Searching Asset Audit Logs

Syntax help displayed in UI for Asset Audit Log tokens. A complete list of tokens for writing search queries is provided below. Click each token to learn more about it.

asset.imeiasset.imei

Use an integer value ##### to help you find asset with a IMEI number of interest.

Example

Show findings with this IMEI #

asset.imei:359869061132382

asset.wifiMACasset.wifiMAC

Use quotes within values to help you find the Wi-Fi MAC you're looking for.

Example

Show assets with this Wi-Fi MAC Address

asset.wifiMAC:DC:E8:38:67:BC:A9

user.usernameuser.username

Use a text value #### in a quotes to find the user with username you're looking for.

Example

Show findings with this username

user.username:"administrator"

asset.nameasset.name

Use quotes or backticks within values to help you find the asset name you're looking for.

Example

Show any findings that contain parts of name

asset.name:"ACMENVT7"

Show any findings that match exact value

asset.name:`ACMENVT7`

asset.statusasset.status

Use a text value #### in a quotes to find the asset with certain status you're looking for.

Example

Show assets with this status

asset.status:"Enrolled"

asset.isLocationServicesONasset.isLocationServicesON

Use the values Yes | No in quotes to find assets with a certain location services status.

Example

Show assets with this location services status

asset.isLocationServicesON:"Yes"

asset.locationServicesStatusChangedOnasset.locationServicesStatusChangedOn

Use date range or specific date to define when assets location services status was changed.

Example

Show assets whose location services status was changed within certain dates

asset.locationServicesStatusChangedOn:[2021-01-01 ... 2021-01-02]

Show assets whose location services status was changed starting 2 weeks ago, ending 1 second ago

asset.locationServicesStatusChangedOn: [now-2w ... now-1s]

Show assets whose location services status was changed on a specific date

asset.locationServicesStatusChangedOn:"2019-02-01"

Supported Boolean Operators

The Qualys Query Language (QQL) supports the following logical or Boolean query operators. Use these operators in your queries to narrow down or broaden your search.

andand

Use a boolean query to express your query using AND logic..

Example

auditLogs.operation: edit and auditLogs.performedBy: "adminuser"

Find operations with this operation name and performed by this user.

notnot

Use a boolean query to express your query using NOT logic.

Example

not auditLogs.performedBy: "adminuser"

Show operations which are not performed by this user.

oror

Use a boolean query to express your query using OR logic.

Example

auditLogs.operation: add or auditLogs.operation: edit

Show findings with one of these operations.