Create a Report Request

Use this API to create a new report request.

POST/csapi/v1.3/reports

Input ParametersInput Parameters

Parameter

Mandatory/Optional

Data Type

Description

name

Mandatory

string

Specify a title for your report (up to 150 characters).

description

Optional

string

Specify a description for your report (up to 250 characters).

templateName

Mandatory

string

Specify the template for the report you want to create.

Valid values are:

  • CS_IMAGE_VULNERABILITY
  • CS_CONTAINER_VULNERABILITY
  • CS_IMAGE_SECRETS 
  • CS_IMAGE_MALWARE

filter

Optional

 string

Filter the images or containers list for the report by providing a query using Qualys syntax.

Refer to the “How to Search” topic in the online help for assistance with creating your query.

displayColumns

Optional 

 string

Specify the columns to include in the report. Multiple columns should be comma-separated.
Valid Values - repo, uuid, sha, severity, firstDetected, qdsScore, riskScore, qid and so on.

When unspecified, ALL report columns will be included. When an empty value is provided, only default columns will be included.

When the template CS_IMAGE_VULNERABILITY is used, you can include any of these columns: repo, imageId, sha, uuid, label, tags, created, updated, firstDetected, qdsScore, riskScore, qid, title, severity, cveids, vendorReference, cvssBase, cvssTemporal, cvss3Base, cvss3Temporal, threat, easyExploit, noPatch, activeAttacks, highLateralMovement, highDataLoss, denialOfService, impact, solution, exploitability, associatedMalwares, category, software, firstDetected, qdsScore, riskScore, and result.

The default columns are: qid, imageId.

When the template CS_CONTAINER_VULNERABILITY is used, you can include any of these columns: name, containerId, uuid, imageId, repository, tags, created, hostName, hostIp, state, stateChanged, updated, qid, title, severity, cveids, vendorReference, cvssBase, cvssTemporal, cvss3Base, cvss3Temporal, threat, easyExploit, noPatch, activeAttacks, highLateralMovement, highDataLoss, denialOfService, impact, solution, exploitability, associatedMalwares, category, software, result, podName, podUuid, podNameSpace, podLabel, podController, nodeName, and nodeIsMaster.

The default columns are: qid, containerId.

When the template CS_IMAGE_SECRETS is used, you can include any of these columns:
repo, imageId, sha, uuid, label, created, updated, secretUuid, secretSeverity, layerSha, ruleUuid, filePath, lastUpdated, category, secretType, and matches.

The default columns are: imageId, secretUuid.

When the template CS_IMAGE_MALWARE is used, you can include any of these columns:
repo, imageId, sha, uuid, label, tags, created, updated, malwareSeverity, malwareScore, malwarePrediction, malwareCategory, malwareFamily, malwareCount, lastScanDate, layerAnalyzed, filesAnalyzed, layerSha, layerCommand, layerFileName, layerMimeType, layerFilesAnalyzed, layerCreatedDate, layerMalwareSeverity, layerMalwareScore, layerPrediction, layerMalwareCategory, layerMalwareFamily.

The default columns are: imageId, malwareSeverity.

expireAfter Mandatory string

Specify a time period after which the report expires and gets deleted from your account.

The valid values are (days): 1, 7, 30, or 90 days.

zip    
 
Optional     integer     Choose to send scheduled report through a Zip file.
Valid Values: 0 or 1.
'0' indicates 'no', and '1' indicates 'yes'.
sendAsAttachment Optional     boolean     Choose to send scheduled report through an attachment.
Valid Values: 0 or 1.
'0' indicates 'no', and '1' indicates 'yes'.
recipient Optional     string     Mandatory if 'emailNotification' is choosen.
Email Id of the person whom you want to send the report update notification.
emailSubject Optional     string     Subject email of the update notification.
customMessage  Optional     string     Message to be shown in the update notification email.

Sample: Create a Report RequestSample: Create a Report Request

API request

     curl -X 'POST' \
  '<qualys_base_url>/csapi/v1.3/reports' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: application/json' \
  -d '{
  "description": "Report Test",
  "name": "ABC",
  "filter": null,
  "displayColumns": [
    "repo",
    "uuid",
    "qid",
    "firstDetected",
    "riskScore",
    "qdsScore"
  ],
  "templateName": "CS_IMAGE_VULNERABILITY",
  "expireAfter": "30",
  "zip": "0",
  "emailNotification": "1",
  "sendAsAttachment": "0",
  "recipient": "jack_reader@acme.com",
  "emailSubject": "EMAIL receive check",
  "customMessage": "Please find the email and its details."
}'
    

Response

    {
  "reportUuid": "cfcd7840-91cc-11ef-9f40-ad02a75af93a"
}