On the Open Ports tab on the Asset Details page of the VMDR OT application, use the following tokens to search for open ports in your environment. Build your search queries by using various combinations of these tokens. Click each token for information about how to use it.
The Qualys Query Language (QQL) supports the following logical or Boolean query operators. Use these operators in your queries to narrow down or broaden your search.
Narrow down your search by using the 'and' operator in your Boolean query. The result contains all the token values that you provide in your query.
Example
Show the open port 80 using the TCP protocol
openPorts:(port:80 and protocol:TCP)
Narrow down your search by using the 'not' operator in your Boolean query. The result contains all the other values except the one that you specify after 'not' in your query.
Example
Exclude open ports running Win_remote_desktop service from the search result
not openPorts.detectedService: `Win_remote_desktop`
Broaden your search by using the 'or' operator in your Boolean query. The result contains any of the token values that you provide in your query.
Example
Show the assets with open port 80 or open port 443
openPorts.port: 80 or openPorts.port:
443
openPorts.descriptionopenPorts.description
Find the open ports based on the service description. For exact search, enclose the token value in backticks `<value>`.
Examples
openPorts.description: Windows Remote Desktop
Show the open ports that contain Windows, Remote, Desktop, or Windows Remote Desktop in any combination in their service description
openPorts.description: "Windows Remote Desktop"
Show the open ports having the exact text as Windows Remote Desktop in their service description
openPorts.description: `Windows Remote Desktop`
openPorts.detectedServiceopenPorts.detectedService
Find the open ports based on the service detected on them. For an exact match, enclose your token value within backticks `<value>`.
Example
Show the open ports on which the Win_remote_desktop service is detected
openPorts.detectedService: `Win_remote_desktop`
openPorts.lastFoundopenPorts.lastFound
Use a date range or specific date to find the open ports based on when they were last found. The token value can be a date, a date range, or a year.
Supported date formats: yyyy-MM-dd, yyyy-MM, yyyy
Examples
Show the open ports that were last found on the specified date
openPorts.lastFound: `2020-01-13`
Show the open ports that were last found within past 90 days (excluding day 90)
openPorts.lastFound > now-90d
Show the open ports that were last found within past 90 days (including day 90)
openPorts.lastFound >= now-90d
Show the open ports that were last found before past 90 days (excluding day 90)
openPorts.lastFound < now-90d
Show the open ports that were last found before past 90 days (including day 90)
openPorts.lastFound <= now-90d
Show the open ports that were last found within the specified date range
openPorts.lastFound: [2020-01-01 .. 2020-01-10]
Show the open ports that were last found from two weeks ago till a second ago
openPorts.lastFound: [now-2w .. now-1s]
Search the assets with a specific open port. You can search for a single port number or a comma-separated list of multiple port numbers enclosed in square brackets.
Examples
S
how the assets with open port 80
openPorts.port: 80
Show the assets with open port 80 and 443
openPorts.port: [80, 443]
openPorts.protocolopenPorts.protocol
Find the open ports based on their Internet protocols. Use the text value UDP or TCP to define the port protocol.
Examples
Show the open ports using the TCP protocol
openPorts.protocol: TCP
Show the open port 80 using the TCP protocol
openPorts: (port: 80 and protocol: TCP)
For information about search tokens on the Assets tab, see Assets Search Tokens.
For information about search tokens on the Vulnerabilities tab, see Vulnerabilities Search Tokens.
For information about search tokens on the Network tab, see Network Search Tokens.
For information about search tokens on the Import Asset tab, see Import Asset Search Tokens.