Open Ports Search Tokens

On the Open Ports tab on the Asset Details page of the VMDR OT application, use the following tokens to search for open ports in your environment. Build your search queries by using various combinations of these tokens. Click each token for information about how to use it.

Supported Boolean operators

The Qualys Query Language (QQL) supports the following logical or Boolean query operators. Use these operators in your queries to narrow down or broaden your search.

andand

Narrow down your search by using the 'and' operator in your Boolean query. The result contains all the token values that you provide in your query.

Example

Show the open port 80 using the TCP protocol

openPorts:(port:80 and protocol:TCP)

 

notnot

Narrow down your search by using the 'not' operator in your Boolean query. The result contains all the other values except the one that you specify after 'not' in your query.

Example

Exclude open ports running Win_remote_desktop service from the search result

not openPorts.detectedService: `Win_remote_desktop`

 

oror

Broaden your search by using the 'or' operator in your Boolean query. The result contains any of the token values that you provide in your query.

Example

Show the assets with open port 80 or open port 443

openPorts.port: 80 or openPorts.port: 443

 

Search tokens

openPorts.descriptionopenPorts.description

Find the open ports based on the service description. For exact search, enclose the token value in backticks `<value>`.

Examples

Show the open ports that are related to description Windows Remote Desktop

openPorts.description: Windows Remote Desktop

Show the open ports that contain Windows, Remote, Desktop, or Windows Remote Desktop in any combination in their service description

openPorts.description: "Windows Remote Desktop"

Show the open ports having the exact text as Windows Remote Desktop in their service description

openPorts.description: `Windows Remote Desktop`

 

 

openPorts.detectedServiceopenPorts.detectedService

Find the open ports based on the service detected on them. For an exact match, enclose your token value within backticks `<value>`.

Example

Show the open ports on which the Win_remote_desktop service is detected

openPorts.detectedService: `Win_remote_desktop`

 

openPorts.lastFoundopenPorts.lastFound

Use a date range or specific date to find the open ports based on when they were last found. The token value can be a date, a date range, or a year.

Supported date formats: yyyy-MM-dd, yyyy-MM, yyyy

Examples

Show the open ports that were last found on the specified date

openPorts.lastFound: `2020-01-13`

Show the open ports that were last found within past 90 days (excluding day 90)

openPorts.lastFound > now-90d

Show the open ports that were last found within past 90 days (including day 90)

openPorts.lastFound >= now-90d

Show the open ports that were last found before past 90 days (excluding day 90)

openPorts.lastFound < now-90d

Show the open ports that were last found before past 90 days (including day 90)

openPorts.lastFound <= now-90d

Show the open ports that were last found within the specified date range

openPorts.lastFound: [2020-01-01 .. 2020-01-10]

Show the open ports that were last found from two weeks ago till a second ago

openPorts.lastFound: [now-2w .. now-1s]

 

openPorts.portopenPorts.port

Search the assets with a specific open port. You can search for a single port number or a comma-separated list of multiple port numbers enclosed in square brackets.

Examples

Show the assets with open port 80

openPorts.port: 80

Show the assets with open port 80 and 443

openPorts.port: [80, 443]

 

openPorts.protocolopenPorts.protocol

Find the open ports based on their Internet protocols.  Use the text value UDP or TCP to define the port protocol.

Examples

Show the open ports using the TCP protocol

openPorts.protocol: TCP

Show the open port 80 using the TCP protocol  

openPorts: (port: 80 and protocol: TCP)

 

For information about search tokens on the Assets tab, see Assets Search Tokens.

For information about search tokens on the Vulnerabilities tab, see Vulnerabilities Search Tokens.

For information about search tokens on the Network tab, see Network Search Tokens.

For information about search tokens on the Import Asset tab, see Import Asset Search Tokens.