Qualys API

Quick Reference

October 06, 2023

Verity Confidential
Copyright 2017-2023 by Qualys, Inc. All Rights Reserved.
Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks
are the property of their respective owners.

Qualys, Inc.
919 E Hillsdale Blvd
4th Floor
Foster City, CA 94404
1 (650) 801 6100
 Table of Contents
Vulnerability Management and Policy Compliance API .......................... 5
Scans ......................................................................................................................................... 5
Authentication ......................................................................................................................... 7
Authentication Vaults ........................................................................................................... 14
Scanner Appliances ............................................................................................................... 16
Option Profiles ....................................................................................................................... 17
KnowledgeBase ...................................................................................................................... 20
Reports .................................................................................................................................... 22
Report Templates .................................................................................................................. 24
Remediation ........................................................................................................................... 27
Compliance Info .................................................................................................................... 27
Users ....................................................................................................................................... 30
Activity Log v2 ........................................................................................................................ 31
Activity Log v1 ........................................................................................................................ 31

Cloud Agent API .............................................................................................32

Agent Management ............................................................................................................... 32
Activation Key ........................................................................................................................ 33
Configuration Profile ............................................................................................................. 33

Asset Management & Tagging API .............................................................35

Networks ................................................................................................................................ 35
Assets ...................................................................................................................................... 35
Asset Groups .......................................................................................................................... 38
Tag ........................................................................................................................................... 39
List users with their tags ...................................................................................................... 40
Host Asset ............................................................................................................................... 40
Asset ........................................................................................................................................ 40
Host Instance Vulnerability ................................................................................................. 41
Asset Data Connector ........................................................................................................... 41
AWS Asset Data Connector .................................................................................................. 42
AWS Authentication Record ................................................................................................ 42

Continuous Monitoring API ......................................................................... 44

Alerts ....................................................................................................................................... 44
Profiles .................................................................................................................................... 44
Rulesets .................................................................................................................................. 44
Rules ........................................................................................................................................ 45

Web Application Scanning API .................................................................. 46

Verity Confidential
Web Application .................................................................................................................... 46
Authentication ....................................................................................................................... 47
Scan ......................................................................................................................................... 48
Schedule ................................................................................................................................. 49
Option Profile ......................................................................................................................... 52
Report ...................................................................................................................................... 52
Report Creation ...................................................................................................................... 53
Findings .................................................................................................................................. 55
Burp ......................................................................................................................................... 56

Web Application Firewall API ..................................................................... 57

Web Applications ................................................................................................................... 57
Web Servers ............................................................................................................................ 58
Healthchecks .......................................................................................................................... 59
SSL Certificates ...................................................................................................................... 60
Custom Response Pages ........................................................................................................ 61
Security Policies ..................................................................................................................... 62
HTTP Profiles .......................................................................................................................... 63
Custom Rules ......................................................................................................................... 64
Clusters ................................................................................................................................... 65
Appliances .............................................................................................................................. 66

Malware Detection API..................................................................................67

Malware Detections ............................................................................................................... 67

Security Assessment Questionnaire API...................................................68

SAQ users ................................................................................................................................ 68
SAQ templates ....................................................................................................................... 69

Portal version API ............................................................................................71

Portal version ......................................................................................................................... 71

API Server URL ................................................................................................ 72

Qualys API Server URL .......................................................................................................... 72
Still need help? ....................................................................................................................... 72

Good to Know.................................................................................................. 73
Notations ................................................................................................................................ 73
GET and POST ........................................................................................................................ 73
Date/Time ............................................................................................................................... 73
API Notes ................................................................................................................................ 73
Curl Client .............................................................................................................................. 73
Allowed Operators ................................................................................................................. 73
Looking for more? .................................................................................................................. 73
 Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API

Vulnerability Manage Scans: (POST)

action={cancel|pause|resume}&
Management and Policy echo_request={0|1}&
Compliance API scan_ref={value}&
Download Scan Results: (GET + POST)
Use these API calls to manage vulnerability and action={fetch}&
compliance scans and report on scan results. echo_request={0|1}&
Scans | Authentication | Scanner Appliances | Option scan_ref={value}&
Profiles | KnowledgeBase | Reports | Report *ips={ip,range…}&
Templates | Remediation | Compliance Info | Users | *mode={brief|extended}&
Activity Log v2 | Activity Log v1 *output_format={csv|json|csv_extended|
json_extended}&
Looking for more information?
Qualys API (VM, PC) User Guide Notes: * means VM scan only
Qualys API (VM, PC) XML/DTD Reference Share PCI Scan: (GET + POST)
action={share|status}& *POST for share
Scans echo_request={0|1}&
scan_ref={value}&
Manage Scans merchant_username={value}&
VM Scans - /api/2.0/fo/scan/ VM Scan Summary: (GET + POST)
Compliance Scans - /api/2.0/fo/scan/compliance/ /api/2.0/fo/scan/vm/summary
SCAP Scans - /api/2.0/fo/scan/scap/ action={list}&
output_format={value}&
List Scans: (GET + POST) scan_reference={value}&
action={list}& scan_datetime_since={value}&
echo_request={0|1}& scan_datetime_until={value}&
scan_ref={value}& include_scan_input={0|1}&
state={Running|Paused|Canceled|Finished| include_scan_details={0|1}&
Error|Queued|Loading}& include_hosts_summary={0|1}&
processed={0|1}& include_detections_summary={0|1}&
type={On-Demand|Scheduled|API}& include_hosts_summary_categories={value}&
target={ip,range…}&
user_login={login}& Scan Summary: (GET + POST)
launched_after_datetime={date/time}& /api/2.0/fo/scan/summary
launched_before_datetime={date/time}& action={list}&
show_ags={0|1}& scan_date_since={value}&
show_op={0|1}& scan_date_to={value}&
show_status={0|1}& output_format={value}&
show_last={0|1}& tracking_method={value}&
pci_only={0|1}& include_dead={0|1}&
ignore_target={0|1}& include_excluded={0|1}&
client_id= {value}& include_unresolved={0|1}&
client_name={value}& include_cancelled={0|1}&
ec2_instance_ids={value}& include_notvuln={0|1}&
scap_scan_since={date}& include_blocked={0|1}&
no_scap_scan_since={date}& include_duplicate={0|1}&

5
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API

include_aborted={0|1}& option_title={value}&
option_id={value}&
priority={value}& (0-9) *default is 0
List Last ‘N’ Scan References for a Schedule: runtime_http_header={value}&
(GET)
connector_name={value}& *for EC2 scan
/api/2.0/fo/scan/scanner
ec2_endpoint={value}& *for EC2 scan
action={list}& ip_network_id={id}&
schedule_scan_ids={value1, value2,...}& fqdn={value}&
schedule_executions_count={value}& (1-10) client_id= {value}&
output_format={XML|JSON}& client_name={value}&
ec2_instance_ids={value}&
Scanner Details: (GET + POST)
/api/2.0/fo/scan/scanner
Scheduled Scans
action={list}&
scan_date_since={value}& VM Scans - /api/2.0/fo/schedule/scan/
scan_date_to={value}& List Scheduled Scans: (GET)
ips={value}&
action={list}&
output_format=XML&
echo_request={0|1}&
id={value}&
Launch Scan active={0|1}&
VM Scan - /api/2.0/fo/scan/ show_notifications={0|1}&
client_id= {value}&
Compliance Scan - /api/2.0/fo/scan/compliance/ client_name={value}&
Launch Scan: (POST)
Create Scheduled Scan: (POST)
action={launch}&
action={create}&
echo_request={0|1}&
echo_request={0|1}&
scan_ref={value}&
scan_title={value}&
scan_title={value}&
active={0|1}&
target_from={assets|tags}&
option_title={value}&
ip={value}&
option_id={value}&
asset_groups={value}&
iscanner_id={value1,value2…}&
asset_group_ids={value}&
iscanner_name={value1,value2…}&
exclude_ip_per_scan={value}&
ip={value}&
tag_include_selector={all|any}&
asset_groups={value}&
tag_exclude_selector={all|any}& asset_group_ids={value}&
tag_set_by={id|name}& default_scanner={0|1}&
tag_set_include={value}& scanners_in_ag={0|1}&
tag_set_exclude={value}& scanners_in_tagset={0|1}&
use_ip_nt_range_tags={0|1}& exclude_ip_per_scan={value}&
use_ip_nt_range_tags_include={0|1}& ip_network_id={id}&
use_ip_nt_range_tags_exclude={0|1}& runtime_http_header={value}&
iscanner_id={value1,value2…}& target_from={assets|tags}&
iscanner_name={value1,value2…}& tag_include_selector={all|any}&
default_scanner={0|1}& tag_exclude_selector={all|any}&
scanners_in_ag={0|1}& tag_set_by={id|name}&
scanners_in_tagset={0|1}& tag_set_include={value}&
scanners_in_network={value} tag_set_exclude={value}&

6
 Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API

use_ip_nt_range_tags={0|1}& Notes: “before_notify_time” must be specified

use_ip_nt_range_tags_include={0|1}& with before_notify=1. “before_notify_message” is
use_ip_nt_range_tags_exclude={0|1}& only valid when before_notify=1.
connector_name={value}& *for EC2 scan
“after_notify_message” is only valid when
connector_uuid={value}& *for EC2 scan
after_notify=1. “recipient_group_ids” is only valid
ec2_endpoint={value}& *for EC2 scan when before_notify=1 or after_notify=1 is also
ec2_only_classic={value}& *for EC2 scan
specified.
occurrence={daily|weekly|monthly}&
frequency_days={value}& (1-365) Update Scheduled Scan: (POST)
frequency_weeks={value}& (1-52) action={update}&
weekdays={sunday|monday|tuesday| id={value}&
wednesday|thursday|friday|saturday}& echo_request={0|1}&
frequency_months={value}& (1-12) set_start_time={0|1}&
day_of_month={value}& (1-31) client_id= {value}&
day_of_week={value}& (0-6, where 0 is client_name={value}&
sunday)
week_of_month={first|second|third|fourth| Notes: For updating the start time, these must be
last}& specified together: set_start_time=1, start_date,
start_date={date}& start_hour, start_minute, time_zone_code,
start_hour={value}& (0-23) observe_dst.
start_minute={value}& (0-59)
time_zone_code={value}& For Daily Scan, these must be specified together:
observe_dst={yes|no}& occurrence=daily, frequency_days.
recurrence={value}& For Weekly Scan, these must be specified
end_after={value}& (0-119) together: occurrence=weekly, frequency_weeks,
end_after_mins={value}& (0-59) weekdays.
pause_after_hours={value}& (1-119)
For Monthly Scan, these must be specified
pause_after_mins={value}& (0-59)
together: occurrence=monthly,
resume_in_days={value}& (1-9)
frequency_months and day_of_month (for Nth
resume_in_hours={value}& (0-23)
day of month) or day_of_week, week_of_month
fqdn={value}&
(for Day in Nth week).
client_id= {value}&
client_name={value}&
Delete Scheduled Scan: (POST)
Notes: “end_after_mins” must be specified with action={delete}&
“end_after”. “pause_after_mins” must be specified id={value}&
with “pause_after_hours”. “resume_in_hours” echo_request={0|1}&
must be specified with “pause_after_hours” and
“resume_in_days”.
Authentication
before_notify={0|1}&
before_notify_unit={days|hours|minutes}& Authentication Record List
before_notify_time={value}&
before_notify_message={value}& /api/2.0/fo/auth/
after_notify={0|1}&
List Records (all types): (GET + POST)
after_notify_message={value}&
recipient_group_ids={value}& action={list}&
echo_request={0|1}&
title={value}&
comments={value}&

7
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API

ids={id,range…}& {target hosts}:

id_min={id}& ips={ip,range…}&
id_max={id}& add_ips={ip,range…}&
remove_ips={ip,range…}&
Authentication Record by Type List network_id={value}&

/api/2.0/fo/auth/{type}/ when Tag Support for Authentication Records is

where {type} is one of: unix, windows, oracle, enabled (Windows, Unix):
oracle_listener, snmp, ms_sql, neo4j, ibm_db2, asset_type={ips|asset_tags|ip_range_tag_
vmware, vcenter, http, apache, ms_iis, rule}&
ibm_websphere, mysql, tomcat, oracle_weblogic, tag_set_by={id|name}&
mongodb, mariadb, palo_alto_firewall, jboss, tags_include={tag1,tag2...}&
kubernetes, sapiq, sap_hana, nginx tags_exclude={tag1,tag2,...}&
List Records by Type: (GET + POST) tag_include_selector={any|all}&
tag_exclude_selector={any|all}&
action={list}&
Notes: “ips” is required for a create request
Notes: Same optional parameters as for
(except for Windows, and except when Tag
authentication records list (all types) plus:
Support is enabled), optional for an update
details={Basic|All|None}&
request. “add_ips” and “remove_ips” are for an
update request only. “network_id” is valid when
Authentication Records the networks feature is enabled.
/api/2.0/fo/auth/<type>/
{vault definition}:
where <type> is one of: unix (for Unix, Cisco, login_type={basic|vault}& /set to vault to
Checkpoint Firewall), windows, oracle,
enable
oracle_listener, snmp, vmware, vcenter, apache,
vault_id={value}&
ms_iis, ibm_websphere, http, mysql, ms_sql,
vault_type={value}&
docker, postgresql, sybase, tomcat, mongodb,
(vault parameters below are required except as
mariadb, palo_alto_firewall, jboss, kubernetes,
indicated, * means optional)
sapiq, sap_hana, network_ssh, neo4j, nginx,
informixDB, infoblox,
ARCON PAM
Manage Records: (GET + POST) vault_service_type={value}&
Azure Key
action={create|update|delete}&
title={value}& ak_secret_name={value}&
ids={id,range…}& CA Access Control
echo_request={0|1}& end_point_name={value}&
end_point_type={value}&
Notes: “title” is required for a create request. “ids” end_point_container={value}&
is required for an update and delete request. CA PAM
comments={value}& vault_app_name={value}&
{target hosts} (*requirements below) vault_device_name={value}&
{<type> credentials} (*requirements per vault_device_host={value}&
record) CyberArk PIM Suite
folder={value}&
Notes: Comments, target hosts, and credentials file={value}&
specified for create and update requests only (not CyberArk AIM
delete requests). folder={value}&

8
 Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API

file={value}& service_kdc={value}&
HashiCorp user_kdc={value}&
secret_kv_path={value}& krb5_password={value}&
secret_kv_name={value}& krb5_login_type={value}&
secret_kv_key={value}& krb5_<vaultparameters>={value}
Thycotic Secret Server
Scanning:
secret_name={value}&
port={value}& /PC scans only
Quest Vault
use_agentless_tracking={0|1}&
system_name={value}&
agentless_tracking_path={value}&
Lieberman ERPM
auto_discover_system_name={value}&
Notes: If use_agentless_tracking=1,
system_name_single_host={value}&
“agentless_tracking_path” is required.
system_type={auto|windows|unix|oracle|mssq
l|ldap|system|custom}& {Unix subtype record}:
*custom_system_type=&{value} sub_type={cisco|checkpoint_firewall}&
*valid when system_type=custom
Login credentials:
BeyondTrust PBPS
username={value}&
*system_type={value}&
password={value}&
*account_name={value}&
login_type={basic|vault}& (vault definition)
Wallix AdminBastion (WAB)
vault_type={CyberArk PIM Suite|CyberArk
authorization_name={value}
AIM}
target_name={value}
cleartext_password={0|1}&
{Unix record}: enable_password={value}& (Cisco only)
Login credentials: expert_password={value}& (Checkpoint only)
username={value}&
password={value}& Notes: Required for create request: “username”,
login_type={basic|vault}& (vault definition) “password” if cleartext_password=1.
vault_type={CA Access Control|CyberArk PIM Scanning:
Suite|CyberArk AIM|Hitachi ID port={value}& /PC scans only
PAM|Lieberman ERPM|Quest Vault|Thycotic
Secret Server|BeyondTrust PBPS|Wallix {Network SSH record}:
AdminBastion} Login credentials:
cleartext_password={0|1}&
username={value}&
skip_password={0|1}&
password={value}&
{XML File}&
login_type={basic|vault}& (vault definition)
target_type={auto|A10|HP_COMWARE|CISCO_
p2_login_type={basic|vault}& (vault definition)
ASA_WITH_FIREPOWE}
*p2_<vault parameters>
vault_type={CA Access Control|CyberArk PIM
Notes: Required for create request: “username”,
Suite|CyberArk AIM|Hitachi ID
“password” if cleartext_password=1. {XML File}
PAM|Lieberman ERPM|Quest Vault|Thycotic
defines private key certificates and root
Secret Server|BeyondTrust PBPS|Wallix
delegations.
AdminBastion}
**cleartext_password={0|1}&
Kerberos auth details, if it is enabled on the target
password2={value}&
host:
{XML File}&
use_kerberos={0|1}&
target_type={auto|A10|HP_COMWARE|CISCO_
realm_discovery={value}&
ASA_WITH_FIREPOWE}
service_realm={value}&

9
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API

Notes: win_sqlnet_ora_path={value}&
win_tnsnames_ora_path={value}&
* If p2_login_type is vault then all vault parameter
perform_unix_os_checks={0|1}&
fields must be added with prefix 'p2_'
perform_unix_opatch_checks={0|1}&
** Required for create request: “username”, unix_ora_home_path={value}&
“password” if cleartext_password=1. {XML File} unix_init_ora_path={value}&
defines private key certificates. unix_spfile_ora_path={value}&
unix_listener_ora_path={value}&
unix_sqlnet_ora_path={value}&
{Windows record}: unix_tnsnames_ora_path={value}&
Login credentials: unix_invptrloc={value}&
username={value}&
{Oracle Listener record}:
password={value}&
login_type={basic|vault}& (vault definition) password={value}&
windows_domain={value}& {IBM DB2 record}:
windows_ad_domain={value}&
ntlm={0|1}& Login credentials:
kerberos={0|1}& login_type={basic| vault}&
ntlmv2={0|1}& username={value}&
ntlm={0|1}& password={value}&
require_smb_signing={0|1}& database={value}&
minimum_smb_version={value}& port={value}&
Scanning: pc_only={0|1}& /PC scans only
use_agentless_tracking={0|1}&
OS-dependent compliance checks:
{Oracle record}: win_db2dir={value}
Login credentials: win_prilogfile={value}
win_seclogfile={value}
login_type={basic|vault}& (vault definition) win_terlogfile={value}
username={value}& win_mirlogfile={value}
password={value}& unix_db2dir={value}
vault_type={ARCON PAM | Azure Key | unix_prilogfile={value}
BeyondTrust PBPS | CA Access Control | unix_seclogfile={value}
CyberArk PIM Suite| CyberArk AIM | unix_terlogfile={value}
HashiCorp | Lieberman ERPM | Quest Vault | unix_mirlogfile={value}
Thycotic Secret Server}&
vault_id={value}& Notes: All check parameters are required if you
sid={value}& want OS-dependent compliance checks to be run.
servicename={value}&
port={num}& {MySQL record}:
is_cdb={0|1}& /PC scans only username={value}&
pc_only={0|1}& /PC scans only password={value}&
OS-dependent compliance checks: database={value}&
perform_windows_os_checks={0|1}& port={value}&
win_ora_home_name={value}& windows_config_file={value}&
win_ora_home_path={value}& unix_config_file={value}&
win_init_ora_path={value}& ssl_verify={value}&
win_spfile_ora_path={value}& hosts={value}&
win_listener_ora_path={value}& client_cert={value}&
client_key={value}&

10
 Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API

kerberos={0|1}&
ntlmv2={0|1}& Notes: “community_strings” is optional for create
ntlm={0|1}& and update requests.
member_domain={value}& or ips={value}&
SNMPv3:
Notes: All parameters are required for create
username={value}&
request, except client_cert and client_key (which
password={value}&
must be specified together).
auth_alg={MD5|SHA1}&
{Neo4j record}: encrypt_password={value}&
priv_alg={DES|AES}&
username={value}&
security_engine_id=(value}&
password={value}&
context_engine_id={value}&
login_type={basic|vault}&
context={value}&
database={value}&
port={value}&
ssl_verify={value}& Notes: All SNMPv3 parameters are optional.
hosts={value}& However, when one is specified, others are
neo4j_version={value}& required as follows. 1) It is required that
unix_base_path={value}& “username”, “password” and auth_alg” are all
unix_conf_path={value}& defined for record. 2) It is required that
neo4j_auto_path={0|1}& “encrypt_password” and “priv_alg” are all defined
for record. 3) For an update request “auth_alg”
and “priv_alg” may be set to empty, in which case
Nginx record}:
the data is not encrypted.
unix_bin_path={value}&
unix_conf_path={value}& {VMware record}:
unix_prefix_path={0|1}& username={value}&
password={value}&
{Infoblox record}: port={value}&
Login credentials: hosts={value}&
username={value}& ssl_verify={all|skip|none}&
password={value}& login_type=&
login_type={basic|vault}& (vault definition) is_disconnect={0|1}&
vault_type={CyberArk PIM Suite|Thycotic
Secret Server|BeyondTrust PBPS|Wallix Notes: “username” and “password” are required
AdminBastion|Hashicorp|Azure key}& for a create request, optional for an update
api_version={value}& request.
ssl_verify={0|1}&
{vCenter record}:
{InformixDB record}: username={value}&
Login credentials: password={value}&
username={value}& port={value}&
password={value}& hosts={value}&
login_type={basic}& ssl_verify={all|skip|none}&
login_type={basic|vault}&

{SNMP record}: Notes: “username” and “password” are required

version={v1|v2c|v3}& for a create request, optional for an update
request.
SNMPv1 and SNMPv2c: {Apache Web Server record}:
community_strings={value,value…}&

11
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API

unix_apache_config_file={value}& vault_type={BeyondTrust PBPS | CA Access

unix_apache_control_command={value}& Control | CyberArk PIM Suite| CyberArk AIM
windows_apache_config_file={value}& |Quest Vault | Thycotic Secret Server}&
windows_apache_control_command= vault_id={value}&
{value}& private_key={value}&
status={0|1}& private_key_vault_id={value}&
is_system_created={0|1}& passphrase={value}&
certificate={value}&
{IBM WebSphere App Server record}: require_cert={0|1}&
unix_installation_dir={value}&
unix_dir_mode={installation_dir|server_dir}& Notes: Required for create request when
windows_installation_dir={value} login_type=basic: “username” and “password”.
Required for create request when
login_type=vault: “username”, “vault_type” and
{Tomcat Server record}:
“vault_id”. Required for create request when
installation_path={value}& login_type=pkcert: “private_key” and “passphrase”
instance_path={value}& (when passphrase_vault_id is not specified.)
auto_discover_instances={0|1}& “hosts” required if ssl_verify=1.
installation_path_windows={value}&
instance_path_windows={value}&
service_name={value}& {MariaDB record}:
ssl_verify={0|1}&
Notes: “installation_path” or hosts={value}&
“installation_path_windows” is required for a database={value}&
create request. port={value}&
windows_conf_file={value}&
{HTTP record}:
unix_conf_file={value}&
username={value}& client_cert={value}&
password={value}& client_key={value}&
vhost={value}&
Login credentials:
realm={value}&
ssl={0|1}& login_type={basic|vault}&
username={value}&
Notes: “vhost” or “realm” is required for a create password={value}&
request. “ips” parameter is not valid for this record
type. Notes: “username” and “password” are required
for a create request, optional for an update
{MongoDB record}: request.
unix_conf_file={value}&
database_name={value}&
{Palo Alto Networks Firewall record}:
port={value}&
ssl_verify={0|1}& username={value}&
hosts={value}& password={value}&
credential_type={local|external}& login_type=vault& (vault definition)
cleartext={0|1}& vault_id={value}&
login_type={basic|vault|pkcert}& (vault vault_type={CyberArk PIM Suite | CyberArk
definition) AIM | Quest Vault | Thycotic Secret Server |
username={value}& BeyondTrust PBPS}&
password={value}&

12
 Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API

Notes: “password” or “login_type=vault” is (PC scans only)

required for create request. username={value}&
{JBoss Server record}: password={value}&
windows_working_mode={value}& port={value}&
db_local={0|1}&
Following parameters are required if Windows
windows_domain={value}&
working mode is selected.
auth_os_type={unix|windows}&
windows_home_path={value}& mssql_unix_insta_path={value}&
windows_base_path={value}& mssql_unix_conf_path={value}&
windows_conf_dir_path={value}& instance={value}& default is “MSSQLSERVER”
windows_conf_file_path={value}& - or - auto_discover_instances={0|1}&
windows_conf_host_file_path={value}& database={value}& default is “master”
unix_working_mode={value}& - or - auto_discover_databases={0|1}&
Following parameters are required if Unix working port={value}&
mode is selected. - or – auto_discover_ports={0|1}&

unix_home_path={value}& Notes: When “db_local” is unspecified for a create

unix_base_path={value}& request, the flag is set to 1 (MS SQL Server
unix_conf_dir_path={value}& credentials). “windows_domain” is required when
unix_conf_file_path={value}& “db_local=0”, otherwise it is invalid.
unix_conf_host_file_path={value}&

{Oracle WebLogic Server record}:

PC scans only
(PC scans only)
{Azure MS SQL record}:
installation_path={value}&
(PC scans only) auto_discover={0|1}&
username={value}& domain={value}&
password={value}&
login_type={basic|vault}& (vault definition) {PostgreSQL record}:
vault_type={ARCON PAM|BeyondTrust
(PC scans only)
PBPS|CA Access Control|CyberArk
AIM|CyberArk PIMSuite|HashiCorp| pgsql_unix_conf_file={value}&
Lieberman ERPM|Quest Vault|Thycotic Secret username={value}&
Server} password={value}&
port={value}& login_type={basic|vault}& (vault definition)
database_name={value}& vault_type={CA Access Control|CyberArk PIM
- or - auto_discover_databases={0|1}& Suite|CyberArk AIM |Hitachi ID PAM|Quest
Vault|Thycotic Secret Server|BeyondTrust
{Docker record}: PBPS}
(PC scans only) pgsql_db_name={value}&
docker_deamon_conf_file={value} port={value}&
docker_command={value} ssl_verify={0|1}&
hosts={value}&
{Kubernetes record}: client_key_type={basic|vault}&
client_key={value}&
(PC scans only)
client_key_vault_type={CyberArk
unix_bin_path={value}
AIM|BeyondTrust PBPS}&
unix_conf_path={value}
client_key_vault_id={value}&
{MS SQL record}: passphrase_type={basic|vault}&

13
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API

passphrase={value}& Notes: Required for a create request: “password” if

client_cert={value}& login_type=basic, “install_dir” if record will be
passphrase_vault_type={CA Access used for scanning Unix hosts.
Control|CyberArk PIM Suite|CyberArk AIM
|Hitachi ID PAM|Quest Vault|Thycotic Secret {Sybase record}:
Server|BeyondTrust PBPS}& (PC scans only)
passphrase_vault_id={value}& username={value}&
password={value}&
Notes: Required for create request: “password” if login_type={basic|vault}& (vault definition)
login_type=basic. vault_type={CyberArk PIM Suite|CyberArk
AIM |Quest Vault|Thycotic Secret Server|
{SAP Hana record}: Lieberman ERPM}
(PC scans only) port={value}&
database={value}& database={value}&
port={value}& install_dir={value}&
unix_conf_path={value}&
ssl_verify={0|1}& Notes: Required for a create request: “password” if
hosts={value}& login_type=basic, “install_dir” if record will be
username={value}& used for scanning Unix hosts.
password={value}&
password_encryption={0|1} Authentication Vaults
login_type={basic|vault}& (vault definition)
vault_type={Arcon PAM|Azure Key| /api/2.0/fo/vault/
BeyondTrust PBPS|CyberArk AIM|CyberArk
PIM Suite|HashiCorp|Thycotic Secret Server}& List Vaults: (GET + POST)
vault_id={value}& action={list}&
echo_request={0|1}&
Notes: Required for a create request: “password” if title={value}&
login_type=basic, “unix_conf_path” if the record type={CyberArk PIM Suite|Thycotic Secret
will be used for scanning Unix hosts, “hosts” if Server|Quest Vault|CA Access Control|Hitachi ID
ssl_verify=1. PAM|Lieberman ERPM |CyberArk AIM|BeyondTrust
PBPS|Wallix AdminBastion (WAB)}&
modified={date/time}&
{SAP IQ record}:
orderby={id|title|system_name|last_modified|
(PC scans only)
last_modified_by}&
username={value}&
sortorder={asc|desc}&
password={value}&
limit={value}&
password_encryption={0|1}
offset={value}&
login_type={basic|vault}& (vault definition)
vault_type={Arcon PAM|Azure Key|
Notes: “sortorder” is valid only when “orderby” is
BeyondTrust PBPS|CA Access Control|CA PAM,
specified. “limit” and “offset” must be specified
CyberArk AIM|CyberArk PIM Suite|HashiCorp|
together.
Hitachi ID PAM|Liberman ERPM|Quest Vault|
Thycotic Secret Server|Wallix AdminBastion Manage Vaults: (GET + POST)
(WAB)}& action={create|update|delete}&
port={value}& title={value}&
database={value}& type={CyberArk PIM Suite|Thycotic Secret
install_dir={value}& Server|Quest Vault|CA Access Control|Hitachi

14
 Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API

ID PAM|Lieberman ERPM|BeyondTrust PBPS|Wallix server_address={value}&*

AdminBastion (WAB)} port={value}&
id={id} safe={value}&*
comments={value}& username={value}&*
echo_request={0|1}& password={value}&*
{settings}
HashiCorp:
Notes: “title” and “type” are required for a create url={value}&*
request, optional for an update request. api_version={value}&
“comments” is optional for create and update ssl_verify={1|0}&*
request. “id” is required for an update and delete if auth_type={userpass}&*
request. “settings” for create and update request, path={value}&
varies per vault type (see below). username={value}&*
password={value}&*
ARCON PAM:
if auth_type={cert}&*
url={value}&* path={value}&
ssl_verify={1|0}&* role_name={value}&*
username={value}&* cert={value}&*
password={value}&* private_key={value}&*
passphrase={value}&
Notes: bold means required for new vault if auth_type={cert}&*
Azure Key: path={value}&
role_id={value}&*
url={value}&* secret_id={value}&
app_id={value}&* Notes: bold means required for new vault
ssl_verify={1|0}&*
certificate={value}&* Hitachi ID PAM:
private_key={value}&* url={value}&*
passphrase={value}& username={value}&*
password={value}&*
Notes: bold means required for new vault ssl_verify={1|0}&*

CA PAM: Notes: bold means required for new vault

url={value}&*
Lieberman ERPM:
apikey_name={value}&*
url={value}&*
ssl_verify={1|0}&*
domain={value}&
apikey={value}&*
username={value}&*
password={value}&*
Notes: bold means required for new vault
ssl_verify={1|0}&*
CA Access Control:
Notes: bold means required for new vault
ca_url={value}&*
ca_api_username={value}&* Quest Vault:
ca_ssl_verify={1|0}&* server_address={value}&*
port={value}&
ca_web_username={value}&
ca_web_password={value}& username={value}&*
access_key={value}&*
Notes: bold means required for new vault
Notes: bold means required for new vault
CyberArk PIM Suite:

15
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API

Thycotic Secret Server: ids={id1,id2…}&

url={value}&* include_license_info={0|1}&
username={value}&* network_id={id}&
password={value}&* type={physical|virtual|offline}&
domain={value}& show_tags={0|1}&
platform_provider={ec2|ec2_compat|gce|
Notes: bold means required for new vault azure|vCenter}&
CyberArk AIM:
Notes: “include_license_info” applies to virtual
appid={value}&
scanner appliances
safe={value}&
url={value}& Virtual Scanners: (GET + POST)
ssl_verify={0|1}& echo_request={0|1}&
cert={value}& --------
private_key={value}& action={create}&
private_key_pwd={value}& name={value}&
asset_group_id={value}&
Notes: bold means required for new vault polling_interval={60-360}& *default is 180
Wallix AdminBastion (WAB) Notes: “asset_group_id” is required for Unit
url={value}& Managers and Scanners with permission to create
ssl_verify={0|1}& virtual scanners. Managers do not specify
username={value}& “asset_group_id”.
password={value}& --------
appkey={value} action={update}&
BeyondTrust PBPS: id={id}&
appkey={value}& name={value}&
url={value}& comment={value}&
username={value}&* polling_interval={60-360}&
password={value}&* set_tags= {value}&
ssl_verify={0|1}& add_tags= {value}&
cert={value}& remove_tags= {value}&
private_key={value}& tag_set_by= {id|name}&
private_key_pwd={value}& enable_ipv6={0|1}&
*set_vlans={ID|IP_ADDRESS|NETMASK|NAME}&
Notes: bold means required for new vault *set_routes={IP_ADDRESS|NETMASK|GATEWAY|N
AME}&
*Notes: Or “ (empty string) to delete all records
Scanner Appliances --------
/api/2.0/fo/appliance/ action={delete}&
id={id}&
List Appliances: (GET + POST)
Physical Scanners: (POST)
action={list}&
echo_request={0|1}& /api/2.0/fo/appliance/physical/
output_mode={brief|full}& action={update}&
scan_detail={0|1}& id={id}&
include_cloud_info={0|1}& name={string}&
busy={0|1}& polling_interval={60-360}& *default is 180
scan_ref={value}& set_vlans={value}&
name={value}& set_tags= {value}&
add_tags= {value}&

16
 Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API

remove_tags= {value}& title={value}&

tag_set_by= {id|name}& owner={value}&
set_routes={value}& default={0|1}&
comment={value}& global={0|1}&
*set_vlans={ID|IP_ADDRESS|NETMASK|NAME}& offline_scanner={0|1}&
*set_routes={IP_ADDRESS|NETMASK|GATEWAY|N scan_tcp_ports={none|full|standard|light}&
AME}& scan_tcp_ports_additional={port1,port2}&
3_way_handshake={0|1}&
Assign Appliance to Network: (POST)
Scan
action={assign_network_id}& enable_max_scan_duration_per_asset={0|1}
appliance_id={id}}& max_scan_duration_per_asset_minutes=max
network_id={id}}& imum
echo_request={0|1}& scan_udp_ports={none|full|standard|light}&
scan_udp_ports_additional={port1,port2}&
Replace Appliance: (POST)
authoritative_option={0|1}&
/api/2.0/fo/appliance/replace_iscanner/ scan_dead_hosts={0|1}&
action={replace}& close_vuln_on_dead_hosts={0|1}&
echo_request={0|1}& not_found_alive_times={value}&
old_scaner_name={value}& purge_host_data={0|1}&
new_scanner_name={value}& external_scanners_use={value}&
do_not_copy_settings={0|1}& scan_parallel_scaling={0|1}&
do_not_remove_new_scanner_from_objects= scan_overall_performance={high|normal|low|
{0|1}& custom}&
scan_external_scanners={value}&
scan_scanner_appliances={value}&
Option Profiles scan_total_process={value}&
/api/2.0/fo/subscription/option_profile/ scan_http_process={value}&
scan_packet_delay={minimum|short|medium
Export Option Profile: (GET) |long|maximum}&
/api/2.0/fo/subscription/option_profile/ scan_intensity={normal|medium|low|
minimum}&
action={export}&
load_balancer={0|1}&
output_format={XML}&
password_brute_forcing_system={minimal|
option_profile_id={value}&
limited|standard|exhaustive}&
option_profile_title={value}&
password_brute_forcing_custom={value1,
option_profile_type={user|compliance|pci}&
value2}&
Import Option Profile: (POST) vulnerability_detection={complete|custom|
/api/2.0/fo/subscription/option_profile/ runtime}&
custom_search_list_ids={value1, value2}&
action={import}& custom_search_list_title={value1, value2}&
basic_host_information_checks={0|1}&
Notes: When calling this API the user needs to oval_checks={0|1}&
pass the proper XML with Content-Type XML. all_qrdi_checks={0|1}&
exclude_search_list_ids={value1, value2}&
VM Option Profiles authentication={value1,value2}&
/api/2.0/fo/subscription/option_profile/vm/? authentication_least_privilege=Unix&
enable_additional_certificate_detection=
Create VM Option Profile: (POST) {0|1}&
action={create}& enable_dissolvable_agent={0|1}&

17
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API

enable_windows_share_enumeration={0|1}& ignore_firewall_generated_tcp_rst_packets=
enable_lite_os_scan={0|1}& {0|1}&
enable_partial_ssl_tls_au ignore_all_tcp_rst_packets={0|1}&
diting = {0|1} ignore_firewall_generated_tcp_syn_ack_
custom_http_header={value}& packets={0|1}&
custom_http_definition_key={value}& not_send_tcp_ack_or_syn_ack_packets_
custom_http_definition_header={value}& during_host_discovery={0|1}&
host_alive_testing={0|1}&
not_overwrite_os={0|1}& Update VM Option Profile: (POST)
test_authentication={0|1}& action={update}&
System Authentication id={value}&
include_system_auth={0|1}& For other parameters see Create VM Option
use_system_auth_on_duplicate={0|1}& Profile
use_user_auth_on_duplicate={0|1}&
List VM Option Profile: (GET + POST)
Map
basic_information_gathering=[all|register|net action={list}&
blockonly|none]& Delete VM Option Profile: (GET + POST)
map_tcp_ports_standard_scan={0|1}&
action={delete}&
map_tcp_ports_additional={value1,value2}&
id={value}&
map_udp_ports_standard_scan={0|1}&
map_udp_ports_additional={value1,value2}&
perform_live_host_sweep={0|1}& PCI Option Profiles
disable_dns_traffic={0|1}& /api/2.0/fo/subscription/option_profile/pci/?
map_overall_performance={high|normal|low|
custom}& Create PCI Option Profile: (POST)
map_external_scanners={value}& action={create}&
map_scanner_appliances={value}& title={value}&
map_netblock_size={1024 IPs|4096 IPs| owner={value}&
8192 IPs|16384IPs|32768 IPs|65536 IPs}& global={0|1}&
map_packet_delay={minimum|short|medium| offline_scanner={0|1}&
long|maximum}& scan_parallel_scaling={0|1}&
map_authentication={VMware | vCenter}& Scan
Additional scan_overall_performance={high|normal|low|
additional_tcp_ports={0|1}& custom}&
additional_tcp_ports_standard_scan={0|1}& scan_external_scanners={value}&
additional_tcp_ports_additional={value1, scan_scanner_appliances={value}&
value2}& scan_total_process={value}&
additional_udp_ports={0|1}& scan_http_process={value}&
additional_udp_ports_type={standard| scan_packet_delay=
custom}& {minimum|short|medium|long|maximum}&
additional_udp_ports_custom={value1, scan_intensity={normal|medium|low|
value2}& minimum}&
icmp={0|1}& scan_dead_hosts={0|1}&
blocked_resources={0|1}& close_vuln_on_dead_hosts={0|1}&
protected_ports={default|custom}& not_found_alive_times={value}&
protected_ports_custom={value1,value2}& purge_host_data={0|1}&
protected_ips={all|custom}& Additional
protected_ips_custom={value1,value2}& additional_tcp_ports_additional={value1,
value2}&

18
 Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API

Update PCI Option Profile: (POST) oracle_db_udc_limit={value}&

action={update}& sybase_db_udc_restriction={0|1}&
id={value}& sybase_db_udc_limit={value}&
For other parameters see Create PCI Option postgreSQL_db_udc_restriction={0|1}&
Profile postgreSQL_db_udc_limit={value}&
sapiq_db_udc_restriction={0|1}&
List PCI Option Profile: (GET + POST) sapiq_db_udc_limit={value}&
action={list}& db2_db_udc_restriction= {0|1}
db2_db_udc_limit= {value}
Delete PCI Option Profile: (GET + POST) enable_auth_instance_discovery={0|1}&
action={delete}& auto_auth_types={value}&
id={value}& ibm_was_discovery_mode={value}&
oracle_template_id={value}&
Compliance Option Profiles oracle_template_name={value}&
include_system_auth={0|1}&
/api/2.0/fo/subscription/option_profile/pc/? use_system_auth_on_duplicate={0|1}&
Create Compliance Option Profile: (POST) use_user_auth_on_duplicate={0|1}&
Instance Data Collection
action={create}&
title={value}& enable_instance_data_collection={0|1}&
owner={value}& instance_data_collection_auth_types={value}
global={0|1}& &
scan_parallel_scaling={0|1}& enable_os_based_instance_discovery={0|1}&
os_based_instance_disc_technologies
Scan
scan_overall_performance={high|normal|low|
custom}& Additional
scan_external_scanners={value}& additional_tcp_ports={0|1}&
scan_scanner_appliances={value}& additional_tcp_ports_standard_scan={0|1}&
scan_total_process={value}& additional_tcp_ports_additional={value1,
scan_http_process={value}& value2}&
scan_packet_delay={minimum|short|medium additional_udp_ports={0|1}&
|long|maximum}& additional_udp_ports_type={standard|
custom}&
scan_intensity={normal|medium|low|
additional_udp_ports_custom={value1,
minimum}&
value2}&
scan_by_policy={0|1}&
icmp={0|1}&
policy_names={value1,value2}&
blocked_resources={0|1}&
policy_ids={value1,value2}&
protected_ports={default|custom}&
auto_update_expected_value={0|1}&
protected_ports_custom={value1,value2}&
fim_controls_enabled={0|1}&
protected_ips={all|custom}&
custom_wmi_query_checks={0|1}&
protected_ips_custom={value1,value2}&
enable_dissolvable_agent={0|1}&
ignore_rst_packets={0|1}&
enable_password_auditing={0|1}&
ignore_firewall_generated_syn_ack_packets=
custom_password_dictionary={value1,
{0|1}&
value2}&
not_send_ack_or_syn_ack_packets_during_
enable_windows_share_enumeration={0|1}&
host_discovery={0|1}&
enable_windows_directory_search={0|1}&
scan_ports={standard|targeted}& Update Compliance Option Profile: (POST)
mssql_db_udc_restriction={0|1}&
action={update}&
mssql_db_udc_limit={value}&
id={value}&
oracle_db_udc_restriction={0|1}&

19
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API

For other parameters see Create Compliance severity={value}&

Option Profile disable={0|1}&
threat_comment={value}&
List Compliance Option Profile: (GET + POST) impact_comment={value}&
action={list}& solution_comment={value}&
include_system_option_profiles={0|1}
Delete Compliance Option Profile: (GET +
POST)
Note: Providing at least one optional parameter is
action={delete}&
mandatory.
id={value}&
Reset a Vulnerabilities: (POST)
KnowledgeBase action={reset}&
qid={value}
Vulnerabilities List Edited Vulnerabilities: (POST)
/api/2.0/fo/knowledge_base/vuln/ action={custom}&
List Vulnerabilities: (GET + POST)
Note: Get a list of all edited vulnerabilities.
action={list}&
echo_request={0|1}&
details={Basic|All| None}&
KnowledgeBase QVS Download in
ids={value}&
JSON Format
id_min={value}&
id_max={value}& /api/2.0/fo/knowledge_base/qvs/
is_patchable={0|1}&
List QVS Information from KnowledgeBase:
last_modified_after={date/time}&
(GET + POST)
last_modified_before={date/time}&
last_modified_by_user_after={date/time}& action={list}&
last_modified_by_user_before={date/time}& details={Basic|All}&
last_modified_by_service_after={date/time}& CVEs={value}&
last_modified_by_service_before={date/time} qvs_last_modified_before={date}&
& qvs_last_modified_after={date}&
published_after={date/time}& qvs_min={value}&
published_before={date/time}& qvs_max={value}&
discovery_method={value}& nvd_published_before={date}&
discovery_auth_types={value}& nvd_published_after={date}&
show_pci_reasons={0|1}&
show_supported_modules_info={0|1}&
show_disabled_flag={0|1}& Static Search Lists
show_qid_change_log={0|1}& /api/2.0/fo/qid/search_list/static/
Notes: Subscription authorization is required to
use. For “discovery_method” a valid value is: List Static Search Lists: (GET + POST)
Remote, Authenticated, RemoteOnly, action={list}&
AuthenticatedOnly, or RemoteAndAuthenticated. echo_request={0|1}&
ids={id1,id2…}&
Edit Vulnerabilities: (POST) Create Static Search List: (POST)
/api/2.0/fo/knowledge_base/vuln/ action={create}&
action={edit}& echo_request={0|1}&
qid={value}& title={value} &

20
 Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API

qids={num1,num2…}& unset_published_date={empty value}&

global={0|1}& unset_service_modified_date={empty value}&
comments={value}& Criteria for Dynamic Search List (below)
Update Static Search List: (POST) Criteria for Dynamic Search List:
action={update}& vuln_title={value}&
echo_request={0|1}& not_vuln_title={0|1}&
id={value}& discovery_methods={value}&
title={value}& auth_types={value}&
qids={num1,num2…}& user_configuration={value}&
add_qids={num1,num2…}& categories={value}&
remove_qids={num1,num2…}& not_categories={0|1}&
global={0|1}& confirmed_severities={value}&
comments={value}& potential_vulnerabilities={value}&
ig_severities={value}&
Delete Static Search List: (POST)
vendor_ids={value}&
action={delete}& not_vendor_ids={0|1}&
echo_request={0|1}& products={value}&
id={value}& not_products={0|1}&
cvss_base={value}&
Dynamic Search Lists cvss_base_operand={1|2}&
cvss_temp={value}&
/api/2.0/fo/qid/search_list/dynamic/
cvss_temp_operand={1|2}&
List Dynamic Search Lists: (GET + POST) cvss_access_vector={value}&
action={list}& cvss3_base={value}&
echo_request={0|1}& cvss3_base_operand={1|2}&
ids={id1,id2…}& cvss3_temp={value}&
show_qids={0|1}& cvss3_temp_operand={1|2}&
show_option_profiles={0|1}& cvss_access_vector={value}&
show_distribution_groups={0|1}& patch_available={0|1}&
show_report_templates={0|1}& virtual_patch_available={0|1}&
show_remediation_policies={0|1}& cve_ids_filter={1|2}& (1: Exact Match, 2:
Contains)
Create Dynamic Search List: (POST) cve_ids={value}&
action={create}& not_cve_ids={0|1}&
echo_request={0|1}& exploitability={value}&
title={value}& malware_associated={value}&
global={0|1}& vendor_refs={value}&
comments={value}& not_vendor_refs={0|1}&
Criteria for Dynamic Search List (below) bugtraq_id={value}&
not_bugtraq_id={0|1}&
Update Dynamic Search List: (POST) vuln_details={value}&
action={update}& compliance_details={value}&
echo_request={0|1}& compliance_types={value}&
id={value}& qualys_top_lists={value}&
title={value}& qids_not_exploitable={0|1}&
global={0|1}& non_running_services={0|1}&
comments={value}& sans_20={0|1}&
unset_user_modified_date={empty value}& nac_nam={0|1}&

21
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API

vuln_provider={0|1}& echo_request={0|1}&
user_modified_date_between={value}& client_id= {value}&
user_modified_date_today={0|1}& client_name={value}&
user_modified_date_in_previous={value}& StatusChangedSince={YYYY-MM-DD}&
user_modified_date_within_last_days={value}
& Launch Report
not_user_modified={0|1}&
service_modified_date_between={value}& /api/2.0/fo/report/
service_modified_date_today={0|1}& Launch Report (all types): (POST)
service_modified_date_in_previous={value}&
action={launch}&
service_modified_date_within_last_days={valu
echo_request={0|1}&
e}&
template_id={value}&
not_service_modified={0|1}&
report_title={value}&
published_date_between={value}&
pdf_password={passwd}&
published_date_today={0|1}&
recipient_group={group,group… 50 max}&
published_date_in_previous={value}&
hide_header={0|1}&
published_date_within_last_days={value}&
use_tags={0|1}
not_published={0|1}&
tag_include_selector={all|any}&
supported_modules={value}&
tag_exclude_selector={all|any}&
tag_set_by={id|name}&
Delete Dynamic Search List: (POST) tag_set_include={value}&
action={delete} & tag_set_exclude={value}&
echo_request={0|1}& recipient_group_id={value}&
id={value}& Map Report:
report_type={Map}&
Reports echo_request={0|1}&
output_format={pdf|html|mht|xml|csv|docx}&
Manage Reports domain={value}&
ip_restriction={value}&
/api/2.0/fo/report/
report_refs={value}&
List Reports: (GET + POST)
Scan Report (Scan Based Findings):
action={list}&
report_type={Scan}&
echo_request={0|1}&
echo_request={0|1}&
id={value}&
output_format={pdf|html|mht|xml|csv}&
state={Running|Finished|Submitted|
report_refs={ref,ref…}&
Canceled|Errors}&
ip_restriction={value}&
user_login={login}&
expires_before_datetime={date/time}& Scan Report (Host Based Findings):
client_id= {value}& report_type={Scan}&
client_name={value}& echo_request={0|1}&
Manage Reports: (POST) output_format={pdf|html|mht|xml|csv}&
ips={value}&
action={cancel|delete}&
ips_network_id={id}&
echo_request={0|1}&
asset_group_ids={id,id…}&
id={value}&
Qualys Patch Report:
Download Report: (POST)
echo_request={0|1}&
action={fetch}&

22
 Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API

output_format={pdf|online|xml|csv}& asset_groups={value,value…}&
ips={value}& all_asset_groups={0|1}&
asset_group_ids={id,id…}& business_unit={value}&
division={value}&
Remediation Report: function={value}&
report_type={Remediation}& location={value}&
echo_request={0|1}& patch_quids={qid,qid…}& (10 max)
output_format={pdf|html|mht|csv}& missing_qids={qid,qid}& (2 max)
asset_group_ids={id,id…}&
assignee_type={User|All}& Scheduled Report
ips={value}&
/api/2.0/fo/schedule/report/
Compliance Report:
List Scheduled Reports: (GET)
report_type={Compliance}&
echo_request={0|1}& action={list}&
output_format={pdf|html|mht}& id={value}&
is_active={true|false}&
Notes: “mht” is not valid for PCI report.
Launch Scheduled Report: (POST)
ips={value}&
asset_group_ids={id,id…}& action={launch_now}&
report_refs={ref,ref…}& id={value}&
Notes: “report_refs” is required for a PCI report,
and not valid for other compliance reports. Asset Search Report
Compliance Policy Report: /api/2.0/fo/report/asset/
report_type={Policy}& Asset Search Report: (GET + POST)
echo_request={0|1}& action={search}&
output_format={pdf|html|mht|xml|csv}& output_format={csv|xml}&
policy_id={value}& tracking_method={IP|DNS|
asset_group_ids={value}& NETBIOS|EC2|AGENT}&
ips={value}& ips={value}&
instance_string={value} ips_network_id={value}&
host_id={value} asset_group_ids={value}&
instance_string={value} asset_groups={value}&
assets_in_my_network_only={0|1}&
Scorecard Report ec2_instance_status={RUNNING
/api/2.0/fo/report/scorecard/ |TERMINATED | PENDING | STOPPING |
SHUTTING_DOWN | STOPPED}&
Launch Scorecard: (POST) *ec2_instance_id={value}&
action={launch}& *ec2_instance_id_modifier={value}&
echo_request={0|1}& azure_vm_state={STARTING | RUNNING |
name={value}& STOPPING | STOPPED, DEALLOCATING,
report_title={value}& DEALLOCATED,
output_format={pdf|html|mht|xml|csv}& UNKNOWN.}&
hide_header={0|1}& (for CSV only) azure_vm_id={value}&
pdf_password={passwd)&
recipient_group={group,group… 50 max}& display_ag_titles={0|1}&
recipient_group_id={distgroup1,distgroup2}& ports={value}&
source={asset_groups|business_unit}& services={value}&

23
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API

qids={value}& asset_groups={value}&
qid_with_text={value}& asset_group_ids={value}&
qid_with_modifier={beginning with| network={value}&
containing|matching|ending with}& ips={value}xml}&
use_tags={0|1}& tag_set_by={name|id}&
tag_set_by={id|name}& tag_include_selector={ALL|ANY}&
tag_include_selector={any|all}& tag_set_include={value}&
tag_exclude selector={any|all}& tag_exclude_selector={ALL|ANY}&
tag_set_include={value}& tag_set_exclude={value}&
tag_set_exclude={value}& host_with_cloud_agents= {all|scan|agent}&
first_found_days={value}& display_text_summary={0|1}&
first_found_modifier={within|not within}& graph_business_risk={0|1}&
last_vm_scan_days={value}& graph_vuln_over_time={0|1}&
last_vm_scan_modifier={within|not within}& graph_status={0|1}&
last_pc_scan_days={value}& graph_potential_status={0|1}&
last_pc_scan_modifier={within|not within}& graph_severity={0|1}&
dns_name={value}& Display
dns_modifier={beginning with| graph_potential_severity={0|1}&
containing|matching|ending with|not empty}& graph_ig_severity={0|1}&
netbios_name={value}& graph_top_categories={0|1}&
netbios_modifier={beginning with| graph_top_vulns={0|1}&
containing|matching|ending with|not empty}& graph_os={0|1}&
os_cpe_name={value}& graph_services={0|1}&
os_cpe_modifier={beginning with| graph_top_ports={0|1}&
containing|matching|ending with|not empty}& display_custom_footer={0|1}&
os_name={value}& display_custom_footer_text={value}&
os_modifier={beginning with| sort_by={host|vuln|os|group|service|port}&
containing|matching|ending with}& cvss={all|cvssv2|cvssv3}&
Notes: *ec2_instance_id_modifier is valid only host_details={0|1}&
when metadata_ec2_instances={0|1}&
*ec2_instance_id is specified cloud_provider_metadata={0|1}&
qualys_system_ids={0|1}&
Report Templates include_text_summary={0|1}&
include_vuln_details={0|1}&
include_vuln_details_threat={0|1}&
Scan Template
include_vuln_details_impact={0|1}&
Create Scan Template (POST) include_vuln_details_solution={0|1}&
/api/2.0/fo/report/template/scan/ include_vuln_details_vpatch={0|1}&
include_vuln_details_compliance={0|1}&
action=create include_vuln_details_exploit={0|1}&
report_format=xml include_vuln_details_malware={0|1}&
title={value}& include_vuln_details_results={0|1}&
owner={value}& include_vuln_details_reopened={0|1}&
Target include_vuln_details_appendix={0|1}&
scan_selection={HostBased|ScanBased}& include_trurisk_details={0|1}
include_trending={0|1}& exclude_account_id={0|1}&
limit_timeframe={0|1}& Filters
selection_type={day|month|weeks|date|none|s selective_vulns={complete|custom}&
cans}& search_list_ids={value}&
selection_range={1|3|5|7|15|30|60|90}&

24
 Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API

exclude_qid_option={0|1}& PCI Scan Template API

exclude_search_list_ids={value}&
included_os={value}& Notes: Go to Scan Template API. The same
status_new={0|1}& parameters used to define PCI Scan Template
status_active={0|1}& settings. All parameters (all are optional).In
status_reopen={0|1}& addition the following parameters are used.
status_fixed={0|1}& Create PCI Scan Template (POST)
vuln_active={0|1}&
/api/2.0/fo/report/template/pciscan/
vuln_disabled={0|1}&
vuln_ignored={0|1}& action=create
potential_active={0|1}& report_format=xml
potential_disabled={0|1}& custom_pci_ranking={0|1}&
potential_ignored={0|1}& customized_ranking_medium_from={0|1|2|3|4|
ig_active={0|1}& 5|6|7|8|9|10}&
ig_disabled={0|1}& customized_ranking_high_from={0|1|2|3|4|5|6|
ig_ignored={0|1}& 7|8|9|10}&
display_non_running_kernels={0|1}& customized_ranking_comments={value}&
exclude_non_running_kernel={0|1}& customized_ranking_qid_searchlist_commen
exclude_non_running_services={0|1}& ts={<search list id1/name1> | <SEVERITY> |
exclude_qids_not_exploitable_due_to_config <comments>,<search list id2/name2> |
uration={0|1}& SEVERITY> | <comments>}&
exclude_superceded_patches={0|1}&
Update PCI Scan Template (PUT)
categories_list={value}&
Services and Ports /api/2.0/fo/report/template/pciscan/
required_services={value}& action=update
unauthorized_services={value}& report_format=xml
required_ports={value}& template_id={value}&
unauthorized_ports={value}&
User Access Delete PCI Scan Template (POST)
global={0|1}& /api/2.0/fo/report/template/pciscan/
report_access_users={value}&
action=delete
Update Scan Template (PUT) template_id={value}&
/api/2.0/fo/report/template/scan/ Export PCI Scan Template (GET)
template_id={value}& /api/2.0/fo/report/template/pciscan/
action=update
action=export
report_format=xml&
report_format=xml
Delete Scan Template (POST) template_id={value}&
/api/2.0/fo/report/template/scan/
Patch Template
action=delete
template_id={value}& Create Patch Template (POST)
/api/2.0/fo/report/template/patch/
Export Scan Template (GET)
/api/2.0/fo/report/template/scan/ action=create
report_format=xml
action=export title={value}&
report_format=xml owner={value}&
template_id={value}& Target

25
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API

patch_evaluation={qidbased|classic}& Delete Scan Template (POST)

asset_groups /api/2.0/fo/report/template/patch/
asset_group_ids={value}&
tag_set_by={name|id}& action=delete
tag_include_selector={ALL|ANY}& template_id={value}&
tag_set_exclude={value}& Export Scan Template (GET)
tag_exclude_selector={ALL|ANY}&
/api/2.0/fo/report/template/patch/
network={value}&
ips={value}& action=export
Display report_format=xml
group_by={HOST|PATCH|OS|AG}& template_id={value}&
include_table_of_qids_fixed={0|1}&
include_patch_links={0|1}& Map Template
include_patches_from_unspecified_vendors={
0|1}& Create Map Template (POST)
include_cloud_metadata={0|1}& /api/2.0/fo/report/template/map/
patch_severity_by={assigned|highest}& action=create
patch_cvss_score_by={assigned|highest| report_format=xml
none}& title={value}&
cvss={all|cvssv2|cvssv3}& owner={value}&
display_custom_footer={0|1}& global={0|1}&
display_custom_footer_text={value}& Display
exclude_account_id={0|1}& map_sort_by={ipaddress|dns|netbios|router|o
Filters peratingsystem}&
selective_vulns={complete|custom}& map_related_info_lastscandate={0|1}&
search_list_ids={value}& map_related_info_assetgroups={0|1}&
exclude_qid_option={0|1}& map_related_info_authenticationrecords={0|1
exclude_search_list_ids={value}& }&
display_non_running_kernels={0|1}& map_related_info_discoverymethod={0|1}&
exclude_non_running_kernel={0|1}& display_custom_footer={0|1}&
exclude_non_running_services={0|1}& display_custom_footer_text={value}&
exclude_qids_not_exploitable_due_to_config map_exclude_account_id={0|1}&
uration={0|1}& Filters
selective_patches={complete|custom}& map_included_hosttypes_innetblock={0|1}&
exclude_patch_qid_option={0|1}& map_included_hosttypes_scannable={0|1}&
patch_search_list_ids={value}& map_included_hosttypes_live={0|1}&
exclude_patch_search_list_ids={value}& map_included_hosttypes_approved={0|1}&
found_since_days={7|30|90|365|NoLimit}& map_included_hosttypes_outofnetblock={0|1}
User Access &
global={0|1}& map_included_hosttypes_notscannable={0|1}
report_access_users={value}& &
Update Scan Template (PUT) map_included_hosttypes_notlive={0|1}&
map_included_hosttypes_rogue={0|1}&
/api/2.0/fo/report/template/patch/ Included Discovery Methods
action=update map_idm_tcp={0|1}&
report_format=xml map_idm_udp={0|1}&
template_id={value}& map_idm_traceroute={0|1}&
map_idm_other={0|1}&
map_idm_dns={0|1}&

26
 Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API

map_idm_icmp={0|1}& overdue={0|1}&
map_idm_auth={0|1}& invalid={0|1}&
Included Status Levels states={OPEN|RESOLVED|CLOSED|
map_included_statuses_added={0|1}& IGNORED}&
map_included_statuses_removed={0|1}& modified_since_datetime={date/time}&
map_included_statuses_active={0|1}& ips={ip,range…}&
dns_exclusions={none|DNS|DNS-DNSZone}& asset_groups={value,value…}&
included_os={value}& dns_contains={string}&
netbios_contains={string}&
Update Map Template (PUT) vuln_severities={1,2,3,4,5}&
/api/2.0/fo/report/template/map/ potential_vuln_severities={1,2,3,4,5}&
action=update qids={value,value… 10 max}&
report_format=xml vuln_title_contains={string}&
template_id={value}& vuln_details_contains={string}&
vendor_ref_contains={string}&
Delete Map Template (POST) network_id={value}&
/api/2.0/fo/report/template/map/
ticket_list_deleted.php? (GET + POST)
action=delete ticket_numbers={num,range…}&
template_id={value}& since_ticket_number={num}&
Export Map Template (GET) until_ticket_number={num}&
deleted_since_datetime={date/time}&
/api/2.0/fo/report/template/map/
deleted_before_datetime={date/time}&
action=export
report_format=xml Ignore Vulnerability
template_id={value}&
/ignore_vuln/index.php (GET +POST)
action={ignore|restore}&
Remediation qids={value,value… 10 max}&
comments={value}&
ticket_list.php? (GET + POST) (*)asset_groups={value,value…}&
{ticket-selection} (*)ips={ip,range…}&
show_vuln_details={0|1}& (*)tag_set_include={value}&
(*)tag_set_exclude={value}&
ticket_edit.php? (GET + POST) (*)tag_set_by={id|name}&
{ticket-selection} (*)tag_include_selector={all|any}&
change_assignee={login}& (*)tag_exclude_selector={all|any}&
change_state={OPEN|RESOLVED|IGNORED} (*)use_ip_nt_range_tags_include={0|1}&
reopen_ignored_days={value}& (*)use_ip_nt_range_tags_exclude={0|1}&
add_comment={value}& (*)dns_contains={string}&
network_id={value}& (*)netbios_contains={string}&
reopen_ignored_days={1-730}&
ticket_delete.php? (GET + POST) reopen_ignored_date={date}&
{ticket-selection} network_id={value}&
Notes: One of these (*) is required
{ticket-selection}:
ticket_numbers={num,range…}&
since_ticket_number={num}&
until_ticket_number={num}&
ticket_assignee={login}&

27
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API

Compliance Info action={add_asset_group_ids|

set_asset_group_ids|remove_asset_group_ids}&
Controls / Policies echo_request={0|1}&
id={value}&
List Controls: (GET + POST) asset_group_ids={value}&
/api/2.0/fo/compliance/control/ evaluate_now={0|1}&
action={list}& Policy - Manage Asset Tags: (POST)
echo_request={0|1}& /api/2.0/fo/compliance/policy/
details={Basic|All|None}&
ids={id,range…}& action={add_asset_tags|
id_min={id}& set_asset_tags|remove_asset_tags}&
id_max={id}& id={value}&
updated_after_datetime={date/time}& evaluate_now={0|1}&
created_after_datetime={date/time}& tag_include_selector={all| any}&
truncation_limit={value} tag_exclude_selector={all |any}&
tag_set_by={id|name}&
List Policies: (GET + POST) tag_set_include={tag id|name}&
/api/2.0/fo/compliance/policy/ tag_set_exclude={tag id|name}
/api/2.0/fo/compliance/fdcc/policy/ List Posture Info: (GET + POST)
action={list}& /api/2.0/fo/compliance/posture/info/
echo_request={0|1}& action={list}&
details={Basic|All|None}& policy_id={id} or policy_ids={id1,id2,…}&
ids={id,range…}& echo_request={0|1}&
id_min={id}& output_format={xml|csv|csv_no_metadata}
id_max={id}& details={Basic|Light|All|None}&
updated_after_datetime={date/time}& hide_evidence={0|1}&
created_after_datetime={date/time}& show_extended_evidence={0|1}&
Policy Export: (GET + POST) ips={ip,range…}&
host_ids={id,id…}&
/api/2.0/fo/compliance/policy/ control_ids={id,id…}&
action=export& ids={id,range…}&
echo_request={0|1}& id_min={id}&
id={value}& -or- title={value}& id_max={id}&
show_user_controls={0|1}& status_changes_since={date/time}&
show_appendix = {0|1} evaluation_date={date/time}&
IS_CONTROL_DISABLE asset_group_ids={value}
status={Passed|Failed|Error}&
Policy Import: (POST)
show_remediation_info={0|1}&
/api/2.0/fo/compliance/policy/ truncation_limit={value}&
action=import& cause_of_failure={0|1}&
echo_request={0|1}& criticality_labels={value}&
xml_file& criticality_values={value}&
title={value}& include_dp_name={value}&
create_user_controls={0|1}& tag_set_by={id|name}&
tag_include_selector={all|any}&
Policy - Manage Asset Groups: (POST) tag_exclude_selector={all|any}&
/api/2.0/fo/compliance/policy/ tag_set_include={value}&
tag_set_exclude={value}&

28
 Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API

filter_hosts={0|1}& status={value}&
control_id={value}&
Notes: Up to 10 policies for “policy_ids”. control_statement={value}&
policy_id={value}&
Get Policy List (GET) technology_name={value}&
/pcrs/1.0/posture/policy/list assignee_id={value}&
Note: This API requires Request header: created_by={value}&
Authorization <token>. modified_by={value}&
details={Basic|All|None}&
lastEvaluationDate={date}& is_active={0|1}&
Resolve Host IDs (GET) created_after_date={mm/dd/yyyy}&
updated_after_date={mm/dd/yyyy}&
/pcrs/1.0/posture/hostids
expired_before_date={mm/dd/yyyy}&
Note: This API requires Request header: expired_after_date={mm/dd/yyyy}&
Authorization <token>. exception_numbers={value}&
policyId={value}& exception_number_min={value}&
exception_number_max={value}&
Get Posture Info (POST) truncation_limit={value}&
/pcrs/1.0/posture/postureInfo
Request Exceptions: (POST)
Note: This API requires Request header: /api/2.0/fo/compliance/exception/
Authorization <token> and Request Body.
action={request}&
compressionRequired={0|1}& control_id={value}&
evidenceRequired=0|1}& host_id={value}&
lastEvaluationDate={date}& policy_id={value}&
lastScanDate={date}& technology_id={value}&
Policy Merge: (GET + POST) instance_string={value}&
assignee_id={value}&
/api/2.0/fo/compliance/policy/ comments={value}&
action={merge}& reopen_on_evidence_change={0|1}&
id={id}&
merge_policy_id={id} or {policy XML data}& Update Exceptions: (POST)
replace_cover_page={0|1}& /api/2.0/fo/compliance/exception/
replace_asset_groups={0|1}&
add_asset_groups={0|1}& action={update}&
add_new_technologies={0|1}& exception_numbers={value}&
add_new_controls={0|1}& comments={value}&
update_section_heading={0|1}& reassign_to={value}&
update_existing_controls={0|1}& reopen_on_evidence_change={0|1}&
preview_merge={0|1}& status={Pending|Approved|Rejected}&
end_date={mm/dd/yyyy}&
Exceptions Delete Exceptions: (POST)
List Exceptions: (GET + POST) /api/2.0/fo/compliance/exception/
/api/2.0/fo/compliance/exception/ action={delete}&
exception_numbers={value}&
action={list}&
exception_number={value}&
ip={value}&
network_name={value}&

29
Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API

ARF Report action={list}&

echo_request={0|1}
SCAP Scan Results: (GET + POST) details={Basic|All|None}
/api/2.0/fo/compliance/scap/arf/ ids={value}
scan_id={id}& id_min={value}
ips={ip,range…}& id_max={value}
ips_network_id={value}&
Users
Cyberscope Report
user.php? (GET + POST)
SCAP Scan Results: (GET + POST) Add User:
/api/2.0/fo/asset/host/cyberscope/fdcc/scan/
action={add}&
scan_id={id}& send_email={0|1}&
scan_ref={ref}& user_role={manager|unit_manager|scanner|
ips={ip,range…}& reader|contact|administrator}&
organisation_name1={name1}& business_unit={Unassigned|{value}}&
organisation_name2={name2}&
organisation_name3={name3}& Edit User:
action={edit}&
Notes: “scan_id” or “scan_ref” is required. login={login}&
SCAP Policy Results: (GET + POST) Permissions Info (Add or Edit User):
/api/2.0/fo/asset/host/cyberscope/fdcc/policy/ asset_groups={value,value…}&
policy_id={id}&
ips={ip,range…}& Notes: 1) “asset_groups” applies only to Scanner,
ag_ids={id,id…}& Reader and Contact.
organisation_name1={name1}& General Info (Add or Edit User):
organisation_name2={name2}&
organisation_name3={name3}& first_name={value}&
last_name={value}&
Notes: All FDCC scanned hosts for the FDCC
policy are included unless the filters “ip” and/or title={value}&
phone={value}&
“ag_ids” are specified.
fax={value}&
SCAP Global Results: (GET + POST) email={value}&
/api/2.0/fo/asset/host/cyberscope/ address1={value}&
address2={value}&
ips={ip,range…}& city={value}&
ag_ids={id,id…}& country={value}&
organisation_name1={name1}& state={value}&
organisation_name2={name2}& zip_code={value}&
organisation_name3={name3}& external_id={value}&
time_zone_code={code or null to set to
Notes: “ips” or “ag_ids” is required. VM scan data browser’s timezone}&
is reported in the datapoint <sr:DataPoint id:
”vulnerability_managment_product_vulnerabilitie Notes: 1) Required contact info for add request in
s”> bold above. For edit request, all contact info is
SCAP Policy List: (GET + POST) optional. 2) “state” is required for some country
codes.
/api/2.0/fo/compliance/fdcc_policy/

30
 Qualys API Quick Reference Guide
Vulnerability Management and Policy Compliance API

Activate/Deactivate Request: Activity Log v1

action={activate|deactivate}&
action_log_report.php Function
login={login}&
(/msp/action_log_report.php)
user_list.php? (GET + POST)
action={list}&
external_id_contains={string}& date_from={YYYY-MM-DD HH:ii:ss}
external_id_assigned={0|1}& date_to={YYYY-MM-DD HH:ii:ss}
action_log_report.php? (GET POST) user_login={value}
date_from={date/time}&
date_to={date/time}&
user_login={login}&
password_change.php? (GET POST)
user_logins={login,login…|all}&
email={0|1}&

Activity Log v2
(/api/2.0/fo/activity_log/)
Export user activity log (GET + POST)
action={list}&
user_action={value}&
action_details={user_logged in|user_logged
out}&
username={value}&
user_role={Manager|Unit
Manager|Auditor|Scanner|Reader|KnowledgeB
ase Only|Remediation User|Contact}&
since_datetime={YYYY-MM-DD HH:ii:ss}&
until_datetime={YYYY-MM-DD HH:ii:ss}&
output_format=CSV
truncation_limit={value}&

31
Qualys API Quick Reference Guide
Cloud Agent API

Cloud Agent API Filters (optional):

id (Long)
name (String)
Use these API calls to manage, activate, and created (Date)
configure your cloud agents. updated (Date)
Agent Management | Activation Key | Configuration tagName (String) /Cloud Agent
Profile
Notes: To activate all agents installed, nothing
Looking for more information? other than the filter tagName EQUALS Cloud
Qualys Cloud Agent API User Guide Agent is recommended. The more filters added to
the request we’ll activate a more refined list of
agents.
Agent Management
Current agent count Deactivate a single agent
/qps/rest/2.0/count/am/hostasset (POST) /qps/rest/2.0/deactivate/am/asset/<id>?module=

Filters (optional): <value>,<value> (POST)

id (Long) *see module parameter values
name (String)
created (Date) Deactivate agents in bulk
updated (Date)
tagName (String) /Cloud Agent /qps/rest/2.0/deactivate/am/asset?module=
<value>,<value> (POST)
Notes: To get a count of agents installed, nothing
*see module parameter values
other than the filter tagName EQUALS Cloud
Agent is recommended. The more filters added to Filters (optional):
the request will result in a more refined count. id (Long)
name (String)
List agents created (Date)
updated (Date)
/qps/rest/2.0/search/am/hostasset (POST) tagName (String) /Cloud Agent
Required:
tagName (String) /Cloud Agent Notes: To deactivate all agents installed, nothing
Optional: other than the filter tagName EQUALS Cloud
Click here for AM and Tagging API User Guide Agent is recommended. The more filters added to
the request we’ll deactivate a more refined list of
Activate a single agent agents.

/qps/rest/2.0/activate/am/asset/<id>?module= *module parameter values

<value>,<value>(POST)
These values are supported:
*see module parameter values
AGENT_VM - for VM module
Activate agents in bulk AGENT_PC - for PC module

/qps/rest/2.0/activate/am/asset?module=<value>, AGENT_FIM - for FIM module

<value> (POST) AGENT_IOC - for IOC module
*see module parameter values

32
 Qualys API Quick Reference Guide
Cloud Agent API

Uninstall a single agent Update an activation key

/qps/rest/2.0/uninstall/am/asset/<id> (POST) /qps/rest/1.0/update/ca/agentactkey/<id> (POST)
Filters (optional):
Uninstall agents in bulk id (Integer)
/qps/rest/2.0/uninstall/am/asset (POST) type (string)
countPurchased (Integer)
Filters (optional): expireDate (Date)
id (Long) modules (string)
name (String) tags (string)
created (Date) isDisabled (boolean)
updated (Date) applyOnAgents (boolean)
tagName (String) /Cloud Agent

Notes: The use of NOT EQUALS operator is not Configuration Profile

supported during agent uninstall. This is to avoid
unintended consequences of Tags and Assets Get a single configuration profile
being deleted or updated. /qps/rest/1.0/get/ca/agentconfig/<id> (GET)

Activation Key Search configuration profiles

/qps/rest/1.0/search/ca/agentconfig/ (POST)
Get a single activation key
Filters (optional):
/qps/rest/1.0/get/ca/agentactkey/<id> (GET) name (string)
id (Integer)
Search activation keys
/qps/rest/1.0/search/ca/agentactkey/ (POST) Create a configuration profile
Filters (optional): /qps/rest/1.0/create/ca/agentconfig/ (POST)
type (string) Filters (optional):
countPurchased (Integer)
name (string)
expireDate (Date)
description (string)
modules (string)
priority (Integer)
tags (string)
isDefault (Integer)
isDisabled (boolean)
suspendScanning (boolean)
tags (string)
Create an activation key blackoutConfig (string)
/qps/rest/1.0/create/ca/agentactkey/ (POST) performanceProfile (string)
id (Integer)
Filters (optional):
type (string)
Delete a configuration profile
countPurchased (Integer)
expireDate (Date) /qps/rest/1.0/delete/ca/agentconfig/<id> (POST)
modules (string)
tags (string)

Delete an activation key

/qps/rest/1.0/delete/ca/agentactkey/<id> (POST)

33
Qualys API Quick Reference Guide
Cloud Agent API

Update a configuration profile

/qps/rest/1.0/update/ca/agentconfig/ (POST)
Filters (optional):
name (string)
description (string)
priority (Integer)
isDefault (Integer)
suspendScanning (boolean)
tags (string)
blackoutConfig (string)
performanceProfile (string)
id (Integer)

34
 Qualys API Quick Reference Guide
Asset Management & Tagging API

Asset Management & tracking_method={value}&

enable_vm={0|1}&
Tagging API enable_pc={0|1}&
owner={value}&
Use these API calls to manage assets, tags and ud1 | ud2 | ud3={value}&
access to your assets. comment={value}&
ag_title={value}&
Networks | Assets| Asset Groups | Tag | Host Asset |
Asset | Host Instance Vulnerability | Asset Data Update IPs: (POST)
Connector | Asset Data Connector | AWS Asset Data action={update}&
Connector | AWS Authentication Record echo_request={0|1}&
Looking for more information? ips={value} –or- {POSTed CVS raw data}&
network_id={value}&
Qualys API (VM, PC) User Guide tracking_method={value}&
Qualys API (VM, PC) XML/DTD Reference host_dns={name} -or- host_netbios={name}&
Qualys Asset Management & Tagging API User Guide owner={value}&
ud1={value}&
ud2={value}&
Networks ud3={value}&
/api/2.0/fo/network/ comment={value}&

Network List: (GET + POST) Host Assets

action={list}&
/api/2.0/fo/asset/host/
echo_request={0|1}&
ids={id1,id2…}& Host List: (GET + POST)
Network: (POST) action={list}&
echo_request={0|1}&
action={create|update}&
details={Basic|Basic/AGs|All|All/AGs|None}&
name={value}&
show_asset_id={0|1}&
echo_request={0|1}&
ips={ip,range…}&
ipv6={ip,range…}&
Assets ids={id,range…}&
ag_ids={value,value…}&
IP Assets ag_titles={value,value…}&
id_min={id}&
/api/2.0/fo/asset/ip/
id_max={id}&
List IPs: (GET + POST) no_vm_scan_since={date/time}&
action={list}& vm_scan_since={date/time}&
echo_request={0|1}& no_compliance_scan_since={date/time}&
ips={ip,range…}& compliance_scan_since={date/time}&
tracking_method={IP|DNS|NETBIOS}& vm_processed_before={date}&
compliance_enabled={0|1}& vm_processed_after={date}&
network_id={id}& vm_scan_date_before={date}&
certview_enabled={0|1} vm_scan_date_after={date}&
vm_auth_scan_date_before={date}&
Add IPs: (POST) vm_auth_scan_date_after={date}&
action={add}& compliance_enabled={0|1}&
echo_request={0|1}& os_pattern={PCRE regex}&
ips={value} –or- {POSTed CVS raw data}& use_tags={0|1}&

35
Qualys API Quick Reference Guide
Asset Management & Tagging API

tag_set_by={id|name}& no_compliance_scan_since={date/time}&
tag_include_selector={all|any}& data_scope={vm|pc|vm,pc}&
tag_exclude_selector={all|any}& compliance_enabled={0|1}&
tag_set_include={value}& os_pattern={PCRE regex}&
tag_set_exclude={value}& network_ids={id1,id2…}&
show_tags={0|1}&
truncation_limit={value}& Notes: If compliance_enabled=1 is specified in the
network_ids={id1,id2…}& same request as data_scope, then vulnerability
host_metadata={all|ec2|google|azure}& and compliance data will both be purged
host_metadata_fields={value1,value2}& regardless of the data_scope value.
show_cloud_tags={0|1}&
cloud_tag_fields={value}& Patch List: (GET)
show_ars={0|1}& host_id={value}&
ars_min={value}& output_format={xml}&
ars_max={value}&
show_ars_factors={0|1}& Host Detection Assets
show_trurisk={0|1}&
/api/2.0/fo/asset/host/vm/detection/
trurisk_min={value}&
trurisk_max={value}& Host Detection List: (GET + POST)
show_trurisk_factors={0|1}& action={list}&
echo_request={0|1}&
Host Update: (POST) show_asset_id={0|1}&
ids={id,range…}&
action={update}&
id_min={id}&
echo_request={0|1}&
id_max={id}&
ips={ip,range…}&
ips={ip,range…}&
ids={value}&
ipv6={ip,range…}&
ag_ids={value,value…}&
include_vuln_type={confirmed|potential}&
ag_titles={value,value…}&
ag_ids={value,value…}&
network_id={value}&
ag_titles={value,value…}&
network_name={value}&
use_tags ={0|1}&
tracking_method={value}&
tag_set_by={id|name}&
host_dns={value}&
tag_include_selector={all|any}&
host_netbios={value}&
tag_exclude_selector={all|any}&
new_tracking_method={value}&
tag_set_include={value}&
new_owner={value}&
tag_set_exclude={value}&
new_ud1={value}&
show_tags={0|1}&
new_ud2={value}&
vm_scan_since={date/time}&
new_ud3={value}&
no_vm_scan_since={date/time}&
new_comment={value}&
max_days_since_last_vm_scan={date|time}&
compliance_enabled={0|1}&
Purge Hosts: (POST) os_pattern={PCRE regex}&
action={purge}& qids={value}&
echo_request={0|1}& severities={value}&
*ips={ip,range…}& show_igs={0|1}&
*ids={id,range…}& show_results={0|1}&
*ag_ids={value,value…}& show_reopened_info={0|1}&
*ag_titles={value,value…}& output_format={XML|CSV|
no_vm_scan_since={date/time}&

36
 Qualys API Quick Reference Guide
Asset Management & Tagging API

CSV_NO_METADATA|CSV_NO_METADATA_ echo_request={0|1}&
MS_EXCEL|CSV_MS_EXCEL}& ips={ip,range…}&
suppress_duplicated_data_from_csv={0|1}& network_id={id}&
truncation_limit={value}&
status={New,Active,Re-Opened,Fixed}& Filter by asset groups:
*include_search_list_titles={value}& ag_ids={value}&
*exclude_search_list_titles={value}& ag_titles={value}&
*include_search_list_ids={value}&
*exclude_search_list_ids={value}& Notes: “ag_ids” and “ag_titles” are mutually
active_kernels_only={0|1|2|3}& exclusive and cannot be specified together.
network_ids={id1,id2…}&
Filter by asset tags:
dectection_processed_before={date}&
use_tags={0|1}&
dectection_processed_after={date}&
tag_include_selector={any|all} &
detection_updated_before={date}&
tag_exclude_selector={any|all}&
detection_updated_since={date}&
tag_set_by={id|name}&
max_days_since_detection_updated={value}&
tag_set_include={value}&
detection_last_tested_since={date}&
tag_set_exclude={value}&
detection_last_tested_since_days={value}&
detection_last_tested_before={date}&
Notes: “use_tags=1” must be specified with other
detection_last_tested_before_days={value}&
tag filter parameters.
host_metadata={all|ec2|google|azure}&
host_metadata_fields={value1,value2}& Excluded Hosts Change History: (GET +
show_cloud_tags={0|1}& POST)
cloud_tag_fields={value}& /api/2.0/fo/asset/excluded_ip/history/
filter_superseded_qids={0|1}&
action={list}&
show_qds={0|1}&
echo_request={0|1}&
qds_min={value}&
ips={ip,range…}&
qds_max={value}&
ids={id,range…}&
show_qds_factors={0|1}&
id_min={id}&
id_max={id}&
Notes: 1) *include/exclude cannot be specified
network_id={id}&
with “qids” or “severities” in same request. Search
list titles and IDs cannot be included/excluded in Manage Excluded Hosts: (POST)
the same request. “show_igs” is required if /api/2.0/fo/asset/excluded_ip/
included search lists contain only Information
Gathered. action={add|remove|remove_all}&
echo_request={0|1}&
2) A request with “max_days_since_vm_scan” ips={ip,range…}&
cannot also include “vm_scan_since” or comment={value}&
“no_vm_scan_since”. expiry_days={value}& (for action=add)
3) A request with dg_names={value}& (for action=add)
“max_days_since_detection_updated” cannot also network_id=(value)&
include “detected_updated_since”.
Notes: “ips” is invalid for “remove_all”.
Excluded Hosts
Virtual Host Assets
Excluded Hosts List: (GET + POST)
/api/2.0/fo/asset/excluded_ip/ /api/2.0/fo/asset/vhost/

action={list}&

37
Qualys API Quick Reference Guide
Asset Management & Tagging API

Virtual Host List: (GET + POST) Restricted IPs

action={list}&
/api/2.0/fo/setup/restricted_ips/
echo_request={0|1}&
ip={ip}& Manage Restricted IPs: (GET + POST)
port={port}& action={list|activate|add|delete|replace|clear}
Virtual Host: (POST) &
echo_request={0|1}&
action={create|update|delete|add_fqdn| enable={0|1}&
delete_fqdn}& ips={value} or CSV raw data upload&
echo_request={0|1}& output_format={CSV|XML}
ip={ip}&
port={port}&
fqdn={fqdn}&
Asset Data
Notes: “fqdn” is invalid for “delete_fqdn”. asset_data_report.php? (GET)
template_title={value}&
IPv6 Host Assets template_id={value}&
/api/2.0/fo/asset/ip/v4_v6/
Notes: one parameter is required
IPv6 Mapping Records List: (GET + POST)
asset_range_info.php? (GET)
action={list}&
echo_request={0|1}& target_ips={ip,range…}&
id_min={id}& target_asset_groups={value,value…}&
id_max={id}&
ipv4_filter={value}& Notes: one or both parameters is required
ipv6_network={value}& get_host_info.php? (GET)
output_format={csv|xml}&
host_ip={ip}&
truncation_limit={value}&
host_dns={hostname}&
host_netbios={hostname}&
Notes: Subscription authorization is required.
vuln_severity={1,2,3,4,5|all|none}&
Add IPv6 Mapping Records: (POST) potential_vuln_severity={1,2,3,4,5|all|none}&
action={add}& ig_severity={1,2,3,4,5|all|none}&
echo_request={0|1}& general_info={0|1}&
csv_data={value}& vuln_details={0|1}&
xml_data={value}& ticket_details={0|1}&
all_or_nothing={0|1}&
Notes: One of these parameters is required:
Notes: Subscription authorization is required to host_ip or host_dns or host_netbios
use. “csv_data” or “xml_data” is required
Remove IPv6 Mapping Records: (POST)
Asset Groups
action={remove}& /api/2.0/fo/asset/group/
echo_request={0|1}&
Asset Group List: (GET + POST)
csv_data={value}&
xml_data={value}& action={list}&
Notes: Subscription authorization is required to echo_request={0|1}&
use. “csv_data” or “xml_data” is required ids={id,id,id…}&
id_min={id}&
id_max={id}&

38
 Qualys API Quick Reference Guide
Asset Management & Tagging API

truncation_limit={value}& add|remove|set_appliance_ids={value}&
network_ids={id,id,id…}& set_default_appliance_id={value}&
unit_id={value}& add|remove|set_domains={value}&
user_id={value}& add|remove|set_dns_names={value}&
show_attributes={None or All or a comma- add|remove|set_netbios_names={value}&
separated list of: TITLE, OWNER, set_cvss_enviro_cdp={high|medium-high|low-
OWNER_USER_NAME, NETWORK_IDS, medium|low|none}&
LAST_UPDATE, IP_SET, APPLIANCE_LIST, set_cvss_enviro_td={high|medium|low|none}
DOMAIN_LIST, DNS_LIST, NETBIOS_LIST, &
EC2_ID_LIST, HOST_IDS, USER_IDS, UNIT_IDS, set_cvss_enviro_cr={high|medium|low}&
BUSINESS_IMPACT, CVSS, COMMENTS} set_cvss_enviro_ir={high|medium|low}&
set_cvss_enviro_ar={high|medium|low}&
Add Asset Group: (POST)
action={add}&
echo_request={0|1}&
Tag
title={value}&
network_id={value}& Get details on a tag
comments={value}& /qps/rest/2.0/get/am/tag<id> (GET + POST)
division={value}&
Required:
location={value}&
id (long)
function={value}&
business_impact={critical|high|medium|low|
none}& Create a tag
ips={value}& /qps/rest/2.0/create/am/tag (POST)
appliance_ids={value}&
default_appliance_id={value}& Update a tag
domains={value}&
dns_names={value}& /qps/rest/2.0/update/am/tag/<id> (POST)
netbios_names={value}& /qps/rest/2.0/update/am/tag (POST)
cvss_enviro_cdp={high|medium-high|low-
medium|low|none}&
Search tags
cvss_enviro_td={high|medium|low|none}&
cvss_enviro_cr={high|medium|low}& /qps/rest/2.0/search/am/tag (POST)
cvss_enviro_ir={high|medium|low}&
Filters:
cvss_enviro_ar={high|medium|low}&
id (Long)
Edit/Delete Asset Group: (POST) name (string)
parent (long)
action={edit}&
ruleType (STATIC, GROOVY, OS_REGEX,
echo_request={0|1}&
NETWORK_RANGE, NAME_CONTAINS,
id={value}&
INSTALLED_SOFTWARE, OPEN_PORTS,
{Edit only parameters below}
VULN_EXIST, ASSET_SEARCH)
set_title={value}&
color (string formatted as #FFFFFF where F
set_comments={value}&
can be any value between color (0-9 and A-F)
set_division={value}&
set_location={value}&
set_function={value}& Count tags
set_business_impact={critical|high|medium|lo /qps/rest/2.0/count/am/tag (POST)
w
|none }&
add|remove|set_ips={value}&

39
Qualys API Quick Reference Guide
Asset Management & Tagging API

Delete tag lastVulnScan (date)

lastComplianceScan (date)
/qps/rest/2.0/delete/am/tag/<id> (POST) informationGatheredUpdated (date)
/qps/rest/2.0/delete/am/tag (POST) os (string)
dnsHostName (string)
Evaluate tag netbiosName (string)
netbiosNetworkID (string)
/qps/rest/2.0/evaluate/am/tag/<id> (POST) networdGuid (string)
/qps/rest/2.0/evaluate/am/tag (POST) trackingMethod (AssetTrackingMethod)
port (integer)
installedSoftware (string)
List users with their tags
Count host assets
Get details on a user
/qps/rest/2.0/count/am/hostasset (GET + POST)
/qps/rest/2.0/get/admin/user<id> (GET + POST)
Required: Delete host asset
id (long)
/qps/rest/2.0/delete/am/hostasset/<id> (POST)
Search users /qps/rest/2.0/delete/am/hostasset/ (POST)
/qps/rest/1.0/search/admin/user (GET + POST)
Activate host asset
Count users /qps/rest/2.0/activate/am/hostasset/<id>?module
=QWEB_VM (POST)
/qps/rest/2.0/count/admin/user (POST)
/qps/rest/2.0/activate/am/hostasset?module=QW
EB_VM (POST)
/qps/rest/2.0/activate/am/hostasset/<id>?module
Host Asset =QWEB_PC (POST)
Get details on a host asset /qps/rest/2.0/activate/am/hostasset?module=QW
EB_PC (POST)
/qps/rest/2.0/get/am/hostasset/<id> (GET + POST)
Required: Asset
id (long)
Get details on an asset
Create a host asset
/qps/rest/2.0/get/am/asset/<id> (GET + POST)
/qps/rest/2.0/create/am/hostasset (POST)
Required:
id (long)
Update host asset
/qps/rest/2.0/update/am/hostasset/<id> (POST) Update asset
/qps/rest/2.0/update/am/hostasset (POST) /qps/rest/2.0/update/am/asset/<id> (POST)
/qps/rest/2.0/update/am/asset (POST)
Search host assets
/qps/rest/2.0/search/am/hostasset (POST) Search assets
Filters: /qps/rest/2.0/search/am/asset (POST)
qwebHostId (long)

40
 Qualys API Quick Reference Guide
Asset Management & Tagging API

Filters: ruleType (STATIC, GROOVY, OS_REGEX,

id (long) NETWORK_RANGE, NAME_CONTAINS,
name (string) INSTALLED_SOFTWARE, OPEN_PORTS,
created (date) VULN_EXIST, ASSET_SEARCH)
updated (date) color (string formatted as #FFFFFF where F
type (UNKNOWN. HOST, SCANNER, WEBAPP, can be any value between color (0-9 and A-F)
MALWARE_DOMAIN)
tagName (string) Count vulnerabilities
tagId (string)
/qps/rest/2.0/count/am/hostinstancevuln (POST)
Count assets
Asset Data Connector
/qps/rest/2.0/count/am/asset (POST)
Get details on a connector
Delete asset
/qps/rest/2.0/get/am/assetdataconnector/<id>
/qps/rest/2.0/delete/am/asset/<id> (POST)
(GET + POST)
/qps/rest/2.0/delete/am/asset (POST)
Filter (optional):
Activate asset id (Integer)

/qps/rest/2.0/activate/am/asset/<id>?module=Q Update connector

WEB_VM (POST)
/qps/rest/2.0/update/am/assetdataconnector/<id
/qps/rest/2.0/activate/am/asset?module=QWEB_V > (POST)
M (POST)
/qps/rest/2.0/update/am/assetdataconnector
/qps/rest/2.0/activate/am/asset/<id>?module=Q (POST)
WEB_PC (POST)
/qps/rest/2.0/activate/am/asset?module=QWEB_P Search connectors
C (POST)
/qps/rest/2.0/search/am/assetdataconnector
(POST)
Host Instance Vulnerability
Filters:
id (long)
Get details on a vulnerability
name (string)
/qps/rest/2.0/get/am/hostinstancevuln/<id> (GET lastSync (date)
+ POST) lastError (date)
connectorState (PENDING, RUNNING,
Filter (optional):
SUCCESS or Error)
id (long)
activation (VM or PC)
defaultTags.name (string)
Search vulnerabilities defaultTag (long)
/qps/rest/2.0/search/am/hostinstancevuln (POST) disabled (Boolean)
Filters (optional):
id (long) Count connectors
name (string) /qps/rest/2.0/count/am/assetdataconnector
parentTagId (long) (POST)

41
Qualys API Quick Reference Guide
Asset Management & Tagging API

Delete connector connectorState (PENDING, RUNNING,

SUCCESS or Error)
/qps/rest/2.0/delete/am/assetdataconnector/id> activation (VM or PC)
(POST) defaultTags.name (string)
/qps/rest/2.0/delete/am/assetdataconnector allRegions (Boolean)
(POST) serviceType (AwsServiceType)
endpoint.region (string)
Run connector authRecord (long)
authRecord.name (string)
/qps/rest/2.0/run/am/assetdataconnector/<id> disabled (Boolean)
(POST)
/qps/rest/2.0/run/am/assetdataconnector/<id> Count AWS connectors
(POST)
/qps/rest/2.0/count/am/awsassetdataconnector
(POST)
AWS Asset Data Connector
Delete AWS connector
Get details on an AWS connector
/qps/rest/2.0/delete/am/awsassetdataconnector/i
/qps/rest/2.0/get/am/awsassetdataconnector/<id> d> (POST)
(GET + POST) /qps/rest/2.0/delete/am/awsassetdataconnector
Filter (optional): (POST)
id (Integer)
Run AWS connector
Create AWS connector /qps/rest/2.0/run/am/awsassetdataconnector/<id
/qps/rest/2.0/create/am/awsassetdataconnector > (POST)
(POST) /qps/rest/2.0/run/am/awsassetdataconnector/<id
Optional: > (POST)
isGovCloudConfigured (Boolean)
AWS Authentication Record
Update AWS connector
/qps/rest/2.0/update/am/awsassetdataconnector/
Get details on AWS record
<id> (POST) /qps/rest/2.0/get/am/awsauthrecord/<id>
/qps/rest/2.0/update/am/awsassetdataconnector (GET + POST)
(POST)
Filter (optional):
Optional: id (Integer)
isGovCloudConfigured (Boolean)
Create AWS record
Search AWS connectors
/qps/rest/2.0/create/am/awsauthrecord (POST)
/qps/rest/2.0/search/am/awsassetdataconnector
(POST) Update AWS record
Filters: /qps/rest/2.0/update/am/awsauthrecord/<id>
id (long) (POST)
name (string)
lastSync (date) /qps/rest/2.0/update/am/awsauthrecord (POST)
lastError (date)

42
 Qualys API Quick Reference Guide
Asset Management & Tagging API

Search AWS records

/qps/rest/2.0/search/am/awsauthrecord (POST)
Filters:
id (long)
name (string)
description (string)
created (date)
modified (date)

Count AWS records

/qps/rest/2.0/count/am/awsauthrecord (POST)

Delete AWS record

/qps/rest/2.0/delete/am/awsauthrecord/id>
(POST)
/qps/rest/2.0/delete/am/awsauthrecord (POST)

43
Qualys API Quick Reference Guide
Continuous Monitoring API

Continuous Monitoring id (Integer)

eventType (Keyword - see Search above)
API ipAddress (Text)
hostname (Text)
Use these API calls to manage alerts, profiles, rule isHidden (Boolean)
sets, and rules to monitor your assets. eventDate (Date)
alertDate (Date)
Alerts | Profiles | Rulesets | Rules profileTitle (Text)
Looking for more information?
Qualys Continuous Monitoring API User Guide Profiles

Alerts Search profiles

/qps/rest/1.0/search/cm/profile (POST)
Search alerts Filters (optional):
/qps/rest/1.0/search/cm/alert (POST) id (Integer)
title (Text)
Filters (optional):
uuid (Integer)
id (Integer)
frequency (FREQ_NEVER, FREQ_5_MINUTES,
eventType (HOST_FOUND, HOST_UPDATED,
FREQ_20_MINUTES,FREQ_1_HR, FREQ_2_HRS,
HOST_PURGED, PORT_OPEN,
FREQ_6_HRS, FREQ_12_HRS,FREQ_WEEKLY,
PORT_CHANGED, PORT_CLOSED,
FREQ_DAILY)
SOFTWARE_ADDED, SOFTWARE_REMOVED,
isActive (Boolean)
SSL_NEW, SSL_EXPIRED, SSL_EXPIRY,
ruleSetTitle (Text)
TICKET_OPEN, TICKET_RESOLVED,
TICKET_CLOSED, VULN_OPEN,
VULN_CLOSED, VULN_REOPENED,
View details on an profile
VULN_ACTIVE, VULN_PREDICTION_ADDED, /qps/rest/1.0/get/cm/profile/<id> (GET, POST)
VULN_PREDICTION_CHANGED,
Required:
VULN_PREDICTION_CLOSED)
id (Integer) /profile ID
ipAddress (Text)
hostname (Text)
isHidden (Boolean) Rulesets
eventDate (Date)
alertDate (Date) Search rulesets
profileTitle (Text)
/qps/rest/1.0/search/cm/ruleset (POST)
View details on an alert Filters (optional):
id (Integer)
/qps/rest/1.0/get/cm/alert/<id> (GET, POST) title (Text)
Required: description (Text)
id (Integer) /alert ID dateCreated (Date)
dateUpdated (Date)
Download alerts
View details on a ruleset
/qps/rest/1.0/download/cm/alert (POST)
/qps/rest/1.0/get/cm/ruleset/<id> (GET, POST)
Required:
format (csv|cef) Required:
Filters (optional): id (Integer) /ruleset ID

44
 Qualys API Quick Reference Guide
Continuous Monitoring API

Rules
Search rules
/qps/rest/1.0/search/cm/rule (POST)
Filters (optional):
id (Integer)
ruleType (HOST, VULN, PORT, SSL, SW)

View details on a rule

/qps/rest/1.0/get/cm/rule/<id> (POST)
Required:
id (Integer) /rule ID

45
Qualys API Quick Reference Guide
Web Application Scanning API

Web Application Get details for a web application

Scanning API /qps/rest/3.0/get/was/webapp/<id> (GET)
Required:
Use these API calls to scan and report on web id (Integer) /web application ID
applications.
Create a web application
Web Application | Authentication | Scan | Schedule |
Option Profile | Report | Report Creation | Findings | /qps/rest/3.0/create/was/webapp (POST)
Burp
Required:
Looking for more information? name (Text)
Qualys Web Application Scanning API User Guide url (Text)
Optional:
Click here for WAS API User Guide
Web Application
Update a web application
Current web application count
/qps/rest/3.0/update/was/webapp/<id> (POST)
/qps/rest/3.0/count/was/webapp (GET + POST)
Required:
Filters (optional): id (Integer)
id (Integer) Optional:
name (Text) Click here for WAS API User Guide
url (Text)
tags.name (Text) Delete web applications
tags.id (Integer)
createdDate (Date) /qps/rest/3.0/delete/was/webapp/<id> (POST)
updatedDate (Date) /qps/rest/3.0/delete/was/webapp/<filters> (POST)
isScheduled (Boolean)
isScanned (Boolean) Required:
lastScan.status (SUBMITTED, RUNNING, id (Integer) /web application ID
FINISHED, CANCELED, ERROR) Filters (optional):
lastScan.date (Date) name (Text)
url (Text)
Search web applications tags.name (Text)
tags.id (Integer)
/qps/rest/3.0/search/was/webapp (POST) createdDate (Date)
Filters (optional): updatedDate (Date)
id (Integer) isScheduled (Boolean)
name (Text) isScanned (Boolean)
url (Text) lastScan.status (SUBMITTED, RUNNING,
tags.name (Text) FINISHED, CANCELED, ERROR)
tags.id (Integer) lastScan.date (Date)
createdDate (Date)
updatedDate (Date) Purge web applications
isScheduled (Boolean) /qps/rest/3.0/purge/was/webapp/<id> (POST)
isScanned Boolean)
lastScan.date (Date) /qps/rest/3.0/purge/was/webapp/<filters> (POST)
lastScan.status (SUBMITTED, RUNNING, Required:
FINISHED, CANCELED, ERROR) id (Integer) /web application ID

46
 Qualys API Quick Reference Guide
Web Application Scanning API

Filters (optional): lastScan.authStatus (NOT_USED,

name (Text) SUCCESSFUL, FAILED, PARTIAL)
url (Text) isUsed (Boolean)
tags.name (Text) contents (FORM_STANDARD,
tags.id (Integer) FORM_CUSTOM, FORM_SELENIUM,
createdDate (Date) SERVER_BASIC, SERVER_DIGEST)
updatedDate (Date)
isScheduled (Boolean) Get details for an authentication
isScanned (Boolean) record
lastScan.status (SUBMITTED, RUNNING,
FINISHED, CANCELED, ERROR) /qps/rest/3.0/get/was/webappauthrecord/<id>
lastScan.date (Date) (GET)
Required:
Authentication id (Integer) /Authentication record ID

Current authentication record count Create a new authentication record

/qps/rest/3.0/count/was/webappauthrecord /qps/rest/3.0/create/was/webappauthrecord
(POST)
(POST + GET)
Required:
Filters (optional): name (Text)
id (Integer) WebAuthRecord (Text)
name (Text) Optional:
tags (Integer) tags
tags.id (Integer) comments
tags.name (Text)
createdDate (Date)
Update an authentication record
updatedDate (Date)
lastScan.date (Date) /qps/rest/3.0/update/was/webappauthrecord/<id>
lastScan.authStatus (NOT_USED, (POST)
SUCCESSFUL, FAILED, PARTIAL)
Required:
isUsed (Boolean)
id (Integer) /Authentication record ID
contents (FORM_STANDARD,
FORM_CUSTOM, FORM_SELENIUM,
SERVER_BASIC, SERVER_DIGEST)
Delete authentication records
/qps/rest/3.0/delete/was/webappauthrecord/<id>
Search authentication records (POST)
/qps/rest/3.0/delete/was/webappauthrecord
/qps/rest/3.0/search/was/webappauthrecord
(POST)
(POST)
Filters (optional):
Filters (optional):
id (Integer)
id (Integer) name (Text)
name (Text) tags
tags (Integer) createdDate (Date)
tags.id (Integer) updatedDate (Date)
tags.name (Text) lastScan.date (Date)
createdDate (Date) lastScan.authStatus (Text)
updatedDate (Date) isUsed (Boolean)
lastScan.date (Date) contents

47
Qualys API Quick Reference Guide
Web Application Scanning API

Scan resultsStatus (NOT_USED, NO_HOST_ALIVE,

NO_WEB_SERVICE, PROCESSING,
Current scan count SCAN_RESULTS_INVALID,
TIME_LIMIT_REACHED, SERVICE_ERROR,
/qps/rest/3.0/count/was/wasscan (POST + GET) SCAN_INTERNAL_ERROR, SUCCESSFUL,
Filters (optional): TO_BE_PROCESSED)
id (Integer)
name (Text) Get scan details
webApp.name (Text)
/qps/rest/3.0/get/was/wasscan/<id> (GET)
webApp.id (Integer)
webApp.tags (with operator="NONE") Required:
webApp.tags.id (Integer) id (Integer) /Scan ID
reference (Text)
launchedDate (Date) Launch a new scan (single web
type (DISCOVERY, VULNERABILITY) application)
mode (MANUAL, SCHEDULED, API)
/qps/rest/3.0/launch/was/wasscan (POST)
status (SUBMITTED, RUNNING, FINISHED,
ERROR, CANCELED) Required:
authStatus (NONE, NOT_USED, name (Text)
SUCCESSFUL, FAILED, PARTIAL) target.webApp.id (Integer)
resultsStatus (NOT_USED, NO_HOST_ALIVE, type (DISCOVERY, VULNERABILITY)
NO_WEB_SERVICE, PROCESSING, profile.id (Integer) *
SCAN_RESULTS_INVALID, Optional:
TIME_LIMIT_REACHED, SERVICE_ERROR, target.scannerAppliance.type (EXTERNAL,
SCAN_INTERNAL_ERROR, SUCCESSFUL, INTERNAL, scannerTags)
TO_BE_PROCESSED) target.scannerAppliance.friendlyName (Text)
target.webAppAuthRecord.id (Integer) - or -
Search scans target.webAppAuthRecord.isDefault
(Boolean)
/qps/rest/3.0/search/was/wasscan (POST) options
Filters (optional): proxy.id (Integer)
id (Integer) dnsOverride.id (Integer)
name (Text) cancelOption set to DEFAULT - Forces the use
webApp.name (Text) of the target web app’s cancelScans option if
webApp.id (Integer) set, else fall back to the one passed in to the
webApp.tags (with operator="NONE") API while launching the scan
webApp.tags.id (Integer) cancelOption set to SPECIFIC - Always use the
reference (Text) cancel scan option passed while launching
launchedDate (Date) the scan
type (DISCOVERY, VULNERABILITY) sendMail (Boolean)
mode (MANUAL, SCHEDULED, API) Click here for WAS API User Guide
status (SUBMITTED, RUNNING, FINISHED,
ERROR, CANCELED) Notes: * The element profile (Text) is required
authStatus (NONE, NOT_USED, unless the target has a default option profile.
SUCCESSFUL, FAILED, PARTIAL)

48
 Qualys API Quick Reference Guide
Web Application Scanning API

Launch a new scan (multiple web Delete an existing scan

application)
/qps/rest/3.0/delete/was/wasscan/<id> (POST)
/qps/rest/3.0/launch/was/wasscan (POST)
/qps/rest/3.0/delete/was/wasscan (POST)
Required: Filters (optional):
name (Text)
id (Integer)
target.webApps.id (Integer) or target.tags.id
name (Text)
(Integer)
webApp.name (Text)
target.tags.included.option (ALL or ANY)1
webApp.id (Integer)
target.tags.included.tagList.Tag.id (Integer)1 reference (Text)
type (DISCOVERY or VULNERABILITY) launchedDate (Date)
profile.id (Integer) * type (DISCOVERY, VULNERABILITY)
Optional: mode (MANUAL, SCHEDULED, API)
target.authRecordOption status (SUBMITTED, RUNNING, FINISHED,
target.profileOption ERROR, CANCELED)
target.scannerOption authStatus (NONE, NOT_USED,
target.randomizeScan SUCCESSFUL, FAILED, PARTIAL)
Click here for WAS API User Guide
resultsStatus (NOT_USED, NO_HOST_ALIVE,
NO_WEB_SERVICE, PROCESSING,
Notes: * The element profile (Text) is required SCAN_RESULTS_INVALID,
unless the target has a default option profile. TIME_LIMIT_REACHED, SERVICE_ERROR,
1 The element target must have at least tags or SCAN_INTERNAL_ERROR, SUCCESSFUL,
web applications specified. TO_BE_PROCESSED)

Retrieve the status of a scan Schedule

/qps/rest/3.0/status/was/wasscan/<id> (GET)
Current schedule count
Required:
id (Integer) /Scan ID /qps/rest/3.0/count/was/wasscanschedule
(POST + GET)
Retrieve the results of a scan
Filters (optional):
/qps/rest/3.0/download/was/wasscan/<id> (GET) id (Integer)
/qps/rest/2.0/download/was/wasscan/<id> (GET) name (Text)
owner.id (Text)
Required: createdDate (Date)
id (Integer) /Scan ID updatedDate (Date)
type (DISCOVERY, VULNERABILITY)
Cancel an unfinished scan webApp.name (Text)
webApp.id (Integer)
/qps/rest/3.0/cancel/was/wasscan/<id> (POST)
webApp.tags (with operator="NONE")
Required: webApp.tags.id (Integer)
id (Integer) /Scan ID active (Boolean)
invalid (Boolean)

49
Qualys API Quick Reference Guide
Web Application Scanning API

Search schedules target.webAppAuthRecord.isDefault

(Boolean)
/qps/rest/3.0/search/was/wasscanschedule (POST) options
Filters (optional): proxy.id (Integer)
id (Integer) dnsOverride.id (Integer)
name (Text) cancelOption set to DEFAULT - Forces the use
owner.id of the target web app’s cancelScans option if
createdDate (Date) set, else fall back to the one passed in to the
active (Boolean) API while launching the scan
type (DISCOVERY, VULNERABILITY) cancelOption set to SPECIFIC - Always use the
webApp.name (Text) cancel scan option passed while launching
webApp.id (Integer) the scan
webApp.tags (with operator="NONE") sendMail (Boolean)
webApp.tags.id (Integer) Click here for WAS API User Guide
updatedDate (Date)
invalid (Boolean) Notes: * The element profile (Text) is required
lastScan (with operation="NONE") unless the target has a default option profile.
lastScan.launchedDate (Date)
lastScan.status (SUBMITTED, RUNNING, Create a schedule (multiple web
FINISHED, ERROR, CANCELED) application)
multi (Boolean)
/qps/rest/3.0/create/was/wasscanschedule (POST)
Get schedule details Required:
name (Text)
/qps/rest/3.0/get/was/wasscanschedule/<id> target.webApps.id (Integer) or target.tags.id
(GET) (Integer)
Required: target.tags.included.option (ALL or ANY)
id (Integer) /Scan ID target.tags.included.tagList.Tag.id (Integer)
type (DISCOVERY, VULNERABILITY)
Create a schedule (single web profile.id (Integer)*
application) startDate (Date)
timeZone (Text)
/qps/rest/3.0/create/was/wasscanschedule (POST) occurrenceType (ONCE, DAILY, WEEKLY,
Required: MONTHLY)
name (Text) notification (Boolean)
target.webApp.id (Integer) reschedule (Boolean)
type (DISCOVERY, VULNERABILITY) Optional:
profile.id (Integer)* target.authRecordOption
startDate (Date) target.profileOption
timeZone (Text) target.scannerOption
occurrenceType (ONCE, DAILY, WEEKLY, target.randomizeScan
MONTHLY) target.authRecordOption
notification (Boolean) target.scannerAppliance.type (EXTERNAL,
reschedule (Boolean) INTERNAL, scannerTags)
Optional: target.scannerAppliance.friendlyName (Text)
target.scannerAppliance.type (EXTERNAL, cancelOption set to DEFAULT - Forces the use
INTERNAL, scannerTags) of the target web app’s cancelScans option if
target.scannerAppliance.friendlyName (Text) set, else fall back to the one passed in to the
target.webAppAuthRecord.id (Integer) - or - API while launching the scan

50
 Qualys API Quick Reference Guide
Web Application Scanning API

cancelOption set to SPECIFIC - Always use the webApp.name (Text)

cancel scan option passed while launching owner.id (Integer)
the scan type (VULNERABILITY, DISCOVERY)
sendMail (Boolean) active (Boolean)
Click here for WAS API User Guide invalid (Boolean)
createdDate (Date)
Notes: * The element profile (Text) is required updatedDate (Date)
unless the target has a default option profile.
Delete one or more existing schedules
Update a schedule
/qps/rest/3.0/delete/was/wasscanschedule/<id>
/qps/rest/3.0/update/was/wasscanschedule/<id> (POST)
(POST)
/qps/rest/3.0/delete/was/wasscanschedule/<filter
Required: s> (POST)
id (Integer) /Schedule ID Required:
Optional:
id (Integer) /Schedule ID
Click here for WAS API User Guide
Filters (optional):
name (Text)
Activate an existing schedule webApp.id (Integer)
/qps/rest/3.0/update/was/wasscanschedule/<id> webApp.name (Text)
(POST) owner.id (Integer)
type (VULNERABILITY, DISCOVERY)
/qps/rest/3.0/activate/was/wasscanschedule/<filt active (Boolean)
ers> (POST) invalid (Boolean)
Required: createdDate (Date)
id (Integer) /Schedule ID updatedDate (Date)
Filters (optional):
name (Text) Download one or more schedules to
webApp.id (Integer) iCalendar
webApp.name (Text)
/qps/rest/3.0/download/was/wasscanschedule/<i
owner.id (Integer)
type (VULNERABILITY, DISCOVERY) d> (POST)
active (Boolean) /qps/rest/3.0/download/was/wasscanschedule/<fi
invalid (Boolean) lters> (POST)
createdDate (Date)
Filters (optional):
updatedDate (Date)
name (Text)
owner.id (Integer)
Deactivate an existing schedule createdDate (Date)
/qps/rest/3.0/update/was/wasscanschedule/<id> active (Boolean)
(POST) type (VULNERABILITY, DISCOVERY)
webApp.name (Text)
/qps/rest/3.0/deactivate/was/wasscanschedule/<f webApp.id (Integer)
ilters> (POST) updatedDate (Date)
Required: invalid (Boolean)
id (Integer) /Schedule ID
Filters (optional):
name (Text)
webApp.id (Integer)

51
Qualys API Quick Reference Guide
Web Application Scanning API

Option Profile Get details for an option profile

/qps/rest/3.0/get/was/optionprofile/<id> (GET)
Current option profile count
Required:
/qps/rest/3.0/count/was/optionprofile (POST + id (Integer) /Option profile ID
GET)
Filters (optional): Create a new option profile
id (Integer)
/qps/rest/3.0/create/was/optionprofile (POST)
name (Text)
tags Required:
tags.id (Integer) name (Text) /Option profile name
tags.name (Text)
createdDate (Date) Update an option profile
updatedDate (Date)
usedByWebApps (Boolean with operator: /qps/rest/3.0/update/was/optionprofile/<id>
EQUALS, NOT EQUALS) (POST)
usedBySchedules (Boolean with operator: Required:
EQUALS, NOT EQUALS) id (Integer) /Option profile ID
owner.id (Long with operator: EQUALS, IN,
NOT EQUALS, GREATER, LESSER) Delete an option profile
owner.name (text with operator: CONTAINS,
EQUALS, NOT EQUALS) /qps/rest/3.0/delete/was/optionprofile/<id>
owner.username (text with operator: (POST)
CONTAINS, EQUALS, NOT EQUALS) /qps/rest/3.0/delete/was/optionprofile (POST)
Optional:
Search option profiles name (Text)
/qps/rest/3.0/search/was/optionprofile (POST) owner (Text)
tags
Filters (optional): createdDate (Date)
id (Integer) updatedDate (Date)
name (Text) usedByWebApps (Boolean)
tags usedBySchedules (Boolean)
tags.id (Integer)
tags.name (Text)
createdDate (Date) Report
updatedDate (Date)
usedByWebApps (Boolean with operator: Current report count
EQUALS, NOT EQUALS)
/qps/rest/3.0/count/was/report (GET, POST)
usedBySchedules (Boolean with operator:
EQUALS, NOT EQUALS) Filters (optional):
owner.id (Long with operator: EQUALS, IN, id (Integer)
NOT EQUALS, GREATER, LESSER) name (Text)
owner.name (text with operator: CONTAINS, tags.id (Integer)
EQUALS, NOT EQUALS) tags.name (Text)
owner.username (text with operator: CONTAINS, creationDate (Date)
EQUALS, NOT EQUALS)

52
 Qualys API Quick Reference Guide
Web Application Scanning API

type (WAS_SCAN_REPORT, Update a report

WAS_WEBAPP_REPORT,
WAS_SCORECARD_REPORT, /qps/rest/3.0/update/was/report/<id> (POST)
WAS_CATALOG_REPORT, Required:
DATALIST_REPORT) id (Integer) /report ID
format (HTML_ZIPPED, HTML_BASE64, PDF, tags (Text)
PDF_ENCRYPTED, CSV, XML, POWERPOINT, showPatched (applies to Web App Report,
WORD) Scan Report only - SHOW_BOTH (is default),
status (RUNNING, ERROR, COMPLETE) SHOW_ONLY, SHOW_NONE)

Search reports Delete one or more reports

/qps/rest/3.0/search/was/report (POST) /qps/rest/3.0/delete/was/report/<id> (POST)
Filters (optional): /qps/rest/3.0/delete/was/report/<filters> (POST)
id (Integer)
Required:
name (Text)
id (Integer) /web application ID
tags.id (Integer)
Filters (optional):
tags.name (Text)
name (Text)
creationDate (Date)
tags.id (Integer)
type (Keyword)
tags.name (Text)
format (Keyword)
creationDate (Date)
status (Keyword
type (Keyword)
format (Keyword)
Get details on a report status (Keyword)
/qps/rest/3.0/get/was/report/<id> (GET, POST)
Required: Report Creation
id (Integer) /report ID
Report Creation Request
Get report status /qps/rest/3.0/create/was/report (POST)
/qps/rest/3.0/status/was/report/<id> (GET, POST) name (Text)
Required: type (WAS_SCAN_REPORT,
id (Integer) /report ID WAS_WEBAPP_REPORT,
WAS_SCORECARD_REPORT,
Download a report WAS_CATALOG_REPORT)
format (HTML_ZIPPED, HTML_BASE64, PDF,
/qps/rest/3.0/download/was/report/<id> (GET, PDF_ENCRYPTED, CSV, XML, POWERPOINT)
POST) tags.id (Integer)
Required: tags.name (Text)
id (Integer) /report ID password (Text)
distributionList (*)
config (one and only one subelement is
Send an encrypted PDF report
required: webAppReport, scanReport,
/qps/rest/3.0/send/was/report/<id> (POST) catalogReport, scorecardReport)
Required:
Notes: (*) indicates data type.
id (Integer) /report ID
distributionList (Text)

53
Qualys API Quick Reference Guide
Web Application Scanning API

Web Application Report target.scannerTags.set.Tag.id (Integer)

target.tags.excluded.option (ALL or ANY)
target.tags (Tag) target.tags.excluded.tagList.Tag.id (Integer)
target.tags.included.option (ALL or ANY)1 display.contents (ScorecardReportContent)*
target.tags.included.tagList.Tag.id (Integer)1 display.graphs (ScorecardReportGraph)*
target.webapps (WebApp)* display.groups (ScorecardReportGroup)*
filters.searchlists (SearchList)* display.options (rawLevels)*
filters.url (Text)
filters.status (WebAppFindingStatus)* Notes: (*) indicates data type.
filters.remediation*
showPatched (SHOW_ONLY, SHOW_NONE, 1 The element target must have at least tags or
SHOW_BOTH - default) web applications specified
target.scannerTags.set.Tag.id (Integer)
target.tags.excluded.option (ALL or ANY) Catalog Report
target.tags.excluded.tagList.Tag.id (Integer)
filters.scanDate (DatetimeRange)*
display.contents (WebAppReportContent)*
filters.url (Text)
display.graphs (WebAppReportGraph)*
filters.ip (Text)
display.groups (WebAppReportGroup)*
filters.os (Text)
display.options (rawLevels)*
filters.status (EntryStatus)*
display.contents (WebAppReportContent)*
Notes: (*) indicates data type.
display.graphs (WebAppReportGraph)*
1 The element target must have at least tags or display.groups (WebAppReportGroup)*
web applications specified. display.options (rawLevels)*

Scan Report Notes: (*) indicates data type.

target.scans (WasScan)*
Report Template Count
filters.searchlists (SearchList)*
filters.url (Text) qps/rest/3.0/count/was/reporttemplate (POST)
filters.status (ScanFindingStatus)*
id (Integer)
filters.remediation (*)
name (Text)
showPatched (SHOW_ONLY, SHOW_NONE,
type (Text)
SHOW_BOTH - default)
display.contents (ScanAppReportContent)*
display.graphs (ScanAppReportGraph)*
Search Report Template
display.groups (ScanAppReportGroup)* qps/rest/3.0/search/was/reporttemplate (POST)
display.options (rawLevels)*
id (Integer)
name (Text)
Notes: (*) indicates data type.
type (Text)
Scorecard Report Get details of Report Template
target.tags (Tag)*
qps/rest/3.0/get/was/reporttemplate/<id> (GET)
target.tags.included.option (ALL or ANY)1
target.tags.included.tagList.Tag.id (Integer)1 Required:
filters.searchlists (SearchList)* id (Integer) /report template ID
filters.scanDate (DatetimeRange)*
filters.scanStatus
(WasScanConsolidatedStatus)*
filters.scanAuthStatus (WasScanAuthStatus)*

54
 Qualys API Quick Reference Guide
Web Application Scanning API

Findings webApp.id (Integer)

webApp.name (Text)
Current finding count severity (Integer)
externalRef (String)
/qps/rest/3.0/count/was/finding (POST) ignoredDate (Date)
Filters (optional): ignoredReason (FALSE_POSITIVE,
id (Integer) RISK_ACCEPTED or NOT_APPLICABLE)
qid (Integer) group (Keyword: XSS, SQL, INFO, PATH, CC,
name (Text) SSN_US or CUSTOM)
type (VULNERABILITY, SENSITIVE_CONTENT, owasp.name (Text)
or INFORMATION_GATHERED) owasp.code (Integer)
url (Text) wasc.name (Text)
webApp.tags.id (Integer) wasc.code (Integer)
webApp.tags.name (Text) cwe.id (Integer)
status (NEW, ACTIVE or REOPENED) firstDetectedDate (Date)
patch (Integer-Long) lastDetectedDate (Date)
webApp.id (Integer) lastTestedDate (Date)
webApp.name (Text) timesDetected (Integer)
severity (Integer)
externalRef (String) Get details on a finding
ignoredDate (Date)
/qps/rest/3.0/get/was/finding/<id> (GET, POST)
ignoredReason (FALSE_POSITIVE,
RISK_ACCEPTED or NOT_APPLICABLE) Required:
group (XSS, SQL, INFO, PATH, CC, SSN_US or id (Integer) /finding ID
CUSTOM)
owasp.name (Text) Ignore findings
owasp.code (Integer)
/qps/rest/3.0/ignore/was/finding (POST)
wasc.name (Text)
wasc.code (Integer) Filters:
cwe.id (Integer) id (Integer)
firstDetectedDate (Date) qid (Integer)
lastDetectedDate (Date) name (Text)
lastTestedDate (Date) type (VULNERABILITY, SENSITIVE_CONTENT,
timesDetected (Integer) or INFORMATION_GATHERED)
url (Text)
Search findings webApp.tags.id (Integer)
webApp.tags.name (Text)
/qps/rest/3.0/search/was/finding (POST) status (NEW, ACTIVE or REOPENED)
Filters (optional): webApp.id (Integer)
id (Integer) webApp.name (Text)
qid (Integer) severity (Integer)
name (Text) ignoredDate (Date)
type (VULNERABILITY, SENSITIVE_CONTENT, ignoredReason (FALSE_POSITIVE,
or INFORMATION_GATHERED) RISK_ACCEPTED or NOT_APPLICABLE)
url (Text) group (Keyword: XSS, SQL, INFO, PATH, CC,
webApp.tags.id (Integer) SSN_US or CUSTOM)
webApp.tags.name (Text) owasp.name (Text)
status (NEW, ACTIVE or REOPENED) owasp.code (Integer)
patch (Integer-Long) wasc.name (Text)

55
Qualys API Quick Reference Guide
Web Application Scanning API

wasc.code (Integer) new Severity level {1, 2, 3, 4, 5} (Integer)

cwe.id (Integer) comments (Text)
firstDetectedDate (Date)
lastDetectedDate (Date) Restore findings severity
lastTestedDate (Date)
timesDetected (Integer) /qps/rest/3.0/restoreSeverity/was/finding<id>
(POST)
Activate findings Required:
id (Integer)
/qps/rest/3.0/activate/was/finding/<id> (POST)
/qps/rest/3.0/activate/was/finding/<findings> Retest findings
(POST)
/qps/rest/3.0/retest/was/finding/<id>
Filters:
id (Integer) /qps/rest/3.0/retest/was/finding/<findings>
qid (Integer) (POST)
name (Text)
Required:
type (VULNERABILITY, SENSITIVE_CONTENT,
id (Integer)
or INFORMATION_GATHERED)
url (Text)
webApp.tags.id (Integer)
webApp.tags.name (Text) Burp
status (NEW, ACTIVE or REOPENED)
webApp.id (Integer) Import Burp Scan Reports
webApp.name (Text)
/qps/rest/3.0/import/was/burp (POST)
severity (Integer)
ignoredDate (Date) Required:
ignoredReason (FALSE_POSITIVE, webAppId (Integer)
RISK_ACCEPTED or NOT_APPLICABLE) Burp Scanner Report in XML format
group (XSS, SQL, INFO, PATH, CC, SSN_US or Optional:
CUSTOM) purgeResults (Boolean)
owasp.name (Text) closeUnreportedIssues (Boolean)
owasp.code (Integer) fileName (String)
wasc.name (Text)
wasc.code (Integer)
cwe.id (Integer)
firstDetectedDate (Date)
lastDetectedDate (Date)
lastTestedDate (Date)
timesDetected (Integer)

Edit findings severity

/qps/rest/3.0/editSeverity/was/finding/<id>
(POST)
/qps/rest/3.0/editSeverity/was/finding/<findings>
(POST)
Filters:
id (Integer)

56
 Qualys API Quick Reference Guide
Web Application Firewall API

Web Application Firewall webServername (Text)

webServerTimeout (Long)
API certificate.id (Long)
certificate.uuid (UUID)
Use these API calls to manage web applications, certificate.name (Text)
clusters, and appliances. status
deployed (Date)
Web Applications | Web Servers | Healthchecks| SSL synced (Date)
Certificates | Custom Response Pages | Security blockingMode (Boolean)
Policies | HTTP Profiles | Custom Rules| Clusters | createdBy.id (Long)
Appliances createdBy.username (Text)
Looking for more information? createdBy.firstname (Text)
createdBy.lastname (Text)
Qualys Web Application Firewall API User Guide
updatedBy.id (Long)
updatedBy.username (Text)
Web Applications updatedBy.firstname (Text)
updatedBy.lastname (Text)
Current web application count custompage.id (Long)
customPage.uuid (UUID)
/qps/rest/2.0/count/waf/webapp/ (GET)
customPage.name (Text)
securityPolicy.id (Long)
Get details on a web application securityPolicy.uuid (UUID)
/qps/rest/2.0/get/waf/webapp/<id> (GET) securityPolicy.name (Text)
httpProfile.id (Long)
Required: httpProfile.uuid (UUID)
id (Integer) /web application ID httpProfile.name (Text)
sslEnabled (Boolean)
Search web applications clusters.cluster.id (Long)
/qps/rest/2.0/search/waf/webapp/ (POST) clusters.cluster.name (Text)
clusters.cluster.uuid (UUID)
Filters (optional): persistencyEnabled (Boolean)
id (Long) scanTrustEnabled (Boolean)
uuid (UUID)
name (Text) Create web application
url (Text)
tags.tag.id (Long) /qps/rest/2.0/create/waf/webapp (POST)
tags.tag.name (Text) Required:
owner.id (Text) name (Text)
owner.username (Text) url (Text)
owner.lastname (Text) webServer.id (Long)
created (Date) securityPolicy.id (Long)
updated (Date) httpProfile.id (Long)
urls.value (Text) updateSchedule.enabled (Boolean)
healthcheck.id (Long) Optional:
healthcheck.uuid (UUID) Click here for WAF API User Guide
healthcheck.name (Text)
failureResponseCode (Long)
webServer.id (Long)
weberver.uuid (UUID)

57
Qualys API Quick Reference Guide
Web Application Firewall API

Update web application Web Servers

/qps/rest/2.0/update/waf/webapp/<id> (POST)
Current web server count
/qps/rest/2.0/update/waf/webapp (POST)
/qps/rest/2.0/count/waf/webserver/ (GET)
Optional:
name (Text)
Get details on a web server
url (Text)
webServer.id (Long) /qps/rest/2.0/get/waf/webserver/<id> (GET)
webServerTimeout (Long)
Required:
securityProfile.id (Long)
id (Integer) /web server ID
httpProfile.id (Long)
persistencyEnabled (Boolean)
persistencyToken
Search web servers
healthcheck.id (Long) /qps/rest/2.0/search/waf/webserver/ (POST)
failureResponseCode (Long)
Filters (optional):
certificate.id (Long)
id (Long)
sslProtocols (Text)
uuid (UUID)
sslCiphers (Text)
name (Text)
blockingMode (Boolean)
description (Text)
customPage.id (Long)
loadBalancingAlgorithm (Text)
scanTrustEnabled (Boolean)
addresses.url (Text)
customRules.CustomRule.id (Long)
addresses.weight (Integer)
clusters.cluster.id (Long)
owner.id (Long)
lastComment (Text)
owner.username (Text)
updateSchedule.enabled (Boolean)
owner.firstname (Text)
updateSchedule.weekDays (Text)
owner.lastname (Text)
updateSchedule.startTime (Integer)
created (Date)
updateSchedule.timezone.code (Text)
updated (date)
updateSchedule.timezone.offset (Text)
createdBy.id (Long)
updateSchedule.freezeEndDate (Date)
createdBy.username (Text)
urls
createdBy.firstname (Text)
urls.string (text
createdBy.lastname (Text)
tags
updatedBy.id (Long)
Click here for WAF API User Guide
updatedBy.username (Text)
updatedBy.firstname (Text)
Delete web application updatedBy.lastname (Text)
/qps/rest/2.0/delete/waf/webapp/<id> (POST) tags.tag.id (Long)
tags.tag.name (Text)
Required: webApps.webApp.id (Long)
id (Long) /web application ID webApps.webApp.uuid (UUID)
webApps.webApp.name (Text)
Delete web applications (bulk)
/qps/rest/2.0/delete/waf/webapp (POST)
Filters (optional):
see Search web applications

58
 Qualys API Quick Reference Guide
Web Application Firewall API

Create web server Healthchecks

/qps/rest/2.0/create/waf/webserver (POST)
Current healthcheck count
Required:
name (Text) /qps/rest/2.0/count/waf/healthcheck/ (GET)
loadBalancingAlgorithm (Text)
addresses.WebServerAddresses Get details on a healthcheck
Optional:
/qps/rest/2.0/get/waf/healthcheck/<id> (GET)
description (Text)
tags Required:
tags.tag.id (Long) id (Integer) /healthcheck ID
tags.tag.name (Text)
Search healthchecks
Update web server /qps/rest/2.0/search/waf/healthcheck/ (POST)
/qps/rest/2.0/update/waf/webserver/<id> (POST) Filters (optional):
/qps/rest/2.0/update/waf/webserver (POST) id (Long)
uuid (UUID)
Optional:
name (Text)
name (Text) description (Text)
description (Text) lmethod
loadBalancingAlgorithm (Text) path (Text)
addresses.WebServerAddress expectedResponseCode (Long)
tags intervalUp (Long)
intervalDown (Long)
Delete web server intervalFlapping (Long)
/qps/rest/2.0/delete/waf/webserver/<id> (POST) nbSuccessesUp (Long)
nbFailuresDown (Long)
Required: timeout (Long)
id (Long) /web server ID owner.id (Long)
owner.username (Text)
Delete web server (bulk) owner.firstname (Text)
/qps/rest/2.0/delete/waf/webserver (POST) created (Date)
updated (Date)
Filters (optional): createdBy.id (Long)
see Search web servers createdBy.username (Text)
createdBy.firstname (Text)
createdBy.lastname (Text)
updatedBy.id (Long)
updatedBy.username (Text)
updatedBy.firstname (Text)
updatedBy.lastname (Text)
tags.tag.id (Long)
tags.tag.name (Text)
webApps.webApp.id (Long)
webApps.webApp.uuid (UUID)
webApps.webApp.name (Text)

59
Qualys API Quick Reference Guide
Web Application Firewall API

Create healthcheck SSL Certificates

/qps/rest/2.0/create/waf/healthcheck (POST)
Current SSL certificates count
Required:
name (Text) /qps/rest/2.0/count/waf/certificate/ (GET)
method
path (Text) Get details on SSL certificate
loadBalancingResponseCode (Long)
/qps/rest/2.0/get/waf/certificate/<id> (GET)
intervalUp (Long)
intervalDown (Long) Required:
intervalFlapping (Long) id (Integer) /SSL certificate ID
nbSuccessesUp (Long)
nbFailuresDown (Long) Search SSL certificates
timeout (Long)
/qps/rest/2.0/search/waf/certificate/ (POST)
Optional:
description (Text) Filters (optional):
tags id (Long)
tags.tag.id (Long) uuid (UUID)
tags.tag.name (Text) name (Text)
description (Text)
Update healthcheck owner.id (Long)
owner.username (Text)
/qps/rest/2.0/update/waf/healthcheck/<id> owner.firstname (Text)
(POST) created (Date)
/qps/rest/2.0/update/waf/healthcheck (POST) updated (Date)
Optional: createdBy.id (Long)
name (Text) createdBy.username (Text)
description (Text) createdBy.firstname (Text)
method createdBy.lastname (Text)
path (Text) updatedBy.id (Long)
expectedResponseCode (Long) updatedBy.username (Text)
intervalUp (Long) updatedBy.firstname (Text)
intervalDown (Long) updatedBy.lastname (Text)
nbSuccessesUp (Long) tags.tag.id (Long)
nbFailuresDown (Long) tags.tag.name (Text)
timeout (Long) webApps.webApp.id (Long)
tags webApps.webApp.uuid (UUID)
webApps.webApp.name (Text)
Delete healthcheck
Create SSL certificate
/qps/rest/2.0/delete/waf/healthcheck/<id> (POST)
/qps/rest/2.0/create/waf/certificate (POST)
Required:
id (Long) /healthcheck ID Required:
name (Text)
Delete healthcheck (bulk) passphrase (Text)
token (Text)
/qps/rest/2.0/delete/waf/healthcheck (POST) Optional:
Filters (optional): description (Text)
see Search healthchecks pkcs12 (Text)

60
 Qualys API Quick Reference Guide
Web Application Firewall API

certificate (Text) Filters (optional):

privateKey (Text) id (Long)
chain (Text) uuid (UUID)
tags name (Text)
tags.tag.id (Long) description (Text)
tags.tag.name (Text) body (Text)
owner.id (Long)
Update SSL certificate owner.username (Text)
owner.firstname (Text)
/qps/rest/2.0/update/waf/certificate/<id> (POST) created (Date)
/qps/rest/2.0/update/waf/certificate (POST) updated (Date)
createdBy.id (Long)
Optional:
createdBy.username (Text)
name (Text)
createdBy.firstname (Text)
description (Text)
createdBy.lastname (Text)
pkcs12 (Text)
updatedBy.id (Long)
certificate (TextO
updatedBy.username (Text)
privateKey (Text)
updatedBy.firstname (Text)
passphrase (Text)
updatedBy.lastname (Text)
token (Text)
tags.tag.id (Long)
chain (Text)
tags.tag.name (Text)
tags
webApps.webApp.id (Long)
webApps.webApp.uuid (UUID)
Delete SSL certificate webApps.webApp.name (Text)
/qps/rest/2.0/delete/waf/certificate/<id> (POST)
Required:
Create custom response page
id (Long) /SSL certificate ID /qps/rest/2.0/create/waf/custompage (POST)
Required:
Delete SSL certificate (bulk) name (Text)
/qps/rest/2.0/delete/waf/certificate (POST) body (Text)
Optional:
Filters (optional):
description (Text)
see Search SSL certificates tags
tags.tag.id (Long)
Custom Response Pages tags.tag.name (Text)

Current custom response page count Update custom response page

/qps/rest/2.0/count/waf/custompage/ (GET) /qps/rest/2.0/update/waf/custompage/<id>
(POST)
Get details on custom response page /qps/rest/2.0/update/waf/custompage (POST)
/qps/rest/2.0/get/waf/custompage/<id> (GET) Optional:
Required: name (Text)
id (Integer) /custom response page ID description (Text)
body (Text)
Search custom response pages tags

/qps/rest/2.0/search/waf/custompage/ (POST)

61
Qualys API Quick Reference Guide
Web Application Firewall API

Delete custom response page webApps.webApp.uuid (UUID)

webApps.webApp.name (Text)
/qps/rest/2.0/delete/waf/custompage/<id> (POST)
Required: Create security policy
id (Long) /custom response page ID
/qps/rest/2.0/create/waf/securitypolicy (POST)
Delete custom response page (bulk) Required:
name (Text)
/qps/rest/2.0/delete/waf/custompage (POST) Optional:
Filters (optional): description (Text)
see Search custom response pages applicationSecurity (Keyword)
threatLevel.loggingThreshold (Integer)
threatLevel.blockingThreshold (Integer)
Security Policies tags
tags.tag.id (Long)
Current security policy count tags.tag.name (Text)
/qps/rest/2.0/count/waf/securitypolicy/ (GET)
Update security policy
Get details on security policy /qps/rest/2.0/update/waf/securitypolicy/<id>
/qps/rest/2.0/get/waf/securitypolicy/<id> (GET) (POST)
Required: /qps/rest/2.0/update/waf/securitypolicy (POST)
id (Integer) /security policy ID Optional:
id (Integer)
Search security policies name (Text)
/qps/rest/2.0/search/waf/securitypolicy/ (POST) description (Text)
applicationSecurity (Keyword)
Filters (optional): threatLevel.loggingThreshold (Integer)
id (Long) threatLevel.blockingThreshold (Integer)
uuid (UUID) tags
name (Text)
description (Text) Delete security policy
system (Integer)
owner.id (Long) /qps/rest/2.0/delete/waf/securitypolicy/<id>
owner.username (Text) (POST)
owner.firstname (Text) Required:
created (Date) id (Long) /security policy ID
updated (Date)
createdBy.id (Long)
Delete security policy (bulk)
createdBy.username (Text)
createdBy.firstname (Text) /qps/rest/2.0/delete/waf/securitypolicy (POST)
createdBy.lastname (Text)
Filters (optional):
updatedBy.id (Long)
see Search security policies
updatedBy.username (Text)
updatedBy.firstname (Text)
updatedBy.lastname (Text)
tags.tag.id (Long)
tags.tag.name (Text)
webApps.webApp.id (Long)

62
 Qualys API Quick Reference Guide
Web Application Firewall API

HTTP Profiles requestContentType.allowAll -or-

requestContentType.denyAll
Current HTTP profile count detectProtocolAnomalies (Boolean)
serverCloacking
/qps/rest/2.0/count/waf/httpprofile/ (GET) serverCloaking.value (Text)
suppressSensitiveHeaders (Boolean)
Get details on HTTP profile onErrorMessages (Keyword)
onSensitiveFileTypes (Keyword)
/qps/rest/2.0/get/waf/httpprofile/<id> (GET)
cookieProtection
Required: discourageContentTypeSniffing (Boolean)
id (Integer) /HTTP profile ID forceDefaultContentType (Keyword)
forceDefaultContentType.value (Text)
Search HTTP profiles forceDefaultCharacterEncoding
forceDefaultCharacterEncoding.value (Text)
/qps/rest/2.0/search/waf/httpprofile/ (POST) contentSecurityPolicyHeader
Filters (optional): contentSecurityPolicyHeader.value (Text)
id (Long) discourageClickjacking
uuid (UUID) browserXSSPProtection
name (Text) webServiceProtection.xmlParsing.enabled
description (Text) (Boolean)
system (Integer) webServiceProtection.jsonParsing.enabled
owner.id (Long) (Boolean)
owner.username (Text)
owner.firstname (Text) Optional:
created (Date) description (Text)
updated (Date) requestMethod.allowAll.detectInvalid
createdBy.id (Long) (Boolean)
createdBy.username (Text) requestMethod.allowA..DetectTraceTrack
createdBy.firstname (Text) (Boolean)
createdBy.lastname (Text) requestHeader.detectInvalid (Boolean)
updatedBy.id (Long) requestHeader.detectRepeated (Boolean)
updatedBy.username (Text) requestHeader.detectChunked (Boolean)
updatedBy.firstname (Text) requestContentType.allowAll.detectFileUploa
updatedBy.lastname (Text) ds (Boolean)
tags.tag.id (Long) serverCloaking.enabled (Boolean)
tags.tag.name (Text) cookieProtection.type
webApps.webApp.id (Long) cookieProtection.value (Text)
webApps.webApp.uuid (UUID) forceDefaultContentType.enabled (Boolean)
webApps.webApp.name (Text) forceDefaultCharacterEncoding.type
(Keyword)
Create HTTP profile contentSecurityPolicyHeader.enabled
(Boolean)
/qps/rest/2.0/create/waf/httpprofile (POST) webServiceProtection.xmlParsing.size
Required: (Integer)
name (Text) webServiceProtection.xmlParsing.items
requestMethod.allowAll -or- (Integer)
requestMethod.denyAll webServiceProtection.xmlParsing.level
requestHeader (Integer)

63
Qualys API Quick Reference Guide
Web Application Firewall API

webServiceProtection.jsonParsing.size description (Text)

(Integer) owner.id (Long)
webServiceProtection.jsonParsing.items owner.username (Text)
(Integer) owner.firstname (Text)
webServiceProtection.jsonParsing.level created (Date)
(Integer) updated (Date)
tags createdBy.id (Long)
tags.tag.id (Long) createdBy.username (Text)
tags.tag.name (Text) createdBy.firstname (Text)
createdBy.lastname (Text)
Update HTTP profile updatedBy.id (Long)
updatedBy.username (Text)
/qps/rest/2.0/update/waf/httpprofile/<id> (POST) updatedBy.firstname (Text)
/qps/rest/2.0/update/waf/httpprofile (POST) updatedBy.lastname (Text)
tags.tag.id (Long)
Optional:
tags.tag.name (Text)
see Create HTTP profile
Create custom rule
Delete HTTP profile
/qps/rest/2.0/create/waf/customrule (POST)
/qps/rest/2.0/delete/waf/httpprofile/<id> (POST)
Required:
Required:
name (Text)
id (Long) /HTTP profile ID
conditions
action
Delete HTTP profile (bulk) Optional:
/qps/rest/2.0/delete/waf/httpprofile (POST) description (Text)
tags
Filters (optional):
tags.tag.id (Long)
see Search HTTP profiles
tags.tag.name (Text)

Custom Rules Update custom rule

Current custom rule count /qps/rest/2.0/update/waf/customrule/<id> (POST)
/qps/rest/2.0/update/waf/customrule (POST)
/qps/rest/2.0/count/waf/customrule (GET)
Optional:
Get details on custom rule name (Text)
description (Text)
/qps/rest/2.0/get/waf/customrule/<id> (GET) conditions
Required: action
id (Integer) /custom rule ID tags

Search custom rules Delete custom rule

/qps/rest/2.0/search/waf/customrule/ (POST) /qps/rest/2.0/delete/waf/customrule/<id> (POST)
Filters (optional): Required:
id (Long) id (Long) /custom rule ID
uuid (UUID)
name (Text)

64
 Qualys API Quick Reference Guide
Web Application Firewall API

Delete custom rule (bulk) errorResponse.customPage.uuid (UUID)

errorResponse.redirect.url (TextO
/qps/rest/2.0/delete/waf/customrule (POST) errorResponse.redirect.status (Long)
Filters (optional): appliances.appliance.id. (Long)
see Search custom response pages appliances.appliance.uuid. (UUID)
appliances.appliance.name (Text)
webApps.webApp.id (Long)
Clusters webApps.webApp.uuid (UUID)
webApps.webApp.name (Text)
Current cluster count trustedIPs.string (Text)
/qps/rest/2.0/count/waf/cluster (GET)
Create cluster
Get details on clusters /qps/rest/2.0/create/waf/cluster (POST)
/qps/rest/2.0/get/waf/cluster/<id> (GET) Required:
Required: name (Text)
id (Integer) /cluster ID Optional:
Click here for WAF API User Guide
Search clusters
Update cluster
/qps/rest/2.0/search/waf/cluster (POST)
/qps/rest/2.0/update/waf/cluster/<id> (POST)
Filters (optional):
id (Long) /qps/rest/2.0/update/waf/cluster (POST)
uuid (UUID) Optional:
name (Text) name (Text)
description (Text) description (Text)
tags.tag.id (Long) errorResponse
tags.tag.name (Text) errorResponse.block
owner.id (Long) errorResponse.redirect.url (Text)
owner.username (Text) errorResponse.redirect.status (Long)
owner.firstname (Text) errorResonse.customPage.id (Long)
owner.lastname (Text) errorResponse.customPage.uuid (UUID)
created (Date) errorResponse.customPage.name (Text)
updated (Date) tags
createdBy.id (Long) trustedIPs.string (Text)
createdBy.username (Text)
createdBy.firstname (Text)
Delete cluster
createdBy.lastname (Text)
updatedBy.id (Long) /qps/rest/2.0/delete/waf/cluster/<id> (POST)
updatedBy.username (Text)
Required:
updatedBy.firstname (Text)
id (Integer) /cluster ID
updatedBy.lastname (Text)
token (Text)
syncDate (Date)
Delete clusters (bulk)
status (Text) /qps/rest/2.0/delete/waf/cluster (POST)
deploymentStatus (Text)
Filters (optional):
deployed (Date)
see Search clusters
errorResponse.action
errorResponse.customPage.id (Long)

65
Qualys API Quick Reference Guide
Web Application Firewall API

Appliances Delete appliance

/qps/rest/2.0/delete/waf/appliance/<id> (POST)
Current appliance count
Required:
/qps/rest/2.0/count/waf/appliance (GET) id (Long) /appliance ID

Get details on appliance

/qps/rest/2.0/get/waf/appliance/<id> (GET)
Required:
id (Integer) /appliance ID

Search appliances
/qps/rest/2.0/search/waf/appliance (POST)
Optional:
id (Long)
uuid (UUID)
name (Text)
hostname (Text)
lastPollDate
applianceCreated
applianceVersion (Text)
status (Long)
pollStatus
heartbeatGenerated
heartbeatProcessed
systemOs (Text)
systemRam (Long)
systemType (Text)
systemEc2InstanceId (Text)
systemEc2InstanceType (Text)
systemEc2AmiId (Text)
systemCpusCount (Long)
systemCpusCores (Long)
systemCpusSpeed (Float)
systemCpusModel (Text)
configRulesVersion (Text)
configVersion (Text)
configGenerated
ip (Text)
cluster.id (Long)
cluster.uuid (UUID)
cluster.name (Text)

66
 Qualys API Quick Reference Guide
Malware Detection API

Malware Detection API

Use these API calls to get information about
malware detections.
Malware Detections
Looking for more information?
Qualys Malware Detection API User Guide

Malware Detections
Current malware detections
/qps/rest/1.0/download/md/detection (POST)
Required:
format (csv|cef)
Filters (optional):
id (Integer)
qid (Integer)
url (Text)
type (Keyword ie BEHAVIORAL)
showDeactivatedSite (Boolean)
severity (Keyword i.e. HIGH)

Search malware detections

/qps/rest/1.0/search/md/detection (POST)
Filters:
id (Integer)
qid (Integer)
type (Keyword ie BEHAVIORAL)
showDeactivatedSite (Boolean)
severity (Keyword i.e. HIGH)

Get details on malware detection

/qps/rest/1.0/get/md/detection/<id> (GET, POST)
Required:
id (Integer) /malware detection ID

67
Qualys API Quick Reference Guide
Security Assessment Questionnaire API

Security Assessment tags.tag.name (Text)

Questionnaire API Create user

/qps/rest/1.0/create/saq/user/ (POST)
Use these API calls to manage SAQ users and
templates. Required:
firstName (Text)
SAQ users | SAQ templates lastName (Text)
Looking for more information? company (Text)
emailAddress (Text)
Qualys Security Assessment Questionnaire API User
Optional:
Guide
title (Text)
tags (List)
SAQ users tags.tag.id (Integer
tags.tag.name (Text))
Current user count
/qps/rest/1.0/count/saq/user/ (GET, POST) Update user
Filters (optional): /qps/rest/1.0/update/saq/user/<id> (POST)
id (Integer) /user ID /qps/rest/1.0/update/saq/user/ (POST)
uuid (Integer)
firstName (Text) Required to update single user:
lastName (Text) id (Integer) /user ID
company (Text) Optional:
title (Text) firstName (Text)
emailAddress (Text) lastName (Text)
userName (Text) company (Text)
tags.tag.id (Text) emailAddress (Text)
tags.tag.name (Text) title (Text)
tags (List)
tags.tag.id (Integer
Get details on user
tags.tag.name (Text))
/qps/rest/1.0/get/saq/user/ <id> (GET) Optional for bulk update:
Required: id (Integer)
uuid (Integer)
id (Integer) /user ID

Search users Delete user

/qps/rest/1.0/delete/saq/user/<id> (POST)
/qps/rest/1.0/search/saq/user/ (POST)
Required:
Filters (optional):
id (Integer) /user ID id (Long) /user ID
uuid (Integer)
firstName (Text) Delete users (bulk)
lastName (Text) /qps/rest/1.0/delete/saq/user/ (POST)
company (Text)
title (Text) Filters (optional):
emailAddress (Text) see Search users
userName (Text)
tags.tag.id (Integer)

68
 Qualys API Quick Reference Guide
Security Assessment Questionnaire API

SAQ templates revision (Integer)

isLibrary (Boolean)
Current library template count questionCnt (Integer)
state (Text)
/qps/rest/1.0/count/saq/librarytemplate/
(GET, POST) Get details on template
Filters (optional):
/qps/rest/1.0/get/saq/template/ <id> (GET)
id (Integer) /library template ID
uuid (Integer) Required:
name (Text) id (Integer) /template ID
description (Text)
category (Text) Search templates
familyId (Integer)
/qps/rest/1.0/search/saq/template/ (POST)
revision (Integer)
isLibrary (Boolean) Filters (optional):
questionCnt (Integer) id (Integer) /template ID
state (Text) uuid (Integer)
name (Text)
Get details on library template description (Text)
category (Text)
/qps/rest/1.0/get/saq/librarytemplate/ <id> (GET) familyId (Integer)
Required: revision (Integer)
id (Integer) /library template ID isLibrary (Boolean)
questionCnt (Integer)
Search library templates state (Text)

/qps/rest/1.0/search/saq/librarytemplate/ (POST) Create template from library

Filters (optional):
/qps/rest/1.0/createfromlibrary/saq/template/
id (Long)
(POST)
uuid (UUID)
name (Text) Required:
description (Text) id (Integer) /library template ID
category (Text)
familyId (Integer) Create template
revision (Integer)
/qps/rest/1.0/create/saq/template/ (POST)
isLibrary (Boolean)
questionCnt (Integer) Several required and optional elements are
state (Text) supported
Click here for SAQ API User Guide
Current template count
/qps/rest/1.0/count/saq/template/ (GET, POST)
Filters (optional):
id (Integer) /template ID
uuid (Integer)
name (Text)
description (Text)
category (Text)
familyId (Integer)

69
Qualys API Quick Reference Guide
Security Assessment Questionnaire API

Update template
/qps/rest/1.0/update/saq/template/<id> (POST)
/qps/rest/1.0/update/saq/template/ (POST)
Required to update single template:
id (Integer) /library template ID

Several optional elements are supported

Click here for SAQ API User Guide

Create new version of existing

template
/qps/rest/1.0/newversion/saq/template/<id>
(POST)
Required:
id (Long) /template ID

Publish template
/qps/rest/1.0/publish/saq/template/<id> (POST)
Required:
id (Long) /template ID

Delete template
/qps/rest/1.0/delete/saq/template/<id> (POST)
Required:
id (Long) /template ID

Delete template (bulk)

/qps/rest/1.0/delete/saq/template/ (POST)
Filters (optional):
see Search library templates

70
 Qualys API Quick Reference Guide
Portal version API

Portal version API

Find out the version of Portal and its sub-modules
(in your subscription).

Portal version
/qps/rest/portal/version (GET)

Returns the version information based on the

username supplied in the request.

71
Qualys API Quick Reference Guide
API Server URL

API Server URL

Qualys API Server URL
The Qualys API URL you should use for API
requests depends on the Qualys platform where
your account is located.
Click here to identify your Qualys platform and
get the API URL

Still need help?

You can easily find the API server URL to use. Just
log in to your Qualys account.
Go to Help > About.

You’ll see the API Server URL for your account

under Security Operations Center (SOC).

72
 Qualys API Quick Reference Guide
Good to Know

Good to Know Curl Client

Use the curl client to issue API requests directly
Notations from the Linux Command Line.
Example using basic authentication (example
Required attributes are in bold. For example
uses Qualys US Platform 1):
“ref={value} indicates a required parameter.
curl –s –k –H ‘X-Requested-With: curl demoapp’ –
Defaults are underlined. For example {0|1}
u username:password
indicates “0” is the default value for the Boolean
‘https://{$SERVER}.qualys.com/api/2.0/fo/scan/?ac
attribute.
tion=list’

GET and POST Example using session based authentication

(example uses Qualys US Platform 1):
Functions support the GET method only, the POST curl -s -k -H 'X-Requested-With: curl demoapp' -D
method only or both GET and POST as indicated. headers.15 -b 'QualysSession=SESSION_ID;
path=/api; secure'
Date/Time 'https://{$SERVER}.qualys.com/api/2.0/fo/scan/?ac
tion=list'
Date/time format is YYYY-MM-DD[THH:MM:SSZ]
where time is optional. See the curl(1) man page for further details.

API Notes Allowed Operators

1) Authentication is performed using basic auth Supported using the following APIs: Asset
(using API v1 or APIv2) or session-based Management and Tagging, Cloud Agent,
authentication (API v2 only) by the SSL socket Continuous Monitoring, Malware Detection, Web
connection. Application Firewall, Web Application Scanning.

2) There are known limits for the amount of data Allowed Operators
that can be sent using the GET method. These Integer EQUALS, NOT EQUALS,
limits are dependent on the toolkit used. There is GREATER, LESSER, IN
no fundamental limit with sending data using the Text CONTAINS, EQUALS, NOT
POST method. EQUALS
Date EQUALS, NOT EQUALS,
3) Variables and values must be URL-encoded.
GREATER, LESSER
4) Returned XML responses usually include Keyword EQUALS, NOT EQUALS, IN
numeric error codes. Boolean (true/false) EQUALS, NOT
5) UTF-8 encoding is used internally and for the EQUALS
returned XML.
6) Role-based privileges (Manager, Scanner, and Looking for more?
Reader) apply to most API calls.
Click here for all our current API User Guides
7) Blanks in “string type values” can be encoded as
plus characters(+).

73