You can use the search tokens available in the Vulnerabilities tab and refine your search results. We have broadly classified the search tokens for asset and vulnerability search in the Vulnerabilities tab. Click each token to learn more about it.
Generic | Vulnerability | Asset | Asset Inventory | RTIs | Threat Feed | Alibaba | AWS | Microsoft Azure | GCP | IBM | OCI | Passive Scanner
The order of precedence to use the operators is NOT, AND, OR. However, you can use the parenthesis to override the precedence.
Example
Show assets that don't have Windows operating system
not operatingSystem: Windows
Example
Find assets with certain tag and software installed
tags.name:`Cloud Agent` and software:
(name:`Cisco AnyConnect Secure Mobility Client`
and version:`3.1.12345`)
Example
Show findings with one of these tag values
tags.name:Cloud Agent or tags.name
:Windows
Use these tokens to define search criteria for vulnerabilities.
vulnerabilities.disabledvulnerabilities.disabled
Examples
Show findings with vulnerabilities disabled
vulnerabilities.disabled:TRUE
vulnerabilities.detectionScorevulnerabilities.detectionScore
Examples
Show vulnerabilities with detection score 80
vulnerabilities.detectionScore:80
Show vulnerabilities with detection score 25
vulnerabilities.detectionScore:25
vulnerabilities.detectionSourcevulnerabilities.detectionSource
Use a string value within quotes or backticks to find vulnerabilities with a certain source of detection.
Examples:
- Show findings with Qualys as the detection source:
vulnerabilities.detectionSource:Qualys
- Show findings that contain parts of the detection source:
vulnerabilities.detectionSource:"Qualys"
- Show findings that match the exact value Qualys:
vulnerabilities.detectionSource:`Qualys`
vulnerabilities.foundvulnerabilities.found
Examples
Show findings with vulnerabilities detected
vulnerabilities.found:TRUE
vulnerabilities.firstFoundvulnerabilities.firstFound
Examples
Show findings first found within certain dates
vulnerabilities.firstFound:[2017-10-21 ... 2017-10-30]
Show findings first found starting 2015-10-01, ending 1 month ago
vulnerabilities.firstFound:[2015-10-01 ... now-1M]
Show findings first found starting 2 weeks ago, ending 1 second ago
vulnerabilities.firstFound:[now-2w ... now-1s]
Show findings first found on certain date
vulnerabilities.firstFound:'2016-11-11'
vulnerabilities.hostAssetNamevulnerabilities.hostAssetName
Examples
Show any findings related to name
vulnerabilities.hostAssetName:QK2K12QP3-65-53
Show any findings that contain parts of name
vulnerabilities.hostAssetName:"QK2K12QP3-65-53"
Show any findings that match exact value "QK2K12QP3-65-53"
vulnerabilities.hostAssetName:`QK2K12QP3-65-53`
vulnerabilities.hostOSvulnerabilities.hostOS
Examples
Show any findings with this OS name
vulnerabilities.hostOS:Windows 2012
Show any findings that contain components of OS name
vulnerabilities.hostOS:"Windows 2012"
Show any findings that match exact value "Windows 2012"
vulnerabilities.hostOS:`Windows 2012`
vulnerabilities.ignoredvulnerabilities.ignored
Example
Show vulnerabilities that are marked as ignored
vulnerabilities.ignored:TRUE
vulnerabilities.instancevulnerabilities.instance
Example
Show vulnerabilities found in this instance
vulnerabilities.instance: oracle
vulnerabilities.lastFixedvulnerabilities.lastFixed
Examples
Show findings last fixed within certain dates
vulnerabilities.lastFixed:[2015-10-21 ... 2016-01-15]
Show findings last fixed starting 2016-01-01, ending 1 month ago
vulnerabilities.lastFixed:[2016-01-01 ... now-1M]
Show findings last fixed starting 2 weeks ago, ending 1 second ago
vulnerabilities.lastFixed:[now-2w ... now-1s]
Show findings last fixed on certain date
vulnerabilities.lastFixed:'2016-01-11'
Show findings last fixed within certain number of days
vulnerabilities.lastFixed: [91..180]
vulnerabilities.lastFoundvulnerabilities.lastFound
Examples
Show findings last found within certain dates
vulnerabilities.lastFound:[2015-10-21 ... 2016-01-15]
Show findings last found starting 2016-01-01, ending 1 month ago
vulnerabilities.lastFound:[2016-01-01 ... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
vulnerabilities.lastFound:[now-2w ... now-1s]
Show findings last found on certain date
vulnerabilities.lastFound:'2016-01-11'
Show findings last found within certain number of days
vulnerabilities.lastFound: [91..180]
Show findings last found on 2017-01-12 with patch available
vulnerabilities: (lastFound:'2017-01-12'
AND vulnerability.patchAvailable:TRUE)
vulnerabilities: (lastFound: AND vulnerability.patchAvailable:TRUE)
vulnerabilities.nonExploitableConfigvulnerabilities.nonExploitableConfig
Examples
Show findings with non exploitable configurations
vulnerabilities.nonExploitableConfig:TRUE
Show findings with exploitable configurations
vulnerabilities.nonExploitableConfig:FALSE
vulnerabilities.nonRunningKernelvulnerabilities.nonRunningKernel
Examples
Show detections found on non-running Kernal
vulnerabilities.nonRunningKernel:TRUE
Show detections found on running Kernal
vulnerabilities.nonRunningKernel:FALSE
vulnerabilities.portvulnerabilities.port
Example
Show vulnerabilities found on this port
vulnerabilities.port:443
vulnerabilities.protocolvulnerabilities.protocol
Use a text value ##### (UDP or TCP) to define the port protocol.
Example
Show vulnerabilities found on TCP protocol
vulnerabilities.protocol:TCP
vulnerabilities.runningServicevulnerabilities.runningService
Example
Show vulnerabilities found on running service
vulnerabilities.runningService:TRUE
Show vulnerabilities found on non-running service
vulnerabilities.nonexploitableService:FALSE
vulnerabilities.sslvulnerabilities.ssl
Examples
Show vulnerabilities associated with SSL
vulnerabilities.ssl:TRUE
vulnerabilities.severityvulnerabilities.severity
Example
Show findings with severity by 5
vulnerabilities.severity:5
For information about customer and Qualys severity, see Customer and Kb Severity Level
vulnerabilities.statusvulnerabilities.status
If you select the status as Fixed, the list will only show vulnerabilities that are fixed in the last 365 days.
Example
Show vulnerabilities with New status
vulnerabilities.status:NEW
vulnerabilities.ttr.firstFoundvulnerabilities.ttr.firstFound
Examples
Show vulnerabilities findings based on total and first found calculation
vulnerabilities.ttr.firstFound:[61..90]
Use custom query to see the vulnerabilities findings based on total and first found calculation
vulnerabilities.ttr.firstFound:[0..90]
vulnerabilities.typeDetectedvulnerabilities.typeDetected
Example
Show findings with this type
vulnerabilities.typeDetected:Confirmed
vulnerabilities.vulnerability.authTypesvulnerabilities.vulnerability.authTypes
Example
Show findings with Windows auth type
vulnerabilities.vulnerability.authTypes:WINDOWS_AUTH
vulnerabilities.vulnerability.bugTraqIdsvulnerabilities.vulnerability.bugTraqIds
Example
Show findings with BugTraq ID 22211
vulnerabilities.vulnerability.bugTraqIds:22211
vulnerabilities.vulnerability.categoryvulnerabilities.vulnerability.category
Example
Show findings with category CGI
vulnerabilities.vulnerability.category:CGI
Examples
Show any findings related to this description
vulnerabilities.vulnerability.compliance.description:malicious
software
Show any findings that contain "malicious" or "software" in description
vulnerabilities.vulnerability.compliance.description:"malicious
software"
Show any findings that match exact value "malicious software"
vulnerabilities.vulnerability.compliance.description:`malicious
software`
vulnerabilities.vulnerability.compliance.sectionvulnerabilities.vulnerability.compliance.section
Examples
Show any findings related to this section
vulnerabilities.vulnerability.compliance.section:164.308
Show any findings that contain parts of section
vulnerabilities.vulnerability.compliance.section:"164.308"
Show any findings that match exact value "164.308"
vulnerabilities.vulnerability.compliance.section:`164.308`
vulnerabilities.vulnerability.compliance.typevulnerabilities.vulnerability.compliance.type
Example
Show findings with the compliance type HIPAA
vulnerabilities.vulnerability.compliance.type:HIPAA
vulnerabilities.vulnerability.impactvulnerabilities.vulnerability.impact
Examples
Show any findings related to impact
vulnerabilities.vulnerability.impact:sensitive
information
Show any findings that contain "sensitive" or "information" in consequence
vulnerabilities.vulnerability.impact:"sensitive
information"
Show any findings that match exact value "sensitive information"
vulnerabilities.vulnerability.impact:`sensitive
information`
vulnerabilities.vulnerability.cveIdsvulnerabilities.vulnerability.cveIds
Example
Show findings with CVE name CVE-2015-0313
vulnerabilities.vulnerability.cveIds:CVE-2015-0313
Note: The CVE in the query is case sensitive and must be used in capital case.
Example
Show assets with this score
vulnerabilities.vulnerability.cvss3_1Info.basescore:7.8
Example
Show assets with this score
vulnerabilities.vulnerability.cvss3_1Info.temporalScore:6.4
Example
Show findings with this name
vulnerabilities.vulnerability.cvss2Info.accessVector:NETWORK
vulnerabilities.vulnerability.cvss2Info.baseScorevulnerabilities.vulnerability.cvss2Info.baseScore
Example
Show assets with this score
vulnerabilities.vulnerability.cvss2Info.baseScore:7.8
Example
Show assets with this score
vulnerabilities.vulnerability.cvss2Info.temporalScore:6.4
vulnerabilities.vulnerability.discoveryTypesvulnerabilities.vulnerability.discoveryTypes
Example
Show findings with Remote discovery type
vulnerabilities.vulnerability.discoveryTypes:REMOTE
vulnerabilities.vulnerability.exploitabilityvulnerabilities.vulnerability.exploitability
Examples
Show any findings related to this description
vulnerabilities.vulnerability.exploitability:GIF
Parser Heap
Show any findings that contain "GIF", "Parser" or "Heap" in description
vulnerabilities.vulnerability.exploitability:"GIF
Parser Heap"
Show any findings that match exact value "GIF Parser Heap"
vulnerabilities.vulnerability.exploitability:`GIF
Parser Heap`
vulnerabilities.vulnerability.flagsvulnerabilities.vulnerability.flags
Example
Show findings with this flag
vulnerabilities.vulnerability.flags:PCI_RELATED
vulnerabilities.vulnerability.osvulnerabilities.vulnerability.os
Examples
Show any findings related to this OS value
vulnerabilities.vulnerability.os:windows
Show any findings that contain parts of OS value
vulnerabilities.vulnerability.os:"windows"
Show any findings that match exact value "windows"
vulnerabilities.vulnerability.os:`windows`
vulnerabilities.vulnerability.patchAvailablevulnerabilities.vulnerability.patchAvailable
Examples
Show findings with patch available
vulnerabilities.vulnerability.patchAvailable:TRUE
Show findings with no patch available
vulnerabilities.vulnerability.patchAvailable:FALSE
vulnerabilities.vulnerability.pcivulnerabilities.vulnerability.pci
Examples
Show PCI vulnerabilities
vulnerabilities.vulnerability.pci:TRUE
Do not show PCI vulnerabilities
vulnerabilities.vulnerability.pci:FALSE
vulnerabilities.vulnerability.rebootRequiredvulnerabilities.vulnerability.rebootRequired
Examples
Show vulnerabilities that need reboot.
vulnerabilities.vulnerability.rebootRequired: TRUE
vulnerabilities.vulnerability.qidvulnerabilities.vulnerability.qid
Example
Show findings with QID 90405
vulnerabilities.vulnerability.qid: 90405
vulnerabilities.vulnerability.ransomware.namevulnerabilities.vulnerability.ransomware.name
Example
Show findings with this name
vulnerabilities.vulnerability.ransomware.name: Locky
Show findings that match exact value
vulnerabilities.vulnerability.ransomware.name: Locky
vulnerabilities.vulnerability.sans20Categoriesvulnerabilities.vulnerability.sans20Categories
Example
Show findings with this category name
vulnerabilities.vulnerability.sans20Categories:Media
Players
vulnerabilities.vulnerability.severityvulnerabilities.vulnerability.severity
Example
Show findings with severity set by Qualys as 5
vulnerabilities.vulnerability.severity:5
For information about customer and Qualys severity, see Customer and Kb Severity Level
vulnerabilities.vulnerability.solutionvulnerabilities.vulnerability.solution
Examples
Show any findings related to this solution
vulnerabilities.vulnerability.solution:Bulletin
MS10-006
Show any findings that contain parts of solution
vulnerabilities.vulnerability.solution:"Bulletin
MS10-006"
Show any findings that match exact value "Bulletin MS10-006"
vulnerabilities.vulnerability.solution:`Bulletin
MS10-006`
vulnerabilities.vulnerability.supportedByvulnerabilities.vulnerability.supportedBy
Example
Show vulnerabilities supported by Linux Agent
vulnerabilities.vulnerability.supportedBy:CA-Linux
Agent
vulnerabilities.vulnerability.titlevulnerabilities.vulnerability.title
Examples
Show any findings related to this title
vulnerabilities.vulnerability.title:Remote Code
Execution
Show any findings that contain "Remote" or "Code" in title
vulnerabilities.vulnerability.title:"Remote
Code"
Show any findings that match exact value "Remote Code"
vulnerabilities.vulnerability.title:`Remote Code`
vulnerabilities.vulnerability.typesvulnerabilities.vulnerability.types
Example
Show findings with this type
vulnerabilities.vulnerability.types:VULNERABILITY
vulnerabilities.vulnerability.vendorRefsvulnerabilities.vulnerability.vendorRefs
Example
Show this vendor reference
vulnerabilities.vulnerability.vendorRefs:KB3021953
vulnerabilities.vulnerability.vendors.productNamevulnerabilities.vulnerability.vendors.productName
Example
Show findings with this vendor product name
vulnerabilities.vulnerability.vendors.productName:Windows
vulnerabilities.vulnerability.vendors.vendorNamevulnerabilities.vulnerability.vendors.vendorName
Example
Show findings with this vendor name
vulnerabilities.vulnerability.vendors.vendorName:Adobe
vulnerabilities.nonExploitableKernelvulnerabilities.nonExploitableKernel
Examples
Show findings on non-exploitable kernels
vulnerabilities.nonExploitableKernel:TRUE
vulnerabilities.nonExploitableServicevulnerabilities.nonExploitableService
Examples
Show findings on non-exploitable services
vulnerabilities.nonExploitableService:TRUE
vulnerabilities.vulnerability.patchReleasedvulnerabilities.vulnerability.patchReleased
Examples
Show findings last found within certain dates
vulnerabilities.vulnerability.patchReleased:[2018-10-21
... 2019-01-15]
Show findings last found starting 2020-01-01, ending 1 month ago
vulnerabilities.vulnerability.patchReleased:[2020-01-01
... now-1M]
Show findings last found starting 2 weeks ago, ending 1 second ago
vulnerabilities.vulnerability.patchReleased:[now-2w
... now-1s]
Show findings last found on certain date
vulnerabilities.vulnerability.patchReleased:'2020-01-02'
vulnerabilities.timesFoundvulnerabilities.timesFound
Examples
Show findings last found 3 times
vulnerabilities.timesFound:3
vulnerabilities.vulnerability.kbAgevulnerabilities.vulnerability.kbAge
Example
Show findings/QIDs that were recently published (in the last 30 days)
vulnerabilities.vulnerability.kbAge:[00..30]
vulnerabilities.detectionAgevulnerabilities.detectionAge
Example
Show findings that were detected in the last 30 days.
vulnerabilities.detectionAge:[00..30]
vulnerabilities.vulnerability.descriptionvulnerabilities.vulnerability.description
Examples
Show any findings related to description
vulnerabilities.vulnerability.description:remote
code execution
Show any findings that contain "remote" or "code" in description
vulnerabilities.vulnerability.description:"remote
code execution"
Show any findings that match exact value "remote code execution"
vulnerabilities.vulnerability.description:`remote
code execution`
vulnerabilities.vulnerability.listsvulnerabilities.vulnerability.lists
Example
Show findings with vulnerabilities in SANS Top 20
vulnerabilities.vulnerability.lists:SANS_20
vulnerabilities.vulnerability.patchesvulnerabilities.vulnerability.patches
Example
Show assets with this patch QID
vulnerabilities.vulnerability.patches:90753
vulnerabilities.vulnerability.publishedvulnerabilities.vulnerability.published
Examples
Show findings for vulnerabilities published within certain dates
vulnerabilities.vulnerability.published:[2015-10-21
... 2016-01-15]
Show findings for vulnerabilities published starting 2017-01-01, ending 1 month ago
vulnerabilities.vulnerability.published:[2017-01-01
... now-1M]
Show findings for vulnerabilities published starting 2 weeks ago, ending 1 second ago
vulnerabilities.vulnerability.published:[now-2w
... now-1s]
Show findings for vulnerabilities published on certain date
vulnerabilities.vulnerability.published:'2018-01-15'
vulnerabilities.vulnerability.riskvulnerabilities.vulnerability.risk
Example
Show findings with risk 50
vulnerabilities.vulnerability.risk:50
vulnerabilities.vulnerability.qualysPatchablevulnerabilities.vulnerability.qualysPatchable
Examples
Show vulnerabilities with patch available at Qualys
vulnerabilities.vulnerability.qualysPatchable: "true"
Show vulnerabilities with patch not available at Qualys
vulnerabilities.vulnerability.qualysPatchable: "false"
vulnerabilities.vulnerability.criticalityvulnerabilities.vulnerability.criticality
The following list of criticality defines the CVSS Score from 0.0 to 10.0:
Examples
Show vulnerabilities with HIGH criticality
vulnerabilities.vulnerability.criticality: "HIGH"
vulnerabilities.vulnerability.updatedvulnerabilities.vulnerability.updated
Examples
Show vulnerabilities updated within certain dates
vulnerabilities.vulnerability.updated:[2017-10-21
... 2017-10-30]
Show vulnerabilities updated starting 2017-11-01, ending 1 month ago
vulnerabilities.vulnerability.updated:[2017-11-01
... now-1M]
Show vulnerabilities updated stating 2 weeks ago, ending 1 second ago
vulnerabilities.vulnerability.updated:[now-2w
... now-1s]
Show vulnerabilities updated on certain date
vulnerabilities.vulnerability.updated:'2018-03-08'
The following asset tokens will list all the assets mentioned in the QQL. You can filter the search results using other token options such as Generic, Search by Field, Search without field tokens.
accounts.usernameaccounts.username
Example
Show assets with the username Administrator
accounts.username:Administrator
activatedForModulesactivatedForModules
Examples
Show assets activated for VM
activatedForModules:VM
Show assets activated for VM and FIM
activatedForModules:VM AND activatedForModules:FIM
agent.activations.keyagent.activations.key
Example
Show assets with agents activated using key-value
agent.activations.key:key-value
agent.activations.statusagent.activations.status
Example
Show assets with active agents
agent.activations.status:ACTIVE
Example
Show the asset with this agent ID
agent.agentID:f0c8e682-e9cc-4e7d-b92a-0c905d81ec74
Example
Show findings with agent version 1.5.6.46
agent.version:1.5.6.46
Examples
Show this asset ID
assetId: 2918869
Show asset IDs in this range
assetId: [3546997 .. 12945655]
Show the 2 asset IDs listed
assetId: [3546997,12945655]
agent.configurationProfileagent.configurationProfile
Examples
Show any findings related to profile name
agent.configurationProfile:Initial Profile
Show any findings that contain parts of profile name
agent.configurationProfile:"Initial Profile"
Show any findings that match exact value "Initial Profile"
agent.configurationProfile:`Initial Profile`
agent.connectedFromagent.connectedFrom
Example
Show findings for an external IP address that an agent connected from
agent.connectedFrom:10.0.100.11
businessApp.businessCriticalitybusinessApp.businessCriticality
Examples
Show any findings that contain parts of name
businessApp:(businessCriticality:"1 - most")
Show any findings that match exact value "1 - most critical"
businessApp:(businessCriticality:`1 - most critical`)
businessApp.environmentbusinessApp.environment
Example
Show assets with business application environment as Production
businessApp:(environment:Production)
Example
Show findings with business app ID as APP007
businessApp:(id:APP007)
businessApp.managedBybusinessApp.managedBy
Examples
Show any findings that contain parts of name
businessApp:(managedBy:"Byron")
businessApp:(managedBy:`Byron Fortuna`)
businessApp.namebusinessApp.name
Examples
Show any findings that contain parts of name
businessApp:(managedBy:"HR")
businessApp:(managedBy:`HR Intranet`)
businessApp.operationalStatusbusinessApp.operationalStatus
Example
Show business applications with operational status as Installed
businessApp:(operationalStatus:Installed)
businessApp.ownedBybusinessApp.ownedBy
Examples
Show any findings that contain parts of name
businessApp:(ownedBy:"Joey")
Show any findings that match exact value "Joey Bolick"
businessApp:(ownedBy:"Joey Bolick")
businessApp.supportedBybusinessApp.supportedBy
Examples
Show any findings that contain parts of name
businessApp:(supportedBy:"Joe")
Show any findings that match exact value `Joey Doe`
businessApp:(supportedBy:`Joe Doe`)
businessApp.supportGroupbusinessApp.supportGroup
Example
Show assets with business application support group as Security.
businessApp:(supportGroup:"Security")
connectors.connector.nameconnectors.connector.name
Example
Show findings detected by connector myec2
connectors.connector.name:myec2
connectors.firstDiscoveredconnectors.firstDiscovered
Example
Show findings for connectors that were first discovered within certain dates
connectors.firstDiscovered:[2015-10-21 ... 2016-01-15]
Show findings for connectors that were first discovered starting 2017-01-01, ending 1 month ago
connectors.firstDiscovered:[2017-01-01 ... now-1M]
Show findings for connectors that were first discovered starting 2 weeks ago, ending 1 second ago
connectors.firstDiscovered:[now-2w ... now-1s]
Show findings for connectors that were first discovered on certain date
connectors.firstDiscovered:'2018-01-15'
Show findings for connectors that were first discovered before a certain date
connectors.firstDiscovered <'2018-01-15'
Show findings for connectors that were first discovered after a certain date
connectors.firstDiscovered >'2018-01-15'
connectors.lastDiscoveredconnectors.lastDiscovered
Example
Show findings for connectors last discovered within certain dates
connectors.lastDiscovered:[2015-10-21 ... 2016-01-15]
Show findings for connectors last discovered starting 2017-01-01, ending 1 month ago
connectors.lastDiscovered:[2017-01-01 ... now-1M]
Show findings for connectors last discovered starting 2 weeks ago, ending 1 second ago
connectors.lastDiscovered:[now-2w ... now-1s]
Show findings for connectors last discovered on certain date
connectors.lastDiscovered:'2018-01-15'
Show findings for connectors last discovered before a certain date
connectors.lastDiscovered <'2018-01-15'
Show findings for connectors last discovered after a certain date
connectors.lastDiscovered >'2018-01-15'
Example
Show assets that have 2 CPUs
cpuCount:2
Examples
Show assets created within certain dates
created:[2016-01-01 ... 2016-01-10]
Show assets created starting 2017-10-01, ending 1 month ago
created:[2017-10-01 ... now-1M]
Show assets created starting 2 weeks ago, ending 1 second ago
created:[now-2w ... now-1s]
Show assets created on specific date
created:'2018-01-08'
criticalityScorecriticalityScore
Examples
Show assets with criticality score 5
criticalityScore:5
Show assets with criticality score 2
criticalityScore:2
customAttributes.keycustomAttributes.key
Provide the value to identify your assets based on the key entered as part of the custom attribute.
Example
Find assets with "Department" as part of the key name
customAttributes:(key:"Department")
The result includes assets with the 'Department' custom attribute key.
Note: If 'Department' is part of the key name, such as Department 1, Department A-C, or Department US, those assets are also included in the result.
customAttributes.valuecustomAttributes.value
Provide the value to identify your assets based on the value entered as part of the custom attribute.
Example
Find assets with "DEVOPS" as part of the key value
customAttributes:(value:"DEVOPS")
The result includes assets with the 'DEVOPS' custom attribute value.
Note: If 'DEVOPS' is part of the value name, such as DEVOPS CSAM, DEVOPS CA, or DEVOPS PM, those assets are also included in the result.
docker.dockerVersiondocker.dockerVersion
Example
Show findings with this Docker version
docker.dockerVersion:17.3
docker.noOfContainersdocker.noOfContainers
Example
Show findings with 2 Docker containers
docker.noOfContainers:2
docker.noOfImagesdocker.noOfImages
Example
Show findings with 5 Docker images
docker.noOfImages:5
Examples
Show docker hosts
isDockerHost:true
Do not show docker hosts
isDockerHost:false
interfaces.addressinterfaces.address
Examples
Show the asset with IPv4 address
interfaces.address:10.10.100.20
Show the asset with IPv6 address (enclose value in single quotes)
interfaces.address:'fe80:0:0:0:2501:b53c:4139:404b'
interfaces.dnsAddressinterfaces.dnsAddress
Example
Show the asset with DNS address 10.0.100.11
interfaces.dnsAddress:10.0.100.11
interfaces.gatewayAddressinterfaces.gatewayAddress
Example
Show assets with this default gateway address
interfaces.gatewayAddress:10.11.65.1
interfaces.hostnameinterfaces.hostname
Examples
Show any findings related to name
interfaces.hostname:xpsp2-jp-26-111
Show any findings that contain parts of name
interfaces.hostname:"xpsp2-jp-26-111"
Show any findings that match exact value "xpsp2-jp-26-111"
interfaces.hostname:`xpsp2-jp-26-111`
Show any findings related to name (we'll match super domains)
interfaces.hostname:qcentos71sqp3.rdlab.acme.com
Show any findings that match exact value "qcentos71sqp3.rdlab.acme.com"
interfaces.hostname:`qcentos71sqp3.rdlab.acme.com`
interfaces.interfaceNameinterfaces.interfaceName
Example
Show the asset with name PRO/1000
interfaces.interfaceName:PRO/1000
interfaces.macAddressinterfaces.macAddress
Example
Show the asset with this MAC address
interfaces.macAddress:"00-50-56-A9-73-5A"
agent.lastCheckedInagent.lastCheckedIn
Examples
Show findings with last check in within a specific date range.
agent.lastCheckedIn:[2020-01-01 ... 2020-01-10]
Show findings with last check in starting 2019-11-01, ending 1 month ago.
agent.lastCheckedIn:[2019-11-01 ... now-1M]
Show findings with last check in starting 2 weeks ago, ending 1 second ago
agent.lastCheckedIn:[now-2w ... now-1s]
Show findings with last check in on a specific date
agent.lastCheckedIn:'2020-02-11'
Show findings with last check in before (older than) last 30 days.
agent.lastCheckedIn<now-30d
Note: We recommend not to use the NOT operator in your range search to form a query like NOT lastCheckedIn:[now-30d...now-2s]. See 'QQL Best Practices' topic in the Unified Dashboard online Help.
Show findings with last check in within last 30 days excluding day 30
agent.lastCheckedIn>now-30d
Show findings with last check in within last 30 days including day 30
agent.lastCheckedIn>=now-30d
Show findings with last check in which is older than last 30 days excluding day 30
agent.lastCheckedIn<now-30d
Show findings with last check in which is older than last 30 days including day 30
agent.lastCheckedIn<=now-30d
lastLocation.namelastLocation.name
Examples
Show assets with last location as Redwood City, California - United States
lastLocation.name: `Redwood City, California -
United States
`
Show assets with last location with exact string
lastLocation.name: `Redwood City, California -
United States`
lastLocation.continentlastLocation.continent
Examples
Show assets with last location continent as North America
lastLocation.continent: `North America`
Show assets with last location with exact string
lastLocation.continent: `North America`
lastLocation.countrylastLocation.country
Use a text value ##### to help you find assets based on country of the last location.
Example
Show assets with last location country as United States
lastLocation.country:
United
States
lastLocation.statelastLocation.state
Use a text value ##### to help you find assets based on state of the last location.
Example
Show assets with last location state as California
lastLocation.state:
California
lastLocation.citylastLocation.city
Use a text value ##### to help you find assets with city of the last location.
Example
Show assets with last location state as Miami
lastLocation.city:
Miami
lastLocation.postallastLocation.postal
Use a text value ##### to help you find assets based on postal of the last location.
Example
Show assets with last location postal as 94065
lastLocation.postal:
94065
Examples
Show findings with last vulnerability scan within certain dates
lastVmScanDateScanner: [2017-01-01 ... 2017-02-10]
Show findings with last vulnerability scan starting 2016-11-01, ending 1 month ago
lastVmScanDateScanner: [2016-11-01 ... now-1M]
Show findings with last vulnerability scan starting 2 weeks ago, ending 1 second ago
lastVmScanDateScanner: [now-2w ... now-1s]
Show findings with last vulnerability scan on specific date
lastVmScanDateScanner:'2017-04-10'
lastVmScanDateScanner lastVmScanDateScanner
Examples
Show findings with last vulnerability scan within certain dates
lastVmScanDateScanner: [2017-01-01 ... 2017-02-10]
Show findings with last vulnerability scan starting 2016-11-01, ending 1 month ago
lastVmScanDateScanner: [2016-11-01 ... now-1M]
Show findings with last vulnerability scan starting 2 weeks ago, ending 1 second ago
lastVmScanDateScanner: [now-2w ... now-1s]
Show findings with last vulnerability scan on specific date
lastVmScanDateScanner:'2017-04-10'
lastVmScanDateAgentlastVmScanDateAgent
Examples
Show findings with last vulnerability scan within certain dates
lastVmScanDateAgent: [2017-01-01 ... 2017-02-10]
Show findings with last vulnerability scan starting 2016-11-01, ending 1 month ago
lastVmScanDateAgent: [2016-11-01 ... now-1M]
Show findings with last vulnerability scan starting 2 weeks ago, ending 1 second ago
lastVmScanDateAgent: [now-2w ... now-1s]
Show findings with last vulnerability scan on specific date
lastVmScanDateAgent:'2017-04-10'
lastPcScanDateAgentlastPcScanDateAgent
Examples
Show findings with last compliance scan within certain dates
lastPcScanDateAgent: [2017-01-01 ... 2017-02-10]
Show findings with last compliance scan starting 2016-11-01, ending 1 month ago
lastPcScanDateAgent: [2016-11-01 ... now-1M]
Show findings with last compliance scan starting 2 weeks ago, ending 1 second ago
lastPcScanDateAgent: [now-2w ... now-1s]
Show findings with last compliance scan on specific date
lastPcScanDateAgent:'2017-04-10'
lastPcScanDateScannerlastPcScanDateScanner
Examples
Show findings with last compliance scan within certain dates
lastPcScanDateScanner: [2017-01-01 ... 2017-02-10]
Show findings with last compliance scan starting 2016-11-01, ending 1 month ago
lastPcScanDateScanner: [2016-11-01 ... now-1M]
Show findings with last compliance scan starting 2 weeks ago, ending 1 second ago
lastPcScanDateScanner: [now-2w ... now-1s]
Show findings with last compliance scan on specific date
lastPcScanDateScanner:'2017-04-10'
lastComplianceScanDatelastComplianceScanDate
Examples
Show findings with last compliance scan within certain dates
lastComplianceScanDate: [2017-01-01 ... 2017-03-31]
Show findings with last compliance scan starting 2016-10-15, ending 1 month ago
lastComplianceScanDate: [2016-10-15 ... now-1M]
Show findings with last compliance scan starting 2 weeks ago, ending 1 second ago
lastComplianceScanDate: [now-2w ... now-1s]
Show findings with last compliance scan on specific date
lastComplianceScanDate:'2017-02-18'
Examples
Show findings with last full scan within certain dates
lastFullScan:[2018-01-01 ... 2018-01-10]
Show findings with last full scan starting 2017-11-01, ending 1 month ago
lastFullScan:[2017-11-01 ... now-1M]
Show findings with last full scan starting 2 weeks ago, ending 1 second ago
lastFullScan:[now-2w ... now-1s]
Show findings with last full scan on a specific date
lastFullScan:'2018-02-08'
agent.lastInventoryagent.lastInventory
Examples
Show findings with last inventory scan within certain dates
agent.lastInventory:[2018-01-12 ... 2018-01-20]
Show findings with last inventory scan starting 2018-01-01, ending 1 month ago
agent.lastInventory:[2018-01-01 ... now-1M]
Show findings with last inventory scan starting 3 weeks ago, ending 1 second ago
agent.lastInventory:[now-3w ... now-1s]
Show findings with last inventory scan on specific date
agent.lastInventory:'2018-02-10'
lastLoggedOnUserlastLoggedOnUser
Examples
Show assets with last logon by user asmith
lastLoggedOnUser:asmith
agent.lastActivityagent.lastActivity
Examples
Show findings with last activity within certain dates
agent.lastActivity: [2016-01-01 ... 2016-01-10]
Show findings with last activity starting 2015-10-01, ending 1 month ago
agent.lastActivity: [2015-10-01 ... now-1M]
Show findings with last activity starting 2 weeks ago, ending 1 second ago
agent.lastActivity: [now-2w ... now-1s]
Show findings with last activity on a specific date
agent.lastActivity:'2015-12-01'
Examples
Show any findings related to name
name:QK2K12QP3-65-53
Show any findings that contain parts of name
name:"QK2K12QP3-65-53"
Show any findings that match exact value "QK2K12QP3-65-53"
name:`QK2K12QP3-65-53`
Examples
Show assets with this exact name (case sensitive)
netbiosName: EC2AMAZ-19OC2IT
Show assets with name starting with "EC2" (case sensitive)
netbiosName: EC2*
Show assets with name ending with "c2it" (case insensitive)
netbiosName: *c2it
openPorts.descriptionopenPorts.description
Examples
Show any findings with this description
openPorts.description:Windows Remote Desktop
Show any findings that contain parts of description
openPorts.description:"Windows Remote Desktop"
Show any findings that match exact value "Windows Remote Desktop"
openPorts.description:`Windows Remote Desktop`
openPorts.detectedServiceopenPorts.detectedService
Examples
Show any findings with this service name
openPorts.detectedService:win_remote_desktop
Show any findings that contain parts of name
openPorts.detectedService:"win_remote_desktop"
Show any findings that match exact value "win_remote_desktop"
openPorts.detectedService:`win_remote_desktop`
openPorts.firstFoundopenPorts.firstFound
Examples
Show findings with open ports first found within certain dates
openPorts.firstFound:[2017-06-15 ... 2017-06-30]
Show findings with open ports first found starting 2017-06-22, ending 1 month ago
openPorts.firstFound: [2017-06-22 ... now-1M]
Show findings with open ports first found starting 2 weeks ago, ending 1 second ago
openPorts.firstFound:[now-2w ... now-1s]
Show findings with open ports first found on specific date
openPorts.firstFound:'2017-06-14'
openPorts.lastUpdatedopenPorts.lastUpdated
Examples
Show findings with open ports last updated within certain dates
openPorts.lastUpdated:[2017-06-15 ... 2017-06-30]
Show findings with open ports last updated starting 2017-06-22, ending 1 month ago
openPorts.lastUpdated:[2017-06-22 ... now-1M]
Show findings with open ports last updated starting 2 weeks ago, ending 1 second ago
openPorts.lastUpdated:[now-2w ... now-1s]
Show findings with open ports last updated on specific date
openPorts.lastUpdated:'2018-01-14'
Example
Show assets with open port 80
openPorts.port:80
openPorts.protocolopenPorts.protocol
Examples
Show findings found on TCP
openPorts.protocol:TCP
Show findings found on port 80 and TCP
openPorts:(port:80 AND protocol:TCP)
pendingActivationForModulespendingActivationForModules
Examples
Show assets pending activation for VM
pendingActivationForModules:VM
Show assets pending activation for VM and FIM
pendingActivationForModules:VM AND pendingActivationForModules:FIM
Example
Show assets on Windows platform
platform:Windows
Examples
Show assets synced from Amazon AWS
provider: AWS
processors.descriptionprocessors.description
Examples
Show any findings with this description
processors.description:intel
Show any findings that contain parts of description
processors.description:"intel"
Show any findings that match exact value "intel"
processors.description:`intel`
processors.speedprocessors.speed
Example
Show assets with this processor speed
processors.speed:1995
processors.threadsPerCoreprocessors.threadsPerCore
Example
Show number of threads per core
processors.threadsPerCore:1
processors.coresPerSocketprocessors.coresPerSocket
Example
Show number of cores per socket
processors.coresPerSocket:2
processors.numberOfSocketsprocessors.numberOfSockets
Example
Show number of sockets
processors.numberofSockets:2
processors.numberOfCpuprocessors.numberOfCpu
Example
Show the CPUs
processors.numberofCpu:4
processors.multithreadingStatusprocessors.multithreadingStatus
Example
Show multi-threading status
processors.multithreadingStatus:"ENABLED"
Example
Show findings with QID 90405
QID: 90405
Note: The QID token shows all assets that have the specific QID. The exclude vulnerabilities filters are not applicable for the QID token.
qualysCorrelationIDqualysCorrelationID
Example
Show assets with this Qualys Correlation ID
qualysCorrelationID: 0f1b031712682e27cca306e4a2a9e3144696ac099b08fcdf76ccb6f3647ec058
Show assets without any Qualys Correlation ID
qualysCorrelationID: UNIDENTIFIED
Show assets all assets with Qualys Correlation ID
qualysCorrelationID: *
Examples
Show assets with risk score 60
riskScore:60
Show assets with risk score 25
riskScore:25
sensors.firstEasmScanDatesensors.firstEasmScanDate
Examples
Show a list of External Attack Surface discovered assets scanned for the first time on or after 2022-10-04
sensors.firstEasmScanDate >='2022-10-04'
Show a list of External Attack Surface discovered assets that are scanned for the first time before 2022-10-04
sensors.firstEasmScanDate <'2022-10-04'
Show a list of External Attack Surface discovered assets that are scanned for the first time after 2022-10-04
sensors.firstEasmScanDate > '2022-10-04'
Show a list of External Attack Surface discovered assets that are scanned for the first time on 2022-10-04
sensors.firstEasmScanDate = '2022-10-04'
services.descriptionservices.description
Examples
Show any findings with this description
services.description:Windows Event Log
Show any findings that contain parts of description
services.description:"Windows Event Log"
Show any findings that match exact value "Windows Event Log"
services.description:`Windows Event Log`
Examples
Show any findings with this name
services.name:eventlog
Show any findings that contain parts of name
services.name:"eventlog"
Show any findings that match exact value "eventlog"
services.name:`eventlog`
services.statusservices.status
Examples
Show any findings with this status
services.status:running
Show any findings that contain parts of name
services.status:"running"
Show any findings that match exact value running
services.status:`running`
software.firstFoundsoftware.firstFound
Examples
Show assets with software first found within certain dates
software.firstFound:[2017-10-15 ... 2017-10-30]
Show assets with software first found starting 2017-06-22, ending 1 month ago
software.firstFound:[2017-06-22 ... now-1M]
Show assets with software first found starting 2 weeks ago, ending 1 second ago
software.firstFound:[now-2w ... now-1s]
Show assets with software first found on specific date
software.firstFound:'2017-08-14'
software.lastUpdatedsoftware.lastUpdated
Examples
Show assets with software last updated within certain dates
software.lastUpdated:[2018-01-15 ... 2018-03-12]
Show assets with software last updated starting 2018-01-22, ending 1 month ago
software.lastUpdated:[2018-01-22 ... now-1M]
Show assets with software last updated starting 2 weeks ago, ending 1 second ago
software.lastUpdated:[now-2w ... now-1s]
Show assets with software last updated on specific date
software.lastUpdated:'2018-02-16'
software.installedDatesoftware.installedDate
Examples
Show assets with software installed within certain dates
software.installedDate:[2018-01-15 ... 2018-03-12]
Show assets with software installed starting 2018-01-22, ending 1 month ago
software.installedDate:[2018-01-22 ... now-1M]
Show assets with software installed starting 2 weeks ago, ending 1 second ago
software.installedDate:[now-2w ... now-1s]
Show assets with software installed on specific date
software.installedDate:'2018-02-16'
Examples
Show any findings with this name
software.name:VMware Tools
Show any findings that contain parts of name
software.name:"VMware Tools"
Show any findings that match exact value "VMware Tools"
software.name:`VMware Tools`
Find assets with certain tag and software installed
tags.name:`Cloud Agent` AND software:(name:`Cisco
AnyConnect Secure Mobility Client` AND version:`3.1.12345`)
software.versionsoftware.version
Example
Show findings with this version
software.version: 8.6.10
Find assets with certain tag and software installed
tags.name:`Cloud Agent` AND software:
(name:`Cisco AnyConnect Secure Mobility Client`
AND version:`3.1.12345`)
system.biosDescriptionsystem.biosDescription
Examples
Show any findings with this description
system.biosDescription: Phoenix Technologies
Show any findings that contain parts of name
system.biosDescription: "Phoenix Technologies"
Show any findings that match exact value "Phoenix Technologies"
system.biosDescription: `Phoenix Technologies`
system.lastBootsystem.lastBoot
Examples
Show assets last booted within certain dates
system.lastBoot:[2018-01-11 ... 2018-01-23]
Show assets last booted starting 2017-10-01, ending 1 month ago
system.lastBoot:[2017-10-01 ... now-1M]
Show assets last booted starting 2 weeks ago, ending 1 second ago
system.lastBoot:[now-2w ... now-1s]
Show assets last booted on a specific date
system.lastBoot:'2018-03-08'
system.manufacturersystem.manufacturer
Examples
Show any findings with this name
system.manufacturer:dell
Show any findings that contain parts of name
system.manufacturer:"dell"
Show any findings that match exact value "dell"
system.manufacturer:`dell`
Examples
Show any findings with this name
system.model: optiplex
Show any findings that contain parts of name
system.manufacturer: "optiplex"
Show any findings that match exact value "optiplex"
system.manufacturer: `optiplex`
system.timezonesystem.timezone
Example
Show assets with this timezone
system.timezone:-08:00
system.totalMemorysystem.totalMemory
Example
Show assets with this total system memory
system.totalMemory:1024
Examples
Show this assets tracked by IP
trackingMethod: IP
Show asset tracked by NETBIOS
trackingMethod: NETBIOS
Show assets tracked by EASM
trackingMethod: EASM
Examples
Show assets updated within certain dates
updated:[2017-12-01 ... 2018-01-10]
Show assets updated starting 2017-10-01, ending 3 months ago
updated:[2017-10-01 ... now-3M]
Show assets updated starting 2 weeks ago, ending 1 second ago
updated:[now-2w ... now-1s]
Show assets updated on a specific date
updated:'2018-03-10'
Example
Show assets with this free volume space
volumes.free:448312320
Example
Show assets with this volume name
volumes.name:/boot
Example
Show assets with this volume size
volumes.size:481529856
vulnerabilitiesvulnerabilities
Example
Show all findings that have vulnerabilities
vulnerabilities:*
Use search tokens to refine your search for assets based on different asset properties.
hardware.categoryhardware.category
Examples
Show any findings that contain parts of value
hardware.category:"Computer/Server"
Show any findings that match exact value
hardware.category:`Computer/Server`
hardware.category1hardware.category1
Example
Show any findings that match exact value
hardware.category1:`Computer`
hardware.category2hardware.category2
Example
Show any findings that match exact value
hardware.category2:`Server`
hardware.lifecycle.gahardware.lifecycle.ga
Examples
Show findings with hardware GA date in this date range
hardware.lifecycle.ga:[2019-01-01 ... 2019-01-15]
Show findings with hardware GA date starting 2019-01-15, ending 1 month ago
hardware.lifecycle.ga:[2019-01-15 ... now-1M]
Show findings with hardware GA date starting 2 weeks ago, ending 1 second ago
hardware.lifecycle.ga:[now-2w ... now-1s]
Show findings with this hardware GA date
hardware.lifecycle.ga:'2019-03-18'
hardware.lifecycle.introhardware.lifecycle.intro
Examples
Show findings with hardware introduction date in this date range
hardware.lifecycle.intro:[2019-01-01 ... 2019-01-15]
Show findings with hardware introduction date starting 2019-01-15, ending 1 month ago
hardware.lifecycle.intro:[2019-01-15 ... now-1M]
Show findings with hardware introduction date starting 2 weeks ago, ending 1 second ago
hardware.lifecycle.intro:[now-2w ... now-1s]
Show findings with this hardware introduction date
hardware.lifecycle.intro:'2019-03-18'
hardware.lifecycle.eoshardware.lifecycle.eos
Examples
Show findings with hardware End-of-Sale date in this date range
hardware.lifecycle.eos:[2019-01-01 ... 2019-01-15]
Show findings with hardware End-of-Sale date starting 2019-01-15, ending 1 month ago
hardware.lifecycle.eos:[2019-01-15 ... now-1M]
Show findings with hardware End-of-Sale date starting 2 weeks ago, ending 1 second ago
hardware.lifecycle.eos:[now-2w ... now-1s]
Show findings with this hardware End-of-Sale date
hardware.lifecycle.eos:'2019-03-18'
hardware.lifecycle.obshardware.lifecycle.obs
Examples
Show findings with hardware obsolete date in this date range
hardware.lifecycle.obs:[2019-01-01 ... 2019-01-15]
Show findings with hardware obsolete date starting 2019-01-15, ending 1 month ago
hardware.lifecycle.obs:[2019-01-15 ... now-1M]
Show findings with hardware obsolete date starting 2 weeks ago, ending 1 second ago
hardware.lifecycle.obs:[now-2w ... now-1s]
Show findings with this hardware obsolete date
hardware.lifecycle.obs:'2019-03-18'
hardware.lifecycle.stagehardware.lifecycle.stage
Example
Show End-of-Sale hardware
hardware.lifecycle.stage:"EOS"
hardware.manufacturerhardware.manufacturer
Example
Show any findings that match exact value "Dell"
hardware.manufacturer:`Dell`
Example
Show any findings that match exact value "e7470"
hardware.model:`De7470`
hardware.producthardware.product
Example
Show any findings that match exact value "Latitude"
hardware.product:`Latitude`
software.architecturesoftware.architecture
Example
Show any findings that match exact value
software:(architecture:`64-Bit`)
software.categorysoftware.category
Example
Show any findings that match exact value
software:(category:`Productivity > Productivity
Suites`)
software.category1software.category1
Example
Show any findings that match exact value
software:(category1:`Productivity`)
software.category2software.category2
Example
Show any findings that match exact value
software:(category2:`Productivity Suites`)
software.editionsoftware.edition
Example
Show any findings that match exact value
software:(edition:`Professional`)
software.lifecycle.gasoftware.lifecycle.ga
Examples
Show findings with software GA date in this date range
software:(lifecycle.ga:[2019-01-01 ... 2019-01-15])
Show findings with woftware GA date starting 2019-01-15, ending 1 month ago
software:(lifecycle.ga:[2019-01-15 ... now-1M])
Show findings with software GA date starting 2 weeks ago, ending 1 second ago
software:(lifecycle.ga:[now-2w ... now-1s])
Show findings with this software GA date
software:(lifecycle.ga:'2019-03-18')
software.lifecycle.eolsoftware.lifecycle.eol
Examples
Show findings with software End-of-Life date in this date range
software.lifecycle.eol:[2019-01-01 ... 2019-01-15]
Show findings with software End-of-Life date starting 2019-01-15, ending 1 month ago
software.lifecycle.eol:[2019-01-15 ... now-1M]
Show findings with software End-of-Life date starting 2 weeks ago, ending 1 second ago
software.lifecycle.eol:[now-2w ... now-1s]
Show findings with this software End-of-Life date
software.lifecycle.eol:'2019-03-18'
software.lifecycle.eossoftware.lifecycle.eos
Examples
Show findings with software End-of-Support date in this date range
software.lifecycle.eos:[2019-01-01 ... 2019-01-15]
Show findings with software End-of-Support date starting 2019-01-15, ending 1 month ago
software.lifecycle.eos:[2019-01-15 ... now-1M]
Show findings with software End-of-Support date starting 2 weeks ago, ending 1 second ago
software.lifecycle.eos:[now-2w ... now-1s]
Show findings with this software End-of-Support date
software.lifecycle.eos:'2019-03-18'
software.lifecycle.stagesoftware.lifecycle.stage
Examples
Show findings having this software lifecycle stage
software:(lifecycle.stage:eol)
Show findings having software category Windows and software lifecycle stage "active"
software:(category:Windows AND lifecycle.stage:eol)
software.license.categorysoftware.license.category
Example
Show any findings that match exact value
software:(license.category:`Open Source`)
software.marketVersionsoftware.marketVersion
Example
Show any findings that match exact value
software:(marketVersion:`7`)
software.productsoftware.product
Example
Show findings with this exact product name
software:(product:`Office`)
software.publishersoftware.publisher
Example
Show findings with this exact software publisher
software:(publisher:`Microsoft`)
Example
Show findings having this software type
software:(type:`Installer Package`)
software.updatesoftware.update
Example
Show findings with this exact software update version
software:(update:`16.0.1.2`)
software.license.subCategorysoftware.license.subCategory
Example
Show any findings that match exact value
software:(license.subCategory:Apache 2.0)
Use these tokens for searching Real-Time Threat Indicator (RTI) related vulnerabilities.
Examples
Show assets with threats due to active attacks
vulnerabilities.vulnerability.threatIntel.activeAttacks:
true
Show assets that don't have threats due to active attacks
vulnerabilities.vulnerability.threatIntel.activeAttacks:
false
Examples
Show assets with threats due to CISA exploit
vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns:
true
Show assets that don't have threats due to CISA exploit
vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns:
false
Examples
Show assets with threats due to denial of service
vulnerabilities.vulnerability.threatIntel.denialOfService:
true
Show assets that don't have threats due to denial of service
vulnerabilities.vulnerability.threatIntel.denialOfService:
false
Examples
Show assets with threats due to easy exploit
vulnerabilities.vulnerability.threatIntel.easyExploit:
true
Show assets that don't have threats due to easy exploit
vulnerabilities.vulnerability.threatIntel.easyExploit:
false
Examples
Show assets with threats due to exploit kit
vulnerabilities.vulnerability.threatIntel.exploitKit:
true
Show assets that don't have threats due to exploit kit
vulnerabilities.vulnerability.threatIntel.exploitKit:
false
Examples
Show any findings with this name
vulnerabilities.vulnerability.threatIntel.exploitKitName:
Angler
Show any findings that match exact value
vulnerabilities.vulnerability.threatIntel.exploitKitName:
`Angler`
Examples
Show assets with threats due to high data loss
vulnerabilities.vulnerability.threatIntel.highDataLoss:
true
Show assets that don't have threats due to high data loss
vulnerabilities.vulnerability.threatIntel.highDataLoss:
false
Examples
Show assets with threats due to high lateral movement
vulnerabilities.vulnerability.threatIntel.highLateralMovement:
true
Show assets that don't have threats due to high lateral movement
vulnerabilities.vulnerability.threatIntel.highLateralMovement:
false
vulnerabilities.vulnerability.threatIntel.malwarevulnerabilities.vulnerability.threatIntel.malware
Examples
Show assets with threats due to malware
vulnerabilities.vulnerability.threatIntel.malware: true
Show assets that don't have threats due to malware
vulnerabilities.vulnerability.threatIntel.malware: false
Examples
Show any findings with this name
vulnerabilities.vulnerability.threatIntel.malwareName:
TROJ_PDFKA.DQ
Show any findings that match exact value
vulnerabilities.vulnerability.threatIntel.malwareName:
`TROJ_PDFKA.DQ`
vulnerabilities.vulnerability.threatIntel.noPatchvulnerabilities.vulnerability.threatIntel.noPatch
Examples
Show assets with threats due to no patch available
vulnerabilities.vulnerability.threatIntel.noPatch: true
Show assets that don't have threats due to no patch available
vulnerabilities.vulnerability.threatIntel.noPatch: false
Example
Show assets with threats due to public exploit
vulnerabilities.vulnerability.threatIntel.publicExploit:
true
Show assets that don't have threats due to public exploit
vulnerabilities.vulnerability.threatIntel.publicExploit:
false
Examples
Show any findings with this name
vulnerabilities.vulnerability.threatIntel.publicExploitName:
RealVNC NULL Authentication Mode Bypass
Show any findings that contain parts of name
vulnerabilities.vulnerability.threatIntel.publicExploitName:
"RealVNC NULL Authentication Mode Bypass"
Show any findings that match exact value
vulnerabilities.vulnerability.threatIntel.publicExploitName:
`RealVNC NULL Authentication Mode Bypass`
vulnerabilities.vulnerability.threatIntel.zeroDayvulnerabilities.vulnerability.threatIntel.zeroDay
Examples
Show assets with threats due to zero day exploit
vulnerabilities.vulnerability.threatIntel.zeroDay: true
Show assets that don't have threats due to zero day exploit
vulnerabilities.vulnerability.threatIntel.zeroDay: false
vulnerabilities.vulnerability.threatIntel.wormablevulnerabilities.vulnerability.threatIntel.wormable
Examples
Show assets with wormable threats
vulnerabilities.vulnerability.threatIntel.wormable: "true"
Examples
Show assets with predicted high risk threat
vulnerabilities.vulnerability.threatIntel.predictedHighRisk:
"true"
Examples
Show assets with unauthenticated exploitation threat
vulnerabilities.vulnerability.threatIntel.unauthenticatedExploitation:
"true"
Examples
Show assets with remote code execution threat
vulnerabilities.vulnerability.threatIntel.remoteCodeExecution:
"true"
Examples
Show assets with ransomeware threat
vulnerabilities.vulnerability.threatIntel.ransomware:
"true"
Examples
Show assets with privilege escalation threat
vulnerabilities.vulnerability.threatIntel.privilegeEscalation:
"true"
Examples
Show assets with Solorigate/Sunburst threat
vulnerabilities.vulnerability.threatIntel.solorigateSunburst:
"true"
Use the and/or tokens combined with these tokens for searching a threat feed.
Examples
Find categories that match any CVE.
categories: CVE:2020-8591
Examples
Find content that match a product.
contents: Google
Examples
Find threat feeds that match a publish date.
publishDate: [2020-10-21 ... 2021-01-15]
Use these tokens when searching Alibaba assets on the Assets list.
alibaba.instance.accountIdalibaba.instance.accountId
Use a text value to define the instance id of the Alibaba cloud account.
Example
Find Alibaba instances with following account ID
alibaba.instance.accountId: 1609xxxx
alibaba.instance.dnsServeralibaba.instance.dnsServer
Use an integer value to define the Domain Name System (DNS) configurations of the instance.
Example
Find Alibaba instances of the following DNS
alibaba.instance.dnsServer: 100.xxx.x.xxx
alibaba.instance.hasAgentalibaba.instance.hasAgent
Use the boolean value, true | false to define whether the Alibaba instance has a cloud agent installed on it.
Example
Find Alibaba instances with agents
alibaba.instance.hasAgent: `true`
alibaba.instance.hostNamealibaba.instance.hostName
Use a text value to find Alibaba hostname.
Example
Find instances related to name
alibaba.instance.hostName: abc.qualys.com
alibaba.instance.imageIdalibaba.instance.imageId
Use a text value to find id of the image used during the instance creation process.
Example
Find instances related to image id
alibaba.instance.imageId: ubuntu_14_0405_64_20G_alibase_20170824.vhd
alibaba.instance.instanceIdalibaba.instance.instanceId
Use a text value to define the Alibaba instance id.
Example
Find Alibaba instances with this instance ID
alibaba.instance.instanceId: i-a2dxxxxsxxxxxhdfax
alibaba.instance.instanceTypealibaba.instance.instanceType
Use a text value to define the instance type.
Example
Find Alibaba instances with this instance type
alibaba.instance.instanceType: ecs.g6e.large
alibaba.instance.interfaceIdalibaba.instance.interfaceId
Use a text value to define the identifier of the NIC.
Example
Find Alibaba instances of the following interface id
alibaba.instance.interfaceId: eni-a2dxxxxaixxxtux572
alibaba.instance.instanceStatealibaba.instance.instanceState
Use a text value to define the state of the Alibaba instance. The state of the instance can be, Running, Terminated, and Stopped.
Example
Find Alibaba instances for the following state
alibaba.instance.instanceState: Running
alibaba.instance.macAddressalibaba.instance.macAddress
Use a text value to define the MAC address.
Example
Find Alibaba instances with this MAC address
alibaba.instance.macAddress: 00:16:3e:0f:XX:XX
alibaba.instance.networkTypealibaba.instance.networkType
Select the network type to find cloud instances. The network type can be vpc or classic.
Example
Find Alibaba instances with this network type
alibaba.instance.networkType: vpc
alibaba.instance.privateIpAddressalibaba.instance.privateIpAddress
Use an integer value to define a private IPv4address or range of IPs .
Example
Find Alibaba instances with the following private IP address
alibaba.instance.privateIpAddress: 192.168.XX.XX
alibaba.instance.publicIpAddressalibaba.instance.publicIpAddress
Use an integer value to define a public IPv4address or range of IPs .
Example
Find Alibaba instances with the following private IP address
alibaba.instance.publicIpAddress: 149.xx.xx.xx
alibaba.instance.region.codealibaba.instance.region.code
Select the region code to find the alibaba cloud instances that belong to the region with specific code.
Example
Find Alibaba instances for the following region code
alibaba.instance.region.code: cn-chengdu
alibaba.instance.region.namealibaba.instance.region.name
Use a text value to define the region name.
Example
Find Alibaba instances for the following region
alibaba.instance.region.name: US (Silicon Valley)
alibaba.instance.serialNumberalibaba.instance.serialNumber
Use a text value to define the serial number of the instance.
Example
Find Alibaba instances of the following serial number
alibaba.instance.serialNumber: 12trexxxxr-3xx-xxx-rtg4-xxxx6t45
alibaba.instance.vpcCidrBlockalibaba.instance.vpcCidrBlock
Use an integer value to define the CIDR block.
Example
Find Alibaba instances of the following CIDR block
alibaba.instance.vpcCidrBlock: 172.xx.x.x/16
alibaba.instance.vpcIdalibaba.instance.vpcId
Use a text value to search all the assets with the specified VPC ID.
Example
Show all assets with this VPC ID
alibaba.instance.vpcId: vpc-a2d6pxxxxvvdadd5yikj
alibaba.instance.vswitchIdalibaba.instance.vswitchId
Use a text value to define the switch ID to which the Alibaba instance is connected.
Example
Find Alibaba instances of the following switch ID
alibaba.instance.vswitchId: vsw-a2dxxxoxxxxsqx1mxxxdd
alibaba.instance.vswitchCidrBlockalibaba.instance.vswitchCidrBlock
Use an integer value to define the CIDR block of the switch to which the Alibaba instance is connected.
Example
Find Alibaba instances of the following CIDR block of the switch
alibaba.instance.vswitchCidrBlock: 192.168.XX.XX/24
alibaba.instance.zoneIdalibaba.instance.zoneId
Use a text value to define the zone id.
Example
Find Alibaba instances of the following zone id
alibaba.instance.zoneId: cn-chengdu-a
Use these tokens when searching your AWS EC2 assets on the Assets list.
- Your results may return Terminated instances. It's recommended you include aws.ec2instanceState in your query to reduce the number of results.
- The syntax is different when writing queries for tag rules than when searching assets in the Assets list. Be sure to follow the syntax tips in the drop-down when writing your query.
aws.ec2.accountIdaws.ec2.accountId
Example
Find EC2 instances in that match this account ID
aws.ec2.accountId: 123456789012
Find EC2 instances with account ID starting "12345"
aws.ec2.accountId: 12345*
Find EC2 instances where account ID is null (remove the colon)
aws.ec2.accountId is null
aws.ec2.availabilityZoneaws.ec2.availabilityZone
Example
Find EC2 instances in the us-east-1a availability zone
aws.ec2.availabilityZone: us-east-1a
aws.ec2.hasAgentaws.ec2.hasAgent
Examples
Show findings with a cloud agent
aws.ec2.hasAgent: true
Show findings without a cloud agent
aws.ec2.hasAgent: false
aws.ec2.hostnameaws.ec2.hostname
Examples
Find instances related to name
aws.ec2.hostname: abc.qualys.com
Find instances that match exact value
aws.ec2.hostname: `abc.qualys.com`
aws.ec2.imageIdaws.ec2.imageId
Examples
Find instances related to the Image ID
aws.ec2.imageId: ami-2ea83347
Find instances that match exact value
aws.ec2.imageId: `ami-2ea83347`
aws.ec2.instanceIdaws.ec2.instanceId
Example
Find EC2 instances with this ID
aws.ec2.instanceId: i-1234567890abcdef0
aws.ec2.instanceStateaws.ec2.instanceState
Example
Find running EC2 instances
aws.ec2.instanceState: RUNNING
aws.ec2.instanceTypeaws.ec2.instanceType
Example
Find EC2 instances with instance type t2.micro
aws.ec2.instanceType: t2.micro
aws.ec2.isQualysScanneraws.ec2.isQualysScanner
Examples
Show findings where assets are scanners
aws.ec2.isQualysScanner: true
Show findings where assets are not scanners
aws.ec2.isQualysScanner: false
aws.ec2.kernelIdaws.ec2.kernelId
Example
Find EC2 instances with this kernel ID
aws.ec2.kernelId: aki-70ab0c10
aws.ec2.launchDateaws.ec2.launchDate
Examples
Find EC2 instances launched within certain dates
aws.ec2.launchDate: [2017-06-15 ... 2017-06-30]
Find EC2 instances launched on specific date
aws.ec2.launchDate:'2017-08-15'
aws.ec2.privateDNSaws.ec2.privateDNS
Example
Find the EC2 instance with this private DNS address
aws.ec2.privateDNS: ip-10-90-2-85.ec2.internal
aws.ec2.privateIpAddressaws.ec2.privateIpAddress
Examples
Find EC2 instances with this private IP address
aws.ec2.privateIpAddress: 10.90.0.119
Find EC2 instances within this IP range
aws.ec2.privateIpAddress: [10.1.78.23 ... 10.100.78.235]
aws.ec2.publicDNSaws.ec2.publicDNS
Example
Find the EC2 instance with this public DNS address
aws.ec2.publicDNS: ec2-52-70-141-154.compute-1.amazonaws.com
aws.ec2.publicIpAddressaws.ec2.publicIpAddress
Examples
Find EC2 instances with this public IP address
aws.ec2.publicIpAddress: 52.70.141.154
Find EC2 instances within this IP range
aws.ec2.publicIpAddress: [52.70.141.154 ... 52.70.141.164]
aws.ec2.region.codeaws.ec2.region.code
Example
Find EC2 instances in the us-east-1 region
aws.ec2.region.code: us-east-1
aws.ec2.region.nameaws.ec2.region.name
Example
Find EC2 instances in the US East (N. Virginia) region
aws.ec2.region.name: US East (N. Virginia)
aws.ec2.spotInstanceaws.ec2.spotInstance
Examples
Show EC2 Spot instances
aws.ec2.spotInstance: "true"
Show EC2 instances that are not Spot instances
aws.ec2.spotInstance: "false"
aws.ec2.subnetIdaws.ec2.subnetId
Example
Find EC2 instances with this subnet ID
aws.ec2.subnetId: subnet-bc02c0d4
Example
Find EC2 instances with this VPC ID
aws.ec2.vpcId: vpc-1e37cd76
Use these tokens when searching Microsoft Azure assets on the Assets list.
azure.vm.hasAgentazure.vm.hasAgent
Examples
Find Azure instances with agents
azure.vm.hasAgent `true`
azure.vm.imageOfferazure.vm.imageOffer
Examples
Find Azure instances related to name
azure.vm.imageOffer: UbuntuServer
Find Azure instances that match exact value
azure.vm.imageOffer: `UbuntuServer`
azure.vm.imagePublisherazure.vm.imagePublisher
Examples
Find Azure instances related to name
azure.vm.imagePublisher: Canonical
Find Azure instances that match exact value
azure.vm.imagePublisher: `Canonical`
azure.vm.imageVersionazure.vm.imageVersion
Example
Find Azure instances with this sku version
azure.vm.imageVersion: 16.04.201708030
azure.vm.locationazure.vm.location
Example
Find Azure instances in this location
azure.vm.location: westus
azure.vm.macAddressazure.vm.macAddress
Example
Find Azure instances with this MAC address
azure.vm.macAddress: '000D3A36DDED'
Examples
Find Azure instances related to name
azure.vm.name: avset2
Find Azure instances that match exact value
azure.vm.name: `avset2`
azure.vm.platformazure.vm.platform
Example
Find Azure instances on Windows platform
azure.vm.platform: Windows
azure.vm.privateIpAddressazure.vm.privateIpAddress
Examples
Find Azure instances with this private IP
azure.vm.privateIpAddress: 10.1.2.5
Find Azure instances within this IP range
azure.vm.privateIpAddress: [10.1.2.5 ... 10.1.2.33]
azure.vm.publicIpAddressazure.vm.publicIpAddress
Examples
Find Azure instances with this public IP
azure.vm.publicIpAddress: 13.126.125.189
Find Azure instances within this IP range
azure.vm.publicIpAddress: [13.126.125.180 ...
13.126.125.255]
azure.vm.resourceGroupNameazure.vm.resourceGroupName
Examples
Find Azure instances related to name
azure.vm.resourceGroupName: my-eastus-rg
Find Azure instances that match exact value
azure.vm.resourceGroupName: `my-eastus-rg`
Example
Find Azure instances with this size
azure.vm.size: Standard_D1
Example
Find running Azure instances
azure.vm.state: RUNNING
azure.vm.subnetazure.vm.subnet
Example
Find Azure instances with this subnet
azure.vm.subnet: 10.1.2.0
azure.vm.subscriptionIdazure.vm.subscriptionId
Example
Find Azure instances with this subscription ID
azure.vm.subscriptionId: fbb9ea64-abda-452e-adfa-83442409
azure.vm.virtualNetworkazure.vm.virtualNetwork
Example
Find Azure virtual network with this ID
azure.vm.virtualNetwork: mburton01-vnet
Example
Find Azure instances with this ID
azure.vm.vmId: 13f56399-bd52-4150-9748-7190aae1ff21
Use these tokens when searching Google Cloud Platform assets on the Assets list.
gcp.compute.hostnamegcp.compute.hostname
Examples
Find GCP instances related to name
gcp.compute.hostname: instance-5.c.qvsa-dev.internal
Find GCP instances that match exact value
gcp.compute.hostname: `instance-5.c.qvsa-dev.internal`
gcp.compute.instanceIdgcp.compute.instanceId
Example
Find GCP instances with this ID
gcp.compute.instanceId: 4392196237934605253
gcp.compute.macAddressgcp.compute.macAddress
Example
Find GCP instances with this MAC address
gcp.compute.macAddress: '000D3A36DDED'
gcp.compute.machineTypegcp.compute.machineType
Examples
Find GCP instances related to name
gcp.compute.machineType: n1-standard-1
Find GCP instances that match exact value
gcp.compute.machineType: `n1-standard-1`
gcp.compute.networkgcp.compute.network
Example
Find GCP instances with this network
gcp.compute.network: 000D3A36DDED
gcp.compute.privateIpAddressgcp.compute.privateIpAddress
Examples
Find GCP instances with this private IP
gcp.compute.privateIpAddress: 10.240.0.7
Find GCP instances with this private IP range
gcp.compute.privateIpAddress: [10.240.0.7 ...
10.240.0.30]
gcp.compute.projectIdgcp.compute.projectId
Examples
Find GCP instances related to ID
gcp.compute.projectId: qvsa-dev
Find GCP instances that match exact value
gcp.compute.projectId: `qvsa-dev`
gcp.compute.projectNumbergcp.compute.projectNumber
Examples
Find GCP instances related to this number
gcp.compute.projectNumber: 1035365309337
Find GCP instances that match exact value
gcp.compute.projectNumber: `1035365309337`
gcp.compute.publicIpAddressgcp.compute.publicIpAddress
Examples
Find GCP instances with this public IP
gcp.compute.publicIpAddress: 104.196.57.216
Find GCP instances within this IP range
gcp.compute.publicIpAddress: [104.196.57.216 ...
104.196.57.218]
gcp.compute.zonegcp.compute.zone
Examples
Find GCP instances related to name
gcp.compute.zone: us-east1-d
Find GCP instances that match exact value
gcp.compute.zone: `us-east1-d`
gcp.compute.stategcp.compute.state
Examples
Find running GCP instances
gcp.compute.state: RUNNING
Use these token when searching IBM assets on the Assets list.
ibm.virtualServer.idibm.virtualServer.id
Examples
Find IBM virtual server with this ID
ibm.virtualServer.id: 123741814
ibm.virtualServer.locationibm.virtualServer.location
Examples
Find IBM virtual server with this location
ibm.virtualServer.location: dall3
ibm.virtualServer.datacenterIdibm.virtualServer.datacenterId
Examples
Find IBM virtual server datacenter with this Id
ibm.virtualServer.datacenterId: 1854895
ibm.virtualServer.deviceNameibm.virtualServer.deviceName
Examples
Find IBM virtual server with this device name
ibm.virtualServer.deviceName: virtualserver01.Qualys-Inc.cloud
ibm.virtualServer.publicIpAddressibm.virtualServer.publicIpAddress
Examples
Find IBM virtual server with this public IP address
ibm.virtualServer.publicIpAddress: 150.238.75.107
ibm.virtualServer.privateIpAddressibm.virtualServer.privateIpAddress
Examples
Find IBM virtual server with this private IP address
ibm.virtualServer.privateIpAddress: 10.187.94.40
ibm.virtualServer.publicVlanibm.virtualServer.publicVlan
Examples
Find IBM virtual server with this public vlan
ibm.virtualServer.publicVlan: 1796
ibm.virtualServer.privateVlanibm.virtualServer.privateVlan
Examples
Find IBM virtual server with this private vlan
ibm.virtualServer.privateVlan: 2236
ibm.virtualServer.domainibm.virtualServer.domain
Examples
Find IBM virtual server with this domain
ibm.virtualServer.domain: Qualys-Inc.cloud
Use these token when searching Oracle Cloud Compute Instance (OCI) assets on the Assets list.
oci.compute.ociIdoci.compute.ociId
Examples
Show assets with this OCI ID
oci.compute.ociId: ocid1.compartment.oc1..1234567lbhcx2ajiagh57wrurvqs2ubd4ttaimgy22cxh3r6brpmmugq
oci.compute.compartmentIdoci.compute.compartmentId
Examples
Show assets with this OCI ID
oci.compute.compartmentId: ocid1.compartment.oc1..123452sjze35z6bkhvwjtzzgcp534zj4o75tgsizg3q36wl447jvfg6dq
oci.compute.compartmentNameoci.compute.compartmentName
Examples
Show assets with this OCI compartment name
oci.compute.compartmentName: ocid1.compartment.abc
oci.compute.displayNameoci.compute.displayName
Examples
Show assets with display name oracle 8
oci.compute.displayName: oracle 8
oci.compute.shapeoci.compute.shape
Examples
Show all assets with the shape x5-2.36.512
oci.compute.shape: x5-2.36.512
oci.compute.regionoci.compute.region
Examples
Show all assets with the region us-east-1
oci.compute.region: us-east-1
oci.compute.regionKeyoci.compute.regionKey
Examples
Show all assets with the region key SYD
oci.compute.regionKey: SYD
oci.compute.regionRealmoci.compute.regionRealm
Examples
Show all assets with the region realm OC1
oci.compute.regionRealm: OC1
oci.compute.availabilityDomainoci.compute.availabilityDomain
Examples
Show all assets with the available domain Lhkx:US-ASHBURN-AD-1
oci.compute.availabilityDomain: Lhkx:US-ASHBURN-AD-1
oci.compute.timeCreatedoci.compute.timeCreated
Examples
Show all assets with the created time 2021-02-09T07:24:31.000Z (Use 2021-02-09 while searching in UI)
oci.compute.timeCreated: 2021-02-09
oci.compute.imageIdoci.compute.imageId
Examples
Show all assets with the ocid1.image.oc1.iad.aaaaaaaaffp3cnkpfxibzrdkfnxbitkgxk7al33rrhpzhfnrhfv7ml2xdpyq image ID
oci.compute.imageId: ocid1.image.oc1.iad.aaaaaaaaffp3cnkpfxibzrdkfnxbitkgxk7al33rrhpzhfnrhfv7ml2xdpyq
oci.compute.faultDomainoci.compute.faultDomain
Examples
Show all assets with fault domain FAULT-DOMAIN-1
oci.compute.faultDomain: FAULT-DOMAIN-1
oci.compute.hostNameoci.compute.hostName
Examples
Show all findings with the host name oracle-8
oci.compute.hostName: oracle-8
oci.compute.canonicalRegionNameoci.compute.canonicalRegionName
Examples
Show all assets with the canonical region name us-ashburn-1
oci.compute.canonicalRegionName: us-ashburn-1
oci.compute.isQualysScanneroci.compute.isQualysScanner
Examples
Show all assets that are Qualys Scanner
oci.compute.isQualysScanner: true
oci.vnic.vnicIdoci.vnic.vnicId
Examples
Show all assets with the VNIC ID ocid1.vnic.oc1.iad.abuwcljt6cdjcuwhkce37madk4p6bd6ocjknilpwzai5rsyjejteiodyp22q
oci.vnic.vnicId: ocid1.vnic.oc1.iad.abuwcljt6cdjcuwhkce37madk4p6bd6ocjknilpwzai5rsyjejteiodyp22q
Examples
Show all assets with this VCN ID
oci.vnic.vcnId: ocid1.vnic.oc1.iad.abuwcljt6cdjcuwhkce37madk4p6bd6ocjknilpwzai5rsyjejteiodyp22q
oci.vnic.privateIpoci.vnic.privateIp
Examples
Show all assets with this private IP
oci.vnic.privateIp: 10.0.0.222
oci.vnic.publicIpoci.vnic.publicIp
Examples
Show all assets with this public IP
oci.vnic.publicIp: 10.0.0.222
oci.vnic.subnetIdoci.vnic.subnetId
Examples
Find OCI instances with this subnet ID
oci.vnic.subnetId: subnet-bc02c0d4
oci.vnic.subnetNameoci.vnic.subnetName
Examples
Find OCI instances with this subnet name
oci.vnic.subnetName: subnet-abc
oci.vnic.vcnNameoci.vnic.vcnName
Examples
Show all assets with this vcn name
oci.vnic.vcnName: abc
oci.vnic.vlanTagoci.vnic.vlanTag
Examples
Show all assets with the vlan tag 1
oci.vnic.vlanTag: 1
oci.vnic.macAddroci.vnic.macAddr
Examples
Show all assets with the MAC address 02:00:17:06:bd:b3
oci.vnic.macAddr: 02:00:17:06:bd:b3
oci.vnic.virtualRouterIpoci.vnic.virtualRouterIp
Examples
Show all assets with the router IP 10.0.0.1
oci.vnic.virtualRouterIp: 10.0.0.1
oci.vnic.subnetCidrBlockoci.vnic.subnetCidrBlock
Examples
Show all assets with the block 10.0.0.0/24
oci.vnic.subnetCidrBlock: 10.0.0.0/24
oci.vnic.nicIndexoci.vnic.nicIndex
Examples
Show all assets with the index 1
oci.vnic.nicIndex: 1
oci.compute.stateoci.compute.state
Examples
Show all assets with the compute state Starting
oci.compute.state: STARTING
oci.compute.tenantIdoci.compute.tenantId
Examples
Show all assets with the specific tenant ID
oci.compute.tenantId: ocid1.tenancy.oc1..aaaaaaaax2gwhq3hszjqhte5pgzijgyge6gvlsrqar6kxn7itwhk7keokamq
oci.compute.tenantNameoci.compute.tenantName
Examples
Show all assets with the specific tenant name
oci.compute.tenantName: oraclecengg1
oci.compute.hasAgentoci.compute.hasAgent
Examples
Show all assets with having cloud agent installed
oci.compute.hasAgent: true
Use these tokens when searching assets detected by passive scanning.
Example
Show the asset with this FQDN
asset.fqdn:ACMENVT7.acme.com
hardware.typingConfidencehardware.typingConfidence
Example
Show this hardware typing confidence
hardware.typingConfidence:HIGH
inventory.scannerIDinventory.scannerID
Example
Show this scanner appliance ID
inventory.scannerID:345678892
inventory.scannerNameinventory.scannerName
Examples
Show assets with scanner name as ITCorp-appliance
inventory.scannerName:ITCorp-appliance
openPorts.lastFoundopenPorts.lastFound
Examples
Show open ports found within certain dates
openPorts.lastFound: [2019-01-01 ... 2019-01-15]
Show open ports found starting 2019-01-15, ending 3 months ago
openPorts.lastFound: [2019-01-15 ... now-3M]
Show open ports found starting 2 weeks ago, ending 1 second ago
openPorts.lastFound: [now-2w ... now-1s]
Show open ports found on a specific date
openPorts.lastFound:'2019-03-18'
openPort.lastUpdatedopenPort.lastUpdated
Examples
Show ports updated within certain dates
openPort.lastUpdated: [2019-01-01 ... 2019-01-15]
Show ports updated starting 2019-01-15, ending 3 months ago
openPort.lastUpdated: [2019-01-15 ... now-3M]
Show ports updated starting 2 weeks ago, ending 1 second ago
openPort.lastUpdated: [now-2w ... now-1s]
Show ports updated on a specific date
openPort.lastUpdated:'2019-03-18'
Example
Show assets with 100 MB total traffic
traffic.total:100
traffic.ingresstraffic.ingress
Example
Show assets with 60 MB ingress traffic
traffic.ingress:60
Example
Show assets with 40 MB egress traffic
traffic.egress:40
traffic.protocoltraffic.protocol
Example
Show assets with traffic over TCP
traffic.protocol:tcp
Example
Show assets with traffic over port 80
traffic.port:80
Example
Show assets with client traffic
traffic.type:client
Example
Show assets with peer to peer traffic
traffic.family:Peer to Peer
traffic.applicationtraffic.application
Example
Show assets with traffic from BitTorrent
traffic.application:BitTorrent
traffic.servicetraffic.service
Example
Show assets with traffic from HTTP
traffic.service:http