The query evaluation of the QQL is based on the indexing. Asset indexing stores the asset related information such as, host id, asset id, softwares, and much more. Similarly, the vulnerabilities indexing stores vulnerabilities related information. Each application has different search indexing context.
For example, the Vulnerability Management application lists all the detections for the assets that are activated for this application. If there are 200 assets with 4000 detections, the asset query search will include all the indexing criterias added in the asset indexing. Similarly, vulnerabilities search query will list down the detections on those 200 assets.
Following screenshot displays Asset Query with Display results as Asset:
Following screenshot displays Asset Query with Display results as Vulnerability: