Traffic Summary Search Tokens
Click to view navigation pane


Traffic Summary Search Tokens in VMDR OT

On the Trafic Summary tab n the Asset Details page of the VMDR OT application, use the following tokens to search the network traffic summary. Build your search queries by using various combinations of these tokens. Click each token for information about how to use it.

Supported Boolean Operators

The Qualys Query Language (QQL) supports the following logical or Boolean query operators. Use these operators in your queries to narrow down or broaden your search.

andand

Narrow down your search by using the 'and' operator in your Boolean query. The result contains all the token values that you provide in your query.

Example

Show the network traffic with the source or destination asset as an OT device and use UDP as the transport protocol

hardware.type: `OT Device` and interfaces.transport.protocol: UDP

 

notnot

Narrow down your search by using the 'not' operator in your Boolean query. The result contains all the other values except the one that you specify after 'not' in your query.

Example

Show the network traffic that does not have the source or destination asset as an OT device

not hardware.type: OT Device

 

oror

Broaden your search by using the 'or' operator in your Boolean query. The result contains any of the token values that you provide in your query.

Examples

Show the network traffic with the source or destination asset as router or OT Device   

hardware.type: `router` or hardware.type: `OT Device`

Show the network traffic with the source asset as router or destination asset as OT Device

source.hardware.type: `router` or destination.hardware.type: `OT Device`

 

Search Tokens

traffic.applicationtraffic.application

Use a text value ##### to find assets with network traffic from a specific application.`

Example

Show assets with network traffic from BitTorrent 

traffic.application: BitTorrent

 

traffic.familytraffic.family

Use a text value ##### to find assets with network traffic of a specific family.

Example

Show assets with peer-to-peer network traffic

traffic.family: Peer to Peer

 

traffic.porttraffic.port

Use a integer value ##### to find assets with network traffic over a specific port.

Exampls

Show assets with network traffic over port 80

traffic.port: 80

traffic.protocoltraffic.protocol

Use a text value ##### to find assets with network traffic over a specific protocol.

Example

Show assets with network traffic over TCP

traffic.protocol: `tcp`

traffic.servicetraffic.service

Use a text value ##### to find assets with network traffic from a specific service.

Example

Show assets with traffic from HTTP

traffic.service: http

 

traffic.timestamptraffic.timestamp

Use a date range or specific date to find assets as per network traffic timestamp.

Examples

Show assets with network traffic timestamp 2019-03-18

traffic.timestamp: `2019-03-18`

Show assets with network traffic timestamp within certain dates

traffic.timestamp: [2019-01-01 .. 2019-01-15]

Show assets with network traffic timestamp starting 2019-01-15, ending 1 month ago

traffic.timestamp: [2019-01-15 .. now-1M]

Show assets with network traffic timestamp starting 2 weeks ago, ending 1 second ago

traffic.timestamp: [now-2w .. now-1s]

 

traffic.typetraffic.type

Use a text value ##### to find assets with network traffic of a specific type (client or server).

Example

Show assets with client network traffic

traffic.type: client

For information about search tokens on the Assets tab, see Assets Search Tokens.

For information about search tokens on the Vulnerabilities tab, see Vulnerabilities Search Tokens.

For information about search tokens on the Network tab, see Network Search Tokens.

For information about search tokens on the Import Asset tab, see Import Asset Search Tokens.

 

 

Was this topic helpful?

success Thank you! We're glad to hear that this topic was useful.
success We appreciate your feedback. We'll work to make this topic better for you in the future.