Alerting Tokens in VMDR

Use the following tokens to define alerting search criteria for Assets, RTIs, and Vulnerability in the Rule Query of the Responses tab:

Generic Tokens

The order of precedence to use the operators is NOT, AND, OR. However, you can use the parenthesis to override the precedence.

not

and

or

Alerting Tokens for Assets

assetId

created

criticalityScore

interfaces.hostname

lastComplianceScanDate

lastVmScanDate

name

netbiosName

operatingSystem

riskScore

tags.name

trackingMethod

updated

Alerting Tokens for Real-Time Threat Indicators (RTI)

vulnerabilities.vulnerability.threatIntel.activeAttacks

vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns

vulnerabilities.vulnerability.threatIntel.denialOfService

vulnerabilities.vulnerability.threatIntel.easyExploit

vulnerabilities.vulnerability.threatIntel.exploitKit

vulnerabilities.vulnerability.threatIntel.exploitKitName

vulnerabilities.vulnerability.threatIntel.highDataLoss

vulnerabilities.vulnerability.threatIntel.highLateralMovement

vulnerabilities.vulnerability.threatIntel.malware

vulnerabilities.vulnerability.threatIntel.malwareName

vulnerabilities.vulnerability.threatIntel.noPatch

vulnerabilities.vulnerability.threatIntel.publicExploit

vulnerabilities.vulnerability.threatIntel.publicExploitName

vulnerabilities.vulnerability.threatIntel.zeroDay

vulnerabilities.vulnerability.threatIntel.wormable

vulnerabilities.vulnerability.threatIntel.predictedHighRisk

vulnerabilities.vulnerability.threatIntel.unauthenticatedExploitation

vulnerabilities.vulnerability.threatIntelremoteCodeExecution

vulnerabilities.vulnerability.threatIntel.ransomware

vulnerabilities.vulnerability.threatIntel.privilegeEscalation

vulnerabilities.vulnerability.threatIntel.solorigateSunburst

Alerting Tokens for Vulnerability

vulnerabilities.detectionScore

vulnerabilities.disabled

vulnerabilities.firstFound

vulnerabilities.ignored

vulnerabilities.instance

vulnerabilities.lastFound

vulnerabilities.nonExploitableService

vulnerabilities.nonRunningKernel

vulnerabilities.port

vulnerabilities.protocol

vulnerabilities.severity

vulnerabilities.status

vulnerabilities.typeDetected

vulnerabilities.vulnerability.criticality

vulnerabilities.vulnerability.cveIds

vulnerabilities.vulnerability.description

vulnerabilities.vulnerability.os

vulnerabilities.vulnerability.patchAvailable

vulnerabilities.vulnerabilty.qid

vulnerabilities.vulnerability.qualysPatchable

vulnerabilities.vulnerability.rebootRequired

vulnerabilities.vulnerability.title

vulnerabilities.vulnerability.vendors.productName

vulnerabilities.vulnerability.vendors.vendorName