Search by Field | Search without Field | String matching | Exact matching | Full text search | Suffix matching | Prefix matching | Is Null queries | Range searches | Date searches | Multiple values (In, Not In) | Boolean operators | Nested queries | Query limits
Enter the field name, then a colon, then your query. Nested fields are dot-separated.
Examples:
openPorts.port: 80
accounts.username: administrator
operatingSystem: win*
When your query doesn’t have a field name, we perform the broadest possible search across the attributes of all fields included in the Asset Index (100+ field names).
The Asset Index does not include some fields like tag name and vulnerability title. For these fields, you need to search by field name.
Use single or double quotes around your query to match a string with more than one word. Note that interfaces.address and software.version are text fields and support string matching.
Examples:
tags.name: "Cloud Agent"
operatingSystem: 'Microsoft Windows'
interfaces.address: 10.10.10.10
software.version: 2.1.7
vulnerabilities.vulnerability.title: "Remote Code Execution Vulnerability"
name:WINDOWS2008*
Wildcards can only be used for prefix and suffix matching. We do not support sub-string wildcards, which means you cannot search for a string in the middle of another string.
Use backticks to exactly match a string. Your results will include any asset with the EXACT value returned.
Examples:
operatingSystem:`Windows 7 Ultimate Service Pack 1`
interfaces.hostname:`xpsp2-jp-26-111`
Many asset fields containing text allow you to use full-text and advanced search capabilities. We'll perform the broadest search if your query does not include single or double quotes.
Examples:
vulnerabilities.vulnerability.title: Remote Code Execution
vulnerabilities.vulnerability.title: "Remote Code"
vulnerabilities.vulnerability.title: `Remote Code`
vulnerabilities.vulnerability: (title: `Remote Code` AND patchAvailable: "true")
Suffix matchingSuffix matching is supported when searching assets on your Assets list for the fields "name", "tags.name" and "netbiosName". Match asset values "ending in" a string you specify - using a string that starts with *. Matches are case-insensitive.
Examples:
name:*53
tags.name:*Region East
Suffix matching is also supported for the field "interfaces.hostname," but the syntax differs.
Example:
interfaces.hostname:qualys.com
interfaces.hostname:xxx01.qualys.co
interfaces.hostname:eng.xxx01.qualys.co
interfaces.hostname:*lys.com
Prefix matching is supported when searching assets (on your Assets list) using specific text fields. Match asset values "starting with" a string you specify - using a string that ends with *. Matches are case-sensitive.
Examples:
name:xp*
tags.name:Win*
interfaces.hostname:com-pa30*
operatingSystem:Lin*
Want to match an empty/null value for a field? You must remove the colon and then write "is null." For example, quickly find assets where the OS has not been identified.
Examples:
operatingSystem is null
interfaces.macAddress is null
Ranges can be specified with the [lower .. upper]
syntax using () and/or [] as follows. This is supported for numeric and date fields.
interfaces.address and software.version are text fields and not numeric fields). You cannot perform range searches for these. See String matching to search text fields.
Examples:
openPorts.port:(123 .. 1234)
openPorts.port:(123 .. 1234]
openPorts.port:[123 .. 1234
openPorts.port:[123 .. 1234
openPorts.port > 123
openPorts.port >= 123
openPorts.port < 1234
openPorts.port <= 1234
vulnerabilities.firstFound: [2018-01-01 .. 2018-04-01
Use a date range [start date .. end date] or a specific date. Several date variables are also available.
Examples:
updated:"2018-11-20"
updated <= "2018-10-20"
updated:["2018-11-20" .. "2018-11-24"]
updated:[now-3d .. now-1s]
Multiple values (In)Use to match values "In" fields. You'll include a comma-separated list of values within square brackets. Available for all fields except analyzed fields (i.e. full-text search fields). Values must match exactly. Matches are case-sensitive.
Examples:
operatingSystem:["Cisco IOS Version 12.4(19)","Windows Server 2003 Service Pack 2",Windows]
name:[MACMINI-ACA70B,2k8r2-u-10-11,10.10.10.43]
assetId:[5301908,10233,2345]
vulnerabilities.vulnerability.cveIds:[CVE-2003-0818,CVE-2002-0126,CVE-1999-1058]
"2017", "2018"]
["2018-08","2018-09"]
["2018-08-31","2018-08-30"]
vulnerabilities.vulnerability.description
vulnerabilities.vulnerability.solution
vulnerabilities.vulnerability.consequence
Boolean OperatorsUse keywords AND, OR, NOT to narrow or broaden your search. Click Learn more for information on maximum query depth.
Examples:
activatedForModules:"TRUE" AND NOT agentActivations.status:"INACTIVE"
(operatingSystem: windows OR operatingSystem: linux) AND (openPorts.port: 80 OR openPorts.port: 8080) NOT operatingSystem: windows
The NOT operator can be used only with Asset search tokens. Vulnerability search tokens do not support the NOT operator.
Nested QueriesUse a single nested query, using parentheses, to include multiple fields in your query per the examples below.
Examples
vulnerabilities.vulnerability:(patchAvailable:"TRUE" AND authTypes:"WINDOWS_AUTH")
openPorts:(port:80 AND protocol:TCP)
service:(name:Windows Time AND status: running)