Dynamic Search List
Click to view navigation pane

Dynamic Search List

/api/2.0/fo/qid/search_list/dynamic/

List dynamic search lists and manage them (create, update, delete).

Permissions - Managers, Unit Managers, Scanners and Readers have permission to list and manage dynamic search lists.

Actions: List | Create and Update | Delete

List Dynamic Search Lists

Input ParametersInput Parameters

Parameter

Required/Optional

Data Type

Description

action=list

Required

 String

Supported methods are GET, POST

echo_request={0|1}

Optional

 Integer

Specify 1 to view (echo) input parameters in the XML output. By default these are not included.

ids={id1,id2,...}

Optional

 Integer

One or more search list IDs to display. Multiple IDs are comma separated.

show_qids={0|1}

Optional

 Integer

Set to 0 to hide QIDs defined for each search list in the XML output. By default these QIDs are shown.

show_option_profiles={0|1}

Optional

 Integer

Set to 0 to hide option profiles associated with each search list in the XML output. By default these option profiles are shown.

show_distribution_groups={0|1}

Optional

 Integer

Set to 0 to hide distribution groups associated with each search list in the XML output. By default these distribution groups are shown.

show_report_templates={0|1}

Optional

 Integer

Set to 0 to hide report templates associated with each search list in the XML output. By default these report templates will be shown.

show_remediation_policies={0|1}

Optional

 Integer

Set to 0 to hide remediation policies associated with each search list in the XML output. By default these remediation policies will be shown.

Sample  - List Dynamic Search ListSample  - List Dynamic Search List

API Request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" "https://<qualys_base_url>/api/2.0/fo/qid/search_list/dynamic/? action=list&ids=381"

XML Output

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE DYNAMIC_SEARCH_LIST_OUTPUT SYSTEM
"https://<qualys_base_url>/api/2.0/fo/qid/search_list/dynamic/d
ynamic_list_output.dtd">
<SEARCH_LIST_OUTPUT>
 <RESPONSE>
 <DATETIME>2015-01-06T06:20:03Z</DATETIME>
 <DYNAMIC_LISTS>
 <DYNAMIC_LIST>
 <ID>381</ID> 
 <TITLE><![CDATA[static search list]]></TITLE>
 <GLOBAL>Yes</GLOBAL>
 <OWNER>acme_tb</OWNER>
 <CREATED><![CDATA[07/27/2015 at 15:18:42 
(GMT+0530)]]></CREATED>
 <MODIFIED_BY>acme_tb</MODIFIED_BY>
 <MODIFIED><![CDATA[07/27/2015 at 15:18:42 
(GMT+0530)]]></MODIFIED> 
 <QIDS>
 <QID>1000<QID>
 <QID>1001<QID>
 </QIDS>
 <CRITERIA>
 <VULNERABILITY_TITLE><![CDATA[NOT 
Title]]></VULNERABILITY_TITLE>
 <DISCOVERY_METHOD><![CDATA[Authenticated 
Only]]></DISCOVERY_METHOD>
 <AUTHENTICATION_TYPE><![CDATA[HTTP, Oracle, 
Unix]]></AUTHENTICATION_TYPE>
 <USER_CONFIGURATION><![CDATA[Disabled, 
Edited]]></USER_CONFIGURATION>
 <CATEGORY><![CDATA[NOT Backdoors and trojan horses, DNS 
and BIND]]> </CATEGORY>
 <CONFIRMED_SEVERITY><![CDATA[1, 
2]]></CONFIRMED_SEVERITY>
 <POTENTIAL_SEVERITY><![CDATA[2, 
3]]></POTENTIAL_SEVERITY>
 <INFORMATION_SEVERITY><![CDATA[4, 
5]]></INFORMATION_SEVERITY>
 <VENDOR><![CDATA[NOT 2brightsparks,3com,4d]]></VENDOR>
 <PRODUCT><![CDATA[NOT .net_framework]]></PRODUCT>
 <CVSS_BASE_SCORE><![CDATA[2]]></CVSS_BASE_SCORE>
 
<CVSS_TEMPORAL_SCORE><![CDATA[3]]></CVSS_TEMPORAL_SCORE>
 <CVSS_ACCESS_VECTOR><![CDATA[Adjacent 
Network]]></CVSS_ACCESS_VECTOR>
 <PATCH_AVAILABLE><![CDATA[Yes, No]]></PATCH_AVAILABLE>
<VIRTUAL_PATCH_AVAILABLE><![CDATA[Yes]]></VIRTUAL_PATCH_AVAILABLE>
<CVE_ID><![CDATA[NOT CVE]]></CVE_ID>
<CVE_ID_FILTER><![CDATAContains]></CVE_ID_FILTER>
 <EXPLOITABILITY><![CDATA[ExploitKits, Immunity - 
Dsquare]]> </EXPLOITABILITY>
 <ASSOCIATED_MALWARE><![CDATA[Trend 
Micro]]></ASSOCIATED_MALWARE>
 <VENDOR_REFERENCE><![CDATA[NOT 
Linux]]></VENDOR_REFERENCE>
 <BUGTRAQ_ID><![CDATA[NOT 15656]]></BUGTRAQ_ID> 
<VULNERABILITY_DETAILS><![CDATA[details]]></VULNERABILITY_DETAILS>
 
<COMPLIANCE_DETAILS><![CDATA[details]]></COMPLIANCE_DETAILS>
 <COMPLIANCE_TYPE><![CDATA[PCI, CobIT, HIPAA, GLBA, 
SOX]]></COMPLIANCE_TYPE>
 <QUALYS_TOP_20><![CDATA[Top Internal 10, Top External 
10]]></QUALYS_TOP_20>
 <OTHER><![CDATA[Not exploitable due to configuration, 
Non-running services, 2008 SANS 20]]></OTHER>
 <NETWORK_ACCESS><![CDATA[NAC / NAM]]></NETWORK_ACCESS>
 <USER_MODIFIED><![CDATA[NOT 07/27/2015-
07/27/2015]]></USER_MODIFIED>
 <PUBLISHED><![CDATA[NOT 06/02/2015-
07/20/2015]]></PUBLISHED>
 <SERVICE_MODIFIED><![CDATA[NOT Previous 1 
week]]></SERVICE_MODIFIED>
 </CRITERIA>
 </CRITERIA>
 <!-- This list is used in the following option profiles //-
->
 <OPTION_PROFILES>
 <OPTION_PROFILE>
 <ID>135<ID>
 <TITLE><![CDATA[Initial Options]]></TITLE>
 <OPTION_PROFILE>
 </OPTION_PROFILES>
 <!-- This list is used in the following report templates 
//-->
 <REPORT_TEMPLATES>
 <REPORT_TEMPLATE>
 <ID>256<ID>
 <TITLE><![CDATA[Scan Report Template]]></TITLE>
 <REPORT_TEMPLATE>
 </REPORT_TEMPLATES>
 <!-- This list is used in the following remediation 
policies. //-->
 <REMEDIATION_POLICIES>
 <REMEDIATION_POLICY>
<ID>655<ID>
 <TITLE><![CDATA[Remediation Policy 1]]></TITLE>
 <REMEDIATION_POLICY>
 </REMEDIATION_POLICIES>
 <!-- This search list is associated with following 
distribution groups. //-->
 <DISTRIBUTION_GROUPS>
 <DISTRIBUTION_GROUP>
 <ID>226<ID>
 <TITLE><![CDATA[All]]></TITLE>
 <DISTRIBUTION_GROUP>
 </DISTRIBUTION_GROUPS>
 <COMMENTS><![CDATA[This is my first comment for this 
list]]></COMMENTS>
 </DYNAMIC_LIST>
 </DYNAMIC_LISTS>
 </RESPONSE>
</SEARCH_LIST_OUTPUT>

DTD for Dynamic Search ListDTD for Dynamic Search List

<platform API server>/api/2.0/fo/qid/search_list/dynamic/dynamic_list_output.dtd

Create / Update Dynamic Search List

Input ParametersInput Parameters

Parameter

Required/Optional

Data Type

Description

action=create|update

Required

 String

Supported method is POST

echo_request={0|1}

Optional

 Integer

Specify 1 to view (echo) input parameters in the XML output. By default these are not included.

title={value}

Required for create action, optional for update

 String

A user defined search list title. Maximum is 256 characters (ascii).

global={0|1}

Optional

 Integer

Specify 1 to make this a global search list. By default a new search list is not set to global (i.e. set to 0).

Search Criteria

 

  

 
 

 

  

For create request: Search criteria is required.

For update request: Only criteria specified in an update request will overwrite existing criteria, if any. For example, if a search list has confirmed_severities=3,4 and you make an update request with confirmed_severities=5, the search list will be updated to confirmed_severities=5.

vuln_title={value}

 

 String

Vulnerability title (string); to unset value use update request and set to empty value

not_vuln_title={0|1}

 

 Integer

Set to 1 for vulnerability title that does not match vuln_title parameter value

discovery_methods={value}

 

 String

One or more discovery methods: Remote, Authenticated, Remote_Authenticated; by default all methods are included

auth_types={value}

 

 String

One or more of these authentication types: Windows, Unix, Oracle, SNMP, VMware, DB2, HTTP, MySQL; multiple values are comma separated; to unset value use update request and set to empty value

user_configuration={value}

 

 Integer

One or more of these user configuration values: disabled, custom; multiple values are comma separated; to unset value use update request and set to empty value

categories={value}

 

 String

One or more vulnerability category names (strings); to unset value use update request and set to empty value

not_categories={0|1}

 

 Integer

Set to 1 for categories that do not match categories parameter values

confirmed_severities={value}

 

 Integer

One or more confirmed vulnerability severities (1-5); multiple severities are comma separated; to unset value use update request and set to empty value

potential_severities={value}

 

 Integer

One or more potential vulnerability severities (1-5); multiple severities are comma separated; to unset value use update request and set to empty value

ig_severities={value}

 

 Integer

One or more information gathered severities (1-5); multiple severities are comma separated; to unset value use update request and set to empty value

vendor_ids={value}

 

 Integer

One or more vendor IDs; multiple IDs are comma separated; to unset value use update request and set to empty value

not_vendor_ids={0|1}

 

 Integer

Set to 1 for vendor IDs that do not match vendor_ids parameter values

products={value}

 

 String

Vendor product names; multiple names are comma separated; to unset value use update request and set to empty value

not_products={0|1}

 

 Integer

Set to 1 for product names that do not match products parameter values

patch_available={value}

 

 Integer

Vulnerabilities with patches: 0 (no), 1 (yes); by default all vulnerabilities with and without patches are included; multiple values are comma separated; to unset value use update request and set to empty value

virtual_patch_available={value}

 

 Integer

Vulnerabilities with Trend Micro virtual patches: 0 (no), 1 (yes); by default vulnerabilities with and without these virtual patches are included: multiple values are comma separated; to unset value use update request and set to empty value

cve_ids_filter

Optional

 Integer

Filter CVE IDs with the “Exact Match” or “Contains” search criteria:

- Set to 1 to filter the CVE IDs that match exactly with the input CVE strings.

- Set to 2 to filter the CVE IDs that contain the input CVE string.

cve_ids={value}

Optional

 Integer

One or more CVE IDs; multiple IDs are comma separated; to unset value use update request and set to empty value

not_cve_ids={0|1}

Optional

 Integer

Set to 1 for CVE IDs that do not match cve_ids parameter values

exploitability={value}

Optional

 String

One or more vendors with exploitability info; multiple references are comma separated; to unset value use update request and set to empty value

malware_associated={value}

Optional

 String

One or more vendors with malware info; multiple references are comma separated; to unset value use update request and set to empty value

vendor_refs={value}

Optional

 String

One or more vendor references; multiple vendors are comma separated; to unset value use update request and set to empty value

not_vendor_refs={0|1}

Optional

 Integer

Set to 1 for vendor references that do not match vendor_refs parameter values

bugtraq_id={value}

Optional

 Integer

Vulnerabilities with a Bugtraq ID number; to unset value use update request and set to empty value

not_bugtraq_id={0|1}

Optional

 Integer

Set to 1 for vulnerabilities with Bugtraq IDs that do not match the bugtraq_id parameter value

vuln_details={value}

Optional

 String

A string matching vulnerability details; to unset value use update request and set to empty value

compliance_details={value}

Optional

 String

A string matching compliance details; to unset value use update request and set to empty value

supported_modules={value}

Optional

 String

One or more of these Qualys modules: VM, CA-Windows Agent, CA-Linux Agent, WAS, WAF, MD; multiple values are comma separated; to unset value use update request and set to empty value

compliance_types={value}

Optional

 Integer

One or more compliance types: PCI, CobiT, HIPAA, GLBA, SOX; multiple values are comma separated; to unset value use update request and set to empty value

qualys_top_lists={value}

Optional

 Integer

One or more Qualys top lists: Internal_10, Extermal_10; multiple values are comma separated; to unset value use update request and set to empty value

cpe={value}

Optional

 String

One or more CPE values: Operating System, Application, Hardware, None; multiple values are comma separated.

qids_not_exploitable={0|1}

Optional

 Integer

Set to 1 for vulnerabilities that are not exploitable due to configuration.

non_running_services={0|1}

Optional

 Integer

Set to 1 for vulnerabilities on non running services.

sans_20={0|1}

Optional

 Integer

Set to 1 for vulnerabilities in 2008 SANS 20 list

nac_nam={0|1}

Optional

 Integer

Set to 1 for NAC/NAM vulnerabilities

vuln_provider={value}

Optional

 Integer

Provider of the vulnerability if not Qualys; valid value is iDefense

cvss_base={value}

Optional

 Integer

CVSS base score value (matches greater than or equal to this value); to unset value use update request and set to empty value

cvss_temp={value}

Optional

 Integer

CVSS temporal score value (matches greater than or equal to this value); to unset value use update request and set to empty value

cvss_access_vector={value}

Optional

 Integer

CVSS access vector, one of: Undefined, Local, Adjacent_Network, Network; to unset value use update request and set to empty value

cvss_base_operand={value}

Optional

 Integer

Set the value to 1 to use the greater than equal to operand.

Set the value to 2 to use the less than operand.

You must always specify the "cvss_base" parameter along with the "cvss_base_operand" parameter in the API request.

cvss_temp_operand={value}

Optional

 Integer

Set the value to 1 to use the greater than equal to operand.

Set the value to 2 to use the less than operand.

You must always specify the "cvss_temp" parameter along with the "cvss_temp_operand" parameter in the API request.

cvss3_base={value}

Optional

 Integer

CVSS3 base score value assigned to the CVEs by NIST (matches greater than, less than, or equal to this value); to unset value use update request and set to empty value.

cvss3_temp={value}

Optional

 Integer

CVSS3 temporal score value assigned to the CVEs by NIST (matches greater than, less than, or equal to this value); to unset value use update request and set to empty value.

cvss3_base_operand={value}

Optional

 Integer

Set the value to 1 to use the greater than equal to operand.

Set the value to 2 to use the less than operand.

You must always specify the "cvss3_base" parameter along with the "cvss3_base_operand" parameter in the API request.

cvss3_temp_operand={value}

Optional

 Integer

Set the value to 1 to use the greater than equal to operand.

Set the value to 2 to use the less than operand.

You must always specify the "cvss3_temp" parameter along with the "cvss3_temp_operand" parameter in the API request.

User Modified Filters

Optional

 Integer

User modified filter parameters are mutually exclusive; only 1 parameter per request

user_modified_date_between
={value}

Optional

 Integer

date range in format (mm/dd/yyyy-mm/dd/yyyy)

user_modified_date_today
={0|1}

Optional

 Integer

set to 1 for modified by user today; set to 0 for not modified by user today

user_modified_date_in previous
={value}

Optional

 Integer

one of: Year, Month, Week, Quarter

user_modified_date_within_
last_days={value}

Optional

 Integer

number of days: 1-9999

not_user_modified={0|1}

Optional

 Integer

set to 1 to set the "not" flag for one of the user_modified parameters

Service Modified Filters

Optional

 Integer

Service modified filter parameters are mutually exclusive; only 1 parameter per request

service_modified_date_between
={value}

Optional

 Integer

date range in format (mm/dd/yyyy-mm/dd/yyyy)

service_modified_date_
today={0|1}

Optional

 Integer

set to 1 for modified by our service today; set to 0 for not modified by our service today

service_modified_date_
in previous={value}

Optional

 Integer

one of: Year, Month, Week, Quarter

service_modified_date_within_
last_days={value}

Optional

 Integer

number of days: 1-9999

not_service_modified={0|1}

Optional

 Integer

set to 1 to set the "not" flag for one of the service_modified parameters

Published Filters

Optional

 Integer

Published filter parameters are mutually exclusive; only 1 parameter per request

published_date_between
={value}

Optional

 Integer

date range in format (mm/dd/yyyy-mm/dd/yyyy)

published_date_today={0|1}

Optional

 Integer

set to 1 for published today; set to 0 for not published today

published_date_in previous
={value}

Optional

 Integer

one of: Year, Month, Week, Quarter

published_date_within_
last_days={value}

Optional

 Integer

number of days: 1-9999

not_published={0|1}

Optional

 Integer

set to 1 to set the "not" flag for one of the published parameters

Update Request Only

 

  

 

unset_user_modified_
date={value}

Optional

 Integer

Set to empty value to unset the user modified date in the search list parameters.

unset_published_
date={value}

Optional

 Integer

Set to empty value to unset the published date in the search list parameters.

unset_service_modified_
date={value}

Optional

 Integer

Set to empty value to unset the service modified date in the search list parameters.

Sample 1 - Create New Dynamic Search ListSample 1 - Create New Dynamic Search List

API Request

curl -u "USERNAME:PASSWD" -H "X-Requested-With: Curl" -X "POST" -d"action=create&title=My+Dynamic+Search+List&global=1&published_date_within_last_days=7&patch_available=1""https://<qualys_base_url>/api/2.0/fo/qid/search_list/dynamic/"

XML Output

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "https://<qualys_base_url>/api/2.0/simple_return.dtd">
<SIMPLE_RETURN>
  <RESPONSE>
    <DATETIME>2015-09-01T21:32:40Z</DATETIME>
    <TEXT>New search list created successfully</TEXT>
    <ITEM_LIST>
      <ITEM>
        <KEY>ID</KEY>
        <VALUE>136992</VALUE>
      </ITEM>
    </ITEM_LIST>
  </RESPONSE>
</SIMPLE_RETURN>

Sample 2 - Create New Dynamic Search List, CVSS ScoresSample 2 - Create New Dynamic Search List, CVSS Scores

API Request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl demo2" -d "action=create&title=mytest_DL313&cvss_base=3&cvss_base_operand=1&cvss_temp=2&cvss_temp_operand=2&cvss3_base=2&cvss3_base_operand=1&cvss3_temp=2&cvss3_temp_operand=2" "https://<qualys_base_url>/api/2.0/fo/qid/search_list/dynamic/"

Sample 3 - Update Dynamic Search ListSample 3 - Update Dynamic Search List

API Request

curl -u "USERNAME:PASSWD" -H "X-Requested-With: Curl" -X "POST" -d "action=delete&id=123456" "https://<qualys_base_url>/api/2.0/fo/qid/search_list/dynamic/"

XML Output

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM 
"https://<qualys_base_url>/api/2.0/simple_return.dtd">
<SIMPLE_RETURN>
 <RESPONSE>
 <DATETIME>2015-09-01T21:32:40Z</DATETIME>
 <TEXT>search list deleted successfully</TEXT>
 <ITEM_LIST>
 <ITEM>
 <KEY>ID</KEY>
 <VALUE>123456</VALUE>
 </ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>

Delete Dynamic Search List

Input ParametersInput Parameters

Parameter

Required/Optional

Data Type

Description

action=delete

Required

 String

Supported method is POST

echo_request={0|1}

Optional

 Integer

Specify 1 to view (echo) input parameters in the XML output. By default these are not included.

id={id}

Required

 Integer

The ID of the search list you want to delete.

Sample - Delete Dynamic Search ListSample - Delete Dynamic Search List

API Request

curl -u "USERNAME:PASSWD" -H "X-Requested-With: Curl" -X "POST" -d"action=delete&id=123456&global=1&qids=68518-68522,48000-48004""https://<qualys_base_url>/api/2.0/fo/qid/search_list/dynamic/"

XML Output

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "https://<qualys_base_url>/api/2.0/simple_return.dtd">
<SIMPLE_RETURN>
  <RESPONSE>
    <DATETIME>2015-09-01T21:32:40Z</DATETIME>
    <TEXT>search list deleted successfully</TEXT>
    <ITEM_LIST>
      <ITEM>
        <KEY>ID</KEY>
        <VALUE>123456</VALUE>
      </ITEM>
    </ITEM_LIST>
  </RESPONSE>
</SIMPLE_RETURN>

DTD for Dynamic Search List (Create, Update, Delete)

<platform API server>/api/2.0/simple_return.dtd