For API version information, refer to the API Version History section.
This API lets you create a custom script of type Custom QID.
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| title | Mandatory | String | Provide the name of the script. |
| typeId | Mandatory | Short | Specify the type of the scripts. Get valid script types using API - GET /sm/v1/script-types. |
| languageId | Mandatory | Short | Specify the required script language. Get valid script language using GET /sm/v1/script-languagePass required languageId from response. |
| categoryId | Optional | Long | Provide the category of script based on categories like general automation, data collection, and backup. |
| content | Optional | String |
Provide the script content. Note: Script Content should be passed with base64 encoding. If not passed in the request, script content will be pulled from github params in the request. If github parameters are also not passed then error message is shown. |
| githubInputUrl | Optional | String |
Provide a complete github file path for which we want to create script content. If the content is not provided, it is mandatory. Note: If the script repo is private then 'gitHubToken' also needs to be passed in the request. |
| gitHubUser | Optional | String | Provide a github user that has a github account. If the content is not provided, it is mandatory. |
| gitHubRepo | Optional | String | Provide the name of the github repository. If the content is not provided, it is mandatory |
| gitHubFilePath | Optional | String | Provide a relative github file path for which we want to create as script content. If the content is not provided, it is mandatory. |
| gitHubBranch | Optional | String | Provide the github branch name. If the content is not provided, it is mandatory. |
| gitHubToken | Optional | String | Provide a github token to access a private github repository. For private repository, it is mandatory. |
| gitHubSyncEnabled | Optional | Boolean | Enable the GitHub script to sync with the created script. |
| gitHubAutoSync | Optional | Boolean | Enable GitHub autosync with the created script. |
| description | Optional | String | Provide the script description. Note: Maximum charaters allowed are 4000. |
| platform | Mandatory | String | Provide the platform like WINDOWS,LINUX,UNIX, and MAC. |
| severity | Optional | String | Provide the severity level that defines the criticality of the script. Select a value from 1 to 5. |
| threshold | Optional | Long | Provide the specific time that defines how long the script must run. You can specify the time in seconds, hours and minutes. |
| thresholdTimeUnit | Optional | Long | Provide the time to specify in SECONDS, HOURS, MINUTES. |
| scriptApprovalUser Consent | Optional | Boolean | Create a script in an approval state or not. Deafult Value - False |
| customQid.title | Optional | String | Provide the qid title. Default script title is applied if not passed. |
| customQid.type | Mandatory | String | Provide the type of QID. Currently its supported type is only - "Detection QID". |
| customQid.qds | Optional | String | Provide TruRisk QDS score. Note: If the vularabilityType is Potential or confirmed then it is mandatory. |
| customQid.vulnerab ilityType | Mandatory | String | Use this parameter to provide customQid.vulnerabilityType such as Confirmed, Potential, Information Gathered. |
| customQid.cveIds | Optional | String | Provide a CVE ID that is associated with a specific QID |
| customQid.returnCodeStatusMap | Mandatory | List of returnCode and Status | Get return code and the status based on the script you provide. Note: If returnCode not passed, default 0 will be considered. |
| customQid.impact | Optional | String | Provide the details of the possible outcome if the vulnerability is exploited. |
| customQid.solution | Optional | String | Provide a verified solution for the impact. |
| customQid.bugTrackIds | Optional | String | Provide a URL or an ID as an additional reference. |
API Request
curl -X POST '<qualys_base_url>/sm/v3/script'
--header 'Accept: application/vnd.qualys.car.api.v3.0+json'
--header 'Authorization: Bearer <authToken>'
--header 'Content-Type: application/json' \
--data-raw
'{
"categoryId": 605,
"content": "bHMgLWx0cg==",
"description": "Microsoft Internet Explorer Information Disclosure
Vulnerability description",
"platform": "WINDOWS",
"severity": "3",
"threshold": 300,
"thresholdTimeUnit": "SECOND",
"title": "Microsoft Internet Explorer Information Disclosure
Vulnerability",
"typeId": 2,
"languageId": 204,
"scriptApprovalUserConsent": true,
"customQid": {
"type": "Detection QID",
"qds": "75",
"vulnerabilityType": "Information_Gathered",
"cveIds": "CVE-2023-3452",
"detectionLogic": "Use Script",
"returnCodeStatusMap": [
{
"returnCode": "1",
"status": "Not-Detected"
},
{
"returnCode": "5",
"status": "Detected"
}
]
}
}'
Response:
{
"errorCode": "0",
"message": " Custom QID script created successfully",
"body": {
"id": 100502
}
}
API Request
curl -X POST '<qualys_base_url>/sm/v3/script'
--header 'Accept: application/vnd.qualys.car.api.v3.0+json'
--header 'Authorization: Bearer <authToken>'
--header 'Content-Type: application/json' \
--data-raw '{
"categoryId": 605,
"githubInputUrl": "<github url>",
"gitHubToken": "<github token of private repo>",
"gitHubUser": "< username>",
"gitHubRepo": "< repo name>",
"gitHubBranch": "< branch name>",
"gitHubFilePath": "< github file path>",
"platform": "WINDOWS",
"severity": "3",
"threshold": 300,
"thresholdTimeUnit": "SECOND",
"title": "Microsoft Internet Explorer Information Disclosure
Vulnerability",
"typeId": 2,
"languageId": 204,
"scriptApprovalUserConsent": true,
"customQid": {
"type": "Detection QID",
"qds": "75",
"vulnerabilityType": "Potential",
"cveIds": "CVE-2023-3452",
"returnCodeStatusMap": [
{
"returnCode": "1",
"status": "Not-Detected"
},
{
"returnCode": "5",
"status": "Detected"
}
]
}
}'
Response
{
"errorCode": "0",
"message": "Custom QID script created successfully",
"body": {
"id": 100503
}
}
| Parameter | Mandatory/ Optional |
Data Type | Description |
|---|---|---|---|
| title | Mandatory | String | Provide the name of the script. |
| typeId | Mandatory | Short | Specify the type of the scripts. Get valid script types using API - GET /sm/v1/script-types. |
| languageId | Mandatory | Short | Specify the required script language. Get valid script language using GET /sm/v1/script-languagePass required languageId from response. |
| categoryId | Optional | Long | Provide the category of script based on categories like general automation, data collection, and backup. |
| content | Optional | String |
Provide the script content. Note: Script Content should be passed with base64 encoding. If not passed in the request, script content will be pulled from github params in the request. If github parameters are also not passed then error message is shown. |
| githubInputUrl | Optional | String |
Provide a complete github file path for which we want to create script content. If the content is not provided, it is mandatory. Note: If the script repo is private then 'gitHubToken' also needs to be passed in the request. |
| gitHubUser | Optional | String | Provide a github user that has a github account. If the content is not provided, it is mandatory. |
| gitHubRepo | Optional | String | Provide the name of the github repository. If the content is not provided, it is mandatory |
| gitHubFilePath | Optional | String | Provide a relative github file path for which we want to create as script content. If the content is not provided, it is mandatory. |
| gitHubBranch | Optional | String | Provide the github branch name. If the content is not provided, it is mandatory. |
| gitHubToken | Optional | String | Provide a github token to access a private github repository. For private repository, it is mandatory. |
| gitHubSyncEnabled | Optional | Boolean | Enable the GitHub script to sync with the created script. |
| gitHubAutoSync | Optional | Boolean | Enable GitHub autosync with the created script. |
| description | Optional | String | Provide the script description. Note: Maximum charaters allowed are 4000. |
| platform | Mandatory | String | Provide the platform like WINDOWS,LINUX,UNIX, and MAC. |
| severity | Optional | String | Provide the severity level that defines the criticality of the script. Select a value from 1 to 5. |
| threshold | Optional | Long | Provide the specific time that defines how long the script must run. You can specify the time in seconds. |
| scriptApprovalUser Consent | Optional | Boolean | Create a script in an approval state or not. Deafult Value - False |
| customQid.title | Optional | String | Provide the qid title. Default script title is applied if not passed. |
| customQid.type | Mandatory | String | Provide the type of QID. Currently its supported type is only - "Detection QID". |
| customQid.qds | Optional | String | Provide TruRisk QDS score. Note: If the vularabilityType is Potential or confirmed then it is mandatory. |
| customQid.vulnerab ilityType | Mandatory | String | Use this parameter to provide customQid.vulnerabilityType such as Confirmed, Potential, Information Gathered. |
| customQid.cveIds | Optional | String | Provide a CVE ID that is associated with a specific QID |
| customQid.return CodeStatusMap |
Mandatory | List of returnCode and Status | Get return code and the status based on the script you provide. Note: If returnCode not passed, default 0 will be considered. |
| customQid.impact | Optional | String | Provide the details of the possible outcome if the vulnerability is exploited. |
| customQid.solution | Optional | String | Provide a verified solution for the impact. |
| customQid.bug TrackIds |
Optional | String | Provide a URL or an ID as an additional reference. |
API Request
curl -X POST '<qualys_base_url>/sm/v4/script'
--header 'Accept: application/vnd.qualys.car.api.v4.0+json'
--header 'Authorization: Bearer <authToken>'
--header 'Content-Type: application/json'
--data-raw
'{
"categoryId":605,
"content":"bHMgLWx0cg==",
"description":"Microsoft Internet Explorer Information Disclosure
Vulnerability description",
"platform":"WINDOWS",
"severity":"3",
"threshold":300,
"title":"Microsoft Internet Explorer Information Disclosure
Vulnerability",
"typeId":2,
"languageId":204,
"scriptApprovalUserConsent":true,
"customQid":{
"type":"Detection QID",
"qds":"75",
"vulnerabilityType":"Information_Gathered",
"cveIds":"CVE-2023-3452",
"detectionLogic":"Use Script",
"returnCodeStatusMap":[
{
"returnCode":"1",
"status":"Not-Detected"
},
{
"returnCode":"5",
"status":"Detected"
}
]
}
}'
Response:
{
"errorCode":"0",
"message":" Custom QID script created successfully",
"body":{
"id":100502
}
}
Input ParametersInput Parameters
| Parameter | Mandatory/ Optional |
Data Type | Description |
|---|---|---|---|
| title | Mandatory | String | Provide the name of the script. |
| typeId | Mandatory | Short | Specify the type of the scripts. Get valid script types using API - GET /sm/v1/script-types. |
| languageId | Mandatory | Short | Specify the required script language. Get valid script language using GET /sm/v1/script-languagePass required languageId from response. |
| categoryId | Optional | Long | Provide the category of script based on categories like general automation, data collection, and backup. |
| content | Optional | String |
Provide the script content. Note: Script Content should be passed with base64 encoding. If not passed in the request, script content will be pulled from github params in the request. If github parameters are also not passed then error message is shown. |
| githubInputUrl | Optional | String |
Provide a complete github file path for which we want to create script content. If the content is not provided, it is mandatory. Note: If the script repo is private then 'gitHubToken' also needs to be passed in the request. |
| gitHubUser | Optional | String | Provide a github user that has a github account. If the content is not provided, it is mandatory. |
| gitHubRepo | Optional | String | Provide the name of the github repository. If the content is not provided, it is mandatory |
| gitHubFilePath | Optional | String | Provide a relative github file path for which we want to create as script content. If the content is not provided, it is mandatory. |
| gitHubBranch | Optional | String | Provide the github branch name. If the content is not provided, it is mandatory. |
| gitHubToken | Optional | String | Provide a github token to access a private github repository. For private repository, it is mandatory. |
| gitHubSyncEnabled | Optional | Boolean | Enable the GitHub script to sync with the created script. |
| gitHubAutoSync | Optional | Boolean | Enable GitHub autosync with the created script. |
| description | Optional | String | Provide the script description. Note: Maximum charaters allowed are 4000. |
| platform | Mandatory | String | Provide the platform like WINDOWS,LINUX,UNIX, and MAC. |
| severity | Optional | String | Provide the severity level that defines the criticality of the script. Select a value from 1 to 5. |
| threshold | Optional | Long | Provide the specific time that defines how long the script must run. You can specify the time in seconds. |
| scriptApprovalUser Consent | Optional | Boolean | Create a script in an approval state or not. Deafult Value - False |
| customQid.title | Optional | String | Provide the qid title. Default script title is applied if not passed. |
| customQid.type | Mandatory | String | Provide the type of QID. Currently its supported type is only - "Detection QID". |
| customQid.qds | Optional | String | Provide TruRisk QDS score. Note: If the vularabilityType is Potential or confirmed then it is mandatory. |
| customQid.vulnerab ilityType | Mandatory | String | Use this parameter to provide customQid.vulnerabilityType such as Confirmed, Potential, Information Gathered. |
| customQid.cveIds | Optional | String | Provide a CVE ID that is associated with a specific QID |
| customQid.return CodeStatusMap |
Mandatory | List of returnCode and Status | Get return code and the status based on the script you provide. Note: If returnCode not passed, default 0 will be considered. |
| customQid.impact | Optional | String | Provide the details of the possible outcome if the vulnerability is exploited. |
| customQid.solution | Optional | String | Provide a verified solution for the impact. |
| customQid.bug TrackIds |
Optional | String | Provide a URL or an ID as an additional reference. |
|
hasParameters |
Optional (This is mandatory only if you want to define the |
Boolean |
Provide this value as Default value is Note: This parameter is only applicable when you want to create a parameterized script. |
|
params.key |
Mandatory (This is mandatory when the |
String |
Provide the Base64 encoded string value. |
|
params.value |
Mandatory (This is mandatory when the |
String |
Provide the Base64 encoded string value. |
Sample: Create Request with Base64 contentSample: Create Request with Base64 content
API Request
curl -X POST
'<qualys_base_url>/sm/v5/script'
--header 'Accept: application/vnd.qualys.car.api.v5.0+json'
--header 'Authorization: Bearer <authToken>'
--header 'Content-Type: application/json'
--data-raw
{
"categoryId": 103,
"content": "bHMgLWx0cg==",
"description": "Sample description",
"platform": "WINDOWS",
"severity": "3",
"threshold":300,
"title": "Sample title",
"typeId": 2,
"languageId": 1,
"scriptApprovalUserConsent": true,
"hasParameters": true,
"customQid": {
"qid": "",
"type": "Detection QID",
"severity": "4",
"qds": "75",
"vulnerabilityType": "Potential",
"cveIds": "CVE-2023-3452",
"detectionLogic": "Use Script",
"returnCodeStatusMap": [
{
"returnCode": "1",
"status": "Not-Detected"
},
{
"returnCode": "5",
"status": "Detected"
}
]
},
"params": [
{
"key": "string",
"value": "string"
}
]
}
Response:
{
"errorCode": "0",
"message": "Script created successfully",
"body": {
"id": 100504
}
}
The following table depicts the information about the different versions of this API along with the status:
| API Version | API Status | Release Date |
|---|---|---|
| /sm/v5/script | Active | Feb 2025 |
| /sm/v4/script | To be deprecated | June 2025 |
| /sm/v3/script | To be deprecated | Feb 2025 |