Old New Search Token Mappings
The token standardization for the Qualys Query Language (QQL) search tokens follows a standard naming convention.
The new token format follows the syntax: entity.attribute
For example, in the new token, policy.createdDate, policy is the entity, and createdDate is the attribute.
The assets, EULA, APNS, Audit log, control, jobs, policy, user, VMDR mobile tokens, and the tokens common to all Qualys applications are now updated.
- Only the new tokens are displayed in the auto-suggestion in the search bars within the UI. However, if you type the old token name manually, the QQL query still works. Old token names' visibility from the UI is removed.
- The existing Dashboard widgets and Saved Search Queries will continue to support the old tokens. You can edit search queries and widgets to update the new tokens.
- The API endpoints that use QQL tokens in the queries will work with the old tokens. You can edit the API query to include the new tokens.
The following is the old and new tokens mapping list:
VMDR Asset Mobile TokenVMDR Asset Mobile Token
| Old Token | New Token |
|---|---|
| inventory.created | asset.inventory.createdDate |
| asset.assetID | asset.id |
| asset.tag | asset.tag.name |
| accounts.username | account.username |
| asset.lastSeen | asset.lastSeenDate |
| asset.simICCID | asset.simIccid |
| asset.wifiIPAddress | asset.wifiIpAddress |
| asset.wifiMAC | asset.wifiMac |
| application.installedOn | application.installedDate |
| application.hash.MD5 | application.hash.md5 |
| application.hash.SHA1 | application.hash.sha1 |
| application.hash.SHA256 | application.hash.sha256 |
| application.isScreenReaderEnable | application.isScreenReaderEnabled |
| Old Token | New Token |
|---|---|
| eula.created | eula.createdDate |
| eula.modified | eula.updatedDate |
| eula.modifiedBy | eula.updatedBy.username |
| eula.createdBy | eula.createdBy.username |
| Old Token | New Token |
|---|---|
| apns.uploadedOn | apns.uploadedDate |
| apns.appleID | apns.appleId |
| apns.validTill | apns.validTillDate |
Audit Log TokenAudit Log Token
| Old Token | New Token |
|---|---|
| auditLogs.performed | auditLogs.performedDate |
| auditLogs.performedBy | auditLogs.performedBy.username |
| Old Token | New Token |
|---|---|
| control.cid | control.id |
| control.evaluatedOn | control.evaluatedDate |
| control.lastEvaluatedOn | control.lastEvaluatedDate |
| control.firstEvaluated | control.firstEvaluatedDate |
| control.reOpenedOn | control.reopenedDate |
| control.createdBy | control.createdBy.username |
| control.modifiedBy | control.modifiedBy.username |
| control.createdOn | control.createdDate |
| control.modifiedOn | control.modifiedDate |
| Old Token | New Token |
|---|---|
| job.created | job.createdDate |
| job.sent | job.sentDate |
| job.tag | job.tag.name |
| job.assetStatus | job.asset.status |
| Old Tokens | New Token |
|---|---|
| policy.createdBy | policy.craetedBy.username |
| policy.modifiedBy | policy.updatedBy.username |
| policy.createdOn | policy.createdDate |
| policy.modifiedOn | policy.updatedDate |
| Old Tokens | New Token |
|---|---|
| user.created | user.createdDate |
| user.tag | user.tag.name |
VMDR Mobile Standard MappingVMDR Mobile Standard Mapping
| Old Token | New Token | Finding Token |
|---|---|---|
| vulnerabilities.found | vulnerabilities.isFound | finding.isFound |
| vulnerabilities.lastFound | vulnerabilities.lastFoundDate | finding.lastFoundDate |
| vulnerability.severity | NA | finding.severity |
| vulnerability.status | NA | finding.status |
| vulnerability.typeDetected | NA | finding.typeDetected |
| vulnerabilities.vulnerability.qid | NA | finding.vulnerability.qid |
| vulnerabilities.vulnerability.category | NA | finding.vulnerability.category |
| vulnerabilities.vulnerability.title | NA | finding.vulnerability.title |
| vulnerabilities.firstFound | vulnerabilities.firstFoundDate | finding.firstFoundDate |
| vulnerabilities.assetName | NA | finding.asset.name |
| vulnerabilities.assetOS | vulnerabilities.host.operatingSystem.name | finding.hostOpeartingSystem.name |
| vulnerabilities.vulnerability.cveids | vulnerabilities.vulnerability.cveId | finding.vulnerability.cveld |
| vulnerabilities.vulnerability.cvss3Info.baseScore | vulnerabilities.vulnerability.cvss3BaseScore | finding.vulnerability.cvss3BaseScore |
| vulnerabilities.vulnerability.cvss3Info.temporalScore | vulnerabilities.vulnerability.cvss3TemporalScore | finding.vulnerability.cvss3TemporalScore |
| vulnerabilities.vulnerability.description | NA | finding.vulnerability.description |
| vulnerabilities.vulnerability.published | vulnerabilities.vulnerability.publishedDate | finding.vulnerability.publishedDate |
| vulnerabilities.vulnerability.solution | NA | finding.vulnerability.solution |
| vulnerabilities.vulnerability.updated | vulnerabilities.vulnerability.updatedDate | finding.vulnerability.updatedDate |
| vulnerabilities.vulnerability.vendorRefs | vulnerabilities.vulnerability.vendorRef | finding.vulnerability.vendorRef |
| vulnerabilities.vulnerability.vendors.productName | vulnerabilities.vulnerability.vendorProductName | finding.vulnerability.vendorProductName |
| vulnerabilities.vulnerability.vendors.vendorName | vulnerabilities.vulnerability.vendorName | finding.vulnerability.vendorName |
| vulnerabilities.vulnerability.risk | NA | finding.vulnerability.risk |
| vulnerabilities.vulnerability.supportedBy | vulnerabilities.vulnerability.supportedBy.serviceName | finding.vulnerability.supportedBy.serviceName |
| vulnerabilities.vulnerability.consequence | NA | finding.vulnerability.consequence |
| vulnerabilities.isPatchable | NA | finding.isPatchable |
| vulnerabilities.vulnerability.releasedOn | vulnerabilities.vulnerability.releasedDate | finding.vulnerability.releaseDate |
| vulnerabilities.vulnerability.type | NA | finding.vulnerability.type |
| vulnerabilities.vulnerability.cve.severity | NA | finding.vulnerability.cve.severity |