Old and New Search Token Mappings

The token standardization for the Qualys Query Language (QQL) search tokens follows a standard naming convention.

The new token format follows the syntax: entity.attribute
For example, in the new token finding.firstFoundDate, here finding is the entity, and firstFoundDate is the attribute. 

The Vulnerabilities, Asset, Asset Inventory, and AWS EC2 tokens, along with the tokens common to all Qualys applications, are now updated. 

Only the new tokens are displayed in the auto-suggestion in the search bars within the UI. However, if you type the old token name manually, the QQL query still works. The visibility of old token names in the UI is removed. 

The existing Dashboard widgets and Saved Search Queries will continue to support the old tokens. You can edit search queries and widgets to update the new tokens.

The following is the old and new tokens mapping list:

Vulnerability TokensVulnerability Tokens

Old Token Name New Token Name
vulnerabilities.vulnerability.cveIds vulnerabilities.vulnerability.cveId
vulnerabilities.vulnerability.bugTraqIds vulnerabilities.vulnerability.bugTraqId
vulnerabilities.vulnerability.discoveryTypes vulnerabilities.vulnerability.discoveryType
vulnerabilities.ttr.firstFound vulnerabilities.ttr.firstFoundDate
vulnerabilities.vulnerability.authTypes vulnerabilities.vulnerability.authType
vulnerabilities.vulnerability.supportedBy vulnerabilities.vulnerability.supportedBy.serviceName
vulnerabilities.vulnerability.os vulnerabilities.vulnerability.operatingSystem.name
vulnerabilities.vulnerability.vendorRefs vulnerabilities.vulnerability.vendorRef
vulnerabilities.vulnerability.patchAvailable vulnerabilities.vulnerability.isPatchAvailable
vulnerabilities.vulnerability.cvss2Info.baseScore vulnerabilities.vulnerability.cvss2BaseScore
vulnerabilities.vulnerability.cvss2Info.temporalScore vulnerabilities.vulnerability.cvss2TemporalScore
vulnerabilities.vulnerability.cvss2Info.accessVector vulnerabilities.vulnerability.cvss2AccessVector
vulnerabilities.vulnerability.cvss3_1Info.baseScore vulnerabilities.vulnerability.cvss3BaseScore
vulnerabilities.vulnerability.cvss3_1Info.temporalScore vulnerabilities.vulnerability.cvss3TemporalScore
vulnerabilities.vulnerability.vendors.productName vulnerabilities.vulnerability.vendorProductName
vulnerabilities.vulnerability.vendors.vendorName vulnerabilities.vulnerability.vendorName
 vulnerabilities.vulnerability.flags vulnerabilities.vulnerability.flag
 vulnerabilities.firstFound vulnerabilities.firstFoundDate
 vulnerabilities.lastFound vulnerabilities.lastFoundDate
 vulnerabilities.found vulnerabilities.isFound
 vulnerabilities.hostOS vulnerabilities.host.operatingSystem.name
 vulnerabilities.hostAssetName vulnerabilities.host.asset.name
 vulnerabilities.vulnerability.published vulnerabilities.vulnerability.publishedDate
 vulnerabilities.ignored vulnerabilities.isIgnored
 vulnerabilities.disabled vulnerabilities.isDisabled
 vulnerabilities.vulnerability.lists vulnerabilities.vulnerability.list
 vulnerabilities.vulnerability.updated vulnerabilities.vulnerability.updatedDate
 vulnerabilities.vulnerability.patchReleased vulnerabilities.vulnerability.patchReleasedDate
 vulnerabilities.vulnerability.rebootRequired vulnerabilities.vulnerability.isRebootRequired
 vulnerabilities.lastFixed vulnerabilities.lastFixedDate
 vulnerabilities.qualysPatchable vulnerabilities.isQualysPatchable
 vulnerabilities.qualysMitigable vulnerabilities.isQualysMitigable
vulnerabilities.vulnerability.threatIntel.activeAttacks vulnerabilities.vulnerability.threatIntel.isActiveAttack
vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns vulnerabilities.vulnerability.threatIntel.isCisaKnownExploitedVuln
vulnerabilities.vulnerability.threatIntel.denialOfService vulnerabilities.vulnerability.threatIntel.isDenialOfService
vulnerabilities.vulnerability.threatIntel.easyExploit vulnerabilities.vulnerability.threatIntel.isEasyExploit
vulnerabilities.vulnerability.threatIntel.highDataLoss vulnerabilities.vulnerability.threatIntel.isHighDataLoss
vulnerabilities.vulnerability.threatIntel.highLateralMovement vulnerabilities.vulnerability.threatIntel.isHighLateralMovement
vulnerabilities.vulnerability.threatIntel.malware vulnerabilities.vulnerability.threatIntel.isMalware
vulnerabilities.vulnerability.threatIntel.noPatch vulnerabilities.vulnerability.threatIntel.hasNoPatch
vulnerabilities.vulnerability.threatIntel.predictedHighRisk vulnerabilities.vulnerability.threatIntel.isPredictedHighRisk
vulnerabilities.vulnerability.threatIntel.privilegeEscalation vulnerabilities.vulnerability.threatIntel.isPrivilegeEscalation
vulnerabilities.vulnerability.threatIntel.publicExploit vulnerabilities.vulnerability.threatIntel.isPublicExploit
vulnerabilities.vulnerability.threatIntel.ransomware vulnerabilities.vulnerability.threatIntel.isRansomware
vulnerabilities.vulnerability.threatIntel.remoteCodeExecution vulnerabilities.vulnerability.threatIntel.isRemoteCodeExecution
vulnerabilities.vulnerability.threatIntel.solorigateSunburst vulnerabilities.vulnerability.threatIntel.isSolorigateSunburst
vulnerabilities.vulnerability.threatIntel.unauthenticatedExploitation vulnerabilities.vulnerability.threatIntel.isUnauthenticatedExploitation
vulnerabilities.vulnerability.threatIntel.wormable vulnerabilities.vulnerability.threatIntel.isWormable
vulnerabilities.vulnerability.threatIntel.zeroDay vulnerabilities.vulnerability.threatIntel.isZeroDay
vulnerabilities.riskFactor.cisaKnownExploits vulnerabilities.riskFactor.isCisaKnownExploit
vulnerabilities.mitigated vulnerabilities.isMitigated

Asset TokensAsset Tokens

Old Token Name New Token Name
tags.name asset.tag.name
tags.businessImpact asset.tag.businessImpact
connectors.connector.name connector.name
system.biosDescription asset.biosDescription
system.manufacturer hardware.manufacturer
system.model hardware.model
system.totalMemory asset.totalMemory
system.timezone asset.timezone
software.installedDate software.installDate
openPorts.port openPorts:(port
openPorts.protocol openPorts:(protocol
services.name service.name
services.description service.description
accounts.username account.username
interfaces.dnsAddress asset.interface.dnsAddress
operatingSystem operatingSystem.name
name asset.name
updated asset.lastUpdatedDate
created asset.createdDate
netbiosName asset.netbiosName
system.lastBoot asset.lastBootDate
interfaces.hostname asset.interface.hostname
interfaces.macAddress asset.interface.macAddress
interfaces.address asset.interface.address
services.status service.status
software.firstFound software.firstFoundDate
software.lastUpdated software.lastUpdatedDate
openPorts.firstFound openPorts:(firstFound
openPorts.lastUpdated openPorts:(lastUpdated
volumes.name volume.name
volumes.size volume.size
volumes.free volume.free
activatedForModules sensor.activatedForModules
pendingActivationForModules sensor.pendingActivationForModules
openPorts.detectedService openPorts:(detectedService
openPorts.description openPorts:(description
interfaces.interfaceName asset.interface.name
interfaces.gatewayAddress asset.interface.gatewayAddress
lastLoggedOnUser asset.lastLoggedOnUser
agent.agentID agent.id
assetId asset.id
agent.lastInventory agent.lastInventoryDate
agent.lastCheckedIn agent.lastCheckedInDate
lastFullScan sensor.lastFullScanDate
lastComplianceScanDate sensor.lastComplianceScanDate
lastVmScanDate sensor.lastVmScanDate
lastVmScanDateScanner sensor.lastVmScannerScanDate
lastVmScanDateAgent sensor.lastVmAgentScanDate
lastPcScanDateScanner sensor.lastPcScannerScanDate
lastPcScanDateAgent sensor.lastPcAgentScanDate
sensors.firstEasmScanDate sensor.firstEasmScanDate
sensors.lastEasmScanDate sensor.lastEasmScanDate
cpuCount asset.cpuCount
vulnerabilities asset.vulnerabilities.count
isDockerHost docker.isHost
docker.dockerVersion docker.version
agent.lastActivity agent.lastActivityDate
trackingMethod asset.trackingMethod
qid vulnerabilities.qid
connectors.lastDiscovered connector.lastFoundDate
connectors.firstDiscovered connector.firstFoundDate
connectors.connectorId connector.id
qualysCorrelationID agent.qualysCorrelationId
criticalityScore asset.criticalityScore
vmManifestVersion asset.vmManifestVersion
pcManifestVersion asset.pcManifestVersion
udcManifestVersion asset.udcManifestVersion
middlewareManifestVersion asset.middlewareManifestVersion
scaManifestVersion asset.scaManifestVersion
agentPlatform agent.platform
riskScore asset.truRisk
software.firstFound software.firstFoundDate
software.lastUpdated software.lastUpdatedDate
software.installedDate software.installDate
operatingSystem.osId operatingSystem.id
lastLocation.name asset.lastLocation.name
lastLocation.continent asset.lastLocation.continent
lastLocation.country asset.lastLocation.country
lastLocation.city asset.lastLocation.city
lastLocation.postal asset.lastLocation.postal
lastLocation.state asset.lastLocation.state
processors.numberOfCpu processor.noOfCpu
processors.description processor.description
processors.speed processor.speed
processors.threadsPerCore processor.threadsPerCore
processors.coresPerSocket processor.coresPerSocket
processors.numberOfSockets processor.noOfSockets
processors.multithreadingStatus processor.multiThreadingStatus

Asset Inventory TokensAsset Inventory Tokens

Old Token Name New Token Name
easm.tags.name easm.tag.name

AWS EC2 TokensAWS EC2 Tokens

Old Token Name New Token Name
aws.ec2.privateDNS aws.ec2.privateDns
aws.ec2.publicDNS aws.ec2.publicDns
aws.tags aws.tag
aws.tags.key aws.tag:(key
aws.tags.value aws.tag:(value
azure.tags azure.tag
azure.tags.name azure.tag.name
azure.tags.value azure.tag.value
ibm.tags.name ibm.tag.name
ibm.tags.value ibm.tag.value
provider cloud.provider
oci.compute.ociId oci.compute.id
oci.tags.key oci.tag.key
oci.tags.namespace oci.tag.namespace
oci.tags.type oci.tag.type
oci.tags.value oci.tag.value
oci.tags oci.tag
alibaba.instance.region.code alibaba.instance.regionCode
alibaba.instance.region.name alibaba.instance.regionName

 

© 2026 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: March, 2026