You can use the search tokens available in Applications and Detections tab and refine your search results. Click each token to learn more about it.
Generic | Applications | Detections | Endpoints
Example
Find applications with certain scan status and tag
application.lastScanStatus:"SUBMITTED" AND application.tags.name: "MS WAS 1000 Webapp"
Example
Show web applications that don't have last scan status as CANCELED
NOT application.lastScanStatus:"CANCELED"
Example
Show findings with one of these id values
vulnerability.id:3758394 OR
vulnerability.id:3495166
Use these search tokens to find web applications.
application.activatedForModulesapplication.activatedForModules
Use a text value ##### to find web applications that are activated for certain modules: WAS and WAF.
Examples
Find web applications activated for WAF.
application.activatedForModules:WAF
Find web applications which are activated for WAS or WAF modules.
application.activatedForModules:[WAS, WAF]
application.apiEndpointTypeapplication.apiEndpointType
Use a text value ##### to find applications that have certain endpoint types: BURP_PROXY, POSTMAN, SWAGGER, NONE.
Example
Find applications that have endpoint type as POSTMAN.
application.apiEndpointType:POSTMAN
application.attribute.nameapplication.attribute.name
Use values within quotes or backticks to find applications that have the given attribute name.
Examples
Find applications which have attribute name strut associated with it
application.attribute:(name:"strut")
Find applications which have attribute name strut and value 1.0.0
application.attribute:(name:"strut" and
value:"1.0.0")
application.attribute.valueapplication.attribute.value
Use values within quotes or backticks to find applications that have the given attribute value.
Examples
Find applications which have attribute value internal associated with it
application.attribute:(value:"internal")
Find applications which have attribute value internal and name app-type
application.attribute:(value:"internal" and
name:"app-type")
application.authenticationRecord.nameapplication.authenticationRecord.name
Use values within quotes or backticks to find applications that have authentication record with a given name.
Example
Find applications which have authentication record named Default Auth Record associated with it.
application.authenticationRecord:(name:"Default
Auth Record")
application.authenticationRecord.typeapplication.authenticationRecord.type
Use a text value ##### to find applications that have authentication records of certain types: AUTH_CODE, BASIC, CERTIFICATE, CLIENT_CREDS, CUSTOM, DIGEST, IMPLICIT, NTLM, PASSWORD, SELENIUM, STANDARD.
Examples
Find applications that have STANDARD type of authentication records associated with it.
application.authenticationRecord:(type:STANDARD)
Find applications with authentication record types as STANDARD, SELENIUM, or NTLM.
application.authenticationRecord:(type:[STANDARD, SELENIUM, NTLM])
application.authenticationRecord.categoryapplication.authenticationRecord.category
Use a text value ##### to find applications that have authentication records with certain categories: FORM_RECORD, OAUTH2_RECORD, SERVER_RECORD.
Example
Find applications that have authentication record category as FORM_RECORD.
application.authenticationRecord:(category:FORM_RECORD)
Use the values true | false to find applications that have authentication record(s) with client certificate enabled.
Examples
Find applications that have authentication record(s) with client certificate enabled
application.authenticationRecord:(hasClientCertificate:true)
Find a application(s) that has client certificate enabled for none of its authentication records
application.authenticationRecord:(hasClientCertificate:false)
application.authenticationRecord.hasVaultapplication.authenticationRecord.hasVault
Use the values true | false to find applications that have vault enabled.
Examples
Find a application(s) that has vault enabled for at least one of its authentication records
application.authenticationRecord:(hasVault:true)
Find a application(s) that has vault enabled for none of its authentication records
application.authenticationRecord:(hasVault:false)
Use a date range or specific date to find applications that were created on the given date or date range.
Examples
Show applications which were created in past 6 months
asset.created:[
now-6M
... now]
Show applications which were created on a specified date
asset.created:"2021-07-20"
Show applications which were created after a specified date
asset.created>"2021-06-20"
Show applications created between March 2020 to July 2021
asset.created:[2020-03-01 .. 2021-7-31]
application.dnsOverride.nameapplication.dnsOverride.name
Use values within quotes or backticks to find applications that have given name for DNS override record.
Example
Find applications that have given DNS override record associated with it.
application.dnsOverride.name:"ProdDnsRecord"
application.hasDefaultAuthRecordapplication.hasDefaultAuthRecord
Use the values true | false to find applications that have default authentication record associated with it.
Examples
Find applications which have default authentication record associated with it
application.hasDefaultAuthRecord:true
Find applications which do not have any default authentication record associated with it
application.hasDefaultAuthRecord:false
Use an integer value ##### to find application with a given ID.
Example
Find application with a given ID
asset.id:83327
application.igCountapplication.igCount
Use an integer value ##### to find applications with a specified numbers of detections for information gathered.
Examples
Find applications for which greater than 30 detections of Information Gathered type are reported
application.igCount>30
Find applications for which less than or equal to 30 detections of Information Gathered type are reported
application.igCount<=30
Find applications for which 30 detections of Information Gathered type are reported
application.igCount=30
application.isScannedapplication.isScanned
Use the values true | false to find applications by their scan status.
Examples
Show applications which are scanned at least once
application.isScanned:true
Show applications which are never scanned
application.isScanned:false
application.lastScanAuthStatusapplication.lastScanAuthStatus
Use a text value ##### to find applications by authentication status of last scan launched: NOT_USED, NO_AUTH, SUCCESS, FAILURE, PARTIAL
Examples
Find applications for which authentication failed in their last scan
application.lastScanAuthStatus:FAILURE
Find applications for which authentication is either partially or completely successful in their last scan
application.lastScanAuthStatus:[SUCCESS, PARTIAL]
application.lastScannedapplication.lastScanned
Use a date range or specific date to find applications that were last scanned on the specified date or date range.
Examples
Find applications which were last scanned in past 6 months
application.lastScanned:[now-6M .. now]
Find applications which were last scanned on a specified date.
application.lastScanned:"2021-07-20"
Find applications which were last scanned after a specified date
application.lastScanned>"2021-07-20"
Find applications last scanned between December 2020 to July 2021
application.lastScanned:[2020-12-01 .. 2021-07-31]
application.lastScanStatusapplication.lastScanStatus
Use a text value ##### to find applications by last scan status: CANCELED, CANCELED WITH RESULTS, CANCELING, ERROR, FINISHED, NO HOST ALIVE, NO WEB SERVICE, PROCESSING, RUNNING, SCAN NOT LAUNCHED, SCANNER NOT AVAILABLE, SERVICE ERRORS DETECTED, SUBMITTED, TIME LIMIT EXCEEDED, TIME LIMIT REACHED.
Note: Use the single quotation marks for the values containing reserver characters - NOT. For example, 'SCANNER NOT LAUNCHED'.
Examples
Find applications whose last scan status was ERROR
application.lastScanStatus:ERROR
Find applications whose last scan status was SCAN NOT LAUNCHED
application.lastScanStatus:'SCAN NOT LAUNCHED'
Find applications whose last scan status was either FINISHED or CANCELED
application.lastScanStatus:[FINISHED, CANCELED]
application.lastScanTypeapplication.lastScanType
Use a text value ##### to find applications by type of last scan launched: VULNERABILITY, DISCOVERY, AUTHENTICATION_TEST.
Examples
Show applications whose last scan type was VULNERABILITY
application.lastScanType:VULNERABILITY
Show applications whose last scan type was either DISCOVERY OR AUTHENTICATION_TEST
application.lastScanType:[DISCOVERY, AUTHENTICATION_TEST]
application.lastScanUriCountapplication.lastScanUriCount
Use an integer value ##### to find applications by total number of URI detected in the last scan.
Examples
Find applications which have greater than 800 URI reported in the last scan.
application.lastScanUriCount>800
Find applications which have less than or equal to 800 URI reported in the last scan
application.lastScanUriCount<=800
Find applications which have 800 URI reported in the last scan
application.lastScanUriCount:800
application.level1VulnCountapplication.level1VulnCount
Use an integer value ##### to find applications by total number level 1 confirmed vulnerabilities .
Examples
Find applications which have greater than 30 vulnerabilities of level 1 reported
application.level1VulnCount>30
Find applications which have less than or equal to 30 vulnerabilities of level 1 reported
application.level1VulnCount<=30
Find applications which have 30 vulnerabilities of level 1 reported
application.level1VulnCount:30
application.level2VulnCountapplication.level2VulnCount
Use an integer value ##### to find applications by total number level 2 confirmed vulnerabilities .
Examples
Find applications which have greater than 26 vulnerabilities of level 2 reported
application.level2VulnCount>26
Find applications which have less than or equal to 26 vulnerabilities of level 2 reported
application.level2VulnCount<=26
Find applications which have 26 vulnerabilities of level 2 reported
application.level2VulnCount:26
application.level3VulnCountapplication.level3VulnCount
Use an integer value ##### to find applications by total number level 3 confirmed vulnerabilities.
Examples
Find applications which have greater than 24 vulnerabilities of level 3 reported
application.level3VulnCount>24
Find applications which have less than or equal to 24 vulnerabilities of level 3 reported
application.level3VulnCount<=24
Find applications which have 24 vulnerabilities of level 3 reported
application.level3VulnCount:24
application.level4VulnCountapplication.level4VulnCount
Use an integer value ##### to find applications by total number level 4 confirmed vulnerabilities .
Examples
Find applications which have greater than 14 vulnerabilities of level 4 reported
application.level4VulnCount>14
Find applications which have less than or equal to 14 vulnerabilities of level 4 reported
application.level4VulnCount<=14
Find applications which have 14 vulnerabilities of level 4 reported
application.level4VulnCount:14
application.level5VulnCountapplication.level5VulnCount
Use an integer value ##### to find applications by total number level 5 confirmed vulnerabilities .
Examples
Find applications which have greater than 7 vulnerabilities of level 5 reported
application.level5VulnCount>7
Find applications which have less than or equal to 7 vulnerabilities of level 5 reported
application.level5VulnCount<=7
Find applications which have 7 vulnerabilities of level 5 reported
application.level5VulnCount:7
application.malwareMonitoringEnabledapplication.malwareMonitoringEnabled
Use the values true | false to find applications for which malware monitoring is enabled.
Examples
Show applications for which malware monitoring is enabled
application.malwareMonitoringEnabled:true
Show applications for which malware monitoring is not enabled
application.malwareMonitoringEnabled:false
Use values within quotes or backticks to find applications with a given name.
Examples
Find applications that contain parts of name
asset.name:"qualys test vulnerable app"
Find application with exact name
asset.name:`qualys test vulnerable app`
application.optionProfile.nameapplication.optionProfile.name
Use values within quotes or backticks to find applications that have given option profile configured.
Examples
Find applications that contain parts of option profile name associated with it.
application.optionProfile.name:"WAS Options"
Find applications which have the given option profile associated with it.
application.optionProfile.name:`
Initial
WAS Options
`
application.owner.firstNameapplication.owner.firstName
Use values within quotes or backticks to find applications with owner's first name.
Example
Find applications with owner's first name as Chandler
application.owner.firstName:"Chandler"
application.owner.lastNameapplication.owner.lastName
Use values within quotes or backticks to find applications with owner's last name.
Example
Find applications with owner's last name as Chandler
application.owner.lastName:"Bing"
application.owner.usernameapplication.owner.username
Use values within quotes or backticks to find applications with owner's username.
Example
Find applications with owner's username as user_ap
application.owner.username:"user_ap"
application.progressiveScanningEnabledapplication.progressiveScanningEnabled
Use the values true | false to find applications for which progressive scanning is enabled.
Example
Find applications which have progressive scanning enabled in the configuration.
application.progressiveScanningEnabled:"true"
application.proxy.nameapplication.proxy.name
Use values within quotes or backticks to find applications that have given proxy configured.
Examples
Find applications which have given part of the given proxy name associated with it
application.proxy.name:"WEB Default Proxy"
Find applications which have given proxy associated with it
application.proxy.name:`proxy1`
application.riskapplication.risk
Use an integer value ##### to find applications with a given risk value.
Examples
Find applications which have risk greater than or equal to 4
application.risk>=4
Find applications which have risk less than 3
application.risk<3
Find applications which have risk equal to 5
application.risk:5
application.scannerApplianceapplication.scannerAppliance
Examples
Find applications which have EXTENRAL scanner configured
application.scannerAppliance:"EXTERNAL"
Find applications which have configured "Internal Scanner 01" as default scanner appliance
application.scannerAppliance:"Internal Scanner
01"
application.scannerApplianceTags.nameapplication.scannerApplianceTags.name
Use values within quotes or backticks to find applications with a given scanner tags selected.
Examples
Find applications which have scanner appliance tag named "Internal Pool 01" associated with it
application.scannerApplianceTags.name:"Internal Pool 01"
Find applications which have scanner appliance tags named "Internal Pool 01" or "Internal Pool 02" associated with it
application.scannerApplianceTags.name:["Internal Pool 01", "Internal Pool 02"]
Find applications which have scanner appliance tags named `Target` associated with it
application.scannerApplianceTags.name:`Target1'
application.scanTrustEnabledapplication.scanTrustEnabled
Use the values true | false to find applications for which WAF authentication is enabled.
Example
Find applications for which scan trust is enabled.
application.scanTrustEnabled:"true"
application.sensitiveContentCountapplication.sensitiveContentCount
Examples
Find applications which have greater than 43 total sensitive content reported
application.sensitiveContentCount>43
Find applications which have less than or equal to 43 total sensitive content reported
application.sensitiveContentCount<=43
Find applications which have 43 total sensitive content reported
application.sensitiveContentCount:43
application.severityapplication.severity
Use a text value ##### to find applications that have certain severity: HIGH, MEDIUM, LOW, NONE.
Examples
Find applications which have HIGH severity
application.severity:HIGH
Find applications which have HIGH or MEDIUM severity
application.severity:[HIGH, MEDIUM]
application.totalVulnCountapplication.totalVulnCount
Use an integer value ##### to find applications that have specified number of total vulnerabilities.
Examples
Find applications for which total number of vulnerabilities is greater than 100
application.totalVulnCount>100
Find applications for which total number of vulnerabilities is less than or equal to 100
application.totalVulnCount<=100
Find applications applications for which total number of vulnerabilities reported is 100
application.totalVulnCount:100
application.totalMalwareVulnCountapplication.totalMalwareVulnCount
Use an integer value ##### to find applications that have specified number of total malware vulnerabilities.
Examples
Find applications for which total number of malware vulnerabilities is greater than 100
application.totalMalwareVulnCount>100
Find applications for which total number of malware vulnerabilities is less than or equal to 100
application.totalMalwareVulnCount<=100
Find applications applications for which total number of malware vulnerabilities reported is 100
application.totalMalwareVulnCount:100
Use a date range or specific date to find applications that were updated on the given date or date range.
Examples
Show applications which were updated in past 6 months
asset.updated:[
now-6M
... now]
Show applications which were updated on a specified date
asset.updated:"2021-07-20"
Show applications which were updated after a specified date
asset.updated>"2021-06-20"
Show applications updated between March 2020 to July 2021
asset.updated:[2020-03-01 .. 2021-07-31]
asset.updatedBy.firstNameasset.updatedBy.firstName
Example
Find applications which are updated by the user whose first name is Chandler
asset.updatedBy.firstName:"Chandler"
asset.updatedBy.lastNameasset.updatedBy.lastName
Example
Find applications which are updated by the user whose last name is Bing
asset.updatedBy.lastName:"Bing"
asset.updatedBy.usernameasset.updatedBy.username
Example
Find applications which are updated by user whose username is user_ap
asset.updatedBy.username:"user_ap"
application.urlapplication.url
Examples
Find applications that have given URL
application.url:"http://test.com"
Find applications that match exact value "http://test.com"
application.url:`http://test.com`
Use values within quotes or backticks to find applications with the specified UUID.
Example
Find applications with a given UUID
asset.uuid:"17eeec0b2-abf4-4d7b-877a-13146ddadccf"
asset.riskScoreasset.riskScore
Examples
Find applications with TruRisk™ score 500
asset.riskScore:500
Find applications with TruRisk™ score greater than 500
asset.riskScore>500
Find applications with TruRisk™ score greater than or equal to 500
asset.riskScore>=500
asset.riskScoreRangeasset.riskScoreRange
Example
Find applications for which TruRisk™ score value is CRITICAL
asset.riskScoreRange:CRITICAL
application.typeapplication.type
Example
Find records that are web applications.
application.type:WEBAPP
Use these search tokens to find detections.
vulnerability.agevulnerability.age
Examples
Find detections that are 0 to 30 days old
vulnerability.age:[0..30]
vulnerability.criticalityvulnerability.criticality
Examples
Find detections with HIGH criticality
vulnerability.criticality:HIGH
Find detections with MEDIUM or LOW criticality
vulnerability.criticality:[MEDIUM, LOW]
vulnerability.cveIdsvulnerability.cveIds
Example
Show detections which have "CVE-10" associated with it
vulnerability.cveIds:"CVE-10"
vulnerability.cvss3Info.baseScorevulnerability.cvss3Info.baseScore
Examples
Find detections with CVSS3 base score greater than 7
vulnerability.cvss3Info.baseScore>7
Find detections with CVSS3 base score less than or equal to 7
vulnerability.cvss3Info.baseScore<=7
Find detections with CVSS3 base score equal to 7
vulnerability.cvss3Info.baseScore:7
vulnerability.cvss3Info.temporalScorevulnerability.cvss3Info.temporalScore
Examples
Find detections with CVSS3 temporal score greater than 7
vulnerability.cvss3Info.temporalScore>7
Find detections with CVSS3 temporal score less than or equal to 7
vulnerability.cvss3Info.temporalScore<=7
Find detections with CVSS3 temporal score equal to 7
vulnerability.cvss3Info.temporalScore:7
vulnerability.cweIdsvulnerability.cweIds
Example
Show detections which have "CWE-56" associated with it
vulnerability.cweIds:"CWE-56"
vulnerability.firstDetectionDatevulnerability.firstDetectionDate
Examples
Show detections which were first detected in past 6 months
vulnerability.firstDetectionDate:[
now-6M
... now]
Show detections which were first detected on a specified date
vulnerability.firstDetectionDate:"2021-07-20"
Show detections which were first detected after a specified date
vulnerability.firstDetectionDate>"2021-06-20"
Show detections which were first detected between March 2020 to July 2021
vulnerability.firstDetectionDate:[2020-03-01 ..
2021-07-31]
vulnerability.fixedDatevulnerability.fixedDate
Examples
Find detections which were marked fixed in past 6 months
vulnerability.fixedDate:[
now-6M
... now]
Find detections which were marked fixed on a specified date
vulnerability.fixedDate:"2021-07-20"
Find detections which were marked fixed after a specified date
vulnerability.fixedDate>"2021-06-20"
Find detections which were marked fixed between March 2020 to July 2021
vulnerability.fixedDate:[2020-03-01 .. 2021-07-31]
vulnerability.groupNamevulnerability.groupName
Example
Find detections with a given group name
vulnerability.groupName:"Cross-Site Scripting"
vulnerability.groupTitlevulnerability.groupTitle
Example
Find detections with a given group title
vulnerability.groupTitle:"XSS"
vulnerability.idvulnerability.id
Examples
Find detection with a given ID.
vulnerability.id: 3213
vulnerability.ignoredBy.firstNamevulnerability.ignoredBy.firstName
Example
Find detections which are ignored by a user whose first name is Chandler
vulnerability.ignoredBy.firstName:"Chandler"
vulnerability.ignoredBy.lastNamevulnerability.ignoredBy.lastName
Example
Find detections which are ignored by a user whose last name is Bing
vulnerability.ignoredBy.lastName:"Bing"
vulnerability.ignoredBy.usernamevulnerability.ignoredBy.username
Example
Find detections which are ignored by a user whose username is quays_pp
vulnerability.ignoredBy.username:"quays_pp"
vulnerability.ignoredCommentvulnerability.ignoredComment
Example
Find detections which have given ignored comment
vulnerability.ignoredComment:"Won't Fix"
vulnerability.ignoredDatevulnerability.ignoredDate
Examples
Find detections which were ignored in past 6 months
vulnerability.ignoredDate:[
now-6M
... now]
Find detections which were ignored on a specified date
vulnerability.ignoredDate:"2021-07-20"
Find detections which were ignored after a specified date
vulnerability.ignoredDate>"2021-06-20"
Find detections which were ignored between March 2020 to July 2021
vulnerability.ignoredDate:[2020-03-01 .. 2021-07-31]
vulnerability.ignoredReactivateDatevulnerability.ignoredReactivateDate
Examples
Find detections for which ignored reactivate date is in past 6 months
vulnerability.ignoredReactivateDate:[
now-6M
... now]
Find detections for which ignored reactivate date is on a specified date
vulnerability.ignoredReactivateDate:"2021-07-20"
Find detections for which ignored reactivate date is after a specified date
vulnerability.ignoredReactivateDate>"2021-06-20"
Find detections for which ignored reactivate date is between March 2020 to July 2021
vulnerability.ignoredReactivateDate:[2020-03-01
.. 2021-7-31]
vulnerability.ignoredReasonvulnerability.ignoredReason
Examples
Find detections for which ignored reason specified is RISK_ACCEPTED
vulnerability.ignoredReason:RISK_ACCEPTED
Find detections for which ignored reason specified is either FALSE_POSITIVE or NOT_APPLICALBE
vulnerability.ignoredReason:[FALSE_POSITIVE, NOT_APPLICALBE]
vulnerability.isIgnoredvulnerability.isIgnored
Examples
Find detections which are ignored.
vulnerability.isIgnored:"true"
Find detections which are not ignored.
vulnerability.isIgnored:"false"
vulnerability.lastDetectedDatevulnerability.lastDetectedDate
Examples
Find detections which were last detected in past 6 months
vulnerability.lastDetectedDate:[
now-6M
... now]
Find detections which were last detected on a specified date
vulnerability.lastDetectedDate:"2021-07-20"
Find detections which were last detected on a specified date
vulnerability.lastDetectedDate>"2021-06-20"
Find detections which were last detected between March 2020 to July 2021
vulnerability.lastDetectedDate:[2020-03-01 ..
2021-7-31]
vulnerability.lastTestedDatevulnerability.lastTestedDate
Examples
Find detections which were last tested in past 6 months
vulnerability.lastTestedDate:[
now-6M
... now]
Find detections which were last tested on a specified date
vulnerability.lastTestedDate:"2021-07-20"
Find detections which were last tested on a specified date
vulnerability.lastTestedDate>"2021-06-20"
Find detections which were last tested between March 2020 to July 2021
vulnerability.lastTestedDate:[2020-03-01 .. 2021-07-31]
endpoint.vulnerability.originalSeverityendpoint.vulnerability.originalSeverity
Use an integer value ##### to find endpoints with the specified original severity level.
Example
Find endpoints which have original severity level greater than 3
endpoint.vulnerability:(originalSeverity>3)
Find endpoints which have original severity less than or equal to 3
endpoint.vulnerability:(originalSeverity<=3)
Find endpoints which are of original severity 3
endpoint.vulnerability:(originalSeverity:3)
vulnerability.titlevulnerability.title
Example
Find detections that match the beginning of any substrings within the detection name
vulnerability.title:"Reflected Cross Site
Scripting Vulnerabilities"
Find detections with exact name
vulnerability.title:`Reflected Cross Site Scripting
Vulnerabilities`
vulnerability.owaspTopTen.idvulnerability.owaspTopTen.id
Example
Find detections where owaspTopTen2021 category ID is 7
vulnerability.owaspTopTen.id:7
The following table provides the ID and corresponding vulnerability name.
ID | Name |
1 |
Broken Access Control |
2 |
Cryptographic Failures |
3 |
Injection |
4 |
Insecure Design |
5 |
Security Misconfiguration |
6 |
Vulnerable and Outdated Components |
7 |
Identification and Authentication Failures |
8 |
Software and Data Integrity Failures |
9 |
Security Logging and Monitoring Failures |
10 |
Server Side Request Forgery (SSRF) |
vulnerability.owaspApiTopTen.idvulnerability.owaspApiTopTen.id
Use an integer value ##### to find detections with the given OWASP API top ten 2023 category ID.
Example
Find detections where owaspApiTopTen2023 category ID is 7.
vulnerability.owaspApiTopTen.id:7
The following table provides the ID and corresponding vulnerability name.
1: Broken Object Level Authorization
2: Broken Authentication
3: Broken Object Property Level Authorization
4: Unrestricted Resource Consumption
5: Broken Function Level Authorization
6: Unrestricted Access to Sensitive Business Flows
7: Server Side Request Forgery
8: Security Misconfiguration
9: Improper Inventory Management
10: Unsafe Consumption of APIs
vulnerability.owaspTopTen.namevulnerability.owaspTopTen.name
Example
Find detections where owaspTopTen2021 category name is "Identification and Authentication Failures"
vulnerability.owaspTopTen.name:"Identification
and Authentication Failures"
vulnerability.owaspApiTopTen.namevulnerability.owaspApiTopTen.name
Use values within quotes or backticks to find detections with the given OWASP API top ten 2023 category name.
Example
Find detections where owaspApiTopTen2023 category name is "Server Side Request Forgery"
vulnerability.owaspApiTopTen.name:"Server Side Request Forgery"
vulnerability.paramvulnerability.param
Example
Find detections where param reported is "comment.comment from url"
vulnerability.param:"comment.comment from url"
vulnerability.paramTypevulnerability.paramType
Example
Find detections where parameter type reported is "Cookie"
vulnerability.paramType:"Cookie"
vulnerability.patchablevulnerability.patchable
Examples
Find detections that have patch available
vulnerability.patchable:true
vulnerability.patchIdvulnerability.patchId
Example
Find detections with a given patch ID
vulnerability.patchId:6357
vulnerability.qidvulnerability.qid
Examples
Find detections with a given QID
vulnerability.qid:150001
Find detections with have either of the QIDs from the list
vulnerability.qid:[150001, 150100. 150009]
vulnerability.retestStatusvulnerability.retestStatus
Examples
Find detections for which retest status is UNDER_RETEST
vulnerability.retestStatus:UNDER_RETEST
Find detections for which retest status is either CANCELING or CANCELED
vulnerability.retestStatus:[CANCELING, CANCELED]
vulnerability.severityvulnerability.severity
Examples
Find detections which have severity level greater than 3
vulnerability.severity>3
Find detections which have severity less than or equal to 3
vulnerability.severity<=3
Find detections which are of severity 3
vulnerability.severity:3
vulnerability.originalSeverityvulnerability.originalSeverity
Examples
Find detections for which original severity is greater than 3
vulnerability.originalSeverity>3
Find detections for which original severity is less than or equal to 3
vulnerability.originalSeverity<=3
Find detections for which original severity is 3
vulnerability.originalSeverity:3
vulnerability.sourcevulnerability.source
Examples
Find detections for which source is QUALYS
vulnerability.source:QUALYS
Find detections for which source is either BURP or BUGCROWD
vulnerability.source:[BURP, BUGCROWD]
vulnerability.statusvulnerability.status
Examples
Find detections which have status NEW
vulnerability.status:NEW
Find detections which have status NEW, ACTIVE or REOPENED
vulnerability.status:[NEW, ACTIVE, REOPENED]
vulnerability.timesDetectedvulnerability.timesDetected
Examples
Find detections which are detected more than 15 times
vulnerability.timesDetected>15
Find detections which are detected less than or equal to 15 times
vulnerability.timesDetected<=15
Find detections which are detected for 15 times
vulnerability.timesDetected:15
vulnerability.typeDetectedvulnerability.typeDetected
Examples
Find detections which are of CONFIRMED_VULNERABILITY type.
vulnerability.typeDetected:CONFIRMED_VULNERABILITY
Find detections which are of either POTENTIAL_VULNERABILITY or SENSITIVE_CONTENT type.
vulnerability.typeDetected:[POTENTIAL_VULNERABILITY,
SENSITIVE_CONTENT]
vulnerability.urlvulnerability.url
Example
Find detections that have given URL
vulnerability.url:"http://test.com"
Find detections that match exact value "http://test.com"
vulnerability.url:`http://test.com`
vulnerability.uuidvulnerability.uuid
Example
Find detections with a given UUID
asset.id:9725
vulnerability.ttrvulnerability.ttr
Examples
Find detections for which TTR which are 0 to 30 days
vulnerability.ttr:[0..30]
Find detections for which TTR is 30 days
vulnerability.ttr:30
vulnerability.isCisaKnownExploitablevulnerability.isCisaKnownExploitable
Examples
Find detections that are CISA known exploitable vulnerabilities
vulnerability.isCisaKnownExploitable:true
Find detections that are not CISA known exploitable vulnerabilities
vulnerability.isCisaKnownExploitable:false
vulnerability.detectionScorevulnerability.detectionScore
Examples
Find detections with QDS value 55
vulnerability.detectionScore:55
Find detections with QDS value greater than 55
vulnerability.detectionScore>55
Find detections with QDS value greater than or equal to 55
vulnerability.detectionScore>=55
vulnerability.cisaKnownExploits.cisaKEVAddedDatevulnerability.cisaKnownExploits.cisaKEVAddedDate
Examples
Find detections that contains CISA known exploitable vulnerabilities added on a given date (yyyy-mm-dd)
vulnerability.cisaKnownExploits.cisaKEVAddedDate:"2024-08-23"
Find detections that contains CISA known exploitable vulnerabilities added in given date range
vulnerability.cisaKnownExploits.cisaKEVAddedDate:[2024-07-23, 2024-08-23]
vulnerability.cisaKnownExploits.cisaKEVDueDatevulnerability.cisaKnownExploits.cisaKEVDueDate
Examples
Find detections that contains CISA known exploitable vulnerabilities with given due date (yyyy-mm-dd)
vulnerability.cisaKnownExploits.cisaKEVDueDate:"2024-08-23"
Find detections that contains CISA known exploitable vulnerabilities with due date in given date range
vulnerability.cisaKnownExploits.cisaKEVDueDate:[2024-07-23, 2024-08-23]
Use the following endpoint tokens to search the API endpoints.
Use an integer value to find the endpoint with the specified ID.
Example
Find endpoints with a given ID
endpoint.id:83327
endpoint.createdendpoint.created
Use a specific date to find endpoints created on the given date or range.
Example
Find endpoints which were created in past 6 months
endpoint.created:[now-6M ... now]
Find endpoints which were created on a specified date.
endpoint.created:"2021-06-20"
Find endpoints which were created after a specified date
endpoint.created>"2021-06-20"
Find endpoints which were created between March 2020 to July 2021
endpoint.created:[2020-03-01 .. 2021-07-31]
endpoint.igCountendpoint.igCount
Use an integer value to find endpoints with a specified number of detections for information gathered.
Example
Find endpoints with greater than 30 detections of Information Gathered type are reported.
endpoint.igCount>30
Find endpoints with less than or equal to 30 detections of Information Gathered type are reported.
endpoint.igCount<=30
Find endpoints with less than or equal to 30 detections of Information Gathered type are reported.
endpoint.igCount=30
endpoint.lastScannedendpoint.lastScanned
Use a specific date or date range to find endpoints last scanned on the specified date or date range.
Example
Find endpoints that were last scanned in past 6 months.
endpoint.lastScanned:[now-6M ... now]
Find endpoints that were scanned on a specified date.
endpoint.lastScanned:"2021-06-20"
Find endpoints that were scanned after a specified date
endpoint.lastScanned>"2021-06-20"
Find endpoints which were last scanned between March 2020 to July 2021
endpoint.lastScanned:[2020-03-01 .. 2021-07-31]
endpoint.level1VulnCountendpoint.level1VulnCount
Use an integer value to find endpoints by the total number of level 1 confirmed vulnerabilities.
Example
Find endpoints that have greater than 30 vulnerabilities of level 1 reported
endpoint.level1VulnCount>30
Find endpoints that have less than or equal to 30 vulnerabilities of level 1 reported
endpoint.level1VulnCount<=30
Find endpoints that have 30 vulnerabilities of level 1 reported
endpoint.level1VulnCount:30
endpoint.level2VulnCountendpoint.level2VulnCount
Use an integer value to find endpoints by the total number of level 2 confirmed vulnerabilities.
Example
Find endpoints that have greater than 26 vulnerabilities of level 2 reported
endpoint.level2VulnCount>26
Find endpoints that have less than or equal to 26 vulnerabilities of level 2 reported
endpoint.level2VulnCount<=26
Find endpoints that have 26 vulnerabilities of the level 2 reported
endpoint.level2VulnCount:26
endpoint.level3VulnCountendpoint.level3VulnCount
Use an integer value to find endpoints by the total number of level 3 confirmed vulnerabilities.
Example
Find applications that have greater than 24 vulnerabilities of level 3 reported
endpoint.level3VulnCount>24
Find applications that have less than or equal to 24 vulnerabilities of level 3 reported
endpoint.level3VulnCount<=24
Find applications that have 24 vulnerabilities of level 3 reported
endpoint.level3VulnCount:24
endpoint.level4VulnCountendpoint.level4VulnCount
Use an integer value to find endpoints by the total number of level 4 confirmed vulnerabilities.
Example
Find endpoints that have greater than 14 vulnerabilities of level 4 reported.
endpoint.level4VulnCount>14
Find endpoints that have less than or equal to 14 vulnerabilities of the level 4 reported.
endpoint.level4VulnCount<=14
Find endpoints that have 14 vulnerabilities of the level 4 reported.
endpoint.level4VulnCount:14
endpoint.level5VulnCountendpoint.level5VulnCount
Use an integer value to find endpoints by a total number of level 5 confirmed vulnerabilities.
Example
Find endpoints that have greater than 7 vulnerabilities of level 5 reported
endpoint.level5VulnCount>7
Find endpoints that have less than or equal to 7 vulnerabilities of level 5 reported
endpoint.level5VulnCount<=7
Find endpoints that have 7 vulnerabilities of level 5 reported
endpoint.level5VulnCount:7
endpoint.methodendpoint.method
Use a text value to find endpoints with the selected method.
Example
Find endpoints with the GET method.
endpoint.method:GET
Find endpoints with the GET and POST method.
endpoint.method:[GET,POST]
Use values within quotes or backticks to find endpoints with the given text in the API path.
Example
Find endpoints with the given API endpoint path.
endpoint.path:`account/balance/`
Find endpoints with the part of given API endpoint path.
endpoint.path:"account/balance/"
Use an integer value to find endpoints with the specified security risk value.
Example
Find endpoints that have the risk greater than or equal to 4.
endpoint.risk>=4
Find endpoints that have risk of less than 4
endpoint.risk<4
Find endpoints that have risk equal to 4
endpoint.risk=4
endpoint.sensitiveContentCountendpoint.sensitiveContentCount
Use an integer value to find endpoints with a specified number of sensitive content reported.
Example
Find endpoints that have greater than 43 total sensitive content reported.
endpoint.sensitiveContentCount>43
Find endpoints that have less than or equal to 43 total sensitive content reported
endpoint.sensitiveContentCount<=43
Find endpoints that have 43 total sensitive content reported
endpoint.sensitiveContentCount:=43
endpoint.totalVulnCountendpoint.totalVulnCount
Use an integer value to find endpoints with a specified number of total vulnerabilities.
Example
Find endpoints for which the total number of vulnerabilities is greater than 100.
endpoint.totalVulnCount>100
Find endpoints for which the total number of vulnerabilities is less than or equal to 100.
endpoint.totalVulnCount<=100
Find endpoints for which the total number of vulnerabilities reported is 100.
endpoint.totalVulnCount:100
endpoint.updatedendpoint.updated
Use a date or date range to find all endpoints that were updated on the given date or date range.
Example
Find endpoints that were updated in the past 6 months.
endpoint.updated:[now-6M ... now]
Find endpoints that were updated on a specified date.
endpoint.updated:"2024-06-20"
Find endpoints that were updated after a specified date.
endpoint.updated>"2024-06-20"
Find endpoints which were updated between March 2024 to July 2024
endpoint.updated:[2024-03-01 .. 2024-07-31]
endpoint.visibilityendpoint.visibility
Use a text value to find endpoints with the selected visibility for an endpoint: EXTERNAL, INTERNAL.
Example
Find endpoints that are visible externally.
endpoint.visibility:EXTERNAL
Find endpoints that are not visible internally
endpoint.visibility:INTERNAL
endpoint.vulnerability.ageendpoint.vulnerability.age
Select a range to find endpoints with detections with the specified age (in days).
Example
Find endpoints consisting of detections that are 0 to 30 days old.
endpoint.vulnerability:(age:[0..30])
Use this token to find endpoints with detections based on the date when CISA known exploitable vulnerability is added. The date is added in the YYYY-MM-DD format.
Example
Find endpoints that contain CISA-known exploitable vulnerabilities added in the past six months.
eendpoint.vulnerability:(cisaKnownExploits.cisaKEVAddedDate:[now-6M ... now])
Find endpoints that contain CISA-known exploitable vulnerabilities added on a specified date.
endpoint.vulnerability:(cisaKnownExploits.cisaKEVAddedDate:"2024-06-20")
Find endpoints that contain CISA-known exploitable vulnerabilities added after a specified date
endpoint.vulnerability:(cisaKnownExploits.cisaKEVAddedDate>"2024-06-20")
Find endpoints that contain CISA-known exploitable vulnerabilities added between March 2024 to July 2024
endpoint.vulnerability:(cisaKnownExploits.cisaKEVAddedDate:[2024-03-01 .. 2024-07-31])
Use this token to find endpoints with detections based on the due date for CISA known exploitable vulnerability. The date is added in the YYYY-MM-DD format.
Example
Find endpoints that contain CISA-known exploitable vulnerabilities with due date in the next six months
endpoint.vulnerability:(cisaKnownExploits.cisaKEVDueDate:[now-6M ... now+6M])
Find endpoints that contain CISA-known exploitable vulnerabilities with specified due date.
endpoint.vulnerability:(cisaKnownExploits.cisaKEVDueDate:"2024-06-20")
Find endpoints that contain CISA-known exploitable vulnerabilities with due date after a specified date.
endpoint.vulnerability:(cisaKnownExploits.cisaKEVDueDate>"2024-06-20")
Find endpoints that contain CISA-known exploitable vulnerabilities due date between March 2024 to July 2024
endpoint.vulnerability:(cisaKnownExploits.cisaKEVDueDate:[2024-03-01 .. 2024-07-31])
endpoint.vulnerability.criticalityendpoint.vulnerability.criticality
Use a text value to find endpoints with detections of the selected criticality: HIGH, MEDIUM, LOW, NONE.
Example
Find endpoints with HIGH criticality.
endpoint.vulnerability:(criticality:HIGH)
Find endpoints with MEDIUM or LOW criticality.
endpoint.vulnerability:(criticality:[MEDIUM, LOW])
endpoint.vulnerability.cveIdsendpoint.vulnerability.cveIds
Use values within quotes or backticks to find endpoints with detections associated with the given CVE ID.
Example
Find endpoints that have "CVE-10" associated with it.
endpoint.vulnerability:(cveIds:"CVE-10")
endpoint.vulnerability.cvss3Info.baseScoreendpoint.vulnerability.cvss3Info.baseScore
Use an integer value to find endpoints with detections having the specified CVSS3 base score value.
Example
Find endpoints with CVSS3 base score greater than 7
endpoint.vulnerability:(cvss3Info.baseScore>7)
Find endpoints with CVSS3 base score less than or equal to 7
endpoint.vulnerability:(cvss3Info.baseScore<=7)
Find endpoints with CVSS3 base score equal to 7
endpoint.vulnerability:(cvss3Info.baseScore:7)
endpoint.vulnerability.cvss3Info.temporalScoreendpoint.vulnerability.cvss3Info.temporalScore
Use an integer value to find endpoints with detections having the specified CVSS3 temporal score value.
Example
Find endpoints with CVSS3 temporal score greater than 7
endpoint.vulnerability:(cvss3Info.temporalScore>7)
Find endpoints with CVSS3 temporal score less than or equal to 7
endpoint.vulnerability:(cvss3Info.temporalScore<=7)
Find endpoints with CVSS3 temporal score equal to 7
endpoint.vulnerability:(cvss3Info.temporalScore:7)
endpoint.vulnerability.cweIdsendpoint.vulnerability.cweIds
Use values within quotes or backticks to find endpoints associated with a given CWE ID.
Example
Show endpoints that have "CWE-56" associated with it.
endpoint.vulnerability:(cweIds:"CWE-56")
endpoint.vulnerability.detectionScoreendpoint.vulnerability.detectionScore
Use an integer value to find endpoints with detections with the specified Qualys Detection Score (QDS) value, which ranges from 1 to 100.
Example
Find endpoints that contain detections with QDS value of 55.
endpoint.vulnerability:(detectionScore>55)
Find endpoints that contain detection with QDS value less than or equal to 55.
endpoint.vulnerability:(detectionScore<=55)
Find endpoints that contain detections with QDS value equal to 55.
endpoint.vulnerability:(detectionScore:55)
endpoint.vulnerability.firstDetectionDateendpoint.vulnerability.firstDetectionDate
Use a specific date or date range to find all the endpoints with detections first detected on the given date or date range.
Example
Find endpoints with detetctions that were first detected in the past 6 months.
endpoint.vulnerability:(firstDetectionDate:[now-6M ... now])
Find endpoints with detections that were first detected on a specified date.
endpoint.vulnerability:(firstDetectionDate:"2021-07-24")
Find endpoints with detections that were first detected after a specified date
endpoint.vulnerability:(firstDetectionDate<"2021-07-24")
Find endpoints with detections that were first detected between March 2024 to July 2024
endpoint.vulnerability:(firstDetectionDate:[2024-03-01 .. 2024-07-31])
endpoint.vulnerability.fixedDateendpoint.vulnerability.fixedDate
Use a specific date or date range to find endpoints with detections marked fixed on the given date or date range.
Example
Find endpoints with the detections that were marked fixed in the past 6 months.
endpoint.vulnerability:(fixedDate:[now-6M ... now])
Find endpoints with the detections that were marked fixed on a specified date.
endpoint.vulnerability:(fixedDate:"2024-06-20")
Find endpoints with the detections that were marked fixed after a specified date
endpoint.vulnerability:(fixedDate>"2024-06-20")
Find endpoints with the detections that were marked fixed between March 2020 to July 2021
endpoint.vulnerability:(fixedDate:[2024-03-01 .. 2024-07-31])
endpoint.vulnerability.groupNameendpoint.vulnerability.groupName
Use values within quotes or backticks to find endpoints with detections having a given group name.
Example
Find endpoints with a with detections having given group name.
endpoint.vulnerability:(groupName:"Cross-Site Scripting")
endpoint.vulnerability.groupTitleendpoint.vulnerability.groupTitle
Use values within quotes or backticks to find endpoints with detections with a given group title.
Example
Find endpoints with detections having a given group title
endpoint.vulnerability:(groupTitle:"XSS")
endpoint.vulnerability.idendpoint.vulnerability.id
Use an integer value to find the endpoint with the given detection ID.
Example
Find endpoints with a given detection ID.
endpoint.vulnerability:(id:3213)
endpoint.vulnerability.isIgnoredendpoint.vulnerability.isIgnored
Use the values true | false to find endpoints with the ignored detections.
Example
Find endpoints with ignored detections.
endpoint.vulnerability:(isIgnored:"true")
Find endpoints that do not have ignored detections.
endpoint.vulnerability:(isIgnored:"false")
endpoint.vulnerabilityignoredBy.firstNameendpoint.vulnerabilityignoredBy.firstName
Use values within quotes or backticks to find endpoints with detections ignored by a user with the specified first name.
Example
Find endpoints with detections that were ignored by a user whose first name is Chandler.
endpoint.vulnerability:(ignoredBy.firstName:"Chandler")
endpoint.vulnerability.ignoredBy.lastNameendpoint.vulnerability.ignoredBy.lastName
Use values within quotes or backticks to find endpoints with detections ignored by a user with the specified last name.
Example
Find endpoints with detections that were ignored by a user whose last name is Bing
endpoint.vulnerability:(ignoredBy.lastName:"Bing")
endpoint.vulnerability.ignoredBy.usernameendpoint.vulnerability.ignoredBy.username
Use values within quotes or backticks to find endpoints with detections ignored by a user with the specified username.
Example
Find endpoints with the detections that are ignored by a user whose username is "quays_pp".
endpoint.vulnerability:(ignoredBy.username:"quays_pp")
endpoint.vulnerability.ignoredCommentendpoint.vulnerability.ignoredComment
Use values within quotes or backticks to find endpoints with detections having the specified ignored comment.
Example
Find endpoints with detections that have given ignored comment.
endpoint.vulnerability:(ignoredComment:"Won't Fix")
endpoint.vulnerability.ignoredDateendpoint.vulnerability.ignoredDate
Use a specific date or date range to find endpoints with detections ignored on the given date or date range.
Example
Find endpoints with detections that were ignored in the past 6 months.
endpoint.vulnerability:(ignoredDate:[now-6M ... now])
Find endpoints with the detections that were ignored on a specified date.
endpoint.vulnerability:(ignoredDate:"2024-06-20")
Find endpoints with detections that were ignored after a specified date.
endpoint.vulnerability:(ignoredDate>"2024-06-20")
Find endpoints with detections that were ignored between March 2024 to July 2024.
endpoint.vulnerability:(ignoredDate:[2024-03-01 .. 2024-07-31])
endpoint.vulnerability.ignoredReactivateDateendpoint.vulnerability.ignoredReactivateDate
Use a specific date or date range to find all endpoints for which detections with ignore reactive date is the given date or date range.
Example
Find endpoints with detections having the ignored reactivate date in the past 6 months.
endpoint.vulnerability:(ignoredReactivateDate:[now-6M ... now])
Find endpoints with detections having the given ignored reactivate date.
endpoint.vulnerability:(ignoredReactivateDate:"2024-06-20")
Find endpoints with detections that were ignored after a specified ignored reactivate date.
endpoint.vulnerability:(ignoredReactivateDate>"2024-06-20")
Find endpoints with detections that having ignored reactivate date between March 2024 to July 2024.
endpoint.vulnerability:(ignoredReactivateDate:[2024-03-01 .. 2024-07-31])
endpoint.vulnerability.ignoredReasonendpoint.vulnerability.ignoredReason
Use a text value to find endpoints with detections with the selected ignored reasons: RISK_ACCEPTED, FALSE_POSITIVE, NOT_APPLICABLE.
Example
Find endpoints with detections for which the ignored reason is RISK_ACCEPTED.
endpoint.vulnerability:(ignoredReason:RISK_ACCEPTED)
Find endpoints with detections for which the ignored reason is either FALSE_POSITIVE or NOT_APPLICALBE.
endpoint.vulnerability:(ignoredReason:[FALSE_POSITIVE, NOT_APPLICALBE])
endpoint.vulnerability.isCisaKnownExploitableendpoint.vulnerability.isCisaKnownExploitable
Use the values true | false to find endpoints with detections that are CISA known exploited vulnerabilities.
Example
Find endpoints with detections having CISA known exploitable vulnerabilities.
eendpoint.vulnerability:(isCisaKnownExploitable:"true")
Find endpoints with detections that do not have CISA known exploitable vulnerabilities.
endpoint.vulnerability:(isCisaKnownExploitable:"false")
endpoint.vulnerability.lastDetectedDateendpoint.vulnerability.lastDetectedDate
Use a specific date or date range to find all endpoints with detections last detected on the given date or date range.
Example
Find endpoints with detections that were last detected in the past 6 months.
endpoint.vulnerability:(lastDetectedDate:[now-6M ... now])
Find endpoints with detections that were last detected on a specified date.
endpoint.vulnerability:(lastDetectedDate:"2024-07-20")
Find endpoints with detections that were last detected after a specified date.
endpoint.vulnerability:(lastDetectedDate>"2021-06-20")
Find endpoints with detections that were last detected between March 2024 to July 2024.
endpoint.vulnerability:(lastDetectedDate:[2024-03-01 .. 2024-7-31])
endpoint.vulnerability.lastTestedDateendpoint.vulnerability.lastTestedDate
Use a specific date or date range to find endpoints with detections that were last tested on the given date or date range.
Example
Find endpoints with detections that were last tested in the past 6 months.
endpoint.vulnerability:(lastTestedDate:[now-6M ... now])
Find endpoints with detections that were last tested on a specified date.
endpoint.vulnerability:(lastTestedDate:"2024-06-20")
Find endpoints with detections that were last tested after a specified date
endpoint.vulnerability:(lastTestedDate>"2024-06-20")
Find endpoints with detections that were last tested between March 2024 to July 2024.
endpoint.vulnerability:(lastTestedDate:[2024-03-01 .. 2024-07-31])
endpoint.vulnerability.owaspApiTopTen.idendpoint.vulnerability.owaspApiTopTen.id
Use an integer to find endpoints with detections with the given OWASP API top ten 2023 category ID.
Example
Find endpoints with detections where OWASP API Top Ten 2023 category ID is 7.
endpoint.vulnerability:(owaspApiTopTen.id:7)
The following table provides the ID and corresponding vulnerability name.
1 |
Broken Object Level Authorization |
2 |
Broken Authentication |
3 |
Broken Object Property Level Authorization |
4 |
Unrestricted Resource Consumption |
5 |
Broken Function Level Authorization |
6 |
Unrestricted Access to Sensitive Business Flows |
7 |
Server Side Request Forgery |
8 |
Security Misconfiguration |
9 |
Improper Inventory Management |
10 |
Unsafe Consumption of APIs |
endpoint.vulnerability.owaspApiTopTen.nameendpoint.vulnerability.owaspApiTopTen.name
Use a text value to find endpoints with detections with the given OWASP API top ten 2023 category name.
Example
Find endpoints with detections where OWASP API Top Ten 2023 category name is "Server Side Request Forgery "
endpoint.vulnerability:(owaspApiTopTen.name:"Server Side Request Forgery ")
endpoint.vulnerability.owaspTopTen.idendpoint.vulnerability.owaspTopTen.id
Use an integer value to find endpoints with detections having the given OWASP top ten 2021 category ID.
Example
Find endpoints with detections that have given OWASP top ten 2021 category ID.
endpoint.vulnerability:(owaspTopTen.id:7)
The following table provides the ID and corresponding vulnerability name.
1 |
Broken Object Level Authorization |
2 |
Broken Authentication |
3 |
Broken Object Property Level Authorization |
4 |
Unrestricted Resource Consumption |
5 |
Broken Function Level Authorization |
6 |
Unrestricted Access to Sensitive Business Flows |
7 |
Server Side Request Forgery |
8 |
Security Misconfiguration |
9 |
Improper Inventory Management |
10 |
Unsafe Consumption of APIs |
endpoint.vulnerability.owaspTopTen.nameendpoint.vulnerability.owaspTopTen.name
Use values within quotes or backticks to find endpoints with detections associated with a given OWASP top ten 2021 category name.
Example
Find endpoints with detections where OWASP Top Ten 2021 category name is "Identification and Authentication Failures"
endpoint.vulnerability:(owaspTopTen.name:"Identification and Authentication Failures")
endpoint.vulnerability.paramendpoint.vulnerability.param
Use values within quotes or backticks to find endpoints for which detections with the specified parameter used to confirm the detection.
Example
Find endpoints with detections for which the "comment.comment from url" parameter is used to confirm the detection.
endpoint.vulnerability:(param:"comment.comment from url")
endpoint.vulnerability.paramTypeendpoint.vulnerability.paramType
Use values within quotes or backticks to find endpoints with detections for which the specified parameter type is used to confirm the detection.
Example
Find endpoints with detections for which the specified parameter type is used to confirm the detection.
endpoint.vulnerability:(paramType:"integer")
endpoint.vulnerability.patchableendpoint.vulnerability.patchable
Use the values true | false to find endpoints with patchable detections.
Example
Find endpoints with patchable detections.
endpoint.vulnerability:(patchable:true)
Find endpoints with the unpatchable detections.
endpoint.vulnerability:(patchable:false)
endpoint.vulnerability.patchIdendpoint.vulnerability.patchId
Use an integer value to find the endpoint with detection having the specified patch ID.
Example
Find endpoints with detections having a given patch ID.
endpoint.vulnerability:(patchId:6357)
endpoint.vulnerability.retestStatusendpoint.vulnerability.retestStatus
Use a text value to find endpoints with detections with the selected retest statuses: NO_RETEST, UNDER_RETEST, RETESTED, CANCELING, CANCELED.
Example
Find endpoints with detections for which the retest status is UNDER_RETEST
endpoint.vulnerability:(retestStatus:UNDER_RETEST)
Find endpoints with detections for which retest status is either CANCELING or CANCELED
endpoint.vulnerability:(retestStatus:[CANCELING, CANCELED])
endpoint.vulnerability.severityendpoint.vulnerability.severity
Use an integer value to find endpoints with detections having the specified severity level.
Example
Find endpoints with detections that have severity level greater than 3.
endpoint.vulnerability:(severity>3)
Find endpoints with detections that have severity less than or equal to 3.
endpoint.vulnerability:(severity<=3)
Find endpoints with detections that are of severity 3.
endpoint.vulnerability:(severity:3)
endpoint.vulnerability.statusendpoint.vulnerability.status
Use a text value to find endpoints with detections having these statuses: NEW, ACTIVE, REOPENED, FIXED, PROTECTED.
Example
Find endpoints with detetction that have status NEW, ACTIVE or REOPENED
endpoint.vulnerability:(status:[NEW, ACTIVE, REOPENED])
Find endpoints with detections that have status NEW.
endpoint.vulnerability:(status:NEW)
endpoint.vulnerability.timesDetectedendpoint.vulnerability.timesDetected
Use an integer value to find endpoints with detections by the number of times it is detected.
Example
Find endpoints with detections that are detected more than 15 times.
endpoint.vulnerability:(timesDetected>15)
Find endpoints with detections that are detected less than or equal to 15 times.
endpoint.vulnerability:(timesDetected<=15)
Find endpoints with detections that are detected for 15 times.
endpoint.vulnerability:(timesDetected:15)
endpoint.vulnerability.titleendpoint.vulnerability.title
Use values within quotes or backticks to find endpoints for which detections with the specified name.
Example
Find endpoints with detections that match the beginning of any substrings within the detection name.
endpoint.vulnerability:(title:"Reflected Cross Site Scripting Vulnerabilities")
Find endpoints with exact detection names.
endpoint.vulnerability:(title:`Reflected Cross Site Scripting Vulnerabilities`)
endpoint.vulnerability.ttrendpoint.vulnerability.ttr
Use an integer value or select a range to find endpoints with the detections having the specified Time to Remediation (TTR) value in days.
Example
Find endpoints with detections for which TTR is 0 to 30 days.
endpoint.vulnerability:(ttr:[0..30])
Find endpoints with detections for which TTR is 30 days.
endpoint.vulnerability:(ttr:=30)
endpoint.vulnerability.typeDetectedendpoint.vulnerability.typeDetected
Use a text value to find endpoints with detections for the selected types: CONFIRMED_VULNERABILITY, POTENTIAL_VULNERABILITY, SENSITIVE_CONTENT, INFORMATION_GATHERED.
Example
Find endpoints with detections that are of CONFIRMED_VULNERABILITY type.
endpoint.vulnerability:(typeDetected:CONFIRMED_VULNERABILITY)
Find endpoints with detections that are of either POTENTIAL_VULNERABILITY or SENSITIVE_CONTENT type.
endpoint.vulnerability:(typeDetected:[POTENTIAL_VULNERABILITY, SENSITIVE_CONTENT])
endpoint.vulnerability.urlendpoint.vulnerability.url
Use values within quotes or backticks to find endpoints with detections with the specified URL.
Example
Find endpoints with detections that have the part of given URL.
endpoint.vulnerability:(url:"http://test.com")
Find endpoints with detections that match exact value "http://test.com"
endpoint.vulnerability:(url:=`http://test.com`)
endpoint.vulnerability.uuidendpoint.vulnerability.uuid
Use values within quotes or backticks to find endpoints with the specified UUID.
Example
Find endpoints with a given UUID.
endpoint.vulnerability:(uuid:"851d8c4a-cd24-4dbf-a632-0ce9d401ccb0")
endpoint.vulnerability.commentendpoint.vulnerability.comment
Use values within quotes or backticks to find endpoints with detections with the specified comment (external reference).
Example
Show endpoints with detections which have given comment (external reference) associated with it
endpoint.vulnerability:(comment:"Framework Error")
endpoint.vulnerability.qidendpoint.vulnerability.qid
Example
Find endpoints for which detections with the given QIDs are found
endpoint.vulnerability:(qid:580512)
vulnerability.commentvulnerability.comment
Use values within quotes or backticks to find detections with the specified comment (external reference).
Example
Show detections which have given comment (external reference) associated with it
vulnerability.comment:"Framework Error"