Purge Hosts

POST/api/2.0/fo/asset/host/?action=purge

Purge hosts in your account to remove the assessment data associated with them.

Purging hosts will remove host based data in the user’s account (scan results will not be removed). Purged host information will not appear in new reports generated by users. One or both types of host data is removed, based on the user’s API request: vulnerability data and compliance data.

Permissions

Managers can purge assessment data for all hosts in the subscription, including vulnerability data and/or compliance data.

Auditors can purge compliance data only for all compliance hosts in the subscription (vulnerability data will not be removed).

Unit Managers, Scanners, and Readers can purge vulnerability data and/or compliance data in their user account if granted the permission “Purge host information/history”. The permission “Manage compliance” is required to purge compliance data.

Express Lite - This API is available to Express Lite users.

How to Choose Data Scope for Asset Purge

The input parameter “data_scope” allows you to specify the type of data to purge from a host. Specify “vm” to purge vulnerability data, “pc” to purge compliance data, or “vm,pc” (irrespective of order) to purge both types of data.

You can also use the input parameter “compliance_enabled” to purge compliance data along with vulnerability data or vulnerability data only. This option does not allow you to purge compliance data only.

You can combine compliance_enabled and data_scope in the same request. Note, however, that anytime compliance_enabled=1 is specified, then both vulnerability and compliance data is purged regardless of the data_scope value. See the table below to understand the different combinations and the type of data purged.

compliance_enabled value

data_scope value

type of data purged

1

unspecified

vulnerability + compliance data

0

unspecified

vulnerability data only

unspecified or 0

vm

vulnerability data only

unspecified or 0

pc

compliance data only

unspecified or 0

vm,pc

vulnerability + compliance data

1

vm

vulnerability + compliance data

1

pc

vulnerability + compliance data

1

vm,pc

vulnerability + compliance data

Input ParametersInput Parameters

Parameter

Required/Optional

Data Type

Description

action=purge

Required String 

The POST method should be used to purge the assets.

echo_request={0|1}

Optional Integer 

Specify 1 to view input parameters in the XML output. When unspecified, parameters are not included in the XML output.

ids={value}

Optional Integer

Purge host information for certain host IDs/ranges. One or more host IDs/ranges may be specified. Multiple entries are comma separated. A host ID range is specified with a hyphen (for example, 190-400).Valid host IDs are required.

One of these host selection parameters must be specified in an API request: ids, ips, ag_ids or ag_titles. Multiple host selection parameters may be specified together in the same request.

ips={value}

Optional Integer 

Purge host information certain IP addresses/ranges. One or more IPs/ranges may be specified. Multiple entries are comma separated. An IP range is specified with a hyphen (for example, 10.10.10.1-10.10.10.100).

One of these host selection parameters must be specified in an API request: ids, ips, ag_ids or ag_titles. Multiple host selection parameters may be specified together in the same request.

ag_ids={value}

Optional Integer 

Purge hosts belonging to asset groups with certain IDs. One or more asset group IDs and/or ranges may be specified. Multiple entries are comma separated. A range is specified with a dash (for example, 386941-386945). Valid asset group IDs are required.

One of these host selection parameters must be specified in an API request: ids, ips, ag_ids or ag_titles. Multiple host selection parameters may be specified together in the same request. These parameters are mutually exclusive and cannot be specified together: ag_ids and ag_titles.

ag_titles={value}

Optional String 

Purge hosts belonging to asset groups with certain strings in the asset group title. One or more asset group titles may be specified. Multiple entries are comma separated (for example, My+First+Asset+Group,Another+Asset+Group).

One of these parameters must be specified in an API request: ids, ips, ag_ids or ag_titles. Multiple host selection parameters may be specified together in the same request. These parameters are mutually exclusive and cannot be specified together: ag_ids and ag_titles.

network_ids={value}

Optional, and valid only when the Network Support feature is enabled for the user’s account Integer 

Restrict the request to certain custom network IDs. Multiple network IDs are comma separated.

no_vm_scan_since={date}

Optional Integer 

Purge hosts not scanned since a certain date and time (optional). The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2007-07-01” or “2007-01-25T23:12:00Z”.

User Permissions: An Auditor cannot specify this parameter.

no_compliance_scan_since={date}

Optional Integer

Purge compliance hosts not scanned since a certain date and time (optional). This parameter is invalid for an Express Lite user.

The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2007-07-01” or “2007-01-25T23:12:00Z”.

User Permissions: A sub-account (Unit Manager, Scanner or Reader) can specify this parameter only when the user account is granted certain permissions to purge compliance information.

data_scope={value}

Optional Boolean 

The type of data to purge. Specify “vm” to purge vulnerability data, specify “pc” to purge compliance data, or specify both as a comma separated list to purge both types of data.

If compliance_enabled=1 is specified in the same request, then vulnerability and compliance data will both be purged regardless of the data_scope value.

compliance_enabled={0|1}

Optional Integer 

This parameter is valid only when the policy compliance module is enabled for the user account.

Specify 1 to purge compliance hosts in the user’s account. These hosts are assigned to the PC module. When selected, the service will remove vulnerability data and compliance data associated with the selected hosts.

Specify 0 to purge hosts which are not assigned to the PC module. When specified (without data_scope), the service will remove only vulnerability information associated with the selected hosts.

Note: A sub-account (Unit Manager, Scanner or Reader) can specify this parameter only when the user account is granted permissions to purge compliance information. An Auditor does not have permission to set compliance_enabled=0.

os_pattern={expression}

Optional String 

Purge only hosts which have an operating system matching a certain regular expression. An empty value cannot be specified. Use “%5E%24” to match empty string.

Important: The regular expression string you enter must follow the PCRE standard and it must be URL encoded.

Sample regular expression strings for matching OS names:

Check API Sample 17

Qualys API - Host List Detection API samples (GitHub)

Click here for info on PCRE format.

Sample - Purge Only Compliance DataSample - Purge Only Compliance Data

API Request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -X "POST" -d "action=purge&ips=10.20.32.152&data_scope=pc" "https://<qualys_base_url>/api/2.0/fo/asset/host/"

XML Output

<!DOCTYPE BATCH_RETURN SYSTEM "https://<qualys_base_url>/api/2.0/batch_return.dtd">
<BATCH_RETURN>
  <RESPONSE>
    <DATETIME>2020-11-19T10:51:57Z</DATETIME>
    <BATCH_LIST>
      <BATCH>
        <TEXT>Hosts Queued (compliance data) for Purging</TEXT>
        <ID_SET>
          <ID>3971339</ID>
        </ID_SET>
      </BATCH>
    </BATCH_LIST>
  </RESPONSE>
</BATCH_RETURN>

Sample - Purge Only Vulnerability DataSample - Purge Only Vulnerability Data

API Request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -X "POST" -d "action=purge&ips=10.20.32.152&data_scope=vm" "https://<qualys_base_url>/api/2.0/fo/asset/host/"

XML Output

<!DOCTYPE BATCH_RETURN SYSTEM "https://<qualys_base_url>/api/2.0/batch_return.dtd">
<BATCH_RETURN>
  <RESPONSE>
    <DATETIME>2020-11-19T10:51:45Z</DATETIME>
    <BATCH_LIST>
      <BATCH>
        <TEXT>Hosts Queued (vulnerability data) for Purging</TEXT>
        <ID_SET>
          <ID>3971339</ID>
        </ID_SET>
      </BATCH>
    </BATCH_LIST>
  </RESPONSE>
</BATCH_RETURN>

Sample - Purge Vulnerability and Compliance DataSample - Purge Vulnerability and Compliance Data

API Request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -X "POST" -d "action=purge&ips=10.20.32.152&data_scope=pc,vm" "https://<qualys_base_url>/api/2.0/fo/asset/host/"

XML Output

<!DOCTYPE BATCH_RETURN SYSTEM "https://<qualys_base_url>/api/2.0/batch_return.dtd">
<BATCH_RETURN>
  <RESPONSE>
    <DATETIME>2020-11-19T10:52:12Z</DATETIME>
    <BATCH_LIST>
      <BATCH>
        <TEXT>Hosts Queued (vulnerability + compliance data) for Purging</TEXT>
        <ID_SET>
          <ID>3971339</ID>
        </ID_SET>
      </BATCH>
    </BATCH_LIST>
  </RESPONSE>
</BATCH_RETURN>

Sample - Purge Vulnerability and Compliance Data (Using Compliance_Enabled)Sample - Purge Vulnerability and Compliance Data (Using Compliance_Enabled)

In this example, compliance_enabled=1 and data_scope=pc. Both vulnerability and compliance data will be purged for the host since compliance_enabled=1 takes precedence.

API Request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -X "POST" -d "action=purge&ips=10.20.32.154&compliance_enabled=1&data_scope=vm" "https://<qualys_base_url>/api/2.0/fo/asset/host/"

XML Output

<!DOCTYPE BATCH_RETURN SYSTEM 
"https://<qualys_base_url>/api/2.0/batch_return.dtd">
<BATCH_RETURN>
 <RESPONSE>
 <DATETIME>2020-11-19T11:25:12Z</DATETIME>
 <BATCH_LIST>
 <BATCH>
 <TEXT>Hosts Queued (vulnerability + compliance data) for 
Purging</TEXT>
<ID_SET>
 <ID>3971340</ID>
 </ID_SET>
 </BATCH>
 </BATCH_LIST>
 </RESPONSE>
</BATCH_RETURN>

Sample - Purge Only Vulnerability Data (Using Compliance_Enabled)Sample - Purge Only Vulnerability Data (Using Compliance_Enabled)

In this example, compliance_enabled=0 and data_scope=vm so only vulnerability data will be purged.

API Request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -X "POST" -d "action=purge&ips=10.20.32.154&compliance_enabled=0&data_scope=vm" "https://<qualys_base_url>/api/2.0/fo/asset/host/" 

XML Output

<!DOCTYPE BATCH_RETURN SYSTEM 
"https://<qualys_base_url>/api/2.0/batch_return.dtd">
<BATCH_RETURN>
 <RESPONSE>
 <DATETIME>2020-11-19T11:25:12Z</DATETIME>
 <BATCH_LIST>
 <BATCH>
 <TEXT>Hosts Queued (vulnerability data) for Purging</TEXT>
 <ID_SET>
 <ID>3971340</ID>
 </ID_SET>
 </BATCH>
 </BATCH_LIST>
 </RESPONSE>
</BATCH_RETURN>

DTD

<platform API server>/api/2.0/fo/asset/host/dtd/purge/output.dtd