Search Tokens for Dynamic Tagging
Click to view help navigation


Search Tokens for Dynamic Tagging

Use the following tokens to define search criteria for dynamic tagging:

asset.riskScoreasset.riskScore

Use an integer value 0-1000 to find assets based on specific asset risk score.

Example

Show assets with risk score 60

asset.riskScore: "60"

vulnerabilities.vulnerability.qidvulnerabilities.vulnerability.qid

Use an integer value to define the QID in question.

Example

Show findings with QID 90405

vulnerabilities.vulnerability.qid: 90405

vulnerabilities.severityvulnerabilities.severity

Use an integer value to view the severity level set by you to find assets having vulnerabilities. The severity level ranges between 1-5. Select from values in the drop-down menu. If you do not set the severity level, its level will be the same as the level set by Qualys.

Example

Show findings with severity by 5

vulnerabilities.severity:5

For information about customer and Qualys severity, see Customer and Kb Severity Level

vulnerabilities.typeDetectedvulnerabilities.typeDetected

Select a detection type (e.g. Confirmed, Potential, Information) to find assets with vulnerabilities of this type. Select from names in the drop-down menu.

Example

Show findings with this type

vulnerabilities.typeDetected:Confirmed

vulnerabilities.foundvulnerabilities.found

Use the values true | false to define vulnerabilities are detected or not on the assets.

Examples

Show findings with vulnerabilities detected

vulnerabilities.found:TRUE

vulnerabilities.statusvulnerabilities.status

Select a status (e.g. Active, Fixed, New, Reopened) to find vulnerabilities with certain status. Select from names in the drop-down menu.

If you select the status as Fixed, the list will only show vulnerabilities that are fixed in the last 365 days.

Example

Show vulnerabilities with New status

vulnerabilities.status:NEW

 

vulnerabilities.hostOSvulnerabilities.hostOS

Use quotes or backticks within values to help you find the host operating system.

Examples

Show any findings with this OS name

vulnerabilities.hostOS:Windows 2012

Show any findings that contain components of OS name

vulnerabilities.hostOS:"Windows 2012"

Show any findings that match exact value "Windows 2012"

vulnerabilities.hostOS:`Windows 2012`

vulnerabilities.hostAssetName vulnerabilities.hostAssetName

Use quotes or backticks within values to help you find the host asset name.

Examples

Show any findings related to name

vulnerabilities.hostAssetName:QK2K12QP3-65-53

Show any findings that contain parts of name

vulnerabilities.hostAssetName:"QK2K12QP3-65-53"

Show any findings that match exact value "QK2K12QP3-65-53"

vulnerabilities.hostAssetName:`QK2K12QP3-65-53`

vulnerabilities.ignoredvulnerabilities.ignored

Use an integer value to find vulnerabilities that have been marked as ignored.

Example

Show vulnerabilities that are marked as ignored

vulnerabilities.ignored:TRUE

vulnerabilities.disabledvulnerabilities.disabled

Use the values true | false to define vulnerabilities are disabled or enabled.

Examples

Show findings with vulnerabilities disabled

vulnerabilities.disabled:TRUE

vulnerabilities.portvulnerabilities.port

Use an integer value to help you find vulnerabilities found on a certain port.

Example

Show vulnerabilities found on this port

vulnerabilities.port:443

vulnerabilities.protocolvulnerabilities.protocol

Use a text value (UDP or TCP) to define the port protocol.

Example

Show vulnerabilities found on TCP protocol

vulnerabilities.protocol:TCP

vulnerabilities.instancevulnerabilities.instance

Use a text value to help you find vulnerabilities found on a certain instance.

Example

Show vulnerabilities found in this instance  

vulnerabilities.instance: oracle

vulnerabilities.nonRunningKernelvulnerabilities.nonRunningKernel

Use the values true | false to view vulnerabilities found on non-running kernels.

Examples

Show detections found on non-running Kernal

vulnerabilities.nonRunningKernel:TRUE

Show detections found on running Kernal

vulnerabilities.nonRunningKernel:FALSE

vulnerabilities.nonExploitableServicevulnerabilities.nonExploitableService

`Use the values true | false to define vulnerabilities that exist on non exploitable services.

Examples

Show findings on non-exploitable services

vulnerabilities.nonExploitableService:TRUE

vulnerabilities.detectionScorevulnerabilities.detectionScore

Use an integer value (0-100) to help you find vulnerabilities based on specific detection score.

Examples

Show vulnerabilities with detection score 80

vulnerabilities.detectionScore:80

Show vulnerabilities with detection score 25

vulnerabilities.detectionScore:25

vulnerabilities.vulnerability.qualysPatchablevulnerabilities.vulnerability.qualysPatchable

Use the valuesvulnerabilities  true | false to define that can be patched at Qualys.

Examples

Show vulnerabilities with patch available at Qualys

vulnerabilities.vulnerability.qualysPatchable: "true"

Show vulnerabilities with patch not available at Qualys

vulnerabilities.vulnerability.qualysPatchable: "false"

vulnerabilities.vulnerability.criticalityvulnerabilities.vulnerability.criticality

Select a criticality (e.g. "CRITICAL","HIGH","MEDIUM","LOW","NONE") to find assets with vulnerabilities of this type. Select from names in the drop-down menu.

If a QID does not have a CVSSv3 Base score, the CVSSv2 Base score takes the priority.

The following list of criticality defines the CVSS Score from 0.0 to 10.0:

  • None: 0.0
  • Low: 0.1-3.9
  • Medium: 4.0-6.9
  • High: 7.0-8.9
  • Critical: 9.0-10.0

Examples

Show vulnerabilities with HIGH criticality

vulnerabilities.vulnerability.criticality: "HIGH"

vulnerabilities.vulnerability.descriptionvulnerabilities.vulnerability.description

Use quotes or backticks within values to help you find the vulnerability description.

Examples

Show any findings related to description

vulnerabilities.vulnerability.description:remote code execution

Show any findings that contain "remote" or "code" in description

vulnerabilities.vulnerability.description:"remote code execution"

Show any findings that match exact value "remote code execution"

vulnerabilities.vulnerability.description:`remote code execution`

vulnerabilities.vulnerability.riskvulnerabilities.vulnerability.risk

Use an integer value to define the vulnerability risk rating. For confirmed and potential issues risk is 10 times severity, for information gathered it is severity.

Example

Show findings with risk 50

vulnerabilities.vulnerability.risk:50

vulnerabilities.vulnerability.osvulnerabilities.vulnerability.os

Use quotes or backticks within values to help you find the operating system vulnerabilities were detected on.

Examples

Show any findings related to this OS value

vulnerabilities.vulnerability.os:windows

Show any findings that contain parts of OS value

vulnerabilities.vulnerability.os:"windows"

Show any findings that match exact value "windows"

vulnerabilities.vulnerability.os:`windows`

vulnerabilities.vulnerability.patchAvailablevulnerabilities.vulnerability.patchAvailable

Use the values true | false to define vulnerabilities with patch available.

Examples

Show findings with patch available

vulnerabilities.vulnerability.patchAvailable:TRUE

Show findings with no patch available

vulnerabilities.vulnerability.patchAvailable:FALSE

vulnerabilities.vulnerability.vendors.productNamevulnerabilities.vulnerability.vendors.productName

Use a text value to find the vendor product name.

Example

Show findings with this vendor product name

vulnerabilities.vulnerability.vendors.productName:Windows

vulnerabilities.vulnerability.vendors.vendorNamevulnerabilities.vulnerability.vendors.vendorName

Use a text value to find the vendor name.

Example

Show findings with this vendor name

vulnerabilities.vulnerability.vendors.vendorName:Adobe

vulnerabilities.vulnerability.titlevulnerabilities.vulnerability.title

Use quotes or backticks within values to help you find the title.

Examples

Show any findings related to this title

vulnerabilities.vulnerability.title:Remote Code Execution

Show any findings that contain "Remote" or "Code" in title

vulnerabilities.vulnerability.title:"Remote Code"

Show any findings that match exact value "Remote Code"

vulnerabilities.vulnerability.title:`Remote Code`

vulnerabilities.vulnerability.rebootRequiredvulnerabilities.vulnerability.rebootRequired

Use the values true | false to find vulnerabilities that need reboot.

Examples

Show vulnerabilities that need reboot.

vulnerabilities.vulnerability.rebootRequired: TRUE

vulnerabilities.vulnerability.threatIntel.activeAttacksvulnerabilities.vulnerability.threatIntel.activeAttacks

Use the values true | false to define real-time threats due to active attacks.

Examples

Show assets with threats due to active attacks

vulnerabilities.vulnerability.threatIntel.activeAttacks: true

Show assets that don't have threats due to active attacks

vulnerabilities.vulnerability.threatIntel.activeAttacks: false

vulnerabilities.vulnerability.threatIntel.denialOfServicevulnerabilities.vulnerability.threatIntel.denialOfService

Use the values true | false to define real-time threats due to denial of service.

Examples

Show assets with threats due to denial of service

vulnerabilities.vulnerability.threatIntel.denialOfService: true

Show assets that don't have threats due to denial of service

vulnerabilities.vulnerability.threatIntel.denialOfService: false

vulnerabilities.vulnerability.threatIntel.easyExploitvulnerabilities.vulnerability.threatIntel.easyExploit

Use the values true | false to define real-time threats due to easy exploit.

Examples

Show assets with threats due to easy exploit

vulnerabilities.vulnerability.threatIntel.easyExploit: true

Show assets that don't have threats due to easy exploit

vulnerabilities.vulnerability.threatIntel.easyExploit: false

vulnerabilities.vulnerability.threatIntel.highDataLossvulnerabilities.vulnerability.threatIntel.highDataLoss

Use the values true | false to define real-time threats due to high data loss.

Examples

Show assets with threats due to high data loss

vulnerabilities.vulnerability.threatIntel.highDataLoss: true

Show assets that don't have threats due to high data loss

vulnerabilities.vulnerability.threatIntel.highDataLoss: false

vulnerabilities.vulnerability.threatIntel.exploitKitvulnerabilities.vulnerability.threatIntel.exploitKit

Use the values true | false to define real-time threats due to exploit kit.

Examples

Show assets with threats due to exploit kit

vulnerabilities.vulnerability.threatIntel.exploitKit: true

Show assets that don't have threats due to exploit kit

vulnerabilities.vulnerability.threatIntel.exploitKit: false

vulnerabilities.vulnerability.threatIntel.highLateralMovementvulnerabilities.vulnerability.threatIntel.highLateralMovement

Use the values true | false to define real-time threats due to high lateral movement.

Examples

Show assets with threats due to high lateral movement

vulnerabilities.vulnerability.threatIntel.highLateralMovement: true

Show assets that don't have threats due to high lateral movement

vulnerabilities.vulnerability.threatIntel.highLateralMovement: false

vulnerabilities.vulnerability.threatIntel.malwarevulnerabilities.vulnerability.threatIntel.malware

Use the values true | false to define real-time threats due to malware.

Examples

Show assets with threats due to malware

vulnerabilities.vulnerability.threatIntel.malware: true

Show assets that don't have threats due to malware

vulnerabilities.vulnerability.threatIntel.malware: false

vulnerabilities.vulnerability.threatIntel.noPatchvulnerabilities.vulnerability.threatIntel.noPatch

Use the values true | false to define real-time threats due to no patch available.

Examples

Show assets with threats due to no patch available

vulnerabilities.vulnerability.threatIntel.noPatch: true

Show assets that don't have threats due to no patch available

vulnerabilities.vulnerability.threatIntel.noPatch: false

vulnerabilities.vulnerability.threatIntel.publicExploitvulnerabilities.vulnerability.threatIntel.publicExploit

Use the values true | false to define real-time threats due to public exploit.

Example

Show assets with threats due to public exploit

vulnerabilities.vulnerability.threatIntel.publicExploit: true

Show assets that don't have threats due to public exploit

vulnerabilities.vulnerability.threatIntel.publicExploit: false

vulnerabilities.vulnerability.threatIntel.zeroDayvulnerabilities.vulnerability.threatIntel.zeroDay

Use the values true | false to define real-time threats due to zero day exploit.

Examples

Show assets with threats due to zero day exploit

vulnerabilities.vulnerability.threatIntel.zeroDay: true

Show assets that don't have threats due to zero day exploit

vulnerabilities.vulnerability.threatIntel.zeroDay: false

vulnerabilities.vulnerability.threatIntel.wormablevulnerabilities.vulnerability.threatIntel.wormable

Use the values true | false to define real-time wormable threats.

Examples

Show assets with wormable threats

vulnerabilities.vulnerability.threatIntel.wormable: "true"

vulnerabilities.vulnerability.threatIntel.predictedHighRiskvulnerabilities.vulnerability.threatIntel.predictedHighRisk

Use the values true | false to define real-time threats due to predicted high risk.

Examples

Show assets with predicted high risk threat

vulnerabilities.vulnerability.threatIntel.predictedHighRisk: "true"

vulnerabilities.vulnerability.threatIntel.unauthenticatedExploitationvulnerabilities.vulnerability.threatIntel.unauthenticatedExploitation

Use the values true | false to define real-time threats due to unauthenticated exploitation risk.

Examples

Show assets with unauthenticated exploitation threat

vulnerabilities.vulnerability.threatIntel.unauthenticatedExploitation: "true"

vulnerabilities.vulnerability.threatIntel.remoteCodeExecutionvulnerabilities.vulnerability.threatIntel.remoteCodeExecution

Use the values true | false to define real-time threats due to remote code execution risk.

Examples

Show assets with  remote code execution threat

vulnerabilities.vulnerability.threatIntel.remoteCodeExecution: "true"

vulnerabilities.vulnerability.threatIntel.privilegeEscalationvulnerabilities.vulnerability.threatIntel.privilegeEscalation

Use the values true | false to define real-time threats due to privilege escalation risk.

Examples

Show assets with privilege escalation threat

vulnerabilities.vulnerability.threatIntel.privilegeEscalation: "true"

vulnerabilities.vulnerability.threatIntel.ransomwarevulnerabilities.vulnerability.threatIntel.ransomware

Use the values true | false to define real-time threats due to ransomeware vulnerability.

Examples

Show assets with ransomeware threat

vulnerabilities.vulnerability.threatIntel.ransomware: "true"

vulnerabilities.vulnerability.threatIntel.solorigateSunburstvulnerabilities.vulnerability.threatIntel.solorigateSunburst

Use the values true | false to filter real-time threats due to Solorigate/Sunburst risk.

Examples

Show assets with Solorigate/Sunburst threat

vulnerabilities.vulnerability.threatIntel.solorigateSunburst: "true"

vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulnsvulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns

Use the values true | false to define real-time threats due to CISA Exploits.

Examples

Show assets with threats due to CISA exploit

vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns: true

Show assets that don't have threats due to CISA exploit

vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns: false