Searching for Activity Logs
Click to view navigation pane

Searching for Activity Logs

Syntax help is displayed in the UI for the QQL tokens that you enter from the Activity Logs tab. The following is a complete list of tokens for writing the QQL search queries. Click each token to learn more about it.

actionaction

Use a text value to search results for certain action such as Add, Update, Edit, Delete and so on.

Example

Show results for action as edit

action:edit

userNameuserName

Use a text value to view the finding according to the user name you provide. Note that you must enter the exact user name. 

Examples

Show any results with this name

userName:JohnDoe

Show any results that contain parts of name

userName:"JohnDoe"

Show any results that match exact value "JohnDoe"

userName:`JohnDoe`

userRoleuserRole

Use a text value to find activity logs with certain user roles such as Manager, Reader and so on.

Example

Show activity logs for user role as Manager

userRole:Manager

sourceIpsourceIp

Use an integer value to search activity logs with a specific Source IP.

Example

Show activity logs with SourceIp 1.1.1.1

sourceIp:1.1.1.1

moduleCodemoduleCode

Use a text value to search activity logs on a specific module using the module code such as SM, VM, PM and so on.

Example

Show activity logs for module code as PM

moduleCode:PM

targetNametargetName

Use an integer value to search activity logs for a specific target name.

Example

Show activity logs for target name 656575137

targetName:656575137

targetTypetargetType

Use a text value to search activity logs for a specific target type such as cm_scan, auth, authentication, account and so on.

Example

Show activity logs for target name authentication

targetType:authentication

 

Supported Boolean Operator

The Qualys Query Language (QQL) supports the "and" operator. This is a logical or Boolean query operator. Use this operator in your queries to narrow down or broaden your search.

andand

Use a boolean query to express your query using AND logic.

Find the user with this user name and action.

Example

username:"test_user" and status:"edit"