/api/2.0/fo/compliance/scap/arf/
Create a SCAP scan report in Asset Reporting Format (ARF), a requirement in the SCAP 1.2 Specifications from NIST.
Permissions - Users have permission to run this API function when the SCAP module is enabled for the user's subscription. Sub-accounts (Unit Managers, Scanners and Readers) must have the "Manage compliance" permission.
Parameter |
Required/Optional |
Data Type |
Description |
---|---|---|---|
scan_id={value} |
Required |
Integer |
The scan ID for a finished SCAP scan. |
ips={value} |
Optional |
Integer |
Use this parameter if you want to include only certain IP addresses in the report. You can enter a single IP, multiple IPs and/or ranges. Multiple entries are comma separated. |
ips_network_id={value} |
Optional and valid only when the Network Support feature is enabled and the policy has SCAP 1.2 content |
Integer |
Use this parameter to restrict the report’s target to the IPs specified in the “ips” parameter (“ips_network_id” is valid only when “ips” is specified in the same request). |
How do I find the scan ID? You’ll see the scan ID in the Qualys user interface, when viewing SCAP scan results. In the scan results window’s title bar you’ll see the report URL with its ID number in the “id” parameter, like this: https:///qualyguard.qualys.com/fo/report/fdcc/fdcc_scan_result.php?id=3362251
API Request
curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X POST -d "scan_id=3362251&ips=10.10.10.1-10.10.10.10" "https://<qualys_base_url>/api/2.0/fo/compliance/scap/arf/"
XML Output:
The XML output is compliant with the ARF 1.1 Schema. Show me this schema