Get Rules

You can get the list of rules using this API. You can search for rules for a cloud provider using filters we support.

 /rest/v1/rules

Input ParametersInput Parameters

Parameter

 Mandatory/Optional Data Type

Description

cloudType

 Mandatory String

Select the cloud provider from AWS, Azure, or GCP.

filter

 Optional String

Form the search query using the filters we provide to refine the search for rules.

Filters supported:

    ruleName

    rule.description

    trigger

    ruleQuery

    createdBy

    createdById

    updatedBy

    updatedById

    ruleState

    createdDate

    updatedDate

    lastRun

    aggregate

    aggregationGroup

    action.message

    action.subject

    action.slackChannel

    action.emailRecipient

    action.type

    action.name

    ruleSeverity

For detailed information on filters, see the Reference: Action Filters.

pageNo

 Optional Integer

The page to be returned.

pageSize

 Optional Integer

The number of records per page to be included in the response.

sortField

 Optional String

Specify the field that decides the sort order for the rules.

sortOrder {asc|desc}

 Optional String

Specify if the sorting needs to be ascending or descending order.
ruleSeverity Optional String Specify the rule severity as LOW, MEDIUM, HIGH, or NONE

Sample - Get the list of rulesSample - Get the list of rules

Let us get the rules for simple_alerts rule type for AWS cloud provider.

API request

    
      curl -X GET --header 'Accept: application/json' --header 'Authorization: Basic <JWT Token>'
      '<qualys_base_url>/cloudview-api/rest/v1/rules?cloudType=AWS&pageNo=1&pageSize=50&ruleType=simple_alert&sortOrder=asc'

Response

    
      [
    {
        "id": "3dfc5050-7028-11ea-beeb-3fad76b6f6b5",
        "cloudType": "AWS",
        "ruleType": "simple_alert",
        "name": "slack 01 aws",
        "description": "Slack 1",
        "qql": "cid:99 and account.id:XXXXXXXXXXXXand control.result:FAIL",
        "aggregate": false,
        "actions": [
            {
                "id": "1f695df0-6da2-11ea-8910-77b847f40d61",
                "actionType": "slack",
                "name": "slack cv public api",
                "subject": null,
                "alert": "Qualys CloudView: Cloud Security Assessment Alerts\n\n*${control.criticality} Severity Control Failure Detected for CID ${cid}*\n\n*Affected Resource*\n\tresourceId:${resource.id}\n\tresourceType:${resource.type}\n\tservice:${service.type}\n\tregion:${region}\n\tcloudType:${provider.type}\n\taccountId:${account.id}\n\tconnectorId:${connectorUuid}\n\n*Evaluation Summary*\n\tcontrolName:${control.name}\n\tcontrolId:${cid}\n\tpolicyName:${policyName}\n\tevaluatedOn:${evaluatedOn}\n\tevaluationDates:\n\t\tfirstEvaluated: ${firstEvaluated}\n\t\tlastEvaluated:${lastEvaluated}\n\n*Results*\n\tresult: ${control.result}\n\tevidences:\n\t\tsettingName:${evidences.key}\n\t\tactualValue: ${evidences.value}\n\nYours Sincerely,\nQualys Support Team\n\n\nFor any assistance, please contact our >mailto:[email protected] | customer support team.<",
                "emailRecipients": null,
                "slackChannel": "Sample-slack",
                "subjectParameters": [],
                "bodyParameters": []
            }
        ],
        "created": "2020-03-27T12:41:12.917+0000",
        "createdBy": "John Doe",
        "createdById": "user_john",
        "updated": "2020-03-27T12:41:12.917+0000",
        "updatedBy": "John Doe",
        "updatedById": "user_john",
        "lastRun": "2020-04-29T05:39:32.974+0000",
        "ruleState": "DISABLED",
        "durationHour": 0,
        "fromHourInUTC": 0,
        "fromMinuteInUTC": 0
    },
    {
        "id": "368fea00-702a-11ea-beeb-3fad76b6f6b5",
        "cloudType": "AWS",
        "ruleType": "time_window_schedule_alert",
        "days": [
            1,
            2,
            3,
            4,
            5,
            6,
            7
        ],
        "name": "time window",
        "description": "Time",
        "qql": "cid:98 and accountGroup:Sample and control.result:FAIL",
        "aggregate": true,
        "aggregationKey": "account.id",
        "actions": [
            {
                "id": "2a8bda80-7029-11ea-beeb-3fad76b6f6b5",
                "actionType": "qemail",
                "name": "Time email",
                "subject": "Time window",
                "alert": "Qualys CloudView: Cloud Security Assessment Alerts\n\n${control.criticality} Severity Control Failure Detected for CID ${cid}\n\n*Affected Resource*\n\tresourceId:${resource.id}\n\tresourceType:${resource.type}\n\tservice:${service.type}\n\tregion:${region}\n\tcloudType:${provider.type}\n\taccountId:${account.id}\n\tconnectorId:${connectorUuid}\n\tgroupName:${accountGroup}\n\n*Evaluation Summary*\n\tcontrolName:${control.name}\n\tcontrolId:${cid}\n\tpolicyName:${policyName}\n\tevaluatedOn:${evaluatedOn}\n\tevaluationDates:\n\t\tfirstEvaluated:${firstEvaluated}\n\t\tlastEvaluated:${lastEvaluated}\n\n*Results*\n\tresult:${control.result}\n\tevidences:\n\t\tsettingName:${evidences.key}\n\t\tactualValue:${evidences.value}\n\nYours Sincerely,\nQualys Support Team\n\n\nFor any assistance, please contact our customer support team.",
                "emailRecipients": [
                    "[email protected]"
                ],
                "slackChannel": null,
                "subjectParameters": [],
                "bodyParameters": []
            }
        ],
        "created": "2020-03-27T12:55:19.456+0000",
        "createdBy": "John Doe",
        "createdById": "user_john",
        "updated": "2020-03-27T12:55:19.456+0000",
        "updatedBy": "John Doe",
        "updatedById": "user_john",
        "lastRun": "2020-03-27T14:00:00.163+0000",
        "ruleState": "DISABLED",
        "ruleSeverity": "NONE",
        "durationHour": 3600000,
        "fromHourInUTC": 13,
        "fromMinuteInUTC": 0
    },
    {
        "id": "12ec9a00-7028-11ea-beeb-3fad76b6f6b5",
        "cloudType": "AWS",
        "ruleType": "simple_alert",
        "name": "test01 aws",
        "description": "Test1",
        "qql": "cid:100 and account.id:XXXXXXXXXXXXand control.result:FAIL and firstEvaluated:[now-1M .. now]",
        "aggregate": false,
        "actions": [
            {
                "id": "f913b4a0-6d9e-11ea-97c4-57de4ff3eb79",
                "actionType": "qemail",
                "name": "Public ApI",
                "subject": "Public API testing",
                "alert": "Qualys CloudView: Cloud Security Assessment Alerts\n\n${control.criticality} Severity Control Failure Detected for CID ${cid}\n\n*Affected Resource*\n\tresourceId:${resource.id}\n\tresourceType:${resource.type}\n\tservice:${service.type}\n\tregion:${region}\n\tcloudType:${provider.type}\n\taccountId:${account.id}\n\tconnectorId:${connectorUuid}\n\tgroupName:${accountGroup}\n\n*Evaluation Summary*\n\tcontrolName:${control.name}\n\tcontrolId:${cid}\n\tpolicyName:${policyName}\n\tevaluatedOn:${evaluatedOn}\n\tevaluationDates:\n\t\tfirstEvaluated:${firstEvaluated}\n\t\tlastEvaluated:${lastEvaluated}\n\n*Results*\n\tresult:${control.result}\n\tevidences:\n\t\tsettingName:${evidences.key}\n\t\tactualValue:${evidences.value}\n\nYours Sincerely,\nQualys Support Team\n\n\nFor any assistance, please contact our customer support team.",
                "emailRecipients": [
                    "[email protected]"
                ],
                "slackChannel": null,
                "subjectParameters": [],
                "bodyParameters": []
            }
        ],
        "created": "2020-03-27T12:40:00.672+0000",
        "createdBy": "John Doe",
        "createdById": "user_john",
        "updated": "2020-03-27T12:40:00.672+0000",
        "updatedBy": "John Doe",
        "updatedById": "user_john",
        "lastRun": "2020-03-27T13:04:03.135+0000",
        "ruleState": "DISABLED",
        "durationHour": 0,
        "fromHourInUTC": 0,
        "fromMinuteInUTC": 0
    },
    {
        "id": "dcf05f80-8ad1-11ea-9f4c-35b43d39dafc",
        "cloudType": "AWS",
        "ruleType": "simple_alert",
        "name": "slack New template rule 01",
        "description": "slack New Template",
        "qql": "cid:99 and account.id:XXXXXXXXXXXXand control.result:FAIL",
        "aggregate": false,
        "actions": [
            {
                "id": "51cba540-8ad1-11ea-9f4c-35b43d39dafc",
                "actionType": "slack",
                "name": "slack new template",
                "subject": null,
                "alert": "Qualys CloudView: Cloud Security Assessment Alerts\n\nAn assessment failure has been identified for resource \"${resource.id}\" and control \"${cid}\" in your Qualys subscription.\n\n*Impacted Resource*\n\tresourceId:${resource.id}\n\tresourceType:${resource.type}\n\tservice:${service.type}\n\tregion:${region}\n\tcloudType:${provider.type}\n\taccountId:${account.id}\n\tconnectorId:${connectorUuid}\n\tgroupName:${accountGroup}\n\n*Evaluation Summary*\n\tcontrolName:${control.name}\n\tcontrolId:${cid}\n\tpolicyName:${policyName}\n\tevaluatedOn:${evaluatedOnDateFormat}\n\tevaluationDates:\n\t\tfirstEvaluated:${firstEvaluatedDateFormat}\n\t\tlastEvaluated:${lastEvaluatedDateFormat}\n\n*Evidence*\n\tresult:${control.result}\n\tevidences:\n\t\tsettingName:${evidences.key}\n\t\tactualValue:${evidences.value}\n\nUse this information here to investigate the failure and take appropriate actions to fix it.",
                "emailRecipients": null,
                "slackChannel": "Sample-slack",
                "subjectParameters": [],
                "bodyParameters": []
            }
        ],
        "created": "2020-04-30T11:00:54.776+0000",
        "createdBy": "John Doe",
        "createdById": "user_john",
        "updated": "2020-04-30T11:00:54.776+0000",
        "updatedBy": "John Doe",
        "updatedById": "user_john",
        "lastRun": "2020-04-30T11:10:36.749+0000",
        "ruleState": "ENABLED",
        "durationHour": 0,
        "fromHourInUTC": 0,
        "fromMinuteInUTC": 0
    }
]

 

© 2026 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: March, 2026