Qualys Vulnerability Scanner

the qualys vulnerability scanner connector allows seamless integration with qualys' cloud based security and compliance solutions, enabling automated vulnerability management and compliance checks qualys vulnerability scanner is a comprehensive solution for cloud based security and compliance it enables users to identify, track, and remediate vulnerabilities within their it infrastructure by integrating with swimlane turbine, users can automate vulnerability management processes, streamline compliance checks, and enhance their security posture directly within their workflows this connector facilitates seamless interactions with qualys, allowing for efficient vulnerability scanning and data retrieval without manual intervention limitations none to date supported versions this qualys vulnerability scanner connector uses the version 2 0 api additional docs https //docs qualys com/en/vm/qweb all api/#t=mergedprojects%2fqapi scan%2fget started%2fauthentication htm https //docs qualys com/en/vm/qweb all api/#t=mergedprojects%2fqapi scan%2fvm scans%2fvm scans htm configuration prerequisites before utilizing the qualys vulnerability scanner connector with swimlane turbine, ensure you have the following prerequisites http basic authentication with the following parameters url the endpoint url for the qualys api username your qualys account username password your qualys account password api key authentication (for session based authentication) with the following parameters url the endpoint url for the qualys api username your qualys account username used to generate the session password your qualys account password used to generate the session authentication methods api key authentication (session based authentication) url the endpoint url for qualys api services username your qualys platform username password your qualys platform password http basic authentication url the endpoint url for qualys api services username your qualys platform username password your qualys platform password capabilities this qualys vulnerability scanner connector provides the following capabilities create azure internal scan create cloud perimeter scan fetch report get compliance control list get compliance scan get host detections get hosts get scan summary get vm scan get vm scan summary knowledgebase download launch compliance scan launch vm scan launch vm scan on ec2 assets list asset groups and so on configurations qualys vulnerability scanner api key auth authenticates using a username and password for session based authentication configuration parameters parameter description type required url a url to the target host string required qusername username string required qpassword password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional qualys vulnerability scanner http basic auth authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions create azure internal scan initiate an internal scan in azure environments using qualys, specifying the scan details in the data body endpoint url /api/2 0/fo/scan/cloud/internal/job/index php method post input argument name type required description data body object required response data data body action string required specify create to configure a new internal azure scan job data body module string required specify vm for a vulnerability scan data body cloud provider string required specify azure for an azure internal scan the cloud provider value cannot be changed during an update request note currently supporting azure only data body cloud service string required specify vm (azure virtual machine) for an azure internal scan the cloud service value cannot be changed during an update request data body connector name string optional the name of the connector to be used we check if the specified connector name exists for your qualys subscription if the specified connector name does not exists in your qualys subscription, then the api request returns an error message invalid connector name provided one of these parameters must be specified in the request conector name or connector uuid these are mutually exclusive and cannot be specified in the same request data body connector uuid string optional the id of the connector to be used if the specified connector name does not exists in your qualys subscription, then the api request returns an error message invalid connector uuid provided one of these parameters must be specified in the request conector name or connector uuid these are mutually exclusive and cannot be specified in the same request data body scan title string required the scan title to create data body active number required specify 1 to create an active schedule specify 0 to create an inactive schedule data body option title string optional the title of the option profile to be used one of these parameters must be specified in the request option title or option id these are mutually exclusive and cannot be specified in the same request data body option id number optional the id of the option profile to be used one of these parameters must be specified in a request option title or option id these are mutually exclusive and cannot be specified in the same request data body priority number optional specify a value of 0 9 to set a processing priority level for the scan when not specified, a value of 0 (no priority) is used valid values are 0 = no priority (the default), 1 = emergency, 2 = ultimate, 3 = critical, 4 = major, 5 = high, 6 = standard, 7 = medium, 8 = minor, 9 = low data body iscanner id string optional the ids of the scanner appliances to be used multiple entries are comma separated these parameters cannot be specified in the same request iscanner id and iscanner name data body iscanner name string optional the friendly names of the scanner appliances to be used multiple entries are comma separated these parameters cannot be specified in the same request iscanner id and iscanner name data body platform type string required select the platform type as either location or virtual network data body region code string optional the azure region code valid values are ap northeast 1, ap southeast 1, ap southeast 2, ap east 1, eu west 1, eu north 1, asa east 1, us east 1, us west 1, us west 2, me south 1, eu south 1, and af south 1 this parameter is mandatory when the platform type is set to location data body virtual network id string optional provide the id of the azure virtual network this parameter is mandatory when the platform type is set to virtual network data body tag include selector string optional select any (the default) to include hosts that match at least one of the selected tags select all to include hosts that match all of the selected tags data body tag exclude selector string optional select any (the default) to exclude hosts that match at least one of the selected tags select all to exclude hosts that match all of the selected tags data body tag set by string optional specify “id” (the default) to select a tag set by providing tag ids specify “name” to select a tag set by providing tag names we will check if the tag ids or tag names are valid data body tag set include string optional specify a tag set to include hosts that match these tags will be included you identify the tag set by providing tag name or ids multiple entries are comma separated data body tag set exclude string optional specify a tag set to exclude hosts that match these tags will be excluded you identify the tag set by providing tag name or ids multiple entries are comma separated data body schedule string required specify now to schedule the scan job for now specify recurring to schedule the scan job to start at a later time or on a recurring basis see schedule parameters for azure internal scans possible values are now, recurring data body occurrence string optional valid values are daily, weekly, monthly data body frequency days number optional required for a daily scan the scan will run every n number of days value is an integer from 1 to 365 input example {"data body" {"action" "create","module" "vm","cloud provider" "azure","cloud service" "vm","connector name" "example name","connector uuid" "string","scan title" "string","active" 123,"option title" "string","option id" 123,"priority" 123,"iscanner id" "string","iscanner name" "example name","platform type" "string","region code" "string","virtual network id" "string","tag include selector" "any","tag exclude selector" "any","tag set by" "id","tag set include" "string","tag set exclude" "string","schedule" "string","occurrence" "string","frequency days" 123,"frequency weeks" 123,"weekdays" "string","frequency months" 123,"day of month" 123,"day of week" 123,"week of month" "string","start date" "string","start hour" 123,"start minute" 123,"time zone code" "string","observe dst" "string","recurrence" 123,"end after" 123,"end after mins" 123,"pause after hours" 123,"pause after mins" 123,"resume in days" "string","resume in hours" 123,"set start time" 123,"before notify" 123,"before notify unit" "string","before notify time" 123,"before notify message" "string","after notify" 123,"after notify message" "string","recipient group ids" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase simple return object output field simple return simple return response object output field simple return response simple return response datetime string time value simple return response text string output field simple return response text simple return response item list object output field simple return response item list simple return response item list item object output field simple return response item list item simple return response item list item key string output field simple return response item list item key simple return response item list item value string value for the parameter output example {"status code" 200,"response headers" {"date" "tue, 11 mar 2025 05 39 01 gmt","content type" "text/xml;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","x content type options" "nosniff, nosniff","x frame options" "sameorigin","expires" "thu, 19 nov 1981 08 52 00 gmt","cache control" "no store, no cache, private, must revalidate, post check=0, pre check=0","pragma" "no cache","x powered by" "qualys\ uspod3 19c2b0e7 3e70 e163 833e 64144bbbf8b3 730c59a6 aa5f e469 81f8 0cd5e create cloud perimeter scan initiates or updates a cloud perimeter scan in qualys vulnerability scanner using detailed configurations endpoint url /api/2 0/fo/scan/cloud/perimeter/job/index php method post input argument name type required description data body object required response data data body action string required specify "create" to configure a new cloud perimeter scan job data body module string required specify "vm" for a vulnerability scan and "pc" for a compliance scan required for create request data body cloud provider string optional specify "azure" for an azure scan specify "aws" for an aws ec2 scan specify "gcp" for a gcp scan the cloud provider value cannot be changed during an update request when cloud provider=azure, the following parameters cannot be specified in the same request platform type, region code, vpc id, include micro nano instances, include lb from connector these parameters only apply when cloud provider=aws is specified data body cloud service string optional specify "vm" (azure virtual machine) for an azure scan specify "ec2" for an aws ec2 scan specify "compute engine" for a gcp scan the cloud service value cannot be changed during an update request data body connector name string optional the name of the connector to be used one of these parameters must be specified in the request conector name or connector uuid these are mutually exclusive and cannot be specified in the same request data body connector uuid string optional the id of the connector to be used one of these parameters must be specified in the request conector name or connector uuid these are mutually exclusive and cannot be specified in the same request data body scan title string optional the scan title when not specified the default scan title is "aws ec2 perimeter scan " data body active number required specify "1" to create an active schedule specify "0" to create an inactive schedule data body option title string optional the title of the option profile to be used one of these parameters must be specified in the request option title or option id these are mutually exclusive and cannot be specified in the same request data body option id number optional the id of the option profile to be used one of these parameters must be specified in a request option title or option id these are mutually exclusive and cannot be specified in the same request data body priority number optional specify a value of 0 9 to set a processing priority level for the scan when not specified, a value of 0 (no priority) is used valid values are 0 = no priority (the default), 1 = emergency, 2 = ultimate, 3 = critical, 4 = major, 5 = high, 6 = standard, 7 = medium, 8 = minor, 9 = low data body iscanner id string optional the ids of the scanner appliances to be used specify "0" for external scanners multiple entries are comma separated these parameters cannot be specified in the same request iscanner id and iscanner name optional, only valid when your account is configured to allow internal scanners data body iscanner name string optional the friendly names of the scanner appliances to be used or "external" for external scanners multiple entries are comma separated these parameters cannot be specified in the same request iscanner id and iscanner name optional, only valid when your account is configured to allow internal scanners data body platform type string optional the platform type valid values are classic, vpc peered or selected vpc data body region code string optional the ec2 region code valid values are ap northeast 1, ap southeast 1, ap southeast 2, ap east 1, eu west 1, eu north 1, asa east 1, us east 1, us west 1, us west 2, me south 1, eu south 1, and af south 1 one of these parameters must be specified in the request region code or vpc id these are mutually exclusive and cannot be specified in the same request data body vpc id string optional the id of the virtual private cloud (vpc) zone the id value must start with vpc we will check if the specified vpc id exists for the selected connector one of these parameters must be specified in the request region code or vpc id these are mutually exclusive and cannot be specified in the same request data body include micro nano instances number optional specify 1 to include ec2 assets with instance types t2 nano, t3 nano, t1 micro and m1 small in the scan job by default, this parameter value is set to 0 note that these instance types must be activated for your account so that we can include them in the scan warning aws ec2 assets with instance types t2 nano, t3 nano, t1 micro and m1 small have very limited cpu when scanning these instance types we recommend you choose an option profile with light port scanning and no authentication alternatively, use qualys cloud agent to perform the equivalent of authenticated scanning for the least performance impact for these instance types data body tag include selector string optional select “any” (the default) to include hosts that match at least one of the selected tags select “all” to include hosts that match all of the selected tags data body tag exclude selector string optional select “any” (the default) to exclude hosts that match at least one of the selected tags select “all” to exclude hosts that match all of the selected tags data body tag set by string optional specify “id” (the default) to select a tag set by providing tag ids specify “name” to select a tag set by providing tag names we will check if the tag ids or tag names are valid data body tag set include string optional specify a tag set to include hosts that match these tags will be included you identify the tag set by providing tag name or ids multiple entries are comma separated data body tag set exclude string optional specify a tag set to exclude hosts that match these tags will be excluded you identify the tag set by providing tag name or ids multiple entries are comma separated data body include lb from connector number optional specify 1 to include public load balancers from the selected connector in the scan job by default, this parameter value is set to 0 note when you set this parameter to 1, we fetch public load balancers from the aws connector in cloudview that has the same configuration as that of the selected connector if you select this option, ensure that you have the connector created in your cloudview account with a configuration similar to that of the selected connector if the connector in cloudview is not found, then we can't fetch the public load balancers from the connector data body elb dns string optional one or more load balancer dns names to include in the scan job multiple values are comma separated input example {"data body" {"action" "create","module" "string","cloud provider" "string","cloud service" "string","connector name" "example name","connector uuid" "string","scan title" "string","active" 123,"option title" "string","option id" 123,"priority" 123,"iscanner id" "string","iscanner name" "example name","platform type" "string","region code" "string","vpc id" "string","include micro nano instances" 123,"tag include selector" "any","tag exclude selector" "any","tag set by" "id","tag set include" "string","tag set exclude" "string","include lb from connector" 123,"elb dns" "string","schedule" "string","occurrence" "string","frequency days" 123,"frequency weeks" 123,"weekdays" "string","frequency months" 123,"day of month" 123,"day of week" 123,"week of month" "string","start date" "string","start hour" 123,"start minute" 123,"time zone code" "string","observe dst" "string","recurrence" 123,"end after" 123,"end after mins" 123,"pause after hours" 123,"pause after mins" 123,"resume in days" "string","resume in hours" 123,"set start time" 123,"before notify" 123,"before notify unit" "string","before notify time" 123,"before notify message" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase simple return object output field simple return simple return response object output field simple return response simple return response datetime string time value simple return response text string output field simple return response text simple return response item list object output field simple return response item list simple return response item list item object output field simple return response item list item simple return response item list item key string output field simple return response item list item key simple return response item list item value string value for the parameter output example {"status code" 200,"response headers" {"date" "tue, 11 mar 2025 05 39 01 gmt","content type" "text/xml;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","x content type options" "nosniff, nosniff","x frame options" "sameorigin","expires" "thu, 19 nov 1981 08 52 00 gmt","cache control" "no store, no cache, private, must revalidate, post check=0, pre check=0","pragma" "no cache","x powered by" "qualys\ uspod3 19c2b0e7 3e70 e163 833e 64144bbbf8b3 730c59a6 aa5f e469 81f8 0cd5e fetch report retrieves a specific vulnerability report from qualys using the provided report id and action parameters endpoint url /api/2 0/fo/report/ method get input argument name type required description parameters action string required specify action to fetch a report parameters echo request number optional specify 1 to view (echo) input parameters in the xml output by default these are not included parameters id number required the report id you want to take action on input example {"parameters" {"action" "fetch","echo request" 0,"id" 232123}} output parameter type description status code number http status code of the response reason string response reason phrase file object output field file file file string output field file file file file name string name of the resource output example {"status code" 200,"response headers" {},"reason" "ok","file" {"file" "dfgfdfd34r","file name" "report output csv"}} get compliance control list retrieve a list of compliance controls from qualys vulnerability scanner based on specified action parameters endpoint url api/2 0/fo/compliance/control/ method get input argument name type required description parameters action string required parameters for the get compliance control list action parameters details string optional parameters for the get compliance control list action parameters ids string optional parameters for the get compliance control list action parameters id min string optional parameters for the get compliance control list action parameters id max string optional parameters for the get compliance control list action parameters updated after datetime string optional parameters for the get compliance control list action parameters created after datetime string optional parameters for the get compliance control list action parameters truncation limit string optional parameters for the get compliance control list action input example {"parameters" {"action" "string","details" "string","ids" "string","id min" "string","id max" "string","updated after datetime" "string","created after datetime" "string","truncation limit" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase control list output object output field control list output control list output response object output field control list output response control list output response datetime string time value control list output response control list object output field control list output response control list control list output response control list control array output field control list output response control list control control list output response control list control id string unique identifier control list output response control list control update date string date value control list output response control list control created date string date value control list output response control list control category string output field control list output response control list control category control list output response control list control sub category string output field control list output response control list control sub category control list output response control list control statement string output field control list output response control list control statement control list output response control list control criticality object output field control list output response control list control criticality control list output response control list control technology list object output field control list output response control list control technology list control list output response control list control framework list object output field control list output response control list control framework list control list output response warning object output field control list output response warning control list output response warning code string output field control list output response warning code control list output response warning text string output field control list output response warning text control list output response warning url string url endpoint for the request output example {"control list output" {"response" {"datetime" "string","control list" {},"warning" {}}}} get compliance scan retrieve compliance scan results from qualys vulnerability scanner using specified action parameters endpoint url api/2 0/fo/scan/compliance/ method get input argument name type required description parameters action string required parameters for the get compliance scan action parameters scan ref string optional parameters for the get compliance scan action parameters ips string optional parameters for the get compliance scan action parameters client id string optional parameters for the get compliance scan action parameters client name string optional parameters for the get compliance scan action input example {"parameters" {"action" "string","scan ref" "string","ips" "string","client id" "string","client name" "example name"}} output parameter type description status code number http status code of the response reason string response reason phrase simple return object output field simple return simple return response object output field simple return response simple return response datetime string time value simple return response code string output field simple return response code simple return response text string output field simple return response text output example {"simple return" {"response" {"datetime" "string","code" "string","text" "string"}}} get host detections retrieve a list of detected vulnerabilities on hosts from qualys based on specified parameters endpoint url api/2 0/fo/asset/host/vm/detection/ method get input argument name type required description parameters action string required parameters for the get host detections action parameters show asset id string optional parameters for the get host detections action parameters show reopened info string optional parameters for the get host detections action parameters arf kernel filter string optional parameters for the get host detections action parameters severities string optional parameters for the get host detections action parameters arf service filter string optional parameters for the get host detections action parameters result limit string optional parameters for the get host detections action parameters arf config filter string optional parameters for the get host detections action parameters max days since detection updated string optional parameters for the get host detections action parameters detection updated since string optional parameters for the get host detections action parameters detection updated before string optional parameters for the get host detections action parameters detection processed after string optional parameters for the get host detections action parameters detection processed before string optional parameters for the get host detections action parameters detection last tested since string optional parameters for the get host detections action parameters detection last tested after string optional parameters for the get host detections action parameters include ignored string optional parameters for the get host detections action parameters include disabled string optional parameters for the get host detections action parameters ips string optional parameters for the get host detections action parameters show igs string optional parameters for the get host detections action parameters ipv6 string optional parameters for the get host detections action parameters ag ids string optional parameters for the get host detections action parameters ag titles string optional parameters for the get host detections action parameters ids string optional parameters for the get host detections action parameters id min string optional parameters for the get host detections action parameters id max string optional parameters for the get host detections action input example {"parameters" {"action" "string","show asset id" "string","show reopened info" "string","arf kernel filter" "string","severities" "string","arf service filter" "string","result limit" "string","arf config filter" "string","max days since detection updated" "string","detection updated since" "string","detection updated before" "string","detection processed after" "string","detection processed before" "string","detection last tested since" "string","detection last tested after" "string","include ignored" "string","include disabled" "string","ips" "string","show igs" "string","ipv6" "string","ag ids" "string","ag titles" "string","ids" "string","id min" "string","id max" "string","network ids" "string","compliance enabled" "string","no vm scan since" "string","no compliance scan since" "string","vm scan since" "string","compliance scan since" "string","vm processed before" "string","vm processed after" "string","vm scan date before" "string","vm scan date after" "string","vm auth scan date before" "string","vm auth scan date after" "string","scap scan since" "string","no scap scan since" "string","truncation limit" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase host list vm detection output object output field host list vm detection output host list vm detection output response object output field host list vm detection output response host list vm detection output response datetime string time value host list vm detection output response host list object output field host list vm detection output response host list host list vm detection output response host list host object output field host list vm detection output response host list host host list vm detection output response host list host id string unique identifier host list vm detection output response host list host ip string output field host list vm detection output response host list host ip host list vm detection output response host list host tracking method string http method to use host list vm detection output response host list host os string output field host list vm detection output response host list host os host list vm detection output response host list host dns string output field host list vm detection output response host list host dns host list vm detection output response host list host dns data object response data host list vm detection output response host list host netbios string output field host list vm detection output response host list host netbios host list vm detection output response host list host last scan datetime string time value host list vm detection output response host list host last vm scanned date string date value host list vm detection output response host list host last vm scanned duration string output field host list vm detection output response host list host last vm scanned duration host list vm detection output response host list host detection list object output field host list vm detection output response host list host detection list output example {"host list vm detection output" {"response" {"datetime" "string","host list" {}}}} get hosts retrieves a list of hosts from the qualys vulnerability scanner with specified parameters, including the 'action' parameter endpoint url api/2 0/fo/asset/host/ method get input argument name type required description parameters details string optional parameters for the get hosts action parameters os pattern string optional parameters for the get hosts action parameters result limit string optional parameters for the get hosts action parameters ips string optional parameters for the get hosts action parameters ipv6 string optional parameters for the get hosts action parameters ag ids string optional parameters for the get hosts action parameters ag titles string optional parameters for the get hosts action parameters ids string optional parameters for the get hosts action parameters id min string optional parameters for the get hosts action parameters id max string optional parameters for the get hosts action parameters network ids string optional parameters for the get hosts action parameters compliance enabled string optional parameters for the get hosts action parameters no vm scan since string optional parameters for the get hosts action parameters no compliance scan since string optional parameters for the get hosts action parameters vm scan since string optional parameters for the get hosts action parameters compliance scan since string optional parameters for the get hosts action parameters vm processed before string optional parameters for the get hosts action parameters vm processed after string optional parameters for the get hosts action parameters vm scan date before string optional parameters for the get hosts action parameters vm scan date after string optional parameters for the get hosts action parameters vm auth scan date before string optional parameters for the get hosts action parameters vm auth scan date after string optional parameters for the get hosts action parameters scap scan since string optional parameters for the get hosts action parameters no scap scan since string optional parameters for the get hosts action parameters truncation limit string optional parameters for the get hosts action input example {"parameters" {"details" "string","os pattern" "string","result limit" "string","ips" "string","ipv6" "string","ag ids" "string","ag titles" "string","ids" "string","id min" "string","id max" "string","network ids" "string","compliance enabled" "string","no vm scan since" "string","no compliance scan since" "string","vm scan since" "string","compliance scan since" "string","vm processed before" "string","vm processed after" "string","vm scan date before" "string","vm scan date after" "string","vm auth scan date before" "string","vm auth scan date after" "string","scap scan since" "string","no scap scan since" "string","truncation limit" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase host list output object output field host list output host list output response object output field host list output response host list output response datetime string time value host list output response host list object output field host list output response host list host list output response host list host array output field host list output response host list host host list output response host list host id string unique identifier host list output response host list host ip string output field host list output response host list host ip host list output response host list host tracking method string http method to use host list output response host list host dns string output field host list output response host list host dns host list output response host list host dns data object response data host list output response host list host netbios string output field host list output response host list host netbios host list output response host list host qg hostid string unique identifier host list output response host list host os string output field host list output response host list host os output example {"host list output" {"response" {"datetime" "string","host list" {}}}} get scan summary retrieve a summary of scan results from qualys vulnerability scanner using specified action parameters endpoint url api/2 0/fo/scan/summary/ method get input argument name type required description parameters action string required parameters for the get scan summary action parameters include dead string optional parameters for the get scan summary action parameters include excluded string optional parameters for the get scan summary action parameters include unresolved string optional parameters for the get scan summary action parameters include cancelled string optional parameters for the get scan summary action parameters include notvuln string optional parameters for the get scan summary action parameters include blocked string optional parameters for the get scan summary action parameters include duplicate string optional parameters for the get scan summary action parameters scan date since string optional parameters for the get scan summary action parameters scan date to string optional parameters for the get scan summary action parameters include aborted string optional parameters for the get scan summary action input example {"parameters" {"action" "string","include dead" "string","include excluded" "string","include unresolved" "string","include cancelled" "string","include notvuln" "string","include blocked" "string","include duplicate" "string","scan date since" "string","scan date to" "string","include aborted" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase scan summary output object output field scan summary output scan summary output response object output field scan summary output response scan summary output response datetime string time value scan summary output response scan summary list object output field scan summary output response scan summary list scan summary output response scan summary list scan summary object output field scan summary output response scan summary list scan summary scan summary output response scan summary list scan summary scan ref string output field scan summary output response scan summary list scan summary scan ref scan summary output response scan summary list scan summary scan date string date value scan summary output response scan summary list scan summary host summary array output field scan summary output response scan summary list scan summary host summary output example {"scan summary output" {"response" {"datetime" "string","scan summary list" {}}}} get vm scan executes a vulnerability management scan in qualys with a specified 'action' parameter to define the scan type endpoint url api/2 0/fo/scan/ method get input argument name type required description parameters action string required parameters for the get vm scan action parameters ips string optional parameters for the get vm scan action parameters scan ref string optional parameters for the get vm scan action parameters client id string optional parameters for the get vm scan action parameters client name string optional parameters for the get vm scan action input example {"parameters" {"action" "string","ips" "string","scan ref" "string","client id" "string","client name" "example name"}} output parameter type description status code number http status code of the response reason string response reason phrase simple return object output field simple return simple return response object output field simple return response simple return response datetime string time value simple return response text string output field simple return response text simple return response item list object output field simple return response item list simple return response item list item array output field simple return response item list item simple return response item list item key string output field simple return response item list item key simple return response item list item value string value for the parameter output example {"simple return" {"response" {"datetime" "string","text" "string","item list" {}}}} get vm scan summary retrieve a summary of vulnerability scans from qualys, specifying the action and output format required endpoint url api/2 0/fo/scan/vm/summary method get input argument name type required description parameters action string required parameters for the get vm scan summary action parameters output format string required parameters for the get vm scan summary action parameters scan reference string optional parameters for the get vm scan summary action parameters scan datetime since string optional parameters for the get vm scan summary action parameters scan datetime until string optional parameters for the get vm scan summary action parameters include scan input number optional parameters for the get vm scan summary action parameters include scan details number optional parameters for the get vm scan summary action parameters include hosts summary number optional parameters for the get vm scan summary action parameters include detections summary number optional parameters for the get vm scan summary action parameters include hosts summary categories string optional parameters for the get vm scan summary action input example {"parameters" {"action" "list","output format" "xml","scan reference" "scan/987654321 98765","scan datetime since" "2020 10 01t09 30 48z","scan datetime until" "2020 10 01t09 30 48z","include scan input" 0,"include scan details" 0,"include hosts summary" 0,"include detections summary" 0,"include hosts summary categories" "scanned, excluded, cancelled"}} output parameter type description status code number http status code of the response scan summary output object output field scan summary output scan summary output response object output field scan summary output response scan summary output response datetime string time value scan summary output response scan summary list object output field scan summary output response scan summary list scan summary output response scan summary list scan summary object output field scan summary output response scan summary list scan summary scan summary output response scan summary list scan summary scan reference string output field scan summary output response scan summary list scan summary scan reference scan summary output response scan summary list scan summary scan input object input data for the action scan summary output response scan summary list scan summary scan details object output field scan summary output response scan summary list scan summary scan details scan summary output response scan summary list scan summary scan results object result of the operation output example {"status code" 200,"response headers" {"date" "tue, 28 mar 2023 04 00 03 gmt","server" "apache","x xss protection" "1; mode=block","x content type options" "nosniff","x frame options" "sameorigin","strict transport security" "max age=31536000; includesubdomains","expires" "thu, 19 nov 1981 08 52 00 gmt","cache control" "no store, no cache, private, must revalidate, post check=0, pre check=0","pragma" "no cache","x powered by" "qualys\ uspod3 438b7047 7854 5181 8116 979356194b02 8217759d 8170 731e knowledgebase download download the latest vulnerability data from the qualys knowledgebase using specified action parameters endpoint url /api/2 0/fo/knowledge base/vuln/ method get input argument name type required description parameters action string required specify action to list and download the knowledgebase must be "list" parameters echo request number optional specify 1 to include input parameters in the xml output default is not included parameters details string optional show the requested amount of information for each vulnerability basic (default), all, or none parameters ids number optional filter to include only vulnerabilities with specified qid numbers parameters id min number optional filter to show only vulnerabilities with qid >= specified value parameters id max number optional filter to show only vulnerabilities with qid <= specified value parameters is patchable number optional 1 for patchable, 0 for not patchable, unspecified for all parameters last modified after string optional filter for vulnerabilities last modified after this date (yyyy mm dd\[thh\ mm \ ssz ]) parameters last modified before string optional filter for vulnerabilities last modified before this date (yyyy mm dd\[thh\ mm \ ssz ]) parameters last modified by user after string optional filter for vulnerabilities last modified by a user after this date parameters last modified by user before string optional filter for vulnerabilities last modified by a user before this date parameters last modified by service after string optional filter for vulnerabilities last modified by the service after this date parameters last modified by service before string optional filter for vulnerabilities last modified by the service before this date parameters published after string optional filter for vulnerabilities published after this date parameters published before string optional filter for vulnerabilities published before this date parameters discovery method string optional filter for vulnerabilities by discovery method parameters discovery auth types string optional filter for vulnerabilities with specified authentication types (comma separated) parameters show pci reasons number optional 1 to include pci reasons in output parameters show supported modules info number optional 1 to include supported modules info in output parameters show disabled flag number optional 1 to include the disabled flag for each vulnerability parameters show qid change log number optional 1 to include qid changes for each vulnerability parameters code modified after string optional show only qids modified after this date (yyyy mm dd\[thh\ mm \ ssz ]) parameters code modified before string optional show only qids modified before this date (yyyy mm dd\[thh\ mm \ ssz ]) input example {"parameters" {"action" "string","echo request" 123,"details" "basic","ids" 123,"id min" 123,"id max" 123,"is patchable" 123,"last modified after" "string","last modified before" "string","last modified by user after" "string","last modified by user before" "string","last modified by service after" "string","last modified by service before" "string","published after" "string","published before" "string","discovery method" "string","discovery auth types" "string","show pci reasons" 123,"show supported modules info" 123,"show disabled flag" 123,"show qid change log" 123,"code modified after" "string","code modified before" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase file object output field file file file string output field file file file file name string name of the resource output example {"status code" 200,"response headers" {},"reason" "ok","file" {"file" "dfgfdfd34r","file name" "report output csv"}} launch compliance scan initiates a compliance scan in qualys vulnerability scanner using specified parameters and action settings endpoint url api/2 0/fo/scan/compliance/ method post input argument name type required description parameters action string required parameters for the launch compliance scan action parameters scan title string optional parameters for the launch compliance scan action parameters option id string optional parameters for the launch compliance scan action parameters option title string optional parameters for the launch compliance scan action parameters iscanner id string optional parameters for the launch compliance scan action parameters iscanner name string optional parameters for the launch compliance scan action parameters priority string optional parameters for the launch compliance scan action parameters ip string optional parameters for the launch compliance scan action parameters asset group ids string optional parameters for the launch compliance scan action parameters asset groups string optional parameters for the launch compliance scan action parameters exclude ip per scan string optional parameters for the launch compliance scan action parameters default scanner string optional parameters for the launch compliance scan action parameters scanners in ag string optional parameters for the launch compliance scan action input example {"parameters" {"action" "string","scan title" "string","option id" "string","option title" "string","iscanner id" "string","iscanner name" "example name","priority" "string","ip" "string","asset group ids" "string","asset groups" "string","exclude ip per scan" "string","default scanner" "string","scanners in ag" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase simple return object output field simple return simple return response object output field simple return response simple return response datetime string time value simple return response text string output field simple return response text simple return response item list object output field simple return response item list simple return response item list item array output field simple return response item list item simple return response item list item key string output field simple return response item list item key simple return response item list item value string value for the parameter output example {"simple return" {"response" {"datetime" "string","text" "string","item list" {}}}} launch vm scan initiates a vulnerability management scan within qualys using specified data parameters endpoint url /api/2 0/fo/scan/ method post input argument name type required description data body object required response data data body action string required specify action (list, create, delete, update) data body echo request number optional specify 1 to view (echo) input parameters in the xml output by default these are not included data body scan title string optional the scan title this can be a maximum of 2000 characters (ascii) data body target from string optional specify "assets" (the default) when your scan target will include ip addresses/ranges and/or asset groups specify "tags" when your scan target will include asset tags data body ip string optional the ip addresses to be scanned you may enter individual ip addresses and/or ranges multiple entries are comma separated one of these parameters is required ip,asset groups or asset group ids ip is valid only when target from=assets is specified data body asset groups string optional the titles of asset groups containing the hosts to be scanned multiple titles are comma separated one of these parameters is required ip, asset groups or asset group ids, asset groups is valid only when target from=assets is specified these parameters are mutually exclusive and cannot bespecified in the same request asset groups and asset group ids data body asset group ids string optional the ids of asset groups containing the hosts to be scanned multiple ids are comma separated one of these parameters is required ip, asset groups or asset group ids asset group ids is valid only when target from=assets is specified these parameters are mutually exclusive and cannot be specified in the same request asset groups and asset group ids data body exclude ip per scan string optional the ip addresses to be excluded from the scan when the scan target is specified as ip addresses (not asset tags) you may enter individual ip addresses and/or ranges multiple entries are comma separated exclude ip per scan is valid only when target from=assets is specified data body tag include selector string optional select "any" (the default) to include hosts that match at least one of the selected tags select "all" to include hosts that match all of the selected tags tag include selector is valid only when target from=tags isspecified data body tag exclude selector string optional select "any" (the default) to exclude hosts that match at least one of the selected tags select "all" to exclude hosts that match all of the selected tags tag exclude selector is valid only when target from=tags isspecified data body tag set by string optional specify "id" (the default) to select a tag set by providing tag ids specify "name" to select a tag set by providing tag names tag set by is valid only when target from=tags is specified data body tag set include string optional specify a tag set to include hosts that match these tags will be included you identify the tag set by providing tag name or ids multiple entries are comma separated tag set include is valid only when target from=tags is specified data body tag set exclude string optional specify a tag set to exclude hosts that match these tags will be excluded you identify the tag set by providing tag name or ids multiple entries are comma separated tag set exclude is valid only when target from=tags is specified data body use ip nt range tags include number optional specify “0” (the default) to select from all tags (tags with any tag rule) specify “1” to scan all ip addresses defined in tag selection when this is specified, only tags with the dynamic ip address rule called “ip address in network range(s)” can be selected use ip nt range tags include is valid only when target from=tags is specified data body use ip nt range tags exclude number optional specify “0” (the default) to select from all tags (tags with any tag rule) specify “1” to exclude all ip addresses defined in tag selection when this is specified, only tags with the dynamic ip address rule called “ip address in network range(s)” can be selected use ip nt range tags exclude is valid only when target from=tags is specified data body use ip nt range tags number optional specify 0 (the default) to select from all tags (tags with any tag rule) specify 1 to scan all ip addresses defined in tags when this is specified, only tags with the dynamic ip address rule called "ip address in network range(s)" can be selected this parameter has been replaced by use ip nt range tags include and use ip nt range tags exclude parameters the use ip nt range tag parameter is still supported use ip nt range tags is valid only when target from=tags is specified data body iscanner id string optional the ids of the scanner appliances to be used multiple entries are comma separated for an express lite user, internal scanning must be enabled in the user's account one of these parameters must also be specified in a request iscanner name, iscanner id, default scanner, scanners in ag, scanners in tagset when none of these are specified, external scanners are used these parameters are mutually exclusive and cannot be specified in the same request iscanner id and iscanner name data body iscanner name string optional the friendly names of the scanner appliances to be used or "external" for external scanners multiple entries are comma separated for an express lite user, internal scanning must be enabled in the user's account one of these parameters must be specified in a request for an internal scan iscanner name, iscanner id, default scanner, scanners in ag, scanners in tagset when none of these are specified, external scanners are used these parameters are mutually exclusive and cannot be specified in the same request iscanner id and iscanner name data body default scanner number optional specify 1 to use the default scanner in each target asset group for an express lite user, internal scanning must be enabled in the user's account one of these parameters must be specified in a request for an internal scan iscanner name, iscanner id, default scanner, scanners in ag, scanners in tagset when none of these are specified, external scanners are used default scanner is valid when the scan target is specified using one of these parameters asset groups, asset group ids data body scanners in ag number optional groups scanner appliances appliances in each asset group are tasked with scanning the ips in the group by default up to 5 appliances per group will be used and this can be configured for your account (please contact your account manager or support) for an express lite user, internal scanning must be enabled in the user's account one of these parameters must be specified in a request for an internal scan iscanner name, iscanner id, default scanner, scanners in ag, scanners in tagset when none of these are specified, external scanners are used scanners in ag is valid when the scan target is specified using one of these parameters asset groups, asset group ids data body scanners in tagset number optional specify 1 to distribute the scan to scanner appliances that match the asset tags specified for the scan target one of these parameters must be specified in a request for an internal scan iscanner name, iscanner id, default scanner, scanners in ag, scanners in tagset when none of these are specified, external scanners are used scanners in tagset is valid when the target from=tags is specified data body scanners in network number optional specify 1 to distribute the scan to all scanner appliances in the network data body option title string optional the title of the option profile to be used one of these parameters must be specified in a request option title or option id these are mutually exclusive and cannot be specified in the same request data body option id number optional the id of the option profile to be used one of these parameters must be specified in a request option title or option id these are mutually exclusive and cannot be specified in the same request input example {"data body" {"action" "launch","echo request" 123,"scan title" "string","target from" "assets","ip" "string","asset groups" "string","asset group ids" "string","exclude ip per scan" "string","tag include selector" "any","tag exclude selector" "any","tag set by" "id","tag set include" "string","tag set exclude" "string","use ip nt range tags include" 123,"use ip nt range tags exclude" 123,"use ip nt range tags" 123,"iscanner id" "string","iscanner name" "example name","default scanner" 1,"scanners in ag" 123,"scanners in tagset" 123,"scanners in network" 123,"option title" "string","option id" 123,"priority" 123,"connector name" "example name","ec2 endpoint" "string","ec2 instance ids" "string","ip network id" 123,"runtime http header" "string","scan type" "certview","fqdn" "string","client id" 123,"client name" "example name","include agent targets" 123}} output parameter type description status code number http status code of the response reason string response reason phrase simple return object output field simple return simple return response object output field simple return response simple return response datetime string time value simple return response text string output field simple return response text simple return response item list object output field simple return response item list simple return response item list item array output field simple return response item list item simple return response item list item key string output field simple return response item list item key simple return response item list item value string value for the parameter output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 2 may 2024 20 37 23 gmt"},"reason" "ok","json body" {"simple return" {"response" {}}}} launch vm scan on ec2 assets initiates a vulnerability scan on amazon ec2 assets using qualys, based on configurations provided in the data body endpoint url /api/2 0/fo/scan/ method post input argument name type required description data body object required response data data body action string required specify action (list, create, delete, update) data body echo request number optional specify 1 to view (echo) input parameters in the xml output by default these are not included data body scan title string optional the scan title this can be a maximum of 2000 characters (ascii) data body target from string optional specify "assets" (the default) when your scan target will include ip addresses/ranges and/or asset groups specify "tags" when your scan target will include asset tags data body ip string optional the ip addresses to be scanned you may enter individual ip addresses and/or ranges multiple entries are comma separated one of these parameters is required ip,asset groups or asset group ids ip is valid only when target from=assets is specified data body asset groups string optional the titles of asset groups containing the hosts to be scanned multiple titles are comma separated one of these parameters is required ip, asset groups or asset group ids, asset groups is valid only when target from=assets is specified these parameters are mutually exclusive and cannot bespecified in the same request asset groups and asset group ids data body asset group ids string optional the ids of asset groups containing the hosts to be scanned multiple ids are comma separated one of these parameters is required ip, asset groups or asset group ids asset group ids is valid only when target from=assets is specified these parameters are mutually exclusive and cannot be specified in the same request asset groups and asset group ids data body exclude ip per scan string optional the ip addresses to be excluded from the scan when the scan target is specified as ip addresses (not asset tags) you may enter individual ip addresses and/or ranges multiple entries are comma separated exclude ip per scan is valid only when target from=assets is specified data body tag include selector string optional select "any" (the default) to include hosts that match at least one of the selected tags select "all" to include hosts that match all of the selected tags tag include selector is valid only when target from=tags isspecified data body tag exclude selector string optional select "any" (the default) to exclude hosts that match at least one of the selected tags select "all" to exclude hosts that match all of the selected tags tag exclude selector is valid only when target from=tags isspecified data body tag set by string optional specify "id" (the default) to select a tag set by providing tag ids specify "name" to select a tag set by providing tag names tag set by is valid only when target from=tags is specified data body tag set include string optional specify a tag set to include hosts that match these tags will be included you identify the tag set by providing tag name or ids multiple entries are comma separated tag set include is valid only when target from=tags is specified data body tag set exclude string optional specify a tag set to exclude hosts that match these tags will be excluded you identify the tag set by providing tag name or ids multiple entries are comma separated tag set exclude is valid only when target from=tags is specified data body use ip nt range tags include number optional specify “0” (the default) to select from all tags (tags with any tag rule) specify “1” to scan all ip addresses defined in tag selection when this is specified, only tags with the dynamic ip address rule called “ip address in network range(s)” can be selected use ip nt range tags include is valid only when target from=tags is specified data body use ip nt range tags exclude number optional specify “0” (the default) to select from all tags (tags with any tag rule) specify “1” to exclude all ip addresses defined in tag selection when this is specified, only tags with the dynamic ip address rule called “ip address in network range(s)” can be selected use ip nt range tags exclude is valid only when target from=tags is specified data body use ip nt range tags number optional specify 0 (the default) to select from all tags (tags with any tag rule) specify 1 to scan all ip addresses defined in tags when this is specified, only tags with the dynamic ip address rule called "ip address in network range(s)" can be selected this parameter has been replaced by use ip nt range tags include and use ip nt range tags exclude parameters the use ip nt range tag parameter is still supported use ip nt range tags is valid only when target from=tags is specified data body iscanner id string optional the ids of the scanner appliances to be used multiple entries are comma separated for an express lite user, internal scanning must be enabled in the user's account one of these parameters must also be specified in a request iscanner name, iscanner id, default scanner, scanners in ag, scanners in tagset when none of these are specified, external scanners are used these parameters are mutually exclusive and cannot be specified in the same request iscanner id and iscanner name data body iscanner name string optional the friendly names of the scanner appliances to be used or "external" for external scanners multiple entries are comma separated for an express lite user, internal scanning must be enabled in the user's account one of these parameters must be specified in a request for an internal scan iscanner name, iscanner id, default scanner, scanners in ag, scanners in tagset when none of these are specified, external scanners are used these parameters are mutually exclusive and cannot be specified in the same request iscanner id and iscanner name data body default scanner number optional specify 1 to use the default scanner in each target asset group for an express lite user, internal scanning must be enabled in the user's account one of these parameters must be specified in a request for an internal scan iscanner name, iscanner id, default scanner, scanners in ag, scanners in tagset when none of these are specified, external scanners are used default scanner is valid when the scan target is specified using one of these parameters asset groups, asset group ids data body scanners in ag number optional groups scanner appliances appliances in each asset group are tasked with scanning the ips in the group by default up to 5 appliances per group will be used and this can be configured for your account (please contact your account manager or support) for an express lite user, internal scanning must be enabled in the user's account one of these parameters must be specified in a request for an internal scan iscanner name, iscanner id, default scanner, scanners in ag, scanners in tagset when none of these are specified, external scanners are used scanners in ag is valid when the scan target is specified using one of these parameters asset groups, asset group ids data body scanners in tagset number optional specify 1 to distribute the scan to scanner appliances that match the asset tags specified for the scan target one of these parameters must be specified in a request for an internal scan iscanner name, iscanner id, default scanner, scanners in ag, scanners in tagset when none of these are specified, external scanners are used scanners in tagset is valid when the target from=tags is specified data body scanners in network number optional specify 1 to distribute the scan to all scanner appliances in the network data body option title string optional the title of the option profile to be used one of these parameters must be specified in a request option title or option id these are mutually exclusive and cannot be specified in the same request data body option id number optional the id of the option profile to be used one of these parameters must be specified in a request option title or option id these are mutually exclusive and cannot be specified in the same request input example {"data body" {"action" "launch","echo request" 123,"scan title" "string","target from" "assets","ip" "string","asset groups" "string","asset group ids" "string","exclude ip per scan" "string","tag include selector" "any","tag exclude selector" "any","tag set by" "id","tag set include" "string","tag set exclude" "string","use ip nt range tags include" 123,"use ip nt range tags exclude" 123,"use ip nt range tags" 123,"iscanner id" "string","iscanner name" "example name","default scanner" 1,"scanners in ag" 123,"scanners in tagset" 123,"scanners in network" 123,"option title" "string","option id" 123,"priority" 123,"connector name" "example name","ec2 endpoint" "string","ec2 instance ids" "string","ip network id" 123,"runtime http header" "string","scan type" "certview","fqdn" "string","client id" 123,"client name" "example name","include agent targets" 123}} output parameter type description status code number http status code of the response reason string response reason phrase simple return object output field simple return simple return response object output field simple return response simple return response datetime string time value simple return response text string output field simple return response text simple return response item list object output field simple return response item list simple return response item list item array output field simple return response item list item simple return response item list item key string output field simple return response item list item key simple return response item list item value string value for the parameter output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 2 may 2024 20 37 23 gmt"},"reason" "ok","json body" {"simple return" {"response" {}}}} list asset groups retrieve a list of asset groups from qualys vulnerability scanner using the specified 'action' parameter endpoint url api/2 0/fo/asset/group/ method get input argument name type required description parameters action string required parameters for the list asset groups action parameters ids string optional parameters for the list asset groups action parameters id min string optional parameters for the list asset groups action parameters id max string optional parameters for the list asset groups action parameters network ids string optional parameters for the list asset groups action parameters unit id string optional parameters for the list asset groups action parameters user id string optional parameters for the list asset groups action parameters title string optional parameters for the list asset groups action parameters truncation limit string optional parameters for the list asset groups action parameters show attributes string optional parameters for the list asset groups action input example {"parameters" {"action" "string","ids" "string","id min" "string","id max" "string","network ids" "string","unit id" "string","user id" "string","title" "string","truncation limit" "string","show attributes" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase asset group list output object output field asset group list output asset group list output response object output field asset group list output response asset group list output response datetime string time value asset group list output response asset group list object output field asset group list output response asset group list asset group list output response asset group list asset group array output field asset group list output response asset group list asset group asset group list output response asset group list asset group id string unique identifier asset group list output response asset group list asset group title string output field asset group list output response asset group list asset group title asset group list output response asset group list asset group last update string date value asset group list output response asset group list asset group business impact string output field asset group list output response asset group list asset group business impact asset group list output response asset group list asset group ip set object output field asset group list output response asset group list asset group ip set asset group list output response asset group list asset group domain list object output field asset group list output response asset group list asset group domain list asset group list output response asset group list asset group owner user name string name of the resource asset group list output response asset group list asset group owner user id string unique identifier output example {"asset group list output" {"response" {"datetime" "string","asset group list" {}}}} list compliance policy retrieve a list of compliance policies from qualys vulnerability scanner using the specified 'action' parameter endpoint url api/2 0/fo/compliance/policy/ method get input argument name type required description parameters action string required parameters for the list compliance policy action parameters details string optional parameters for the list compliance policy action parameters ids string optional parameters for the list compliance policy action parameters id min string optional parameters for the list compliance policy action parameters id max string optional parameters for the list compliance policy action parameters updated after datetime string optional parameters for the list compliance policy action parameters created after datetime string optional parameters for the list compliance policy action input example {"parameters" {"action" "string","details" "string","ids" "string","id min" "string","id max" "string","updated after datetime" "string","created after datetime" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase policy list output object output field policy list output policy list output response object output field policy list output response policy list output response datetime string time value policy list output response policy list object output field policy list output response policy list policy list output response policy list policy object output field policy list output response policy list policy policy list output response policy list policy id string unique identifier policy list output response policy list policy title string output field policy list output response policy list policy title policy list output response policy list policy created object output field policy list output response policy list policy created policy list output response policy list policy last modified object output field policy list output response policy list policy last modified policy list output response policy list policy last evaluated object output field policy list output response policy list policy last evaluated policy list output response policy list policy status string status value policy list output response policy list policy is locked string output field policy list output response policy list policy is locked policy list output response policy list policy evaluate now string output field policy list output response policy list policy evaluate now policy list output response policy list policy asset group ids string unique identifier policy list output response policy list policy tag set include object output field policy list output response policy list policy tag set include policy list output response policy list policy tag include selector string output field policy list output response policy list policy tag include selector policy list output response policy list policy include agent ips string output field policy list output response policy list policy include agent ips policy list output response policy list policy control list object output field policy list output response policy list policy control list policy list output response glossary object output field policy list output response glossary policy list output response glossary asset group list object output field policy list output response glossary asset group list policy list output response glossary asset group list asset group object output field policy list output response glossary asset group list asset group policy list output response glossary asset tag list object output field policy list output response glossary asset tag list policy list output response glossary asset tag list tag object output field policy list output response glossary asset tag list tag output example {"policy list output" {"response" {"datetime" "string","policy list" {},"glossary" {}}}} list compliance posture information retrieve compliance posture information for hosts, including ids and attributes, from the qualys account using specified parameters endpoint url /api/2 0/fo/compliance/posture/info method get input argument name type required description parameters type object optional parameters for the list compliance posture information action parameters action string required specify action to list posture compliance information parameters echo request number optional specify 1 to view (echo) input parameters in the xml output by default these are not included parameters policy id number optional show compliance posture info records for a specified policy a valid policy id is required the parameters policy id and policy ids cannot be specified in the same request parameters policy ids string optional (policy id or policy ids is required) show compliance posture info records for multiple policies up to 10 policies may be requested provide a comma separated list of valid policy ids parameters control ids string optional show only compliance posture info records for controls which have certain control ids and/or ranges parameters output format string optional the output format parameters details string optional show a certain amount of information for each compliance posture info record parameters hide evidence number optional set to 1 to hide the evidence information in the output parameters include dp name string optional show the name and id for each data point in the xml output parameters show remediation info number optional set to 1 to show remediation information in the output parameters cause of failure number optional set to 1 to display the cause of failure for directory integrity monitoring udcs parameters truncation limit number optional specify the number of posture info records returned per request set to 0 for no truncation parameters ips string optional show only compliance posture info records for hosts with certain ip addresses/ranges parameters host ids string optional show only compliance posture info records for hosts with certain host ids and/or id ranges parameters asset group ids string optional show only hosts in certain asset groups parameters filter hosts number optional improve performance by skipping tag resolution service parameters ids string optional show only compliance posture info records for certain posture ids and/or id ranges parameters id min number optional show posture info records with minimum id value parameters id max number optional show posture info records with maximum id value parameters status changes since string optional show records with status changes since specified datetime parameters evaluation date string optional show records with evaluation date >= specified datetime parameters status string optional show records with specified posture status parameters criticality labels string optional filter by criticality labels (e g , serious, critical, urgent) parameters criticality values string optional filter by criticality values (0–5) input example {"parameters" {"type" {},"action" "list","echo request" 123,"policy id" 123,"policy ids" "string","control ids" "string","output format" "xml","details" "string","hide evidence" 123,"include dp name" "example name","show remediation info" 123,"cause of failure" 123,"truncation limit" 123,"ips" "string","host ids" "string","asset group ids" "string","filter hosts" 123,"ids" "string","id min" 123,"id max" 123,"status changes since" "active","evaluation date" "string","status" "active","criticality labels" "string","criticality values" "string","tag set by" "string","tag include selector" "string","tag exclude selector" "string","tag set include" "string","tag set exclude" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"reason" "ok","json body" {}} list ips retrieve a list of ip addresses from qualys vulnerability scanner based on specified parameters such as 'ips' and 'action' endpoint url api/2 0/fo/asset/ip/ method get input argument name type required description parameters action string required parameters for the list ips action parameters ips string required parameters for the list ips action parameters compliance enabled string optional parameters for the list ips action parameters certview enabled string optional parameters for the list ips action input example {"parameters" {"action" "string","ips" "string","compliance enabled" "string","certview enabled" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase ip list output object output field ip list output ip list output response object output field ip list output response ip list output response datetime string time value ip list output response ip set object output field ip list output response ip set ip list output response ip set ip array output field ip list output response ip set ip ip list output response ip set ip range array output field ip list output response ip set ip range output example {"ip list output" {"response" {"datetime" "string","ip set" {}}}} list networks retrieve a list of networks from qualys vulnerability scanner using the specified 'action' parameter endpoint url api/2 0/fo/network/ method get input argument name type required description parameters action string required parameters for the list networks action parameters ids string optional parameters for the list networks action input example {"parameters" {"action" "string","ids" "string"}} list reports retrieve different report types from a qualys account, such as scorecard reports, using the 'action' parameter endpoint url /api/2 0/fo/report/ method get input argument name type required description parameters action string required specify action to list reports parameters echo request number optional specify 1 to view (echo) input parameters in the xml output by default these are not included parameters id number optional specifies a report id of a report that is saved in the report share storage space when specified, information on the selected report will be included in the xml output parameters state string optional specifies that reports with a certain state will be included in the xml output by default, all states are included parameters user login number optional specifies a user login id this parameter is used to restrict the xml output to reports launched by the specified user login id parameters expires before datetime string optional specifies the date and time (optional) when reports will expire in the future only reports that expire before this date/time will be included in the xml output the date/time is specified in yyyy mm dd\[thh\ mm \ ssz ] format (utc/gmt), like "2007 07 01" or "2007 01 25t23 12 00z " parameters client id number optional id assigned to the client (consultant subscription only) parameter client id or client name may be specified for the same request parameters client name string optional name of the client (consultant subscription only) parameter client id or client name may be specified for the same request input example {"parameters" {"action" "list","echo request" 0,"id" 232123,"state" "running","user login" 21331,"expires before datetime" "2007 01 25t23 12 00z","client id" 54312435,"client name" "test"}} output parameter type description status code number http status code of the response reason string response reason phrase response object output field response response reports array list of reports response datetime string datetime of the request output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} list restricted ips retrieve a list of restricted ip addresses from qualys vulnerability scanner based on the provided 'action' parameter endpoint url api/2 0/fo/setup/restricted ips/ method get input argument name type required description parameters action string required parameters for the list restricted ips action input example {"parameters" {"action" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase restricted ips output object output field restricted ips output restricted ips output response object output field restricted ips output response restricted ips output response datetime string time value restricted ips output response status string status value output example {"restricted ips output" {"response" {"datetime" "string","status" "active"}}} list scap policy retrieve a list of scap (security content automation protocol) policies from qualys for compliance checks endpoint url api/2 0/fo/compliance/fdcc policy/ method get input argument name type required description parameters action string required parameters for the list scap policy action parameters details string optional parameters for the list scap policy action parameters ids string optional parameters for the list scap policy action parameters id min string optional parameters for the list scap policy action parameters id max string optional parameters for the list scap policy action parameters updated after datetime string optional parameters for the list scap policy action parameters created after datetime string optional parameters for the list scap policy action input example {"parameters" {"action" "string","details" "string","ids" "string","id min" "string","id max" "string","updated after datetime" "string","created after datetime" "string"}} list scap scans retrieve a list of scap scans from qualys vulnerability scanner based on specified action parameters endpoint url api/2 0/fo/scan/scap/ method get input argument name type required description parameters action string required parameters for the list scap scans action parameters scan ref string optional parameters for the list scap scans action parameters scan id string optional parameters for the list scap scans action parameters state string optional parameters for the list scap scans action parameters processed string optional parameters for the list scap scans action parameters type string optional parameters for the list scap scans action parameters target string optional parameters for the list scap scans action parameters user login string optional parameters for the list scap scans action parameters launched after datetime string optional parameters for the list scap scans action parameters launched before datetime string optional parameters for the list scap scans action parameters client id string optional parameters for the list scap scans action parameters client name string optional parameters for the list scap scans action input example {"parameters" {"action" "string","scan ref" "string","scan id" "string","state" "string","processed" "string","type" "string","target" "string","user login" "string","launched after datetime" "string","launched before datetime" "string","client id" "string","client name" "example name"}} output parameter type description status code number http status code of the response reason string response reason phrase scan list output object output field scan list output scan list output response object output field scan list output response scan list output response datetime string time value scan list output response scan list object output field scan list output response scan list scan list output response scan list scan object output field scan list output response scan list scan scan list output response scan list scan id string unique identifier scan list output response scan list scan ref string output field scan list output response scan list scan ref scan list output response scan list scan type string type of the resource scan list output response scan list scan title string output field scan list output response scan list scan title scan list output response scan list scan policy object output field scan list output response scan list scan policy scan list output response scan list scan user login string output field scan list output response scan list scan user login scan list output response scan list scan launch datetime string time value scan list output response scan list scan status object status value scan list output response scan list scan target string output field scan list output response scan list scan target output example {"scan list output" {"response" {"datetime" "string","scan list" {}}}} list virtual hosts retrieve a list of virtual hosts from qualys vulnerability scanner using the specified 'action' parameter endpoint url api/2 0/fo/asset/vhost/ method get input argument name type required description parameters action string required parameters for the list virtual hosts action parameters ip string optional parameters for the list virtual hosts action parameters port string optional parameters for the list virtual hosts action input example {"parameters" {"action" "string","ip" "string","port" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase virtual host list output object output field virtual host list output virtual host list output response object output field virtual host list output response virtual host list output response datetime string time value virtual host list output response virtual host list object output field virtual host list output response virtual host list virtual host list output response virtual host list virtual host object output field virtual host list output response virtual host list virtual host virtual host list output response virtual host list virtual host ip string output field virtual host list output response virtual host list virtual host ip virtual host list output response virtual host list virtual host port string output field virtual host list output response virtual host list virtual host port virtual host list output response virtual host list virtual host fqdn string output field virtual host list output response virtual host list virtual host fqdn output example {"virtual host list output" {"response" {"datetime" "string","virtual host list" {}}}} list vm scans retrieve a list of the past 30 days' vulnerability management scans from qualys, requiring the 'action' parameter endpoint url api/2 0/fo/scan/ method get input argument name type required description parameters action string required parameters for the list vm scans action parameters echo request number optional parameters for the list vm scans action parameters scan ref string optional parameters for the list vm scans action parameters scan id string optional parameters for the list vm scans action parameters state string optional parameters for the list vm scans action parameters processed number optional parameters for the list vm scans action parameters type string optional parameters for the list vm scans action parameters target string optional parameters for the list vm scans action parameters user login string optional parameters for the list vm scans action parameters launched after datetime string optional parameters for the list vm scans action parameters launched before datetime string optional parameters for the list vm scans action parameters client id string optional parameters for the list vm scans action parameters client name string optional parameters for the list vm scans action parameters show ags number optional parameters for the list vm scans action parameters show op number optional parameters for the list vm scans action parameters show status number optional parameters for the list vm scans action parameters show last number optional parameters for the list vm scans action parameters pci only number optional parameters for the list vm scans action parameters ignore target number optional parameters for the list vm scans action input example {"parameters" {"action" "list","echo request" 0,"scan ref" "scan/987659876 19876","scan id" "scan id","state" "running, paused, canceled, finished, error, queued","processed" 0,"type" "on demand","target" "10 10 10 1 10 10 10 2","user login" "demouser","launched after datetime" "2017 01 25t23 12 00z","launched before datetime" "2017 01 25t23 12 00z","client id" "client id","client name" "client name","show ags" 0,"show op" 0,"show status" 0,"show last" 0,"pci only" 0,"ignore target" 0}} output parameter type description status code number http status code of the response reason string response reason phrase scan list output object output field scan list output scan list output response object output field scan list output response scan list output response datetime string time value scan list output response scan list object output field scan list output response scan list scan list output response scan list scan array output field scan list output response scan list scan scan list output response scan list scan ref string output field scan list output response scan list scan ref scan list output response scan list scan type string type of the resource scan list output response scan list scan title string output field scan list output response scan list scan title scan list output response scan list scan user login string output field scan list output response scan list scan user login scan list output response scan list scan launch datetime string time value scan list output response scan list scan duration string output field scan list output response scan list scan duration scan list output response scan list scan processing priority string output field scan list output response scan list scan processing priority scan list output response scan list scan processed string output field scan list output response scan list scan processed scan list output response scan list scan status object status value scan list output response scan list scan target string output field scan list output response scan list scan target output example {"status code" 200,"response headers" {"date" "tue, 28 mar 2023 04 00 03 gmt","server" "apache","x xss protection" "1; mode=block","x content type options" "nosniff","x frame options" "sameorigin","strict transport security" "max age=31536000; includesubdomains","expires" "thu, 19 nov 1981 08 52 00 gmt","cache control" "no store, no cache, private, must revalidate, post check=0, pre check=0","pragma" "no cache","x powered by" "qualys\ uspod3 438b7047 7854 5181 8116 979356194b02 8217759d 8170 731e list vm scans by post method retrieve recent vulnerability management scans from qualys within a default 30 day lookback period using the post method endpoint url api/2 0/fo/scan/ method post input argument name type required description data body object required response data data body action string required a flag used to make a request for a scan list data body echo request number optional specify 1 to view (echo) input parameters in the xml output by default these are not included data body scan ref string optional show only a scan with a certain scan reference code for a vulnerability scan, format is scan/987659876 19876 for a compliance scan format is compliance/98765456 12345 for a scap scan format is qscap/987659999 22222 data body scan id string optional show only a scan with a certain compliance scan id data body state string optional show only scans with one or more scan states multiple states are comma separated a valid value is running, paused, canceled, finished, error, queued (scan job is waiting to be distributed to scanners), or loading (scanners are finished and scan results are being loaded onto the platform) data body processed number optional specify 0 to show only scans that are not processed specify 1 to show only scans that have been processed when not specified, the scan list output is not filtered based on the processed status data body type string optional show only a certain scan type by default, the scan list is not restricted to a certain scan type a valid value is on demand, scheduled, or api data body target string optional show only one or more target ip addresses by default, the scan list includes all scans on all ip addresses multiple ip addresses and/or ranges may be entered multiple entries are comma separated you may enter an ip address range using the hyphen ( ) to separate the start and end ip address, as in 10 10 10 1 10 10 10 2 data body user login string optional show only a certain user login the user login identifies a user who launched scans by default, the scan list is not restricted to scans launched by a particular user enter the login name for a valid qualys user account data body launched after datetime string optional show only scans launched after a certain date and time (optional) the date/time is specified in yyyy mm dd\[thh\ mm \ ssz ] format (utc/gmt), like "2017 07 01" or "2017 01 25t23 12 00z " when launched after datetime and launched before datetime are unspecified, the service selects scans launched within the past 30 days a date/time in the future returns an empty scans list data body launched before datetime string optional show only scans launched before a certain date and time (optional) the date/time is specified in yyyy mm dd\[thh\ mm \ ssz ] format (utc/gmt), like "2017 07 01" or "2017 01 25t23 12 00z " when launched after datetime and launched before datetime are unspecified, the service selects scans launched within the past 30 days a date/time in the future returns a list of all scans (not limited to scans launched within the past 30 days) data body client id string optional id assigned to the client (consultant type subscription only) parameter client id or client name may be specified for the same request data body client name string optional name of the client (consultant type subscription only) parameter client id or client name may be specified for the same request data body show ags number optional specify 1 to show asset group information for each scan in the xml output by default, asset group information is not shown data body show op number optional specify 1 to show option profile information for each scan in the xml output by default, option profile information is not shown data body show status number optional specify 0 to not show scan status for each scan in the xml output by default, scan status is shown data body show last number optional specify 1 to show only the most recent scan (which meets all other search filters in the request) in the xml output by default, all scans are shown in xml output data body pci only number optional specify 1 to show only external pci scans in the xml output external pci scans are vulnerability scans run with the option profile "payment card industry (pci) options" when pci only=1 is specified, the xml output will not include other types of scans run with other option profiles data body ignore target number optional specify 1 to hide target information from the scan list specify 0 to display the target information input example {"data body" {"action" "list","echo request" 0,"scan ref" "scan/987659876 19876","scan id" "","state" "running","processed" 0,"type" "on demand","target" "10 10 10 1 10 10 10 2","user login" "demouser","launched after datetime" "2017 01 25t23 12 00z","launched before datetime" "2017 01 25t23 12 00z","client id" "","client name" "","show ags" 0,"show op" 0,"show status" 0,"show last" 0,"pci only" 0,"ignore target" 0}} output parameter type description status code number http status code of the response reason string response reason phrase scan list output object output field scan list output scan list output response object output field scan list output response scan list output response datetime string time value output example {"status code" 200,"response headers" {"date" "tue, 11 mar 2025 05 39 01 gmt","content type" "text/xml;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","x content type options" "nosniff, nosniff","x frame options" "sameorigin","expires" "thu, 19 nov 1981 08 52 00 gmt","cache control" "no store, no cache, private, must revalidate, post check=0, pre check=0","pragma" "no cache","x powered by" "qualys\ uspod3 19c2b0e7 3e70 e163 833e 64144bbbf8b3 730c59a6 aa5f e469 81f8 0cd5e manage vm scans control and manage vulnerability scans by specifying actions like start, stop, or pause, along with the scan reference in qualys endpoint url api/2 0/fo/scan/ method get input argument name type required description parameters action string required parameters for the manage vm scans action parameters echo request number optional parameters for the manage vm scans action parameters scan ref string required parameters for the manage vm scans action parameters ips string optional parameters for the manage vm scans action parameters mode string optional parameters for the manage vm scans action parameters output format string optional parameters for the manage vm scans action parameters client id string optional parameters for the manage vm scans action parameters client name string optional parameters for the manage vm scans action input example {"parameters" {"action" "fetch","echo request" 0,"scan ref" "987659876 19876","ips" "10 10 10 1 10 10 10 20, 10 10 10 3","mode" "brief","output format" "json","client id" "test","client name" "john"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "thu, 30 mar 2023 07 21 33 gmt","server" "apache","x xss protection" "1; mode=block","x content type options" "nosniff","x frame options" "sameorigin","strict transport security" "max age=31536000; includesubdomains","expires" "thu, 19 nov 1981 08 52 00 gmt","cache control" "no store, no cache, private, must revalidate, post check=0, pre check=0","pragma" "no cache","x powered by" "qualys\ uspod3 438b7047 7854 5181 8116 979356194b02 8217759d 8170 731e patch list retrieve a list of applicable patches for a specific host in qualys vulnerability scanner using the provided host id endpoint url api/2 0/fo/asset/patch/index php method get input argument name type required description parameters host id string required parameters for the patch list action input example {"parameters" {"host id" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase patch list output object output field patch list output patch list output response object output field patch list output response patch list output response subscription id string unique identifier patch list output response host id string unique identifier patch list output response ip string output field patch list output response ip patch list output response dns string output field patch list output response dns patch list output response netbios string output field patch list output response netbios patch list output response os string output field patch list output response os patch list output response os cpe object output field patch list output response os cpe patch list output response network string output field patch list output response network patch list output response patch info list object output field patch list output response patch info list patch list output response patch info list patch info object output field patch list output response patch info list patch info patch list output response patch info list patch info detection qids object unique identifier patch list output response patch info list patch info patch qid object unique identifier patch list output response patch info list patch info patch severity string output field patch list output response patch info list patch info patch severity patch list output response patch info list patch info patch title string output field patch list output response patch info list patch info patch title patch list output response patch info list patch info patch vendor id string unique identifier patch list output response patch info list patch info patch release date string date value patch list output response patch info list patch info patch links object output field patch list output response patch info list patch info patch links output example {"patch list output" {"response" {"subscription id" "string","host id" "string","ip" "string","dns" "string","netbios" "string","os" "string","os cpe" {},"network" "string","patch info list" {}}}} update azure internal scan updates an existing internal azure scan job in qualys for unresolved targets requires a data body input endpoint url /api/2 0/fo/scan/cloud/internal/job/ method post input argument name type required description data body object required response data data body action string required specify update to make changes to an existing scan job data body id string required the id of the scan schedule you want to update data body module string optional specify vm for a vulnerability scan data body cloud provider string optional specify azure for an azure internal scan the cloud provider value cannot be changed during an update request data body cloud service string optional specify vm (azure virtual machine) for an azure internal scan the cloud service value cannot be changed during an update request data body connector name string optional the name of the connector to be used we check if the specified connector name exists for your qualys subscription if the specified connector name does not exists in your qualys subscription, then the api request returns an error message invalid connector name provided one of these parameters must be specified in the request conector name or connector uuid these are mutually exclusive and cannot be specified in the same request data body connector uuid string optional the id of the connector to be used if the specified connector name does not exists in your qualys subscription, then the api request returns an error message invalid connector uuid provided one of these parameters must be specified in the request conector name or connector uuid these are mutually exclusive and cannot be specified in the same request data body scan title string optional the scan title to create data body active number optional specify 1 to create an active schedule specify 0 to create an inactive schedule data body option title string optional the title of the option profile to be used one of these parameters must be specified in the request option title or option id these are mutually exclusive and cannot be specified in the same request data body option id number optional the id of the option profile to be used one of these parameters must be specified in a request option title or option id these are mutually exclusive and cannot be specified in the same request data body priority number optional specify a value of 0 9 to set a processing priority level for the scan when not specified, a value of 0 (no priority) is used valid values are 0 = no priority (the default), 1 = emergency, 2 = ultimate, 3 = critical, 4 = major, 5 = high, 6 = standard, 7 = medium, 8 = minor, 9 = low data body iscanner id string optional the ids of the scanner appliances to be used multiple entries are comma separated these parameters cannot be specified in the same request iscanner id and iscanner name data body iscanner name string optional the friendly names of the scanner appliances to be used multiple entries are comma separated these parameters cannot be specified in the same request iscanner id and iscanner name data body platform type string optional select the platform type as either location or virtual network data body region code string optional the azure region code valid values are ap northeast 1, ap southeast 1, ap southeast 2, ap east 1, eu west 1, eu north 1, asa east 1, us east 1, us west 1, us west 2, me south 1, eu south 1, and af south 1 this parameter is mandatory when the platform type is set to location data body virtual network id string optional provide the id of the azure virtual network this parameter is mandatory when the platform type is set to virtual network data body tag include selector string optional select any (the default) to include hosts that match at least one of the selected tags select all to include hosts that match all of the selected tags data body tag exclude selector string optional select any (the default) to exclude hosts that match at least one of the selected tags select all to exclude hosts that match all of the selected tags data body tag set by string optional specify “id” (the default) to select a tag set by providing tag ids specify “name” to select a tag set by providing tag names we will check if the tag ids or tag names are valid data body tag set include string optional specify a tag set to include hosts that match these tags will be included you identify the tag set by providing tag name or ids multiple entries are comma separated data body tag set exclude string optional specify a tag set to exclude hosts that match these tags will be excluded you identify the tag set by providing tag name or ids multiple entries are comma separated data body cloud resource ids string optional only applicable for update request specific vm ids on which scan needs to be launched (vm ids are comma separated) specify remove to delete the existing vm ids specify any vm id to replace the existing vm ids data body schedule string optional specify now to schedule the scan job for now specify recurring to schedule the scan job to start at a later time or on a recurring basis see schedule parameters for azure internal scans possible values are now, recurring input example {"data body" {"action" "update","id" "12345678 1234 1234 1234 123456789abc","module" "vm","cloud provider" "azure","cloud service" "vm","connector name" "example name","connector uuid" "string","scan title" "string","active" 123,"option title" "string","option id" 123,"priority" 123,"iscanner id" "string","iscanner name" "example name","platform type" "string","region code" "string","virtual network id" "string","tag include selector" "any","tag exclude selector" "any","tag set by" "id","tag set include" "string","tag set exclude" "string","cloud resource ids" "string","schedule" "string","occurrence" "string","frequency days" 123,"frequency weeks" 123,"weekdays" "string","frequency months" 123,"day of month" 123,"day of week" 123,"week of month" "string","start date" "string","start hour" 123,"start minute" 123,"time zone code" "string","observe dst" "string","recurrence" 123,"end after" 123,"end after mins" 123,"pause after hours" 123,"pause after mins" 123,"resume in days" "string","resume in hours" 123,"set start time" 123,"before notify" 123,"before notify unit" "string","before notify time" 123,"before notify message" "string","after notify" 123}} output parameter type description status code number http status code of the response reason string response reason phrase simple return object output field simple return simple return response object output field simple return response simple return response datetime string time value simple return response text string output field simple return response text simple return response item list object output field simple return response item list simple return response item list item object output field simple return response item list item simple return response item list item key string output field simple return response item list item key simple return response item list item value string value for the parameter output example {"status code" 200,"response headers" {"date" "tue, 11 mar 2025 05 39 01 gmt","content type" "text/xml;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","x content type options" "nosniff, nosniff","x frame options" "sameorigin","expires" "thu, 19 nov 1981 08 52 00 gmt","cache control" "no store, no cache, private, must revalidate, post check=0, pre check=0","pragma" "no cache","x powered by" "qualys\ uspod3 19c2b0e7 3e70 e163 833e 64144bbbf8b3 730c59a6 aa5f e469 81f8 0cd5e update cloud perimeter scan updates an existing cloud perimeter scan in qualys, targeting unresolved assets with the provided data body input endpoint url /api/2 0/fo/scan/cloud/perimeter/job/ method post input argument name type required description data body object required response data data body action string required specify "create" to configure a new cloud perimeter scan job data body id string required the id of the scan schedule you want to update data body module string optional specify "vm" for a vulnerability scan and "pc" for a compliance scan required for create request data body cloud provider string optional specify "azure" for an azure scan specify "aws" for an aws ec2 scan specify "gcp" for a gcp scan the cloud provider value cannot be changed during an update request when cloud provider=azure, the following parameters cannot be specified in the same request platform type, region code, vpc id, include micro nano instances, include lb from connector these parameters only apply when cloud provider=aws is specified data body cloud service string optional specify "vm" (azure virtual machine) for an azure scan specify "ec2" for an aws ec2 scan specify "compute engine" for a gcp scan the cloud service value cannot be changed during an update request data body connector name string optional the name of the connector to be used one of these parameters must be specified in the request conector name or connector uuid these are mutually exclusive and cannot be specified in the same request data body connector uuid string optional the id of the connector to be used one of these parameters must be specified in the request conector name or connector uuid these are mutually exclusive and cannot be specified in the same request data body scan title string optional the scan title when not specified the default scan title is "aws ec2 perimeter scan " data body active number optional specify "1" to create an active schedule specify "0" to create an inactive schedule data body option title string optional the title of the option profile to be used one of these parameters must be specified in the request option title or option id these are mutually exclusive and cannot be specified in the same request data body option id number optional the id of the option profile to be used one of these parameters must be specified in a request option title or option id these are mutually exclusive and cannot be specified in the same request data body priority number optional specify a value of 0 9 to set a processing priority level for the scan when not specified, a value of 0 (no priority) is used valid values are 0 = no priority (the default), 1 = emergency, 2 = ultimate, 3 = critical, 4 = major, 5 = high, 6 = standard, 7 = medium, 8 = minor, 9 = low data body iscanner id string optional the ids of the scanner appliances to be used specify "0" for external scanners multiple entries are comma separated these parameters cannot be specified in the same request iscanner id and iscanner name optional, only valid when your account is configured to allow internal scanners data body iscanner name string optional the friendly names of the scanner appliances to be used or "external" for external scanners multiple entries are comma separated these parameters cannot be specified in the same request iscanner id and iscanner name optional, only valid when your account is configured to allow internal scanners data body platform type string optional the platform type valid values are classic, vpc peered or selected vpc data body region code string optional the ec2 region code valid values are ap northeast 1, ap southeast 1, ap southeast 2, ap east 1, eu west 1, eu north 1, asa east 1, us east 1, us west 1, us west 2, me south 1, eu south 1, and af south 1 one of these parameters must be specified in the request region code or vpc id these are mutually exclusive and cannot be specified in the same request data body vpc id string optional the id of the virtual private cloud (vpc) zone the id value must start with vpc we will check if the specified vpc id exists for the selected connector one of these parameters must be specified in the request region code or vpc id these are mutually exclusive and cannot be specified in the same request data body include micro nano instances number optional specify 1 to include ec2 assets with instance types t2 nano, t3 nano, t1 micro and m1 small in the scan job by default, this parameter value is set to 0 note that these instance types must be activated for your account so that we can include them in the scan warning aws ec2 assets with instance types t2 nano, t3 nano, t1 micro and m1 small have very limited cpu when scanning these instance types we recommend you choose an option profile with light port scanning and no authentication alternatively, use qualys cloud agent to perform the equivalent of authenticated scanning for the least performance impact for these instance types data body tag include selector string optional select “any” (the default) to include hosts that match at least one of the selected tags select “all” to include hosts that match all of the selected tags data body tag exclude selector string optional select “any” (the default) to exclude hosts that match at least one of the selected tags select “all” to exclude hosts that match all of the selected tags data body tag set by string optional specify “id” (the default) to select a tag set by providing tag ids specify “name” to select a tag set by providing tag names we will check if the tag ids or tag names are valid data body tag set include string optional specify a tag set to include hosts that match these tags will be included you identify the tag set by providing tag name or ids multiple entries are comma separated data body tag set exclude string optional specify a tag set to exclude hosts that match these tags will be excluded you identify the tag set by providing tag name or ids multiple entries are comma separated data body include lb from connector number optional specify 1 to include public load balancers from the selected connector in the scan job by default, this parameter value is set to 0 note when you set this parameter to 1, we fetch public load balancers from the aws connector in cloudview that has the same configuration as that of the selected connector if you select this option, ensure that you have the connector created in your cloudview account with a configuration similar to that of the selected connector if the connector in cloudview is not found, then we can't fetch the public load balancers from the connector input example {"data body" {"action" "create","id" "12345678 1234 1234 1234 123456789abc","module" "string","cloud provider" "string","cloud service" "string","connector name" "example name","connector uuid" "string","scan title" "string","active" 123,"option title" "string","option id" 123,"priority" 123,"iscanner id" "string","iscanner name" "example name","platform type" "string","region code" "string","vpc id" "string","include micro nano instances" 123,"tag include selector" "any","tag exclude selector" "any","tag set by" "id","tag set include" "string","tag set exclude" "string","include lb from connector" 123,"elb dns" "string","schedule" "string","occurrence" "string","frequency days" 123,"frequency weeks" 123,"weekdays" "string","frequency months" 123,"day of month" 123,"day of week" 123,"week of month" "string","start date" "string","start hour" 123,"start minute" 123,"time zone code" "string","observe dst" "string","recurrence" 123,"end after" 123,"end after mins" 123,"pause after hours" 123,"pause after mins" 123,"resume in days" "string","resume in hours" 123,"set start time" 123,"before notify" 123,"before notify unit" "string","before notify time" 123}} output parameter type description status code number http status code of the response reason string response reason phrase simple return object output field simple return simple return response object output field simple return response simple return response datetime string time value simple return response text string output field simple return response text simple return response item list object output field simple return response item list simple return response item list item object output field simple return response item list item simple return response item list item key string output field simple return response item list item key simple return response item list item value string value for the parameter output example {"status code" 200,"response headers" {"date" "tue, 11 mar 2025 05 39 01 gmt","content type" "text/xml;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","x content type options" "nosniff, nosniff","x frame options" "sameorigin","expires" "thu, 19 nov 1981 08 52 00 gmt","cache control" "no store, no cache, private, must revalidate, post check=0, pre check=0","pragma" "no cache","x powered by" "qualys\ uspod3 19c2b0e7 3e70 e163 833e 64144bbbf8b3 730c59a6 aa5f e469 81f8 0cd5e vm scan summary by post method generates a summary report of scanned or unscanned hosts by qualys, detailing reasons, using the post method with a required data body endpoint url /api/2 0/fo/scan/vm/summary/ method post input argument name type required description data body object required response data data body action string required the list action is required data body output format string optional the only supported output format at this time is xml data body scan reference string optional specifies a unique scan reference id use this option to include scan summary information for a single scan only for vm scans, the scan reference has the format scan/987654321 98765 one of these parameters must be specified in the request scan datetime since or scan reference you cannot specify scan reference in the same request as scan datetime since and scan datetime until data body scan datetime since string optional include scans started since a certain date the date must be less than or equal to today’s date specify the date in gmt timezone in rfc 3339 format yyyy mm ddthh mm ssz example 2020 10 01t09 30 48z one of these parameters must be specified in the request scan datetime since or scan reference you cannot specify scan datetime since in the same request as scan reference data body scan datetime until string optional include scans started up to a certain date the date must be more than or equal to scan datetime since, and less than or equal to today’s date specify the date in gmt timezone in rfc 3339 format yyyy mm ddthh mm ssz example 2020 10 01t09 30 48z the parameter scan datetime until can only be specified when scan datetime since is also specified you cannot specify scan datetime until in the same request as scan reference data body include scan input number optional by default, scan input information is included in the xml output in the \<scan input> block specify include scan input=0 if you don’t want this entire block to appear in the output scan input information includes the scan title, user login (for user who launched the scan), whether or not the scan was scheduled, scan target, network, option profile, etc data body include scan details number optional by default, scan details are included in the xml output in the \<scan details> block specify include scan details=0 if you don’t want this entire block to appear in the output scan details include the scan status, launch date/time, and scan duration data body include hosts summary number optional by default, hosts summary information is included in the xml output in the block under \<scan results> specify include hosts summary=0 if you don’t want the block to appear in the output the hosts summary shows the total number of hosts scanned, and lists the ip addresses, dns hostnames and netbios hostnames in the scan data body include detections summary number optional by default, detections summary information is included in the xml output in the block under \<scan results> specify include detections summary=0 if you don’t want the block to appear in the output the detections summary includes the total number of detections, and the number of detections by severity for confirmed, potential and information gathered data body include hosts summary categories string optional when unspecified, all categories are included in the xml output to filter the categories, provide a comma separated list of the categories to include in the output possible values are scanned, excluded, cancelled, unresolved, duplicate, not vulnerable, dead, aborted, blocked, failed slice, exceeded scan duration see "host summary categories" below for more information on each category each category appears a block inside \<scan results> if a category is filtered out, the respective category block does not appear in the output input example {"data body" {"action" "list","output format" "xml","scan reference" "scan/987654321 98765","scan datetime since" "2020 10 01t09 30 48z","scan datetime until" "2020 10 01t09 30 48z","include scan input" 0,"include scan details" 0,"include hosts summary" 0,"include detections summary" 0,"include hosts summary categories" "scanned, excluded, cancelled, unresolved, duplicate"}} output parameter type description status code number http status code of the response reason string response reason phrase scan summary output object output field scan summary output scan summary output response object output field scan summary output response scan summary output response datetime string time value scan summary output response scan summary list object output field scan summary output response scan summary list scan summary output response scan summary list scan summary object output field scan summary output response scan summary list scan summary scan summary output response scan summary list scan summary scan reference string output field scan summary output response scan summary list scan summary scan reference scan summary output response scan summary list scan summary scan input object input data for the action scan summary output response scan summary list scan summary scan details object output field scan summary output response scan summary list scan summary scan details scan summary output response scan summary list scan summary scan results object result of the operation output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 2 may 2024 20 37 23 gmt"},"reason" "ok","json body" {"scan summary output" {"response" {}}}} response headers header description example cache control directives for caching mechanisms no store, no cache, private, must revalidate, post check=0, pre check=0 cf cache status http response header cf cache status dynamic cf ray http response header cf ray 91e8b57438dd4087 bom connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 140 content security policy http response header content security policy default src 'self' qualys com qualys ca qualys eu qualys it qualys in qualys ae qualys co uk qualys com au qualysksa com qualys sg qualys us; content type the media type of the resource application/json date the date and time at which the message was originated tue, 11 mar 2025 05 39 01 gmt expires the date/time after which the response is considered stale thu, 19 nov 1981 08 52 00 gmt keep alive http response header keep alive timeout=300, max=239 pragma http response header pragma no cache server information about the software used by the origin server apache strict transport security http response header strict transport security max age=31536000; includesubdomains transfer encoding http response header transfer encoding chunked x concurrency limit limit http response header x concurrency limit limit 2 x concurrency limit running http response header x concurrency limit running 1 x content type options http response header x content type options nosniff x frame options http response header x frame options sameorigin x powered by http response header x powered by qualys\ uspod3 19c2b0e7 3e70 e163 833e 64144bbbf8b3 730c59a6 aa5f e469 81f8 0cd5e186bb2a x ratelimit limit the number of requests allowed in the current rate limit window 300 x ratelimit remaining the number of requests remaining in the current rate limit window 297 x ratelimit towait sec http response header x ratelimit towait sec 0 x ratelimit window sec http response header x ratelimit window sec 3600 x xss protection http response header x xss protection 1; mode=block