Qualys Query Language (QQL)
You use Qualys Query Language (QQL) for building search queries to fetch information from Qualys databases. A database query is a string of search attributes (we call them 'search tokens' or simply 'tokens') structured in the compatible syntax, which returns the targeted values. In QQL, you pick the tokens from our token repository, use a query operator, and specify the expected token values. Our robust search mechanism helps you find the relevant information about various aspects of your IT infrastructure in the context of your Qualys subscription.
Here are some of the places on the Qualys Cloud Platform from where you can create QQL queries:
-
From a Search bar on a module tab where data list is available. It can be the Vulnerabilities tab in VMDR or the Patches, the Assets, and the Jobs tabs in Patch Management or the Inventory tab in Global IT Asset Inventory module (The list is not exhaustive). For example, in VMDR, on the Vulnerabilities tab, from the total vulnerability detections in your environment, you can target only the ones with severity 5. To achieve this, you form a QQL query in the Search bar.
-
From dashboard widgets. You can build QQL queries to form a widget and visualize that data on a dashboard. You can also use QQL queries effectively to set up alert rules.
Here are some example use-cases for which you can create QQL queries:
-
You’re trying to get your IT assets listed by their operating systems or usernames.
-
You might be looking for the active agents in your subscription, which are like in thousands.
-
As a part of your patching workflow, you may want to get the details of patch exceptions and that too, only on your Windows computers.
-
You need a list of software that you installed on your assets within a specific period.
-
You are looking for a list of open ports on your machines.
-
You want to visualize your query results in the form of a table or a bar chart or a Pie chart on the Qualys Unified Dashboard.
You can achieve all this by using QQL queries. The various QQL search tokens serve like building blocks to creating queries. You can use at least one search token to create a simple query or use various combinations of tokens to form complex queries. No matter how simple or complex your search query is, you must know the QQL syntax and the best practices for a seamless search experience.
We've created the following sections as a tutorial for all of you who have access to the Qualys Cloud Platform. If you are new to database queries, start from the basics. If you've got a hang of QQL already, jump to the QQL Best Practices and learn to get smarter and quicker results from QQL.