Create Script API

This API enables you to create the following types of scripts:

  • Custom Script
  • Custom QID Script
  • Custom Parameterized Script
  • Custom Parameterized QID Script

API Version History

The following table provides the information about the different versions of this API along with the status:

API Version API Status Release Date
v5.0 Active Feb 2025
v4.0 To be deprecated June 2025
v3.0 Deprecated Feb 2025
v2.0 Deprecated Feb 2025

v5.0

Create Custom Scripts

POST/sm/v5/script

Input ParametersInput Parameters

Parameters Mandatory/
Optional		 Data Type Description
title Mandatory String Provide the name of the script.
typeId Mandatory Short Specify the type of the scripts. Get valid script types using API - GET /sm/v1/script-types.
languageId Mandatory  Short Specify the required script language. Get valid script language using GET /sm/v1/script-languagePass required languageId from response.
categoryId Optional Long Provide the category of script based on categories like general automation, data collection, and backup.
content Optional String Provide the script content.

Note: Script Content should be passed with base64 encoding. If not passed in the request, script content will be pulled from github params in the request. If github parameters are also not passed then error message is shown.
githubInputUrl Optional String Provide a complete github file path for which we want to create script content. If the content is not provided, it is mandatory.

Note: If the script repo is private then 'gitHubToken' also needs to be passed in the request.
gitHubUser Optional String Provide a github user that has a github account. If the content is not provided, it is mandatory.
gitHubRepo Optional String Provide the name of the github repository. If the content is not provided, it is mandatory
gitHubFilePath Optional String Provide a relative github file path for which we want to create as script content. If the content is not provided, it is mandatory.
gitHubBranch Optional String Provide the github branch name. If the content is not provided, it is mandatory.
gitHubToken Optional String Provide a github token to access a private github repository. For private repository, it is mandatory.
gitHubSyncEnabled Optional Boolean Enable the GitHub script to sync with the created script.
gitHubAutoSync Optional  Boolean Enable GitHub autosync with the created script.
gitHubAutoSync Optional  Boolean Enable GitHub autosync with the created script.
description Optional  String Provide the script description. Note: Maximum charaters allowed are 4000.
platform Mandatory String Provide the platform like WINDOWS,LINUX,UNIX, and MAC.
severity Optional String Provide the severity level that defines the criticality of the script. Select a value from 1 to 5.
threshold Optional Long Provide the specific time that defines how long the script must run. You can specify the time in seconds.
scriptApprovalUser Consent Optional  Boolean Create a script in an approval state or not. Deafult Value - False
customQid.title Optional String Provide the qid title. Default script title is applied if not passed.
customQid.type Mandatory String Provide the type of QID. Currently its supported type is only - "Detection QID".
customQid.qds Optional String Provide TruRisk QDS score. Note: If the vularabilityType is Potential or confirmed then it is mandatory.
customQid.vulnerab ilityType Mandatory String Use this parameter to provide customQid.vulnerabilityType such as Confirmed, Potential, Information Gathered.
customQid.cveIds Optional String Provide a CVE ID that is associated with a specific QID
customQid.return
CodeStatusMap		 Mandatory List of returnCode and Status Get return code and the status based on the script you provide. Note: If returnCode not passed, default 0 will be considered.
customQid.impact Optional String Provide the details of the possible outcome if the vulnerability is exploited.
customQid.solution Optional String Provide a verified solution for the impact.
customQid.bug
TrackIds		 Optional String Provide a URL or an ID as an additional reference.
hasParameters Optional

(This is mandatory only if you want to define the params.key and params.value parameter.)

 Boolean Provide this value as true if you want to define the script parameters.

Default value is false.

Note: This parameter is only applicable when you want to create a parameterized script.
params.key Mandatory

(This is mandatory when the hasParameters value is true.)

 String Provide the Base64 encoded string value.
params.value Mandatory

(This is mandatory when the hasParameters value is true.)

 String Provide the Base64 encoded string value.
detectionRegex Optional List Contains the cardinality and regular expression values.
cardinality Optional String Provide a cardinality value.

The values are:

  • CONTAINS
  • DOES_NOT_CONTAIN
  • INTERSECT
  • MATCHES
  • IS_CONTAINED_IN
  • CUSTOM_REGEX
regex Optional List of string Provide regular expression values.

These values are evaluated on script output to mark a Custom QID Detected or Not-Detected.
status Optional String Provide the custom QID detection status values.

The supported values are:

  • Detected
  • Not-detected
 

Sample: Create Custom Script with Base64 ContentSample: Create Custom Script with Base64 Content

API Request

curl -X POST 
'<qualys_base_url>/sm/v5/script'
--header 'Accept: application/vnd.qualys.car.api.v5.0+json' 
--header 'Authorization: Bearer <authToken>' 
--header 'Content-Type: application/json' 
--data-raw 
'{
    "categoryId": 605,
    "content": "bHMgLWx0cg==",
    "description": "sample description",
    "platform": "WINDOWS",
    "severity": "3",
    "threshold": 300,
    "thresholdTimeUnit": "SECOND",
    "title": "Admin Count Check",
    "typeId": 1,
    "languageId": 204,
    "scriptApprovalUserConsent": true,
    "hasParameters": false,
    "params": [
        {
            "key": "string",
            "value": "string"
        }
    ]
}'

API Response

{
    "errorCode": "0",
    "message": "Script created successfully",
    "body": {
        "id": 100504
    }
}

Sample: Create Custom Script with GitHub URL using Public RepositorySample: Create Custom Script with GitHub URL using Public Repository

API Request

curl -X POST 
'<qualys_base_url>/sm/v5/script'
--header 'Accept: application/vnd.qualys.car.api.v5.0+json' 
--header 'Authorization: Bearer <authToken>' 
--header 'Content-Type: application/json' 
--data-raw 
 '{
    "categoryId": 605,
    "githubInputUrl": "<sample github url>",
    "description": "sample description",
    "platform": "WINDOWS",
    "severity": "3",
    "threshold": 300,
    "thresholdTimeUnit": "SECOND",
    "title": "Admin Count Check",
    "typeId": 1,
    "languageId": 204,
    "scriptApprovalUserConsent": true,
    "hasParameters": false,
    "params": [
        {
            "key": "string",
            "value": "string"
        }
    ]
 }'

API Response

{
    "errorCode": "0",
    "message": "Script created successfully",
    "body": {
        "id": 100504
    }
}

Sample: Create Custom Script with GitHub URL using Private RepositorySample: Create Custom Script with GitHub URL using Private Repository

API Request

curl -X POST 
'<qualys_base_url>/sm/v5/script'
--header 'Accept: application/vnd.qualys.car.api.v5.0+json' 
--header 'Authorization: Bearer <authToken>' 
--header 'Content-Type: application/json' 
--data-raw 
'{
  "categoryId": 605,
  "githubInputUrl": "<sample github url>",
  "gitHubToken": "<sample github token of private repo>",
  "description": "sample description",
  "platform": "WINDOWS",
  "severity": "3",
  "threshold": 300,
  "thresholdTimeUnit": "SECOND",
  "title": "Admin Count Check",
  "typeId": 1,
  "languageId": 204,
  "scriptApprovalUserConsent": true,
  "hasParameters": false,
  "params": [
        {
            "key": "string",
            "value": "string"
        }
    ]
}'

API Response

     {
    "errorCode": "0",
    "message": "Script created successfully",
    "body": {
        "id": 100504
    }
}

Sample: Create Custom Script with GitHub Parameters using Public RepositorySample: Create Custom Script with GitHub Parameters using Public Repository

API Request

curl -X POST 
'<qualys_base_url>/sm/v5/script'
--header 'Accept: application/vnd.qualys.car.api.v5.0+json' 
--header 'Authorization: Bearer <authToken>' 
--header 'Content-Type: application/json' 
--data-raw 
'{
  "categoryId": 605,
  "gitHubUser": "<sample username>",
  "gitHubRepo": "<sample repo name>",
  "gitHubBranch": "<sample branch name>",
  "gitHubFilePath": "<sample github file path>",
  "description": "sample description",
  "platform": "WINDOWS",
  "severity": "3",
  "threshold": 300,
  "thresholdTimeUnit": "SECOND",
  "title": "Admin Count Check",
  "typeId": 1,
  "languageId": 204,
  "scriptApprovalUserConsent": true,
  "hasParameters": false,
  "params": [
        {
            "key": "string",
            "value": "string"
        }
    ]
}'

API Response

    {
    "errorCode": "0",
    "message": "Script created successfully",
    "body": {
        "id": 100504
    }
}

Sample: Create Custom Script with GitHub Parameters using Private RepositorySample: Create Custom Script with GitHub Parameters using Private Repository

API Request

curl -X POST 
'<qualys_base_url>/sm/v5/script'
--header 'Accept: application/vnd.qualys.car.api.v5.0+json' 
--header 'Authorization: Bearer <authToken>' 
--header 'Content-Type: application/json' 
--data-raw 
'{
  "categoryId": 605,
  "gitHubToken": "<sample github token of private repo>",
  "gitHubUser": "<sample username>",
  "gitHubRepo": "<sample repo name>",
  "gitHubBranch": "<sample branch name>",
  "gitHubFilePath": "<sample github file path>",
  "description": "sample description",
  "platform": "WINDOWS",
  "severity": "3",
  "threshold": 300,
  "thresholdTimeUnit": "SECOND",
  "title": "Admin Count Check",
  "typeId": 1,
  "languageId": 204,
  "scriptApprovalUserConsent": true,
  "hasParameters": false,
  "params": [
        {
            "key": "string",
            "value": "string"
        }
    ]
}'

API Response

{
    "errorCode": "0",
    "message": "Script created successfully",
    "body": {
        "id": 100504
    }
}
Create Custom QID Scripts

POST/sm/v5/script

Input ParametersInput Parameters

Parameters Mandatory/
Optional		 Data Type Description
title Mandatory String Provide the name of the script.
typeId Mandatory Short Specify the type of the scripts. Get valid script types using API - GET /sm/v1/script-types.
languageId Mandatory  Short Specify the required script language. Get valid script language using GET /sm/v1/script-languagePass required languageId from response.
categoryId Optional Long Provide the category of script based on categories like general automation, data collection, and backup.
content Optional String Provide the script content.

Note: Script Content should be passed with base64 encoding. If not passed in the request, script content will be pulled from github params in the request. If github parameters are also not passed then error message is shown.
githubInputUrl Optional String Provide a complete github file path for which we want to create script content. If the content is not provided, it is mandatory.

Note: If the script repo is private then 'gitHubToken' also needs to be passed in the request.
gitHubUser Optional String Provide a github user that has a github account. If the content is not provided, it is mandatory.
gitHubRepo Optional String Provide the name of the github repository. If the content is not provided, it is mandatory
gitHubFilePath Optional String Provide a relative github file path for which we want to create as script content. If the content is not provided, it is mandatory.
gitHubBranch Optional String Provide the github branch name. If the content is not provided, it is mandatory.
gitHubToken Optional String Provide a github token to access a private github repository. For private repository, it is mandatory.
gitHubSyncEnabled Optional Boolean Enable the GitHub script to sync with the created script.
gitHubAutoSync Optional  Boolean Enable GitHub autosync with the created script.
gitHubAutoSync Optional  Boolean Enable GitHub autosync with the created script.
description Optional  String Provide the script description. Note: Maximum charaters allowed are 4000.
platform Mandatory String Provide the platform like WINDOWS,LINUX,UNIX, and MAC.
severity Optional String Provide the severity level that defines the criticality of the script. Select a value from 1 to 5.
threshold Optional Long Provide the specific time that defines how long the script must run. You can specify the time in seconds.
scriptApprovalUser Consent Optional  Boolean Create a script in an approval state or not. Deafult Value - False
customQid.title Optional String Provide the qid title. Default script title is applied if not passed.
customQid.type Mandatory String Provide the type of QID. Currently its supported type is only - "Detection QID".
customQid.qds Optional String Provide TruRisk QDS score. Note: If the vularabilityType is Potential or confirmed then it is mandatory.
customQid.vulnerab ilityType Mandatory String Use this parameter to provide customQid.vulnerabilityType such as Confirmed, Potential, Information Gathered.
customQid.cveIds Optional String Provide a CVE ID that is associated with a specific QID
customQid.return
CodeStatusMap		 Mandatory List of returnCode and Status Get return code and the status based on the script you provide. Note: If returnCode not passed, default 0 will be considered.
customQid.impact Optional String Provide the details of the possible outcome if the vulnerability is exploited.
customQid.solution Optional String Provide a verified solution for the impact.
customQid.bug
TrackIds		 Optional String Provide a URL or an ID as an additional reference.
hasParameters Optional

(This is mandatory only if you want to define the params.key and params.value parameter.)

 Boolean Provide this value as true if you want to define the script parameters.

Default value is false.

Note: This parameter is only applicable when you want to create a parameterized script.
params.key Mandatory

(This is mandatory when the hasParameters value is true.)

 String Provide the Base64 encoded string value.
params.value Mandatory

(This is mandatory when the hasParameters value is true.)

 String Provide the Base64 encoded string value.

Sample: Create Custom QID Script with Base64 ContentSample: Create Custom QID Script with Base64 Content

API Request

    curl -X POST 
'<qualys_base_url>/sm/v5/script'
--header 'Accept: application/vnd.qualys.car.api.v5.0+json' 
--header 'Authorization: Bearer <authToken>' 
--header 'Content-Type: application/json' 
--data-raw 
'{
    "categoryId": 605,
    "content": "bHMgLWx0cg==",
    "description": "sample description",
    "platform": "WINDOWS",
    "severity": "3",
    "threshold":300,
    "thresholdTimeUnit": "SECOND",
    "title": "Admin Count Check",
    "typeId": 2,
    "languageId": 204,
    "scriptApprovalUserConsent": true,
    "hasParameters": true,
    "customQid": {
        "type": "Detection QID",
        "severity": "4",
        "qds": "75",
        "vulnerabilityType": "Information_Gathered",
        "cveIds": "CVE-2023-3452",
        "detectionLogic": "Use Script",
        "returnCodeStatusMap": [
            {
                "returnCode": "1",
                "status": "Not-Detected"
            },
            {
                "returnCode": "5",
                "status": "Detected"
            }
        ]
    },
    "params": [
        {
            "key": "string",
            "value": "string"
        }
    ]
}'

API Response

{
    "errorCode": "0",
    "message": "Script created successfully",
    "body": {
        "id": 100502
    }
}

Sample: Create Custom QID Script with GitHub URL using Public RepositorySample: Create Custom QID Script with GitHub URL using Public Repository

API Request

curl -X POST 
'<qualys_base_url>/sm/v5/script'
--header 'Accept: application/vnd.qualys.car.api.v5.0+json' 
--header 'Authorization: Bearer <authToken>' 
--header 'Content-Type: application/json' 
--data-raw 
'{
    "categoryId": 605,
    "githubInputUrl": "<sample github url>",
    "description": "sample description",
    "platform": "WINDOWS",
    "severity": "3",
    "threshold":300,
    "thresholdTimeUnit": "SECOND",
    "title": "Admin Count Check",
    "typeId": 2,
    "languageId": 204,
    "scriptApprovalUserConsent": true,
    "hasParameters": true,
    "customQid": {
        "type": "Detection QID",
        "severity": "4",
        "qds": "75",
        "vulnerabilityType": "Information_Gathered",
        "cveIds": "CVE-2023-3452",
        "detectionLogic": "Use Script",
        "returnCodeStatusMap": [
            {
                "returnCode": "1",
                "status": "Not-Detected"
            },
            {
                "returnCode": "5",
                "status": "Detected"
            }
        ]
    },
    "params": [
        {
            "key": "string",
            "value": "string"
        }
    ]
}'

API Response

    {
    "errorCode": "0",
    "message": "Script created successfully",
    "body": {
        "id": 100502
    }
}

Sample: Create Custom QID Script with GitHub URL using Private RepositorySample: Create Custom QID Script with GitHub URL using Private Repository

API Request

  curl -X POST 
'<qualys_base_url>/sm/v5/script'
--header 'Accept: application/vnd.qualys.car.api.v5.0+json' 
--header 'Authorization: Bearer <authToken>' 
--header 'Content-Type: application/json' 
--data-raw 
'{
    "categoryId": 605,
    "githubInputUrl": "<sample github url>",
    "gitHubToken": "<sample github token of private repo>",
    "description": "sample description",
    "platform": "WINDOWS",
    "severity": "3",
    "threshold":300,
    "thresholdTimeUnit": "SECOND",
    "title": "Admin Count Check",
    "typeId": 2,
    "languageId": 204,
    "scriptApprovalUserConsent": true,
    "hasParameters": true,
    "customQid": {
        "type": "Detection QID",
        "severity": "4",
        "qds": "75",
        "vulnerabilityType": "Information_Gathered",
        "cveIds": "CVE-2023-3452",
        "detectionLogic": "Use Script",
        "returnCodeStatusMap": [
            {
                "returnCode": "1",
                "status": "Not-Detected"
            },
            {
                "returnCode": "5",
                "status": "Detected"
            }
        ]
    },
    "params": [
        {
            "key": "string",
            "value": "string"
        }
    ]
}'

API Response

    {
    "errorCode": "0",
    "message": "Script created successfully",
    "body": {
        "id": 100502
    }
}

Sample: Create Custom QID Script with GitHub Parameters using Public RepositorySample: Create Custom QID Script with GitHub Parameters using Public Repository

API Request

curl -X POST 
'<qualys_base_url>/sm/v5/script'
--header 'Accept: application/vnd.qualys.car.api.v5.0+json' 
--header 'Authorization: Bearer <authToken>' 
--header 'Content-Type: application/json' 
--data-raw 
'{
    "categoryId": 605,
    "gitHubUser": "<sample username>",
    "gitHubRepo": "<sample repo name>",
    "gitHubBranch": "<sample branch name>",
    "gitHubFilePath": "<sample github file path>",
    "description": "sample description",
    "platform": "WINDOWS",
    "severity": "3",
    "threshold":300,
    "thresholdTimeUnit": "SECOND",
    "title": "Admin Count Check",
    "typeId": 2,
    "languageId": 204,
    "scriptApprovalUserConsent": true,
    "hasParameters": true,
    "customQid": {
        "type": "Detection QID",
        "severity": "4",
        "qds": "75",
        "vulnerabilityType": "Information_Gathered",
        "cveIds": "CVE-2023-3452",
        "detectionLogic": "Use Script",
        "returnCodeStatusMap": [
            {
                "returnCode": "1",
                "status": "Not-Detected"
            },
            {
                "returnCode": "5",
                "status": "Detected"
            }
        ]
    },
    "params": [
        {
            "key": "string",
            "value": "string"
        }
    ]
}'

API Response

{
    "errorCode": "0",
    "message": "Script created successfully",
    "body": {
        "id": 100502
    }
}

Sample: Create Custom QID Script with GitHub Parameters using Private RepositorySample: Create Custom QID Script with GitHub Parameters using Private Repository

API Request

curl -X POST 
'<qualys_base_url>/sm/v5/script'
--header 'Accept: application/vnd.qualys.car.api.v5.0+json' 
--header 'Authorization: Bearer <authToken>' 
--header 'Content-Type: application/json' 
--data-raw 
'{
    "categoryId": 605,
    "gitHubToken": "<sample github token of private repo>",
    "gitHubUser": "<sample username>",
    "gitHubRepo": "<sample repo name>",
    "gitHubBranch": "<sample branch name>",
    "gitHubFilePath": "<sample github file path>",
    "description": "sample description",
    "platform": "WINDOWS",
    "severity": "3",
    "threshold":300,
    "thresholdTimeUnit": "SECOND",
    "title": "Admin Count Check",
    "typeId": 2,
    "languageId": 204,
    "scriptApprovalUserConsent": true,
    "hasParameters": true,
    "customQid": {
        "type": "Detection QID",
        "severity": "4",
        "qds": "75",
        "vulnerabilityType": "Information_Gathered",
        "cveIds": "CVE-2023-3452",
        "detectionLogic": "Use Script",
        "returnCodeStatusMap": [
            {
                "returnCode": "1",
                "status": "Not-Detected"
            },
            {
                "returnCode": "5",
                "status": "Detected"
            }
        ]
    },
    "params": [
        {
            "key": "string",
            "value": "string"
        }
    ]
}'

API Response

    {
    "errorCode": "0",
    "message": "Script created successfully",
    "body": {
        "id": 100502
    }
}

Sample: Create Custom Script to Detect Custom QID based on the Script OutputSample: Create Custom Script to Detect Custom QID based on the Script Output

API Request

curl -X POST
'<qualys_base_url>/sm/v5/script'
--header 'Accept: application/vnd.qualys.car.api.v5.0+json'
--header 'Authorization: Bearer <authToken>'
--header 'Content-Type: application/json'
--data-raw
'{
    "categoryId": 605,
    "content": "bHMgLWx0cg==",
    "description": "sample description",
    "platform": "WINDOWS",
    "severity": "3",
    "threshold":300,
    "thresholdTimeUnit": "SECOND",
    "title": "Sample title",
    "typeId": 2,
    "languageId": 204,
    "scriptApprovalUserConsent": true,
    "hasParameters": true,
    "customQid": {
        "type": "Detection QID",
        "severity": "4",
        "qds": "75",
        "vulnerabilityType": "Information_Gathered",
        "cveIds": "CVE-2023-3452",
        "detectionLogic": "Use Script",
        "detectionRegex": {
            "cardinality": "CONTAINS",
            "regex": [
               "3.6.9"
               ],
            "status": "detected"
              },
    "params": [
        {
            "key": "string",
            "value": "string"
        }
    ]
}'

API Response

{
  "errorCode": "0",
  "message": "Script created successfully",
  "body": {
    "id": 213673
  }
}

v4.0

POST/sm/v4/script

Input ParametersInput Parameters

Parameter Mandatory/
Optional		 Data Type Description
title Mandatory String Provide the name of the script.
typeId Mandatory Short Specify the type of the scripts. Get valid script types using API - GET /sm/v1/script-types.
languageId Mandatory  Short Specify the required script language. Get valid script language using GET /sm/v1/script-languagePass required languageId from response.
categoryId Optional Long Provide the category of script based on categories like general automation, data collection, and backup.
content Optional String

Provide the script content.

Note: Script Content should be passed with base64 encoding. If not passed in the request, script content will be pulled from github params in the request. If github parameters are also not passed then error message is shown.
githubInputUrl Optional String

Provide a complete github file path for which we want to create script content. If the content is not provided, it is mandatory.

Note: If the script repo is private then 'gitHubToken' also needs to be passed in the request.
gitHubUser Optional String Provide a github user that has a github account. If the content is not provided, it is mandatory.
gitHubRepo Optional String Provide the name of the github repository. If the content is not provided, it is mandatory
gitHubFilePath Optional String Provide a relative github file path for which we want to create as script content. If the content is not provided, it is mandatory.
gitHubBranch Optional String Provide the github branch name. If the content is not provided, it is mandatory.
gitHubToken Optional String Provide a github token to access a private github repository. For private repository, it is mandatory.
gitHubSyncEnabled Optional Boolean Enable the GitHub script to sync with the created script.
gitHubAutoSync Optional  Boolean Enable GitHub autosync with the created script.
description Optional  String Provide the script description. Note: Maximum charaters allowed are 4000.
platform Mandatory String Provide the platform like WINDOWS,LINUX,UNIX, and MAC.
severity Optional String Provide the severity level that defines the criticality of the script. Select a value from 1 to 5.
threshold Optional Long Provide the specific time that defines how long the script must run. You can specify the time in seconds.
scriptApprovalUser Consent Optional  Boolean Create a script in an approval state or not. Deafult Value - False
customQid.title Optional String Provide the qid title. Default script title is applied if not passed.
customQid.type Mandatory String Provide the type of QID. Currently its supported type is only - "Detection QID".
customQid.qds Optional String Provide TruRisk QDS score. Note: If the vularabilityType is Potential or confirmed then it is mandatory.
customQid.vulnerab ilityType Mandatory String Use this parameter to provide customQid.vulnerabilityType such as Confirmed, Potential, Information Gathered.
customQid.cveIds Optional String Provide a CVE ID that is associated with a specific QID
customQid.return
CodeStatusMap		 Mandatory List of returnCode and Status Get return code and the status based on the script you provide. Note: If returnCode not passed, default 0 will be considered.
customQid.impact Optional String Provide the details of the possible outcome if the vulnerability is exploited.
customQid.solution Optional String Provide a verified solution for the impact.
customQid.bug
TrackIds		 Optional String Provide a URL or an ID as an additional reference.

Sample: Create a ScriptSample: Create a Script

API Request

curl -X POST 
'<qualys_base_url>/sm/v4/script'
--header 'Accept: application/vnd.qualys.car.api.v4.0+json' 
--header 'Authorization: Bearer <authToken>' 
--header 'Content-Type: application/json' 
--data-raw 
'{
    "categoryId":605,
    "content":"bHMgLWx0cg==",
    "description":"Microsoft Internet Explorer Information Disclosure 
Vulnerability description",
    "platform":"WINDOWS",
    "severity":"3",
    "threshold":300,
    "title":"Microsoft Internet Explorer Information Disclosure 
Vulnerability",
    "typeId":2,
    "languageId":204,
    "scriptApprovalUserConsent":true,
    "customQid":{
        "type":"Detection QID",
        "qds":"75",
        "vulnerabilityType":"Information_Gathered",
        "cveIds":"CVE-2023-3452",
        "detectionLogic":"Use Script",
        "returnCodeStatusMap":[
            {
                "returnCode":"1",
                "status":"Not-Detected"
            },
            {
                "returnCode":"5",
                "status":"Detected"
            }
        ]
    }
}'

API Response

{
     "errorCode":"0",
     "message":" Custom QID script created successfully",
     "body":{
         "id":100502
     }
}

v3.0

POST/sm/v3/script

Input ParametersInput Parameters

Parameter Mandatory/
Optional		 Data Type Description
title Mandatory String Provide the name of the script.
typeId Mandatory Short Specify the type of the scripts. Get valid script types using API - GET /sm/v1/script-types.
languageId Mandatory  Short Specify the required script language. Get valid script language using GET /sm/v1/script-languagePass required languageId from response.
categoryId Optional Long Provide the category of script based on categories like general automation, data collection, and backup.
content Optional String

Provide the script content.

Note: Script Content should be passed with base64 encoding. If not passed in the request, script content will be pulled from github params in the request. If github parameters are also not passed then error message is shown.
githubInputUrl Optional String

Provide a complete github file path for which we want to create script content. If the content is not provided, it is mandatory.

Note: If the script repo is private then 'gitHubToken' also needs to be passed in the request.
gitHubUser Optional String Provide a github user that has a github account. If the content is not provided, it is mandatory.
gitHubRepo Optional String Provide the name of the github repository. If the content is not provided, it is mandatory
gitHubFilePath Optional String Provide a relative github file path for which we want to create as script content. If the content is not provided, it is mandatory.
gitHubBranch Optional String Provide the github branch name. If the content is not provided, it is mandatory.
gitHubToken Optional String Provide a github token to access a private github repository. For private repository, it is mandatory.
gitHubSyncEnabled Optional Boolean Enable the GitHub script to sync with the created script.
gitHubAutoSync Optional  Boolean Enable GitHub autosync with the created script.
description Optional  String Provide the script description. Note: Maximum charaters allowed are 4000.
platform Mandatory String Provide the platform like WINDOWS,LINUX,UNIX, and MAC.
severity Optional String Provide the severity level that defines the criticality of the script. Select a value from 1 to 5.
threshold Optional Long Provide the specific time that defines how long the script must run. You can specify the time in seconds, hours and minutes.
thresholdTimeUnit Optional Long Provide the time to specify in SECONDS, HOURS, MINUTES.
scriptApprovalUser Consent Optional  Boolean Create a script in an approval state or not. Deafult Value - False
customQid.title Optional String Provide the qid title. Default script title is applied if not passed.
customQid.type Mandatory String Provide the type of QID. Currently its supported type is only - "Detection QID".
customQid.qds Optional String Provide TruRisk QDS score. Note: If the vularabilityType is Potential or confirmed then it is mandatory.
customQid.vulnerab ilityType Mandatory String Use this parameter to provide customQid.vulnerabilityType such as Confirmed, Potential, Information Gathered.
customQid.cveIds Optional String Provide a CVE ID that is associated with a specific QID
customQid.returnCodeStatusMap Mandatory List of returnCode and Status Get return code and the status based on the script you provide. Note: If returnCode not passed, default 0 will be considered.
customQid.impact Optional String Provide the details of the possible outcome if the vulnerability is exploited.
customQid.solution Optional String Provide a verified solution for the impact.
customQid.bugTrackIds Optional String Provide a URL or an ID as an additional reference.

Sample 1: Create Request with base64 ContentsSample 1: Create Request with base64 Contents

API Request

curl -X POST 
'<qualys_base_url>/sm/v3/script'
--header 'Accept: application/vnd.qualys.car.api.v3.0+json'
--header 'Authorization: Bearer <authToken>'
--header 'Content-Type: application/json'
--data-raw '{
  "categoryId": 605,
  "content": "bHMgLWx0cg==",
  "description": "Sample description",
  "platform": "WINDOWS",
  "severity": "3",
  "threshold": 300,
  "thresholdTimeUnit": "SECOND",
  "title": "Sample title",
  "typeId": 2,
  "languageId": 204,
  "scriptApprovalUserConsent": true,
  "customQid": {
    "type": "Detection QID",
    "qds": "75",
    "vulnerabilityType": "Information_Gathered",
    "cveIds": "CVE-2023-3452",
    "detectionLogic": "Use Script",
    "returnCodeStatusMap": [
      {
        "returnCode": "1",
        "status": "Not-Detected"
      },
      {
        "returnCode": "5",
        "status": "Detected"
      }
    ]
  }
}'

API Response

{
 "errorCode": "0",
 "message": " Custom QID script created successfully",
 "body": {
 "id": 100502
 }
}

Sample 2: Create Script request to fetch the script content from Github ParamsSample 2: Create Script request to fetch the script content from Github Params

API Request

curl -X POST 
'<qualys_base_url>/sm/v3/script'
--header 'Accept: application/vnd.qualys.car.api.v3.0+json' 
--header 'Authorization: Bearer <authToken>' 
--header 'Content-Type: application/json' \
--data-raw '{
"categoryId": 605,
"githubInputUrl": "<github url>",
"gitHubToken": "<github token of private repo>",
"gitHubUser": "< username>",
"gitHubRepo": "< repo name>",
"gitHubBranch": "< branch name>",
"gitHubFilePath": "< github file path>",
"platform": "WINDOWS",
"severity": "3",
"threshold": 300,
"thresholdTimeUnit": "SECOND",
"title": "Microsoft Internet Explorer Information Disclosure 
Vulnerability",
"typeId": 2,
"languageId": 204,
"scriptApprovalUserConsent": true,
"customQid": {
"type": "Detection QID",
"qds": "75",
"vulnerabilityType": "Potential",
"cveIds": "CVE-2023-3452",
"returnCodeStatusMap": [
{
"returnCode": "1",
"status": "Not-Detected"
},
{
"returnCode": "5",
"status": "Detected"
}
]
}
}'

API Response

{
 "errorCode": "0",
 "message": "Custom QID script created successfully",
 "body": {
 "id": 100503
 }
}

v2.0

This API lets you create custom scripts with GitHub and URL.

POST/sm/v2/script

Input ParameterInput Parameter

Parameter Mandatory/
Optional		 Data Type Description
title Mandatory String Use it to provide the name of the script.
description Optional String Use it to provide the script description
categoryId Optional Long Use it to provide the category of script based on categories like general automation, data collection, and backup
platform Mandatory String  Use it to provide the platform like WINDOWS,LINUX,UNIX, and MAC.

severity		 Mandatory  Short Use it to provide the severity 
level that defines the criticality 
of the script. Select a value from 
1 to 5.
threshold Optional Integer Use it to provide the specific 
time that defines how long the 
script must run. You can specify 
the time in seconds, hours and 
minutes
thresholdTimeUnit Optional String Use it to provide the time to 
specify in SECONDS, HOURS, 
MINUTES.
languageId  Mandatory Integer Use it to provide the ID to get the list of valid languages.
gitHubSyncEnabled Optional Boolean Use it to enable the GitHub script to sync with the created script.
gitHubAutoSync Optional Boolean Use it to enable GitHub autosync with the created script
gitHubUser Mandatory  String  Use it to provide a github user that has a github account.
gitHubRepo  Optional   String  Use it to provide the name of the github repository
gitHubBranch   Optional   String Use it to provide the github branch name.
gitHubFilePath   Mandatory  String  Use it to provide a relative github file path for which we want to create as script content.
gitHubToken   Optional  String Use it to provide a github token to access a private github repository. For private repository it is mandatory
scriptApprovalUserCo nsent  Optional Boolean Use it to create a script in an approval state or not
githubInputUrl   Optional  String Use it to provide a complete github file path for which we want to create as script content.

Sample 1: Create Script with URL Sample 1: Create Script with URL

API Request

curl -X POST 
'<qualys_base_url>/sm/v2/script'
--header 'Authorization: Bearer <authToken>'
--header 'Content-Type: application/json'
--data-raw '{
 "title": "<sample-file-name>",
 "description": "Sample Description",
 "categoryId": 2,
 "platform": "WINDOWS",
 "severity": 3,
 "threshold": 300,
 "thresholdTimeUnit": "SECOND",
 "languageId": 4,
 "typeId": 1,
 "githubInputUrl": "<github-file-url>"
}'

API Request Body

{
 "title": "{{scriptTitle}}",
 "description": "Sample Description",
 "categoryId": 2,
 "platform": "WINDOWS",
 "severity": 3,
 "threshold": 300,
 "thresholdTimeUnit": "SECOND",
 "languageId": 4,
 "typeId": 1,
 "githubInputUrl": "https://github.com/ruanyf/simple-bashscripts/blob/master/scripts/hello-world.sh"
}

API Response

{
 "errorCode":"0",
 "message":"Script created successfully",
 "body":{
 "id":61179
}
}

Sample 2: Create Scripts with GitHub ParametersSample 2: Create Scripts with GitHub Parameters

API Request

curl -X POST 
'<qualys_base_url>/sm/v2/script' \
--header 'Authorization: Bearer <authToken>' \
--header 'Content-Type: application/json' \
--data-raw '{
     "title":"{{scriptTitle}}",
     "description":"Sample Description",
     "categoryId":2,
     "platform":"WINDOWS",
     "severity":3,
     "threshold":300,
     "thresholdTimeUnit":"SECOND",
     "languageId":201,
     "gitHubUser":"Qualys",
     "gitHubRepo":"community",
     "gitHubBranch":"",
     "gitHubFilePath":"assetcount/README.md"
}'

Request Body

{
 "title":"{{scriptTitle}}",
 "description":"Sample Description",
 "categoryId":2,
 "platform":"WINDOWS",
 "severity":3,
 "threshold":300,
 "thresholdTimeUnit":"SECOND",
 "languageId":201,
 "gitHubUser":"Qualys",
 "gitHubRepo":"community",
 "gitHubBranch":"",
 "gitHubFilePath":"assetcount/README.md"
}

Response:

{
 "errorCode":"0",
 "message":"Script created successfully",
 "body":{
 "id":61180
 }
}

Sample 3: Create Scripts with GitHub Parameters Using Private RepositorySample 3: Create Scripts with GitHub Parameters Using Private Repository

API Request

"curl -X POST""<qualys_base_url>/sm/v2/script""
--header""Authorization: Bearer <authToken>""
--header""Content-Type: application/json""
--data-raw""{
 "title": "<sample-file-name>",
 "description": "Sample Description",
 "categoryId": 2,
 "platform": "LINUX",
 "severity": 3,
 "threshold": 300,
 "thresholdTimeUnit": "SECOND",
 "languageId": 6,
 "gitHubUser": "<private-github-username>",
 "gitHubRepo": "<private-github-repository-name>",
 "gitHubBranch": "<private-github-branch>",
 "gitHubFilePath": "<private-github-filepath>",
 "gitHubToken" : "<private-github-token>"
}"

Request Body

{
    "title":"{{scriptTitle}}",
    "description":"Sample Description",
    "categoryId":2,
    "platform":"LINUX",
    "severity":3,
    "threshold":300,
    "thresholdTimeUnit":"SECOND",
    "languageId":6,
    "gitHubUser":"smqa123",
    "gitHubRepo":"SM_QA_PRIVATE",
    "gitHubBranch":"main",
    "gitHubFilePath":"Blacklisted",
    "gitHubToken":"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"
}

Response:

{
    "errorCode":"0",
    "message":"Script created successfully",
    "body":{
        "id":61186
    }
}

Sample 4:Create Script by with GitHub URLs Using Private RepositorySample 4:Create Script by with GitHub URLs Using Private Repository

API Request

"curl --location --request POST"<qualys_base_url>/sm/v2/script"\\
-H""Authorization: Bearer <JWT Token>""--header""Content-Type: 
application/json""\\
--data-raw""{
\"title\": \"giturl_private_api_201446\",
\"description\": \"Sample Description\",
\"categoryId\": 2,
\"platform\": \"WINDOWS\",
\"severity\": 3,
\"threshold\": 300,
\"thresholdTimeUnit\": \"SECOND\",
\"languageId\": 4,
\"typeId\": 1,
\"gitHubToken\" : \"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\",
\"githubInputUrl\": 
\"https://github.com/smqa123/SM_QA_PRIVATE/blob/main/Blacklisted\"
}

Request Body

{
 "title":"{{scriptTitle}}",
 "description":"Sample Description",
 "categoryId":2,
 "platform":"WINDOWS",
 "severity":3,
 "threshold":300,
 "thresholdTimeUnit":"SECOND",
 "languageId":4,
"typeId":1,
 "gitHubToken":"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",
 
"githubInputUrl":"https://github.com/smqa123/SM_QA_PRIVATE/blob/main/Blac
klisted"
}

Response

{
 "errorCode":"0",
 "message":"Script created successfully",
 "body":{
 "id":61403
 }
}

To know the details of the response codes, refer to Appendix.

©2025 Qualys, Inc. All rights reserved. Privacy Policy.