SCAP ARF Report

 /api/2.0/fo/compliance/scap/arf/

Create a SCAP scan report in Asset Reporting Format (ARF), a requirement in the SCAP 1.2 Specifications from NIST.

Permissions - Users have permission to run this API function when the SCAP module is enabled for the user's subscription. Sub-accounts (Unit Managers, Scanners and Readers) must have the "Manage compliance" permission.  

Input ParametersInput Parameters

Parameter

Required/Optional

Data Type

Description

scan_id={value}

 Required

Integer 

The scan ID for a finished SCAP scan.

ips={value}

Optional

Integer 

Use this parameter if you want to include only certain IP addresses in the report. You can enter a single IP, multiple IPs and/or ranges. Multiple entries are comma separated.

ips_network_id={value}

Optional and valid only when the Network Support feature is enabled and the policy has SCAP 1.2 content

Integer 

Use this parameter to restrict the report’s target to the IPs specified in the “ips” parameter (“ips_network_id” is valid only when “ips” is specified in the same request).

How do I find the scan ID? You’ll see the scan ID in the Qualys user interface, when viewing SCAP scan results. In the scan results window’s title bar you’ll see the report URL with its ID number in the “id” parameter, like this: https:///qualyguard.qualys.com/fo/report/fdcc/fdcc_scan_result.php?id=3362251

SampleSample

API Request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X POST -d "scan_id=3362251&ips=10.10.10.1-10.10.10.10" "https://<qualys_base_url>/api/2.0/fo/compliance/scap/arf/"

XML Output:
The XML output is compliant with the ARF 1.1 Schema. Show me this schema