Vulnerabilities Search Tokens in VMDR OT
On the Vulnerabilities tab of the VMDR OT application, use the following tokens to search the passively discovered vulnerabilities for the assets in your inventory. Build your search queries by using various combinations of these tokens. Click each token for information about how to use it.
Supported Boolean Operators
The Qualys Query Language (QQL) supports the following logical or Boolean query operators. Use these operators in your queries to narrow down or broaden your search.
Narrow down your search by using the 'and' operator in your Boolean query. The result contains all the token values that you provide in your query.
Example
Show HIGH criticality vulnerabilities detected on assets running Windows 2012 operating system
vulnerabilities.vulnerability.criticality: HIGH
and vulnerabilities.hostOS: `Windows 2012`
Narrow down your search by using the 'not' operator in your Boolean query. The result contains all the other values except the one that you specify after 'not' in your query.
Examples
Exclude potential vulnerabilities from search results
not vulnerabilities.typeDetected: Potential
Show the vulnerabilities detected on Windows 2012 assets but exclude the vulnerabilities with the criticality level LOW from this search condition
not vulnerabilities.vulnerability.criticality: LOW
and vulnerabilities.hostOS: `Windows2012`
Broaden your search by using the 'or' operator in your Boolean query. The result contains any of the token values that you provide in your query.
Example
Show the vulnerabilities detected on either of the Windows versions
vulnerabilities.hostOS: `Windows 2012`
or vulnerabilities.hostOS: `Windows2012 R2`
Search Tokens
vulnerabilities.asset.namevulnerabilities.asset.name
Use the asset name as the token value to find vulnerabilities detected on a particular asset. For exact search, enclose the token value in backticks `<value>`.
Examples
Show the vulnerabilities detected on assets name related to Car Assembly
vulnerabilities.asset.name: Car Assembly
Show the vulnerabilities detected on assets containing Car or Assembly or both in their names.
vulnerabilities.asset.name: “Car Assembly”
Show the vulnerabilities detected on the asset with the name ACMENVT7.
vulnerabilities.asset.name: `ACMENVT7`
vulnerabilities.asset.typevulnerabilities.asset.type
Find the vulnerabilities on the assets by asset type. For exact search, enclose the token value in backticks `<value>`.
Example
Show the vulnerabilities that are detected on PLC (Programmable Logic Controllers)
vulnerabilities.asset.type: `PLC`
vulnerabilities.assetIDvulnerabilities.assetID
Use an asset ID as the token value to find the vulnerabilities detected on a particular asset. An asset ID is the Qualys asset ID (UUID) assigned by an agent or by a scanner appliance in case of Agentless Tracking. For exact search, enclose the token value in backticks `<value>`. You can search for an asset ID or a comma-separated list of multiple asset IDs enclosed in square brackets.
Examples
Show the vulnerabilities detected on the asset having UUID 56863af6-301e-3788-aa95-95b5f844ad2a
vulnerabilities.assetID: `56863af6-301e-3788-aa95-95b5f844ad2a`
Show the vulnerabilities detected on the specified assets
vulnerabilities.assetID: [25f90e1a-625c-3b79-b13d-ab2b46bed55a, 6b7e8400-167b-3596-a712-78377f16d3f7]
vulnerabilities.firmwarevulnerabilities.firmware
Find the vulnerabilities based on a firmware version of the assets. For exact search, enclose the token value in backticks `<value>`. You can search for a single firmware version or a comma-separated list of firmware versions enclosed in square brackets.
Examples
Show the vulnerabilities detected on assets having firmware version 30.1
vulnerabiliites.firmware: `30.1`
Show the vulnerabilities detected on the assets having the specified firmware versions
vulnerabiliites.firmware: [4.003, 2.6.1]
vulnerabilities.firstFoundvulnerabilities.firstFound
Use a date range or specific date to find the vulnerabilities found on the asset for the first time.
Supported date formats: yyyy-MM-dd,yyyy-MM, yyyy
Examples
Show the vulnerabilities that were found for the first time on the specified date
vulnerabilities.firstFound: `2020-01-13`
Show the vulnerabilities that were found for the first time within past 90 days (excluding day 90)
vulnerabilities.firstFound > now-90d
Show the vulnerabilities that were found for the first time within past 90 days (including day 90)
vulnerabilities.firstFound >= now-90d
Show the vulnerabilities that were found for the first time before past 90 days (excluding day 90)
vulnerabilities.firstFound < now-90d
Show the vulnerabilities that were found for the first time before past 90 days (including day 90)
vulnerabilities.firstFound <= now-90d
Show the vulnerabilities that were found for the first time within the specified date range
vulnerabilities.firstFound: [2020-01-01 .. 2020-01-10]
Show the vulnerabilities that were found for the first time from two weeks ago till a second ago
vulnerabilities.firstFound: [now-2w .. now-1s]
vulnerabilities.hardware.modelvulnerabilities.hardware.model
Find the vulnerabilities on assets by their hardware model name. For exact search, enclose the token value in backticks `<value>`. You can search for a single hardware model name or specify a comma-separated list of hardware models enclosed in square brackets.
Examples
Show the vulnerabilities detected on the assets having the specified hardware model
vulnerabilities.hardware.model: `6ES7511-1AK01-0AB0`
Show the vulnerabilities detected on assets having the specified hardware models
vulnerabilities.hardware.model: [1766-L32BXBA, 6ES7511-1AK01-0AB0]
vulnerabilities.hardware.productvulnerabilities.hardware.product
Find the vulnerabilities on the assets by their hardware product name. For exact search, enclose the token value in backticks `<value>`.
Examples
Show the vulnerabilities detected on assets related to the hardware product name.
vulnerabilities.hardware.product: Allen-Bradley FLEX I/O EtherNet/IP Adapter Module
Show the vulnerabilities detected on assets containing any part of the hardware product name
vulnerabilities.hardware.product: “Allen-Bradley FLEX I/O EtherNet/IP Adapter Module”
Show the vulnerabilities detected on assets having Allen-Bradley FLEX I/O EtherNet/IP Adapter Module as their hardware product
vulnerabilities.hardware.product: `Allen-Bradley FLEX I/O EtherNet/IP Adapter Module`
vulnerabilities.hardware.typevulnerabilities.hardware.type
Find the vulnerabilities on the assets by their hardware type. For exact search, enclose the token value in backticks `<value>`.
Example
Show the vulnerabilities identified on the PLC assets
vulnerabilities.hardware.type: `PLC`
vulnerabilities.hardware.vendorvulnerabilities.hardware.vendor
Find the vulnerabilities on assets by their hardware vendor. For exact search, enclose the token value in backticks `<value>`.
Examples
Show the vulnerabilities detected on assets related to hardware vendor Schneider Electric
vulnerabilities.hardware.vendor: Schneider Electric
Show the vulnerabilities detected on assets that contain Schneider or Electric, or both in their hardware vendor name
vulnerabilities.hardware.vendor: “Schneider Electric”
Show the vulnerabilities detected on assets having Siemens as their hardware vendor
vulnerabilities.hardware.vendor: `Siemens`
vulnerabilities.hardware.versionvulnerabilities.hardware.version
Find the vulnerabilities on the assets by their hardware version. For exact search, enclose the token value in backticks `<value>`. You can search a single hardware version or a comma-separated list of hardware versions enclosed in square brackets.
Examples
Show the vulnerabilities detected on assets having hardware version 5
vulnerabilities.hardware.version: `5`
Show the vulnerabilities detected on assets having the specified hardware versions
vulnerabilities.hardware.version: [3, 5]
vulnerabilities.hostOSvulnerabilities.hostOS
Find the vulnerabilities identified on a particular host operating system. For exact search, enclose the token value in backticks `<value>`.
Examples
Show the vulnerabilities identified on assets related to Windows 2012
vulnerabilities.hostOS: Windows 2012
Show the vulnerabilities identified on assets running any version of Windows Server 2012 (for example, Standard, Enterprise Edition, Datacenter) with any service pack installed
vulnerabilities.hostOS: “Windows 2012”
Show the vulnerabilities identified on assets running Windows 2012
vulnerabilities.hostOS: `Windows 2012`
vulnerabilities.interfaces.addressvulnerabilities.interfaces.address
Use an IP address as the token value to find vulnerabilities detected on that interface. You can search a single IP address or a comma-separated list of IP addresses enclosed in square brackets.
Examples
Show the vulnerabilities detected on the specified interface address
vulnerabilities.interfaces.address: 192.168.1.10
Show the vulnerabilities detected on the specified IP address range
vulnerabilities.interfaces.address: [172.168.0.1..192.168.1.51]
vulnerabilities.interfaces.macaddressvulnerabilities.interfaces.macaddress
Use MAC address as the token value to find vulnerabilities detected on a specific interface. For exact search, enclose the token value in backticks `<value>`.
Example
Show the vulnerabilities detected on the specified MAC address
vulnerabilities.interfaces.macaddress: `5C-88-16-A9-73-5A`
vulnerabilities.lastFoundvulnerabilities.lastFound
Use a date range or specific date to find the vulnerabilities found last time on the asset .
Supported date formats: yyyy-MM-dd,yyyy-MM, yyyy
Examples
Show the vulnerabilities last found on the specified date
vulnerabilities.lastFound: `2020-01-13`
Show the vulnerabilities last found within past 90 days (excluding day 90)
vulnerabilities.lastFound > now-90d
Show the vulnerabilities last found within past 90 days (including day 90)
vulnerabilities.lastFound >= now-90d
Show the vulnerabilities last found before past 90 days (excluding day 90)
vulnerabilities.lastFound < now-90d
Show the vulnerabilities last found before past 90 days (including day 90)
vulnerabilities.lastFound <= now-90d
Show the vulnerabilities last found within the specified date range
vulnerabilities.lastFound: [2020-01-01 .. 2020-01-10]
Show the vulnerabilities last found from two weeks ago till a second ago
vulnerabilities.lastFound: [now-2w .. now-1s]
vulnerabilities.protocolvulnerabilities.protocol
Find the vulnerabilities on assets having a specific discovery protocol. Assets are inventoried in Qualys VMDR OT by using ICS protocols. For exact search, enclose the token value in backticks `<value>`.
Examples
Show the vulnerabilities detected on assets having Modbus TCP discovery protocol
vulnerabilities.protocol: `Modbus TCP`
Show the vulnerabilities detected on assets having Ethernet/IP discovery protocol
vulnerabilities.protocol: `ENIP`
vulnerabilities.severityvulnerabilities.severity
Find vulnerabilities by their severity levels. Choose the severity level from 1 to 5 from the available option.
Example
Show the vulnerabilities having a severity level of 5
vulnerabilities.severity: 5
vulnerabilities.statusvulnerabilities.status
Find the vulnerabilities by their status. Choose the status from the available options (ACTIVE, FIXED, NEW, REOPENED).
Examples
Show the vulnerabilities detected for the first time by a scan
vulnerabilities.status: NEW
Show the vulnerabilities that are verified by the recent scan as fixed
vulnerabilities.status: FIXED
vulnerabilities.typeDetectedvulnerabilities.typeDetected
Find the vulnerabilities based on their detection type. Choose the type from the available options (Confirmed, Information, Potential).
Example
Show the vulnerabilities of the type Confirmed
vulnerabilities.typeDetected: Confirmed
vulnerabilities.vulnerability.criticalityvulnerabilities.vulnerability.criticality
Find the assets with vulnerabilities according to their criticality level. Choose the criticality level from the available options (CRITICAL, HIGH, MEDIUM, LOW, NONE).
Examples
Show the vulnerabilities with HIGH criticality
vulnerabilities.vulnerability.criticality: HIGH
Show the vulnerabilities with MEDIUM criticality
vulnerabilities.vulnerability.criticality: MEDIUM
vulnerabilities.vulnerability.cveIdsvulnerabilities.vulnerability.cveIds
Find the vulnerabilities by their CVE IDs. You can search for a single CVE ID or a comma-separated list of multiple CVE IDs enclosed in square brackets.
The CVE in the query is case-sensitive and must be used in the capital case.
Examples
Show the vulnerability having the specified CVE ID
vulnerabilities.vulnerability.cveIds: CVE-2019-19281
Show the vulnerability having the specified CVE IDs
vulnerabilities.vulnerability.cveIds: [CVE-2016-8672, CVE-2016-9158, CVE-2019-19281]
vulnerabilities.vulnerability.patchAvailablevulnerabilities.vulnerability.patchAvailable
Select TRUE or FALSE to search vulnerabilities by the availability of patches.
Examples
Show the vulnerabilities for which patches are available
vulnerabilities.vulnerability.patchAvailable: TRUE
Show the vulnerabilities for which patches are not available
vulnerabilities.vulnerability.patchAvailable: FALSE
vulnerabilities.vulnerability.qidvulnerabilities.vulnerability.qid
Find the vulnerabilities by their Qualys IDs. You can search for a single QID or a comma-separated list of multiple QIDs enclosed in square brackets.
Examples
Show the vulnerability having the specified QID
vulnerabilities.vulnerability.qid: 42405
Show the vulnerability having the specified QIDs
vulnerabilities.vulnerability.qid: [42405, 42413, 42414]
vulnerabilities.vulnerability.threatIntelvulnerabilities.vulnerability.threatIntel
Find the vulnerabilities with Real-time Threat Indicators. Choose the threat indicators from the available options (Active Attacks, Denial of Service, Easy Exploit, Remote Code Execution, etc.)
Examples
Show assets with vulnerabilities due to Active Attacks
vulnerabilities.vulnerability.threatIntel: Active Attacks
Show assets with vulnerabilities due to Denial of Service
Vulnerabilities.vulnerability.threatIntel: Denial of Service
Show assets with vulnerabilities due to Remote Code Execution
vulnerabilities.vulnerability.threatIntel: Remote Code Execution
vulnerabilities.vulnerability.titlevulnerabilities.vulnerability.title
Find the vulnerabilities by their titles. For exact search, enclose the token value in backticks` <value>`.
Examples
Show the vulnerabilities that are related to Remote Code Execution
vulnerabilities.vulnerability.title: Remote Code Execution
Show the vulnerabilities that contain “Remote,” “Code,” “Execution,” or "Remote Code Execution" in any combination in their titles
vulnerabilities.vulnerability.title: "Remote Code Execution"
Show the vulnerability having the specified title
vulnerabilities.vulnerability.title: `Rockwell Automation ControlLogix PLC Multiple Vulnerabilities(ICSA-13-011-03)`
vulnerabilities.detectionAgevulnerabilities.detectionAge
Use this token to search for vulnerabilities by their detection age, that is, based on a range of days since the vulnerability was first detected by a scanner or a Cloud Agent on the asset. Select the range (00..30, 181..+, 31..60, 61..90, 91..180) from the drop-down menu.
Examples
vulnerabilities.detectionAge: [00..30]
Vulnerabilities that were detected during past 30 days are displayed in the result.
vulnerabilities.detectionAge: [181..+]
Vulnerabilities that are older than past 181 days are displayed in the result.
vulnerabilities.disabledvulnerabilities.disabled
Use this token to search for vulnerabilities that are disabled and the ones that are not disabled. Select TRUE or FALSE as the token value.
Example
vulnerabilities.disabled: TRUE
Vulnerabilities that are disabled are displayed in the result.
vulnerabilities.foundvulnerabilities.found
Use this token to find vulnerabilities that are detected on assets and the ones that are not. Select TRUE or FALSE as the token value.
Example
vulnerabilities.found: TRUE
Vulnerabilities that are detected on assets are displayed in the result.
vulnerabilities.hostAssetNamevulnerabilities.hostAssetName
Use this token to search for vulnerabilities detected on a host asset. Provide asset name as the token value. Refine your search in the following ways:
Examples
Exact result: If you want the search result to exactly match your query value, enclose the value in backticks (`<value>`).
vulnerabilities.hostAssetName:
`114767-T470P`
The vulnerabilities detected on the specified host asset are displayed in the result.
Partial match: If you want the search result to include one or more words in your targeted value, enclose the value in double quotation marks (“<value>”).
vulnerabilities.hostAssetName: "T470P"
The vulnerabilities detected on host assets which contain T470P in their asset name field are displayed in the result.
Related search: If you want to search for asset names that are related to your query value, type the value without double quotation marks or backtick characters.
vulnerabilities.hostAssetName: 114767-T470
vulnerabilities.ignoredvulnerabilities.ignored
Use this token to find vulnerabilities that are ignored and the ones that are not ignored. Select TRUE or FALSE as the token value.
Example
vulnerabilities.ignored: TRUE
Vulnerabilities that are ignored are displayed in the result.
vulnerabilities.instancevulnerabilities.instance
Use this token to find vulnerabilities detected on a certain instance. Use an integer value after the colon.
Example
vulnerabilities.instance: 354216
Vulnerabilities that are found on the instance 354216 are displayed in the result.
vulnerabilities.nonExploitableConfigvulnerabilities.nonExploitableConfig
Use this token to find vulnerabilities having non-exploitable configurations. Select TRUE or FALSE as the token value. With this token, you can filter out non-exploitable vulnerabilities in your environment and focus on the exploitable ones instead.
Example
vulnerabilities.nonExploitableConfig: FALSE
Vulnerabilities having exploitable configurations are displayed in the result.
vulnerabilities.nonRunningKernelvulnerabilities.nonRunningKernel
Use this token to find vulnerabilities found on non-running kernels. Select TRUE or FALSE as the token value.
Example
vulnerabilities.nonRunningKernel: FALSE
Vulnerabilities found on non-running kernels are displayed in the result.
vulnerabilities.nonExploitableServicevulnerabilities.nonExploitableService
Use this token to find vulnerabilities that exist on non-exploitable services. Select TRUE or FALSE as the token value. With this token, you can filter out non-exploitable vulnerabilities in your environment and focus on the exploitable ones instead.
Example
vulnerabilities.nonExploitableService: FALSE
Vulnerabilities that exist on exploitable services are displayed in the result.
vulnerabilities.portvulnerabilities.port
Use an integer value find vulnerabilities found on a certain port.
Example
vulnerabilities.port: 44818
Vulnerabilities found on port 44818 are displayed in the results.
vulnerabilities.vulnerability.PCIvulnerabilities.vulnerability.PCI
Use this token to find vulnerabilities that must be fixed for PCI Compliance (per Payment Card Industry Data Security Standard). Select TRUE or FALSE as the token value.
Example
vulnerabilities.vulnerability.PCI: TRUE
Vulnerabilities that must be fixed for PCI Compliance are displayed in the result.
vulnerabilities.vulnerability.authTypesvulnerabilities.vulnerability.authTypes
Use this token to find vulnerabilities by their authentication types. After the colon, select the authentication type from the available options.
Example
vulnerabilities.vulnerability.authTypes: WINDOWS_AUTH
Vulnerabilities that are detected by Windows authenticated scanning are listed in the result.
vulnerabilities.vulnerability.bugTraqIdsvulnerabilities.vulnerability.bugTraqIds
Use this token to find vulnerabilities by their Bugtraq IDs.
Bugtraq ID is a number assigned to the vulnerability by SecurityFocus, a vendor-neutral web site that provides security information to members of the security community.
Examples
vulnerabilities.vulnerability.bugTraqIds: 57844
vulnerabilities.vulnerability.categoryvulnerabilities.vulnerability.category
Use this token to search vulnerabilities by their categories. Every vulnerability is mapped to a vulnerability category. Some vulnerability categories are platform-specific (for example Debian and SUSE) while others are more general (for example Database and Firewall).
After the colon, select the desired category from the available options from the dropdown menu.
Example
vulnerabilities.vulnerability.category: "ICS-Hardware"
Vulnerabilities of the ICS-Hardware category are displayed in the result.
Use this token to find vulnerabilities by their compliance description. Refine your search in the following ways:
Example
Exact result: If you want the search result to exactly match your query value, enclose the value in backticks (`<value>`).
vulnerabilities.vulnerability.compliance.description:
`malicious software`
Vulnerabilities having the text 'malicious software' in their compliance description are displayed in the result.
Partial match: If you want the search result to include one or more words in your targeted value, enclose the value in double quotation marks (“<value>”).
vulnerabilities.vulnerability.compliance.description:
"malicious software"
Vulnerabilities having 'malicious,' 'software,' or 'malicious software' in any combination in their compliance description are displayed in the result.
Related search: If you want to search for vulnerability compliance descriptions that are related to your query value, type the value without double quotation marks or backtick characters.
vulnerabilities.vulnerability.compliance.description:
malicious software
vulnerabilities.vulnerability.compliance.sectionvulnerabilities.vulnerability.compliance.section
Use this token to find vulnerabilities by a compliance section. For an exact match, enclose your token value within backticks (`<value>`).
Example
vulnerabilities.vulnerability.compliance.section: `164.308`
Findings that match the exact value 164.308 are displayed in the result.
vulnerabilities.vulnerability.compliance.typevulnerabilities.vulnerability.compliance.type
Use this token to find vulnerabilities by their compliance type (that is, regulations or cyber security frameworks that they belong to).
After the colon, select the desired category from the available options from the dropdown menu.
Example
vulnerabilities.vulnerability.compliance.type: PCI
Vulnerabilities that belong to the compliance type PCI are displayed in the result.
vulnerabilities.vulnerability.consequencevulnerabilities.vulnerability.consequence
Use this token to find vulnerabilities by their consequence. Your targeted value can be a word, a phrase, or a complete sentence from the Impact section in the vulnerability summary. Refine your search in the following ways:
Examples
Exact result: If you want the search result to exactly match your query value, enclose the value in backticks (`<value>`).
vulnerabilities.vulnerability.consequence:
`Man-in-the-Middle (MitM) attack`
Vulnerabilities having the text 'Man-in-the-Middle (MitM) attack' in the Impact section of their summary is displayed in the result.
Partial match: If you want the search result to include one or more words in your targeted value, enclose the value in double quotation marks (“<value>”).
vulnerabilities.vulnerability.consequence: "execute unauthorized
commands"
Vulnerabilities that are displayed in the result contain 'execute', 'unauthorized,' 'commands,' or 'execute unauthorized commands' in any combination in the Impact section of their summary.
Related search: If you want to search for the terms related to your query value, type the value without double quotation marks or backtick characters.
vulnerabilities.vulnerability.consequence: sensitive
information
vulnerabilities.vulnerability.cvss3Info.baseScorevulnerabilities.vulnerability.cvss3Info.baseScore
Use this token to find vulnerabilities by their CVSS v3 base score. You can search for a single base score or a comma-separated list of multiple base scores enclosed in square brackets.
Examples
vulnerabilities.vulnerability.cvss3Info.baseScore: 7.8
vulnerabilities.vulnerability.cvss3Info.baseScore: [5.6,
5.9, 7.8]
Use this token to find vulnerabilities by their CVSS v3 temporal score. You can search for a single temporal score or a comma-separated list of multiple temporal scores enclosed in square brackets.
Examples
vulnerabilities.vulnerability.cvss3Info.temporalScore:
6.9
vulnerabilities.vulnerability.cvss3Info.temporalScore:
[7.7, 6.9, 5.8]
Use this token to find vulnerabilities based on their access vector, that is, the level of access required to exploit a vulnerability. After the colon, select the desired access vector from the available options (ADJACENT_NETWORK, LOCAL ACCESS, NETWORK, UNDEFINED).
Example
vulnerabilities.vulnerability.cvssInfo.accessVector: NETWORK
Vulnerabilities that require access to the network are listed in the result.
vulnerabilities.vulnerability.cvssInfo.baseScorevulnerabilities.vulnerability.cvssInfo.baseScore
Use this token to find vulnerabilities by their CVSS v2 base score. You can search for a single base score or a comma-separated list of multiple base scores enclosed in square brackets.
Examples
vulnerabilities.vulnerability.cvss2Info.baseScore: 7.8
vulnerabilities.vulnerability.cvss2Info.baseScore: [5.6,
5.9, 7.8]
Use this token to find vulnerabilities by their CVSS v2 temporal score. You can search for a single temporal score or a comma-separated list of multiple temporal scores enclosed in square brackets.
Examples
vulnerabilities.vulnerability.cvssInfo.temporalScore:
6.9
vulnerabilities.vulnerability.cvssInfo.temporalScore:
[7.7, 6.9, 5.8]
vulnerabilities.vulnerability.descriptionvulnerabilities.vulnerability.description
Use this token to find vulnerabilities by their description. Refine your search in the following ways:
Examples
Exact result: If you want the search result to exactly match your query value, enclose the value in backticks (`<value>`).
vulnerabilities.vulnerability.description:
`Remote Code Execution`
Vulnerabilities having the text ' Remote Code Execution' in their description are displayed in the result.
Partial match: If you want the search result to include one or more words in your targeted value, enclose the value in double quotation marks (“<value>”).
vulnerabilities.vulnerability.description: "Remote
Code Execution"
Vulnerabilities having 'Remote,' 'Code,' 'Execution,' or 'Remote Code Execution' in any combination in their description are displayed in the result.
Related search: If you want to search for vulnerability descriptions that are related to your query value, type the value without double quotation marks or backtick characters.
vulnerabilities.vulnerability.description: Remote
Code Execution
vulnerabilities.vulnerability.discoveryTypesvulnerabilities.vulnerability.discoveryTypes
Use this token to search for vulnerabilities by their discovery type: Remote or Authenticated. After the colon, select the discovery type from the drop-down menu.
Example
vulnerabilities.vulnerability.discoveryTypes: REMOTE
Vulnerabilities that can be detected using remote (unauthenticated) scanning are displayed in the result.
vulnerabilities.vulnerability.flagsvulnerabilities.vulnerability.flags
Use this token to find vulnerabilities by the Qualys-defined vulnerability properties (flags) Some of the possible token values are: REMOTE, WINDOWS_AUTH, UNIX_AUTH, and PCI_RELATED, among others. You can search for a single flag or a comma-separated list of multiple flags enclosed in square brackets.
Example
vulnerabilities.vulnerability.flags: UNIX_AUTH
Vulnerabilities with the UNIX_AUTH
flag are displayed in the result.
vulnerabilities.vulnerability.kbAgevulnerabilities.vulnerability.kbAge
Use this token to search vulnerabilities based on a range of days since the vulnerability was disclosed. Select the range (00..30, 181..+, 31..60, 61..90, 91..180) from the drop-down menu.
Examples
vulnerabilities.vulnerability.kbAge: [00..30]
Vulnerabilities that were disclosed during past 30 days are displayed in the result.
vulnerabilities.vulnerabilities.kbAge: [181..+]
Vulnerabilities that were disclosed before six months or more are displayed in the result.
vulnerabilities.vulnerability.listsvulnerabilities.vulnerability.lists
Use this token to find vulnerabilities by the search lists (for example, SANS_20, QUALYS_20, QUALYS_INT_10, QUALYS_EXT_10) they belong to.
Example
vulnerabilities.vulnerability.lists: SANS_20
Vulnerabilities that belong to the SANS Top 20 search list are displayed in the result.
vulnerabilities.vulnerability.osvulnerabilities.vulnerability.os
Use this token to find vulnerabilities by the operating system they were detected on.
Refine your search in the following ways:
Examples
Exact match: If you want the search result to exactly match your query value, enclose the value in backticks (`<value>`).
vulnerabilities.vulnerability.os: `Windows 2012`
Vulnerabilities identified on assets running Windows 2012 are displayed in the result.
Partial match: If you want the search result to include one or more words in your query value, enclose the value in double quotation marks (“<value>”).
vulnerabilities.vulnerability.os: “Windows 2012”
Vulnerabilities identified on assets running any version of Windows Server 2012 (for example, Standard, Enterprise Edition, Datacenter) with any service pack are displayed in the result.
Related search: If you want to search for the terms related to your query value, type the value without double quotation marks or backticks.
vulnerabilities.vulnerability.os: Windows 2012
vulnerabilities.vulnerability.patchReleasedvulnerabilities.vulnerability.patchReleased
Use this token to search vulnerabilities based on when their patch was available. The token value can be a date, a date range, or a year.
Supported date formats: yyyy-MM-dd, yyyy-MM, yyyy
Examples
vulnerabilities.vulnerability.patchReleased: '2020-01-13'
If you enclose the date in the single quotation marks or backticks (`<date>`), vulnerabilities for which patches were released on the specified date are displayed in the result.
vulnerabilities.vulnerability.patchReleased >
now-90d
Vulnerabilities for which patches were released in the Knowledgebase within past 90 days (excluding day 90) are displayed in the result.
vulnerabilities.vulnerability.patchReleased >=
now-90d
Vulnerabilities for which patches were released within past 90 days (including day 90) are displayed in the result.
vulnerabilities.vulnerability.patchReleased <
now-90d
Vulnerabilities for which patches were released before past 90 days (excluding day 90) are displayed in the result.
vulnerabilities.vulnerability.patchReleased <=
now-90d
Vulnerabilities for which patches were released before past 90 days (including day 90) are displayed in the result.
vulnerabilities.vulnerability.patchReleased: [2020-01-01
... 2020-01-10]
Vulnerabilities for which patches were released within the specified date range are displayed in the result.
vulnerabilities.vulnerability.patchReleased: [now-2w
... now-1s]
Vulnerabilities for which patches were released from two weeks ago till a second ago are displayed in the result.
vulnerabilities.vulnerability.publishedvulnerabilities.vulnerability.published
Use this token to find vulnerabilities based on when they were first published in the Qualys Knowledgebase. The token value can be a date, a date range, or a year.
Supported date formats: yyyy-MM-dd, yyyy-MM, yyyy
Example
vulnerabilities.vulnerability.published: '2020-01-13'
If you enclose the date in the single quotation marks or backticks (`<date>`), vulnerabilities that were published in the Knowledgebase on the specified date are displayed in the result.
vulnerabilities.vulnerability.published > now-90d
Vulnerabilities that were published in the Knowledgebase within past 90 days (excluding day 90) are displayed in the result.
vulnerabilities.vulnerability.published >=
now-90d
Vulnerabilities that were published in the Knowledgebase within past 90 days (including day 90) are displayed in the result.
vulnerabilities.vulnerability.published < now-90d
Vulnerabilities that were published in the Knowledgebase before past 90 days (excluding day 90) are displayed in the result.
vulnerabilities.vulnerability.published <=
now-90d
Vulnerabilities that were published in the Knowledgebase before past 90 days (including day 90) are displayed in the result.
vulnerabilities.vulnerability.published: [2020-01-01
... 2020-01-10]
Vulnerabilities that were published in the Knowledgebase within the specified date range are displayed in the result.
vulnerabilities.vulnerability.published: [now-2w
... now-1s]
Vulnerabilities that were published in the Knowledgebase from two weeks ago till a second ago are displayed in the result.
vulnerabilities.vulnerability.qualysPatchablevulnerabilities.vulnerability.qualysPatchable
Use this token to find vulnerabilities that can be patched by Qualys or the ones for which users need to download patches from vendor websites and then install them.
Select TRUE or FALSE as the token value.
Examples
vulnerabilities.vulnerability.qualysPatchable: TRUE
Vulnerabilities that can be patched by Qualys are displayed in the result.
vulnerabilities.vulnerability.riskvulnerabilities.vulnerability.risk
Use an integer value to define the vulnerability risk rating you're interested in. For confirmed and potential issues, risk is 10 times the severity, for information gathered, it is severity.
Example
vulnerabilities.vulnerability.risk: 50
vulnerabilities.vulnerability.sans20Categoriesvulnerabilities.vulnerability.sans20Categories
Use a text value to find vulnerabilities in the SANS 20 category you're interested in (for example, Anti-virus Software, Backup Software, Database).
Example
vulnerabilities.vulnerability.sans20Categories: Media
Players
vulnerabilities.vulnerability.solutionvulnerabilities.vulnerability.solution
Use this token to find vulnerabilities by the solution available for them. Refine your search in the following ways:
Examples
Exact result: If you want the search result to exactly match your query value, enclose the value in backticks (`<value>`).
vulnerabilities.vulnerability.solution:
`ICSA-16-348-05`
Vulnerabilities which require the updates mentioned in the ICSA-16-348-05 advisory as the solution are displayed in the result.
Partial match: If you want the search result to include one or more words in your targeted value, enclose the value in double quotation marks (“<value>”).
vulnerabilities.vulnerability.solution: "CERT
MITIGATIONS section in ICSA-19-344-06"
Vulnerabilities whose solutions contain any of the text in the targeted value are displayed in the result.
Related search: If you want to search for the terms related to your query value, type the value without double quotation marks or backtick characters.
vulnerabilities.vulnerability.solution: Bulletin
MS10-006
vulnerabilities.vulnerability.supportedByvulnerabilities.vulnerability.supportedBy
Use this token to find vulnerabilities by the Qualys service which is used to detect them. After the colon, select the service from the drop-down menu.
Example
vulnerabilities.vulnerability.supportedBy: CA-Linux
Agent
Vulnerabilities detected by Qualys Linux Agent are listed in the result.
vulnerabilities.vulnerability.updatedvulnerabilities.vulnerability.updated
Use this token to search vulnerabilities based on when they were updated in the Qualys Knowledgebase. The token value can be a date, a date range, or a year.
Supported date formats: yyyy-MM-dd, yyyy-MM, yyyy
Examples
vulnerabilities.vulnerability.updated: '2020-01-13'
If you enclose the date in the single quotation marks or backticks (`<date>`), vulnerabilities that were updated in the Knowledgebase on the specified date are displayed in the result.
vulnerabilities.vulnerability.updated > now-90d
Vulnerabilities that were updated in the Knowledgebase within past 90 days (excluding day 90) are displayed in the result.
vulnerabilities.vulnerability.updated >= now-90d
Vulnerabilities that were updated in the Knowledgebase within past 90 days (including day 90) are displayed in the result.
vulnerabilities.vulnerability.updated < now-90d
Vulnerabilities that were updated in the Knowledgebase before past 90 days (excluding day 90) are displayed in the result.
vulnerabilities.vulnerability.updated <= now-90d
Vulnerabilities that were updated in the Knowledgebase before past 90 days (including day 90) are displayed in the result.
vulnerabilities.vulnerability.updated:[2020-01-01
... 2020-01-10]
Vulnerabilities that were updated in the Knowledgebase within the specified date range are displayed in the result.
vulnerabilities.vulnerability.updated:[now-2w
... now-1s]
Vulnerabilities that were updated in the Knowledgebase from two weeks ago till a second ago are displayed in the result.
vulnerabilities.vulnerability.vendorRefsvulnerabilities.vulnerability.vendorRefs
Use this token to find vulnerabilities by vendor references linked with them. A vendor reference is usually a knowledge base article addressing a vulnerability and providing guidance to mitigate the risk arising due to the potential vulnerability.
Example
vulnerabilities.vulnerability.vendorRefs:
KB3021953
Vulnerabilities addressed in KB3021953
are displayed in the result.
vulnerabilities.vulnerability.vendors.productNamevulnerabilities.vulnerability.vendors.productName
Use this token to find vulnerabilities by the product names of assets on which the vulnerabilities are detected. Refine your search in the following ways:
Examples
Exact result: If you want the search result to exactly match your query value, enclose the value in backticks (`<value>`).
vulnerabilities.vulnerability.vendors.productName: `SIMATIC S7-400 CPU`
Vulnerabilities detected on SIMATIC s7-400 CPU assets are displayed in the result.
Partial match: If you want the search result to include one or more words in your query value, enclose the value in double quotation marks (“<value>”).
vulnerabilities.vulnerability.vendors.productName: “SIMATIC S7-400 CPU”
Vulnerabilities that are displayed in the result are detected on assets containing “Simatic,” “s7-400,” or “CPU” in any combination in their product name.
Related search: If you want to search for the terms related to your query value, type the value without double quotation marks or backtick characters.
vulnerabilities.vulnerability.vendors.productName: SIMATIC S7-400 CPU
vulnerabilities.vulnerability.vendors.vendorNamevulnerabilities.vulnerability.vendors.vendorName
Use this token to find vulnerabilities by the vendors of the assets on which the vulnerabilities are detected. Refine your search in the following ways:
Examples
Exact result: If you want the search result to exactly match your query value, enclose the value in backticks (`<value>`).
vulnerabilities.vulnerability.vendors.vendorName: `Siemens`
Vulnerabilities detected on Siemens assets are displayed in the result.
Partial match: If you want the search result to include one or more words in your query value, enclose the value in double quotation marks (“<value>”).
vulnerabilities.vulnerability.vendors.vendorName: “Schneider Electric”
Vulnerabilities that are displayed in the result are detected on assets containing “Schneider” or “Electric,” or both in their vendor name.
Related search: If you want to search for the terms related to your query value, type the value without double quotation marks or backtick characters.
vulnerabilities.vulnerability.vendors.vendorName: Schneider Electric