Home

Search Tokens for Applications, Detections, and Endpoints 

You can use the search tokens available in Applications and Detections tab and refine your search results. Click each token to learn more about it.

Generic | Applications | Detections | Endpoints

Generic

andand

Use a boolean query to express your query using AND logic.

Example

Find applications with certain scan status and tag

application.lastScanStatus:"SUBMITTED" AND application.tags.name: "MS WAS 1000 Webapp"

notnot

Use a boolean query to express your query using NOT logic.

Example

Show web applications that don't have last scan status as CANCELED

NOT application.lastScanStatus:"CANCELED"

oror

Use a boolean query to express your query using OR logic.

Example

Show findings with one of these id values

vulnerability.id:3758394 OR vulnerability.id:3495166

Application Tokens

Use these search tokens to find web applications.

application.activatedForModulesapplication.activatedForModules

Use a text value ##### to find web applications that are activated for certain modules: WAS and WAF.

Examples

Find web applications activated for WAF.

application.activatedForModules:WAF

Find web applications which are activated for WAS or WAF modules.

application.activatedForModules:[WAS, WAF]

application.apiEndpointTypeapplication.apiEndpointType

Use a text value ##### to find applications that have certain endpoint types: BURP_PROXY, POSTMAN, SWAGGER, NONE.

Example

Find applications that have endpoint type as POSTMAN.

application.apiEndpointType:POSTMAN

application.attribute.nameapplication.attribute.name

Use values within quotes or backticks to find applications that have the given attribute name.

Examples

Find applications which have attribute name strut associated with it

application.attribute:(name:"strut")

Find applications which have attribute name strut and value 1.0.0

application.attribute:(name:"strut" and value:"1.0.0")

application.attribute.valueapplication.attribute.value

Use values within quotes or backticks to find applications that have the given attribute value.

Examples

Find applications which have attribute value internal associated with it

application.attribute:(value:"internal")

Find applications which have attribute value internal and name app-type

application.attribute:(value:"internal" and name:"app-type")

application.authenticationRecord.nameapplication.authenticationRecord.name

Use values within quotes or backticks to find applications that have authentication record with a given name.

Example

Find applications which have authentication record named Default Auth Record associated with it.

application.authenticationRecord:(name:"Default Auth Record")

application.authenticationRecord.typeapplication.authenticationRecord.type

Use a text value ##### to find applications that have authentication records of certain types: AUTH_CODE, BASIC, CERTIFICATE, CLIENT_CREDS, CUSTOM, DIGEST, IMPLICIT, NTLM, PASSWORD, SELENIUM, STANDARD.

Examples

Find applications that have STANDARD type of authentication records associated with it.

application.authenticationRecord:(type:STANDARD)

Find applications with authentication record types as STANDARD, SELENIUM, or NTLM.

application.authenticationRecord:(type:[STANDARD, SELENIUM, NTLM])

application.authenticationRecord.categoryapplication.authenticationRecord.category

Use a text value ##### to find applications that have authentication records with certain categories: FORM_RECORD, OAUTH2_RECORD, SERVER_RECORD.

Example

Find applications that have authentication record category as FORM_RECORD.

application.authenticationRecord:(category:FORM_RECORD)

application.authenticationRecord.hasClientCertificateapplication.authenticationRecord.hasClientCertificate

Use the values true | false to find applications that have authentication record(s) with client certificate enabled.

Examples

Find applications that have authentication record(s) with client certificate enabled

application.authenticationRecord:(hasClientCertificate:true)

Find a application(s) that has client certificate enabled for none of its authentication records

application.authenticationRecord:(hasClientCertificate:false)

application.authenticationRecord.hasVaultapplication.authenticationRecord.hasVault

Use the values true | false to find applications that have vault enabled.

Examples

Find a application(s) that has vault enabled for at least one of its authentication records

application.authenticationRecord:(hasVault:true)

Find a application(s) that has vault enabled for none of its authentication records

application.authenticationRecord:(hasVault:false)

asset.createdasset.created

Use a date range or specific date to find applications that were created on the given date or date range.

Examples

Show applications which were created in past 6 months

asset.created:[now-6M ... now]

Show applications which were created on a specified date

asset.created:"2021-07-20"

Show applications which were created after a specified date

asset.created>"2021-06-20"

Show applications created between March 2020 to July 2021

asset.created:[2020-03-01 .. 2021-7-31]

application.dnsOverride.nameapplication.dnsOverride.name

Use values within quotes or backticks to find applications that have given name for DNS override record.

Example

Find applications that have given DNS override record associated with it.

application.dnsOverride.name:"ProdDnsRecord"

application.hasDefaultAuthRecordapplication.hasDefaultAuthRecord

Use the values true | false to find applications that have default authentication record associated with it.

Examples

Find applications which have default authentication record associated with it

application.hasDefaultAuthRecord:true

Find applications which do not have any default authentication record associated with it

application.hasDefaultAuthRecord:false

asset.idasset.id

Use an integer value ##### to find application with a given ID.

Example

Find application with a given ID

asset.id:83327

application.igCountapplication.igCount

Use an integer value ##### to find applications with a specified numbers of detections for information gathered.

Examples

Find applications for which greater than 30 detections of Information Gathered type are reported

application.igCount>30

Find applications for which less than or equal to 30 detections of Information Gathered type are reported

application.igCount<=30

Find applications for which 30 detections of Information Gathered type are reported

application.igCount=30

application.isScannedapplication.isScanned

Use the values true | false to find applications by their scan status.

Examples

Show applications which are scanned at least once

application.isScanned:true

Show applications which are never scanned

application.isScanned:false

application.lastScanAuthStatusapplication.lastScanAuthStatus

Use a text value ##### to find applications by authentication status of last scan launched: NOT_USED, NO_AUTH, SUCCESS, FAILURE, PARTIAL

Examples

Find applications for which authentication failed in their last scan

application.lastScanAuthStatus:FAILURE

Find applications for which authentication is either partially or completely successful in their last scan

application.lastScanAuthStatus:[SUCCESS, PARTIAL]

application.lastScannedapplication.lastScanned

Use a date range or specific date to find applications that were last scanned on the specified date or date range.

Examples

Find applications which were last scanned in past 6 months

application.lastScanned:[now-6M .. now]

Find applications which were last scanned on a specified date.

application.lastScanned:"2021-07-20"

Find applications which were last scanned after a specified date

application.lastScanned>"2021-07-20"

Find applications last scanned between December 2020 to July 2021

application.lastScanned:[2020-12-01 .. 2021-07-31]

application.lastScanStatusapplication.lastScanStatus

Use a text value ##### to find applications by last scan status: CANCELED, CANCELED WITH RESULTS, CANCELING, ERROR, FINISHED, NO HOST ALIVE, NO WEB SERVICE, PROCESSING, RUNNING, SCAN NOT LAUNCHED, SCANNER NOT AVAILABLE, SERVICE ERRORS DETECTED, SUBMITTED, TIME LIMIT EXCEEDED, TIME LIMIT REACHED.

Note: Use the single quotation marks for the values containing reserver characters - NOT. For example, 'SCANNER NOT LAUNCHED'.

Examples

Find applications whose last scan status was ERROR

application.lastScanStatus:ERROR

Find applications whose last scan status was SCAN NOT LAUNCHED

application.lastScanStatus:'SCAN NOT LAUNCHED'

Find applications whose last scan status was either FINISHED or CANCELED

application.lastScanStatus:[FINISHED, CANCELED]

application.lastScanTypeapplication.lastScanType

Use a text value ##### to find applications by type of last scan launched: VULNERABILITY, DISCOVERY, AUTHENTICATION_TEST.

Examples

Show applications whose last scan type was VULNERABILITY

application.lastScanType:VULNERABILITY

Show applications whose last scan type was either DISCOVERY OR AUTHENTICATION_TEST

application.lastScanType:[DISCOVERY, AUTHENTICATION_TEST]

application.lastScanUriCountapplication.lastScanUriCount

Use an integer value ##### to find applications by total number of URI detected in the last scan.

Examples

Find applications which have greater than 800 URI reported in the last scan.

application.lastScanUriCount>800

Find applications which have less than or equal to 800 URI reported in the last scan

application.lastScanUriCount<=800

Find applications which have 800 URI reported in the last scan

application.lastScanUriCount:800

application.level1VulnCountapplication.level1VulnCount

Use an integer value ##### to find applications by total number level 1 confirmed vulnerabilities .

Examples

Find applications which have greater than 30 vulnerabilities of level 1 reported

application.level1VulnCount>30

Find applications which have less than or equal to 30 vulnerabilities of level 1 reported

application.level1VulnCount<=30

Find applications which have 30 vulnerabilities of level 1 reported

application.level1VulnCount:30

application.level2VulnCountapplication.level2VulnCount

Use an integer value ##### to find applications by total number level 2 confirmed vulnerabilities .

Examples

Find applications which have greater than 26 vulnerabilities of level 2 reported

application.level2VulnCount>26

Find applications which have less than or equal to 26 vulnerabilities of level 2 reported

application.level2VulnCount<=26

Find applications which have 26 vulnerabilities of level 2 reported

application.level2VulnCount:26

application.level3VulnCountapplication.level3VulnCount

Use an integer value ##### to find applications by total number level 3 confirmed vulnerabilities.

Examples

Find applications which have greater than 24 vulnerabilities of level 3 reported

application.level3VulnCount>24

Find applications which have less than or equal to 24 vulnerabilities of level 3 reported

application.level3VulnCount<=24

Find applications which have 24 vulnerabilities of level 3 reported

application.level3VulnCount:24

application.level4VulnCountapplication.level4VulnCount

Use an integer value ##### to find applications by total number level 4 confirmed vulnerabilities .

Examples

Find applications which have greater than 14 vulnerabilities of level 4 reported

application.level4VulnCount>14

Find applications which have less than or equal to 14 vulnerabilities of level 4 reported

application.level4VulnCount<=14

Find applications which have 14 vulnerabilities of level 4 reported

application.level4VulnCount:14

application.level5VulnCountapplication.level5VulnCount

Use an integer value ##### to find applications by total number level 5 confirmed vulnerabilities .

Examples

Find applications which have greater than 7 vulnerabilities of level 5 reported

application.level5VulnCount>7

Find applications which have less than or equal to 7 vulnerabilities of level 5 reported

application.level5VulnCount<=7

Find applications which have 7 vulnerabilities of level 5 reported

application.level5VulnCount:7

application.malwareMonitoringEnabledapplication.malwareMonitoringEnabled

Use the values true | false to find applications for which malware monitoring is enabled.

Examples

Show applications for which malware monitoring is enabled

application.malwareMonitoringEnabled:true

Show applications for which malware monitoring is not enabled

application.malwareMonitoringEnabled:false

asset.nameasset.name

Use values within quotes or backticks to find applications with a given name.

Examples

Find applications that contain parts of name

asset.name:"qualys test vulnerable app"

Find application with exact name

asset.name:`qualys test vulnerable app`

application.optionProfile.nameapplication.optionProfile.name

Use values within quotes or backticks to find applications that have given option profile configured.

Examples

Find applications that contain parts of option profile name associated with it.

application.optionProfile.name:"WAS Options"

Find applications which have the given option profile associated with it.

application.optionProfile.name:`Initial WAS Options`

application.owner.firstNameapplication.owner.firstName

Use values within quotes or backticks to find applications with owner's first name.

Example

Find applications with owner's first name as Chandler

application.owner.firstName:"Chandler"

application.owner.lastNameapplication.owner.lastName

Use values within quotes or backticks to find applications with owner's last name.

Example

Find applications with owner's last name as Chandler

application.owner.lastName:"Bing"

application.owner.usernameapplication.owner.username

Use values within quotes or backticks to find applications with owner's username.

Example

Find applications with owner's username as user_ap

application.owner.username:"user_ap"

application.progressiveScanningEnabledapplication.progressiveScanningEnabled

Use the values true | false to find applications for which progressive scanning is enabled.

Example

Find applications which have progressive scanning enabled in the configuration.

application.progressiveScanningEnabled:"true"

application.proxy.nameapplication.proxy.name

Use values within quotes or backticks to find applications that have given proxy configured.

Examples

Find applications which have given part of the given proxy name associated with it

application.proxy.name:"WEB Default Proxy"

Find applications which have given proxy associated with it

application.proxy.name:`proxy1`

application.riskapplication.risk

Use an integer value ##### to find applications with a given risk value.

Examples

Find applications which have risk greater than or equal to 4

application.risk>=4

Find applications which have risk less than 3

application.risk<3

Find applications which have risk equal to 5

application.risk:5

application.scannerApplianceapplication.scannerAppliance

Use values within quotes or backticks to find applications with a given scanner appliance configured.

Examples

Find applications which have EXTENRAL scanner configured

application.scannerAppliance:"EXTERNAL"

Find applications which have configured "Internal Scanner 01" as default scanner appliance

application.scannerAppliance:"Internal Scanner 01"

application.scannerApplianceTags.nameapplication.scannerApplianceTags.name

Use values within quotes or backticks to find applications with a given scanner tags selected.

Examples

Find applications which have scanner appliance tag named "Internal Pool 01" associated with it

application.scannerApplianceTags.name:"Internal Pool 01"

Find applications which have scanner appliance tags named "Internal Pool 01" or "Internal Pool 02" associated with it

application.scannerApplianceTags.name:["Internal Pool 01", "Internal Pool 02"]

Find applications which have scanner appliance tags named `Target` associated with it

application.scannerApplianceTags.name:`Target1'

application.scanTrustEnabledapplication.scanTrustEnabled

Use the values true | false to find applications for which WAF authentication is enabled.

Example

Find applications for which scan trust is enabled.

application.scanTrustEnabled:"true"

application.sensitiveContentCountapplication.sensitiveContentCount

Use an integer value ##### to find applications with a specified number of sensitive content reported.

Examples

Find applications which have greater than 43 total sensitive content reported

application.sensitiveContentCount>43

Find applications which have less than or equal to 43 total sensitive content reported

application.sensitiveContentCount<=43

Find applications which have 43 total sensitive content reported

application.sensitiveContentCount:43

application.severityapplication.severity

Use a text value ##### to find applications that have certain severity: HIGH, MEDIUM, LOW, NONE.

Examples

Find applications which have HIGH severity

application.severity:HIGH

Find applications which have HIGH or MEDIUM severity

application.severity:[HIGH, MEDIUM]

tags.nametags.name

Use values within quotes or backticks to find applications that are associated with the specified tag(s).

Examples

Find applications which have part of the tag named "Internal P1" associated with it

tags.name:"Internal P1"

Find applications which have tag named "Dev Internal" or "Production" associated with it.

tags.name:["Dev Internal", "Production"]

Find applications which have the tag named `Target1` associated with it.

tags.name:`Target1`

application.totalVulnCountapplication.totalVulnCount

Use an integer value ##### to find applications that have specified number of total vulnerabilities.

Examples

Find applications for which total number of vulnerabilities is greater than 100

application.totalVulnCount>100

Find applications for which total number of vulnerabilities is less than or equal to 100

application.totalVulnCount<=100

Find applications applications for which total number of vulnerabilities reported is 100

application.totalVulnCount:100

application.totalMalwareVulnCountapplication.totalMalwareVulnCount

Use an integer value ##### to find applications that have specified number of total malware vulnerabilities.

Examples

Find applications for which total number of malware vulnerabilities is greater than 100

application.totalMalwareVulnCount>100

Find applications for which total number of malware vulnerabilities is less than or equal to 100

application.totalMalwareVulnCount<=100

Find applications applications for which total number of malware vulnerabilities reported is 100

application.totalMalwareVulnCount:100

asset.updatedasset.updated

Use a date range or specific date to find applications that were updated on the given date or date range.

Examples

Show applications which were updated in past 6 months

asset.updated:[now-6M ... now]

Show applications which were updated on a specified date

asset.updated:"2021-07-20"

Show applications which were updated after a specified date

asset.updated>"2021-06-20"

Show applications updated between March 2020 to July 2021

asset.updated:[2020-03-01 .. 2021-07-31]

asset.updatedBy.firstNameasset.updatedBy.firstName

Use values within quotes or backticks to find applications updated by user's first name.

Example

Find applications which are updated by the user whose first name is Chandler

asset.updatedBy.firstName:"Chandler"

asset.updatedBy.lastNameasset.updatedBy.lastName

Use values within quotes or backticks to find applications updated by user's last name.

Example

Find applications which are updated by the user whose last name is Bing

asset.updatedBy.lastName:"Bing"

asset.updatedBy.usernameasset.updatedBy.username

Use values within quotes or backticks to find applications that are updated by the specified username.

Example

Find applications which are updated by user whose username is user_ap

asset.updatedBy.username:"user_ap"

application.urlapplication.url

Use values within quotes or backticks to find applications with the specified URL.

Examples

Find applications that have given URL

application.url:"http://test.com"

Find applications that match exact value "http://test.com"

application.url:`http://test.com`

asset.uuidasset.uuid

Use values within quotes or backticks to find applications with the specified UUID.

Example

Find applications with a given UUID

asset.uuid:"17eeec0b2-abf4-4d7b-877a-13146ddadccf"

asset.riskScoreasset.riskScore

Use an interger value to find applications with the asset risk score (TruRisk™ score) value. The range is 0 to 1000.

Examples

Find applications with TruRisk™ score 500

asset.riskScore:500

Find applications with TruRisk™ score greater than 500

asset.riskScore>500

Find applications with TruRisk™ score greater than or equal to 500

asset.riskScore>=500

asset.riskScoreRangeasset.riskScoreRange

Select the range of asset risk score (TruRisk™ score) to find applications in the selected range: CRITICAL,HIGH, MEDIUM, LOW .

Example

Find applications for which TruRisk™ score value is CRITICAL

asset.riskScoreRange:CRITICAL

application.typeapplication.type

Select the type of application—API, WEBAPP.

Example

Find records that are web applications.

application.type:WEBAPP

Detection Tokens

Use these search tokens to find detections.

vulnerability.agevulnerability.age

Select a range to find the detections with the specified age (in days).

Examples

Find detections that are 0 to 30 days old

vulnerability.age:[0..30]

vulnerability.commentvulnerability.comment

Use values within quotes or backticks to find detections with the specified comment (external reference).

Example

Show detections which have given comment (external reference) associated with it

vulnerability.comment:"Framework Error"

vulnerability.criticalityvulnerability.criticality

Use a text value ##### to find detections with certain criticality: HIGH, MEDIUM, LOW, NONE.

Examples

Find detections with HIGH criticality

vulnerability.criticality:HIGH

Find detections with MEDIUM or LOW criticality

vulnerability.criticality:[MEDIUM, LOW]

vulnerability.cveIdsvulnerability.cveIds

Use values within quotes or backticks to find detections with given CVE Id associated with it.

Example

Show detections which have "CVE-10" associated with it

vulnerability.cveIds:"CVE-10"

vulnerability.cvss3Info.baseScorevulnerability.cvss3Info.baseScore

Use an integer value ##### to find detections with the specified CVSS3 base score value.

Examples

Find detections with CVSS3 base score greater than 7

vulnerability.cvss3Info.baseScore>7

Find detections with CVSS3 base score less than or equal to 7

vulnerability.cvss3Info.baseScore<=7

Find detections with CVSS3 base score equal to 7

vulnerability.cvss3Info.baseScore:7

vulnerability.cvss3Info.temporalScorevulnerability.cvss3Info.temporalScore

Use an integer value ##### to find detections with the specified CVSS3 temporal score value.

Examples

Find detections with CVSS3 temporal score greater than 7

vulnerability.cvss3Info.temporalScore>7

Find detections with CVSS3 temporal score less than or equal to 7

vulnerability.cvss3Info.temporalScore<=7

Find detections with CVSS3 temporal score equal to 7

vulnerability.cvss3Info.temporalScore:7

vulnerability.cweIdsvulnerability.cweIds

Use values within quotes or backticks to find detections with a given CWE Id associated with it.

Example

Show detections which have "CWE-56" associated with it

vulnerability.cweIds:"CWE-56"

vulnerability.firstDetectionDatevulnerability.firstDetectionDate

Use a date range or specific date to find all the detections that were first detected on the given date range.

Examples

Show detections which were first detected in past 6 months

vulnerability.firstDetectionDate:[now-6M ... now]

Show detections which were first detected on a specified date

vulnerability.firstDetectionDate:"2021-07-20"

Show detections which were first detected after a specified date

vulnerability.firstDetectionDate>"2021-06-20"

Show detections which were first detected between March 2020 to July 2021

vulnerability.firstDetectionDate:[2020-03-01 .. 2021-07-31]

vulnerability.fixedDatevulnerability.fixedDate

Use a date range or specific date to find all detections that were marked fixed on the given date or date range.

Examples

Find detections which were marked fixed in past 6 months

vulnerability.fixedDate:[now-6M ... now]

Find detections which were marked fixed on a specified date

vulnerability.fixedDate:"2021-07-20"

Find detections which were marked fixed after a specified date

vulnerability.fixedDate>"2021-06-20"

Find detections which were marked fixed between March 2020 to July 2021

vulnerability.fixedDate:[2020-03-01 .. 2021-07-31]

vulnerability.groupNamevulnerability.groupName

Use values within quotes or backticks to find detections with a given group name.

Example

Find detections with a given group name

vulnerability.groupName:"Cross-Site Scripting"

vulnerability.groupTitlevulnerability.groupTitle

Use values within quotes or backticks to find detections with a given group title.

Example

Find detections with a given group title

vulnerability.groupTitle:"XSS"

vulnerability.idvulnerability.id

Use an integer value ##### to find detection with a given ID.

Examples

Find detection with a given ID.

vulnerability.id: 3213

vulnerability.ignoredBy.firstNamevulnerability.ignoredBy.firstName

Use values within quotes or backticks to find detections ignored by a user with the specified first name.

Example

Find detections which are ignored by a user whose first name is Chandler

vulnerability.ignoredBy.firstName:"Chandler"

vulnerability.ignoredBy.lastNamevulnerability.ignoredBy.lastName

Use values within quotes or backticks to find detections ignored by a user with the specified last name.

Example

Find detections which are ignored by a user whose last name is Bing

vulnerability.ignoredBy.lastName:"Bing"

vulnerability.ignoredBy.usernamevulnerability.ignoredBy.username

Use values within quotes or backticks to find detections ignored by a user with the specified username.

Example

Find detections which are ignored by a user whose username is quays_pp

vulnerability.ignoredBy.username:"quays_pp"

vulnerability.ignoredCommentvulnerability.ignoredComment

Use values within quotes or backticks to find detections by the specified ignored comment.

Example

Find detections which have given ignored comment

vulnerability.ignoredComment:"Won't Fix"

vulnerability.ignoredDatevulnerability.ignoredDate

Use a date range or specific date to find all detections that were ignored on the given date or date range.

Examples

Find detections which were ignored in past 6 months

vulnerability.ignoredDate:[now-6M ... now]

Find detections which were ignored on a specified date

vulnerability.ignoredDate:"2021-07-20"

Find detections which were ignored after a specified date

vulnerability.ignoredDate>"2021-06-20"

Find detections which were ignored between March 2020 to July 2021

vulnerability.ignoredDate:[2020-03-01 .. 2021-07-31]

vulnerability.ignoredReactivateDatevulnerability.ignoredReactivateDate

Use a date range or specific date to find all detections for which ignore reactive date is on the given date or date range.

Examples

Find detections for which ignored reactivate date is in past 6 months

vulnerability.ignoredReactivateDate:[now-6M ... now]

Find detections for which ignored reactivate date is on a specified date

vulnerability.ignoredReactivateDate:"2021-07-20"

Find detections for which ignored reactivate date is after a specified date

vulnerability.ignoredReactivateDate>"2021-06-20"

Find detections for which ignored reactivate date is between March 2020 to July 2021

vulnerability.ignoredReactivateDate:[2020-03-01 .. 2021-7-31]

vulnerability.ignoredReasonvulnerability.ignoredReason

Use a text value ##### to find detections with certain ignored reasons: RISK_ACCEPTED, FALSE_POSITIVE, NOT_APPLICABLE.

Examples

Find detections for which ignored reason specified is RISK_ACCEPTED

vulnerability.ignoredReason:RISK_ACCEPTED

Find detections for which ignored reason specified is either FALSE_POSITIVE or NOT_APPLICALBE

vulnerability.ignoredReason:[FALSE_POSITIVE, NOT_APPLICALBE]

vulnerability.isIgnoredvulnerability.isIgnored

Use the values true | false to find detections that are ignored.

Examples

Find detections which are ignored.

vulnerability.isIgnored:"true"

Find detections which are not ignored.

vulnerability.isIgnored:"false"

vulnerability.lastDetectedDatevulnerability.lastDetectedDate

Use a date range or specific date to find all detections that were last detected on the given date or date range.

Examples

Find detections which were last detected in past 6 months

vulnerability.lastDetectedDate:[now-6M ... now]

Find detections which were last detected on a specified date

vulnerability.lastDetectedDate:"2021-07-20"

Find detections which were last detected on a specified date

vulnerability.lastDetectedDate>"2021-06-20"

Find detections which were last detected between March 2020 to July 2021

vulnerability.lastDetectedDate:[2020-03-01 .. 2021-7-31]

vulnerability.lastTestedDatevulnerability.lastTestedDate

Use a date range or specific date to find all detections that were last tested on the given date or date range.

Examples

Find detections which were last tested in past 6 months

vulnerability.lastTestedDate:[now-6M ... now]

Find detections which were last tested on a specified date

vulnerability.lastTestedDate:"2021-07-20"

Find detections which were last tested on a specified date

vulnerability.lastTestedDate>"2021-06-20"

Find detections which were last tested between March 2020 to July 2021

vulnerability.lastTestedDate:[2020-03-01 .. 2021-07-31]

endpoint.vulnerability.originalSeverityendpoint.vulnerability.originalSeverity

Use an integer value ##### to find endpoints with the specified original severity level.

Example

Find endpoints which have original severity level greater than 3

endpoint.vulnerability:(originalSeverity>3)

Find endpoints which have original severity less than or equal to 3

endpoint.vulnerability:(originalSeverity<=3)

Find endpoints which are of original severity 3

endpoint.vulnerability:(originalSeverity:3)

vulnerability.titlevulnerability.title

Use values within quotes or backticks to find detections with the specified name.

Example

Find detections that match the beginning of any substrings within the detection name

vulnerability.title:"Reflected Cross Site Scripting Vulnerabilities"

Find detections with exact name

vulnerability.title:`Reflected Cross Site Scripting Vulnerabilities`

vulnerability.owaspTopTen.idvulnerability.owaspTopTen.id

Use an integer value ##### to find detections with the given OWASP top ten 2021 category ID.

Example

Find detections where owaspTopTen2021 category ID is 7

vulnerability.owaspTopTen.id:7

The following table provides the ID and corresponding vulnerability name.

ID Name

1

Broken Access Control

2

Cryptographic Failures

3

Injection

4

Insecure Design

5

Security Misconfiguration

6

Vulnerable and Outdated Components

7

Identification and Authentication Failures

8

Software and Data Integrity Failures

9

Security Logging and Monitoring Failures

10

Server Side Request Forgery (SSRF)

vulnerability.owaspApiTopTen.idvulnerability.owaspApiTopTen.id

Use an integer value ##### to find detections with the given OWASP API top ten 2023 category ID.

Example

Find detections where owaspApiTopTen2023 category ID is 7.

vulnerability.owaspApiTopTen.id:7

The following table provides the ID and corresponding vulnerability name.

1: Broken Object Level Authorization
2: Broken Authentication
3: Broken Object Property Level Authorization
4: Unrestricted Resource Consumption
5: Broken Function Level Authorization
6: Unrestricted Access to Sensitive Business Flows
7: Server Side Request Forgery
8: Security Misconfiguration
9: Improper Inventory Management
10: Unsafe Consumption of APIs

vulnerability.owaspTopTen.namevulnerability.owaspTopTen.name

Use values within quotes or backticks to find detections with the given owasp top ten 2021 category name.

Example

Find detections where owaspTopTen2021 category name is "Identification and Authentication Failures"

vulnerability.owaspTopTen.name:"Identification and Authentication Failures"

vulnerability.owaspApiTopTen.namevulnerability.owaspApiTopTen.name

Use values within quotes or backticks to find detections with the given OWASP API top ten 2023 category name.

Example

Find detections where owaspApiTopTen2023 category name is "Server Side Request Forgery"

vulnerability.owaspApiTopTen.name:"Server Side Request Forgery"

vulnerability.paramvulnerability.param

Use values within quotes or backticks to find detections for which the specified parameter is used for confirming the detection.

Example

Find detections where param reported is "comment.comment from url"

vulnerability.param:"comment.comment from url"

vulnerability.paramTypevulnerability.paramType

Use values within quotes or backticks to find detections for which specified parameter type is used for confirming the detection.

Example

Find detections where parameter type reported is "Cookie"

vulnerability.paramType:"Cookie"

vulnerability.patchablevulnerability.patchable

Use the values true | false to find detections that have patch available.

Examples

Find detections that have patch available

vulnerability.patchable:true

vulnerability.patchIdvulnerability.patchId

Use an integer value ##### to find detection with the specified patch ID.

Example

Find detections with a given patch ID

vulnerability.patchId:6357

vulnerability.qidvulnerability.qid

Use an integer value ##### to find detections for the specified QID.

Examples

Find detections with a given QID

vulnerability.qid:150001

Find detections with have either of the QIDs from the list

vulnerability.qid:[150001, 150100. 150009]

vulnerability.retestStatusvulnerability.retestStatus

Use a text value ##### to find detections with certain retest statuses: NO_RETEST, UNDER_RETEST, RETESTED, CANCELING, CANCELED.

Examples

Find detections for which retest status is UNDER_RETEST

vulnerability.retestStatus:UNDER_RETEST

Find detections for which retest status is either CANCELING or CANCELED

vulnerability.retestStatus:[CANCELING, CANCELED]

vulnerability.severityvulnerability.severity

Use an integer value ##### to find detections with the specified severity level.

Examples

Find detections which have severity level greater than 3

vulnerability.severity>3

Find detections which have severity less than or equal to 3

vulnerability.severity<=3

Find detections which are of severity 3

vulnerability.severity:3

vulnerability.originalSeverityvulnerability.originalSeverity

Use an integer value ##### to find detections with the Qualys standard severity for the detection.

Examples

Find detections for which original severity is greater than 3

vulnerability.originalSeverity>3

Find detections for which original severity is less than or equal to 3

vulnerability.originalSeverity<=3

Find detections for which original severity is 3

vulnerability.originalSeverity:3

vulnerability.sourcevulnerability.source

Use a text value ##### to find detections from certain sources: QAULYS, BUPR, BUGCROWD.

Examples

Find detections for which source is QUALYS

vulnerability.source:QUALYS

Find detections for which source is either BURP or BUGCROWD

vulnerability.source:[BURP, BUGCROWD]

vulnerability.statusvulnerability.status

Use a text value ##### to find detections with these statuses: NEW, ACTIVE, REOPENED, FIXED, PROTECTED.

Examples

Find detections which have status NEW

vulnerability.status:NEW

Find detections which have status NEW, ACTIVE or REOPENED

vulnerability.status:[NEW, ACTIVE, REOPENED]

tags.nametags.name

Use values within quotes or backticks to find detections with the given tag(s) associated with it.

Examples

Find detections which have part of the tag named tag named "Internal P1" associated with it

tags.name:"Internal P1"

Find detections which have tag named "Dev Internal" or "Production" associated with it.

tags.name:["Dev Internal", "Production"]

Find detections which have the tag named `Target1` associated with it.

tags.name:`Target1`

vulnerability.timesDetectedvulnerability.timesDetected

Use an integer value ##### to find detections by number of times it is detected.

Examples

Find detections which are detected more than 15 times

vulnerability.timesDetected>15

Find detections which are detected less than or equal to 15 times

vulnerability.timesDetected<=15

Find detections which are detected for 15 times

vulnerability.timesDetected:15

vulnerability.typeDetectedvulnerability.typeDetected

Use a text value ##### to find detections with certain types: CONFIRMED_VULNERABILITY, POTENTIAL_VULNERABILITY, SENSITIVE_CONTENT, INFORMATION_GATHERED.

Examples

Find detections which are of CONFIRMED_VULNERABILITY type.

vulnerability.typeDetected:CONFIRMED_VULNERABILITY

Find detections which are of either POTENTIAL_VULNERABILITY or SENSITIVE_CONTENT type.

vulnerability.typeDetected:[POTENTIAL_VULNERABILITY, SENSITIVE_CONTENT]

vulnerability.urlvulnerability.url

Use values within quotes or backticks to find detections which have the specified URL.

Example

Find detections that have given URL

vulnerability.url:"http://test.com"

Find detections that match exact value "http://test.com"

vulnerability.url:`http://test.com`

vulnerability.uuidvulnerability.uuid

Use an integer value ##### to find authentication records associated to web application with given ID.

Example

Find detections with a given UUID

asset.id:9725

vulnerability.ttrvulnerability.ttr

Use an integer value or select a range to find the detections with the specified Time to Remediation (TTR) value in days.

Examples

Find detections for which TTR which are 0 to 30 days

vulnerability.ttr:[0..30]

Find detections for which TTR is 30 days

vulnerability.ttr:30

vulnerability.isCisaKnownExploitablevulnerability.isCisaKnownExploitable

Use the values true | false to find the detections that are CISA known exploited vulnerabilities.

Examples

Find detections that are CISA known exploitable vulnerabilities

vulnerability.isCisaKnownExploitable:true

Find detections that are not CISA known exploitable vulnerabilities

vulnerability.isCisaKnownExploitable:false

vulnerability.detectionScorevulnerability.detectionScore

Use an integer value to find detections with the specified Qualys Detection Score (QDS) value. The range is 1 to 100.

Examples

Find detections with QDS value 55

vulnerability.detectionScore:55

Find detections with QDS value greater than 55

vulnerability.detectionScore>55

Find detections with QDS value greater than or equal to 55

vulnerability.detectionScore>=55

vulnerability.cisaKnownExploits.cisaKEVAddedDatevulnerability.cisaKnownExploits.cisaKEVAddedDate

Use a date a value to search detections based on the added date for CISA known exploitable vulnerabilities.

Examples

Find detections that contains CISA known exploitable vulnerabilities added on a given date (yyyy-mm-dd)

vulnerability.cisaKnownExploits.cisaKEVAddedDate:"2024-08-23"

Find detections that contains CISA known exploitable vulnerabilities added in given date range

vulnerability.cisaKnownExploits.cisaKEVAddedDate:[2024-07-23, 2024-08-23]

vulnerability.cisaKnownExploits.cisaKEVDueDatevulnerability.cisaKnownExploits.cisaKEVDueDate

Use a date a value to search detections based on the due date for CISA known exploitable vulnerabilities.

Examples

Find detections that contains CISA known exploitable vulnerabilities with given due date (yyyy-mm-dd)

vulnerability.cisaKnownExploits.cisaKEVDueDate:"2024-08-23"

Find detections that contains CISA known exploitable vulnerabilities with due date in given date range

vulnerability.cisaKnownExploits.cisaKEVDueDate:[2024-07-23, 2024-08-23]

Endpoint Tokens

Use the following endpoint tokens to search the API endpoints.

endpoint.idendpoint.id

Use an integer value to find the endpoint with the specified ID.

Example

Find endpoints with a given ID

endpoint.id:83327

endpoint.createdendpoint.created

Use a specific date to find endpoints created on the given date or range.

Example

Find endpoints which were created in past 6 months

endpoint.created:[now-6M ... now]

Find endpoints which were created on a specified date.

endpoint.created:"2021-06-20"

Find endpoints which were created after a specified date

endpoint.created>"2021-06-20"

Find endpoints which were created between March 2020 to July 2021

endpoint.created:[2020-03-01 .. 2021-07-31]

endpoint.igCountendpoint.igCount

Use an integer value to find endpoints with a specified number of detections for information gathered.

Example

Find endpoints with greater than 30 detections of Information Gathered type are reported.

endpoint.igCount>30

Find endpoints with less than or equal to 30 detections of Information Gathered type are reported.

endpoint.igCount<=30

Find endpoints with less than or equal to 30 detections of Information Gathered type are reported.

endpoint.igCount=30

endpoint.lastScannedendpoint.lastScanned

Use a specific date or date range to find endpoints last scanned on the specified date or date range.

Example

Find endpoints that were last scanned in past 6 months.

endpoint.lastScanned:[now-6M ... now]

Find endpoints that were scanned on a specified date.

endpoint.lastScanned:"2021-06-20"

Find endpoints that were scanned after a specified date

endpoint.lastScanned>"2021-06-20"

Find endpoints which were last scanned between March 2020 to July 2021

endpoint.lastScanned:[2020-03-01 .. 2021-07-31]

endpoint.level1VulnCountendpoint.level1VulnCount

Use an integer value to find endpoints by the total number of level 1 confirmed vulnerabilities. 

Example

Find endpoints that have greater than 30 vulnerabilities of level 1 reported

endpoint.level1VulnCount>30

Find endpoints that have less than or equal to 30 vulnerabilities of level 1 reported

endpoint.level1VulnCount<=30

Find endpoints that have 30 vulnerabilities of level 1 reported

endpoint.level1VulnCount:30

endpoint.level2VulnCountendpoint.level2VulnCount

Use an integer value to find endpoints by the total number of level 2 confirmed vulnerabilities. 

Example

Find endpoints that have greater than 26 vulnerabilities of level 2 reported

endpoint.level2VulnCount>26

Find endpoints that have less than or equal to 26 vulnerabilities of level 2 reported

endpoint.level2VulnCount<=26

Find endpoints that have 26 vulnerabilities of the level 2 reported

endpoint.level2VulnCount:26

endpoint.level3VulnCountendpoint.level3VulnCount

Use an integer value to find endpoints by the total number of level 3 confirmed vulnerabilities. 

Example

Find applications that have greater than 24 vulnerabilities of level 3 reported

endpoint.level3VulnCount>24

Find applications that have less than or equal to 24 vulnerabilities of level 3 reported

endpoint.level3VulnCount<=24

Find applications that have 24 vulnerabilities of level 3 reported

endpoint.level3VulnCount:24

endpoint.level4VulnCountendpoint.level4VulnCount

Use an integer value to find endpoints by the total number of level 4 confirmed vulnerabilities.

Example

Find endpoints that have greater than 14 vulnerabilities of level 4 reported.

endpoint.level4VulnCount>14

Find endpoints that have less than or equal to 14 vulnerabilities of the level 4 reported.

endpoint.level4VulnCount<=14

Find endpoints that have 14 vulnerabilities of the level 4 reported.

endpoint.level4VulnCount:14

endpoint.level5VulnCountendpoint.level5VulnCount

Use an integer value to find endpoints by a total number of level 5 confirmed vulnerabilities.

Example

Find endpoints that have greater than 7 vulnerabilities of level 5 reported

endpoint.level5VulnCount>7

Find endpoints that have less than or equal to 7 vulnerabilities of level 5 reported

endpoint.level5VulnCount<=7

Find endpoints that have 7 vulnerabilities of level 5 reported

endpoint.level5VulnCount:7

endpoint.methodendpoint.method

Use a text value to find endpoints with the selected method.

Example

Find endpoints with the GET method.

endpoint.method:GET

Find endpoints with the GET and POST method.

endpoint.method:[GET,POST]

endpoint.pathendpoint.path

Use values within quotes or backticks to find endpoints with the given text in the API path.

Example

Find endpoints with the given API endpoint path.

endpoint.path:`account/balance/`

Find endpoints with the part of given API endpoint path.

endpoint.path:"account/balance/"

endpoint.riskendpoint.risk

Use an integer value to find endpoints with the specified security risk value.

Example

Find endpoints that have the risk greater than or equal to 4.

endpoint.risk>=4

Find endpoints that have risk of less than 4

endpoint.risk<4

Find endpoints that have risk equal to 4

endpoint.risk=4

endpoint.sensitiveContentCountendpoint.sensitiveContentCount

Use an integer value to find endpoints with a specified number of sensitive content reported.

Example

Find endpoints that have greater than 43 total sensitive content reported.

endpoint.sensitiveContentCount>43

Find endpoints that have less than or equal to 43 total sensitive content reported

endpoint.sensitiveContentCount<=43

Find endpoints that have 43 total sensitive content reported

endpoint.sensitiveContentCount:=43

endpoint.totalVulnCountendpoint.totalVulnCount

Use an integer value to find endpoints with a specified number of total vulnerabilities.

Example

Find endpoints for which the total number of vulnerabilities is greater than 100.

endpoint.totalVulnCount>100

Find endpoints for which the total number of vulnerabilities is less than or equal to 100.

endpoint.totalVulnCount<=100

Find endpoints for which the total number of vulnerabilities reported is 100.

endpoint.totalVulnCount:100

endpoint.updatedendpoint.updated

Use a date or date range to find all endpoints that were updated on the given date or date range.

Example

Find endpoints that were updated in the past 6 months.

endpoint.updated:[now-6M ... now]

Find endpoints that were updated on a specified date.

endpoint.updated:"2024-06-20"

Find endpoints that were updated after a specified date.

endpoint.updated>"2024-06-20"

Find endpoints which were updated between March 2024 to July 2024

endpoint.updated:[2024-03-01 .. 2024-07-31]

endpoint.visibilityendpoint.visibility

Use a text value to find endpoints with the selected visibility for an endpoint: EXTERNAL, INTERNAL.

Example

Find endpoints that are visible externally.

endpoint.visibility:EXTERNAL

Find endpoints that are not visible internally 

endpoint.visibility:INTERNAL

endpoint.vulnerability.ageendpoint.vulnerability.age

Select a range to find endpoints with detections with the specified age (in days).

Example

Find endpoints consisting of detections that are 0 to 30 days old.

endpoint.vulnerability:(age:[0..30])

endpoint.vulnerability.cisaKnownExploits.cisaKEVAddedDateendpoint.vulnerability.cisaKnownExploits.cisaKEVAddedDate

Use this token to find endpoints with detections based on the date when CISA known exploitable vulnerability is added. The date is added in the YYYY-MM-DD format. 

Example

Find endpoints that contain CISA-known exploitable vulnerabilities added in the past six months.

eendpoint.vulnerability:(cisaKnownExploits.cisaKEVAddedDate:[now-6M ... now])

Find endpoints that contain CISA-known exploitable vulnerabilities added on a specified date.

endpoint.vulnerability:(cisaKnownExploits.cisaKEVAddedDate:"2024-06-20")

Find endpoints that contain CISA-known exploitable vulnerabilities added after a specified date

endpoint.vulnerability:(cisaKnownExploits.cisaKEVAddedDate>"2024-06-20")

Find endpoints that contain CISA-known exploitable vulnerabilities added between March 2024 to July 2024

endpoint.vulnerability:(cisaKnownExploits.cisaKEVAddedDate:[2024-03-01 .. 2024-07-31])

endpoint.vulnerability.cisaKnownExploits.cisaKEVDueDateendpoint.vulnerability.cisaKnownExploits.cisaKEVDueDate

Use this token to find endpoints with detections based on the due date for CISA known exploitable vulnerability. The date is added in the YYYY-MM-DD format.

Example

Find endpoints that contain CISA-known exploitable vulnerabilities with due date in the next six months

endpoint.vulnerability:(cisaKnownExploits.cisaKEVDueDate:[now-6M ... now+6M])

Find endpoints that contain CISA-known exploitable vulnerabilities with specified due date.

endpoint.vulnerability:(cisaKnownExploits.cisaKEVDueDate:"2024-06-20")

Find endpoints that contain CISA-known exploitable vulnerabilities with due date after a specified date.

endpoint.vulnerability:(cisaKnownExploits.cisaKEVDueDate>"2024-06-20")

Find endpoints that contain CISA-known exploitable vulnerabilities due date between March 2024 to July 2024

endpoint.vulnerability:(cisaKnownExploits.cisaKEVDueDate:[2024-03-01 .. 2024-07-31])

endpoint.vulnerability.criticalityendpoint.vulnerability.criticality

Use a text value to find endpoints with detections of the selected criticality: HIGH, MEDIUM, LOW, NONE.

Example

Find endpoints with HIGH criticality.

endpoint.vulnerability:(criticality:HIGH)

Find endpoints with MEDIUM or LOW criticality.

endpoint.vulnerability:(criticality:[MEDIUM, LOW])

endpoint.vulnerability.cveIdsendpoint.vulnerability.cveIds

Use values within quotes or backticks to find endpoints with detections associated with the given CVE ID.

Example

Find endpoints that have "CVE-10" associated with it.

endpoint.vulnerability:(cveIds:"CVE-10")

endpoint.vulnerability.cvss3Info.baseScoreendpoint.vulnerability.cvss3Info.baseScore

Use an integer value to find endpoints with detections having the specified CVSS3 base score value.

Example

Find endpoints with CVSS3 base score greater than 7

endpoint.vulnerability:(cvss3Info.baseScore>7)

Find endpoints with CVSS3 base score less than or equal to 7

endpoint.vulnerability:(cvss3Info.baseScore<=7)

Find endpoints with CVSS3 base score equal to 7

endpoint.vulnerability:(cvss3Info.baseScore:7)

endpoint.vulnerability.cvss3Info.temporalScoreendpoint.vulnerability.cvss3Info.temporalScore

Use an integer value to find endpoints with detections having the specified CVSS3 temporal score value.

Example

Find endpoints with CVSS3 temporal score greater than 7

endpoint.vulnerability:(cvss3Info.temporalScore>7)

Find endpoints with CVSS3 temporal score less than or equal to 7

endpoint.vulnerability:(cvss3Info.temporalScore<=7)

Find endpoints with CVSS3 temporal score equal to 7

endpoint.vulnerability:(cvss3Info.temporalScore:7)

endpoint.vulnerability.cweIdsendpoint.vulnerability.cweIds

Use values within quotes or backticks to find endpoints associated with a given CWE ID.

Example

Show endpoints that have "CWE-56" associated with it.

endpoint.vulnerability:(cweIds:"CWE-56")

endpoint.vulnerability.detectionScoreendpoint.vulnerability.detectionScore

Use an integer value to find endpoints with detections with the specified Qualys Detection Score (QDS) value, which ranges from 1 to 100.

Example

Find endpoints that contain detections with QDS value of 55.

endpoint.vulnerability:(detectionScore>55)

Find endpoints that contain detection with QDS value less than or equal to 55.

endpoint.vulnerability:(detectionScore<=55)

Find endpoints that contain detections with QDS value equal to 55.

endpoint.vulnerability:(detectionScore:55)

endpoint.vulnerability.firstDetectionDateendpoint.vulnerability.firstDetectionDate

Use a specific date or date range to find all the endpoints with detections first detected on the given date or date range.

Example

Find endpoints with detetctions that were first detected in the past 6 months.

endpoint.vulnerability:(firstDetectionDate:[now-6M ... now])

Find endpoints with detections that were first detected on a specified date.

endpoint.vulnerability:(firstDetectionDate:"2021-07-24")

Find endpoints with detections that were first detected after a specified date

endpoint.vulnerability:(firstDetectionDate<"2021-07-24")

Find endpoints with detections that were first detected between March 2024 to July 2024

endpoint.vulnerability:(firstDetectionDate:[2024-03-01 .. 2024-07-31])

endpoint.vulnerability.fixedDateendpoint.vulnerability.fixedDate

Use a specific date or date range to find endpoints with detections marked fixed on the given date or date range.

Example

Find endpoints with the detections that were marked fixed in the past 6 months.

endpoint.vulnerability:(fixedDate:[now-6M ... now])

Find endpoints with the detections that were marked fixed on a specified date.

endpoint.vulnerability:(fixedDate:"2024-06-20")

Find endpoints with the detections that were marked fixed after a specified date

endpoint.vulnerability:(fixedDate>"2024-06-20")

Find endpoints with the detections that were marked fixed between March 2020 to July 2021

endpoint.vulnerability:(fixedDate:[2024-03-01 .. 2024-07-31])

endpoint.vulnerability.groupNameendpoint.vulnerability.groupName

Use values within quotes or backticks to find endpoints with detections having a given group name.

Example

Find endpoints with a with detections having given group name.

endpoint.vulnerability:(groupName:"Cross-Site Scripting")

endpoint.vulnerability.groupTitleendpoint.vulnerability.groupTitle

Use values within quotes or backticks to find endpoints with detections with a given group title.

Example

Find endpoints with detections having a given group title

endpoint.vulnerability:(groupTitle:"XSS")

endpoint.vulnerability.idendpoint.vulnerability.id

Use an integer value to find the endpoint with the given detection ID.

Example

Find endpoints with a given detection ID.

endpoint.vulnerability:(id:3213)

endpoint.vulnerability.isIgnoredendpoint.vulnerability.isIgnored

Use the values true | false to find endpoints with the ignored detections.

Example

Find endpoints with ignored detections.

endpoint.vulnerability:(isIgnored:"true")

Find endpoints that do not have ignored detections.

endpoint.vulnerability:(isIgnored:"false")

endpoint.vulnerabilityignoredBy.firstNameendpoint.vulnerabilityignoredBy.firstName

Use values within quotes or backticks to find endpoints with detections ignored by a user with the specified first name.

Example

Find endpoints with detections that were ignored by a user whose first name is Chandler.

endpoint.vulnerability:(ignoredBy.firstName:"Chandler")

endpoint.vulnerability.ignoredBy.lastNameendpoint.vulnerability.ignoredBy.lastName

Use values within quotes or backticks to find endpoints with detections ignored by a user with the specified last name.

Example

Find endpoints with detections that were ignored by a user whose last name is Bing

endpoint.vulnerability:(ignoredBy.lastName:"Bing")

endpoint.vulnerability.ignoredBy.usernameendpoint.vulnerability.ignoredBy.username

Use values within quotes or backticks to find endpoints with detections ignored by a user with the specified username.

Example

Find endpoints with the detections that are ignored by a user whose username is "quays_pp".

endpoint.vulnerability:(ignoredBy.username:"quays_pp")

endpoint.vulnerability.ignoredCommentendpoint.vulnerability.ignoredComment

Use values within quotes or backticks to find endpoints with detections having the specified ignored comment.

Example

Find endpoints with detections that have given ignored comment.

endpoint.vulnerability:(ignoredComment:"Won't Fix")

endpoint.vulnerability.ignoredDateendpoint.vulnerability.ignoredDate

Use a specific date or date range to find endpoints with detections ignored on the given date or date range.

Example

Find endpoints with detections that were ignored in the past 6 months.

endpoint.vulnerability:(ignoredDate:[now-6M ... now])

Find endpoints with the detections that were ignored on a specified date.

endpoint.vulnerability:(ignoredDate:"2024-06-20")

Find endpoints with detections that were ignored after a specified date.

endpoint.vulnerability:(ignoredDate>"2024-06-20")

Find endpoints with detections that were ignored between March 2024 to July 2024.

endpoint.vulnerability:(ignoredDate:[2024-03-01 .. 2024-07-31])

endpoint.vulnerability.ignoredReactivateDateendpoint.vulnerability.ignoredReactivateDate

Use a specific date or date range to find all endpoints for which detections with ignore reactive date is the given date or date range.

Example

Find endpoints with detections having the ignored reactivate date in the past 6 months.

endpoint.vulnerability:(ignoredReactivateDate:[now-6M ... now])

Find endpoints with detections having the given ignored reactivate date.

endpoint.vulnerability:(ignoredReactivateDate:"2024-06-20")

Find endpoints with detections that were ignored after a specified ignored reactivate date.

endpoint.vulnerability:(ignoredReactivateDate>"2024-06-20")

Find endpoints with detections that having ignored reactivate date between March 2024 to July 2024.

endpoint.vulnerability:(ignoredReactivateDate:[2024-03-01 .. 2024-07-31])

endpoint.vulnerability.ignoredReasonendpoint.vulnerability.ignoredReason

Use a text value to find endpoints with detections with the selected ignored reasons: RISK_ACCEPTED, FALSE_POSITIVE, NOT_APPLICABLE.

Example

Find endpoints with detections for which the ignored reason is RISK_ACCEPTED.

endpoint.vulnerability:(ignoredReason:RISK_ACCEPTED)

Find endpoints with detections for which the ignored reason is either FALSE_POSITIVE or NOT_APPLICALBE.

endpoint.vulnerability:(ignoredReason:[FALSE_POSITIVE, NOT_APPLICALBE])

endpoint.vulnerability.isCisaKnownExploitableendpoint.vulnerability.isCisaKnownExploitable

Use the values true | false to find endpoints with detections that are CISA known exploited vulnerabilities.

Example

Find endpoints with detections having CISA known exploitable vulnerabilities.

eendpoint.vulnerability:(isCisaKnownExploitable:"true")

Find endpoints with detections that do not have CISA known exploitable vulnerabilities.

endpoint.vulnerability:(isCisaKnownExploitable:"false")

endpoint.vulnerability.lastDetectedDateendpoint.vulnerability.lastDetectedDate

Use a specific date or date range to find all endpoints with detections last detected on the given date or date range.

Example

Find endpoints with detections that were last detected in the past 6 months.

endpoint.vulnerability:(lastDetectedDate:[now-6M ... now])

Find endpoints with detections that were last detected on a specified date.

endpoint.vulnerability:(lastDetectedDate:"2024-07-20")

Find endpoints with detections that were last detected after a specified date.

endpoint.vulnerability:(lastDetectedDate>"2021-06-20")

Find endpoints with detections that were last detected between March 2024 to July 2024.

endpoint.vulnerability:(lastDetectedDate:[2024-03-01 .. 2024-7-31])

endpoint.vulnerability.lastTestedDateendpoint.vulnerability.lastTestedDate

Use a specific date or date range to find endpoints with detections that were last tested on the given date or date range.

Example

Find endpoints with detections that were last tested in the past 6 months.

endpoint.vulnerability:(lastTestedDate:[now-6M ... now])

Find endpoints with detections that were last tested on a specified date.

endpoint.vulnerability:(lastTestedDate:"2024-06-20")

Find endpoints with detections that were last tested after a specified date

endpoint.vulnerability:(lastTestedDate>"2024-06-20")

Find endpoints with detections that were last tested between March 2024 to July 2024.

endpoint.vulnerability:(lastTestedDate:[2024-03-01 .. 2024-07-31])

endpoint.vulnerability.owaspApiTopTen.idendpoint.vulnerability.owaspApiTopTen.id

Use an integer to find endpoints with detections with the given OWASP API top ten 2023 category ID.

Example

Find endpoints with detections where OWASP API Top Ten 2023 category ID is 7.

endpoint.vulnerability:(owaspApiTopTen.id:7)

The following table provides the ID and corresponding vulnerability name.

1

Broken Object Level Authorization

2

Broken Authentication

3

Broken Object Property Level Authorization

4

Unrestricted Resource Consumption

5

Broken Function Level Authorization

6

Unrestricted Access to Sensitive Business Flows

7

Server Side Request Forgery

8

Security Misconfiguration

9

Improper Inventory Management

10

Unsafe Consumption of APIs


endpoint.vulnerability.owaspApiTopTen.nameendpoint.vulnerability.owaspApiTopTen.name

Use a text value to find endpoints with detections with the given OWASP API top ten 2023 category name.

Example

Find endpoints with detections where OWASP API Top Ten 2023 category name is "Server Side Request Forgery "

endpoint.vulnerability:(owaspApiTopTen.name:"Server Side Request Forgery ")

endpoint.vulnerability.owaspTopTen.idendpoint.vulnerability.owaspTopTen.id

Use an integer value to find endpoints with detections having the given OWASP top ten 2021 category ID.

Example

Find endpoints with detections that have given OWASP top ten 2021 category ID.

endpoint.vulnerability:(owaspTopTen.id:7)

The following table provides the ID and corresponding vulnerability name.

1

Broken Object Level Authorization

2

Broken Authentication

3

Broken Object Property Level Authorization

4

Unrestricted Resource Consumption

5

Broken Function Level Authorization

6

Unrestricted Access to Sensitive Business Flows

7

Server Side Request Forgery

8

Security Misconfiguration

9

Improper Inventory Management

10

Unsafe Consumption of APIs


endpoint.vulnerability.owaspTopTen.nameendpoint.vulnerability.owaspTopTen.name

Use values within quotes or backticks to find endpoints with detections associated with a given OWASP top ten 2021 category name.

Example

Find endpoints with detections where OWASP Top Ten 2021 category name is "Identification and Authentication Failures"

endpoint.vulnerability:(owaspTopTen.name:"Identification and Authentication Failures")

endpoint.vulnerability.paramendpoint.vulnerability.param

Use values within quotes or backticks to find endpoints for which detections with the specified parameter used to confirm the detection.

Example

Find endpoints with detections for which the "comment.comment from url" parameter is used to confirm the detection.

endpoint.vulnerability:(param:"comment.comment from url")

endpoint.vulnerability.paramTypeendpoint.vulnerability.paramType

Use values within quotes or backticks to find endpoints with detections for which the specified parameter type is used to confirm the detection.

Example

Find endpoints with detections for which the specified parameter type is used to confirm the detection.

endpoint.vulnerability:(paramType:"integer")

endpoint.vulnerability.patchableendpoint.vulnerability.patchable

Use the values true | false to find endpoints with patchable detections.

Example

Find endpoints with patchable detections.

endpoint.vulnerability:(patchable:true)

Find endpoints with the unpatchable detections.

endpoint.vulnerability:(patchable:false)

endpoint.vulnerability.patchIdendpoint.vulnerability.patchId

Use an integer value to find the endpoint with detection having the specified patch ID.

Example

Find endpoints with detections having a given patch ID.

endpoint.vulnerability:(patchId:6357)

endpoint.vulnerability.retestStatusendpoint.vulnerability.retestStatus

Use a text value to find endpoints with detections with the selected retest statuses: NO_RETEST, UNDER_RETEST, RETESTED, CANCELING, CANCELED.

Example

Find endpoints with detections for which the retest status is UNDER_RETEST

endpoint.vulnerability:(retestStatus:UNDER_RETEST)

Find endpoints with detections for which retest status is either CANCELING or CANCELED

endpoint.vulnerability:(retestStatus:[CANCELING, CANCELED])

endpoint.vulnerability.severityendpoint.vulnerability.severity

Use an integer value to find endpoints with detections having the specified severity level.

Example

Find endpoints with detections that have severity level greater than 3.

endpoint.vulnerability:(severity>3)

Find endpoints with detections that have severity less than or equal to 3.

endpoint.vulnerability:(severity<=3)

Find endpoints with detections that are of severity 3.

endpoint.vulnerability:(severity:3)

endpoint.vulnerability.statusendpoint.vulnerability.status

Use a text value to find endpoints with detections having these statuses: NEW, ACTIVE, REOPENED, FIXED, PROTECTED.

Example

Find endpoints with detetction that have status NEW, ACTIVE or REOPENED

endpoint.vulnerability:(status:[NEW, ACTIVE, REOPENED])

Find endpoints with detections that have status NEW.

endpoint.vulnerability:(status:NEW)

endpoint.vulnerability.timesDetectedendpoint.vulnerability.timesDetected

Use an integer value to find endpoints with detections by the number of times it is detected.

Example

Find endpoints with detections that are detected more than 15 times.

endpoint.vulnerability:(timesDetected>15)

Find endpoints with detections that are detected less than or equal to 15 times.

endpoint.vulnerability:(timesDetected<=15)

Find endpoints with detections that are detected for 15 times.

endpoint.vulnerability:(timesDetected:15)

endpoint.vulnerability.titleendpoint.vulnerability.title

Use values within quotes or backticks to find endpoints for which detections with the specified name.

Example

Find endpoints with detections that match the beginning of any substrings within the detection name.

endpoint.vulnerability:(title:"Reflected Cross Site Scripting Vulnerabilities")

Find endpoints with exact detection names.

endpoint.vulnerability:(title:`Reflected Cross Site Scripting Vulnerabilities`)

endpoint.vulnerability.ttrendpoint.vulnerability.ttr

Use an integer value or select a range to find endpoints with the detections having the specified Time to Remediation (TTR) value in days.

Example

Find endpoints with detections for which TTR is 0 to 30 days.

endpoint.vulnerability:(ttr:[0..30])

Find endpoints with detections for which TTR is 30 days.

endpoint.vulnerability:(ttr:=30)

endpoint.vulnerability.typeDetectedendpoint.vulnerability.typeDetected

Use a text value to find endpoints with detections for the selected types: CONFIRMED_VULNERABILITY, POTENTIAL_VULNERABILITY, SENSITIVE_CONTENT, INFORMATION_GATHERED.

Example

Find endpoints with detections that are of CONFIRMED_VULNERABILITY type.

endpoint.vulnerability:(typeDetected:CONFIRMED_VULNERABILITY)

Find endpoints with detections that are of either POTENTIAL_VULNERABILITY or SENSITIVE_CONTENT type.

endpoint.vulnerability:(typeDetected:[POTENTIAL_VULNERABILITY, SENSITIVE_CONTENT])

endpoint.vulnerability.urlendpoint.vulnerability.url

Use values within quotes or backticks to find endpoints with detections with the specified URL.

Example

Find endpoints with detections that have the part of given URL.

endpoint.vulnerability:(url:"http://test.com")

Find endpoints with detections that match exact value "http://test.com"

endpoint.vulnerability:(url:=`http://test.com`)

endpoint.vulnerability.uuidendpoint.vulnerability.uuid

Use values within quotes or backticks to find endpoints with the specified UUID.

Example

Find endpoints with a given UUID.

endpoint.vulnerability:(uuid:"851d8c4a-cd24-4dbf-a632-0ce9d401ccb0")

endpoint.vulnerability.commentendpoint.vulnerability.comment

Use values within quotes or backticks to find endpoints with detections with the specified comment (external reference).

Example

Show endpoints with detections which have given comment (external reference) associated with it

endpoint.vulnerability:(comment:"Framework Error")

endpoint.vulnerability.qidendpoint.vulnerability.qid

Example

Find endpoints for which detections with the given QIDs are found

endpoint.vulnerability:(qid:580512)