Professional Documents
Culture Documents
Quick Reference
Verity Confidential
Copyright 2017-2022 by Qualys, Inc. All Rights Reserved.
Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks
are the property of their respective owners.
Qualys, Inc.
919 E Hillsdale Blvd
4th Floor
Foster City, CA 94404
1 (650) 801 6100
Table of Contents
Vulnerability Management and Policy Compliance API .......................... 5
Scans ......................................................................................................................................... 5
Authentication ......................................................................................................................... 7
Authentication Vaults ........................................................................................................... 14
Scanner Appliances ............................................................................................................... 15
Option Profiles ....................................................................................................................... 16
KnowledgeBase ...................................................................................................................... 19
Reports .................................................................................................................................... 21
Report Templates .................................................................................................................. 23
Remediation ........................................................................................................................... 26
Compliance Info .................................................................................................................... 27
Users ....................................................................................................................................... 29
Activity Log v2 ........................................................................................................................ 29
Activity Log v1 ........................................................................................................................ 30
Verity Confidential
Web Application Scanning API ...................................................................45
Web Application .................................................................................................................... 45
Authentication ....................................................................................................................... 46
Scan ......................................................................................................................................... 47
Schedule ................................................................................................................................. 48
Option Profile ......................................................................................................................... 51
Report ...................................................................................................................................... 51
Report Creation ...................................................................................................................... 52
Findings .................................................................................................................................. 54
Burp ......................................................................................................................................... 55
Good to Know.................................................................................................. 72
Notations ................................................................................................................................ 72
GET and POST ........................................................................................................................ 72
Date/Time ............................................................................................................................... 72
API Notes ................................................................................................................................ 72
Curl Client .............................................................................................................................. 72
Allowed Operators ................................................................................................................. 72
Looking for more? .................................................................................................................. 72
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API
5
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API
6
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API
7
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API
8
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API
9
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API
10
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API
unix_apache_config_file={value}&
Notes: “community_strings” is optional for create unix_apache_control_command={value}&
and update requests. windows_apache_config_file={value}&
windows_apache_control_command=
SNMPv3:
{value}&
username={value}&
status={0|1}&
password={value}&
is_system_created={0|1}&
auth_alg={MD5|SHA1}&
encrypt_password={value}&
{IBM WebSphere App Server record}:
priv_alg={DES|AES}&
security_engine_id=(value}& unix_installation_dir={value}&
context_engine_id={value}& unix_dir_mode={installation_dir|server_dir}&
context={value}& windows_installation_dir={value}
11
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API
12
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API
13
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API
14
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API
Notes: bold means required for new vault List Appliances: (GET + POST)
action={list}&
Quest Vault:
echo_request={0|1}&
server_address={value}&*
output_mode={brief|full}&
port={value}&
scan_detail={0|1}&
username={value}&*
include_cloud_info={0|1}&
access_key={value}&*
busy={0|1}&
scan_ref={value}&
Notes: bold means required for new vault
name={value}&
15
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API
Physical Scanners: (POST) Notes: When calling this API the user needs to
/api/2.0/fo/appliance/physical/ pass the proper XML with Content-Type XML.
action={update}&
id={id}& VM Option Profiles
name={string}&
polling_interval={60-360}& *default is 180 /api/2.0/fo/subscription/option_profile/vm/?
set_vlans={value}& Create VM Option Profile: (POST)
set_tags= {value}&
action={create}&
add_tags= {value}&
title={value}&
remove_tags= {value}&
16
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API
owner={value}& host_alive_testing={0|1}&
default={0|1}& not_overwrite_os={0|1}&
global={0|1}& test_authentication={0|1}&
offline_scanner={0|1}& System Authentication
scan_tcp_ports={none|full|standard|light}& include_system_auth={0|1}&
scan_tcp_ports_additional={port1,port2}& use_system_auth_on_duplicate={0|1}&
3_way_handshake={0|1}& use_user_auth_on_duplicate={0|1}&
Scan Map
scan_udp_ports={none|full|standard|light}& basic_information_gathering=[all|register|net
scan_udp_ports_additional={port1,port2}& blockonly|none]&
authoritative_option={0|1}& map_tcp_ports_standard_scan={0|1}&
scan_dead_hosts={0|1}& map_tcp_ports_additional={value1,value2}&
close_vuln_on_dead_hosts={0|1}& map_udp_ports_standard_scan={0|1}&
not_found_alive_times={value}& map_udp_ports_additional={value1,value2}&
purge_host_data={0|1}& perform_live_host_sweep={0|1}&
external_scanners_use={value}& disable_dns_traffic={0|1}&
scan_parallel_scaling={0|1}& map_overall_performance={high|normal|low|
scan_overall_performance={high|normal|low| custom}&
custom}& map_external_scanners={value}&
scan_external_scanners={value}& map_scanner_appliances={value}&
scan_scanner_appliances={value}& map_netblock_size={1024 IPs|4096 IPs|
scan_total_process={value}& 8192 IPs|16384IPs|32768 IPs|65536 IPs}&
scan_http_process={value}& map_packet_delay={minimum|short|medium|
scan_packet_delay={minimum|short|medium long|maximum}&
|long|maximum}& map_authentication={VMware | vCenter}&
scan_intensity={normal|medium|low| Additional
minimum}& additional_tcp_ports={0|1}&
load_balancer={0|1}& additional_tcp_ports_standard_scan={0|1}&
password_brute_forcing_system={minimal| additional_tcp_ports_additional={value1,
limited|standard|exhaustive}& value2}&
password_brute_forcing_custom={value1, additional_udp_ports={0|1}&
value2}& additional_udp_ports_type={standard|
vulnerability_detection={complete|custom| custom}&
runtime}& additional_udp_ports_custom={value1,
custom_search_list_ids={value1, value2}& value2}&
custom_search_list_title={value1, value2}& icmp={0|1}&
basic_host_information_checks={0|1}& blocked_resources={0|1}&
oval_checks={0|1}& protected_ports={default|custom}&
all_qrdi_checks={0|1}& protected_ports_custom={value1,value2}&
exclude_search_list_ids={value1, value2}& protected_ips={all|custom}&
authentication={value1,value2}& protected_ips_custom={value1,value2}&
enable_additional_certificate_detection= ignore_firewall_generated_tcp_rst_packets=
{0|1}& {0|1}&
enable_dissolvable_agent={0|1}& ignore_all_tcp_rst_packets={0|1}&
enable_windows_share_enumeration={0|1}& ignore_firewall_generated_tcp_syn_ack_
enable_lite_os_scan={0|1}& packets={0|1}&
custom_http_header={value}& not_send_tcp_ack_or_syn_ack_packets_
custom_http_definition_key={value}& during_host_discovery={0|1}&
custom_http_definition_header={value}&
17
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API
Update VM Option Profile: (POST) List PCI Option Profile: (GET + POST)
action={update}& action={list}&
id={value}&
For other parameters see Create VM Option Delete PCI Option Profile: (GET + POST)
Profile action={delete}&
id={value}&
List VM Option Profile: (GET + POST)
action={list}& Compliance Option Profiles
Delete VM Option Profile: (GET + POST) /api/2.0/fo/subscription/option_profile/pc/?
action={delete}&
Create Compliance Option Profile: (POST)
id={value}&
action={create}&
title={value}&
PCI Option Profiles
owner={value}&
/api/2.0/fo/subscription/option_profile/pci/? global={0|1}&
scan_parallel_scaling={0|1}&
Create PCI Option Profile: (POST)
Scan
action={create}& scan_overall_performance={high|normal|low|
title={value}& custom}&
owner={value}& scan_external_scanners={value}&
global={0|1}& scan_scanner_appliances={value}&
offline_scanner={0|1}& scan_total_process={value}&
scan_parallel_scaling={0|1}& scan_http_process={value}&
Scan scan_packet_delay={minimum|short|medium
scan_overall_performance={high|normal|low| |long|maximum}&
custom}& scan_intensity={normal|medium|low|
scan_external_scanners={value}& minimum}&
scan_scanner_appliances={value}& scan_by_policy={0|1}&
scan_total_process={value}& policy_names={value1,value2}&
scan_http_process={value}& policy_ids={value1,value2}&
scan_packet_delay= auto_update_expected_value={0|1}&
{minimum|short|medium|long|maximum}& fim_controls_enabled={0|1}&
scan_intensity={normal|medium|low| custom_wmi_query_checks={0|1}&
minimum}& enable_dissolvable_agent={0|1}&
scan_dead_hosts={0|1}& enable_password_auditing={0|1}&
close_vuln_on_dead_hosts={0|1}& custom_password_dictionary={value1,
not_found_alive_times={value}& value2}&
purge_host_data={0|1}& enable_windows_share_enumeration={0|1}&
Additional enable_windows_directory_search={0|1}&
additional_tcp_ports_additional={value1, scan_ports={standard|targeted}&
value2}& mssql_db_udc_restriction={0|1}&
mssql_db_udc_limit={value}&
Update PCI Option Profile: (POST)
oracle_db_udc_restriction={0|1}&
action={update}& oracle_db_udc_limit={value}&
id={value}& sybase_db_udc_restriction={0|1}&
For other parameters see Create PCI Option sybase_db_udc_limit={value}&
Profile postgreSQL_db_udc_restriction={0|1}&
postgreSQL_db_udc_limit={value}&
sapiq_db_udc_restriction={0|1}&
18
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API
19
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API
Update Static Search List: (POST) Criteria for Dynamic Search List:
action={update}& vuln_title={value}&
echo_request={0|1}& not_vuln_title={0|1}&
id={value}& discovery_methods={value}&
title={value}& auth_types={value}&
qids={num1,num2…}& user_configuration={value}&
add_qids={num1,num2…}& categories={value}&
remove_qids={num1,num2…}& not_categories={0|1}&
global={0|1}& confirmed_severities={value}&
comments={value}& potential_vulnerabilities={value}&
ig_severities={value}&
Delete Static Search List: (POST) vendor_ids={value}&
action={delete}& not_vendor_ids={0|1}&
echo_request={0|1}& products={value}&
id={value}& not_products={0|1}&
cvss_base={value}&
Dynamic Search Lists cvss_base_operand={1|2}&
cvss_temp={value}&
/api/2.0/fo/qid/search_list/dynamic/ cvss_temp_operand={1|2}&
20
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API
cvss_access_vector={value}& Reports
cvss3_base={value}&
cvss3_base_operand={1|2}& Manage Reports
cvss3_temp={value}&
cvss3_temp_operand={1|2}& /api/2.0/fo/report/
cvss_access_vector={value}&
List Reports: (GET + POST)
patch_available={0|1}&
virtual_patch_available={0|1}& action={list}&
cve_ids={value}& echo_request={0|1}&
not_cve_ids={0|1}& id={value}&
exploitability={value}& state={Running|Finished|Submitted|
malware_associated={value}& Canceled|Errors}&
vendor_refs={value}& user_login={login}&
not_vendor_refs={0|1}& expires_before_datetime={date/time}&
bugtraq_id={value}& client_id= {value}&
not_bugtraq_id={0|1}& client_name={value}&
vuln_details={value}& Manage Reports: (POST)
compliance_details={value}&
action={cancel|delete}&
compliance_types={value}&
echo_request={0|1}&
qualys_top_lists={value}&
id={value}&
qids_not_exploitable={0|1}&
non_running_services={0|1}& Download Report: (POST)
sans_20={0|1}& action={fetch}&
nac_nam={0|1}& echo_request={0|1}&
vuln_provider={0|1}& client_id= {value}&
user_modified_date_between={value}& client_name={value}&
user_modified_date_today={0|1}&
user_modified_date_in_previous={value}&
Launch Report
user_modified_date_within_last_days={value}
& /api/2.0/fo/report/
not_user_modified={0|1}&
service_modified_date_between={value}& Launch Report (all types): (POST)
service_modified_date_today={0|1}& action={launch}&
service_modified_date_in_previous={value}& echo_request={0|1}&
service_modified_date_within_last_days={valu template_id={value}&
e}& report_title={value}&
not_service_modified={0|1}& pdf_password={passwd}&
published_date_between={value}& recipient_group={group,group… 50 max}&
published_date_today={0|1}& hide_header={0|1}&
published_date_in_previous={value}& use_tags={0|1}
published_date_within_last_days={value}& tag_include_selector={all|any}&
not_published={0|1}& tag_exclude_selector={all|any}&
supported_modules={value}& tag_set_by={id|name}&
tag_set_include={value}&
tag_set_exclude={value}&
Delete Dynamic Search List: (POST) recipient_group_id={value}&
action={delete} &
echo_request={0|1}& Map Report:
id={value}& report_type={Map}&
echo_request={0|1}&
21
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API
output_format={pdf|html|mht|xml|csv|docx}& policy_id={value}&
domain={value}& asset_group_ids={value}&
ip_restriction={value}& ips={value}&
report_refs={value}& instance_string={value}
host_id={value}
Scan Report (Scan Based Findings): instance_string={value}
report_type={Scan}&
echo_request={0|1}& Scorecard Report
output_format={pdf|html|mht|xml|csv}&
report_refs={ref,ref…}& /api/2.0/fo/report/scorecard/
ip_restriction={value}&
Launch Scorecard: (POST)
Scan Report (Host Based Findings): action={launch}&
report_type={Scan}& echo_request={0|1}&
echo_request={0|1}& name={value}&
output_format={pdf|html|mht|xml|csv}& report_title={value}&
ips={value}& output_format={pdf|html|mht|xml|csv}&
ips_network_id={id}& hide_header={0|1}& (for CSV only)
asset_group_ids={id,id…}& pdf_password={passwd)&
recipient_group={group,group… 50 max}&
Qualys Patch Report: recipient_group_id={distgroup1,distgroup2}&
echo_request={0|1}& source={asset_groups|business_unit}&
output_format={pdf|online|xml|csv}& asset_groups={value,value…}&
ips={value}& all_asset_groups={0|1}&
asset_group_ids={id,id…}& business_unit={value}&
division={value}&
Remediation Report: function={value}&
report_type={Remediation}& location={value}&
echo_request={0|1}& patch_quids={qid,qid…}& (10 max)
output_format={pdf|html|mht|csv}& missing_qids={qid,qid}& (2 max)
asset_group_ids={id,id…}&
assignee_type={User|All}& Scheduled Report
ips={value}&
/api/2.0/fo/schedule/report/
Compliance Report:
List Scheduled Reports: (GET)
report_type={Compliance}&
echo_request={0|1}& action={list}&
output_format={pdf|html|mht}& id={value}&
is_active={true|false}&
Notes: “mht” is not valid for PCI report. Launch Scheduled Report: (POST)
ips={value}&
asset_group_ids={id,id…}& action={launch_now}&
report_refs={ref,ref…}& id={value}&
Notes: “report_refs” is required for a PCI report,
and not valid for other compliance reports. Asset Search Report
Compliance Policy Report: /api/2.0/fo/report/asset/
report_type={Policy}& Asset Search Report: (GET + POST)
echo_request={0|1}& action={search}&
output_format={pdf|html|mht|xml|csv}& output_format={csv|xml}&
22
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API
23
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API
host_details={0|1}& global={0|1}&
metadata_ec2_instances={0|1}& report_access_users={value}&
cloud_provider_metadata={0|1}&
qualys_system_ids={0|1}& Update Scan Template (PUT)
include_text_summary={0|1}& /api/2.0/fo/report/template/scan/
include_vuln_details={0|1}& template_id={value}&
include_vuln_details_threat={0|1}& action=update
include_vuln_details_impact={0|1}& report_format=xml&
include_vuln_details_solution={0|1}&
include_vuln_details_vpatch={0|1}& Delete Scan Template (POST)
include_vuln_details_compliance={0|1}& /api/2.0/fo/report/template/scan/
include_vuln_details_exploit={0|1}&
action=delete
include_vuln_details_malware={0|1}&
template_id={value}&
include_vuln_details_results={0|1}&
include_vuln_details_reopened={0|1}& Export Scan Template (GET)
include_vuln_details_appendix={0|1}& /api/2.0/fo/report/template/scan/
exclude_account_id={0|1}&
Filters action=export
selective_vulns={complete|custom}& report_format=xml
search_list_ids={value}& template_id={value}&
exclude_qid_option={0|1}&
exclude_search_list_ids={value}& PCI Scan Template API
included_os={value}&
Notes: Go to Scan Template API. The same
status_new={0|1}&
parameters used to define PCI Scan Template
status_active={0|1}& settings. All parameters (all are optional).In
status_reopen={0|1}& addition the following parameters are used.
status_fixed={0|1}&
vuln_active={0|1}& Create PCI Scan Template (POST)
vuln_disabled={0|1}& /api/2.0/fo/report/template/pciscan/
vuln_ignored={0|1}&
potential_active={0|1}& action=create
potential_disabled={0|1}& report_format=xml
potential_ignored={0|1}& custom_pci_ranking={0|1}&
ig_active={0|1}& customized_ranking_medium_from={0|1|2|3|4|
ig_disabled={0|1}& 5|6|7|8|9|10}&
ig_ignored={0|1}& customized_ranking_high_from={0|1|2|3|4|5|6|
display_non_running_kernels={0|1}& 7|8|9|10}&
exclude_non_running_kernel={0|1}& customized_ranking_comments={value}&
exclude_non_running_services={0|1}& customized_ranking_qid_searchlist_commen
exclude_qids_not_exploitable_due_to_config ts={<search list id1/name1> | <SEVERITY> |
uration={0|1}& <comments>,<search list id2/name2> |
exclude_superceded_patches={0|1}& SEVERITY> | <comments>}&
categories_list={value}& Update PCI Scan Template (PUT)
Services and Ports
/api/2.0/fo/report/template/pciscan/
required_services={value}&
unauthorized_services={value}& action=update
required_ports={value}& report_format=xml
unauthorized_ports={value}& template_id={value}&
User Access
24
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API
25
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API
display_custom_footer={0|1}& Remediation
display_custom_footer_text={value}&
map_exclude_account_id={0|1}& ticket_list.php? (GET + POST)
Filters {ticket-selection}
map_included_hosttypes_innetblock={0|1}& show_vuln_details={0|1}&
map_included_hosttypes_scannable={0|1}&
map_included_hosttypes_live={0|1}& ticket_edit.php? (GET + POST)
map_included_hosttypes_approved={0|1}& {ticket-selection}
map_included_hosttypes_outofnetblock={0|1} change_assignee={login}&
& change_state={OPEN|RESOLVED|IGNORED}
map_included_hosttypes_notscannable={0|1} reopen_ignored_days={value}&
& add_comment={value}&
map_included_hosttypes_notlive={0|1}& network_id={value}&
map_included_hosttypes_rogue={0|1}&
Included Discovery Methods ticket_delete.php? (GET + POST)
map_idm_tcp={0|1}& {ticket-selection}
map_idm_udp={0|1}&
{ticket-selection}:
map_idm_traceroute={0|1}&
map_idm_other={0|1}& ticket_numbers={num,range…}&
map_idm_dns={0|1}& since_ticket_number={num}&
map_idm_icmp={0|1}& until_ticket_number={num}&
map_idm_auth={0|1}& ticket_assignee={login}&
Included Status Levels overdue={0|1}&
map_included_statuses_added={0|1}& invalid={0|1}&
map_included_statuses_removed={0|1}& states={OPEN|RESOLVED|CLOSED|
map_included_statuses_active={0|1}& IGNORED}&
dns_exclusions={none|DNS|DNS-DNSZone}& modified_since_datetime={date/time}&
included_os={value}& ips={ip,range…}&
asset_groups={value,value…}&
Update Map Template (PUT) dns_contains={string}&
/api/2.0/fo/report/template/map/ netbios_contains={string}&
vuln_severities={1,2,3,4,5}&
action=update
potential_vuln_severities={1,2,3,4,5}&
report_format=xml
qids={value,value… 10 max}&
template_id={value}&
vuln_title_contains={string}&
Delete Map Template (POST) vuln_details_contains={string}&
vendor_ref_contains={string}&
/api/2.0/fo/report/template/map/
network_id={value}&
action=delete
template_id={value}& ticket_list_deleted.php? (GET + POST)
ticket_numbers={num,range…}&
Export Map Template (GET) since_ticket_number={num}&
/api/2.0/fo/report/template/map/ until_ticket_number={num}&
action=export deleted_since_datetime={date/time}&
report_format=xml deleted_before_datetime={date/time}&
template_id={value}&
Ignore Vulnerability
/ignore_vuln/index.php (GET +POST)
action={ignore|restore}&
26
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API
27
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API
ids={id,range…}& technology_name={value}&
id_min={id}& assignee_id={value}&
id_max={id}& created_by={value}&
status_changes_since={date/time}& modified_by={value}&
evaluation_date={date/time}& details={Basic|All|None}&
asset_group_ids={value} is_active={0|1}&
status={Passed|Failed|Error}& created_after_date={mm/dd/yyyy}&
show_remediation_info={0|1}& updated_after_date={mm/dd/yyyy}&
truncation_limit={value}& expired_before_date={mm/dd/yyyy}&
cause_of_failure={0|1}& expired_after_date={mm/dd/yyyy}&
criticality_labels={value}& exception_numbers={value}&
criticality_values={value}& exception_number_min={value}&
include_dp_name={value}& exception_number_max={value}&
tag_set_by={id|name}& truncation_limit={value}&
tag_include_selector={all|any}&
tag_exclude_selector={all|any}& Request Exceptions: (POST)
tag_set_include={value}& /api/2.0/fo/compliance/exception/
tag_set_exclude={value}& action={request}&
filter_hosts={0|1}& control_id={value}&
host_id={value}&
Notes: Up to 10 policies for “policy_ids”. policy_id={value}&
technology_id={value}&
Policy Merge: (GET + POST) instance_string={value}&
assignee_id={value}&
/api/2.0/fo/compliance/policy/ comments={value}&
action={merge}& reopen_on_evidence_change={0|1}&
id={id}&
merge_policy_id={id} or {policy XML data}& Update Exceptions: (POST)
replace_cover_page={0|1}& /api/2.0/fo/compliance/exception/
replace_asset_groups={0|1}&
add_asset_groups={0|1}& action={update}&
add_new_technologies={0|1}& exception_numbers={value}&
add_new_controls={0|1}& comments={value}&
update_section_heading={0|1}& reassign_to={value}&
update_existing_controls={0|1}& reopen_on_evidence_change={0|1}&
preview_merge={0|1}& status={Pending|Approved|Rejected}&
end_date={mm/dd/yyyy}&
Exceptions Delete Exceptions: (POST)
List Exceptions: (GET + POST) /api/2.0/fo/compliance/exception/
/api/2.0/fo/compliance/exception/ action={delete}&
exception_numbers={value}&
action={list}&
exception_number={value}&
ip={value}& ARF Report
network_name={value}& SCAP Scan Results: (GET + POST)
status={value}&
/api/2.0/fo/compliance/scap/arf/
control_id={value}&
control_statement={value}& scan_id={id}&
policy_id={value}& ips={ip,range…}&
28
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API
ips_network_id={value}& Users
Cyberscope Report user.php? (GET + POST)
Add User:
SCAP Scan Results: (GET + POST)
/api/2.0/fo/asset/host/cyberscope/fdcc/scan/ action={add}&
send_email={0|1}&
scan_id={id}& user_role={manager|unit_manager|scanner|
scan_ref={ref}& reader|contact|administrator}&
ips={ip,range…}& business_unit={Unassigned|{value}}&
organisation_name1={name1}&
organisation_name2={name2}& Edit User:
organisation_name3={name3}& action={edit}&
login={login}&
Notes: “scan_id” or “scan_ref” is required.
Permissions Info (Add or Edit User):
SCAP Policy Results: (GET + POST)
asset_groups={value,value…}&
/api/2.0/fo/asset/host/cyberscope/fdcc/policy/
policy_id={id}& Notes: 1) “asset_groups” applies only to Scanner,
ips={ip,range…}& Reader and Contact.
ag_ids={id,id…}& General Info (Add or Edit User):
organisation_name1={name1}&
organisation_name2={name2}& first_name={value}&
organisation_name3={name3}& last_name={value}&
Notes: All FDCC scanned hosts for the FDCC title={value}&
policy are included unless the filters “ip” and/or phone={value}&
“ag_ids” are specified. fax={value}&
email={value}&
SCAP Global Results: (GET + POST) address1={value}&
/api/2.0/fo/asset/host/cyberscope/ address2={value}&
city={value}&
ips={ip,range…}&
country={value}&
ag_ids={id,id…}&
state={value}&
organisation_name1={name1}&
zip_code={value}&
organisation_name2={name2}&
external_id={value}&
organisation_name3={name3}&
time_zone_code={code or null to set to
browser’s timezone}&
Notes: “ips” or “ag_ids” is required. VM scan data
is reported in the datapoint <sr:DataPoint id:
Notes: 1) Required contact info for add request in
”vulnerability_managment_product_vulnerabilitie
bold above. For edit request, all contact info is
s”>
optional. 2) “state” is required for some country
SCAP Policy List: (GET + POST) codes.
/api/2.0/fo/compliance/fdcc_policy/ Activate/Deactivate Request:
action={list}&
action={activate|deactivate}&
echo_request={0|1}
login={login}&
details={Basic|All|None}
ids={value} user_list.php? (GET + POST)
id_min={value}
external_id_contains={string}&
id_max={value}
external_id_assigned={0|1}&
29
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API
Activity Log v2
(/api/2.0/fo/activity_log/)
Export user activity log (GET + POST)
action={list}&
user_action={value}&
action_details={user_logged in|user_logged
out}&
username={value}&
user_role={Manager|Unit
Manager|Auditor|Scanner|Reader|KnowledgeB
ase Only|Remediation User|Contact}&
since_datetime={YYYY-MM-DD HH:ii:ss}&
until_datetime={YYYY-MM-DD HH:ii:ss}&
output_format=CSV
truncation_limit={value}&
30
Qualys API Quick Reference Guide
Cloud Agent API
31
Qualys API Quick Reference Guide
Cloud Agent API
32
Qualys API Quick Reference Guide
Cloud Agent API
33
Qualys API Quick Reference Guide
Asset Management & Tagging API
34
Qualys API Quick Reference Guide
Asset Management & Tagging API
35
Qualys API Quick Reference Guide
Asset Management & Tagging API
*exclude_search_list_ids={value}& tag_exclude_selector={any|all}&
active_kernels_only={0|1|2|3}& tag_set_by={id|name}&
network_ids={id1,id2…}& tag_set_include={value}&
dectection_processed_before={date}& tag_set_exclude={value}&
dectection_processed_after={date}&
detection_updated_before={date}& Notes: “use_tags=1” must be specified with other
detection_updated_since={date}& tag filter parameters.
max_days_since_detection_updated={value}&
detection_last_tested_since={date}& Excluded Hosts Change History: (GET +
POST)
detection_last_tested_since_days={value}&
detection_last_tested_before={date}& /api/2.0/fo/asset/excluded_ip/history/
detection_last_tested_before_days={value}& action={list}&
host_metadata={all|ec2|google|azure}& echo_request={0|1}&
host_metadata_fields={value1,value2}& ips={ip,range…}&
show_cloud_tags={0|1}& ids={id,range…}&
cloud_tag_fields={value}& id_min={id}&
filter_superseded_qids={0|1}& id_max={id}&
Notes: 1) *include/exclude cannot be specified network_id={id}&
with “qids” or “severities” in same request. Search
list titles and IDs cannot be included/excluded in Manage Excluded Hosts: (POST)
the same request. “show_igs” is required if /api/2.0/fo/asset/excluded_ip/
included search lists contain only Information action={add|remove|remove_all}&
Gathered. echo_request={0|1}&
2) A request with “max_days_since_vm_scan” ips={ip,range…}&
cannot also include “vm_scan_since” or comment={value}&
“no_vm_scan_since”. expiry_days={value}& (for action=add)
dg_names={value}& (for action=add)
3) A request with
network_id=(value)&
“max_days_since_detection_updated” cannot also
include “detected_updated_since”.
Notes: “ips” is invalid for “remove_all”.
Excluded Hosts Virtual Host Assets
Excluded Hosts List: (GET + POST)
/api/2.0/fo/asset/vhost/
/api/2.0/fo/asset/excluded_ip/
Virtual Host List: (GET + POST)
action={list}&
echo_request={0|1}& action={list}&
ips={ip,range…}& echo_request={0|1}&
network_id={id}& ip={ip}&
port={port}&
Filter by asset groups: Virtual Host: (POST)
ag_ids={value}&
action={create|update|delete|add_fqdn|
ag_titles={value}&
delete_fqdn}&
echo_request={0|1}&
Notes: “ag_ids” and “ag_titles” are mutually
ip={ip}&
exclusive and cannot be specified together.
port={port}&
Filter by asset tags: fqdn={fqdn}&
use_tags={0|1}& Notes: “fqdn” is invalid for “delete_fqdn”.
tag_include_selector={any|all} &
36
Qualys API Quick Reference Guide
Asset Management & Tagging API
37
Qualys API Quick Reference Guide
Asset Management & Tagging API
comments={value}& Tag
division={value}&
location={value}& Get details on a tag
function={value}&
business_impact={critical|high|medium|low| /qps/rest/2.0/get/am/tag<id> (GET + POST)
none}& Required:
ips={value}& id (long)
appliance_ids={value}&
default_appliance_id={value}& Create a tag
domains={value}&
dns_names={value}& /qps/rest/2.0/create/am/tag (POST)
netbios_names={value}&
cvss_enviro_cdp={high|medium-high|low- Update a tag
medium|low|none}&
cvss_enviro_td={high|medium|low|none}& /qps/rest/2.0/update/am/tag/<id> (POST)
cvss_enviro_cr={high|medium|low}& /qps/rest/2.0/update/am/tag (POST)
cvss_enviro_ir={high|medium|low}&
cvss_enviro_ar={high|medium|low}& Search tags
Edit/Delete Asset Group: (POST) /qps/rest/2.0/search/am/tag (POST)
action={edit}& Filters:
echo_request={0|1}& id (Long)
id={value}& name (string)
{Edit only parameters below} parent (long)
set_title={value}& ruleType (STATIC, GROOVY, OS_REGEX,
set_comments={value}& NETWORK_RANGE, NAME_CONTAINS,
set_division={value}& INSTALLED_SOFTWARE, OPEN_PORTS,
set_location={value}& VULN_EXIST, ASSET_SEARCH)
set_function={value}& color (string formatted as #FFFFFF where F
set_business_impact={critical|high|medium|lo can be any value between color (0-9 and A-F)
w
|none }& Count tags
add|remove|set_ips={value}&
add|remove|set_appliance_ids={value}& /qps/rest/2.0/count/am/tag (POST)
set_default_appliance_id={value}&
add|remove|set_domains={value}& Delete tag
add|remove|set_dns_names={value}&
add|remove|set_netbios_names={value}& /qps/rest/2.0/delete/am/tag/<id> (POST)
set_cvss_enviro_cdp={high|medium-high|low- /qps/rest/2.0/delete/am/tag (POST)
medium|low|none}&
set_cvss_enviro_td={high|medium|low|none} Evaluate tag
&
set_cvss_enviro_cr={high|medium|low}& /qps/rest/2.0/evaluate/am/tag/<id> (POST)
set_cvss_enviro_ir={high|medium|low}& /qps/rest/2.0/evaluate/am/tag (POST)
set_cvss_enviro_ar={high|medium|low}&
38
Qualys API Quick Reference Guide
Asset Management & Tagging API
Required:
id (long) Asset
/qps/rest/2.0/update/am/hostasset/<id> (POST)
Update asset
/qps/rest/2.0/update/am/hostasset (POST)
/qps/rest/2.0/update/am/asset/<id> (POST)
Search host assets /qps/rest/2.0/update/am/asset (POST)
/qps/rest/2.0/search/am/hostasset (POST)
Search assets
Filters:
qwebHostId (long) /qps/rest/2.0/search/am/asset (POST)
lastVulnScan (date) Filters:
lastComplianceScan (date) id (long)
informationGatheredUpdated (date) name (string)
os (string) created (date)
dnsHostName (string) updated (date)
netbiosName (string) type (UNKNOWN. HOST, SCANNER, WEBAPP,
netbiosNetworkID (string) MALWARE_DOMAIN)
networdGuid (string) tagName (string)
trackingMethod (AssetTrackingMethod) tagId (string)
port (integer)
39
Qualys API Quick Reference Guide
Asset Management & Tagging API
40
Qualys API Quick Reference Guide
Asset Management & Tagging API
41
Qualys API Quick Reference Guide
Asset Management & Tagging API
42
Qualys API Quick Reference Guide
Continuous Monitoring API
43
Qualys API Quick Reference Guide
Continuous Monitoring API
Rules
Search rules
/qps/rest/1.0/search/cm/rule (POST)
Filters (optional):
id (Integer)
ruleType (HOST, VULN, PORT, SSL, SW)
44
Qualys API Quick Reference Guide
Web Application Scanning API
45
Qualys API Quick Reference Guide
Web Application Scanning API
46
Qualys API Quick Reference Guide
Web Application Scanning API
47
Qualys API Quick Reference Guide
Web Application Scanning API
48
Qualys API Quick Reference Guide
Web Application Scanning API
49
Qualys API Quick Reference Guide
Web Application Scanning API
50
Qualys API Quick Reference Guide
Web Application Scanning API
51
Qualys API Quick Reference Guide
Web Application Scanning API
52
Qualys API Quick Reference Guide
Web Application Scanning API
target.scans (WasScan)*
Report Template Count
filters.searchlists (SearchList)*
filters.url (Text) qps/rest/3.0/count/was/reporttemplate (POST)
filters.status (ScanFindingStatus)*
id (Integer)
filters.remediation (*)
name (Text)
showPatched (SHOW_ONLY, SHOW_NONE,
type (Text)
SHOW_BOTH - default)
display.contents (ScanAppReportContent)*
display.graphs (ScanAppReportGraph)*
Search Report Template
display.groups (ScanAppReportGroup)* qps/rest/3.0/search/was/reporttemplate (POST)
display.options (rawLevels)*
id (Integer)
name (Text)
Notes: (*) indicates data type.
type (Text)
Scorecard Report Get details of Report Template
target.tags (Tag)*
qps/rest/3.0/get/was/reporttemplate/<id> (GET)
target.tags.included.option (ALL or ANY)1
target.tags.included.tagList.Tag.id (Integer)1 Required:
filters.searchlists (SearchList)* id (Integer) /report template ID
filters.scanDate (DatetimeRange)*
filters.scanStatus
(WasScanConsolidatedStatus)*
filters.scanAuthStatus (WasScanAuthStatus)*
53
Qualys API Quick Reference Guide
Web Application Scanning API
54
Qualys API Quick Reference Guide
Web Application Scanning API
55
Qualys API Quick Reference Guide
Web Application Firewall API
56
Qualys API Quick Reference Guide
Web Application Firewall API
57
Qualys API Quick Reference Guide
Web Application Firewall API
58
Qualys API Quick Reference Guide
Web Application Firewall API
59
Qualys API Quick Reference Guide
Web Application Firewall API
/qps/rest/2.0/search/waf/custompage/ (POST)
60
Qualys API Quick Reference Guide
Web Application Firewall API
61
Qualys API Quick Reference Guide
Web Application Firewall API
62
Qualys API Quick Reference Guide
Web Application Firewall API
63
Qualys API Quick Reference Guide
Web Application Firewall API
64
Qualys API Quick Reference Guide
Web Application Firewall API
Search appliances
/qps/rest/2.0/search/waf/appliance (POST)
Optional:
id (Long)
uuid (UUID)
name (Text)
hostname (Text)
lastPollDate
applianceCreated
applianceVersion (Text)
status (Long)
pollStatus
heartbeatGenerated
heartbeatProcessed
systemOs (Text)
systemRam (Long)
systemType (Text)
systemEc2InstanceId (Text)
systemEc2InstanceType (Text)
systemEc2AmiId (Text)
systemCpusCount (Long)
systemCpusCores (Long)
systemCpusSpeed (Float)
systemCpusModel (Text)
configRulesVersion (Text)
configVersion (Text)
configGenerated
ip (Text)
cluster.id (Long)
cluster.uuid (UUID)
cluster.name (Text)
65
Qualys API Quick Reference Guide
Malware Detection API
Malware Detections
Current malware detections
/qps/rest/1.0/download/md/detection (POST)
Required:
format (csv|cef)
Filters (optional):
id (Integer)
qid (Integer)
url (Text)
type (Keyword ie BEHAVIORAL)
showDeactivatedSite (Boolean)
severity (Keyword i.e. HIGH)
66
Qualys API Quick Reference Guide
Security Assessment Questionnaire API
67
Qualys API Quick Reference Guide
Security Assessment Questionnaire API
68
Qualys API Quick Reference Guide
Security Assessment Questionnaire API
Update template
/qps/rest/1.0/update/saq/template/<id> (POST)
/qps/rest/1.0/update/saq/template/ (POST)
Required to update single template:
id (Integer) /library template ID
Publish template
/qps/rest/1.0/publish/saq/template/<id> (POST)
Required:
id (Long) /template ID
Delete template
/qps/rest/1.0/delete/saq/template/<id> (POST)
Required:
id (Long) /template ID
69
Qualys API Quick Reference Guide
Portal version API
Portal version
/qps/rest/portal/version (GET)
70
Qualys API Quick Reference Guide
API Server URL
71
Qualys API Quick Reference Guide
Good to Know
2) There are known limits for the amount of data Allowed Operators
that can be sent using the GET method. These Integer EQUALS, NOT EQUALS,
limits are dependent on the toolkit used. There is GREATER, LESSER, IN
no fundamental limit with sending data using the Text CONTAINS, EQUALS, NOT
POST method. EQUALS
Date EQUALS, NOT EQUALS,
3) Variables and values must be URL-encoded.
GREATER, LESSER
4) Returned XML responses usually include Keyword EQUALS, NOT EQUALS, IN
numeric error codes. Boolean (true/false) EQUALS, NOT
5) UTF-8 encoding is used internally and for the EQUALS
returned XML.
6) Role-based privileges (Manager, Scanner, and Looking for more?
Reader) apply to most API calls.
Click here for all our current API User Guides
7) Blanks in “string type values” can be encoded as
plus characters(+).
72