Dashboard Toolbox - VM DASHBOARD BETA - Discrepancy: Vulnerability Query Formatting and Use of the NOT clause

Document created by DMFezzaReed Employee on Feb 13, 2019Last modified by DMFezzaReed Employee on Jun 26, 2019
Version 6Show Document
  • View in full screen mode

The New Vulnerability Management (VM) Dashboard BETA program is not intended for production use, and its content is subject to modification without notice.  If you have any questions regarding the content, please contact your Technical Account Manager (TAM) or Contact Support - Technical Assistance Inquiry Form | Qualys, Inc.


The 'NOT' clause is proving to be little more complicated when it goes in elastic search in terms of results returned for vulnerability queries. Our DevOps team suggests using explicit includes vs excludes to improve accuracy.  This issue is an example of why the dashboard is remaining in beta version.  


We are still coming up with more searches and enhancing our New VM Dashboard to improve accuracy to match customer expectations and to give a more granular vision of their detections.





Try to avoid the use of the NOT clause in vulnerability queries specifically, and opt instead to using explicitincludes vs excludes to improve accuracy.  Please note several examples below.  Please comment if you would like additional examples.


  • instead of:  not vulnerabilities.status:FIXED
  • please use: vulnerabilities.status:[NEW,ACTIVE,REOPENED]


  • instead of:  not vulnerabilities.typeDetected: Information
  • please use: vulnerabilities.typeDetected:[Confirmed,Potential]


  • instead of:  not vulnerabilities.vulnerability.severity:[1,2]
  • please use: vulnerabilities.vulnerability.severity:[3,4,5] 


Back to Dashboard Toolbox - New Vulnerability Management (VM) Dashboard BETA [CLOSED] 

Back to Dashboards and Reporting Resources - Start Here 

1 person found this helpful