Old and New Search Token Mappings
The token standardization for the Qualys Query Language (QQL) search tokens follows a standard naming convention.
The new token format follows the syntax: entity.attribute
For example, in the new token, asset.id, "asset" is the entity, and "id" is the attribute.
The tokens, such as assets, open ports, vulnerabilities, networks, traffic summary, and reports, now adhere to a standardized naming convention.
- Only new tokens are displayed in the auto-suggestion in the search bars within the UI. However, if you type the old token name manually, the QQL query still works. Old token name visibility from the UI is removed.
- The existing Dashboard widgets and Saved Search Queries will continue to support the old tokens. You can edit search queries and widgets to update the new tokens.
The following is the old and new tokens mapping list:
| Old Token | New Token |
|---|---|
| addOn.hardware.vendor | addOn.hardware.manufacturer |
| asset.assetID | asset.id |
| asset.serialnumber | asset.serialNumber |
| firmwareversion | firmware.version |
| asset.orderid | asset.orderId |
| asset.created | asset.createdDate |
| asset.lastModified | asset.lastModifiedDate |
| asset.lastUpdated | asset.lastUpdatedDate |
| asset.modified | asset.isModified |
| asset.risk | asset.riskScore |
| interfaces:(address | asset.interface:(address |
| interfaces.macAddress | asset.interface:(macAddress |
| inventory.fileHash | asset.inventory.fileHash |
| inventory.fileName | asset.inventory.filename |
| interfaces.protocol | asset.interface.protocol |
| interfaces.gatewayAddress | asset.interface.gatewayAddress |
| interfaces.dnsAddress | asset.interface.dnsAddress |
| inventory.source | asset.inventory.source |
| operatingSystem | operatingSystem.name |
| purdue.level | asset.purdueLevel |
| tags.businessImpact | asset.tag.businessImpact |
| tags.id | asset.tag.id |
| tags.name | asset.tag.name |
| softwareVersion | software.version |
Vulnerability TokensVulnerability Tokens
| Old Token | New Token |
|---|---|
| vulnerabilities.vulnerability.qid | finding.vulnerability.qid |
| vulnerabilities.vulnerability.title | finding.vulnerability.title |
| vulnerabilities.vulnerability.cveIds | finding.vulnerability.cveId |
| vulnerabilities.hardware.type | finding.hardware.type |
| vulnerabilities.hardware.vendor | finding.hardware.manufacturer |
| vulnerabilities.hardware.version | finding.hardware.version |
| vulnerabilities.hardware.product | finding.hardware.product |
| vulnerabilities.hardware.model | finding.hardware.model |
| vulnerabilities.asset.type | finding.asset.type |
| vulnerabilities.severity | finding.severity |
| vulnerabilities.typeDetected | finding.typeDetected |
| vulnerabilities.vulnerability.patchAvailable | finding.vulnerability.isPatchAvailable |
| vulnerabilities.assetID | finding.asset.id |
| vulnerabilities.firmware | finding.firmware |
| vulnerabilities.firstFound | finding.firstFoundDate |
| vulnerabilities.lastFound | finding.lastFoundDate |
| vulnerabilities.status | finding.status |
| vulnerabilities.hostOS | finding.host.operatingSystem.name |
| vulnerabilities.protocol | finding.protocol |
| vulnerabilities.asset.name | finding.asset.name |
| vulnerabilities.interfaces.address | finding.asset.interface.address |
| vulnerabilities.interfaces.macaddress | finding.asset.interface.macAddress |
| vulnerabilities.vulnerability.threatIntel | finding.vulnerability.threatIntel |
| vulnerabilities.vulnerability.criticality | finding.vulnerability.criticality |
Network Search TokensNetwork Search Tokens
| Old Token | New Token |
|---|---|
| interfaces.address | asset.interface.address |
| source.interfaces.address | source.interface.address |
| destination.interfaces.address | destination.interface.address |
| interfaces.protocol | asset.interface.protocol |
| interfaces.transport.protocol | asset.interface.transport.protocol |
| destination.interfaces.port | destination.interface.port |
| interfaces.macAddress | asset.interface.macAddress |
| source.interfaces.macAddress | source.interface.macAddress |
| destination.interfaces.macAddress | destination.interface.macAddress |
Import Asset TokensImport Asset Tokens
| Old Token | New Token |
|---|---|
| file.lastUpdated | file.lastUpdatedDate |
| file.lastUpdatedUser | file.lastUpdatedBy.username |
| Old Token | New Token |
|---|---|
| createdBy | report.createdBy.username |
| report.template | report.template.name |