner.username:"user_ap"
application.progressiveScanningEnabledapplication.progressiveScanningEnabled
Use the values true | false to find applications for which progressive scanning is enabled.
Example
Find applications which have progressive scanning enabled in the configuration.
application.progressiveScanningEnabled:"true"
application.proxy.nameapplication.proxy.name
Use values within quotes or backticks to find applications that have given proxy configured.
Examples
Find applications which have given part of the given proxy name associated with it
application.proxy.name:"WEB Default Proxy"
Find applications which have given proxy associated with it
application.proxy.name:`proxy1`
application.riskapplication.risk
Use an integer value ##### to find applications with a given risk value.
Examples
Find applications which have risk greater than or equal to 4
application.risk>=4
Find applications which have risk less than 3
application.risk<3
Find applications which have risk equal to 5
application.risk:5
application.scannerApplianceapplication.scannerAppliance
Use values within quotes or backticks to find applications with a given scanner appliance configured.
Examples
Find applications which have EXTENRAL scanner configured
application.scannerAppliance:"EXTERNAL"
Find applications which have configured "Internal Scanner 01" as default scanner appliance
application.scannerAppliance:"Internal Scanner
01"
application.scannerApplianceTags.nameapplication.scannerApplianceTags.name
Use values within quotes or backticks to find applications with a given scanner tags selected.
Examples
Find applications which have scanner appliance tag named "Internal Pool 01" associated with it
application.scannerApplianceTags.name:"Internal Pool 01"
Find applications which have scanner appliance tags named "Internal Pool 01" or "Internal Pool 02" associated with it
application.scannerApplianceTags.name:["Internal Pool 01", "Internal Pool 02"]
Find applications which have scanner appliance tags named `Target` associated with it
application.scannerApplianceTags.name:`Target1'
application.scanTrustEnabledapplication.scanTrustEnabled
Use the values true | false to find applications for which WAF authentication is enabled.
Example
Find applications for which scan trust is enabled.
application.scanTrustEnabled:"true"
application.sensitiveContentCountapplication.sensitiveContentCount
Use an integer value ##### to find applications with a specified number of sensitive content reported.
Examples
Find applications which have greater than 43 total sensitive content reported
application.sensitiveContentCount>43
Find applications which have less than or equal to 43 total sensitive content reported
application.sensitiveContentCount<=43
Find applications which have 43 total sensitive content reported
application.sensitiveContentCount:43
application.severityapplication.severity
Use a text value ##### to find applications that have certain severity: HIGH, MEDIUM, LOW, NONE.
Examples
Find applications which have HIGH severity
application.severity:HIGH
Find applications which have HIGH or MEDIUM severity
application.severity:[HIGH, MEDIUM]
Use values within quotes or backticks to find applications that are associated with the specified tag(s).
Examples
Find applications which have part of the tag named "Internal P1" associated with it
tags.name:"Internal P1"
Find applications which have tag named "Dev Internal" or "Production" associated with it.
tags.name:["Dev Internal", "Production"]
Find applications which have the tag named `Target1` associated with it.
tags.name:`Target1`
application.totalVulnCountapplication.totalVulnCount
Use an integer value ##### to find applications that have specified number of total vulnerabilities.
Examples
Find applications for which total number of vulnerabilities is greater than 100
application.totalVulnCount>100
Find applications for which total number of vulnerabilities is less than or equal to 100
application.totalVulnCount<=100
Find applications applications for which total number of vulnerabilities reported is 100
application.totalVulnCount:100
application.totalMalwareVulnCountapplication.totalMalwareVulnCount
Use an integer value ##### to find applications that have specified number of total malware vulnerabilities.
Examples
Find applications for which total number of malware vulnerabilities is greater than 100
application.totalMalwareVulnCount>100
Find applications for which total number of malware vulnerabilities is less than or equal to 100
application.totalMalwareVulnCount<=100
Find applications applications for which total number of malware vulnerabilities reported is 100
application.totalMalwareVulnCount:100
Use a date range or specific date to find applications that were updated on the given date or date range.
Examples
Show applications which were updated in past 6 months
asset.updated:[now-6M
... now]
Show applications which were updated on a specified date
asset.updated:"2021-07-20"
Show applications which were updated after a specified date
asset.updated>"2021-06-20"
Show applications updated between March 2020 to July 2021
asset.updated:[2020-03-01 .. 2021-07-31]
asset.updatedBy.firstNameasset.updatedBy.firstName
Use values within quotes or backticks to find applications updated by user's first name.
Example
Find applications which are updated by the user whose first name is Chandler
asset.updatedBy.firstName:"Chandler"
asset.updatedBy.lastNameasset.updatedBy.lastName
Use values within quotes or backticks to find applications updated by user's last name.
Example
Find applications which are updated by the user whose last name is Bing
asset.updatedBy.lastName:"Bing"
asset.updatedBy.usernameasset.updatedBy.username
Use values within quotes or backticks to find applications that are updated by the specified username.
Example
Find applications which are updated by user whose username is user_ap
asset.updatedBy.username:"user_ap"
application.urlapplication.url
Use values within quotes or backticks to find applications with the specified URL.
Examples
Find applications that have given URL
application.url:"http://test.com"
Find applications that match exact value "http://test.com"
application.url:`http://test.com`
asset.riskScoreasset.riskScore
Use an interger value to find applications with the asset risk score (TruRisk™ score) value. The range is 0 to 1000.
Examples
Find applications with TruRisk™ score 500
asset.riskScore:500
Find applications with TruRisk™ score greater than 500
asset.riskScore>500
Find applications with TruRisk™ score greater than or equal to 500
asset.riskScore>=500
asset.riskScoreRangeasset.riskScoreRange
Select the range of asset risk score (TruRisk™ score) to find applications in the selected range: CRITICAL,HIGH, MEDIUM, LOW .
Example
Find applications for which TruRisk™ score value is CRITICAL
asset.riskScoreRange:CRITICAL
application.typeapplication.type
Select the type of application—API, WEBAPP.
Example
Find records that are web applications.
application.type:WEBAPP
application.scanScheduledapplication.scanScheduled
Select the value true | false to find applications for which scan is scheduled.
Example
Find applications which have the scans scheduled.
application.scanScheduled:true
application.scanScheduledTypeapplication.scanScheduledType
Select a scan type to find applications which have the selected scan scheduled: DISCOVERY, VULNERABILITY
Example
Find applications which have a discovery scans scheduled.
application.scanScheduledType:DISCOVERY
application.scannerTypeapplication.scannerType
Select a scanner type to find applications where the selected scanner appliance type is defined for scanning: EXTERNAL, INTERAL, SCANNER_TAGS.
Examples
Find applications for which External scanner appliance is selected for scanning.
application.scannerType:EXTERNAL
Find applications for which scanner appliance is selected based on tags for scanning.
application.scannerType:SCANNER_TAGS