Qualys API Quick Reference

Qualys API
Quick Reference
May 27, 2022
Verity Confidential
Copyright 2017-2022 by Qualys, Inc. All Rights Reserved.
Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks
are the property of their respective owners.
Qualys, Inc.
919 E Hillsdale Blvd
4th Floor
Foster City, CA 94404
1 (650) 801 6100
Table of Contents
Vulnerability Management and Policy Compliance API .......................... 5
Scans ......................................................................................................................................... 5
Authentication ......................................................................................................................... 7
Authentication Vaults ........................................................................................................... 14
Scanner Appliances ............................................................................................................... 15
Option Profiles ....................................................................................................................... 16
KnowledgeBase ...................................................................................................................... 19
Reports .................................................................................................................................... 21
Report Templates .................................................................................................................. 23
Remediation ........................................................................................................................... 26
Compliance Info .................................................................................................................... 27
Users ....................................................................................................................................... 29
Activity Log v2 ........................................................................................................................ 29
Activity Log v1 ........................................................................................................................ 30
Cloud Agent API ..............................................................................................31

Agent Management ............................................................................................................... 31
Activation Key ........................................................................................................................ 32
Configuration Profile ............................................................................................................. 32
Asset Management & Tagging API .............................................................34

Networks ................................................................................................................................ 34
Assets ...................................................................................................................................... 34
Asset Groups .......................................................................................................................... 37
Tag ........................................................................................................................................... 38
List users with their tags ...................................................................................................... 39
Host Asset ............................................................................................................................... 39
Asset ........................................................................................................................................ 39
Host Instance Vulnerability ................................................................................................. 40
Asset Data Connector ........................................................................................................... 40
AWS Asset Data Connector .................................................................................................. 41
AWS Authentication Record ................................................................................................ 41
Continuous Monitoring API ..........................................................................43

Alerts ....................................................................................................................................... 43
Profiles .................................................................................................................................... 43
Rulesets .................................................................................................................................. 43
Rules ........................................................................................................................................ 44
Verity Confidential
Web Application Scanning API ...................................................................45
Web Application .................................................................................................................... 45
Authentication ....................................................................................................................... 46
Scan ......................................................................................................................................... 47
Schedule ................................................................................................................................. 48
Option Profile ......................................................................................................................... 51
Report ...................................................................................................................................... 51
Report Creation ...................................................................................................................... 52
Findings .................................................................................................................................. 54
Burp ......................................................................................................................................... 55
Web Application Firewall API .....................................................................56

Web Applications ................................................................................................................... 56
Web Servers ............................................................................................................................ 57
Healthchecks .......................................................................................................................... 58
SSL Certificates ...................................................................................................................... 59
Custom Response Pages ........................................................................................................ 60
Security Policies ..................................................................................................................... 61
HTTP Profiles .......................................................................................................................... 62
Custom Rules ......................................................................................................................... 63
Clusters ................................................................................................................................... 64
Appliances .............................................................................................................................. 65
Malware Detection API..................................................................................66

Malware Detections ............................................................................................................... 66
Security Assessment Questionnaire API...................................................67

SAQ users ................................................................................................................................ 67
SAQ templates ....................................................................................................................... 68
Portal version API ...........................................................................................70

Portal version ......................................................................................................................... 70
API Server URL .................................................................................................71

Qualys API Server URL .......................................................................................................... 71
Still need help? ....................................................................................................................... 71
Good to Know.................................................................................................. 72
Notations ................................................................................................................................ 72
GET and POST ........................................................................................................................ 72
Date/Time ............................................................................................................................... 72
API Notes ................................................................................................................................ 72
Curl Client .............................................................................................................................. 72
Allowed Operators ................................................................................................................. 72
Looking for more? .................................................................................................................. 72
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API
Vulnerability Manage Scans: (POST)

action={cancel|pause|resume}&
Management and Policy echo_request={0|1}&
Compliance API scan_ref={value}&
Download Scan Results: (GET + POST)
Use these API calls to manage vulnerability and action={fetch}&
compliance scans and report on scan results. echo_request={0|1}&
Scans | Authentication | Scanner Appliances | Option scan_ref={value}&
Profiles | KnowledgeBase | Reports | Report *ips={ip,range…}&
Templates | Remediation | Compliance Info | Users | *mode={brief|extended}&
Activity Log v2 | Activity Log v1 *output_format={csv|json|csv_extended|
json_extended}&
Looking for more information?
Qualys API (VM, PC) User Guide Notes: * means VM scan only
Qualys API (VM, PC) XML/DTD Reference Share PCI Scan: (GET + POST)
action={share|status}& *POST for share
Scans echo_request={0|1}&
scan_ref={value}&
Manage Scans merchant_username={value}&
VM Scans - /api/2.0/fo/scan/ Scan Summary: (GET + POST)
Compliance Scans - /api/2.0/fo/scan/compliance/ /api/2.0/fo/scan/summary
SCAP Scans - /api/2.0/fo/scan/scap/ action={list}&
scan_date_since={value}&
List Scans: (GET + POST) scan_date_to={value}&
action={list}& output_format={value}&
echo_request={0|1}& tracking_method={value}&
scan_ref={value}& include_dead={0|1}&
state={Running|Paused|Canceled|Finished| include_excluded={0|1}&
Error|Queued|Loading}& include_unresolved={0|1}&
processed={0|1}& include_cancelled={0|1}&
type={On-Demand|Scheduled|API}& include_notvuln={0|1}&
target={ip,range…}& include_blocked={0|1}&
user_login={login}& include_duplicate={0|1}&
launched_after_datetime={date/time}& include_aborted={0|1}&
launched_before_datetime={date/time}&
Scanner Details: (GET + POST)
show_ags={0|1}&
show_op={0|1}& /api/2.0/fo/scan/scanner
show_status={0|1}& action={list}&
show_last={0|1}& scan_date_since={value}&
pci_only={0|1}& scan_date_to={value}&
ignore_target={0|1}& ips={value}&
client_id= {value}& output_format=XML&
client_name={value}&
ec2_instance_ids={value}&
scap_scan_since={date}&
no_scap_scan_since={date}&
5
Launch Scan active={0|1}&

show_notifications={0|1}&
VM Scan - /api/2.0/fo/scan/ client_id= {value}&
Compliance Scan - /api/2.0/fo/scan/compliance/ client_name={value}&
Launch Scan: (POST) Create Scheduled Scan: (POST)

action={launch}& action={create}&
echo_request={0|1}& echo_request={0|1}&
scan_ref={value}& scan_title={value}&
scan_title={value}& active={0|1}&
target_from={assets|tags}& option_title={value}&
ip={value}& option_id={value}&
asset_groups={value}& iscanner_id={value1,value2…}&
asset_group_ids={value}& iscanner_name={value1,value2…}&
exclude_ip_per_scan={value}& ip={value}&
tag_include_selector={all|any}& asset_groups={value}&
tag_exclude_selector={all|any}& asset_group_ids={value}&
tag_set_by={id|name}& default_scanner={0|1}&
tag_set_include={value}& scanners_in_ag={0|1}&
tag_set_exclude={value}& scanners_in_tagset={0|1}&
use_ip_nt_range_tags={0|1}& exclude_ip_per_scan={value}&
use_ip_nt_range_tags_include={0|1}& ip_network_id={id}&
use_ip_nt_range_tags_exclude={0|1}& runtime_http_header={value}&
iscanner_id={value1,value2…}& target_from={assets|tags}&
iscanner_name={value1,value2…}& tag_include_selector={all|any}&
default_scanner={0|1}& tag_exclude_selector={all|any}&
scanners_in_ag={0|1}& tag_set_by={id|name}&
scanners_in_tagset={0|1}& tag_set_include={value}&
scanners_in_network={value} tag_set_exclude={value}&
option_title={value}& use_ip_nt_range_tags={0|1}&
option_id={value}& use_ip_nt_range_tags_include={0|1}&
priority={value}& (0-9) *default is 0 use_ip_nt_range_tags_exclude={0|1}&
runtime_http_header={value}& connector_name={value}& *for EC2 scan
connector_name={value}& *for EC2 scan connector_uuid={value}& *for EC2 scan
ec2_endpoint={value}& *for EC2 scan ec2_endpoint={value}& *for EC2 scan
ip_network_id={id}& ec2_only_classic={value}& *for EC2 scan
fqdn={value}& occurrence={daily|weekly|monthly}&
client_id= {value}& frequency_days={value}& (1-365)
client_name={value}& frequency_weeks={value}& (1-52)
ec2_instance_ids={value}& weekdays={sunday|monday|tuesday|
wednesday|thursday|friday|saturday}&
frequency_months={value}& (1-12)
Scheduled Scans day_of_month={value}& (1-31)
day_of_week={value}& (0-6, where 0 is
VM Scans - /api/2.0/fo/schedule/scan/ sunday)
List Scheduled Scans: (GET) week_of_month={first|second|third|fourth|
last}&
action={list}& start_date={date}&
echo_request={0|1}&
start_hour={value}& (0-23)
id={value}&
6
start_minute={value}& (0-59) For Daily Scan, these must be specified together:

time_zone_code={value}& occurrence=daily, frequency_days.
observe_dst={yes|no}& For Weekly Scan, these must be specified
recurrence={value}& together: occurrence=weekly, frequency_weeks,
end_after={value}& (0-119) weekdays.
end_after_mins={value}& (0-59)
pause_after_hours={value}& (1-119) For Monthly Scan, these must be specified
pause_after_mins={value}& (0-59) together: occurrence=monthly,
resume_in_days={value}& (1-9) frequency_months and day_of_month (for Nth
resume_in_hours={value}& (0-23) day of month) or day_of_week, week_of_month
fqdn={value}& (for Day in Nth week).
client_id= {value}&
client_name={value}& Delete Scheduled Scan: (POST)
Notes: “end_after_mins” must be specified with action={delete}&

“end_after”. “pause_after_mins” must be specified id={value}&
with “pause_after_hours”. “resume_in_hours” echo_request={0|1}&
must be specified with “pause_after_hours” and
“resume_in_days”. Authentication
before_notify={0|1}&
before_notify_unit={days|hours|minutes}& Authentication Record List
before_notify_time={value}& /api/2.0/fo/auth/
before_notify_message={value}&
after_notify={0|1}& List Records (all types): (GET + POST)
after_notify_message={value}& action={list}&
recipient_group_ids={value}& echo_request={0|1}&
title={value}&
Notes: “before_notify_time” must be specified comments={value}&
with before_notify=1. “before_notify_message” is ids={id,range…}&
only valid when before_notify=1. id_min={id}&
id_max={id}&
“after_notify_message” is only valid when
after_notify=1. “recipient_group_ids” is only valid
when before_notify=1 or after_notify=1 is also Authentication Record by Type List
specified. /api/2.0/fo/auth/{type}/
Update Scheduled Scan: (POST) where {type} is one of: unix, windows, oracle,
action={update}& oracle_listener, snmp, ms_sql, neo4j, ibm_db2,
id={value}& vmware, vcenter, http, apache, ms_iis,
echo_request={0|1}& ibm_websphere, mysql, tomcat, oracle_weblogic,
set_start_time={0|1}& mongodb, mariadb, palo_alto_firewall, jboss,
client_id= {value}& kubernetes, sapiq, sap_hana, nginx
client_name={value}&
List Records by Type: (GET + POST)
Notes: For updating the start time, these must be action={list}&
specified together: set_start_time=1, start_date,
start_hour, start_minute, time_zone_code, Notes: Same optional parameters as for
observe_dst. authentication records list (all types) plus:
details={Basic|All|None}&
7
Authentication Records request. “add_ips” and “remove_ips” are for an

update request only. “network_id” is valid when
/api/2.0/fo/auth/<type>/ the networks feature is enabled.
where <type> is one of: unix (for Unix, Cisco,
Checkpoint Firewall), windows, oracle, {vault definition}:
oracle_listener, snmp, vmware, vcenter, apache, login_type={basic|vault}& /set to vault to
ms_iis, ibm_websphere, http, mysql, ms_sql, enable
docker, postgresql, sybase, tomcat, mongodb, vault_id={value}&
mariadb, palo_alto_firewall, jboss, kubernetes, vault_type={value}&
sapiq, sap_hana, network_ssh, neo4j, nginx (vault parameters below are required except as
indicated, * means optional)
Manage Records: (GET + POST)
action={create|update|delete}& ARCON PAM
title={value}& vault_service_type={value}&
ids={id,range…}& Azure Key
echo_request={0|1}&
ak_secret_name={value}&
CA Access Control
Notes: “title” is required for a create request. “ids”
end_point_name={value}&
is required for an update and delete request.
end_point_type={value}&
comments={value}&
end_point_container={value}&
{target hosts} (*requirements below)
CA PAM
{<type> credentials} (*requirements per
vault_app_name={value}&
record)
vault_device_name={value}&
vault_device_host={value}&
Notes: Comments, target hosts, and credentials
CyberArk PIM Suite
specified for create and update requests only (not
folder={value}&
delete requests).
file={value}&
{target hosts}: CyberArk AIM
ips={ip,range…}& folder={value}&
add_ips={ip,range…}& file={value}&
remove_ips={ip,range…}& HashiCorp
network_id={value}& secret_kv_path={value}&
secret_kv_name={value}&
when Tag Support for Authentication Records is secret_kv_key={value}&
enabled (Windows, Unix): Thycotic Secret Server
secret_name={value}&
asset_type={ips|asset_tags|ip_range_tag_
Quest Vault
rule}&
system_name={value}&
tag_set_by={id|name}&
Lieberman ERPM
tags_include={tag1,tag2...}&
auto_discover_system_name={value}&
tags_exclude={tag1,tag2,...}&
system_name_single_host={value}&
tag_include_selector={any|all}&
system_type={auto|windows|unix|oracle|mssq
tag_exclude_selector={any|all}&
l|ldap|system|custom}&
*custom_system_type=&{value}
Notes: “ips” is required for a create request
*valid when system_type=custom
(except for Windows, and except when Tag
BeyondTrust PBPS
Support is enabled), optional for an update
*system_type={value}&
*account_name={value}&
Wallix AdminBastion (WAB)
8
authorization_name={value} {Network SSH record}:

target_name={value} Login credentials:
{Unix record}: username={value}&
Login credentials: password={value}&
login_type={basic|vault}& (vault definition)
username={value}&
p2_login_type={basic|vault}& (vault definition)
password={value}&
*p2_<vault parameters>
vault_type={CA Access Control|CyberArk PIM
vault_type={CA Access Control|CyberArk PIM
Suite|CyberArk AIM|Hitachi ID
Suite|CyberArk AIM|Hitachi ID
PAM|Lieberman ERPM|Quest Vault|Thycotic
PAM|Lieberman ERPM|Quest Vault|Thycotic
Secret Server|BeyondTrust PBPS|Wallix
Secret Server|BeyondTrust PBPS|Wallix
AdminBastion}
AdminBastion}
**cleartext_password={0|1}&
cleartext_password={0|1}&
password2={value}&
skip_password={0|1}&
{XML File}&
{XML File}&
target_type={auto|A10|HP_COMWARE|CISCO_
target_type={auto|A10|HP_COMWARE|CISCO_
ASA_WITH_FIREPOWE}
ASA_WITH_FIREPOWE}
Notes:
Notes: Required for create request: “username”,
“password” if cleartext_password=1. {XML File} * If p2_login_type is vault then all vault parameter
defines private key certificates and root fields must be added with prefix 'p2_'
delegations. ** Required for create request: “username”,
Scanning: “password” if cleartext_password=1. {XML File}
port={value}& /PC scans only defines private key certificates.
use_agentless_tracking={0|1}&
agentless_tracking_path={value}&
{Windows record}:
Notes: If use_agentless_tracking=1, Login credentials:
“agentless_tracking_path” is required. username={value}&
password={value}&
{Unix subtype record}:
sub_type={cisco|checkpoint_firewall}&
windows_domain={value}&
Login credentials: windows_ad_domain={value}&
username={value}& ntlm={0|1}&
password={value}& kerberos={0|1}&
login_type={basic|vault}& (vault definition) ntlmv2={0|1}&
vault_type={CyberArk PIM Suite|CyberArk ntlm={0|1}&
AIM} require_smb_signing={0|1}&
cleartext_password={0|1}& minimum_smb_version={value}&
enable_password={value}& (Cisco only) Scanning:
expert_password={value}& (Checkpoint only) use_agentless_tracking={0|1}&
{Oracle record}:
Notes: Required for create request: “username”,
“password” if cleartext_password=1. Login credentials:
Scanning: login_type={basic|vault}& (vault definition)
port={value}& /PC scans only username={value}&
password={value}&
9
vault_type={ARCON PAM | Azure Key | unix_prilogfile={value}

BeyondTrust PBPS | CA Access Control | unix_seclogfile={value}
CyberArk PIM Suite| CyberArk AIM | unix_terlogfile={value}
HashiCorp | Lieberman ERPM | Quest Vault | unix_mirlogfile={value}
Thycotic Secret Server}&
vault_id={value}& Notes: All check parameters are required if you
sid={value}& want OS-dependent compliance checks to be run.
servicename={value}&
{MySQL record}:
port={num}&
is_cdb={0|1}& /PC scans only username={value}&
pc_only={0|1}& /PC scans only password={value}&
database={value}&
OS-dependent compliance checks: port={value}&
perform_windows_os_checks={0|1}& windows_config_file={value}&
win_ora_home_name={value}& unix_config_file={value}&
win_ora_home_path={value}& ssl_verify={value}&
win_init_ora_path={value}& hosts={value}&
win_spfile_ora_path={value}& client_cert={value}&
win_listener_ora_path={value}& client_key={value}&
win_sqlnet_ora_path={value}& kerberos={0|1}&
win_tnsnames_ora_path={value}& ntlmv2={0|1}&
perform_unix_os_checks={0|1}& ntlm={0|1}&
perform_unix_opatch_checks={0|1}& member_domain={value}& or ips={value}&
unix_ora_home_path={value}&
Notes: All parameters are required for create
unix_init_ora_path={value}&
request, except client_cert and client_key (which
unix_spfile_ora_path={value}&
must be specified together).
unix_listener_ora_path={value}&
unix_sqlnet_ora_path={value}& {Neo4j record}:
unix_tnsnames_ora_path={value}& username={value}&
unix_invptrloc={value}& password={value}&
{Oracle Listener record}: login_type={basic|vault}&
database={value}&
password={value}&
port={value}&
{IBM DB2 record}: ssl_verify={value}&
hosts={value}&
Login credentials:
neo4j_version={value}&
login_type={basic| vault}& unix_base_path={value}&
username={value}& unix_conf_path={value}&
password={value}& neo4j_auto_path={0|1}&
database={value}&
port={value}& Nginx record}:
pc_only={0|1}& /PC scans only
unix_bin_path={value}&
OS-dependent compliance checks: unix_conf_path={value}&
win_db2dir={value} unix_prefix_path={0|1}&
win_prilogfile={value}
{SNMP record}:
win_seclogfile={value}
win_terlogfile={value} version={v1|v2c|v3}&
win_mirlogfile={value}
SNMPv1 and SNMPv2c:
unix_db2dir={value}
community_strings={value,value…}&
10
unix_apache_config_file={value}&
Notes: “community_strings” is optional for create unix_apache_control_command={value}&
and update requests. windows_apache_config_file={value}&
windows_apache_control_command=
SNMPv3:
{value}&
username={value}&
status={0|1}&
password={value}&
is_system_created={0|1}&
auth_alg={MD5|SHA1}&
encrypt_password={value}&
{IBM WebSphere App Server record}:
priv_alg={DES|AES}&
security_engine_id=(value}& unix_installation_dir={value}&
context_engine_id={value}& unix_dir_mode={installation_dir|server_dir}&
context={value}& windows_installation_dir={value}
Notes: All SNMPv3 parameters are optional. {Tomcat Server record}:

However, when one is specified, others are
required as follows. 1) It is required that installation_path={value}&
“username”, “password” and auth_alg” are all instance_path={value}&
defined for record. 2) It is required that auto_discover_instances={0|1}&
“encrypt_password” and “priv_alg” are all defined installation_path_windows={value}&
for record. 3) For an update request “auth_alg” instance_path_windows={value}&
and “priv_alg” may be set to empty, in which case service_name={value}&
the data is not encrypted.
Notes: “installation_path” or
{VMware record}: “installation_path_windows” is required for a
username={value}& create request.
password={value}& {HTTP record}:
port={value}&
hosts={value}& username={value}&
ssl_verify={all|skip|none}& password={value}&
login_type=& vhost={value}&
is_disconnect={0|1}& realm={value}&
ssl={0|1}&
Notes: “username” and “password” are required
for a create request, optional for an update Notes: “vhost” or “realm” is required for a create
request. request. “ips” parameter is not valid for this record
type.
{vCenter record}:
{MongoDB record}:
username={value}&
password={value}& unix_conf_file={value}&
port={value}& database_name={value}&
hosts={value}& port={value}&
ssl_verify={all|skip|none}& ssl_verify={0|1}&
login_type={basic|vault}& hosts={value}&
credential_type={local|external}&
Notes: “username” and “password” are required cleartext={0|1}&
for a create request, optional for an update login_type={basic|vault|pkcert}& (vault
request. definition)
{Apache Web Server record}: username={value}&
password={value}&
11
vault_type={BeyondTrust PBPS | CA Access Notes: “password” or “login_type=vault” is

Control | CyberArk PIM Suite| CyberArk AIM required for create request.
|Quest Vault | Thycotic Secret Server}& {JBoss Server record}:
vault_id={value}& windows_working_mode={value}&
private_key={value}&
Following parameters are required if Windows
private_key_vault_id={value}&
working mode is selected.
passphrase={value}&
certificate={value}& windows_home_path={value}&
windows_base_path={value}&
Notes: Required for create request when windows_conf_dir_path={value}&
login_type=basic: “username” and “password”. windows_conf_file_path={value}&
windows_conf_host_file_path={value}&
Required for create request when
unix_working_mode={value}&
login_type=vault: “username”, “vault_type” and
“vault_id”. Required for create request when Following parameters are required if Unix working
login_type=pkcert: “private_key” and “passphrase” mode is selected.
(when passphrase_vault_id is not specified.)
unix_home_path={value}&
“hosts” required if ssl_verify=1.
unix_base_path={value}&
unix_conf_dir_path={value}&
{MariaDB record}: unix_conf_file_path={value}&
unix_conf_host_file_path={value}&
ssl_verify={0|1}&
hosts={value}&
database={value}& PC scans only
port={value}& {Azure MS SQL record}:
windows_conf_file={value}&
unix_conf_file={value}& (PC scans only)
client_cert={value}& username={value}&
client_key={value}& password={value}&
Login credentials: vault_type={ARCON PAM|BeyondTrust
login_type={basic|vault}& PBPS|CA Access Control|CyberArk
username={value}& AIM|CyberArk PIMSuite|HashiCorp|
password={value}& Lieberman ERPM|Quest Vault|Thycotic Secret
Server}
Notes: “username” and “password” are required port={value}&
for a create request, optional for an update database_name={value}&
request. - or - auto_discover_databases={0|1}&
{Docker record}:
{Palo Alto Networks Firewall record}: (PC scans only)
docker_deamon_conf_file={value}
username={value}& docker_command={value}
password={value}&
login_type=vault& (vault definition)
{Kubernetes record}:
vault_id={value}&
vault_type={CyberArk PIM Suite | CyberArk (PC scans only)
AIM | Quest Vault | Thycotic Secret Server | unix_bin_path={value}
BeyondTrust PBPS}& unix_conf_path={value}
{MS SQL record}:
12
(PC scans only) passphrase={value}&

username={value}& client_cert={value}&
password={value}& passphrase_vault_type={CA Access
port={value}& Control|CyberArk PIM Suite|CyberArk AIM
db_local={0|1}& |Hitachi ID PAM|Quest Vault|Thycotic Secret
windows_domain={value}& Server|BeyondTrust PBPS}&
auth_os_type={unix|windows}& passphrase_vault_id={value}&
mssql_unix_insta_path={value}&
mssql_unix_conf_path={value}& Notes: Required for create request: “password” if
instance={value}& default is “MSSQLSERVER” login_type=basic.
- or - auto_discover_instances={0|1}&
database={value}& default is “master” {SAP Hana record}:
- or - auto_discover_databases={0|1}& (PC scans only)
port={value}& database={value}&
- or – auto_discover_ports={0|1}& port={value}&
unix_conf_path={value}&
Notes: When “db_local” is unspecified for a create ssl_verify={0|1}&
request, the flag is set to 1 (MS SQL Server hosts={value}&
credentials). “windows_domain” is required when username={value}&
“db_local=0”, otherwise it is invalid. password={value}&
password_encryption={0|1}
{Oracle WebLogic Server record}:
vault_type={Arcon PAM|Azure Key|
(PC scans only) BeyondTrust PBPS|CyberArk AIM|CyberArk
installation_path={value}& PIM Suite|HashiCorp|Thycotic Secret Server}&
auto_discover={0|1}& vault_id={value}&
domain={value}&
Notes: Required for a create request: “password” if
{PostgreSQL record}: login_type=basic, “unix_conf_path” if the record
(PC scans only) will be used for scanning Unix hosts, “hosts” if
ssl_verify=1.
pgsql_unix_conf_file={value}&
username={value}&
password={value}& {SAP IQ record}:
login_type={basic|vault}& (vault definition) (PC scans only)
vault_type={CA Access Control|CyberArk PIM username={value}&
Suite|CyberArk AIM |Hitachi ID PAM|Quest password={value}&
Vault|Thycotic Secret Server|BeyondTrust password_encryption={0|1}
PBPS} login_type={basic|vault}& (vault definition)
pgsql_db_name={value}& vault_type={Arcon PAM|Azure Key|
port={value}& BeyondTrust PBPS|CA Access Control|CA PAM,
ssl_verify={0|1}& CyberArk AIM|CyberArk PIM Suite|HashiCorp|
hosts={value}& Hitachi ID PAM|Liberman ERPM|Quest Vault|
client_key_type={basic|vault}& Thycotic Secret Server|Wallix AdminBastion
client_key={value}& (WAB)}&
client_key_vault_type={CyberArk port={value}&
AIM|BeyondTrust PBPS}& database={value}&
client_key_vault_id={value}& install_dir={value}&
passphrase_type={basic|vault}&
13
Notes: Required for a create request: “password” if ID PAM|Lieberman ERPM|BeyondTrust PBPS|Wallix

login_type=basic, “install_dir” if record will be AdminBastion (WAB)}
used for scanning Unix hosts. id={id}
comments={value}&
{Sybase record}: echo_request={0|1}&
(PC scans only) {settings}
username={value}&
password={value}& Notes: “title” and “type” are required for a create
login_type={basic|vault}& (vault definition) request, optional for an update request.
vault_type={CyberArk PIM Suite|CyberArk “comments” is optional for create and update
AIM |Quest Vault|Thycotic Secret Server| request. “id” is required for an update and delete
Lieberman ERPM} request. “settings” for create and update request,
port={value}& varies per vault type (see below).
database={value}&
ARCON PAM:
install_dir={value}&
url={value}&*
Notes: Required for a create request: “password” if ssl_verify={1|0}&*
login_type=basic, “install_dir” if record will be username={value}&*
used for scanning Unix hosts. password={value}&*
Notes: bold means required for new vault

Authentication Vaults
Azure Key:
/api/2.0/fo/vault/
url={value}&*
List Vaults: (GET + POST) app_id={value}&*
action={list}& ssl_verify={1|0}&*
echo_request={0|1}& certificate={value}&*
title={value}& private_key={value}&*
type={CyberArk PIM Suite|Thycotic Secret passphrase={value}&
Server|Quest Vault|CA Access Control|Hitachi ID
PAM|Lieberman ERPM |CyberArk AIM|BeyondTrust Notes: bold means required for new vault
PBPS|Wallix AdminBastion (WAB)}& CA PAM:
modified={date/time}&
url={value}&*
orderby={id|title|system_name|last_modified|
apikey_name={value}&*
last_modified_by}&
ssl_verify={1|0}&*
sortorder={asc|desc}&
apikey={value}&*
limit={value}&
offset={value}&
Notes: “sortorder” is valid only when “orderby” is
CA Access Control:
specified. “limit” and “offset” must be specified
together. ca_url={value}&*
ca_api_username={value}&*
Manage Vaults: (GET + POST) ca_ssl_verify={1|0}&*
action={create|update|delete}& ca_web_username={value}&
title={value}& ca_web_password={value}&
type={CyberArk PIM Suite|Thycotic Secret
Server|Quest Vault|CA Access Control|Hitachi Notes: bold means required for new vault
CyberArk PIM Suite:
14
server_address={value}&* Thycotic Secret Server:

port={value}& url={value}&*
safe={value}&* username={value}&*
username={value}&* password={value}&*
password={value}&* domain={value}&
HashiCorp: Notes: bold means required for new vault

url={value}&*
CyberArk AIM:
api_version={value}&
appid={value}&
ssl_verify={1|0}&*
safe={value}&
if auth_type={userpass}&*
url={value}&
path={value}&
ssl_verify={0|1}&
username={value}&*
cert={value}&
password={value}&*
if auth_type={cert}&*
private_key_pwd={value}&
path={value}&
role_name={value}&*
cert={value}&*
private_key={value}&* Wallix AdminBastion (WAB)
passphrase={value}& url={value}&
if auth_type={cert}&* ssl_verify={0|1}&
path={value}& username={value}&
role_id={value}&* password={value}&
secret_id={value}& appkey={value}
Notes: bold means required for new vault BeyondTrust PBPS:
appkey={value}&
Hitachi ID PAM:
url={value}&
url={value}&*
username={value}&*
username={value}&*
password={value}&*
password={value}&*
ssl_verify={0|1}&
ssl_verify={1|0}&*
cert={value}&
private_key_pwd={value}&
Lieberman ERPM:
url={value}&* Notes: bold means required for new vault
domain={value}&
username={value}&*
password={value}&*
Scanner Appliances
ssl_verify={1|0}&* /api/2.0/fo/appliance/
Notes: bold means required for new vault List Appliances: (GET + POST)
action={list}&
Quest Vault:
echo_request={0|1}&
server_address={value}&*
output_mode={brief|full}&
port={value}&
scan_detail={0|1}&
username={value}&*
include_cloud_info={0|1}&
access_key={value}&*
busy={0|1}&
scan_ref={value}&
name={value}&
15
ids={id1,id2…}& tag_set_by= {id|name}&

include_license_info={0|1}& set_routes={value}&
network_id={id}& comment={value}&
type={physical|virtual|offline}& *set_vlans={ID|IP_ADDRESS|NETMASK|NAME}&
show_tags={0|1}& *set_routes={IP_ADDRESS|NETMASK|GATEWAY|N
platform_provider={ec2|ec2_compat|gce| AME}&
azure|vCenter}&
Assign Appliance to Network: (POST)
Notes: “include_license_info” applies to virtual action={assign_network_id}&
scanner appliances appliance_id={id}}&
network_id={id}}&
Virtual Scanners: (GET + POST) echo_request={0|1}&
echo_request={0|1}&
Replace Appliance: (POST)
--------
action={create}& /api/2.0/fo/appliance/replace_iscanner/
name={value}& action={replace}&
asset_group_id={value}& echo_request={0|1}&
polling_interval={60-360}& *default is 180 old_scaner_name={value}&
Notes: “asset_group_id” is required for Unit new_scanner_name={value}&
Managers and Scanners with permission to create do_not_copy_settings={0|1}&
virtual scanners. Managers do not specify do_not_remove_new_scanner_from_objects=
“asset_group_id”. {0|1}&
--------
action={update}&
id={id}& Option Profiles
name={value}& /api/2.0/fo/subscription/option_profile/
comment={value}&
polling_interval={60-360}& Export Option Profile: (GET)
set_tags= {value}& /api/2.0/fo/subscription/option_profile/
add_tags= {value}&
action={export}&
remove_tags= {value}&
output_format={XML}&
tag_set_by= {id|name}&
*set_vlans={ID|IP_ADDRESS|NETMASK|NAME}& option_profile_id={value}&
*set_routes={IP_ADDRESS|NETMASK|GATEWAY|N option_profile_title={value}&
AME}& option_profile_type={user|compliance|pci}&
*Notes: Or “ (empty string) to delete all records Import Option Profile: (POST)
--------
/api/2.0/fo/subscription/option_profile/
action={delete}&
id={id}& action={import}&
Physical Scanners: (POST) Notes: When calling this API the user needs to
/api/2.0/fo/appliance/physical/ pass the proper XML with Content-Type XML.
action={update}&
id={id}& VM Option Profiles
name={string}&
polling_interval={60-360}& *default is 180 /api/2.0/fo/subscription/option_profile/vm/?
set_vlans={value}& Create VM Option Profile: (POST)
set_tags= {value}&
action={create}&
add_tags= {value}&
title={value}&
remove_tags= {value}&
16
owner={value}& host_alive_testing={0|1}&
default={0|1}& not_overwrite_os={0|1}&
global={0|1}& test_authentication={0|1}&
offline_scanner={0|1}& System Authentication
scan_tcp_ports={none|full|standard|light}& include_system_auth={0|1}&
scan_tcp_ports_additional={port1,port2}& use_system_auth_on_duplicate={0|1}&
3_way_handshake={0|1}& use_user_auth_on_duplicate={0|1}&
Scan Map
scan_udp_ports={none|full|standard|light}& basic_information_gathering=[all|register|net
scan_udp_ports_additional={port1,port2}& blockonly|none]&
authoritative_option={0|1}& map_tcp_ports_standard_scan={0|1}&
scan_dead_hosts={0|1}& map_tcp_ports_additional={value1,value2}&
close_vuln_on_dead_hosts={0|1}& map_udp_ports_standard_scan={0|1}&
not_found_alive_times={value}& map_udp_ports_additional={value1,value2}&
purge_host_data={0|1}& perform_live_host_sweep={0|1}&
external_scanners_use={value}& disable_dns_traffic={0|1}&
scan_parallel_scaling={0|1}& map_overall_performance={high|normal|low|
scan_overall_performance={high|normal|low| custom}&
custom}& map_external_scanners={value}&
scan_external_scanners={value}& map_scanner_appliances={value}&
scan_scanner_appliances={value}& map_netblock_size={1024 IPs|4096 IPs|
scan_total_process={value}& 8192 IPs|16384IPs|32768 IPs|65536 IPs}&
scan_http_process={value}& map_packet_delay={minimum|short|medium|
scan_packet_delay={minimum|short|medium long|maximum}&
|long|maximum}& map_authentication={VMware | vCenter}&
scan_intensity={normal|medium|low| Additional
minimum}& additional_tcp_ports={0|1}&
load_balancer={0|1}& additional_tcp_ports_standard_scan={0|1}&
password_brute_forcing_system={minimal| additional_tcp_ports_additional={value1,
limited|standard|exhaustive}& value2}&
password_brute_forcing_custom={value1, additional_udp_ports={0|1}&
value2}& additional_udp_ports_type={standard|
vulnerability_detection={complete|custom| custom}&
runtime}& additional_udp_ports_custom={value1,
custom_search_list_ids={value1, value2}& value2}&
custom_search_list_title={value1, value2}& icmp={0|1}&
basic_host_information_checks={0|1}& blocked_resources={0|1}&
oval_checks={0|1}& protected_ports={default|custom}&
all_qrdi_checks={0|1}& protected_ports_custom={value1,value2}&
exclude_search_list_ids={value1, value2}& protected_ips={all|custom}&
authentication={value1,value2}& protected_ips_custom={value1,value2}&
enable_additional_certificate_detection= ignore_firewall_generated_tcp_rst_packets=
{0|1}& {0|1}&
enable_dissolvable_agent={0|1}& ignore_all_tcp_rst_packets={0|1}&
enable_windows_share_enumeration={0|1}& ignore_firewall_generated_tcp_syn_ack_
enable_lite_os_scan={0|1}& packets={0|1}&
custom_http_header={value}& not_send_tcp_ack_or_syn_ack_packets_
custom_http_definition_key={value}& during_host_discovery={0|1}&
custom_http_definition_header={value}&
17
Update VM Option Profile: (POST) List PCI Option Profile: (GET + POST)
action={update}& action={list}&
id={value}&
For other parameters see Create VM Option Delete PCI Option Profile: (GET + POST)
Profile action={delete}&
id={value}&
List VM Option Profile: (GET + POST)
action={list}& Compliance Option Profiles
Delete VM Option Profile: (GET + POST) /api/2.0/fo/subscription/option_profile/pc/?
action={delete}&
Create Compliance Option Profile: (POST)
id={value}&
action={create}&
title={value}&
PCI Option Profiles
owner={value}&
/api/2.0/fo/subscription/option_profile/pci/? global={0|1}&
scan_parallel_scaling={0|1}&
Create PCI Option Profile: (POST)
Scan
action={create}& scan_overall_performance={high|normal|low|
title={value}& custom}&
owner={value}& scan_external_scanners={value}&
global={0|1}& scan_scanner_appliances={value}&
offline_scanner={0|1}& scan_total_process={value}&
scan_parallel_scaling={0|1}& scan_http_process={value}&
Scan scan_packet_delay={minimum|short|medium
scan_overall_performance={high|normal|low| |long|maximum}&
custom}& scan_intensity={normal|medium|low|
scan_external_scanners={value}& minimum}&
scan_scanner_appliances={value}& scan_by_policy={0|1}&
scan_total_process={value}& policy_names={value1,value2}&
scan_http_process={value}& policy_ids={value1,value2}&
scan_packet_delay= auto_update_expected_value={0|1}&
{minimum|short|medium|long|maximum}& fim_controls_enabled={0|1}&
scan_intensity={normal|medium|low| custom_wmi_query_checks={0|1}&
minimum}& enable_dissolvable_agent={0|1}&
scan_dead_hosts={0|1}& enable_password_auditing={0|1}&
close_vuln_on_dead_hosts={0|1}& custom_password_dictionary={value1,
not_found_alive_times={value}& value2}&
purge_host_data={0|1}& enable_windows_share_enumeration={0|1}&
Additional enable_windows_directory_search={0|1}&
additional_tcp_ports_additional={value1, scan_ports={standard|targeted}&
value2}& mssql_db_udc_restriction={0|1}&
mssql_db_udc_limit={value}&
Update PCI Option Profile: (POST)
oracle_db_udc_restriction={0|1}&
action={update}& oracle_db_udc_limit={value}&
id={value}& sybase_db_udc_restriction={0|1}&
For other parameters see Create PCI Option sybase_db_udc_limit={value}&
Profile postgreSQL_db_udc_restriction={0|1}&
postgreSQL_db_udc_limit={value}&
sapiq_db_udc_restriction={0|1}&
18
sapiq_db_udc_limit={value}& Delete Compliance Option Profile: (GET +

db2_db_udc_restriction= {0|1} POST)
db2_db_udc_limit= {value} action={delete}&
enable_auth_instance_discovery={0|1}& id={value}&
auto_auth_types={value}&
ibm_was_discovery_mode={value}&
oracle_template_id={value}&
KnowledgeBase
oracle_template_name={value}&
include_system_auth={0|1}&
Vulnerabilities
use_system_auth_on_duplicate={0|1}& /api/2.0/fo/knowledge_base/vuln/
use_user_auth_on_duplicate={0|1}&
Instance Data Collection List Vulnerabilities: (GET + POST)
enable_instance_data_collection={0|1}& action={list}&
instance_data_collection_auth_types={value} echo_request={0|1}&
& details={Basic|All| None}&
enable_os_based_instance_discovery={0|1}& ids={value}&
os_based_instance_disc_technologies id_min={value}&
id_max={value}&
Additional is_patchable={0|1}&
additional_tcp_ports={0|1}& last_modified_after={date/time}&
additional_tcp_ports_standard_scan={0|1}& last_modified_before={date/time}&
additional_tcp_ports_additional={value1, last_modified_by_user_after={date/time}&
value2}& last_modified_by_user_before={date/time}&
additional_udp_ports={0|1}& last_modified_by_service_after={date/time}&
additional_udp_ports_type={standard| last_modified_by_service_before={date/time}
custom}& &
additional_udp_ports_custom={value1, published_after={date/time}&
value2}& published_before={date/time}&
icmp={0|1}& discovery_method={value}&
blocked_resources={0|1}& discovery_auth_types={value}&
protected_ports={default|custom}& show_pci_reasons={0|1}&
protected_ports_custom={value1,value2}& show_supported_modules_info={0|1}&
protected_ips={all|custom}& show_disabled_flag={0|1}&
protected_ips_custom={value1,value2}& show_qid_change_log={0|1}&
ignore_rst_packets={0|1}& Notes: Subscription authorization is required to
ignore_firewall_generated_syn_ack_packets= use. For “discovery_method” a valid value is:
{0|1}& Remote, Authenticated, RemoteOnly,
not_send_ack_or_syn_ack_packets_during_ AuthenticatedOnly, or RemoteAndAuthenticated.
host_discovery={0|1}&
Update Compliance Option Profile: (POST) Edit Vulnerabilities: (POST)
action={update}& /api/2.0/fo/knowledge_base/vuln/
id={value}& action={edit}&
For other parameters see Create Compliance qid={value}&
Option Profile severity={value}&
disable={0|1}&
List Compliance Option Profile: (GET + POST) threat_comment={value}&
action={list}& impact_comment={value}&
solution_comment={value}&
19
include_system_option_profiles={0|1} List Dynamic Search Lists: (GET + POST)

action={list}&
Note: Providing at least one optional parameter is echo_request={0|1}&
mandatory. ids={id1,id2…}&
Reset a Vulnerabilities: (POST) show_qids={0|1}&
show_option_profiles={0|1}&
action={reset}& show_distribution_groups={0|1}&
qid={value} show_report_templates={0|1}&
List Edited Vulnerabilities: (POST) show_remediation_policies={0|1}&
action={custom}& Create Dynamic Search List: (POST)
action={create}&
Note: Get a list of all edited vulnerabilities.
echo_request={0|1}&
title={value}&
Static Search Lists global={0|1}&
/api/2.0/fo/qid/search_list/static/ comments={value}&
Criteria for Dynamic Search List (below)
List Static Search Lists: (GET + POST)
Update Dynamic Search List: (POST)
action={list}&
echo_request={0|1}& action={update}&
ids={id1,id2…}& echo_request={0|1}&
id={value}&
Create Static Search List: (POST) title={value}&
action={create}& global={0|1}&
echo_request={0|1}& comments={value}&
title={value} & unset_user_modified_date={empty value}&
qids={num1,num2…}& unset_published_date={empty value}&
global={0|1}& unset_service_modified_date={empty value}&
comments={value}& Criteria for Dynamic Search List (below)
Update Static Search List: (POST) Criteria for Dynamic Search List:
action={update}& vuln_title={value}&
echo_request={0|1}& not_vuln_title={0|1}&
id={value}& discovery_methods={value}&
title={value}& auth_types={value}&
qids={num1,num2…}& user_configuration={value}&
add_qids={num1,num2…}& categories={value}&
remove_qids={num1,num2…}& not_categories={0|1}&
global={0|1}& confirmed_severities={value}&
comments={value}& potential_vulnerabilities={value}&
ig_severities={value}&
Delete Static Search List: (POST) vendor_ids={value}&
action={delete}& not_vendor_ids={0|1}&
echo_request={0|1}& products={value}&
id={value}& not_products={0|1}&
cvss_base={value}&
Dynamic Search Lists cvss_base_operand={1|2}&
cvss_temp={value}&
/api/2.0/fo/qid/search_list/dynamic/ cvss_temp_operand={1|2}&
20
cvss_access_vector={value}& Reports
cvss3_base={value}&
cvss3_base_operand={1|2}& Manage Reports
cvss3_temp={value}&
cvss3_temp_operand={1|2}& /api/2.0/fo/report/
cvss_access_vector={value}&
List Reports: (GET + POST)
patch_available={0|1}&
virtual_patch_available={0|1}& action={list}&
cve_ids={value}& echo_request={0|1}&
not_cve_ids={0|1}& id={value}&
exploitability={value}& state={Running|Finished|Submitted|
malware_associated={value}& Canceled|Errors}&
vendor_refs={value}& user_login={login}&
not_vendor_refs={0|1}& expires_before_datetime={date/time}&
bugtraq_id={value}& client_id= {value}&
not_bugtraq_id={0|1}& client_name={value}&
vuln_details={value}& Manage Reports: (POST)
compliance_details={value}&
action={cancel|delete}&
compliance_types={value}&
echo_request={0|1}&
qualys_top_lists={value}&
id={value}&
qids_not_exploitable={0|1}&
non_running_services={0|1}& Download Report: (POST)
sans_20={0|1}& action={fetch}&
nac_nam={0|1}& echo_request={0|1}&
vuln_provider={0|1}& client_id= {value}&
user_modified_date_between={value}& client_name={value}&
user_modified_date_today={0|1}&
user_modified_date_in_previous={value}&
Launch Report
user_modified_date_within_last_days={value}
& /api/2.0/fo/report/
not_user_modified={0|1}&
service_modified_date_between={value}& Launch Report (all types): (POST)
service_modified_date_today={0|1}& action={launch}&
service_modified_date_in_previous={value}& echo_request={0|1}&
service_modified_date_within_last_days={valu template_id={value}&
e}& report_title={value}&
not_service_modified={0|1}& pdf_password={passwd}&
published_date_between={value}& recipient_group={group,group… 50 max}&
published_date_today={0|1}& hide_header={0|1}&
published_date_in_previous={value}& use_tags={0|1}
published_date_within_last_days={value}& tag_include_selector={all|any}&
not_published={0|1}& tag_exclude_selector={all|any}&
supported_modules={value}& tag_set_by={id|name}&
tag_set_include={value}&
tag_set_exclude={value}&
Delete Dynamic Search List: (POST) recipient_group_id={value}&
action={delete} &
echo_request={0|1}& Map Report:
id={value}& report_type={Map}&
echo_request={0|1}&
21
output_format={pdf|html|mht|xml|csv|docx}& policy_id={value}&
domain={value}& asset_group_ids={value}&
ip_restriction={value}& ips={value}&
report_refs={value}& instance_string={value}
host_id={value}
Scan Report (Scan Based Findings): instance_string={value}
report_type={Scan}&
echo_request={0|1}& Scorecard Report
output_format={pdf|html|mht|xml|csv}&
report_refs={ref,ref…}& /api/2.0/fo/report/scorecard/
ip_restriction={value}&
Launch Scorecard: (POST)
Scan Report (Host Based Findings): action={launch}&
report_type={Scan}& echo_request={0|1}&
echo_request={0|1}& name={value}&
output_format={pdf|html|mht|xml|csv}& report_title={value}&
ips={value}& output_format={pdf|html|mht|xml|csv}&
ips_network_id={id}& hide_header={0|1}& (for CSV only)
asset_group_ids={id,id…}& pdf_password={passwd)&
recipient_group={group,group… 50 max}&
Qualys Patch Report: recipient_group_id={distgroup1,distgroup2}&
echo_request={0|1}& source={asset_groups|business_unit}&
output_format={pdf|online|xml|csv}& asset_groups={value,value…}&
ips={value}& all_asset_groups={0|1}&
asset_group_ids={id,id…}& business_unit={value}&
division={value}&
Remediation Report: function={value}&
report_type={Remediation}& location={value}&
echo_request={0|1}& patch_quids={qid,qid…}& (10 max)
output_format={pdf|html|mht|csv}& missing_qids={qid,qid}& (2 max)
asset_group_ids={id,id…}&
assignee_type={User|All}& Scheduled Report
ips={value}&
/api/2.0/fo/schedule/report/
Compliance Report:
List Scheduled Reports: (GET)
report_type={Compliance}&
echo_request={0|1}& action={list}&
output_format={pdf|html|mht}& id={value}&
is_active={true|false}&
Notes: “mht” is not valid for PCI report. Launch Scheduled Report: (POST)
ips={value}&
asset_group_ids={id,id…}& action={launch_now}&
report_refs={ref,ref…}& id={value}&
Notes: “report_refs” is required for a PCI report,
and not valid for other compliance reports. Asset Search Report
Compliance Policy Report: /api/2.0/fo/report/asset/
report_type={Policy}& Asset Search Report: (GET + POST)
echo_request={0|1}& action={search}&
output_format={pdf|html|mht|xml|csv}& output_format={csv|xml}&
22
tracking_method={IP|DNS| Notes: *ec2_instance_id_modifier is valid only

NETBIOS|EC2|AGENT}& when
ips={value}& *ec2_instance_id is specified
ips_network_id={value}&
asset_group_ids={value}& Report Templates
asset_groups={value}&
assets_in_my_network_only={0|1}&
Scan Template
ec2_instance_status={RUNNING
|TERMINATED | PENDING | STOPPING | Create Scan Template (POST)
SHUTTING_DOWN | STOPPED}& /api/2.0/fo/report/template/scan/
*ec2_instance_id={value}&
*ec2_instance_id_modifier={value}& action=create
azure_vm_state={STARTING | RUNNING | report_format=xml
STOPPING | STOPPED, DEALLOCATING, title={value}&
DEALLOCATED, owner={value}&
UNKNOWN.}& Target
azure_vm_id={value}& scan_selection={HostBased|ScanBased}&
include_trending={0|1}&
display_ag_titles={0|1}& limit_timeframe={0|1}&
ports={value}& selection_type={day|month|weeks|date|none|s
services={value}& cans}&
qids={value}& selection_range={1|3|5|7|15|30|60|90}&
qid_with_text={value}& asset_groups={value}&
qid_with_modifier={beginning with| asset_group_ids={value}&
containing|matching|ending with}& network={value}&
use_tags={0|1}& ips={value}xml}&
tag_set_by={id|name}& tag_set_by={name|id}&
tag_include_selector={any|all}& tag_include_selector={ALL|ANY}&
tag_exclude selector={any|all}& tag_set_include={value}&
tag_set_include={value}& tag_exclude_selector={ALL|ANY}&
tag_set_exclude={value}& tag_set_exclude={value}&
first_found_days={value}& host_with_cloud_agents= {all|scan|agent}&
first_found_modifier={within|not within}& display_text_summary={0|1}&
last_vm_scan_days={value}& graph_business_risk={0|1}&
last_vm_scan_modifier={within|not within}& graph_vuln_over_time={0|1}&
last_pc_scan_days={value}& graph_status={0|1}&
last_pc_scan_modifier={within|not within}& graph_potential_status={0|1}&
dns_name={value}& graph_severity={0|1}&
dns_modifier={beginning with| Display
containing|matching|ending with|not empty}& graph_potential_severity={0|1}&
netbios_name={value}& graph_ig_severity={0|1}&
netbios_modifier={beginning with| graph_top_categories={0|1}&
containing|matching|ending with|not empty}& graph_top_vulns={0|1}&
os_cpe_name={value}& graph_os={0|1}&
os_cpe_modifier={beginning with| graph_services={0|1}&
containing|matching|ending with|not empty}& graph_top_ports={0|1}&
os_name={value}& display_custom_footer={0|1}&
os_modifier={beginning with| display_custom_footer_text={value}&
containing|matching|ending with}& sort_by={host|vuln|os|group|service|port}&
cvss={all|cvssv2|cvssv3}&
23
host_details={0|1}& global={0|1}&
metadata_ec2_instances={0|1}& report_access_users={value}&
cloud_provider_metadata={0|1}&
qualys_system_ids={0|1}& Update Scan Template (PUT)
include_text_summary={0|1}& /api/2.0/fo/report/template/scan/
include_vuln_details={0|1}& template_id={value}&
include_vuln_details_threat={0|1}& action=update
include_vuln_details_impact={0|1}& report_format=xml&
include_vuln_details_solution={0|1}&
include_vuln_details_vpatch={0|1}& Delete Scan Template (POST)
include_vuln_details_compliance={0|1}& /api/2.0/fo/report/template/scan/
include_vuln_details_exploit={0|1}&
action=delete
include_vuln_details_malware={0|1}&
template_id={value}&
include_vuln_details_results={0|1}&
include_vuln_details_reopened={0|1}& Export Scan Template (GET)
include_vuln_details_appendix={0|1}& /api/2.0/fo/report/template/scan/
exclude_account_id={0|1}&
Filters action=export
selective_vulns={complete|custom}& report_format=xml
search_list_ids={value}& template_id={value}&
exclude_qid_option={0|1}&
exclude_search_list_ids={value}& PCI Scan Template API
included_os={value}&
Notes: Go to Scan Template API. The same
status_new={0|1}&
parameters used to define PCI Scan Template
status_active={0|1}& settings. All parameters (all are optional).In
status_reopen={0|1}& addition the following parameters are used.
status_fixed={0|1}&
vuln_active={0|1}& Create PCI Scan Template (POST)
vuln_disabled={0|1}& /api/2.0/fo/report/template/pciscan/
vuln_ignored={0|1}&
potential_active={0|1}& action=create
potential_disabled={0|1}& report_format=xml
potential_ignored={0|1}& custom_pci_ranking={0|1}&
ig_active={0|1}& customized_ranking_medium_from={0|1|2|3|4|
ig_disabled={0|1}& 5|6|7|8|9|10}&
ig_ignored={0|1}& customized_ranking_high_from={0|1|2|3|4|5|6|
display_non_running_kernels={0|1}& 7|8|9|10}&
exclude_non_running_kernel={0|1}& customized_ranking_comments={value}&
exclude_non_running_services={0|1}& customized_ranking_qid_searchlist_commen
exclude_qids_not_exploitable_due_to_config ts={<search list id1/name1> | <SEVERITY> |
uration={0|1}& <comments>,<search list id2/name2> |
exclude_superceded_patches={0|1}& SEVERITY> | <comments>}&
categories_list={value}& Update PCI Scan Template (PUT)
Services and Ports
/api/2.0/fo/report/template/pciscan/
required_services={value}&
unauthorized_services={value}& action=update
required_ports={value}& report_format=xml
unauthorized_ports={value}& template_id={value}&
User Access
24
Delete PCI Scan Template (POST) display_non_running_kernels={0|1}&

/api/2.0/fo/report/template/pciscan/ exclude_non_running_kernel={0|1}&
exclude_non_running_services={0|1}&
action=delete exclude_qids_not_exploitable_due_to_config
template_id={value}& uration={0|1}&
Export PCI Scan Template (GET) selective_patches={complete|custom}&
exclude_patch_qid_option={0|1}&
/api/2.0/fo/report/template/pciscan/
patch_search_list_ids={value}&
action=export exclude_patch_search_list_ids={value}&
report_format=xml found_since_days={7|30|90|365|NoLimit}&
template_id={value}& User Access
global={0|1}&
Patch Template report_access_users={value}&
Create Patch Template (POST) Update Scan Template (PUT)
/api/2.0/fo/report/template/patch/ /api/2.0/fo/report/template/patch/
action=create action=update
report_format=xml report_format=xml
title={value}& template_id={value}&
owner={value}&
Target Delete Scan Template (POST)
patch_evaluation={qidbased|classic}& /api/2.0/fo/report/template/patch/
asset_groups action=delete
asset_group_ids={value}& template_id={value}&
tag_set_by={name|id}&
tag_include_selector={ALL|ANY}& Export Scan Template (GET)
tag_set_exclude={value}& /api/2.0/fo/report/template/patch/
tag_exclude_selector={ALL|ANY}&
action=export
network={value}&
report_format=xml
ips={value}&
Display
group_by={HOST|PATCH|OS|AG}&
include_table_of_qids_fixed={0|1}& Map Template
include_patch_links={0|1}& Create Map Template (POST)
include_patches_from_unspecified_vendors={
/api/2.0/fo/report/template/map/
0|1}&
include_cloud_metadata={0|1}& action=create
patch_severity_by={assigned|highest}& report_format=xml
patch_cvss_score_by={assigned|highest| title={value}&
none}& owner={value}&
cvss={all|cvssv2|cvssv3}& global={0|1}&
display_custom_footer={0|1}& Display
display_custom_footer_text={value}& map_sort_by={ipaddress|dns|netbios|router|o
exclude_account_id={0|1}& peratingsystem}&
Filters map_related_info_lastscandate={0|1}&
selective_vulns={complete|custom}& map_related_info_assetgroups={0|1}&
search_list_ids={value}& map_related_info_authenticationrecords={0|1
exclude_qid_option={0|1}& }&
exclude_search_list_ids={value}& map_related_info_discoverymethod={0|1}&
25
display_custom_footer={0|1}& Remediation
display_custom_footer_text={value}&
map_exclude_account_id={0|1}& ticket_list.php? (GET + POST)
Filters {ticket-selection}
map_included_hosttypes_innetblock={0|1}& show_vuln_details={0|1}&
map_included_hosttypes_scannable={0|1}&
map_included_hosttypes_live={0|1}& ticket_edit.php? (GET + POST)
map_included_hosttypes_approved={0|1}& {ticket-selection}
map_included_hosttypes_outofnetblock={0|1} change_assignee={login}&
& change_state={OPEN|RESOLVED|IGNORED}
map_included_hosttypes_notscannable={0|1} reopen_ignored_days={value}&
& add_comment={value}&
map_included_hosttypes_notlive={0|1}& network_id={value}&
map_included_hosttypes_rogue={0|1}&
Included Discovery Methods ticket_delete.php? (GET + POST)
map_idm_tcp={0|1}& {ticket-selection}
map_idm_udp={0|1}&
{ticket-selection}:
map_idm_traceroute={0|1}&
map_idm_other={0|1}& ticket_numbers={num,range…}&
map_idm_dns={0|1}& since_ticket_number={num}&
map_idm_icmp={0|1}& until_ticket_number={num}&
map_idm_auth={0|1}& ticket_assignee={login}&
Included Status Levels overdue={0|1}&
map_included_statuses_added={0|1}& invalid={0|1}&
map_included_statuses_removed={0|1}& states={OPEN|RESOLVED|CLOSED|
map_included_statuses_active={0|1}& IGNORED}&
dns_exclusions={none|DNS|DNS-DNSZone}& modified_since_datetime={date/time}&
included_os={value}& ips={ip,range…}&
asset_groups={value,value…}&
Update Map Template (PUT) dns_contains={string}&
/api/2.0/fo/report/template/map/ netbios_contains={string}&
vuln_severities={1,2,3,4,5}&
action=update
potential_vuln_severities={1,2,3,4,5}&
report_format=xml
qids={value,value… 10 max}&
vuln_title_contains={string}&
Delete Map Template (POST) vuln_details_contains={string}&
vendor_ref_contains={string}&
/api/2.0/fo/report/template/map/
network_id={value}&
action=delete
template_id={value}& ticket_list_deleted.php? (GET + POST)
ticket_numbers={num,range…}&
Export Map Template (GET) since_ticket_number={num}&
/api/2.0/fo/report/template/map/ until_ticket_number={num}&
action=export deleted_since_datetime={date/time}&
report_format=xml deleted_before_datetime={date/time}&
Ignore Vulnerability
/ignore_vuln/index.php (GET +POST)
action={ignore|restore}&
26
qids={value,value… 10 max}& action=export&

comments={value}& echo_request={0|1}&
(*)asset_groups={value,value…}& id={value}& -or- title={value}&
(*)ips={ip,range…}& show_user_controls={0|1}&
(*)tag_set_include={value}& show_appendix = {0|1}
(*)tag_set_exclude={value}& IS_CONTROL_DISABLE
(*)tag_set_by={id|name}&
(*)tag_include_selector={all|any}& Policy Import: (POST)
(*)tag_exclude_selector={all|any}& /api/2.0/fo/compliance/policy/
(*)use_ip_nt_range_tags_include={0|1}& action=import&
(*)use_ip_nt_range_tags_exclude={0|1}& echo_request={0|1}&
(*)dns_contains={string}& xml_file&
(*)netbios_contains={string}& title={value}&
reopen_ignored_days={1-730}& create_user_controls={0|1}&
reopen_ignored_date={date}&
network_id={value}& Policy - Manage Asset Groups: (POST)
Notes: One of these (*) is required /api/2.0/fo/compliance/policy/
action={add_asset_group_ids|
Compliance Info set_asset_group_ids|remove_asset_group_ids}&
echo_request={0|1}&
Controls / Policies id={value}&
asset_group_ids={value}&
List Controls: (GET + POST)
evaluate_now={0|1}&
/api/2.0/fo/compliance/control/
Policy - Manage Asset Tags: (POST)
action={list}&
echo_request={0|1}& /api/2.0/fo/compliance/policy/
details={Basic|All|None}& action={add_asset_tags|
ids={id,range…}& set_asset_tags|remove_asset_tags}&
id_min={id}& id={value}&
id_max={id}& evaluate_now={0|1}&
updated_after_datetime={date/time}& tag_include_selector={all| any}&
created_after_datetime={date/time}& tag_exclude_selector={all |any}&
truncation_limit={value} tag_set_by={id|name}&
tag_set_include={tag id|name}&
List Policies: (GET + POST)
tag_set_exclude={tag id|name}
/api/2.0/fo/compliance/policy/
List Posture Info: (GET + POST)
/api/2.0/fo/compliance/fdcc/policy/
/api/2.0/fo/compliance/posture/info/
action={list}&
details={Basic|All|None}& policy_id={id} or policy_ids={id1,id2,…}&
echo_request={0|1}&
ids={id,range…}&
id_min={id}& output_format={xml|csv|csv_no_metadata}
id_max={id}& details={Basic|Light|All|None}&
updated_after_datetime={date/time}& hide_evidence={0|1}&
created_after_datetime={date/time}& show_extended_evidence={0|1}&
ips={ip,range…}&
Policy Export: (GET + POST) host_ids={id,id…}&
/api/2.0/fo/compliance/policy/ control_ids={id,id…}&
27
ids={id,range…}& technology_name={value}&
id_min={id}& assignee_id={value}&
id_max={id}& created_by={value}&
status_changes_since={date/time}& modified_by={value}&
evaluation_date={date/time}& details={Basic|All|None}&
asset_group_ids={value} is_active={0|1}&
status={Passed|Failed|Error}& created_after_date={mm/dd/yyyy}&
show_remediation_info={0|1}& updated_after_date={mm/dd/yyyy}&
truncation_limit={value}& expired_before_date={mm/dd/yyyy}&
cause_of_failure={0|1}& expired_after_date={mm/dd/yyyy}&
criticality_labels={value}& exception_numbers={value}&
criticality_values={value}& exception_number_min={value}&
include_dp_name={value}& exception_number_max={value}&
tag_set_by={id|name}& truncation_limit={value}&
tag_include_selector={all|any}&
tag_exclude_selector={all|any}& Request Exceptions: (POST)
tag_set_include={value}& /api/2.0/fo/compliance/exception/
tag_set_exclude={value}& action={request}&
filter_hosts={0|1}& control_id={value}&
host_id={value}&
Notes: Up to 10 policies for “policy_ids”. policy_id={value}&
technology_id={value}&
Policy Merge: (GET + POST) instance_string={value}&
assignee_id={value}&
/api/2.0/fo/compliance/policy/ comments={value}&
action={merge}& reopen_on_evidence_change={0|1}&
id={id}&
merge_policy_id={id} or {policy XML data}& Update Exceptions: (POST)
replace_cover_page={0|1}& /api/2.0/fo/compliance/exception/
replace_asset_groups={0|1}&
add_asset_groups={0|1}& action={update}&
add_new_technologies={0|1}& exception_numbers={value}&
add_new_controls={0|1}& comments={value}&
update_section_heading={0|1}& reassign_to={value}&
update_existing_controls={0|1}& reopen_on_evidence_change={0|1}&
preview_merge={0|1}& status={Pending|Approved|Rejected}&
end_date={mm/dd/yyyy}&
Exceptions Delete Exceptions: (POST)
List Exceptions: (GET + POST) /api/2.0/fo/compliance/exception/
/api/2.0/fo/compliance/exception/ action={delete}&
exception_numbers={value}&
action={list}&
exception_number={value}&
ip={value}& ARF Report
network_name={value}& SCAP Scan Results: (GET + POST)
status={value}&
/api/2.0/fo/compliance/scap/arf/
control_id={value}&
control_statement={value}& scan_id={id}&
policy_id={value}& ips={ip,range…}&
28
ips_network_id={value}& Users
Cyberscope Report user.php? (GET + POST)
Add User:
SCAP Scan Results: (GET + POST)
/api/2.0/fo/asset/host/cyberscope/fdcc/scan/ action={add}&
send_email={0|1}&
scan_id={id}& user_role={manager|unit_manager|scanner|
scan_ref={ref}& reader|contact|administrator}&
ips={ip,range…}& business_unit={Unassigned|{value}}&
organisation_name1={name1}&
organisation_name2={name2}& Edit User:
organisation_name3={name3}& action={edit}&
login={login}&
Notes: “scan_id” or “scan_ref” is required.
Permissions Info (Add or Edit User):
SCAP Policy Results: (GET + POST)
asset_groups={value,value…}&
/api/2.0/fo/asset/host/cyberscope/fdcc/policy/
policy_id={id}& Notes: 1) “asset_groups” applies only to Scanner,
ips={ip,range…}& Reader and Contact.
ag_ids={id,id…}& General Info (Add or Edit User):
organisation_name2={name2}& first_name={value}&
organisation_name3={name3}& last_name={value}&
Notes: All FDCC scanned hosts for the FDCC title={value}&
policy are included unless the filters “ip” and/or phone={value}&
“ag_ids” are specified. fax={value}&
email={value}&
SCAP Global Results: (GET + POST) address1={value}&
/api/2.0/fo/asset/host/cyberscope/ address2={value}&
city={value}&
ips={ip,range…}&
country={value}&
ag_ids={id,id…}&
state={value}&
zip_code={value}&
external_id={value}&
time_zone_code={code or null to set to
browser’s timezone}&
Notes: “ips” or “ag_ids” is required. VM scan data
is reported in the datapoint <sr:DataPoint id:
Notes: 1) Required contact info for add request in
”vulnerability_managment_product_vulnerabilitie
bold above. For edit request, all contact info is
s”>
optional. 2) “state” is required for some country
SCAP Policy List: (GET + POST) codes.
/api/2.0/fo/compliance/fdcc_policy/ Activate/Deactivate Request:
action={list}&
action={activate|deactivate}&
echo_request={0|1}
login={login}&
details={Basic|All|None}
ids={value} user_list.php? (GET + POST)
id_min={value}
external_id_contains={string}&
id_max={value}
external_id_assigned={0|1}&
29
action_log_report.php? (GET POST) Activity Log v1

date_from={date/time}&
date_to={date/time}& action_log_report.php Function
user_login={login}& (/msp/action_log_report.php)
password_change.php? (GET POST) action={list}&

date_from={YYYY-MM-DD HH:ii:ss}
user_logins={login,login…|all}&
date_to={YYYY-MM-DD HH:ii:ss}
email={0|1}&
user_login={value}
Activity Log v2
(/api/2.0/fo/activity_log/)
Export user activity log (GET + POST)
action={list}&
user_action={value}&
action_details={user_logged in|user_logged
out}&
username={value}&
user_role={Manager|Unit
Manager|Auditor|Scanner|Reader|KnowledgeB
ase Only|Remediation User|Contact}&
since_datetime={YYYY-MM-DD HH:ii:ss}&
until_datetime={YYYY-MM-DD HH:ii:ss}&
output_format=CSV
truncation_limit={value}&
30
Cloud Agent API
Cloud Agent API Filters (optional):

id (Long)
name (String)
Use these API calls to manage, activate, and created (Date)
configure your cloud agents. updated (Date)
Agent Management | Activation Key | Configuration tagName (String) /Cloud Agent
Profile
Notes: To activate all agents installed, nothing
Looking for more information? other than the filter tagName EQUALS Cloud
Qualys Cloud Agent API User Guide Agent is recommended. The more filters added to
the request we’ll activate a more refined list of
agents.
Agent Management
Current agent count Deactivate a single agent
/qps/rest/2.0/count/am/hostasset (POST) /qps/rest/2.0/deactivate/am/asset/<id>?module=
Filters (optional): <value>,<value> (POST)

id (Long) *see module parameter values
name (String)
created (Date) Deactivate agents in bulk
updated (Date)
tagName (String) /Cloud Agent /qps/rest/2.0/deactivate/am/asset?module=
<value>,<value> (POST)
Notes: To get a count of agents installed, nothing
*see module parameter values
other than the filter tagName EQUALS Cloud
Agent is recommended. The more filters added to Filters (optional):
the request will result in a more refined count. id (Long)
name (String)
List agents created (Date)
updated (Date)
/qps/rest/2.0/search/am/hostasset (POST) tagName (String) /Cloud Agent
Required:
tagName (String) /Cloud Agent Notes: To deactivate all agents installed, nothing
Optional: other than the filter tagName EQUALS Cloud
Click here for AM and Tagging API User Guide Agent is recommended. The more filters added to
the request we’ll deactivate a more refined list of
Activate a single agent agents.
/qps/rest/2.0/activate/am/asset/<id>?module= *module parameter values

<value>,<value>(POST)
These values are supported:
AGENT_VM - for VM module
Activate agents in bulk AGENT_PC - for PC module
/qps/rest/2.0/activate/am/asset?module=<value>, AGENT_FIM - for FIM module

<value> (POST) AGENT_IOC - for IOC module
31
Cloud Agent API
Uninstall a single agent Update an activation key

/qps/rest/2.0/uninstall/am/asset/<id> (POST) /qps/rest/1.0/update/ca/agentactkey/<id> (POST)
Filters (optional):
Uninstall agents in bulk id (Integer)
/qps/rest/2.0/uninstall/am/asset (POST) type (string)
countPurchased (Integer)
Filters (optional): expireDate (Date)
id (Long) modules (string)
name (String) tags (string)
created (Date) isDisabled (boolean)
updated (Date) applyOnAgents (boolean)
tagName (String) /Cloud Agent
Notes: The use of NOT EQUALS operator is not Configuration Profile

supported during agent uninstall. This is to avoid
unintended consequences of Tags and Assets Get a single configuration profile
being deleted or updated. /qps/rest/1.0/get/ca/agentconfig/<id> (GET)
Activation Key Search configuration profiles

/qps/rest/1.0/search/ca/agentconfig/ (POST)
Get a single activation key
Filters (optional):
/qps/rest/1.0/get/ca/agentactkey/<id> (GET) name (string)
id (Integer)
Search activation keys
/qps/rest/1.0/search/ca/agentactkey/ (POST) Create a configuration profile
Filters (optional): /qps/rest/1.0/create/ca/agentconfig/ (POST)
type (string) Filters (optional):
name (string)
expireDate (Date)
description (string)
modules (string)
priority (Integer)
tags (string)
isDefault (Integer)
isDisabled (boolean)
suspendScanning (boolean)
tags (string)
Create an activation key blackoutConfig (string)
/qps/rest/1.0/create/ca/agentactkey/ (POST) performanceProfile (string)
id (Integer)
Filters (optional):
type (string)
Delete a configuration profile
expireDate (Date) /qps/rest/1.0/delete/ca/agentconfig/<id> (POST)
modules (string)
tags (string)
Delete an activation key

/qps/rest/1.0/delete/ca/agentactkey/<id> (POST)
32
Cloud Agent API
Update a configuration profile

/qps/rest/1.0/update/ca/agentconfig/ (POST)
Filters (optional):
name (string)
description (string)
priority (Integer)
isDefault (Integer)
suspendScanning (boolean)
tags (string)
blackoutConfig (string)
performanceProfile (string)
id (Integer)
33
Asset Management & Tagging API
Asset Management & tracking_method={value}&

enable_vm={0|1}&
Tagging API enable_pc={0|1}&
owner={value}&
Use these API calls to manage assets, tags and ud1 | ud2 | ud3={value}&
access to your assets. comment={value}&
ag_title={value}&
Networks | Assets| Asset Groups | Tag | Host Asset |
Asset | Host Instance Vulnerability | Asset Data Update IPs: (POST)
Connector | Asset Data Connector | AWS Asset Data action={update}&
Connector | AWS Authentication Record echo_request={0|1}&
Looking for more information? ips={value} –or- {POSTed CVS raw data}&
network_id={value}&
Qualys API (VM, PC) User Guide tracking_method={value}&
Qualys API (VM, PC) XML/DTD Reference host_dns={name} -or- host_netbios={name}&
Qualys Asset Management & Tagging API User Guide owner={value}&
ud1={value}&
ud2={value}&
Networks ud3={value}&
/api/2.0/fo/network/ comment={value}&
Network List: (GET + POST) Host Assets

action={list}&
/api/2.0/fo/asset/host/
echo_request={0|1}&
ids={id1,id2…}& Host List: (GET + POST)
Network: (POST) action={list}&
echo_request={0|1}&
action={create|update}&
details={Basic|Basic/AGs|All|All/AGs|None}&
name={value}&
show_asset_id={0|1}&
echo_request={0|1}&
ips={ip,range…}&
ipv6={ip,range…}&
Assets ids={id,range…}&
ag_ids={value,value…}&
IP Assets ag_titles={value,value…}&
id_min={id}&
/api/2.0/fo/asset/ip/
id_max={id}&
List IPs: (GET + POST) no_vm_scan_since={date/time}&
action={list}& vm_scan_since={date/time}&
echo_request={0|1}& no_compliance_scan_since={date/time}&
ips={ip,range…}& compliance_scan_since={date/time}&
tracking_method={IP|DNS|NETBIOS}& vm_processed_before={date}&
compliance_enabled={0|1}& vm_processed_after={date}&
network_id={id}& vm_scan_date_before={date}&
certview_enabled={0|1} vm_scan_date_after={date}&
vm_auth_scan_date_before={date}&
Add IPs: (POST) vm_auth_scan_date_after={date}&
action={add}& compliance_enabled={0|1}&
echo_request={0|1}& os_pattern={PCRE regex}&
ips={value} –or- {POSTed CVS raw data}& use_tags={0|1}&
34
tag_set_by={id|name}& Notes: If compliance_enabled=1 is specified in the

tag_include_selector={all|any}& same request as data_scope, then vulnerability
tag_exclude_selector={all|any}& and compliance data will both be purged
tag_set_include={value}& regardless of the data_scope value.
show_tags={0|1}& Patch List: (GET)
truncation_limit={value}& host_id={value}&
network_ids={id1,id2…}& output_format={xml}&
host_metadata={all|ec2|google|azure}&
host_metadata_fields={value1,value2}& Host Detection Assets
show_cloud_tags={0|1}&
/api/2.0/fo/asset/host/vm/detection/
cloud_tag_fields={value}&
Host Detection List: (GET + POST)
Host Update: (POST) action={list}&
echo_request={0|1}&
action={update}&
show_asset_id={0|1}&
echo_request={0|1}&
ids={id,range…}&
ips={ip,range…}&
id_min={id}&
ids={value}&
id_max={id}&
ips={ip,range…}&
ag_titles={value,value…}&
ipv6={ip,range…}&
network_id={value}&
network_name={value}&
ag_titles={value,value…}&
tracking_method={value}&
use_tags ={0|1}&
host_dns={value}&
tag_set_by={id|name}&
host_netbios={value}&
tag_include_selector={all|any}&
new_tracking_method={value}&
tag_exclude_selector={all|any}&
new_owner={value}&
tag_set_include={value}&
new_ud1={value}&
new_ud2={value}&
show_tags={0|1}&
new_ud3={value}&
vm_scan_since={date/time}&
new_comment={value}&
no_vm_scan_since={date/time}&
max_days_since_last_vm_scan={date|time}&
Purge Hosts: (POST) compliance_enabled={0|1}&
action={purge}& os_pattern={PCRE regex}&
echo_request={0|1}& qids={value}&
*ips={ip,range…}& severities={value}&
*ids={id,range…}& show_igs={0|1}&
*ag_ids={value,value…}& show_results={0|1}&
*ag_titles={value,value…}& show_reopened_info={0|1}&
no_vm_scan_since={date/time}& output_format={XML|CSV|
no_compliance_scan_since={date/time}& CSV_NO_METADATA|CSV_NO_METADATA_
data_scope={vm|pc|vm,pc}& MS_EXCEL|CSV_MS_EXCEL}&
compliance_enabled={0|1}& suppress_duplicated_data_from_csv={0|1}&
os_pattern={PCRE regex}& truncation_limit={value}&
network_ids={id1,id2…}& status={New,Active,Re-Opened,Fixed}&
*include_search_list_titles={value}&
*exclude_search_list_titles={value}&
*include_search_list_ids={value}&
35
*exclude_search_list_ids={value}& tag_exclude_selector={any|all}&
active_kernels_only={0|1|2|3}& tag_set_by={id|name}&
network_ids={id1,id2…}& tag_set_include={value}&
dectection_processed_before={date}& tag_set_exclude={value}&
dectection_processed_after={date}&
detection_updated_before={date}& Notes: “use_tags=1” must be specified with other
detection_updated_since={date}& tag filter parameters.
max_days_since_detection_updated={value}&
detection_last_tested_since={date}& Excluded Hosts Change History: (GET +
POST)
detection_last_tested_since_days={value}&
detection_last_tested_before={date}& /api/2.0/fo/asset/excluded_ip/history/
detection_last_tested_before_days={value}& action={list}&
host_metadata={all|ec2|google|azure}& echo_request={0|1}&
host_metadata_fields={value1,value2}& ips={ip,range…}&
show_cloud_tags={0|1}& ids={id,range…}&
cloud_tag_fields={value}& id_min={id}&
filter_superseded_qids={0|1}& id_max={id}&
Notes: 1) *include/exclude cannot be specified network_id={id}&
with “qids” or “severities” in same request. Search
list titles and IDs cannot be included/excluded in Manage Excluded Hosts: (POST)
the same request. “show_igs” is required if /api/2.0/fo/asset/excluded_ip/
included search lists contain only Information action={add|remove|remove_all}&
Gathered. echo_request={0|1}&
2) A request with “max_days_since_vm_scan” ips={ip,range…}&
cannot also include “vm_scan_since” or comment={value}&
“no_vm_scan_since”. expiry_days={value}& (for action=add)
dg_names={value}& (for action=add)
3) A request with
network_id=(value)&
“max_days_since_detection_updated” cannot also
include “detected_updated_since”.
Notes: “ips” is invalid for “remove_all”.
Excluded Hosts Virtual Host Assets
Excluded Hosts List: (GET + POST)
/api/2.0/fo/asset/vhost/
/api/2.0/fo/asset/excluded_ip/
Virtual Host List: (GET + POST)
action={list}&
ips={ip,range…}& echo_request={0|1}&
network_id={id}& ip={ip}&
port={port}&
Filter by asset groups: Virtual Host: (POST)
ag_ids={value}&
action={create|update|delete|add_fqdn|
ag_titles={value}&
delete_fqdn}&
echo_request={0|1}&
Notes: “ag_ids” and “ag_titles” are mutually
ip={ip}&
exclusive and cannot be specified together.
port={port}&
Filter by asset tags: fqdn={fqdn}&
use_tags={0|1}& Notes: “fqdn” is invalid for “delete_fqdn”.
tag_include_selector={any|all} &
36
IPv6 Host Assets

Notes: one parameter is required
/api/2.0/fo/asset/ip/v4_v6/
asset_range_info.php? (GET)
IPv6 Mapping Records List: (GET + POST)
target_ips={ip,range…}&
action={list}& target_asset_groups={value,value…}&
echo_request={0|1}&
id_min={id}& Notes: one or both parameters is required
id_max={id}&
ipv4_filter={value}& get_host_info.php? (GET)
ipv6_network={value}& host_ip={ip}&
output_format={csv|xml}& host_dns={hostname}&
truncation_limit={value}& host_netbios={hostname}&
vuln_severity={1,2,3,4,5|all|none}&
Notes: Subscription authorization is required. potential_vuln_severity={1,2,3,4,5|all|none}&
ig_severity={1,2,3,4,5|all|none}&
Add IPv6 Mapping Records: (POST)
general_info={0|1}&
action={add}& vuln_details={0|1}&
echo_request={0|1}& ticket_details={0|1}&
csv_data={value}&
xml_data={value}& Notes: One of these parameters is required:
all_or_nothing={0|1}& host_ip or host_dns or host_netbios
Notes: Subscription authorization is required to

use. “csv_data” or “xml_data” is required Asset Groups
Remove IPv6 Mapping Records: (POST) /api/2.0/fo/asset/group/
action={remove}& Asset Group List: (GET + POST)
echo_request={0|1}&
action={list}&
csv_data={value}&
echo_request={0|1}&
xml_data={value}&
ids={id,id,id…}&
Notes: Subscription authorization is required to
id_min={id}&
use. “csv_data” or “xml_data” is required
id_max={id}&
truncation_limit={value}&
Restricted IPs network_ids={id,id,id…}&
/api/2.0/fo/setup/restricted_ips/ unit_id={value}&
user_id={value}&
Manage Restricted IPs: (GET + POST) show_attributes={None or All or a comma-
action={list|activate|add|delete|replace|clear} separated list of: TITLE, OWNER,
& OWNER_USER_NAME, NETWORK_IDS,
echo_request={0|1}& LAST_UPDATE, IP_SET, APPLIANCE_LIST,
enable={0|1}& DOMAIN_LIST, DNS_LIST, NETBIOS_LIST,
ips={value} or CSV raw data upload& EC2_ID_LIST, HOST_IDS, USER_IDS, UNIT_IDS,
output_format={CSV|XML} BUSINESS_IMPACT, CVSS, COMMENTS}
Add Asset Group: (POST)
Asset Data
action={add}&
asset_data_report.php? (GET) echo_request={0|1}&
template_title={value}& title={value}&
template_id={value}& network_id={value}&
37
comments={value}& Tag
division={value}&
location={value}& Get details on a tag
function={value}&
business_impact={critical|high|medium|low| /qps/rest/2.0/get/am/tag<id> (GET + POST)
none}& Required:
ips={value}& id (long)
appliance_ids={value}&
default_appliance_id={value}& Create a tag
domains={value}&
dns_names={value}& /qps/rest/2.0/create/am/tag (POST)
netbios_names={value}&
cvss_enviro_cdp={high|medium-high|low- Update a tag
medium|low|none}&
cvss_enviro_td={high|medium|low|none}& /qps/rest/2.0/update/am/tag/<id> (POST)
cvss_enviro_cr={high|medium|low}& /qps/rest/2.0/update/am/tag (POST)
cvss_enviro_ir={high|medium|low}&
cvss_enviro_ar={high|medium|low}& Search tags
Edit/Delete Asset Group: (POST) /qps/rest/2.0/search/am/tag (POST)
action={edit}& Filters:
echo_request={0|1}& id (Long)
id={value}& name (string)
{Edit only parameters below} parent (long)
set_title={value}& ruleType (STATIC, GROOVY, OS_REGEX,
set_comments={value}& NETWORK_RANGE, NAME_CONTAINS,
set_division={value}& INSTALLED_SOFTWARE, OPEN_PORTS,
set_location={value}& VULN_EXIST, ASSET_SEARCH)
set_function={value}& color (string formatted as #FFFFFF where F
set_business_impact={critical|high|medium|lo can be any value between color (0-9 and A-F)
w
|none }& Count tags
add|remove|set_ips={value}&
add|remove|set_appliance_ids={value}& /qps/rest/2.0/count/am/tag (POST)
set_default_appliance_id={value}&
add|remove|set_domains={value}& Delete tag
add|remove|set_dns_names={value}&
add|remove|set_netbios_names={value}& /qps/rest/2.0/delete/am/tag/<id> (POST)
set_cvss_enviro_cdp={high|medium-high|low- /qps/rest/2.0/delete/am/tag (POST)
medium|low|none}&
set_cvss_enviro_td={high|medium|low|none} Evaluate tag
&
set_cvss_enviro_cr={high|medium|low}& /qps/rest/2.0/evaluate/am/tag/<id> (POST)
set_cvss_enviro_ir={high|medium|low}& /qps/rest/2.0/evaluate/am/tag (POST)
set_cvss_enviro_ar={high|medium|low}&
38
List users with their tags installedSoftware (string)
Get details on a user Count host assets

/qps/rest/2.0/get/admin/user<id> (GET + POST) /qps/rest/2.0/count/am/hostasset (GET + POST)
Required:
id (long)
Delete host asset
/qps/rest/2.0/delete/am/hostasset/<id> (POST)
Search users /qps/rest/2.0/delete/am/hostasset/ (POST)
/qps/rest/1.0/search/admin/user (GET + POST)
Activate host asset
Count users /qps/rest/2.0/activate/am/hostasset/<id>?module
/qps/rest/2.0/count/admin/user (POST) =QWEB_VM (POST)
/qps/rest/2.0/activate/am/hostasset?module=QW
EB_VM (POST)
Host Asset /qps/rest/2.0/activate/am/hostasset/<id>?module
=QWEB_PC (POST)
Get details on a host asset /qps/rest/2.0/activate/am/hostasset?module=QW
/qps/rest/2.0/get/am/hostasset/<id> (GET + POST) EB_PC (POST)
Required:
id (long) Asset
Create a host asset Get details on an asset

/qps/rest/2.0/get/am/asset/<id> (GET + POST)
/qps/rest/2.0/create/am/hostasset (POST)
Required:
Update host asset id (long)
/qps/rest/2.0/update/am/hostasset/<id> (POST)
Update asset
/qps/rest/2.0/update/am/hostasset (POST)
/qps/rest/2.0/update/am/asset/<id> (POST)
Search host assets /qps/rest/2.0/update/am/asset (POST)
/qps/rest/2.0/search/am/hostasset (POST)
Search assets
Filters:
qwebHostId (long) /qps/rest/2.0/search/am/asset (POST)
lastVulnScan (date) Filters:
lastComplianceScan (date) id (long)
informationGatheredUpdated (date) name (string)
os (string) created (date)
dnsHostName (string) updated (date)
netbiosName (string) type (UNKNOWN. HOST, SCANNER, WEBAPP,
netbiosNetworkID (string) MALWARE_DOMAIN)
networdGuid (string) tagName (string)
trackingMethod (AssetTrackingMethod) tagId (string)
port (integer)
39
Count assets Asset Data Connector

/qps/rest/2.0/count/am/asset (POST)
Get details on a connector
Delete asset /qps/rest/2.0/get/am/assetdataconnector/<id>
/qps/rest/2.0/delete/am/asset/<id> (POST) (GET + POST)
/qps/rest/2.0/delete/am/asset (POST) Filter (optional):
id (Integer)
Activate asset
Update connector
/qps/rest/2.0/activate/am/asset/<id>?module=Q
WEB_VM (POST) /qps/rest/2.0/update/am/assetdataconnector/<id
> (POST)
/qps/rest/2.0/activate/am/asset?module=QWEB_V
M (POST) /qps/rest/2.0/update/am/assetdataconnector
(POST)
/qps/rest/2.0/activate/am/asset/<id>?module=Q
WEB_PC (POST)
Search connectors
/qps/rest/2.0/activate/am/asset?module=QWEB_P
C (POST) /qps/rest/2.0/search/am/assetdataconnector
(POST)
Host Instance Vulnerability Filters:
id (long)
Get details on a vulnerability name (string)
lastSync (date)
/qps/rest/2.0/get/am/hostinstancevuln/<id> (GET lastError (date)
+ POST) connectorState (PENDING, RUNNING,
Filter (optional): SUCCESS or Error)
id (long) activation (VM or PC)
defaultTags.name (string)
Search vulnerabilities defaultTag (long)
disabled (Boolean)
/qps/rest/2.0/search/am/hostinstancevuln (POST)
Filters (optional): Count connectors
id (long) /qps/rest/2.0/count/am/assetdataconnector
name (string) (POST)
parentTagId (long)
ruleType (STATIC, GROOVY, OS_REGEX,
Delete connector
NETWORK_RANGE, NAME_CONTAINS,
INSTALLED_SOFTWARE, OPEN_PORTS, /qps/rest/2.0/delete/am/assetdataconnector/id>
VULN_EXIST, ASSET_SEARCH) (POST)
color (string formatted as #FFFFFF where F
/qps/rest/2.0/delete/am/assetdataconnector
can be any value between color (0-9 and A-F)
(POST)
Count vulnerabilities Run connector

/qps/rest/2.0/count/am/hostinstancevuln (POST) /qps/rest/2.0/run/am/assetdataconnector/<id>
(POST)
40
/qps/rest/2.0/run/am/assetdataconnector/<id> Count AWS connectors

(POST)
/qps/rest/2.0/count/am/awsassetdataconnector
(POST)
AWS Asset Data Connector
Delete AWS connector
Get details on an AWS connector
/qps/rest/2.0/delete/am/awsassetdataconnector/i
/qps/rest/2.0/get/am/awsassetdataconnector/<id> d> (POST)
(GET + POST) /qps/rest/2.0/delete/am/awsassetdataconnector
Filter (optional): (POST)
id (Integer)
Run AWS connector
Create AWS connector /qps/rest/2.0/run/am/awsassetdataconnector/<id
/qps/rest/2.0/create/am/awsassetdataconnector > (POST)
(POST) /qps/rest/2.0/run/am/awsassetdataconnector/<id
Optional: > (POST)
isGovCloudConfigured (Boolean)
AWS Authentication Record
Update AWS connector
/qps/rest/2.0/update/am/awsassetdataconnector/ Get details on AWS record
<id> (POST) /qps/rest/2.0/get/am/awsauthrecord/<id>
/qps/rest/2.0/update/am/awsassetdataconnector (GET + POST)
(POST)
Filter (optional):
Optional: id (Integer)
isGovCloudConfigured (Boolean)
Create AWS record
Search AWS connectors
/qps/rest/2.0/create/am/awsauthrecord (POST)
/qps/rest/2.0/search/am/awsassetdataconnector
(POST) Update AWS record
Filters:
/qps/rest/2.0/update/am/awsauthrecord/<id>
id (long)
(POST)
name (string)
lastSync (date) /qps/rest/2.0/update/am/awsauthrecord (POST)
lastError (date)
connectorState (PENDING, RUNNING, Search AWS records
SUCCESS or Error)
activation (VM or PC) /qps/rest/2.0/search/am/awsauthrecord (POST)
defaultTags.name (string) Filters:
allRegions (Boolean) id (long)
serviceType (AwsServiceType) name (string)
endpoint.region (string) description (string)
authRecord (long) created (date)
authRecord.name (string) modified (date)
disabled (Boolean)
41
Count AWS records

/qps/rest/2.0/count/am/awsauthrecord (POST)
Delete AWS record

/qps/rest/2.0/delete/am/awsauthrecord/id>
(POST)
/qps/rest/2.0/delete/am/awsauthrecord (POST)
42
Continuous Monitoring API
Continuous Monitoring id (Integer)

eventType (Keyword - see Search above)
API ipAddress (Text)
hostname (Text)
Use these API calls to manage alerts, profiles, rule isHidden (Boolean)
sets, and rules to monitor your assets. eventDate (Date)
alertDate (Date)
Alerts | Profiles | Rulesets | Rules profileTitle (Text)
Qualys Continuous Monitoring API User Guide Profiles
Alerts Search profiles

/qps/rest/1.0/search/cm/profile (POST)
Search alerts Filters (optional):
/qps/rest/1.0/search/cm/alert (POST) id (Integer)
title (Text)
Filters (optional):
uuid (Integer)
id (Integer)
frequency (FREQ_NEVER, FREQ_5_MINUTES,
eventType (HOST_FOUND, HOST_UPDATED,
FREQ_20_MINUTES,FREQ_1_HR, FREQ_2_HRS,
HOST_PURGED, PORT_OPEN,
FREQ_6_HRS, FREQ_12_HRS,FREQ_WEEKLY,
PORT_CHANGED, PORT_CLOSED,
FREQ_DAILY)
SOFTWARE_ADDED, SOFTWARE_REMOVED,
isActive (Boolean)
SSL_NEW, SSL_EXPIRED, SSL_EXPIRY,
ruleSetTitle (Text)
TICKET_OPEN, TICKET_RESOLVED,
TICKET_CLOSED, VULN_OPEN,
VULN_CLOSED, VULN_REOPENED,
View details on an profile
VULN_ACTIVE, VULN_PREDICTION_ADDED, /qps/rest/1.0/get/cm/profile/<id> (GET, POST)
VULN_PREDICTION_CHANGED,
Required:
VULN_PREDICTION_CLOSED)
id (Integer) /profile ID
ipAddress (Text)
hostname (Text)
isHidden (Boolean) Rulesets
eventDate (Date)
alertDate (Date) Search rulesets
profileTitle (Text)
/qps/rest/1.0/search/cm/ruleset (POST)
View details on an alert Filters (optional):
id (Integer)
/qps/rest/1.0/get/cm/alert/<id> (GET, POST) title (Text)
Required: description (Text)
id (Integer) /alert ID dateCreated (Date)
dateUpdated (Date)
Download alerts
View details on a ruleset
/qps/rest/1.0/download/cm/alert (POST)
/qps/rest/1.0/get/cm/ruleset/<id> (GET, POST)
Required:
format (csv|cef) Required:
Filters (optional): id (Integer) /ruleset ID
43
Continuous Monitoring API
Rules
Search rules
/qps/rest/1.0/search/cm/rule (POST)
Filters (optional):
id (Integer)
ruleType (HOST, VULN, PORT, SSL, SW)
View details on a rule

/qps/rest/1.0/get/cm/rule/<id> (POST)
Required:
id (Integer) /rule ID
44
Web Application Scanning API
Web Application Get details for a web application

Scanning API /qps/rest/3.0/get/was/webapp/<id> (GET)
Required:
Use these API calls to scan and report on web id (Integer) /web application ID
applications.
Create a web application
Web Application | Authentication | Scan | Schedule |
Option Profile | Report | Report Creation | Findings | /qps/rest/3.0/create/was/webapp (POST)
Burp
Required:
Looking for more information? name (Text)
Qualys Web Application Scanning API User Guide url (Text)
Optional:
Click here for WAS API User Guide
Web Application
Update a web application
Current web application count
/qps/rest/3.0/update/was/webapp/<id> (POST)
/qps/rest/3.0/count/was/webapp (GET + POST)
Required:
Filters (optional): id (Integer)
id (Integer) Optional:
name (Text) Click here for WAS API User Guide
url (Text)
tags.name (Text) Delete web applications
tags.id (Integer)
createdDate (Date) /qps/rest/3.0/delete/was/webapp/<id> (POST)
updatedDate (Date) /qps/rest/3.0/delete/was/webapp/<filters> (POST)
isScheduled (Boolean)
isScanned (Boolean) Required:
lastScan.status (SUBMITTED, RUNNING, id (Integer) /web application ID
FINISHED, CANCELED, ERROR) Filters (optional):
lastScan.date (Date) name (Text)
url (Text)
Search web applications tags.name (Text)
tags.id (Integer)
/qps/rest/3.0/search/was/webapp (POST) createdDate (Date)
Filters (optional): updatedDate (Date)
id (Integer) isScheduled (Boolean)
name (Text) isScanned (Boolean)
url (Text) lastScan.status (SUBMITTED, RUNNING,
tags.name (Text) FINISHED, CANCELED, ERROR)
tags.id (Integer) lastScan.date (Date)
createdDate (Date)
updatedDate (Date) Purge web applications
isScheduled (Boolean) /qps/rest/3.0/purge/was/webapp/<id> (POST)
isScanned Boolean)
lastScan.date (Date) /qps/rest/3.0/purge/was/webapp/<filters> (POST)
lastScan.status (SUBMITTED, RUNNING, Required:
FINISHED, CANCELED, ERROR) id (Integer) /web application ID
45
Filters (optional): lastScan.authStatus (NOT_USED,

name (Text) SUCCESSFUL, FAILED, PARTIAL)
url (Text) isUsed (Boolean)
tags.name (Text) contents (FORM_STANDARD,
tags.id (Integer) FORM_CUSTOM, FORM_SELENIUM,
createdDate (Date) SERVER_BASIC, SERVER_DIGEST)
updatedDate (Date)
isScheduled (Boolean) Get details for an authentication
isScanned (Boolean) record
lastScan.status (SUBMITTED, RUNNING,
FINISHED, CANCELED, ERROR) /qps/rest/3.0/get/was/webappauthrecord/<id>
lastScan.date (Date) (GET)
Required:
Authentication id (Integer) /Authentication record ID
Current authentication record count Create a new authentication record

/qps/rest/3.0/count/was/webappauthrecord /qps/rest/3.0/create/was/webappauthrecord
(POST)
(POST + GET)
Required:
Filters (optional): name (Text)
id (Integer) WebAuthRecord (Text)
name (Text) Optional:
tags (Integer) tags
tags.id (Integer) comments
tags.name (Text)
createdDate (Date)
Update an authentication record
updatedDate (Date)
lastScan.date (Date) /qps/rest/3.0/update/was/webappauthrecord/<id>
lastScan.authStatus (NOT_USED, (POST)
SUCCESSFUL, FAILED, PARTIAL)
Required:
isUsed (Boolean)
id (Integer) /Authentication record ID
contents (FORM_STANDARD,
FORM_CUSTOM, FORM_SELENIUM,
SERVER_BASIC, SERVER_DIGEST)
Delete authentication records
/qps/rest/3.0/delete/was/webappauthrecord/<id>
Search authentication records (POST)
/qps/rest/3.0/delete/was/webappauthrecord
/qps/rest/3.0/search/was/webappauthrecord
(POST)
(POST)
Filters (optional):
Filters (optional):
id (Integer)
id (Integer) name (Text)
name (Text) tags
tags (Integer) createdDate (Date)
tags.id (Integer) updatedDate (Date)
tags.name (Text) lastScan.date (Date)
createdDate (Date) lastScan.authStatus (Text)
updatedDate (Date) isUsed (Boolean)
lastScan.date (Date) contents
46
Scan resultsStatus (NOT_USED, NO_HOST_ALIVE,

NO_WEB_SERVICE, PROCESSING,
Current scan count SCAN_RESULTS_INVALID,
TIME_LIMIT_REACHED, SERVICE_ERROR,
/qps/rest/3.0/count/was/wasscan (POST + GET) SCAN_INTERNAL_ERROR, SUCCESSFUL,
Filters (optional): TO_BE_PROCESSED)
id (Integer)
name (Text) Get scan details
webApp.name (Text)
/qps/rest/3.0/get/was/wasscan/<id> (GET)
webApp.id (Integer)
webApp.tags (with operator="NONE") Required:
webApp.tags.id (Integer) id (Integer) /Scan ID
reference (Text)
launchedDate (Date) Launch a new scan (single web
type (DISCOVERY, VULNERABILITY) application)
mode (MANUAL, SCHEDULED, API)
/qps/rest/3.0/launch/was/wasscan (POST)
status (SUBMITTED, RUNNING, FINISHED,
ERROR, CANCELED) Required:
authStatus (NONE, NOT_USED, name (Text)
SUCCESSFUL, FAILED, PARTIAL) target.webApp.id (Integer)
resultsStatus (NOT_USED, NO_HOST_ALIVE, type (DISCOVERY, VULNERABILITY)
NO_WEB_SERVICE, PROCESSING, profile.id (Integer) *
SCAN_RESULTS_INVALID, Optional:
TIME_LIMIT_REACHED, SERVICE_ERROR, target.scannerAppliance.type (EXTERNAL,
SCAN_INTERNAL_ERROR, SUCCESSFUL, INTERNAL, scannerTags)
TO_BE_PROCESSED) target.scannerAppliance.friendlyName (Text)
target.webAppAuthRecord.id (Integer) - or -
Search scans target.webAppAuthRecord.isDefault
(Boolean)
/qps/rest/3.0/search/was/wasscan (POST) options
Filters (optional): proxy.id (Integer)
id (Integer) dnsOverride.id (Integer)
name (Text) cancelOption set to DEFAULT - Forces the use
webApp.name (Text) of the target web app’s cancelScans option if
webApp.id (Integer) set, else fall back to the one passed in to the
webApp.tags (with operator="NONE") API while launching the scan
webApp.tags.id (Integer) cancelOption set to SPECIFIC - Always use the
reference (Text) cancel scan option passed while launching
launchedDate (Date) the scan
type (DISCOVERY, VULNERABILITY) sendMail (Boolean)
mode (MANUAL, SCHEDULED, API) Click here for WAS API User Guide
status (SUBMITTED, RUNNING, FINISHED,
ERROR, CANCELED) Notes: * The element profile (Text) is required
authStatus (NONE, NOT_USED, unless the target has a default option profile.
SUCCESSFUL, FAILED, PARTIAL)
47
Launch a new scan (multiple web Delete an existing scan

application)
/qps/rest/3.0/delete/was/wasscan/<id> (POST)
/qps/rest/3.0/launch/was/wasscan (POST)
/qps/rest/3.0/delete/was/wasscan (POST)
Required: Filters (optional):
name (Text)
id (Integer)
target.webApps.id (Integer) or target.tags.id
name (Text)
(Integer)
webApp.name (Text)
target.tags.included.option (ALL or ANY)1
webApp.id (Integer)
target.tags.included.tagList.Tag.id (Integer)1 reference (Text)
type (DISCOVERY or VULNERABILITY) launchedDate (Date)
profile.id (Integer) * type (DISCOVERY, VULNERABILITY)
Optional: mode (MANUAL, SCHEDULED, API)
target.authRecordOption status (SUBMITTED, RUNNING, FINISHED,
target.profileOption ERROR, CANCELED)
target.scannerOption authStatus (NONE, NOT_USED,
target.randomizeScan SUCCESSFUL, FAILED, PARTIAL)
resultsStatus (NOT_USED, NO_HOST_ALIVE,
NO_WEB_SERVICE, PROCESSING,
Notes: * The element profile (Text) is required SCAN_RESULTS_INVALID,
unless the target has a default option profile. TIME_LIMIT_REACHED, SERVICE_ERROR,
1 The element target must have at least tags or SCAN_INTERNAL_ERROR, SUCCESSFUL,
web applications specified. TO_BE_PROCESSED)
Retrieve the status of a scan Schedule

/qps/rest/3.0/status/was/wasscan/<id> (GET)
Current schedule count
Required:
id (Integer) /Scan ID /qps/rest/3.0/count/was/wasscanschedule
(POST + GET)
Retrieve the results of a scan
Filters (optional):
/qps/rest/3.0/download/was/wasscan/<id> (GET) id (Integer)
/qps/rest/2.0/download/was/wasscan/<id> (GET) name (Text)
owner.id (Text)
Required: createdDate (Date)
id (Integer) /Scan ID updatedDate (Date)
type (DISCOVERY, VULNERABILITY)
Cancel an unfinished scan webApp.name (Text)
webApp.id (Integer)
/qps/rest/3.0/cancel/was/wasscan/<id> (POST)
webApp.tags (with operator="NONE")
Required: webApp.tags.id (Integer)
id (Integer) /Scan ID active (Boolean)
invalid (Boolean)
48
Search schedules target.webAppAuthRecord.isDefault

(Boolean)
/qps/rest/3.0/search/was/wasscanschedule (POST) options
Filters (optional): proxy.id (Integer)
id (Integer) dnsOverride.id (Integer)
name (Text) cancelOption set to DEFAULT - Forces the use
owner.id of the target web app’s cancelScans option if
createdDate (Date) set, else fall back to the one passed in to the
active (Boolean) API while launching the scan
type (DISCOVERY, VULNERABILITY) cancelOption set to SPECIFIC - Always use the
webApp.name (Text) cancel scan option passed while launching
webApp.id (Integer) the scan
webApp.tags (with operator="NONE") sendMail (Boolean)
webApp.tags.id (Integer) Click here for WAS API User Guide
updatedDate (Date)
invalid (Boolean) Notes: * The element profile (Text) is required
lastScan (with operation="NONE") unless the target has a default option profile.
lastScan.launchedDate (Date)
lastScan.status (SUBMITTED, RUNNING, Create a schedule (multiple web
FINISHED, ERROR, CANCELED) application)
multi (Boolean)
/qps/rest/3.0/create/was/wasscanschedule (POST)
Get schedule details Required:
name (Text)
/qps/rest/3.0/get/was/wasscanschedule/<id> target.webApps.id (Integer) or target.tags.id
(GET) (Integer)
Required: target.tags.included.option (ALL or ANY)
id (Integer) /Scan ID target.tags.included.tagList.Tag.id (Integer)
type (DISCOVERY, VULNERABILITY)
Create a schedule (single web profile.id (Integer)*
application) startDate (Date)
timeZone (Text)
/qps/rest/3.0/create/was/wasscanschedule (POST) occurrenceType (ONCE, DAILY, WEEKLY,
Required: MONTHLY)
name (Text) notification (Boolean)
target.webApp.id (Integer) reschedule (Boolean)
type (DISCOVERY, VULNERABILITY) Optional:
profile.id (Integer)* target.authRecordOption
startDate (Date) target.profileOption
timeZone (Text) target.scannerOption
occurrenceType (ONCE, DAILY, WEEKLY, target.randomizeScan
MONTHLY) target.authRecordOption
notification (Boolean) target.scannerAppliance.type (EXTERNAL,
reschedule (Boolean) INTERNAL, scannerTags)
Optional: target.scannerAppliance.friendlyName (Text)
target.scannerAppliance.type (EXTERNAL, cancelOption set to DEFAULT - Forces the use
INTERNAL, scannerTags) of the target web app’s cancelScans option if
target.scannerAppliance.friendlyName (Text) set, else fall back to the one passed in to the
target.webAppAuthRecord.id (Integer) - or - API while launching the scan
49
cancelOption set to SPECIFIC - Always use the webApp.name (Text)

cancel scan option passed while launching owner.id (Integer)
the scan type (VULNERABILITY, DISCOVERY)
sendMail (Boolean) active (Boolean)
Click here for WAS API User Guide invalid (Boolean)
createdDate (Date)
Notes: * The element profile (Text) is required updatedDate (Date)
unless the target has a default option profile.
Delete one or more existing schedules
Update a schedule
/qps/rest/3.0/delete/was/wasscanschedule/<id>
/qps/rest/3.0/update/was/wasscanschedule/<id> (POST)
(POST)
/qps/rest/3.0/delete/was/wasscanschedule/<filter
Required: s> (POST)
id (Integer) /Schedule ID Required:
Optional:
id (Integer) /Schedule ID
Filters (optional):
name (Text)
Activate an existing schedule webApp.id (Integer)
/qps/rest/3.0/update/was/wasscanschedule/<id> webApp.name (Text)
(POST) owner.id (Integer)
type (VULNERABILITY, DISCOVERY)
/qps/rest/3.0/activate/was/wasscanschedule/<filt active (Boolean)
ers> (POST) invalid (Boolean)
Required: createdDate (Date)
id (Integer) /Schedule ID updatedDate (Date)
Filters (optional):
name (Text) Download one or more schedules to
webApp.id (Integer) iCalendar
webApp.name (Text)
/qps/rest/3.0/download/was/wasscanschedule/<i
owner.id (Integer)
type (VULNERABILITY, DISCOVERY) d> (POST)
active (Boolean) /qps/rest/3.0/download/was/wasscanschedule/<fi
invalid (Boolean) lters> (POST)
createdDate (Date)
Filters (optional):
updatedDate (Date)
name (Text)
owner.id (Integer)
Deactivate an existing schedule createdDate (Date)
/qps/rest/3.0/update/was/wasscanschedule/<id> active (Boolean)
(POST) type (VULNERABILITY, DISCOVERY)
webApp.name (Text)
/qps/rest/3.0/deactivate/was/wasscanschedule/<f webApp.id (Integer)
ilters> (POST) updatedDate (Date)
Required: invalid (Boolean)
id (Integer) /Schedule ID
Filters (optional):
name (Text)
webApp.id (Integer)
50
Option Profile Get details for an option profile

/qps/rest/3.0/get/was/optionprofile/<id> (GET)
Current option profile count
Required:
/qps/rest/3.0/count/was/optionprofile (POST + id (Integer) /Option profile ID
GET)
Filters (optional): Create a new option profile
id (Integer)
/qps/rest/3.0/create/was/optionprofile (POST)
name (Text)
tags Required:
tags.id (Integer) name (Text) /Option profile name
tags.name (Text)
createdDate (Date) Update an option profile
updatedDate (Date)
usedByWebApps (Boolean with operator: /qps/rest/3.0/update/was/optionprofile/<id>
EQUALS, NOT EQUALS) (POST)
usedBySchedules (Boolean with operator: Required:
EQUALS, NOT EQUALS) id (Integer) /Option profile ID
owner.id (Long with operator: EQUALS, IN,
NOT EQUALS, GREATER, LESSER) Delete an option profile
owner.name (text with operator: CONTAINS,
EQUALS, NOT EQUALS) /qps/rest/3.0/delete/was/optionprofile/<id>
owner.username (text with operator: (POST)
CONTAINS, EQUALS, NOT EQUALS) /qps/rest/3.0/delete/was/optionprofile (POST)
Optional:
Search option profiles name (Text)
/qps/rest/3.0/search/was/optionprofile (POST) owner (Text)
tags
Filters (optional): createdDate (Date)
id (Integer) updatedDate (Date)
name (Text) usedByWebApps (Boolean)
tags usedBySchedules (Boolean)
tags.id (Integer)
tags.name (Text)
createdDate (Date) Report
updatedDate (Date)
usedByWebApps (Boolean with operator: Current report count
EQUALS, NOT EQUALS)
/qps/rest/3.0/count/was/report (GET, POST)
usedBySchedules (Boolean with operator:
EQUALS, NOT EQUALS) Filters (optional):
owner.id (Long with operator: EQUALS, IN, id (Integer)
NOT EQUALS, GREATER, LESSER) name (Text)
owner.name (text with operator: CONTAINS, tags.id (Integer)
EQUALS, NOT EQUALS) tags.name (Text)
owner.username (text with operator: CONTAINS, creationDate (Date)
EQUALS, NOT EQUALS)
51
type (WAS_SCAN_REPORT, Update a report

WAS_WEBAPP_REPORT,
WAS_SCORECARD_REPORT, /qps/rest/3.0/update/was/report/<id> (POST)
WAS_CATALOG_REPORT, Required:
DATALIST_REPORT) id (Integer) /report ID
format (HTML_ZIPPED, HTML_BASE64, PDF, tags (Text)
PDF_ENCRYPTED, CSV, XML, POWERPOINT, showPatched (applies to Web App Report,
WORD) Scan Report only - SHOW_BOTH (is default),
status (RUNNING, ERROR, COMPLETE) SHOW_ONLY, SHOW_NONE)
Search reports Delete one or more reports

/qps/rest/3.0/search/was/report (POST) /qps/rest/3.0/delete/was/report/<id> (POST)
Filters (optional): /qps/rest/3.0/delete/was/report/<filters> (POST)
id (Integer)
Required:
name (Text)
id (Integer) /web application ID
tags.id (Integer)
Filters (optional):
tags.name (Text)
name (Text)
creationDate (Date)
tags.id (Integer)
type (Keyword)
tags.name (Text)
format (Keyword)
creationDate (Date)
status (Keyword
type (Keyword)
format (Keyword)
Get details on a report status (Keyword)
/qps/rest/3.0/get/was/report/<id> (GET, POST)
Required: Report Creation
id (Integer) /report ID
Report Creation Request
Get report status /qps/rest/3.0/create/was/report (POST)
/qps/rest/3.0/status/was/report/<id> (GET, POST) name (Text)
Required: type (WAS_SCAN_REPORT,
id (Integer) /report ID WAS_WEBAPP_REPORT,
WAS_SCORECARD_REPORT,
Download a report WAS_CATALOG_REPORT)
format (HTML_ZIPPED, HTML_BASE64, PDF,
/qps/rest/3.0/download/was/report/<id> (GET, PDF_ENCRYPTED, CSV, XML, POWERPOINT)
POST) tags.id (Integer)
Required: tags.name (Text)
id (Integer) /report ID password (Text)
distributionList (*)
config (one and only one subelement is
Send an encrypted PDF report
required: webAppReport, scanReport,
/qps/rest/3.0/send/was/report/<id> (POST) catalogReport, scorecardReport)
Required:
Notes: (*) indicates data type.
id (Integer) /report ID
distributionList (Text)
52
Web Application Report target.scannerTags.set.Tag.id (Integer)

target.tags.excluded.option (ALL or ANY)
target.tags (Tag) target.tags.excluded.tagList.Tag.id (Integer)
target.tags.included.option (ALL or ANY)1 display.contents (ScorecardReportContent)*
target.tags.included.tagList.Tag.id (Integer)1 display.graphs (ScorecardReportGraph)*
target.webapps (WebApp)* display.groups (ScorecardReportGroup)*
filters.searchlists (SearchList)* display.options (rawLevels)*
filters.url (Text)
filters.status (WebAppFindingStatus)* Notes: (*) indicates data type.
filters.remediation*
showPatched (SHOW_ONLY, SHOW_NONE, 1 The element target must have at least tags or
SHOW_BOTH - default) web applications specified
target.scannerTags.set.Tag.id (Integer)
target.tags.excluded.option (ALL or ANY) Catalog Report
target.tags.excluded.tagList.Tag.id (Integer)
filters.scanDate (DatetimeRange)*
display.contents (WebAppReportContent)*
filters.url (Text)
display.graphs (WebAppReportGraph)*
filters.ip (Text)
display.groups (WebAppReportGroup)*
filters.os (Text)
display.options (rawLevels)*
filters.status (EntryStatus)*
display.contents (WebAppReportContent)*
display.graphs (WebAppReportGraph)*
1 The element target must have at least tags or display.groups (WebAppReportGroup)*
web applications specified. display.options (rawLevels)*
Scan Report Notes: (*) indicates data type.
target.scans (WasScan)*
Report Template Count
filters.searchlists (SearchList)*
filters.url (Text) qps/rest/3.0/count/was/reporttemplate (POST)
filters.status (ScanFindingStatus)*
id (Integer)
filters.remediation (*)
name (Text)
showPatched (SHOW_ONLY, SHOW_NONE,
type (Text)
SHOW_BOTH - default)
display.contents (ScanAppReportContent)*
display.graphs (ScanAppReportGraph)*
Search Report Template
display.groups (ScanAppReportGroup)* qps/rest/3.0/search/was/reporttemplate (POST)
display.options (rawLevels)*
id (Integer)
name (Text)
type (Text)
Scorecard Report Get details of Report Template
target.tags (Tag)*
qps/rest/3.0/get/was/reporttemplate/<id> (GET)
target.tags.included.option (ALL or ANY)1
target.tags.included.tagList.Tag.id (Integer)1 Required:
filters.searchlists (SearchList)* id (Integer) /report template ID
filters.scanDate (DatetimeRange)*
filters.scanStatus
(WasScanConsolidatedStatus)*
filters.scanAuthStatus (WasScanAuthStatus)*
53
Findings webApp.id (Integer)

webApp.name (Text)
Current finding count severity (Integer)
externalRef (String)
/qps/rest/3.0/count/was/finding (POST) ignoredDate (Date)
Filters (optional): ignoredReason (FALSE_POSITIVE,
id (Integer) RISK_ACCEPTED or NOT_APPLICABLE)
qid (Integer) group (Keyword: XSS, SQL, INFO, PATH, CC,
name (Text) SSN_US or CUSTOM)
type (VULNERABILITY, SENSITIVE_CONTENT, owasp.name (Text)
or INFORMATION_GATHERED) owasp.code (Integer)
url (Text) wasc.name (Text)
webApp.tags.id (Integer) wasc.code (Integer)
webApp.tags.name (Text) cwe.id (Integer)
status (NEW, ACTIVE or REOPENED) firstDetectedDate (Date)
patch (Integer-Long) lastDetectedDate (Date)
webApp.id (Integer) lastTestedDate (Date)
webApp.name (Text) timesDetected (Integer)
severity (Integer)
externalRef (String) Get details on a finding
ignoredDate (Date)
/qps/rest/3.0/get/was/finding/<id> (GET, POST)
ignoredReason (FALSE_POSITIVE,
RISK_ACCEPTED or NOT_APPLICABLE) Required:
group (XSS, SQL, INFO, PATH, CC, SSN_US or id (Integer) /finding ID
CUSTOM)
owasp.name (Text) Ignore findings
owasp.code (Integer)
/qps/rest/3.0/ignore/was/finding (POST)
wasc.name (Text)
wasc.code (Integer) Filters:
cwe.id (Integer) id (Integer)
firstDetectedDate (Date) qid (Integer)
lastDetectedDate (Date) name (Text)
lastTestedDate (Date) type (VULNERABILITY, SENSITIVE_CONTENT,
timesDetected (Integer) or INFORMATION_GATHERED)
url (Text)
Search findings webApp.tags.id (Integer)
webApp.tags.name (Text)
/qps/rest/3.0/search/was/finding (POST) status (NEW, ACTIVE or REOPENED)
Filters (optional): webApp.id (Integer)
id (Integer) webApp.name (Text)
qid (Integer) severity (Integer)
name (Text) ignoredDate (Date)
type (VULNERABILITY, SENSITIVE_CONTENT, ignoredReason (FALSE_POSITIVE,
or INFORMATION_GATHERED) RISK_ACCEPTED or NOT_APPLICABLE)
url (Text) group (Keyword: XSS, SQL, INFO, PATH, CC,
webApp.tags.id (Integer) SSN_US or CUSTOM)
webApp.tags.name (Text) owasp.name (Text)
status (NEW, ACTIVE or REOPENED) owasp.code (Integer)
patch (Integer-Long) wasc.name (Text)
54
wasc.code (Integer) new Severity level {1, 2, 3, 4, 5} (Integer)

cwe.id (Integer) comments (Text)
firstDetectedDate (Date)
lastDetectedDate (Date) Restore findings severity
lastTestedDate (Date)
timesDetected (Integer) /qps/rest/3.0/restoreSeverity/was/finding<id>
(POST)
Activate findings Required:
id (Integer)
/qps/rest/3.0/activate/was/finding/<id> (POST)
/qps/rest/3.0/activate/was/finding/<findings> Retest findings
(POST)
/qps/rest/3.0/retest/was/finding/<id>
Filters:
id (Integer) /qps/rest/3.0/retest/was/finding/<findings>
qid (Integer) (POST)
name (Text)
Required:
type (VULNERABILITY, SENSITIVE_CONTENT,
id (Integer)
or INFORMATION_GATHERED)
url (Text)
webApp.tags.id (Integer)
webApp.tags.name (Text) Burp
status (NEW, ACTIVE or REOPENED)
webApp.id (Integer) Import Burp Scan Reports
webApp.name (Text)
/qps/rest/3.0/import/was/burp (POST)
severity (Integer)
ignoredDate (Date) Required:
ignoredReason (FALSE_POSITIVE, webAppId (Integer)
RISK_ACCEPTED or NOT_APPLICABLE) Burp Scanner Report in XML format
group (XSS, SQL, INFO, PATH, CC, SSN_US or Optional:
CUSTOM) purgeResults (Boolean)
owasp.name (Text) closeUnreportedIssues (Boolean)
owasp.code (Integer) fileName (String)
wasc.name (Text)
wasc.code (Integer)
cwe.id (Integer)
firstDetectedDate (Date)
lastDetectedDate (Date)
lastTestedDate (Date)
timesDetected (Integer)
Edit findings severity

/qps/rest/3.0/editSeverity/was/finding/<id>
(POST)
/qps/rest/3.0/editSeverity/was/finding/<findings>
(POST)
Filters:
id (Integer)
55
Web Application Firewall API
Web Application Firewall webServername (Text)

webServerTimeout (Long)
API certificate.id (Long)
certificate.uuid (UUID)
Use these API calls to manage web applications, certificate.name (Text)
clusters, and appliances. status
deployed (Date)
Web Applications | Web Servers | Healthchecks| SSL synced (Date)
Certificates | Custom Response Pages | Security blockingMode (Boolean)
Policies | HTTP Profiles | Custom Rules| Clusters | createdBy.id (Long)
Appliances createdBy.username (Text)
Looking for more information? createdBy.firstname (Text)
createdBy.lastname (Text)
Qualys Web Application Firewall API User Guide
updatedBy.id (Long)
updatedBy.username (Text)
Web Applications updatedBy.firstname (Text)
updatedBy.lastname (Text)
Current web application count custompage.id (Long)
customPage.uuid (UUID)
/qps/rest/2.0/count/waf/webapp/ (GET)
customPage.name (Text)
securityPolicy.id (Long)
Get details on a web application securityPolicy.uuid (UUID)
/qps/rest/2.0/get/waf/webapp/<id> (GET) securityPolicy.name (Text)
httpProfile.id (Long)
Required: httpProfile.uuid (UUID)
id (Integer) /web application ID httpProfile.name (Text)
sslEnabled (Boolean)
Search web applications clusters.cluster.id (Long)
/qps/rest/2.0/search/waf/webapp/ (POST) clusters.cluster.name (Text)
clusters.cluster.uuid (UUID)
Filters (optional): persistencyEnabled (Boolean)
id (Long) scanTrustEnabled (Boolean)
uuid (UUID)
name (Text) Create web application
url (Text)
tags.tag.id (Long) /qps/rest/2.0/create/waf/webapp (POST)
tags.tag.name (Text) Required:
owner.id (Text) name (Text)
owner.username (Text) url (Text)
owner.lastname (Text) webServer.id (Long)
created (Date) securityPolicy.id (Long)
updated (Date) httpProfile.id (Long)
urls.value (Text) updateSchedule.enabled (Boolean)
healthcheck.id (Long) Optional:
healthcheck.uuid (UUID) Click here for WAF API User Guide
healthcheck.name (Text)
failureResponseCode (Long)
webServer.id (Long)
weberver.uuid (UUID)
56
Update web application Web Servers

/qps/rest/2.0/update/waf/webapp/<id> (POST)
Current web server count
/qps/rest/2.0/update/waf/webapp (POST)
/qps/rest/2.0/count/waf/webserver/ (GET)
Optional:
name (Text)
Get details on a web server
url (Text)
webServer.id (Long) /qps/rest/2.0/get/waf/webserver/<id> (GET)
webServerTimeout (Long)
Required:
securityProfile.id (Long)
id (Integer) /web server ID
httpProfile.id (Long)
persistencyEnabled (Boolean)
persistencyToken
Search web servers
healthcheck.id (Long) /qps/rest/2.0/search/waf/webserver/ (POST)
failureResponseCode (Long)
Filters (optional):
certificate.id (Long)
id (Long)
sslProtocols (Text)
uuid (UUID)
sslCiphers (Text)
name (Text)
blockingMode (Boolean)
description (Text)
customPage.id (Long)
loadBalancingAlgorithm (Text)
scanTrustEnabled (Boolean)
addresses.url (Text)
customRules.CustomRule.id (Long)
addresses.weight (Integer)
clusters.cluster.id (Long)
owner.id (Long)
lastComment (Text)
owner.username (Text)
updateSchedule.enabled (Boolean)
owner.firstname (Text)
updateSchedule.weekDays (Text)
owner.lastname (Text)
updateSchedule.startTime (Integer)
created (Date)
updateSchedule.timezone.code (Text)
updated (date)
updateSchedule.timezone.offset (Text)
createdBy.id (Long)
updateSchedule.freezeEndDate (Date)
createdBy.username (Text)
urls
createdBy.firstname (Text)
urls.string (text
tags
updatedBy.id (Long)
Click here for WAF API User Guide
updatedBy.firstname (Text)
Delete web application updatedBy.lastname (Text)
/qps/rest/2.0/delete/waf/webapp/<id> (POST) tags.tag.id (Long)
tags.tag.name (Text)
Required: webApps.webApp.id (Long)
id (Long) /web application ID webApps.webApp.uuid (UUID)
webApps.webApp.name (Text)
Delete web applications (bulk)
/qps/rest/2.0/delete/waf/webapp (POST)
Filters (optional):
see Search web applications
57
Create web server Healthchecks

/qps/rest/2.0/create/waf/webserver (POST)
Current healthcheck count
Required:
name (Text) /qps/rest/2.0/count/waf/healthcheck/ (GET)
loadBalancingAlgorithm (Text)
addresses.WebServerAddresses Get details on a healthcheck
Optional:
/qps/rest/2.0/get/waf/healthcheck/<id> (GET)
description (Text)
tags Required:
tags.tag.id (Long) id (Integer) /healthcheck ID
Search healthchecks
Update web server /qps/rest/2.0/search/waf/healthcheck/ (POST)
/qps/rest/2.0/update/waf/webserver/<id> (POST) Filters (optional):
/qps/rest/2.0/update/waf/webserver (POST) id (Long)
uuid (UUID)
Optional:
name (Text)
name (Text) description (Text)
description (Text) lmethod
loadBalancingAlgorithm (Text) path (Text)
addresses.WebServerAddress expectedResponseCode (Long)
tags intervalUp (Long)
intervalDown (Long)
Delete web server intervalFlapping (Long)
/qps/rest/2.0/delete/waf/webserver/<id> (POST) nbSuccessesUp (Long)
nbFailuresDown (Long)
Required: timeout (Long)
id (Long) /web server ID owner.id (Long)
Delete web server (bulk) owner.firstname (Text)
/qps/rest/2.0/delete/waf/webserver (POST) created (Date)
updated (Date)
Filters (optional): createdBy.id (Long)
see Search web servers createdBy.username (Text)
updatedBy.id (Long)
tags.tag.id (Long)
webApps.webApp.id (Long)
webApps.webApp.uuid (UUID)
58
Create healthcheck SSL Certificates

/qps/rest/2.0/create/waf/healthcheck (POST)
Current SSL certificates count
Required:
name (Text) /qps/rest/2.0/count/waf/certificate/ (GET)
method
path (Text) Get details on SSL certificate
loadBalancingResponseCode (Long)
/qps/rest/2.0/get/waf/certificate/<id> (GET)
intervalUp (Long)
intervalDown (Long) Required:
intervalFlapping (Long) id (Integer) /SSL certificate ID
nbSuccessesUp (Long)
nbFailuresDown (Long) Search SSL certificates
timeout (Long)
/qps/rest/2.0/search/waf/certificate/ (POST)
Optional:
description (Text) Filters (optional):
tags id (Long)
tags.tag.id (Long) uuid (UUID)
tags.tag.name (Text) name (Text)
description (Text)
Update healthcheck owner.id (Long)
/qps/rest/2.0/update/waf/healthcheck/<id> owner.firstname (Text)
(POST) created (Date)
/qps/rest/2.0/update/waf/healthcheck (POST) updated (Date)
Optional: createdBy.id (Long)
name (Text) createdBy.username (Text)
description (Text) createdBy.firstname (Text)
method createdBy.lastname (Text)
path (Text) updatedBy.id (Long)
expectedResponseCode (Long) updatedBy.username (Text)
intervalUp (Long) updatedBy.firstname (Text)
intervalDown (Long) updatedBy.lastname (Text)
nbSuccessesUp (Long) tags.tag.id (Long)
nbFailuresDown (Long) tags.tag.name (Text)
timeout (Long) webApps.webApp.id (Long)
tags webApps.webApp.uuid (UUID)
Delete healthcheck
Create SSL certificate
/qps/rest/2.0/delete/waf/healthcheck/<id> (POST)
/qps/rest/2.0/create/waf/certificate (POST)
Required:
id (Long) /healthcheck ID Required:
name (Text)
Delete healthcheck (bulk) passphrase (Text)
token (Text)
/qps/rest/2.0/delete/waf/healthcheck (POST) Optional:
Filters (optional): description (Text)
see Search healthchecks pkcs12 (Text)
59
certificate (Text) Filters (optional):

privateKey (Text) id (Long)
chain (Text) uuid (UUID)
tags name (Text)
tags.tag.id (Long) description (Text)
tags.tag.name (Text) body (Text)
owner.id (Long)
Update SSL certificate owner.username (Text)
owner.firstname (Text)
/qps/rest/2.0/update/waf/certificate/<id> (POST) created (Date)
/qps/rest/2.0/update/waf/certificate (POST) updated (Date)
createdBy.id (Long)
Optional:
name (Text)
description (Text)
pkcs12 (Text)
updatedBy.id (Long)
certificate (TextO
privateKey (Text)
passphrase (Text)
token (Text)
tags.tag.id (Long)
chain (Text)
tags
webApps.webApp.uuid (UUID)
Delete SSL certificate webApps.webApp.name (Text)
/qps/rest/2.0/delete/waf/certificate/<id> (POST)
Required:
Create custom response page
id (Long) /SSL certificate ID /qps/rest/2.0/create/waf/custompage (POST)
Required:
Delete SSL certificate (bulk) name (Text)
/qps/rest/2.0/delete/waf/certificate (POST) body (Text)
Optional:
Filters (optional):
description (Text)
see Search SSL certificates tags
tags.tag.id (Long)
Custom Response Pages tags.tag.name (Text)
Current custom response page count Update custom response page

/qps/rest/2.0/count/waf/custompage/ (GET) /qps/rest/2.0/update/waf/custompage/<id>
(POST)
Get details on custom response page /qps/rest/2.0/update/waf/custompage (POST)
/qps/rest/2.0/get/waf/custompage/<id> (GET) Optional:
Required: name (Text)
id (Integer) /custom response page ID description (Text)
body (Text)
Search custom response pages tags
/qps/rest/2.0/search/waf/custompage/ (POST)
60
Delete custom response page webApps.webApp.uuid (UUID)

/qps/rest/2.0/delete/waf/custompage/<id> (POST)
Required: Create security policy
id (Long) /custom response page ID
/qps/rest/2.0/create/waf/securitypolicy (POST)
Delete custom response page (bulk) Required:
name (Text)
/qps/rest/2.0/delete/waf/custompage (POST) Optional:
Filters (optional): description (Text)
see Search custom response pages applicationSecurity (Keyword)
threatLevel.loggingThreshold (Integer)
threatLevel.blockingThreshold (Integer)
Security Policies tags
tags.tag.id (Long)
Current security policy count tags.tag.name (Text)
/qps/rest/2.0/count/waf/securitypolicy/ (GET)
Update security policy
Get details on security policy /qps/rest/2.0/update/waf/securitypolicy/<id>
/qps/rest/2.0/get/waf/securitypolicy/<id> (GET) (POST)
Required: /qps/rest/2.0/update/waf/securitypolicy (POST)
id (Integer) /security policy ID Optional:
id (Integer)
Search security policies name (Text)
/qps/rest/2.0/search/waf/securitypolicy/ (POST) description (Text)
applicationSecurity (Keyword)
Filters (optional): threatLevel.loggingThreshold (Integer)
id (Long) threatLevel.blockingThreshold (Integer)
uuid (UUID) tags
name (Text)
description (Text) Delete security policy
system (Integer)
owner.id (Long) /qps/rest/2.0/delete/waf/securitypolicy/<id>
owner.username (Text) (POST)
owner.firstname (Text) Required:
created (Date) id (Long) /security policy ID
updated (Date)
createdBy.id (Long)
Delete security policy (bulk)
createdBy.firstname (Text) /qps/rest/2.0/delete/waf/securitypolicy (POST)
Filters (optional):
updatedBy.id (Long)
see Search security policies
tags.tag.id (Long)
61
HTTP Profiles requestContentType.allowAll -or-

requestContentType.denyAll
Current HTTP profile count detectProtocolAnomalies (Boolean)
serverCloacking
/qps/rest/2.0/count/waf/httpprofile/ (GET) serverCloaking.value (Text)
suppressSensitiveHeaders (Boolean)
Get details on HTTP profile onErrorMessages (Keyword)
onSensitiveFileTypes (Keyword)
/qps/rest/2.0/get/waf/httpprofile/<id> (GET)
cookieProtection
Required: discourageContentTypeSniffing (Boolean)
id (Integer) /HTTP profile ID forceDefaultContentType (Keyword)
forceDefaultContentType.value (Text)
Search HTTP profiles forceDefaultCharacterEncoding
forceDefaultCharacterEncoding.value (Text)
/qps/rest/2.0/search/waf/httpprofile/ (POST) contentSecurityPolicyHeader
Filters (optional): contentSecurityPolicyHeader.value (Text)
id (Long) discourageClickjacking
uuid (UUID) browserXSSPProtection
name (Text) webServiceProtection.xmlParsing.enabled
description (Text) (Boolean)
system (Integer) webServiceProtection.jsonParsing.enabled
owner.id (Long) (Boolean)
owner.firstname (Text) Optional:
created (Date) description (Text)
updated (Date) requestMethod.allowAll.detectInvalid
createdBy.id (Long) (Boolean)
createdBy.username (Text) requestMethod.allowA..DetectTraceTrack
createdBy.firstname (Text) (Boolean)
createdBy.lastname (Text) requestHeader.detectInvalid (Boolean)
updatedBy.id (Long) requestHeader.detectRepeated (Boolean)
updatedBy.username (Text) requestHeader.detectChunked (Boolean)
updatedBy.firstname (Text) requestContentType.allowAll.detectFileUploa
updatedBy.lastname (Text) ds (Boolean)
tags.tag.id (Long) serverCloaking.enabled (Boolean)
tags.tag.name (Text) cookieProtection.type
webApps.webApp.id (Long) cookieProtection.value (Text)
webApps.webApp.uuid (UUID) forceDefaultContentType.enabled (Boolean)
webApps.webApp.name (Text) forceDefaultCharacterEncoding.type
(Keyword)
Create HTTP profile contentSecurityPolicyHeader.enabled
(Boolean)
/qps/rest/2.0/create/waf/httpprofile (POST) webServiceProtection.xmlParsing.size
Required: (Integer)
name (Text) webServiceProtection.xmlParsing.items
requestMethod.allowAll -or- (Integer)
requestMethod.denyAll webServiceProtection.xmlParsing.level
requestHeader (Integer)
62
webServiceProtection.jsonParsing.size description (Text)

(Integer) owner.id (Long)
webServiceProtection.jsonParsing.items owner.username (Text)
(Integer) owner.firstname (Text)
webServiceProtection.jsonParsing.level created (Date)
(Integer) updated (Date)
tags createdBy.id (Long)
tags.tag.id (Long) createdBy.username (Text)
tags.tag.name (Text) createdBy.firstname (Text)
Update HTTP profile updatedBy.id (Long)
/qps/rest/2.0/update/waf/httpprofile/<id> (POST) updatedBy.firstname (Text)
/qps/rest/2.0/update/waf/httpprofile (POST) updatedBy.lastname (Text)
tags.tag.id (Long)
Optional:
see Create HTTP profile
Create custom rule
Delete HTTP profile
/qps/rest/2.0/create/waf/customrule (POST)
/qps/rest/2.0/delete/waf/httpprofile/<id> (POST)
Required:
Required:
name (Text)
id (Long) /HTTP profile ID
conditions
action
Delete HTTP profile (bulk) Optional:
/qps/rest/2.0/delete/waf/httpprofile (POST) description (Text)
tags
Filters (optional):
tags.tag.id (Long)
see Search HTTP profiles
Custom Rules Update custom rule

Current custom rule count /qps/rest/2.0/update/waf/customrule/<id> (POST)
/qps/rest/2.0/update/waf/customrule (POST)
/qps/rest/2.0/count/waf/customrule (GET)
Optional:
Get details on custom rule name (Text)
description (Text)
/qps/rest/2.0/get/waf/customrule/<id> (GET) conditions
Required: action
id (Integer) /custom rule ID tags
Search custom rules Delete custom rule

/qps/rest/2.0/search/waf/customrule/ (POST) /qps/rest/2.0/delete/waf/customrule/<id> (POST)
Filters (optional): Required:
id (Long) id (Long) /custom rule ID
uuid (UUID)
name (Text)
63
Delete custom rule (bulk) errorResponse.customPage.uuid (UUID)

errorResponse.redirect.url (TextO
/qps/rest/2.0/delete/waf/customrule (POST) errorResponse.redirect.status (Long)
Filters (optional): appliances.appliance.id. (Long)
see Search custom response pages appliances.appliance.uuid. (UUID)
appliances.appliance.name (Text)
Clusters webApps.webApp.uuid (UUID)
Current cluster count trustedIPs.string (Text)
/qps/rest/2.0/count/waf/cluster (GET)
Create cluster
Get details on clusters /qps/rest/2.0/create/waf/cluster (POST)
/qps/rest/2.0/get/waf/cluster/<id> (GET) Required:
Required: name (Text)
id (Integer) /cluster ID Optional:
Click here for WAF API User Guide
Search clusters
Update cluster
/qps/rest/2.0/search/waf/cluster (POST)
/qps/rest/2.0/update/waf/cluster/<id> (POST)
Filters (optional):
id (Long) /qps/rest/2.0/update/waf/cluster (POST)
uuid (UUID) Optional:
name (Text) name (Text)
description (Text) description (Text)
tags.tag.id (Long) errorResponse
tags.tag.name (Text) errorResponse.block
owner.id (Long) errorResponse.redirect.url (Text)
owner.username (Text) errorResponse.redirect.status (Long)
owner.firstname (Text) errorResonse.customPage.id (Long)
owner.lastname (Text) errorResponse.customPage.uuid (UUID)
created (Date) errorResponse.customPage.name (Text)
updated (Date) tags
createdBy.id (Long) trustedIPs.string (Text)
Delete cluster
updatedBy.id (Long) /qps/rest/2.0/delete/waf/cluster/<id> (POST)
Required:
id (Integer) /cluster ID
token (Text)
syncDate (Date)
Delete clusters (bulk)
status (Text) /qps/rest/2.0/delete/waf/cluster (POST)
deploymentStatus (Text)
Filters (optional):
deployed (Date)
see Search clusters
errorResponse.action
errorResponse.customPage.id (Long)
64
Appliances Delete appliance

/qps/rest/2.0/delete/waf/appliance/<id> (POST)
Current appliance count
Required:
/qps/rest/2.0/count/waf/appliance (GET) id (Long) /appliance ID
Get details on appliance

/qps/rest/2.0/get/waf/appliance/<id> (GET)
Required:
id (Integer) /appliance ID
Search appliances
/qps/rest/2.0/search/waf/appliance (POST)
Optional:
id (Long)
uuid (UUID)
name (Text)
hostname (Text)
lastPollDate
applianceCreated
applianceVersion (Text)
status (Long)
pollStatus
heartbeatGenerated
heartbeatProcessed
systemOs (Text)
systemRam (Long)
systemType (Text)
systemEc2InstanceId (Text)
systemEc2InstanceType (Text)
systemEc2AmiId (Text)
systemCpusCount (Long)
systemCpusCores (Long)
systemCpusSpeed (Float)
systemCpusModel (Text)
configRulesVersion (Text)
configVersion (Text)
configGenerated
ip (Text)
cluster.id (Long)
cluster.uuid (UUID)
cluster.name (Text)
65
Malware Detection API
Malware Detection API

Use these API calls to get information about
malware detections.
Malware Detections
Qualys Malware Detection API User Guide
Malware Detections
Current malware detections
/qps/rest/1.0/download/md/detection (POST)
Required:
format (csv|cef)
Filters (optional):
id (Integer)
qid (Integer)
url (Text)
type (Keyword ie BEHAVIORAL)
showDeactivatedSite (Boolean)
severity (Keyword i.e. HIGH)
Search malware detections

/qps/rest/1.0/search/md/detection (POST)
Filters:
id (Integer)
qid (Integer)
type (Keyword ie BEHAVIORAL)
showDeactivatedSite (Boolean)
severity (Keyword i.e. HIGH)
Get details on malware detection

/qps/rest/1.0/get/md/detection/<id> (GET, POST)
Required:
id (Integer) /malware detection ID
66
Security Assessment Questionnaire API
Security Assessment tags.tag.name (Text)
Questionnaire API Create user

/qps/rest/1.0/create/saq/user/ (POST)
Use these API calls to manage SAQ users and
templates. Required:
firstName (Text)
SAQ users | SAQ templates lastName (Text)
Looking for more information? company (Text)
emailAddress (Text)
Qualys Security Assessment Questionnaire API User
Optional:
Guide
title (Text)
tags (List)
SAQ users tags.tag.id (Integer
tags.tag.name (Text))
Current user count
/qps/rest/1.0/count/saq/user/ (GET, POST) Update user
Filters (optional): /qps/rest/1.0/update/saq/user/<id> (POST)
id (Integer) /user ID /qps/rest/1.0/update/saq/user/ (POST)
uuid (Integer)
firstName (Text) Required to update single user:
lastName (Text) id (Integer) /user ID
company (Text) Optional:
title (Text) firstName (Text)
emailAddress (Text) lastName (Text)
userName (Text) company (Text)
tags.tag.id (Text) emailAddress (Text)
tags.tag.name (Text) title (Text)
tags (List)
tags.tag.id (Integer
Get details on user
tags.tag.name (Text))
/qps/rest/1.0/get/saq/user/ <id> (GET) Optional for bulk update:
Required: id (Integer)
uuid (Integer)
id (Integer) /user ID
Search users Delete user

/qps/rest/1.0/delete/saq/user/<id> (POST)
/qps/rest/1.0/search/saq/user/ (POST)
Required:
Filters (optional):
id (Integer) /user ID id (Long) /user ID
uuid (Integer)
firstName (Text) Delete users (bulk)
lastName (Text) /qps/rest/1.0/delete/saq/user/ (POST)
company (Text)
title (Text) Filters (optional):
emailAddress (Text) see Search users
userName (Text)
tags.tag.id (Integer)
67
SAQ templates revision (Integer)

isLibrary (Boolean)
Current library template count questionCnt (Integer)
state (Text)
/qps/rest/1.0/count/saq/librarytemplate/
(GET, POST) Get details on template
Filters (optional):
/qps/rest/1.0/get/saq/template/ <id> (GET)
id (Integer) /library template ID
uuid (Integer) Required:
name (Text) id (Integer) /template ID
description (Text)
category (Text) Search templates
familyId (Integer)
/qps/rest/1.0/search/saq/template/ (POST)
revision (Integer)
isLibrary (Boolean) Filters (optional):
questionCnt (Integer) id (Integer) /template ID
state (Text) uuid (Integer)
name (Text)
Get details on library template description (Text)
category (Text)
/qps/rest/1.0/get/saq/librarytemplate/ <id> (GET) familyId (Integer)
Required: revision (Integer)
id (Integer) /library template ID isLibrary (Boolean)
questionCnt (Integer)
Search library templates state (Text)
/qps/rest/1.0/search/saq/librarytemplate/ (POST) Create template from library

Filters (optional):
/qps/rest/1.0/createfromlibrary/saq/template/
id (Long)
(POST)
uuid (UUID)
name (Text) Required:
description (Text) id (Integer) /library template ID
category (Text)
familyId (Integer) Create template
revision (Integer)
/qps/rest/1.0/create/saq/template/ (POST)
isLibrary (Boolean)
questionCnt (Integer) Several required and optional elements are
state (Text) supported
Click here for SAQ API User Guide
Current template count
/qps/rest/1.0/count/saq/template/ (GET, POST)
Filters (optional):
id (Integer) /template ID
uuid (Integer)
name (Text)
description (Text)
category (Text)
familyId (Integer)
68
Update template
/qps/rest/1.0/update/saq/template/<id> (POST)
/qps/rest/1.0/update/saq/template/ (POST)
Required to update single template:
id (Integer) /library template ID
Several optional elements are supported

Click here for SAQ API User Guide
Create new version of existing

template
/qps/rest/1.0/newversion/saq/template/<id>
(POST)
Required:
id (Long) /template ID
Publish template
/qps/rest/1.0/publish/saq/template/<id> (POST)
Required:
Delete template
/qps/rest/1.0/delete/saq/template/<id> (POST)
Required:
Delete template (bulk)

/qps/rest/1.0/delete/saq/template/ (POST)
Filters (optional):
see Search library templates
69
Portal version API
Portal version API

Find out the version of Portal and its sub-modules
(in your subscription).
Portal version
/qps/rest/portal/version (GET)
Returns the version information based on the

username supplied in the request.
70
API Server URL
API Server URL

Qualys API Server URL
The Qualys API URL you should use for API
requests depends on the Qualys platform where
your account is located.
Click here to identify your Qualys platform and
get the API URL
Still need help?

You can easily find the API server URL to use. Just
log in to your Qualys account.
Go to Help > About.
You’ll see the API Server URL for your account

under Security Operations Center (SOC).
71
Good to Know
Good to Know Curl Client

Use the curl client to issue API requests directly
Notations from the Linux Command Line.
Example using basic authentication (example
Required attributes are in bold. For example
uses Qualys US Platform 1):
“ref={value} indicates a required parameter.
curl –s –k –H ‘X-Requested-With: curl demoapp’ –
Defaults are underlined. For example {0|1}
u username:password
indicates “0” is the default value for the Boolean
‘https://{$SERVER}.qualys.com/api/2.0/fo/scan/?ac
attribute.
tion=list’
GET and POST Example using session based authentication

(example uses Qualys US Platform 1):
Functions support the GET method only, the POST curl -s -k -H 'X-Requested-With: curl demoapp' -D
method only or both GET and POST as indicated. headers.15 -b 'QualysSession=SESSION_ID;
path=/api; secure'
Date/Time 'https://{$SERVER}.qualys.com/api/2.0/fo/scan/?ac
tion=list'
Date/time format is YYYY-MM-DD[THH:MM:SSZ]
where time is optional. See the curl(1) man page for further details.
API Notes Allowed Operators

1) Authentication is performed using basic auth Supported using the following APIs: Asset
(using API v1 or APIv2) or session-based Management and Tagging, Cloud Agent,
authentication (API v2 only) by the SSL socket Continuous Monitoring, Malware Detection, Web
connection. Application Firewall, Web Application Scanning.
2) There are known limits for the amount of data Allowed Operators
that can be sent using the GET method. These Integer EQUALS, NOT EQUALS,
limits are dependent on the toolkit used. There is GREATER, LESSER, IN
no fundamental limit with sending data using the Text CONTAINS, EQUALS, NOT
POST method. EQUALS
Date EQUALS, NOT EQUALS,
3) Variables and values must be URL-encoded.
GREATER, LESSER
4) Returned XML responses usually include Keyword EQUALS, NOT EQUALS, IN
numeric error codes. Boolean (true/false) EQUALS, NOT
5) UTF-8 encoding is used internally and for the EQUALS
returned XML.
6) Role-based privileges (Manager, Scanner, and Looking for more?
Reader) apply to most API calls.
Click here for all our current API User Guides
7) Blanks in “string type values” can be encoded as
plus characters(+).
72

Qualys API Quick Reference

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Qualys API Quick Reference

Uploaded by

Copyright:

Available Formats

Qualys API

May 27, 2022

Cloud Agent API ..............................................................................................31

Asset Management & Tagging API .............................................................34

Continuous Monitoring API ..........................................................................43

Web Application Firewall API .....................................................................56

Malware Detection API..................................................................................66

Security Assessment Questionnaire API...................................................67

Portal version API ...........................................................................................70

API Server URL .................................................................................................71

Vulnerability Manage Scans: (POST)

Launch Scan active={0|1}&

Launch Scan: (POST) Create Scheduled Scan: (POST)

start_minute={value}& (0-59) For Daily Scan, these must be specified together:

Notes: “end_after_mins” must be specified with action={delete}&

Authentication Records request. “add_ips” and “remove_ips” are for an

authorization_name={value} {Network SSH record}:

vault_type={ARCON PAM | Azure Key | unix_prilogfile={value}

Notes: All SNMPv3 parameters are optional. {Tomcat Server record}:

vault_type={BeyondTrust PBPS | CA Access Notes: “password” or “login_type=vault” is

(PC scans only) passphrase={value}&

Notes: Required for a create request: “password” if ID PAM|Lieberman ERPM|BeyondTrust PBPS|Wallix

Notes: bold means required for new vault

server_address={value}&* Thycotic Secret Server:

HashiCorp: Notes: bold means required for new vault

ids={id1,id2…}& tag_set_by= {id|name}&

sapiq_db_udc_limit={value}& Delete Compliance Option Profile: (GET +

include_system_option_profiles={0|1} List Dynamic Search Lists: (GET + POST)

tracking_method={IP|DNS| Notes: *ec2_instance_id_modifier is valid only

Delete PCI Scan Template (POST) display_non_running_kernels={0|1}&

qids={value,value… 10 max}& action=export&

action_log_report.php? (GET POST) Activity Log v1

password_change.php? (GET POST) action={list}&

Cloud Agent API Filters (optional):

Filters (optional): <value>,<value> (POST)

/qps/rest/2.0/activate/am/asset/<id>?module= *module parameter values

/qps/rest/2.0/activate/am/asset?module=<value>, AGENT_FIM - for FIM module

Uninstall a single agent Update an activation key

Notes: The use of NOT EQUALS operator is not Configuration Profile

Activation Key Search configuration profiles

Delete an activation key

Update a configuration profile

Asset Management & tracking_method={value}&

Network List: (GET + POST) Host Assets

tag_set_by={id|name}& Notes: If compliance_enabled=1 is specified in the

IPv6 Host Assets

Notes: Subscription authorization is required to

List users with their tags installedSoftware (string)

Get details on a user Count host assets

Create a host asset Get details on an asset

Count assets Asset Data Connector

Count vulnerabilities Run connector

/qps/rest/2.0/run/am/assetdataconnector/<id> Count AWS connectors

Count AWS records

Delete AWS record

Continuous Monitoring id (Integer)

Alerts Search profiles

View details on a rule

Web Application Get details for a web application

Filters (optional): lastScan.authStatus (NOT_USED,

Current authentication record count Create a new authentication record

Scan resultsStatus (NOT_USED, NO_HOST_ALIVE,

Launch a new scan (multiple web Delete an existing scan

Retrieve the status of a scan Schedule