Qualys Vulnerability Scanner

the qualys vulnerability scanner connector allows seamless integration with qualys' cloud based security and compliance solutions, enabling automated vulnerability management and compliance checks qualys vulnerability scanner is a comprehensive solution for cloud based security and compliance it enables users to identify, track, and remediate vulnerabilities within their it infrastructure by integrating with swimlane turbine, users can automate vulnerability management processes, streamline compliance checks, and enhance their security posture directly within their workflows this connector facilitates seamless interactions with qualys, allowing for efficient vulnerability scanning and data retrieval without manual intervention limitations none to date supported versions this qualys vulnerability scanner connector uses the version 2 0 api additional docs qualys vulnerability scanner authentication link https //docs qualys com/en/vm/qweb all api/#t=mergedprojects%2fqapi scan%2fget started%2fauthentication htmqualys vulnerability scanner api documentation link https //docs qualys com/en/vm/qweb all api/#t=mergedprojects%2fqapi scan%2fvm scans%2fvm scans htm configuration prerequisites before utilizing the qualys vulnerability scanner connector with swimlane turbine, ensure you have the following prerequisites http basic authentication with the following parameters url the endpoint url for the qualys api username your qualys account username password your qualys account password api key authentication (for session based authentication) with the following parameters url the endpoint url for the qualys api username your qualys account username used to generate the session password your qualys account password used to generate the session authentication methods api key authentication (session based authentication) url the endpoint url for qualys api services username your qualys platform username password your qualys platform password http basic authentication url the endpoint url for qualys api services username your qualys platform username password your qualys platform password capabilities this qualys vulnerability scanner connector provides the following capabilities create azure internal scan create cloud perimeter scan fetch report get compliance control list get compliance scan get host detections get hosts get scan summary get vm scan get vm scan summary knowledgebase download launch compliance scan launch vm scan launch vm scan on ec2 assets list asset groups and so on configurations qualys vulnerability scanner api key auth authenticates using a username and password for session based authentication configuration parameters parameter description type required url a url to the target host string required qusername username string required qpassword password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional qualys vulnerability scanner http basic auth authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions create azure internal scan initiate an internal scan in azure environments using qualys, specifying the scan details in the data body endpoint url /api/2 0/fo/scan/cloud/internal/job/index php method post input argument name type required description data body object required response data action string required specify create to configure a new internal azure scan job module string required specify vm for a vulnerability scan cloud provider string required specify azure for an azure internal scan the cloud provider value cannot be changed during an update request note currently supporting azure only cloud service string required specify vm (azure virtual machine) for an azure internal scan the cloud service value cannot be changed during an update request connector name string optional the name of the connector to be used we check if the specified connector name exists for your qualys subscription if the specified connector name does not exists in your qualys subscription, then the api request returns an error message invalid connector name provided one of these parameters must be specified in the request conector name or connector uuid these are mutually exclusive and cannot be specified in the same request connector uuid string optional the id of the connector to be used if the specified connector name does not exists in your qualys subscription, then the api request returns an error message invalid connector uuid provided one of these parameters must be specified in the request conector name or connector uuid these are mutually exclusive and cannot be specified in the same request scan title string required the scan title to create active number required specify 1 to create an active schedule specify 0 to create an inactive schedule option title string optional the title of the option profile to be used one of these parameters must be specified in the request option title or option id these are mutually exclusive and cannot be specified in the same request option id number optional the id of the option profile to be used one of these parameters must be specified in a request option title or option id these are mutually exclusive and cannot be specified in the same request priority number optional specify a value of 0 9 to set a processing priority level for the scan when not specified, a value of 0 (no priority) is used valid values are 0 = no priority (the default), 1 = emergency, 2 = ultimate, 3 = critical, 4 = major, 5 = high, 6 = standard, 7 = medium, 8 = minor, 9 = low iscanner id string optional the ids of the scanner appliances to be used multiple entries are comma separated these parameters cannot be specified in the same request iscanner id and iscanner name iscanner name string optional the friendly names of the scanner appliances to be used multiple entries are comma separated these parameters cannot be specified in the same request iscanner id and iscanner name platform type string required select the platform type as either location or virtual network region code string optional the azure region code valid values are ap northeast 1, ap southeast 1, ap southeast 2, ap east 1, eu west 1, eu north 1, asa east 1, us east 1, us west 1, us west 2, me south 1, eu south 1, and af south 1 this parameter is mandatory when the platform type is set to location virtual network id string optional provide the id of the azure virtual network this parameter is mandatory when the platform type is set to virtual network tag include selector string optional select any (the default) to include hosts that match at least one of the selected tags select all to include hosts that match all of the selected tags tag exclude selector string optional select any (the default) to exclude hosts that match at least one of the selected tags select all to exclude hosts that match all of the selected tags tag set by string optional specify “id” (the default) to select a tag set by providing tag ids specify “name” to select a tag set by providing tag names we will check if the tag ids or tag names are valid tag set include string optional specify a tag set to include hosts that match these tags will be included you identify the tag set by providing tag name or ids multiple entries are comma separated tag set exclude string optional specify a tag set to exclude hosts that match these tags will be excluded you identify the tag set by providing tag name or ids multiple entries are comma separated schedule string required specify now to schedule the scan job for now specify recurring to schedule the scan job to start at a later time or on a recurring basis see schedule parameters for azure internal scans possible values are now, recurring occurrence string optional valid values are daily, weekly, monthly frequency days number optional required for a daily scan the scan will run every n number of days value is an integer from 1 to 365 output parameter type description status code number http status code of the response reason string response reason phrase simple return object output field simple return response object output field response datetime string time value text string output field text item list object output field item list item object output field item key string output field key value string value for the parameter example \[ { "status code" 200, "response headers" { "date" "tue, 11 mar 2025 05 39 01 gmt", "content type" "text/xml;charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "x content type options" "nosniff, nosniff", "x frame options" "sameorigin", "expires" "thu, 19 nov 1981 08 52 00 gmt", "cache control" "no store, no cache, private, must revalidate, post check=0, pre check=0", "pragma" "no cache", "x powered by" "qualys\ uspod3 19c2b0e7 3e70 e163 833e 64144bbbf8b3 730c59a6 aa5f e469 81f8 0cd5e ", "x ratelimit limit" "300", "x ratelimit window sec" "3600", "x concurrency limit limit" "2", "x concurrency limit running" "0", "x ratelimit towait sec" "0" }, "reason" "ok", "json body" { "simple return" {} } } ] create cloud perimeter scan initiates or updates a cloud perimeter scan in qualys vulnerability scanner using detailed configurations endpoint url /api/2 0/fo/scan/cloud/perimeter/job/index php method post input argument name type required description data body object required response data action string required specify "create" to configure a new cloud perimeter scan job module string required specify "vm" for a vulnerability scan and "pc" for a compliance scan required for create request cloud provider string optional specify "azure" for an azure scan specify "aws" for an aws ec2 scan specify "gcp" for a gcp scan the cloud provider value cannot be changed during an update request when cloud provider=azure, the following parameters cannot be specified in the same request platform type, region code, vpc id, include micro nano instances, include lb from connector these parameters only apply when cloud provider=aws is specified cloud service string optional specify "vm" (azure virtual machine) for an azure scan specify "ec2" for an aws ec2 scan specify "compute engine" for a gcp scan the cloud service value cannot be changed during an update request connector name string optional the name of the connector to be used one of these parameters must be specified in the request conector name or connector uuid these are mutually exclusive and cannot be specified in the same request connector uuid string optional the id of the connector to be used one of these parameters must be specified in the request conector name or connector uuid these are mutually exclusive and cannot be specified in the same request scan title string optional the scan title when not specified the default scan title is "aws ec2 perimeter scan " active number required specify "1" to create an active schedule specify "0" to create an inactive schedule option title string optional the title of the option profile to be used one of these parameters must be specified in the request option title or option id these are mutually exclusive and cannot be specified in the same request option id number optional the id of the option profile to be used one of these parameters must be specified in a request option title or option id these are mutually exclusive and cannot be specified in the same request priority number optional specify a value of 0 9 to set a processing priority level for the scan when not specified, a value of 0 (no priority) is used valid values are 0 = no priority (the default), 1 = emergency, 2 = ultimate, 3 = critical, 4 = major, 5 = high, 6 = standard, 7 = medium, 8 = minor, 9 = low iscanner id string optional the ids of the scanner appliances to be used specify "0" for external scanners multiple entries are comma separated these parameters cannot be specified in the same request iscanner id and iscanner name optional, only valid when your account is configured to allow internal scanners iscanner name string optional the friendly names of the scanner appliances to be used or "external" for external scanners multiple entries are comma separated these parameters cannot be specified in the same request iscanner id and iscanner name optional, only valid when your account is configured to allow internal scanners platform type string optional the platform type valid values are classic, vpc peered or selected vpc region code string optional the ec2 region code valid values are ap northeast 1, ap southeast 1, ap southeast 2, ap east 1, eu west 1, eu north 1, asa east 1, us east 1, us west 1, us west 2, me south 1, eu south 1, and af south 1 one of these parameters must be specified in the request region code or vpc id these are mutually exclusive and cannot be specified in the same request vpc id string optional the id of the virtual private cloud (vpc) zone the id value must start with vpc we will check if the specified vpc id exists for the selected connector one of these parameters must be specified in the request region code or vpc id these are mutually exclusive and cannot be specified in the same request include micro nano instances number optional specify 1 to include ec2 assets with instance types t2 nano, t3 nano, t1 micro and m1 small in the scan job by default, this parameter value is set to 0 note that these instance types must be activated for your account so that we can include them in the scan warning aws ec2 assets with instance types t2 nano, t3 nano, t1 micro and m1 small have very limited cpu when scanning these instance types we recommend you choose an option profile with light port scanning and no authentication alternatively, use qualys cloud agent to perform the equivalent of authenticated scanning for the least performance impact for these instance types tag include selector string optional select “any” (the default) to include hosts that match at least one of the selected tags select “all” to include hosts that match all of the selected tags tag exclude selector string optional select “any” (the default) to exclude hosts that match at least one of the selected tags select “all” to exclude hosts that match all of the selected tags tag set by string optional specify “id” (the default) to select a tag set by providing tag ids specify “name” to select a tag set by providing tag names we will check if the tag ids or tag names are valid tag set include string optional specify a tag set to include hosts that match these tags will be included you identify the tag set by providing tag name or ids multiple entries are comma separated tag set exclude string optional specify a tag set to exclude hosts that match these tags will be excluded you identify the tag set by providing tag name or ids multiple entries are comma separated include lb from connector number optional specify 1 to include public load balancers from the selected connector in the scan job by default, this parameter value is set to 0 note when you set this parameter to 1, we fetch public load balancers from the aws connector in cloudview that has the same configuration as that of the selected connector if you select this option, ensure that you have the connector created in your cloudview account with a configuration similar to that of the selected connector if the connector in cloudview is not found, then we can't fetch the public load balancers from the connector elb dns string optional one or more load balancer dns names to include in the scan job multiple values are comma separated output parameter type description status code number http status code of the response reason string response reason phrase simple return object output field simple return response object output field response datetime string time value text string output field text item list object output field item list item object output field item key string output field key value string value for the parameter example \[ { "status code" 200, "response headers" { "date" "tue, 11 mar 2025 05 39 01 gmt", "content type" "text/xml;charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "x content type options" "nosniff, nosniff", "x frame options" "sameorigin", "expires" "thu, 19 nov 1981 08 52 00 gmt", "cache control" "no store, no cache, private, must revalidate, post check=0, pre check=0", "pragma" "no cache", "x powered by" "qualys\ uspod3 19c2b0e7 3e70 e163 833e 64144bbbf8b3 730c59a6 aa5f e469 81f8 0cd5e ", "x ratelimit limit" "300", "x ratelimit window sec" "3600", "x concurrency limit limit" "2", "x concurrency limit running" "0", "x ratelimit towait sec" "0" }, "reason" "ok", "json body" { "simple return" {} } } ] fetch report retrieves a specific vulnerability report from qualys using the provided report id and action parameters endpoint url /api/2 0/fo/report/ method get input argument name type required description action string required specify action to fetch a report echo request number optional specify 1 to view (echo) input parameters in the xml output by default these are not included id number required the report id you want to take action on output parameter type description status code number http status code of the response reason string response reason phrase file object output field file file string output field file file name string name of the resource example \[ { "status code" 200, "response headers" {}, "reason" "ok", "file" { "file" "dfgfdfd34r", "file name" "report output csv" } } ] get compliance control list retrieve a list of compliance controls from qualys vulnerability scanner based on specified action parameters endpoint url api/2 0/fo/compliance/control/ method get input argument name type required description action string required parameter for get compliance control list details string optional parameter for get compliance control list ids string optional unique identifier id min string optional unique identifier id max string optional unique identifier updated after datetime string optional time value created after datetime string optional time value truncation limit string optional parameter for get compliance control list output parameter type description status code number http status code of the response reason string response reason phrase control list output object output field control list output response object output field response datetime string time value control list object output field control list control array output field control id string unique identifier update date string date value created date string date value category string output field category sub category string output field sub category statement string output field statement criticality object output field criticality technology list object output field technology list framework list object output field framework list warning object output field warning code string output field code text string output field text url string url endpoint for the request example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "control list output" {} } } ] get compliance scan retrieve compliance scan results from qualys vulnerability scanner using specified action parameters endpoint url api/2 0/fo/scan/compliance/ method get input argument name type required description action string required parameter for get compliance scan scan ref string optional parameter for get compliance scan ips string optional parameter for get compliance scan client id string optional unique identifier client name string optional name of the resource output parameter type description status code number http status code of the response reason string response reason phrase simple return object output field simple return response object output field response datetime string time value code string output field code text string output field text example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "simple return" {} } } ] get host detections retrieve a list of detected vulnerabilities on hosts from qualys based on specified parameters endpoint url api/2 0/fo/asset/host/vm/detection/ method get input argument name type required description action string required parameter for get host detections show asset id string optional unique identifier show reopened info string optional parameter for get host detections arf kernel filter string optional parameter for get host detections severities string optional parameter for get host detections arf service filter string optional parameter for get host detections result limit string optional result of the operation arf config filter string optional parameter for get host detections max days since detection updated string optional parameter for get host detections detection updated since string optional parameter for get host detections detection updated before string optional parameter for get host detections detection processed after string optional parameter for get host detections detection processed before string optional parameter for get host detections detection last tested since string optional parameter for get host detections detection last tested after string optional parameter for get host detections include ignored string optional parameter for get host detections include disabled string optional parameter for get host detections ips string optional parameter for get host detections show igs string optional parameter for get host detections ipv6 string optional parameter for get host detections ag ids string optional unique identifier ag titles string optional parameter for get host detections ids string optional unique identifier id min string optional unique identifier id max string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase host list vm detection output object output field host list vm detection output response object output field response datetime string time value host list object output field host list host object output field host id string unique identifier ip string output field ip tracking method string http method to use os string output field os dns string output field dns dns data object response data netbios string output field netbios last scan datetime string time value last vm scanned date string date value last vm scanned duration string output field last vm scanned duration detection list object output field detection list example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "host list vm detection output" {} } } ] get hosts retrieves a list of hosts from the qualys vulnerability scanner with specified parameters, including the 'action' parameter endpoint url api/2 0/fo/asset/host/ method get input argument name type required description details string optional parameter for get hosts os pattern string optional parameter for get hosts result limit string optional result of the operation ips string optional parameter for get hosts ipv6 string optional parameter for get hosts ag ids string optional unique identifier ag titles string optional parameter for get hosts ids string optional unique identifier id min string optional unique identifier id max string optional unique identifier network ids string optional unique identifier compliance enabled string optional parameter for get hosts no vm scan since string optional parameter for get hosts no compliance scan since string optional parameter for get hosts vm scan since string optional parameter for get hosts compliance scan since string optional parameter for get hosts vm processed before string optional parameter for get hosts vm processed after string optional parameter for get hosts vm scan date before string optional parameter for get hosts vm scan date after string optional parameter for get hosts vm auth scan date before string optional parameter for get hosts vm auth scan date after string optional parameter for get hosts scap scan since string optional parameter for get hosts no scap scan since string optional parameter for get hosts truncation limit string optional parameter for get hosts output parameter type description status code number http status code of the response reason string response reason phrase host list output object output field host list output response object output field response datetime string time value host list object output field host list host array output field host id string unique identifier ip string output field ip tracking method string http method to use dns string output field dns dns data object response data netbios string output field netbios qg hostid string unique identifier os string output field os example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "host list output" {} } } ] get scan summary retrieve a summary of scan results from qualys vulnerability scanner using specified action parameters endpoint url api/2 0/fo/scan/summary/ method get input argument name type required description action string required parameter for get scan summary include dead string optional parameter for get scan summary include excluded string optional parameter for get scan summary include unresolved string optional parameter for get scan summary include cancelled string optional parameter for get scan summary include notvuln string optional parameter for get scan summary include blocked string optional parameter for get scan summary include duplicate string optional parameter for get scan summary scan date since string optional parameter for get scan summary scan date to string optional parameter for get scan summary include aborted string optional parameter for get scan summary output parameter type description status code number http status code of the response reason string response reason phrase scan summary output object output field scan summary output response object output field response datetime string time value scan summary list object output field scan summary list scan summary object output field scan summary scan ref string output field scan ref scan date string date value host summary array output field host summary example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "scan summary output" {} } } ] get vm scan executes a vulnerability management scan in qualys with a specified 'action' parameter to define the scan type endpoint url api/2 0/fo/scan/ method get input argument name type required description action string required parameter for get vm scan ips string optional parameter for get vm scan scan ref string optional parameter for get vm scan client id string optional unique identifier client name string optional name of the resource output parameter type description status code number http status code of the response reason string response reason phrase simple return object output field simple return response object output field response datetime string time value text string output field text item list object output field item list item array output field item key string output field key value string value for the parameter example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "simple return" {} } } ] get vm scan summary retrieve a summary of vulnerability scans from qualys, specifying the action and output format required endpoint url api/2 0/fo/scan/vm/summary method get input argument name type required description action string required parameter for get vm scan summary output format string required parameter for get vm scan summary scan reference string optional parameter for get vm scan summary scan datetime since string optional parameter for get vm scan summary scan datetime until string optional parameter for get vm scan summary include scan input number optional input data for the action include scan details number optional parameter for get vm scan summary include hosts summary number optional parameter for get vm scan summary include detections summary number optional parameter for get vm scan summary include hosts summary categories string optional parameter for get vm scan summary output parameter type description status code number http status code of the response scan summary output object output field scan summary output response object output field response datetime string time value scan summary list object output field scan summary list scan summary object output field scan summary scan reference string output field scan reference scan input object input data for the action scan details object output field scan details scan results object result of the operation example \[ { "status code" 200, "response headers" { "date" "tue, 28 mar 2023 04 00 03 gmt", "server" "apache", "x xss protection" "1; mode=block", "x content type options" "nosniff", "x frame options" "sameorigin", "strict transport security" "max age=31536000; includesubdomains", "expires" "thu, 19 nov 1981 08 52 00 gmt", "cache control" "no store, no cache, private, must revalidate, post check=0, pre check=0", "pragma" "no cache", "x powered by" "qualys\ uspod3 438b7047 7854 5181 8116 979356194b02 8217759d 8170 731e 8386 3ec29 ", "x ratelimit limit" "300", "x ratelimit window sec" "3600", "x concurrency limit limit" "2", "x concurrency limit running" "1", "x ratelimit towait sec" "0" }, "json body" { "scan summary output" {} } } ] knowledgebase download download the latest vulnerability data from the qualys knowledgebase using specified action parameters endpoint url /api/2 0/fo/knowledge base/vuln/ method get input argument name type required description action string required specify action to list and download the knowledgebase must be "list" echo request number optional specify 1 to include input parameters in the xml output default is not included details string optional show the requested amount of information for each vulnerability basic (default), all, or none ids number optional filter to include only vulnerabilities with specified qid numbers id min number optional filter to show only vulnerabilities with qid >= specified value id max number optional filter to show only vulnerabilities with qid <= specified value is patchable number optional 1 for patchable, 0 for not patchable, unspecified for all last modified after string optional filter for vulnerabilities last modified after this date (yyyy mm dd\[thh\ mm \ ssz ]) last modified before string optional filter for vulnerabilities last modified before this date (yyyy mm dd\[thh\ mm \ ssz ]) last modified by user after string optional filter for vulnerabilities last modified by a user after this date last modified by user before string optional filter for vulnerabilities last modified by a user before this date last modified by service after string optional filter for vulnerabilities last modified by the service after this date last modified by service before string optional filter for vulnerabilities last modified by the service before this date published after string optional filter for vulnerabilities published after this date published before string optional filter for vulnerabilities published before this date discovery method string optional filter for vulnerabilities by discovery method discovery auth types string optional filter for vulnerabilities with specified authentication types (comma separated) show pci reasons number optional 1 to include pci reasons in output show supported modules info number optional 1 to include supported modules info in output show disabled flag number optional 1 to include the disabled flag for each vulnerability show qid change log number optional 1 to include qid changes for each vulnerability code modified after string optional show only qids modified after this date (yyyy mm dd\[thh\ mm \ ssz ]) code modified before string optional show only qids modified before this date (yyyy mm dd\[thh\ mm \ ssz ]) output parameter type description status code number http status code of the response reason string response reason phrase file object output field file file string output field file file name string name of the resource example \[ { "status code" 200, "response headers" {}, "reason" "ok", "file" { "file" "dfgfdfd34r", "file name" "report output csv" } } ] launch compliance scan initiates a compliance scan in qualys vulnerability scanner using specified parameters and action settings endpoint url api/2 0/fo/scan/compliance/ method post input argument name type required description action string required parameter for launch compliance scan scan title string optional parameter for launch compliance scan option id string optional unique identifier option title string optional parameter for launch compliance scan iscanner id string optional unique identifier iscanner name string optional name of the resource priority string optional parameter for launch compliance scan ip string optional parameter for launch compliance scan asset group ids string optional unique identifier asset groups string optional parameter for launch compliance scan exclude ip per scan string optional parameter for launch compliance scan default scanner string optional parameter for launch compliance scan scanners in ag string optional parameter for launch compliance scan output parameter type description status code number http status code of the response reason string response reason phrase simple return object output field simple return response object output field response datetime string time value text string output field text item list object output field item list item array output field item key string output field key value string value for the parameter example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "simple return" {} } } ] launch vm scan initiates a vulnerability management scan within qualys using specified data parameters endpoint url /api/2 0/fo/scan/ method post input argument name type required description data body object required response data action string required specify action (list, create, delete, update) echo request number optional specify 1 to view (echo) input parameters in the xml output by default these are not included scan title string optional the scan title this can be a maximum of 2000 characters (ascii) target from string optional specify "assets" (the default) when your scan target will include ip addresses/ranges and/or asset groups specify "tags" when your scan target will include asset tags ip string optional the ip addresses to be scanned you may enter individual ip addresses and/or ranges multiple entries are comma separated one of these parameters is required ip,asset groups or asset group ids ip is valid only when target from=assets is specified asset groups string optional the titles of asset groups containing the hosts to be scanned multiple titles are comma separated one of these parameters is required ip, asset groups or asset group ids, asset groups is valid only when target from=assets is specified these parameters are mutually exclusive and cannot bespecified in the same request asset groups and asset group ids asset group ids string optional the ids of asset groups containing the hosts to be scanned multiple ids are comma separated one of these parameters is required ip, asset groups or asset group ids asset group ids is valid only when target from=assets is specified these parameters are mutually exclusive and cannot be specified in the same request asset groups and asset group ids exclude ip per scan string optional the ip addresses to be excluded from the scan when the scan target is specified as ip addresses (not asset tags) you may enter individual ip addresses and/or ranges multiple entries are comma separated exclude ip per scan is valid only when target from=assets is specified tag include selector string optional select "any" (the default) to include hosts that match at least one of the selected tags select "all" to include hosts that match all of the selected tags tag include selector is valid only when target from=tags isspecified tag exclude selector string optional select "any" (the default) to exclude hosts that match at least one of the selected tags select "all" to exclude hosts that match all of the selected tags tag exclude selector is valid only when target from=tags isspecified tag set by string optional specify "id" (the default) to select a tag set by providing tag ids specify "name" to select a tag set by providing tag names tag set by is valid only when target from=tags is specified tag set include string optional specify a tag set to include hosts that match these tags will be included you identify the tag set by providing tag name or ids multiple entries are comma separated tag set include is valid only when target from=tags is specified tag set exclude string optional specify a tag set to exclude hosts that match these tags will be excluded you identify the tag set by providing tag name or ids multiple entries are comma separated tag set exclude is valid only when target from=tags is specified use ip nt range tags include number optional specify “0” (the default) to select from all tags (tags with any tag rule) specify “1” to scan all ip addresses defined in tag selection when this is specified, only tags with the dynamic ip address rule called “ip address in network range(s)” can be selected use ip nt range tags include is valid only when target from=tags is specified use ip nt range tags exclude number optional specify “0” (the default) to select from all tags (tags with any tag rule) specify “1” to exclude all ip addresses defined in tag selection when this is specified, only tags with the dynamic ip address rule called “ip address in network range(s)” can be selected use ip nt range tags exclude is valid only when target from=tags is specified use ip nt range tags number optional specify 0 (the default) to select from all tags (tags with any tag rule) specify 1 to scan all ip addresses defined in tags when this is specified, only tags with the dynamic ip address rule called "ip address in network range(s)" can be selected this parameter has been replaced by use ip nt range tags include and use ip nt range tags exclude parameters the use ip nt range tag parameter is still supported use ip nt range tags is valid only when target from=tags is specified iscanner id string optional the ids of the scanner appliances to be used multiple entries are comma separated for an express lite user, internal scanning must be enabled in the user's account one of these parameters must also be specified in a request iscanner name, iscanner id, default scanner, scanners in ag, scanners in tagset when none of these are specified, external scanners are used these parameters are mutually exclusive and cannot be specified in the same request iscanner id and iscanner name iscanner name string optional the friendly names of the scanner appliances to be used or "external" for external scanners multiple entries are comma separated for an express lite user, internal scanning must be enabled in the user's account one of these parameters must be specified in a request for an internal scan iscanner name, iscanner id, default scanner, scanners in ag, scanners in tagset when none of these are specified, external scanners are used these parameters are mutually exclusive and cannot be specified in the same request iscanner id and iscanner name default scanner number optional specify 1 to use the default scanner in each target asset group for an express lite user, internal scanning must be enabled in the user's account one of these parameters must be specified in a request for an internal scan iscanner name, iscanner id, default scanner, scanners in ag, scanners in tagset when none of these are specified, external scanners are used default scanner is valid when the scan target is specified using one of these parameters asset groups, asset group ids scanners in ag number optional groups scanner appliances appliances in each asset group are tasked with scanning the ips in the group by default up to 5 appliances per group will be used and this can be configured for your account (please contact your account manager or support) for an express lite user, internal scanning must be enabled in the user's account one of these parameters must be specified in a request for an internal scan iscanner name, iscanner id, default scanner, scanners in ag, scanners in tagset when none of these are specified, external scanners are used scanners in ag is valid when the scan target is specified using one of these parameters asset groups, asset group ids scanners in tagset number optional specify 1 to distribute the scan to scanner appliances that match the asset tags specified for the scan target one of these parameters must be specified in a request for an internal scan iscanner name, iscanner id, default scanner, scanners in ag, scanners in tagset when none of these are specified, external scanners are used scanners in tagset is valid when the target from=tags is specified scanners in network number optional specify 1 to distribute the scan to all scanner appliances in the network option title string optional the title of the option profile to be used one of these parameters must be specified in a request option title or option id these are mutually exclusive and cannot be specified in the same request option id number optional the id of the option profile to be used one of these parameters must be specified in a request option title or option id these are mutually exclusive and cannot be specified in the same request output parameter type description status code number http status code of the response reason string response reason phrase simple return object output field simple return response object output field response datetime string time value text string output field text item list object output field item list item array output field item key string output field key value string value for the parameter example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 2 may 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "simple return" {} } } ] launch vm scan on ec2 assets initiates a vulnerability scan on amazon ec2 assets using qualys, based on configurations provided in the data body endpoint url /api/2 0/fo/scan/ method post input argument name type required description data body object required response data action string required specify action (list, create, delete, update) echo request number optional specify 1 to view (echo) input parameters in the xml output by default these are not included scan title string optional the scan title this can be a maximum of 2000 characters (ascii) target from string optional specify "assets" (the default) when your scan target will include ip addresses/ranges and/or asset groups specify "tags" when your scan target will include asset tags ip string optional the ip addresses to be scanned you may enter individual ip addresses and/or ranges multiple entries are comma separated one of these parameters is required ip,asset groups or asset group ids ip is valid only when target from=assets is specified asset groups string optional the titles of asset groups containing the hosts to be scanned multiple titles are comma separated one of these parameters is required ip, asset groups or asset group ids, asset groups is valid only when target from=assets is specified these parameters are mutually exclusive and cannot bespecified in the same request asset groups and asset group ids asset group ids string optional the ids of asset groups containing the hosts to be scanned multiple ids are comma separated one of these parameters is required ip, asset groups or asset group ids asset group ids is valid only when target from=assets is specified these parameters are mutually exclusive and cannot be specified in the same request asset groups and asset group ids exclude ip per scan string optional the ip addresses to be excluded from the scan when the scan target is specified as ip addresses (not asset tags) you may enter individual ip addresses and/or ranges multiple entries are comma separated exclude ip per scan is valid only when target from=assets is specified tag include selector string optional select "any" (the default) to include hosts that match at least one of the selected tags select "all" to include hosts that match all of the selected tags tag include selector is valid only when target from=tags isspecified tag exclude selector string optional select "any" (the default) to exclude hosts that match at least one of the selected tags select "all" to exclude hosts that match all of the selected tags tag exclude selector is valid only when target from=tags isspecified tag set by string optional specify "id" (the default) to select a tag set by providing tag ids specify "name" to select a tag set by providing tag names tag set by is valid only when target from=tags is specified tag set include string optional specify a tag set to include hosts that match these tags will be included you identify the tag set by providing tag name or ids multiple entries are comma separated tag set include is valid only when target from=tags is specified tag set exclude string optional specify a tag set to exclude hosts that match these tags will be excluded you identify the tag set by providing tag name or ids multiple entries are comma separated tag set exclude is valid only when target from=tags is specified use ip nt range tags include number optional specify “0” (the default) to select from all tags (tags with any tag rule) specify “1” to scan all ip addresses defined in tag selection when this is specified, only tags with the dynamic ip address rule called “ip address in network range(s)” can be selected use ip nt range tags include is valid only when target from=tags is specified use ip nt range tags exclude number optional specify “0” (the default) to select from all tags (tags with any tag rule) specify “1” to exclude all ip addresses defined in tag selection when this is specified, only tags with the dynamic ip address rule called “ip address in network range(s)” can be selected use ip nt range tags exclude is valid only when target from=tags is specified use ip nt range tags number optional specify 0 (the default) to select from all tags (tags with any tag rule) specify 1 to scan all ip addresses defined in tags when this is specified, only tags with the dynamic ip address rule called "ip address in network range(s)" can be selected this parameter has been replaced by use ip nt range tags include and use ip nt range tags exclude parameters the use ip nt range tag parameter is still supported use ip nt range tags is valid only when target from=tags is specified iscanner id string optional the ids of the scanner appliances to be used multiple entries are comma separated for an express lite user, internal scanning must be enabled in the user's account one of these parameters must also be specified in a request iscanner name, iscanner id, default scanner, scanners in ag, scanners in tagset when none of these are specified, external scanners are used these parameters are mutually exclusive and cannot be specified in the same request iscanner id and iscanner name iscanner name string optional the friendly names of the scanner appliances to be used or "external" for external scanners multiple entries are comma separated for an express lite user, internal scanning must be enabled in the user's account one of these parameters must be specified in a request for an internal scan iscanner name, iscanner id, default scanner, scanners in ag, scanners in tagset when none of these are specified, external scanners are used these parameters are mutually exclusive and cannot be specified in the same request iscanner id and iscanner name default scanner number optional specify 1 to use the default scanner in each target asset group for an express lite user, internal scanning must be enabled in the user's account one of these parameters must be specified in a request for an internal scan iscanner name, iscanner id, default scanner, scanners in ag, scanners in tagset when none of these are specified, external scanners are used default scanner is valid when the scan target is specified using one of these parameters asset groups, asset group ids scanners in ag number optional groups scanner appliances appliances in each asset group are tasked with scanning the ips in the group by default up to 5 appliances per group will be used and this can be configured for your account (please contact your account manager or support) for an express lite user, internal scanning must be enabled in the user's account one of these parameters must be specified in a request for an internal scan iscanner name, iscanner id, default scanner, scanners in ag, scanners in tagset when none of these are specified, external scanners are used scanners in ag is valid when the scan target is specified using one of these parameters asset groups, asset group ids scanners in tagset number optional specify 1 to distribute the scan to scanner appliances that match the asset tags specified for the scan target one of these parameters must be specified in a request for an internal scan iscanner name, iscanner id, default scanner, scanners in ag, scanners in tagset when none of these are specified, external scanners are used scanners in tagset is valid when the target from=tags is specified scanners in network number optional specify 1 to distribute the scan to all scanner appliances in the network option title string optional the title of the option profile to be used one of these parameters must be specified in a request option title or option id these are mutually exclusive and cannot be specified in the same request option id number optional the id of the option profile to be used one of these parameters must be specified in a request option title or option id these are mutually exclusive and cannot be specified in the same request output parameter type description status code number http status code of the response reason string response reason phrase simple return object output field simple return response object output field response datetime string time value text string output field text item list object output field item list item array output field item key string output field key value string value for the parameter example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 2 may 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "simple return" {} } } ] list asset groups retrieve a list of asset groups from qualys vulnerability scanner using the specified 'action' parameter endpoint url api/2 0/fo/asset/group/ method get input argument name type required description action string required parameter for list asset groups ids string optional unique identifier id min string optional unique identifier id max string optional unique identifier network ids string optional unique identifier unit id string optional unique identifier user id string optional unique identifier title string optional parameter for list asset groups truncation limit string optional parameter for list asset groups show attributes string optional parameter for list asset groups output parameter type description status code number http status code of the response reason string response reason phrase asset group list output object output field asset group list output response object output field response datetime string time value asset group list object output field asset group list asset group array output field asset group id string unique identifier title string output field title last update string date value business impact string output field business impact ip set object output field ip set domain list object output field domain list owner user name string name of the resource owner user id string unique identifier example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "asset group list output" {} } } ] list compliance policy retrieve a list of compliance policies from qualys vulnerability scanner using the specified 'action' parameter endpoint url api/2 0/fo/compliance/policy/ method get input argument name type required description action string required parameter for list compliance policy details string optional parameter for list compliance policy ids string optional unique identifier id min string optional unique identifier id max string optional unique identifier updated after datetime string optional time value created after datetime string optional time value output parameter type description status code number http status code of the response reason string response reason phrase policy list output object output field policy list output response object output field response datetime string time value policy list object output field policy list policy object output field policy id string unique identifier title string output field title created object output field created last modified object output field last modified last evaluated object output field last evaluated status string status value is locked string output field is locked evaluate now string output field evaluate now asset group ids string unique identifier tag set include object output field tag set include tag include selector string output field tag include selector include agent ips string output field include agent ips control list object output field control list glossary object output field glossary asset group list object output field asset group list asset group object output field asset group asset tag list object output field asset tag list tag object output field tag example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "policy list output" {} } } ] list compliance posture information retrieve compliance posture information for hosts, including ids and attributes, from the qualys account using specified parameters endpoint url /api/2 0/fo/compliance/posture/info method get input argument name type required description type object optional type of the resource action string required specify action to list posture compliance information echo request number optional specify 1 to view (echo) input parameters in the xml output by default these are not included policy id number optional show compliance posture info records for a specified policy a valid policy id is required the parameters policy id and policy ids cannot be specified in the same request policy ids string optional (policy id or policy ids is required) show compliance posture info records for multiple policies up to 10 policies may be requested provide a comma separated list of valid policy ids control ids string optional show only compliance posture info records for controls which have certain control ids and/or ranges output format string optional the output format details string optional show a certain amount of information for each compliance posture info record hide evidence number optional set to 1 to hide the evidence information in the output include dp name string optional show the name and id for each data point in the xml output show remediation info number optional set to 1 to show remediation information in the output cause of failure number optional set to 1 to display the cause of failure for directory integrity monitoring udcs truncation limit number optional specify the number of posture info records returned per request set to 0 for no truncation ips string optional show only compliance posture info records for hosts with certain ip addresses/ranges host ids string optional show only compliance posture info records for hosts with certain host ids and/or id ranges asset group ids string optional show only hosts in certain asset groups filter hosts number optional improve performance by skipping tag resolution service ids string optional show only compliance posture info records for certain posture ids and/or id ranges id min number optional show posture info records with minimum id value id max number optional show posture info records with maximum id value status changes since string optional show records with status changes since specified datetime evaluation date string optional show records with evaluation date >= specified datetime status string optional show records with specified posture status criticality labels string optional filter by criticality labels (e g , serious, critical, urgent) criticality values string optional filter by criticality values (0–5) output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "reason" "ok", "json body" {} } ] list ips retrieve a list of ip addresses from qualys vulnerability scanner based on specified parameters such as 'ips' and 'action' endpoint url api/2 0/fo/asset/ip/ method get input argument name type required description action string required parameter for list ips ips string required parameter for list ips compliance enabled string optional parameter for list ips certview enabled string optional parameter for list ips output parameter type description status code number http status code of the response reason string response reason phrase ip list output object output field ip list output response object output field response datetime string time value ip set object output field ip set ip array output field ip ip range array output field ip range example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "ip list output" {} } } ] list networks retrieve a list of networks from qualys vulnerability scanner using the specified 'action' parameter endpoint url api/2 0/fo/network/ method get input argument name type required description action string required parameter for list networks ids string optional unique identifier list reports retrieve different report types from a qualys account, such as scorecard reports, using the 'action' parameter endpoint url /api/2 0/fo/report/ method get input argument name type required description action string required specify action to list reports echo request number optional specify 1 to view (echo) input parameters in the xml output by default these are not included id number optional specifies a report id of a report that is saved in the report share storage space when specified, information on the selected report will be included in the xml output state string optional specifies that reports with a certain state will be included in the xml output by default, all states are included user login number optional specifies a user login id this parameter is used to restrict the xml output to reports launched by the specified user login id expires before datetime string optional specifies the date and time (optional) when reports will expire in the future only reports that expire before this date/time will be included in the xml output the date/time is specified in yyyy mm dd\[thh\ mm \ ssz ] format (utc/gmt), like "2007 07 01" or "2007 01 25t23 12 00z " client id number optional id assigned to the client (consultant subscription only) parameter client id or client name may be specified for the same request client name string optional name of the client (consultant subscription only) parameter client id or client name may be specified for the same request output parameter type description status code number http status code of the response reason string response reason phrase response object output field response reports array list of reports datetime string datetime of the request example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] list restricted ips retrieve a list of restricted ip addresses from qualys vulnerability scanner based on the provided 'action' parameter endpoint url api/2 0/fo/setup/restricted ips/ method get input argument name type required description action string required parameter for list restricted ips output parameter type description status code number http status code of the response reason string response reason phrase restricted ips output object output field restricted ips output response object output field response datetime string time value status string status value example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "restricted ips output" {} } } ] list scap policy retrieve a list of scap (security content automation protocol) policies from qualys for compliance checks endpoint url api/2 0/fo/compliance/fdcc policy/ method get input argument name type required description action string required parameter for list scap policy details string optional parameter for list scap policy ids string optional unique identifier id min string optional unique identifier id max string optional unique identifier updated after datetime string optional time value created after datetime string optional time value list scap scans retrieve a list of scap scans from qualys vulnerability scanner based on specified action parameters endpoint url api/2 0/fo/scan/scap/ method get input argument name type required description action string required parameter for list scap scans scan ref string optional parameter for list scap scans scan id string optional unique identifier state string optional parameter for list scap scans processed string optional parameter for list scap scans type string optional type of the resource target string optional parameter for list scap scans user login string optional parameter for list scap scans launched after datetime string optional time value launched before datetime string optional time value client id string optional unique identifier client name string optional name of the resource output parameter type description status code number http status code of the response reason string response reason phrase scan list output object output field scan list output response object output field response datetime string time value scan list object output field scan list scan object output field scan id string unique identifier ref string output field ref type string type of the resource title string output field title policy object output field policy user login string output field user login launch datetime string time value status object status value target string output field target example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "scan list output" {} } } ] list virtual hosts retrieve a list of virtual hosts from qualys vulnerability scanner using the specified 'action' parameter endpoint url api/2 0/fo/asset/vhost/ method get input argument name type required description action string required parameter for list virtual hosts ip string optional parameter for list virtual hosts port string optional parameter for list virtual hosts output parameter type description status code number http status code of the response reason string response reason phrase virtual host list output object output field virtual host list output response object output field response datetime string time value virtual host list object output field virtual host list virtual host object output field virtual host ip string output field ip port string output field port fqdn string output field fqdn example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "virtual host list output" {} } } ] list vm scans retrieve a list of the past 30 days' vulnerability management scans from qualys, requiring the 'action' parameter endpoint url api/2 0/fo/scan/ method get input argument name type required description action string required parameter for list vm scans echo request number optional parameter for list vm scans scan ref string optional parameter for list vm scans scan id string optional unique identifier state string optional parameter for list vm scans processed number optional parameter for list vm scans type string optional type of the resource target string optional parameter for list vm scans user login string optional parameter for list vm scans launched after datetime string optional time value launched before datetime string optional time value client id string optional unique identifier client name string optional name of the resource show ags number optional parameter for list vm scans show op number optional parameter for list vm scans show status number optional status value show last number optional parameter for list vm scans pci only number optional parameter for list vm scans ignore target number optional parameter for list vm scans output parameter type description status code number http status code of the response reason string response reason phrase scan list output object output field scan list output response object output field response datetime string time value scan list object output field scan list scan array output field scan ref string output field ref type string type of the resource title string output field title user login string output field user login launch datetime string time value duration string output field duration processing priority string output field processing priority processed string output field processed status object status value target string output field target example \[ { "status code" 200, "response headers" { "date" "tue, 28 mar 2023 04 00 03 gmt", "server" "apache", "x xss protection" "1; mode=block", "x content type options" "nosniff", "x frame options" "sameorigin", "strict transport security" "max age=31536000; includesubdomains", "expires" "thu, 19 nov 1981 08 52 00 gmt", "cache control" "no store, no cache, private, must revalidate, post check=0, pre check=0", "pragma" "no cache", "x powered by" "qualys\ uspod3 438b7047 7854 5181 8116 979356194b02 8217759d 8170 731e 8386 3ec29 ", "x ratelimit limit" "300", "x ratelimit window sec" "3600", "x concurrency limit limit" "2", "x concurrency limit running" "1", "x ratelimit towait sec" "0" }, "reason" "ok", "json body" { "scan list output" {} } } ] list vm scans by post method retrieve recent vulnerability management scans from qualys within a default 30 day lookback period using the post method endpoint url api/2 0/fo/scan/ method post input argument name type required description data body object required response data action string required a flag used to make a request for a scan list echo request number optional specify 1 to view (echo) input parameters in the xml output by default these are not included scan ref string optional show only a scan with a certain scan reference code for a vulnerability scan, format is scan/987659876 19876 for a compliance scan format is compliance/98765456 12345 for a scap scan format is qscap/987659999 22222 scan id string optional show only a scan with a certain compliance scan id state string optional show only scans with one or more scan states multiple states are comma separated a valid value is running, paused, canceled, finished, error, queued (scan job is waiting to be distributed to scanners), or loading (scanners are finished and scan results are being loaded onto the platform) processed number optional specify 0 to show only scans that are not processed specify 1 to show only scans that have been processed when not specified, the scan list output is not filtered based on the processed status type string optional show only a certain scan type by default, the scan list is not restricted to a certain scan type a valid value is on demand, scheduled, or api target string optional show only one or more target ip addresses by default, the scan list includes all scans on all ip addresses multiple ip addresses and/or ranges may be entered multiple entries are comma separated you may enter an ip address range using the hyphen ( ) to separate the start and end ip address, as in 10 10 10 1 10 10 10 2 user login string optional show only a certain user login the user login identifies a user who launched scans by default, the scan list is not restricted to scans launched by a particular user enter the login name for a valid qualys user account launched after datetime string optional show only scans launched after a certain date and time (optional) the date/time is specified in yyyy mm dd\[thh\ mm \ ssz ] format (utc/gmt), like "2017 07 01" or "2017 01 25t23 12 00z " when launched after datetime and launched before datetime are unspecified, the service selects scans launched within the past 30 days a date/time in the future returns an empty scans list launched before datetime string optional show only scans launched before a certain date and time (optional) the date/time is specified in yyyy mm dd\[thh\ mm \ ssz ] format (utc/gmt), like "2017 07 01" or "2017 01 25t23 12 00z " when launched after datetime and launched before datetime are unspecified, the service selects scans launched within the past 30 days a date/time in the future returns a list of all scans (not limited to scans launched within the past 30 days) client id string optional id assigned to the client (consultant type subscription only) parameter client id or client name may be specified for the same request client name string optional name of the client (consultant type subscription only) parameter client id or client name may be specified for the same request show ags number optional specify 1 to show asset group information for each scan in the xml output by default, asset group information is not shown show op number optional specify 1 to show option profile information for each scan in the xml output by default, option profile information is not shown show status number optional specify 0 to not show scan status for each scan in the xml output by default, scan status is shown show last number optional specify 1 to show only the most recent scan (which meets all other search filters in the request) in the xml output by default, all scans are shown in xml output pci only number optional specify 1 to show only external pci scans in the xml output external pci scans are vulnerability scans run with the option profile "payment card industry (pci) options" when pci only=1 is specified, the xml output will not include other types of scans run with other option profiles ignore target number optional specify 1 to hide target information from the scan list specify 0 to display the target information output parameter type description status code number http status code of the response reason string response reason phrase scan list output object output field scan list output response object output field response datetime string time value example \[ { "status code" 200, "response headers" { "date" "tue, 11 mar 2025 05 39 01 gmt", "content type" "text/xml;charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "x content type options" "nosniff, nosniff", "x frame options" "sameorigin", "expires" "thu, 19 nov 1981 08 52 00 gmt", "cache control" "no store, no cache, private, must revalidate, post check=0, pre check=0", "pragma" "no cache", "x powered by" "qualys\ uspod3 19c2b0e7 3e70 e163 833e 64144bbbf8b3 730c59a6 aa5f e469 81f8 0cd5e ", "x ratelimit limit" "300", "x ratelimit window sec" "3600", "x concurrency limit limit" "2", "x concurrency limit running" "0", "x ratelimit towait sec" "0" }, "reason" "ok", "json body" { "scan list output" {} } } ] manage vm scans control and manage vulnerability scans by specifying actions like start, stop, or pause, along with the scan reference in qualys endpoint url api/2 0/fo/scan/ method get input argument name type required description action string required parameter for manage vm scans echo request number optional parameter for manage vm scans scan ref string required parameter for manage vm scans ips string optional parameter for manage vm scans mode string optional parameter for manage vm scans output format string optional parameter for manage vm scans client id string optional unique identifier client name string optional name of the resource output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "thu, 30 mar 2023 07 21 33 gmt", "server" "apache", "x xss protection" "1; mode=block", "x content type options" "nosniff", "x frame options" "sameorigin", "strict transport security" "max age=31536000; includesubdomains", "expires" "thu, 19 nov 1981 08 52 00 gmt", "cache control" "no store, no cache, private, must revalidate, post check=0, pre check=0", "pragma" "no cache", "x powered by" "qualys\ uspod3 438b7047 7854 5181 8116 979356194b02 8217759d 8170 731e 8386 3ec29 ", "x ratelimit limit" "300", "x ratelimit window sec" "3600", "x concurrency limit limit" "2", "x concurrency limit running" "1", "x ratelimit towait sec" "0" }, "reason" "ok", "json body" \[ { "scan report template title" "scan results", "result date" "03/30/2023 07 21 41", "company" "swimlane", "add1" "1314 w 4th avenue", "add2" null, "city" "broomfield", "state" "colorado", "country" "united states of america", "zip" "80020", "name" "greg sherman", "username" "swman3gs1", "role" "manager" }, { "launch date" "02/17/2023 23 37 23", "active hosts" "1", "total hosts" "1", "type" "api", "status" "finished", "reference" "scan/1676677043 59715", "scanner appliance" "swimlane plugins 1032 scanner (scanner 12 13 36 1, vulnerability signatures 2 5 705 2)", "duration" "00 16 44", "scan title" "swimlane initiated scan (td testing)", "asset groups" null, "ips" "10 32 0 185", "excluded ips" "", "option profile" "initial options" }, { "ip" "10 32 0 185", "dns" "win avn29iebhuc swimlane us", "netbios" "win avn29iebhuc", "os" null, "ip status" "host scanned, found vuln", "qid" 6, "title" "dns host name", "type" "ig", "severity" "1", "port" "", "protocol" "", "fqdn" "", "ssl" "no", "cve id" null, "vendor reference" null, "bugtraq id" null, "threat" "the fully qualified domain name of this host, if it was obtained from a dns server, is displayed in the result section ", "impact" "n/a", "solution" "n/a", "exploitability" null, "associated malware" null, "results" "ip address\thost name\n10 32 0 185\twin avn29iebhuc swimlane us", "pci vuln" "no", "instance" null, "category" "information gathering" } ] } ] patch list retrieve a list of applicable patches for a specific host in qualys vulnerability scanner using the provided host id endpoint url api/2 0/fo/asset/patch/index php method get input argument name type required description host id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase patch list output object output field patch list output response object output field response subscription id string unique identifier host id string unique identifier ip string output field ip dns string output field dns netbios string output field netbios os string output field os os cpe object output field os cpe network string output field network patch info list object output field patch info list patch info object output field patch info detection qids object unique identifier patch qid object unique identifier patch severity string output field patch severity patch title string output field patch title patch vendor id string unique identifier patch release date string date value patch links object output field patch links example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "patch list output" {} } } ] update azure internal scan updates an existing internal azure scan job in qualys for unresolved targets requires a data body input endpoint url /api/2 0/fo/scan/cloud/internal/job/ method post input argument name type required description data body object required response data action string required specify update to make changes to an existing scan job id string required the id of the scan schedule you want to update module string optional specify vm for a vulnerability scan cloud provider string optional specify azure for an azure internal scan the cloud provider value cannot be changed during an update request cloud service string optional specify vm (azure virtual machine) for an azure internal scan the cloud service value cannot be changed during an update request connector name string optional the name of the connector to be used we check if the specified connector name exists for your qualys subscription if the specified connector name does not exists in your qualys subscription, then the api request returns an error message invalid connector name provided one of these parameters must be specified in the request conector name or connector uuid these are mutually exclusive and cannot be specified in the same request connector uuid string optional the id of the connector to be used if the specified connector name does not exists in your qualys subscription, then the api request returns an error message invalid connector uuid provided one of these parameters must be specified in the request conector name or connector uuid these are mutually exclusive and cannot be specified in the same request scan title string optional the scan title to create active number optional specify 1 to create an active schedule specify 0 to create an inactive schedule option title string optional the title of the option profile to be used one of these parameters must be specified in the request option title or option id these are mutually exclusive and cannot be specified in the same request option id number optional the id of the option profile to be used one of these parameters must be specified in a request option title or option id these are mutually exclusive and cannot be specified in the same request priority number optional specify a value of 0 9 to set a processing priority level for the scan when not specified, a value of 0 (no priority) is used valid values are 0 = no priority (the default), 1 = emergency, 2 = ultimate, 3 = critical, 4 = major, 5 = high, 6 = standard, 7 = medium, 8 = minor, 9 = low iscanner id string optional the ids of the scanner appliances to be used multiple entries are comma separated these parameters cannot be specified in the same request iscanner id and iscanner name iscanner name string optional the friendly names of the scanner appliances to be used multiple entries are comma separated these parameters cannot be specified in the same request iscanner id and iscanner name platform type string optional select the platform type as either location or virtual network region code string optional the azure region code valid values are ap northeast 1, ap southeast 1, ap southeast 2, ap east 1, eu west 1, eu north 1, asa east 1, us east 1, us west 1, us west 2, me south 1, eu south 1, and af south 1 this parameter is mandatory when the platform type is set to location virtual network id string optional provide the id of the azure virtual network this parameter is mandatory when the platform type is set to virtual network tag include selector string optional select any (the default) to include hosts that match at least one of the selected tags select all to include hosts that match all of the selected tags tag exclude selector string optional select any (the default) to exclude hosts that match at least one of the selected tags select all to exclude hosts that match all of the selected tags tag set by string optional specify “id” (the default) to select a tag set by providing tag ids specify “name” to select a tag set by providing tag names we will check if the tag ids or tag names are valid tag set include string optional specify a tag set to include hosts that match these tags will be included you identify the tag set by providing tag name or ids multiple entries are comma separated tag set exclude string optional specify a tag set to exclude hosts that match these tags will be excluded you identify the tag set by providing tag name or ids multiple entries are comma separated cloud resource ids string optional only applicable for update request specific vm ids on which scan needs to be launched (vm ids are comma separated) specify remove to delete the existing vm ids specify any vm id to replace the existing vm ids schedule string optional specify now to schedule the scan job for now specify recurring to schedule the scan job to start at a later time or on a recurring basis see schedule parameters for azure internal scans possible values are now, recurring output parameter type description status code number http status code of the response reason string response reason phrase simple return object output field simple return response object output field response datetime string time value text string output field text item list object output field item list item object output field item key string output field key value string value for the parameter example \[ { "status code" 200, "response headers" { "date" "tue, 11 mar 2025 05 39 01 gmt", "content type" "text/xml;charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "x content type options" "nosniff, nosniff", "x frame options" "sameorigin", "expires" "thu, 19 nov 1981 08 52 00 gmt", "cache control" "no store, no cache, private, must revalidate, post check=0, pre check=0", "pragma" "no cache", "x powered by" "qualys\ uspod3 19c2b0e7 3e70 e163 833e 64144bbbf8b3 730c59a6 aa5f e469 81f8 0cd5e ", "x ratelimit limit" "300", "x ratelimit window sec" "3600", "x concurrency limit limit" "2", "x concurrency limit running" "0", "x ratelimit towait sec" "0" }, "reason" "ok", "json body" { "simple return" {} } } ] update cloud perimeter scan updates an existing cloud perimeter scan in qualys, targeting unresolved assets with the provided data body input endpoint url /api/2 0/fo/scan/cloud/perimeter/job/ method post input argument name type required description data body object required response data action string required specify "create" to configure a new cloud perimeter scan job id string required the id of the scan schedule you want to update module string optional specify "vm" for a vulnerability scan and "pc" for a compliance scan required for create request cloud provider string optional specify "azure" for an azure scan specify "aws" for an aws ec2 scan specify "gcp" for a gcp scan the cloud provider value cannot be changed during an update request when cloud provider=azure, the following parameters cannot be specified in the same request platform type, region code, vpc id, include micro nano instances, include lb from connector these parameters only apply when cloud provider=aws is specified cloud service string optional specify "vm" (azure virtual machine) for an azure scan specify "ec2" for an aws ec2 scan specify "compute engine" for a gcp scan the cloud service value cannot be changed during an update request connector name string optional the name of the connector to be used one of these parameters must be specified in the request conector name or connector uuid these are mutually exclusive and cannot be specified in the same request connector uuid string optional the id of the connector to be used one of these parameters must be specified in the request conector name or connector uuid these are mutually exclusive and cannot be specified in the same request scan title string optional the scan title when not specified the default scan title is "aws ec2 perimeter scan " active number optional specify "1" to create an active schedule specify "0" to create an inactive schedule option title string optional the title of the option profile to be used one of these parameters must be specified in the request option title or option id these are mutually exclusive and cannot be specified in the same request option id number optional the id of the option profile to be used one of these parameters must be specified in a request option title or option id these are mutually exclusive and cannot be specified in the same request priority number optional specify a value of 0 9 to set a processing priority level for the scan when not specified, a value of 0 (no priority) is used valid values are 0 = no priority (the default), 1 = emergency, 2 = ultimate, 3 = critical, 4 = major, 5 = high, 6 = standard, 7 = medium, 8 = minor, 9 = low iscanner id string optional the ids of the scanner appliances to be used specify "0" for external scanners multiple entries are comma separated these parameters cannot be specified in the same request iscanner id and iscanner name optional, only valid when your account is configured to allow internal scanners iscanner name string optional the friendly names of the scanner appliances to be used or "external" for external scanners multiple entries are comma separated these parameters cannot be specified in the same request iscanner id and iscanner name optional, only valid when your account is configured to allow internal scanners platform type string optional the platform type valid values are classic, vpc peered or selected vpc region code string optional the ec2 region code valid values are ap northeast 1, ap southeast 1, ap southeast 2, ap east 1, eu west 1, eu north 1, asa east 1, us east 1, us west 1, us west 2, me south 1, eu south 1, and af south 1 one of these parameters must be specified in the request region code or vpc id these are mutually exclusive and cannot be specified in the same request vpc id string optional the id of the virtual private cloud (vpc) zone the id value must start with vpc we will check if the specified vpc id exists for the selected connector one of these parameters must be specified in the request region code or vpc id these are mutually exclusive and cannot be specified in the same request include micro nano instances number optional specify 1 to include ec2 assets with instance types t2 nano, t3 nano, t1 micro and m1 small in the scan job by default, this parameter value is set to 0 note that these instance types must be activated for your account so that we can include them in the scan warning aws ec2 assets with instance types t2 nano, t3 nano, t1 micro and m1 small have very limited cpu when scanning these instance types we recommend you choose an option profile with light port scanning and no authentication alternatively, use qualys cloud agent to perform the equivalent of authenticated scanning for the least performance impact for these instance types tag include selector string optional select “any” (the default) to include hosts that match at least one of the selected tags select “all” to include hosts that match all of the selected tags tag exclude selector string optional select “any” (the default) to exclude hosts that match at least one of the selected tags select “all” to exclude hosts that match all of the selected tags tag set by string optional specify “id” (the default) to select a tag set by providing tag ids specify “name” to select a tag set by providing tag names we will check if the tag ids or tag names are valid tag set include string optional specify a tag set to include hosts that match these tags will be included you identify the tag set by providing tag name or ids multiple entries are comma separated tag set exclude string optional specify a tag set to exclude hosts that match these tags will be excluded you identify the tag set by providing tag name or ids multiple entries are comma separated include lb from connector number optional specify 1 to include public load balancers from the selected connector in the scan job by default, this parameter value is set to 0 note when you set this parameter to 1, we fetch public load balancers from the aws connector in cloudview that has the same configuration as that of the selected connector if you select this option, ensure that you have the connector created in your cloudview account with a configuration similar to that of the selected connector if the connector in cloudview is not found, then we can't fetch the public load balancers from the connector output parameter type description status code number http status code of the response reason string response reason phrase simple return object output field simple return response object output field response datetime string time value text string output field text item list object output field item list item object output field item key string output field key value string value for the parameter example \[ { "status code" 200, "response headers" { "date" "tue, 11 mar 2025 05 39 01 gmt", "content type" "text/xml;charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "x content type options" "nosniff, nosniff", "x frame options" "sameorigin", "expires" "thu, 19 nov 1981 08 52 00 gmt", "cache control" "no store, no cache, private, must revalidate, post check=0, pre check=0", "pragma" "no cache", "x powered by" "qualys\ uspod3 19c2b0e7 3e70 e163 833e 64144bbbf8b3 730c59a6 aa5f e469 81f8 0cd5e ", "x ratelimit limit" "300", "x ratelimit window sec" "3600", "x concurrency limit limit" "2", "x concurrency limit running" "0", "x ratelimit towait sec" "0" }, "reason" "ok", "json body" { "simple return" {} } } ] vm scan summary by post method generates a summary report of scanned or unscanned hosts by qualys, detailing reasons, using the post method with a required data body endpoint url /api/2 0/fo/scan/vm/summary/ method post input argument name type required description data body object required response data action string required the list action is required output format string optional the only supported output format at this time is xml scan reference string optional specifies a unique scan reference id use this option to include scan summary information for a single scan only for vm scans, the scan reference has the format scan/987654321 98765 one of these parameters must be specified in the request scan datetime since or scan reference you cannot specify scan reference in the same request as scan datetime since and scan datetime until scan datetime since string optional include scans started since a certain date the date must be less than or equal to today’s date specify the date in gmt timezone in rfc 3339 format yyyy mm ddthh mm ssz example 2020 10 01t09 30 48z one of these parameters must be specified in the request scan datetime since or scan reference you cannot specify scan datetime since in the same request as scan reference scan datetime until string optional include scans started up to a certain date the date must be more than or equal to scan datetime since, and less than or equal to today’s date specify the date in gmt timezone in rfc 3339 format yyyy mm ddthh mm ssz example 2020 10 01t09 30 48z the parameter scan datetime until can only be specified when scan datetime since is also specified you cannot specify scan datetime until in the same request as scan reference include scan input number optional by default, scan input information is included in the xml output in the \<scan input> block specify include scan input=0 if you don’t want this entire block to appear in the output scan input information includes the scan title, user login (for user who launched the scan), whether or not the scan was scheduled, scan target, network, option profile, etc include scan details number optional by default, scan details are included in the xml output in the \<scan details> block specify include scan details=0 if you don’t want this entire block to appear in the output scan details include the scan status, launch date/time, and scan duration include hosts summary number optional by default, hosts summary information is included in the xml output in the block under \<scan results> specify include hosts summary=0 if you don’t want the block to appear in the output the hosts summary shows the total number of hosts scanned, and lists the ip addresses, dns hostnames and netbios hostnames in the scan include detections summary number optional by default, detections summary information is included in the xml output in the block under \<scan results> specify include detections summary=0 if you don’t want the block to appear in the output the detections summary includes the total number of detections, and the number of detections by severity for confirmed, potential and information gathered include hosts summary categories string optional when unspecified, all categories are included in the xml output to filter the categories, provide a comma separated list of the categories to include in the output possible values are scanned, excluded, cancelled, unresolved, duplicate, not vulnerable, dead, aborted, blocked, failed slice, exceeded scan duration see "host summary categories" below for more information on each category each category appears a block inside \<scan results> if a category is filtered out, the respective category block does not appear in the output output parameter type description status code number http status code of the response reason string response reason phrase scan summary output object output field scan summary output response object output field response datetime string time value scan summary list object output field scan summary list scan summary object output field scan summary scan reference string output field scan reference scan input object input data for the action scan details object output field scan details scan results object result of the operation example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 2 may 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "scan summary output" {} } } ] response headers header description example cache control directives for caching mechanisms no store, no cache, private, must revalidate, post check=0, pre check=0 cf cache status http response header cf cache status dynamic cf ray http response header cf ray 91e8b57438dd4087 bom connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 140 content security policy http response header content security policy default src 'self' qualys com qualys ca qualys eu qualys it qualys in qualys ae qualys co uk qualys com au qualysksa com qualys sg qualys us; content type the media type of the resource application/json date the date and time at which the message was originated tue, 28 mar 2023 04 00 03 gmt expires the date/time after which the response is considered stale thu, 19 nov 1981 08 52 00 gmt keep alive http response header keep alive timeout=300, max=133 pragma http response header pragma no cache server information about the software used by the origin server apache strict transport security http response header strict transport security max age=31536000; includesubdomains transfer encoding http response header transfer encoding chunked x concurrency limit limit http response header x concurrency limit limit 2 x concurrency limit running http response header x concurrency limit running 0 x content type options http response header x content type options nosniff x frame options http response header x frame options sameorigin x powered by http response header x powered by qualys\ uspod3 19c2b0e7 3e70 e163 833e 64144bbbf8b3 730c59a6 aa5f e469 81f8 0cd5e186bb2a x ratelimit limit the number of requests allowed in the current rate limit window 300 x ratelimit remaining the number of requests remaining in the current rate limit window 275 x ratelimit towait sec http response header x ratelimit towait sec 0 x ratelimit window sec http response header x ratelimit window sec 3600 x xss protection http response header x xss protection 1; mode=block