Create a Report Request

Use this API to create a new report request.

POST/csapi/v1.3/reports

Input ParametersInput Parameters

Parameter Mandatory/Optional Data Type Description
name Mandatory string Specify a title for your report (up to 150 characters).
description Optional string Specify a description for your report (up to 250 characters).
templateName Mandatory string Specify the template for the report you want to create. Valid values are:
  • CS_IMAGE_VULNERABILITY
  • CS_CONTAINER_VULNERABILITY
  • CS_IMAGE_SECRETS 
  • CS_IMAGE_MALWARE
  • CS_KUBERNETES_PODS
  • CS_CONTAINERS
  • CS_IMAGES
  • CS_IMAGE_SOFTWARE_DETAILS
filter Optional string Filter the images or containers list for the report by providing a query using Qualys syntax.

Refer to the “How to Search” topic in the online help for assistance with creating your query.
displayColumns Optional  string Specify the columns to include in the report. Multiple columns should be comma-separated.
Valid Values - repo, uuid, sha, severity, firstDetected, qdsScore, riskScore, qid and so on.

When unspecified, ALL report columns will be included. When an empty value is provided, only default columns will be included.

When the template CS_IMAGE_VULNERABILITY is used, you can include any of these columns: repo, imageId, sha, uuid, label, tags, created, updated, firstDetected, qdsScore, riskScore, qid, title, severity, cveids, vendorReference, cvssBase, cvssTemporal, cvss3Base, cvss3Temporal, threat, easyExploit, noPatch, activeAttacks, highLateralMovement, highDataLoss, denialOfService, impact, solution, exploitability, associatedMalwares, category, software, firstDetected, qdsScore, riskScore, and result.

The default columns are: qid, imageId.

When the template CS_CONTAINER_VULNERABILITY is used, you can include any of these columns: name, containerId, uuid, imageId, repository, tags, created, hostName, hostIp, state, stateChanged, updated, qid, title, severity, cveids, vendorReference, cvssBase, cvssTemporal, cvss3Base, cvss3Temporal, threat, easyExploit, noPatch, activeAttacks, highLateralMovement, highDataLoss, denialOfService, impact, solution, exploitability, associatedMalwares, category, software, result, podName, podUuid, podNameSpace, podLabel, podController, nodeName, and nodeIsMaster.

The default columns are: qid, containerId.

When the template CS_IMAGE_SECRETS is used, you can include any of these columns:
repo, imageId, sha, uuid, label, created, updated, secretUuid, secretSeverity, layerSha, ruleUuid, filePath, lastUpdated, category, secretType, and matches.

The default columns are: imageId, secretUuid.

When the template CS_IMAGE_MALWARE is used, you can include any of these columns:
repo, imageId, sha, uuid, label, tags, created, updated, malwareSeverity, malwareScore, malwarePrediction, malwareCategory, malwareFamily, malwareCount, lastScanDate, layerAnalyzed, filesAnalyzed, layerSha, layerCommand, layerFileName, layerMimeType, layerFilesAnalyzed, layerCreatedDate, layerMalwareSeverity, layerMalwareScore, layerPrediction, layerMalwareCategory, layerMalwareFamily.

The default columns are: imageId, malwareSeverity. 

The following column values are newly introduced under CS_IMAGE_VULNERABILITY and CS_CONTAINER_VULNERABILITY report templates.

  • wormable
  • predictedHighRisk
  • privilegeEscalation
  • unauthenticatedExploitation
  • remoteCodeExecution
  • ransomware
  • solorigateSunburst
  • cisaKnownExploitedVulns
expireAfter Mandatory string Specify a time period after which the report expires and gets deleted from your account.

The valid values are (days): 1, 7, 30, or 90 days.
zip    
 		 Optional     integer     Choose to send scheduled report through a Zip file.
Valid Values: 0 or 1.
'0' indicates 'no', and '1' indicates 'yes'.
sendAsAttachment Optional     boolean     Choose to send scheduled report through an attachment.
Valid Values: 0 or 1.
'0' indicates 'no', and '1' indicates 'yes'.
recipient Optional     string     Mandatory if 'emailNotification' is choosen.
Email Id of the person whom you want to send the report update notification.
emailSubject Optional     string     Subject email of the update notification.
customMessage  Optional     string     Message to be shown in the update notification email.

Sample: Create a Report Request using CS_IMAGE_VULNERABILITYSample: Create a Report Request using CS_IMAGE_VULNERABILITY

API request

     curl -X 'POST' \
  '<qualys_base_url>/csapi/v1.3/reports' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: application/json' \
  -d '{
  "description": "Report Test",
  "name": "ABC",
  "filter": null,
  "displayColumns": [
    "repo",
    "uuid",
    "qid",
    "firstDetected",
    "riskScore",
    "qdsScore"
  ],
  "templateName": "CS_IMAGE_VULNERABILITY",
  "expireAfter": "30",
  "zip": "0",
  "emailNotification": "1",
  "sendAsAttachment": "0",
  "recipient": "[email protected]",
  "emailSubject": "EMAIL receive check",
  "customMessage": "Please find the email and its details."
}'

Response

   { 
"reportUuid": "6c9f9c40-df2c-11f0-a6de-8fc0ae82011c" 
}

Sample: Create a Report Request using CS_KUBERNETES_PODSSample: Create a Report Request using CS_KUBERNETES_PODS

API request

    curl -X 'POST' \
  '<qualys_base_url>/csapi/v1.3/reports' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: application/json' \
  -d {
  "name": "test_pods_API",
  "description": "test",
  "templateName": "CS_KUBERNETES_PODS",
  "filter": null,
  "reportScheduleDetails": null,
  "expireAfter": 7,
  "secondFilter": "",
  "displayColumns": [
    "uuid",
    "name",
    "startedAt",
    "namespace",
    "clusterUid",
    "containersSha",
    "status",
    "updatedAt",
    "sensorUuid"
  ],
  "zip": 1,
  "emailNotification": 0
}'

Response

 { 
"reportUuid": "6c9f9c40-df2c-11f0-a6de-8fc0ae82011c" 
}

Sample: Create a Report Request using CS_IMAGE_SOFTWARE_DETAILSSample: Create a Report Request using CS_IMAGE_SOFTWARE_DETAILS

API request

curl -X 'POST' \
  '<qualys_base_url>/csapi/v1.3/reports' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: application/json' \
  -d '{
  "name": "Post_API_test",
  "description": "test",
  "templateName": "CS_IMAGE_SOFTWARE_DETAILS",
  "filter": "{\"filter\": \"\",\"secondFilter\": \"not software.lifecycle.eol is null\"}",
  "reportScheduleDetails": null,
  "expireAfter": 7,
  "displayColumns": [
    "name",
    "version",
    "fixVersion",
    "eolDate",
    "eosDate",
    "imageId",
    "imageSha"
  ],
  "zip": 0,
  "emailNotification": 0,
  "softwareCountPerImage": 2200
}' 

Response

{
  "reportUuid": "f64841c0-2420-11f1-a10e-63ad41ec1bb5"
} 

Sample: Create a Report Request using new Display ColumnsSample: Create a Report Request using new Display Columns

API Request 

   curl -X 'POST' \
  '<qualys_base_url>/csapi/v1.3/reports' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: application/json' \
  -d '{
  "description": "API test",
  "name": "Test2",
  "filter": null,
  "displayColumns": [
    "wormable", "predictedHighRisk", "privilegeEscalation", "unauthenticatedExploitation", "remoteCodeExecution", "ransomware", "solorigateSunburst", "cisaKnownExploitedVulns"
  ],
  "templateName": "CS_IMAGE_VULNERABILITY",
  "expireAfter": "1",
  "zip": "0",
  "emailNotification": "0",
  "sendAsAttachment": "0",
  "recipient": "[email protected]",
  "emailSubject": "Test email subject",
  "customMessage": ""
}' 

API Response 

    { 
"reportUuid": "73f866d0-c48c-11f0-997e-c5789176c2d5" 
}

 

© 2026 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: April, 2026