Reference: Rule Filters

You can form the search query using the filters we provide to refine the search for actions.

ruleName

Use quotes or backticks within values to find rules with certain name.

Examples

Find rules with name

ruleName: my first rule

Find rules that contain parts of the name

ruleName: "my first rule"

Find rules that match exact value

ruleName: `my first rule`

ruleDescription

Use quotes or backticks within values to find rules with certain description.

Examples

Find rules with description

ruleDescription: this rule is used for alerting

Find rules that contain parts of the description

ruleDescription: "this rule is used for alerting"

Find rules that match exact value

ruleDescription: `this rule is used for alerting`

trigger

Use a text value ##### to find rules with a certain trigger (Single Match or Time Window Scheduled Match).

Example

Find rules with trigger

trigger: SINGLE MATCH

ruleQuery

Use quotes or backticks within values to find rules with a certain query (use Qualys Query Language).

Examples

Find rules with query

ruleQuery: asset.score

Find rules that contain parts of the query

ruleQuery: "asset.score"

Find rules that match exact value

ruleQuery: `asset.score`

createdBy

Use quotes or backticks within values to find rules created by a certain user.

Examples

Find rules created by user

createdBy: Joe Smith

Find rules that contain parts of the user name

createdBy: "Joe Smith"

Find rules that match exact value

createdBy: `Joe Smith`

createdById

Use quotes or backticks within values to find rules created by a certain user ID.

Example

Find rules created by user ID

createdById: jsmith

Find rules that contain parts of the user ID

createdById: "jsmith"

Find rules that match exact value

createdById: `jsmith`

ruleState

Use a text value ##### to find rules by a certain running state (Enabled or Disabled).

Example

Find rules with state

ruleState: ENABLED

createdDate

Use a date range or specific date to find when rules were created.

Examples

Show rules created within certain dates

createdDate: [2018-02-01 ... 2018-02-12]

Show rules created starting 2018-02-01, ending 1 month ago

createdDate: [2018-02-01 ... now-1M]

Show rules created starting 2 weeks ago, ending 1 second ago

createdDate: [now-2w ... now-1s]

Show rules created on certain date

createdDate:'2018-02-22'

updatedDate

Use a date range or specific date to find when rules were last modified.

Examples

Show rules updated within certain dates

updatedDate: [2018-02-01 ... 2018-02-12]

Show rules updated starting 2018-02-01, ending 1 month ago

updatedDate: [2018-02-01 ... now-1M]

Show rules updated starting 2 weeks ago, ending 1 second ago

updatedDate: [now-2w ... now-1s]

Show rules updated on certain date

updatedDate:'2018-02-22'

lastRun

Use a date range or specific date to find when rules were last executed.

Examples

Show rules last run within certain dates

lastRun: [2018-02-01 ... 2018-02-12]

Show rules last run starting 2018-02-01, ending 1 month ago

lastRun: [2018-02-01 ... now-1M]

Show rules last run starting 2 weeks ago, ending 1 second ago

lastRun: [now-2w ... now-1s]

Show rules last run on certain date

lastRun:'2018-02-22'

aggregate

Use the values true | false to find rules configured to aggregate multiple matches into a single output.

Example

Show aggregated rules

aggregate: TRUE

aggregationGroup

Use quotes or backticks within values to find rules aggregated into a certain group.

Examples

Find rules with aggregation group

aggregationGroup: hostname

Find rules that contain parts of the aggregation group name

aggregationGroup: "hostname"

Find rules that match exact value

aggregationGroup: `hostname`

action.message

Use quotes or backticks within values to find rules with certain text in the message (email, slack or pagerduty messages).

Examples

Find rules with message

action.message: to operations team

Find rules that contain parts of the message

action.message: "to operations team"

Find rules that match exact value

action.message: `to operations team`

action.subject

Use quotes or backticks within values to find rules with certain text in the subject (email or pagerduty subject).

Examples

Find rules with subject

action.subject: warning

Find rules that contain parts of the subject

action.subject: "warning"

Find rules that match exact value

action.subject: `warning`

action.slackChannel

Use quotes or backticks within values to find rules with certain slack channel name.

Examples

Find rules with slack channel

action.slackChannel: Sec Ops

Find rules that contain parts of the slack channel name

action.slackChannel: "Sec Ops"

Find rules that match exact value

action.slackChannel: `Sec Ops`

action.emailRecipient

Use quotes or backticks within values to find rules with certain email recipients.

Examples

Find rules with email recipient

action.emailRecipient: [email protected]

Find rule that contain parts of the email recipient

action.emailRecipient: "[email protected]"

Find rules that match exact value

action.emailRecipient: `[email protected]`

action.type

Use a text value ##### to find rules with certain action type (Email, slack or pagerduty).

Example

Find rules of action type

action.type: EMAIL

action.name

Use quotes or backticks within values to find rules with certain action name.

Examples

Find rules with action

action.name: Post to Slack Channel

Find rules that contain parts of the action name

action.name: "Post to Slack Channel"

Find rules that match exact value

action.name: `Post to Slack Channel`

 

© 2026 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: March, 2026