Syntax help displayed in UI for Asset Audit Log tokens. A complete list of tokens for writing search queries is provided below. Click each token to learn more about it.
Example
Show findings with this IMEI #
asset.imei:359869061132382
Example
Show assets with this Wi-Fi MAC Address
asset.wifiMAC:DC:E8:38:67:BC:A9
Example
Show findings with this username
user.username:"administrator"
Example
Show any findings that contain parts of name
asset.name:"ACMENVT7"
Show any findings that match exact value
asset.name:`ACMENVT7`
Example
Show assets with this status
asset.status:"Enrolled"
asset.isLocationServicesONasset.isLocationServicesON
Example
Show assets with this location services status
asset.isLocationServicesON:"Yes"
asset.locationServicesStatusChangedOnasset.locationServicesStatusChangedOn
Example
Show assets whose location services status was changed within certain dates
asset.locationServicesStatusChangedOn:[2021-01-01
... 2021-01-02]
Show assets whose location services status was changed starting 2 weeks ago, ending 1 second ago
asset.locationServicesStatusChangedOn: [now-2w
... now-1s]
Show assets whose location services status was changed on a specific date
asset.locationServicesStatusChangedOn:"2019-02-01"
The Qualys Query Language (QQL) supports the following logical or Boolean query operators. Use these operators in your queries to narrow down or broaden your search.
Use a boolean query to express your query using AND logic..
Example
auditLogs.operation: edit and auditLogs.performedBy: "adminuser"
Find operations with this operation name and performed by this user.
Use a boolean query to express your query using NOT logic.
Example
not auditLogs.performedBy: "adminuser"
Show operations which are not performed by this user.
Use a boolean query to express your query using OR logic.
Example
auditLogs.operation: add or auditLogs.operation: edit
Show findings with one of these operations.