Traffic Summary Search Tokens
Click to view navigation pane


Traffic Summary Search Tokens in VMDR OT

On the Trafic Summary tab n the Asset Details page of the VMDR OT application, use the following tokens to search the network traffic summary. Build your search queries by using various combinations of these tokens. Click each token for information about how to use it.

Supported Boolean Operators

The Qualys Query Language (QQL) supports the following logical or Boolean query operators. Use these operators in your queries to narrow down or broaden your search.

andand

Narrow down your search by using the 'and' operator in your Boolean query. The result contains all the token values that you provide in your query.

Example

Show the network traffic with the source or destination asset as an OT device and use UDP as the transport protocol

hardware.type: `OT Device` and interfaces.transport.protocol: UDP

 

notnot

Narrow down your search by using the 'not' operator in your Boolean query. The result contains all the other values except the one that you specify after 'not' in your query.

Example

Show the network traffic that does not have the source or destination asset as an OT device

not hardware.type: OT Device

 

oror

Broaden your search by using the 'or' operator in your Boolean query. The result contains any of the token values that you provide in your query.

Examples

Show the network traffic with the source or destination asset as router or OT Device   

hardware.type: `router` or hardware.type: `OT Device`

Show the network traffic with the source asset as router or destination asset as OT Device

source.hardware.type: `router` or destination.hardware.type: `OT Device`

 

Search Tokens

traffic.applicationtraffic.application

Use a text value ##### to find assets with network traffic from a specific application.`

Example

Show assets with network traffic from BitTorrent 

traffic.application: BitTorrent

 

traffic.egresstraffic.egress

Use an integer value ##### to find network traffic based on egress traffic volume.

If the unit of network traffic is not specified with the token, the query searches the traffic volume in Bytes by default.

Examples

Show network traffic with egress traffic equal to 10 GB

traffic.egress: 10 GB

Show network traffic with egress traffic greater than 10 MB

traffic.egress > 10 MB

Show network traffic with egress traffic greater than or equal to 10 MB

traffic.egress >= 10 KB

Show network traffic with egress traffic less than 10 GB

traffic.egress < 10 GB

Show network traffic with egress traffic less than or equal to 10 MB

traffic.egress <= 10 MB

Show network traffic with egress traffic not equal to 10 KB

traffic.egress != 10 KB

Show network traffic with egress traffic equal to 1048576 Bytes

traffic.egress = 1048576

 

traffic.familytraffic.family

Use a text value ##### to find assets with network traffic of a specific family.

Example

Show assets with peer-to-peer network traffic

traffic.family: Peer to Peer

 

traffic.ingresstraffic.ingress

Use an integer value ##### to find network traffic based on ingress traffic volume.

If the unit of network traffic is not specified with the token, the query searches the traffic volume in Bytes by default.

Examples

Show network traffic with ingress traffic equal to 10 GB

traffic.ingress: 10 GB

Show network traffic with ingress traffic greater than 10 MB

traffic.ingress > 10 MB

Show network traffic with ingress traffic greater than or equal to 10 MB

traffic.ingress >= 10 KB

Show network traffic with ingress traffic less than 10 GB

traffic.ingress < 10 GB

Show network traffic with ingress traffic less than or equal to 10 MB

traffic.ingress <= 10 MB

Show network traffic with ingress traffic not equal to 10 KB

traffic.ingress!= 10 KB

Show network traffic with ingress traffic equal to 1048576 Bytes

traffic.ingress = 1048576

 

traffic.porttraffic.port

Use a integer value ##### to find assets with network traffic over a specific port.

Exampls

Show assets with network traffic over port 80

traffic.port: 80

traffic.protocoltraffic.protocol

Use a text value ##### to find assets with network traffic over a specific protocol.

Example

Show assets with network traffic over TCP

traffic.protocol: `tcp`

traffic.servicetraffic.service

Use a text value ##### to find assets with network traffic from a specific service.

Example

Show assets with traffic from HTTP

traffic.service: http

 

traffic.timestamptraffic.timestamp

Use a date range or specific date to find assets as per network traffic timestamp.

Examples

Show assets with network traffic timestamp 2019-03-18

traffic.timestamp: `2019-03-18`

Show assets with network traffic timestamp within certain dates

traffic.timestamp: [2019-01-01 .. 2019-01-15]

Show assets with network traffic timestamp starting 2019-01-15, ending 1 month ago

traffic.timestamp: [2019-01-15 .. now-1M]

Show assets with network traffic timestamp starting 2 weeks ago, ending 1 second ago

traffic.timestamp: [now-2w .. now-1s]

 

traffic.typetraffic.type

Use a text value ##### to find assets with network traffic of a specific type (client or server).

Example

Show assets with client network traffic

traffic.type: client

For information about search tokens on the Assets tab, see Assets Search Tokens.

For information about search tokens on the Vulnerabilities tab, see Vulnerabilities Search Tokens.

For information about search tokens on the Network tab, see Network Search Tokens.

For information about search tokens on the Import Asset tab, see Import Asset Search Tokens.

 

 

Was this topic helpful?

success Thank you! We're glad to hear that this topic was useful.
success We appreciate your feedback. We'll work to make this topic better for you in the future.