Search Tokens for Dynamic Tagging
Use the following tokens to define search criteria for dynamic tagging:
asset.riskScoreasset.riskScore
Use an integer value 0-1000 to find assets based on specific asset risk score.
Example
Show assets with risk score 60
asset.riskScore:
"60"
vulnerabilities.vulnerability.qidvulnerabilities.vulnerability.qid
Use an integer value to define the QID in question.
Example
Show findings with QID 90405
vulnerabilities.vulnerability.qid: 90405
vulnerabilities.severityvulnerabilities.severity
Use an integer value to view the severity level set by you to find assets having vulnerabilities. The severity level ranges between 1-5. Select from values in the drop-down menu. If you do not set the severity level, its level will be the same as the level set by Qualys.
Example
Show findings with severity by 5
vulnerabilities.severity:5
For information about customer and Qualys severity, see Customer and Kb Severity Level
vulnerabilities.typeDetectedvulnerabilities.typeDetected
Select a detection type (e.g. Confirmed, Potential, Information) to find assets with vulnerabilities of this type. Select from names in the drop-down menu.
Example
Show findings with this type
vulnerabilities.typeDetected:Confirmed
vulnerabilities.foundvulnerabilities.found
Use the values true | false to define vulnerabilities are detected or not on the assets.
Examples
Show findings with vulnerabilities detected
vulnerabilities.found:TRUE
vulnerabilities.statusvulnerabilities.status
Select a status (e.g. Active, Fixed, New, Reopened) to find vulnerabilities with certain status. Select from names in the drop-down menu.
If you select the status as Fixed, the list will only show vulnerabilities that are fixed in the last 365 days.
Example
Show vulnerabilities with New status
vulnerabilities.status:NEW
vulnerabilities.hostOSvulnerabilities.hostOS
Use quotes or backticks within values to help you find the host operating system.
Examples
Show any findings with this OS name
vulnerabilities.hostOS:Windows 2012
Show any findings that contain components of OS name
vulnerabilities.hostOS:"Windows 2012"
Show any findings that match exact value "Windows 2012"
vulnerabilities.hostOS:`Windows 2012`
vulnerabilities.hostAssetName vulnerabilities.hostAssetName
Use quotes or backticks within values to help you find the host asset name.
Examples
Show any findings related to name
vulnerabilities.hostAssetName:QK2K12QP3-65-53
Show any findings that contain parts of name
vulnerabilities.hostAssetName:"QK2K12QP3-65-53"
Show any findings that match exact value "QK2K12QP3-65-53"
vulnerabilities.hostAssetName:`QK2K12QP3-65-53`
vulnerabilities.ignoredvulnerabilities.ignored
Use an integer value to find vulnerabilities that have been marked as ignored.
Example
Show vulnerabilities that are marked as ignored
vulnerabilities.ignored:TRUE
vulnerabilities.disabledvulnerabilities.disabled
Use the values true | false to define vulnerabilities are disabled or enabled.
Examples
Show findings with vulnerabilities disabled
vulnerabilities.disabled:TRUE
vulnerabilities.portvulnerabilities.port
Use an integer value to help you find vulnerabilities found on a certain port.
Example
Show vulnerabilities found on this port
vulnerabilities.port:443
vulnerabilities.protocolvulnerabilities.protocol
Use a text value (UDP or TCP) to define the port protocol.
Example
Show vulnerabilities found on TCP protocol
vulnerabilities.protocol:TCP
vulnerabilities.instancevulnerabilities.instance
Use a text value to help you find vulnerabilities found on a certain instance.
Example
Show vulnerabilities found in this instance
vulnerabilities.instance: oracle
vulnerabilities.nonRunningKernelvulnerabilities.nonRunningKernel
Use the values true | false to view vulnerabilities found on non-running kernels.
Examples
Show detections found on non-running Kernal
vulnerabilities.nonRunningKernel:TRUE
Show detections found on running Kernal
vulnerabilities.nonRunningKernel:FALSE
vulnerabilities.nonExploitableServicevulnerabilities.nonExploitableService
`Use the values true | false to define vulnerabilities that exist on non exploitable services.
Examples
Show findings on non-exploitable services
vulnerabilities.nonExploitableService:TRUE
vulnerabilities.detectionScorevulnerabilities.detectionScore
Use an integer value (0-100) to help you find vulnerabilities based on specific detection score.
Examples
Show vulnerabilities with detection score 80
vulnerabilities.detectionScore:80
Show vulnerabilities with detection score 25
vulnerabilities.detectionScore:25
vulnerabilities.vulnerability.qualysPatchablevulnerabilities.vulnerability.qualysPatchable
Use the valuesvulnerabilities true | false to define that can be patched at Qualys.
Examples
Show vulnerabilities with patch available at Qualys
vulnerabilities.vulnerability.qualysPatchable: "true"
Show vulnerabilities with patch not available at Qualys
vulnerabilities.vulnerability.qualysPatchable: "false"
vulnerabilities.vulnerability.criticalityvulnerabilities.vulnerability.criticality
Select a criticality (e.g. "CRITICAL","HIGH","MEDIUM","LOW","NONE") to find assets with vulnerabilities of this type. Select from names in the drop-down menu.
If a QID does not have a CVSSv3 Base score, the CVSSv2 Base score takes the priority.
The following list of criticality defines the CVSS Score from 0.0 to 10.0:
- None: 0.0
- Low: 0.1-3.9
- Medium: 4.0-6.9
- High: 7.0-8.9
- Critical: 9.0-10.0
Examples
Show vulnerabilities with HIGH criticality
vulnerabilities.vulnerability.criticality: "HIGH"
vulnerabilities.vulnerability.descriptionvulnerabilities.vulnerability.description
Use quotes or backticks within values to help you find the vulnerability description.
Examples
Show any findings related to description
vulnerabilities.vulnerability.description:remote
code execution
Show any findings that contain "remote" or "code" in description
vulnerabilities.vulnerability.description:"remote
code execution"
Show any findings that match exact value "remote code execution"
vulnerabilities.vulnerability.description:`remote
code execution`
vulnerabilities.vulnerability.riskvulnerabilities.vulnerability.risk
Use an integer value to define the vulnerability risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.
Example
Show findings with risk 50
vulnerabilities.vulnerability.risk:50
vulnerabilities.vulnerability.osvulnerabilities.vulnerability.os
Use quotes or backticks within values to help you find the operating system vulnerabilities were detected on.
Examples
Show any findings related to this OS value
vulnerabilities.vulnerability.os:windows
Show any findings that contain parts of OS value
vulnerabilities.vulnerability.os:"windows"
Show any findings that match exact value "windows"
vulnerabilities.vulnerability.os:`windows`
vulnerabilities.vulnerability.patchAvailablevulnerabilities.vulnerability.patchAvailable
Use the values true | false to define vulnerabilities with patch available.
Examples
Show findings with patch available
vulnerabilities.vulnerability.patchAvailable:TRUE
Show findings with no patch available
vulnerabilities.vulnerability.patchAvailable:FALSE
vulnerabilities.vulnerability.vendors.productNamevulnerabilities.vulnerability.vendors.productName
Use a text value to find the vendor product name.
Example
Show findings with this vendor product name
vulnerabilities.vulnerability.vendors.productName:Windows
vulnerabilities.vulnerability.vendors.vendorNamevulnerabilities.vulnerability.vendors.vendorName
Use a text value to find the vendor name.
Example
Show findings with this vendor name
vulnerabilities.vulnerability.vendors.vendorName:Adobe
vulnerabilities.vulnerability.titlevulnerabilities.vulnerability.title
Use quotes or backticks within values to help you find the title.
Examples
Show any findings related to this title
vulnerabilities.vulnerability.title:Remote Code
Execution
Show any findings that contain "Remote" or "Code" in title
vulnerabilities.vulnerability.title:"Remote
Code"
Show any findings that match exact value "Remote Code"
vulnerabilities.vulnerability.title:`Remote Code`
vulnerabilities.vulnerability.rebootRequiredvulnerabilities.vulnerability.rebootRequired
Use the values true | false to find vulnerabilities that need reboot.
Examples
Show vulnerabilities that need reboot.
vulnerabilities.vulnerability.rebootRequired: TRUE
Use the values true | false to define real-time threats due to active attacks.
Examples
Show assets with threats due to active attacks
vulnerabilities.vulnerability.threatIntel.activeAttacks:
true
Show assets that don't have threats due to active attacks
vulnerabilities.vulnerability.threatIntel.activeAttacks:
false
Use the values true | false to define real-time threats due to denial of service.
Examples
Show assets with threats due to denial of service
vulnerabilities.vulnerability.threatIntel.denialOfService:
true
Show assets that don't have threats due to denial of service
vulnerabilities.vulnerability.threatIntel.denialOfService:
false
Use the values true | false to define real-time threats due to easy exploit.
Examples
Show assets with threats due to easy exploit
vulnerabilities.vulnerability.threatIntel.easyExploit:
true
Show assets that don't have threats due to easy exploit
vulnerabilities.vulnerability.threatIntel.easyExploit:
false
Use the values true | false to define real-time threats due to high data loss.
Examples
Show assets with threats due to high data loss
vulnerabilities.vulnerability.threatIntel.highDataLoss:
true
Show assets that don't have threats due to high data loss
vulnerabilities.vulnerability.threatIntel.highDataLoss:
false
Use the values true | false to define real-time threats due to exploit kit.
Examples
Show assets with threats due to exploit kit
vulnerabilities.vulnerability.threatIntel.exploitKit:
true
Show assets that don't have threats due to exploit kit
vulnerabilities.vulnerability.threatIntel.exploitKit:
false
Use the values true | false to define real-time threats due to high lateral movement.
Examples
Show assets with threats due to high lateral movement
vulnerabilities.vulnerability.threatIntel.highLateralMovement:
true
Show assets that don't have threats due to high lateral movement
vulnerabilities.vulnerability.threatIntel.highLateralMovement:
false
vulnerabilities.vulnerability.threatIntel.malwarevulnerabilities.vulnerability.threatIntel.malware
Use the values true | false to define real-time threats due to malware.
Examples
Show assets with threats due to malware
vulnerabilities.vulnerability.threatIntel.malware: true
Show assets that don't have threats due to malware
vulnerabilities.vulnerability.threatIntel.malware: false
vulnerabilities.vulnerability.threatIntel.noPatchvulnerabilities.vulnerability.threatIntel.noPatch
Use the values true | false to define real-time threats due to no patch available.
Examples
Show assets with threats due to no patch available
vulnerabilities.vulnerability.threatIntel.noPatch: true
Show assets that don't have threats due to no patch available
vulnerabilities.vulnerability.threatIntel.noPatch: false
Use the values true | false to define real-time threats due to public exploit.
Example
Show assets with threats due to public exploit
vulnerabilities.vulnerability.threatIntel.publicExploit:
true
Show assets that don't have threats due to public exploit
vulnerabilities.vulnerability.threatIntel.publicExploit:
false
vulnerabilities.vulnerability.threatIntel.zeroDayvulnerabilities.vulnerability.threatIntel.zeroDay
Use the values true | false to define real-time threats due to zero day exploit.
Examples
Show assets with threats due to zero day exploit
vulnerabilities.vulnerability.threatIntel.zeroDay: true
Show assets that don't have threats due to zero day exploit
vulnerabilities.vulnerability.threatIntel.zeroDay: false
vulnerabilities.vulnerability.threatIntel.wormablevulnerabilities.vulnerability.threatIntel.wormable
Use the values true | false to define real-time wormable threats.
Examples
Show assets with wormable threats
vulnerabilities.vulnerability.threatIntel.wormable: "true"
Use the values true | false to define real-time threats due to predicted high risk.
Examples
Show assets with predicted high risk threat
vulnerabilities.vulnerability.threatIntel.predictedHighRisk:
"true"
Use the values true | false to define real-time threats due to unauthenticated exploitation risk.
Examples
Show assets with unauthenticated exploitation threat
vulnerabilities.vulnerability.threatIntel.unauthenticatedExploitation:
"true"
Use the values true | false to define real-time threats due to remote code execution risk.
Examples
Show assets with remote code execution threat
vulnerabilities.vulnerability.threatIntel.remoteCodeExecution:
"true"
Use the values true | false to define real-time threats due to privilege escalation risk.
Examples
Show assets with privilege escalation threat
vulnerabilities.vulnerability.threatIntel.privilegeEscalation:
"true"
Use the values true | false to define real-time threats due to ransomeware vulnerability.
Examples
Show assets with ransomeware threat
vulnerabilities.vulnerability.threatIntel.ransomware:
"true"
Use the values true | false to filter real-time threats due to Solorigate/Sunburst risk.
Examples
Show assets with Solorigate/Sunburst threat
vulnerabilities.vulnerability.threatIntel.solorigateSunburst:
"true"
Use the values true | false to define real-time threats due to CISA Exploits.
Examples
Show assets with threats due to CISA exploit
vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns:
true
Show assets that don't have threats due to CISA exploit
vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns:
false