VM Option Profile Parameters

Parameters for option profiles are below, using VM Option Profile API (/api/2.0/fo/subscription/option_profile/vm/)

Parameter

Required/Optional

Data Type

Description

title={value}

Required to create option profile

String

A title for easy identification.

id={value}

Required to create/update option profile, optional to list profile

Integer

An option profile ID.

owner={value}

Optional

String

The owner of the option profile(s), or the user who created the option profile.

default={0|1}

Optional

Integer

Make this profile the default for all scans and maps. Specify 1 to make default. There can only be one default profile for the subscription.

enable_partial_ssl_tls_auditing = {0|1}

 

Integer

Use to enable or disable the partial SSL/TLS auditing during scan execution. Specify 1 to enable partial SSL/TLS checks while executing the scan.

global={0|1}

Optional

Integer

Share this profile with other users by making it global. Specify 1 to make global.

Are you a Manager? This profile will be available to all users.

Are you a Unit Manager? This profile will be available to all users in your business unit.

offline_scanner={0|1}

Optional

Integer

Specify to 1 to download this profile to your offline scanners during the next sync.

scan_tcp_ports={none|full|

standard|light}

Required

Boolean

We use ports to send packets to the host in order to determine whether the host is alive and also to do fingerprinting for the discovery of services. Specify “full” to scan all ports, “standard” to scan standard ports or “light” to scan fewer ports. We will scan the standard list of ports unless you choose a different option in the profile.

scan_tcp_ports_additional=
{port1,port2}

Optional

Integer

Specify additional ports to scan (up to 12500 ports).

3_way_handshake={0|1}

Optional

Integer

Specify 1 to let the scanning engine perform a 3-way handshake with target hosts. After a connection between the service and the target host is established, the connection will be closed. This option should be enabled only if you have a configuration that does not allow an SYN packet to be followed by an RST packet. Also, when this is enabled, TCP based OS detection is not performed on target hosts. Without TCP based OS detection, the service may not be able to identify the operating system installed on target hosts and perform OS-specific vulnerability checks.

Scan

 

 

 

scan_udp_ports={none|full

standard|light}

Required

Boolean

Specify “full” to scan all ports, “standard” to scan standard ports or “light” to scan fewer ports. We will scan the standard list of ports unless you choose a different option in the profile.

vulnerability_detection=

{complete|custom|runtime}

Required

Integer

With a "complete" scan we'll scan for all vulnerabilities (QIDs) in the KnowledgeBase applicable to each host being scanned. Specify "custom" to limit the scan to specified QIDs only. Then add the QIDs you want to scan. Specify “runtime” to scan QIDs at runtime.

scan_udp_ports_additional=

{port1,port2}

Optional

Integer

Specify additional ports to scan (up to 20500 ports).

authoritative_option={0|1}

Optional

Integer

Specify 1 to enable Authoritative Scan Option. By enabling the authoritative scan option your light scan will work like a full or standard scan. We will update the vulnerability status for all vulnerabilities found, regardless of which ports they were detected on.

scan_dead_hosts={0|1}

Optional

Integer

Specify 1 to enable scanning dead hosts. A dead host is a host that is unreachable - it didn't respond to any pings. Your scan may run longer if you choose to scan dead hosts.

close_vuln_on_dead_hosts=

{0|1}

Optional

Integer

Specify 1 to quickly close vulnerabilities for hosts that are not found alive after a set number of scans. When enabled, we'll mark existing tickets associated with dead hosts as Closed/Fixed and update the vulnerability status to Fixed.

not_found_alive_times={value}

Optional

Integer

Specify the number of times the host is not found alive after which the vulnerability should be closed. This setting is available only when close_vuln_on_dead_hosts=1.

purge_host_data={0|1}

Optional

Integer

Specify 1 to purge host data. This option is especially useful if you have systems that are regularly decommissioned or replaced. By specifying this option you’re telling us you want to purge the host if we detect a change in the host's Operating System (OS) vendor at scan time, for example the OS changed from Linux to Windows or Debian to Ubuntu. We will not purge the host for an OS version change like Linux 2.8.13 to Linux 2.9.4.

external_scanners_use={value}

Optional

Integer

Specify the maximum number of external scanners to use for scanning perimeter assets. (This option is available when your subscription is configured with multiple external scanners).

scan_parallel_scaling={0|1}

Optional

Integer

Specify 1 to enable parallel scaling. This setting can be useful in subscriptions which have physical and virtual scanner appliances with different performance characteristics (e.g., CPU, RAM).  

Specify this option to dynamically scale up the number of hosts to scan in parallel (at scan time) to a calculated value which is based upon the computing resources available on each appliance. Note that the number of hosts to scan in parallel value determines how many hosts each appliance will target concurrently, not how many appliances will be used for the scan.

scan_overall_performance=

{high|normal|low|custom}

Optional

Boolean

The profile “normal” is recommended in most cases. The settings for scan_external_scanners, scan_scanner_appliances, scan_total_process, scan_http_process, scan_packet_delay, and scan_intensity change as per the specified profile.

Normal - Well balanced between intensity and speed.

High - Recommended only when scanning a single IP or a small number of IPs. Optimized for speed and shorter scan times.

Low - Recommended if responsiveness for individual hosts and services is low. Optimized for low bandwidth network connections and highly utilized networks. May take longer to complete.

scan_external_scanners={value}

Optional

Integer

Specify the number of external scanners to be used for associated scans. This setting is available only if you have multiple external scanners in your subscription. For example, if you have 10 external scanners in your subscription, you can configure this setting to any number between 1 to 10.

scan_scanner_appliances={value}

Optional

Integer

Specify the number of scanner appliances to scan at the same time (per scan task). Launching several concurrent scans on the same scanner appliance has a multiplying effect on bandwidth usage and may exceed available scanner resources. Don't have scanner appliances? Disregard the Scanner Appliance setting.

scan_total_process={value}

Optional

Integer

Specify the maximum number of processes to run at the same time per host. Note that the total number of processes includes the HTTP processes.

scan_http_process={value}

Optional

Integer

Specify the maximum number of HTTP processes to run at the same time.

scan_packet_delay=

{minimum|short|medium|long|maximum}

Optional

Boolean

Specify the delay between groups of packets sent to each host during a scan. With a short delay, packets are sent more frequently. With a long delay, packets are sent less frequently.

scan_intensity={normal|

medium|low|minimum}

Optional

Boolean

This setting determines the aggressiveness (parallelism) of port scanning and host discovery at the port level. Lowering the intensity level has the effect of serializing port scanning and host discovery. This is useful for certain network conditions like cascading firewalls and lower scan prioritization on the network. Tip - If you are scanning through a firewall we recommended you reduce the intensity level. Unauthenticated scans see more of a performance difference using this option.

scan_multiple_slices_per_scanner={0|1}

Optional

Integer

When unspecified or set to 0, scan using multiple slices are not used. Specify 1 to scan multiple slices in a single scan.

load_balancer={0|1}

Optional

Integer

Specify 1 to check each target host to determine if it's a load balancer.

When a load balancer is detected, we determine the number of Web servers behind it and report QID 86189 "Presence of a Load-Balancing Device Detected" in your results.

password_brute_forcing_system=

{minimal|limited|standard|exhaustive}

Optional

Boolean

How vulnerable are your hosts to password-cracking techniques? we'll attempt to guess the password for each detected login ID on each target host scanned. Specify the level of brute forcing you prefer ("minimal" to "exhaustive").

password_brute_forcing_

custom={value1,value2}

Optional

Integer

Specify titles of the login/password pairs you create for password brute forcing on the Qualys Cloud Platform UI.

custom_search_list_ids=

{value1, value2}

Optional

Integer

Specify ids of search lists you want to use in your scan.

custom_search_list_ids=

{value1, value2}

Optional

Integer

Specify ids of search lists you want to use in your scan.

custom_search_list_title=

{value1, value2}

Optional

Integer

Specify titles of search lists you want to use in your scan.

basic_host_information_

checks={0|1}

Optional

Integer

Adds basic host information checks (hostname, OS, etc) to your Custom scans. These are already included in Complete scans. This setting is enabled by default.

oval_checks={0|1}

Optional

Integer

Specify 1 to add a search list with QID 105186 (a diagnostic check for OVAL).

all_qrdi_checks={0|1}

Optional

Integer

Specify 1 to scan target assets for all QRDI vulnerabilities in your subscription, i.e. all custom vulnerability checks defined with QRDI (Qualys Remote Detection Interface).

exclude_search_list_ids=

{value1, value2}

Optional

Integer

Specify ids of search lists you want to exclude from your scan.

authentication={value1,value2}

Optional

Boolean

Want to run authenticated scans? When you use authentication we'll perform a more in-depth assessment and get you the most accurate results with fewer false positives.

Specify one or more technologies for the hosts you want to scan. Be sure you've configured authentication records (under Scans > Authentication) before running your scan.

The following options are available:

- Windows

- Unix

- Oracle

- Oracle Listener

- SNMP

- VMware

- DB2

- HTTP

- MySQL

- MongoDB

- Tomcat Server

- Palo Alto Networks Firewall

- Sybase

authentication_least_privilege=Unix

Optional

String

Specify authentication_least_privilege=Unix (this value is case sensitive) to use the least privileges required for Unix authentication. When specified, the scanner will not pass root delegation information specified in the Unix record to the scanner for vulnerability scans. When not specified (the default), root delegation will be used if specified in the Unix record. Note: Unix authentication must be enabled in the same option profile (authentication=Unix).

enable_additional_certificate_

detection={0|1}

Optional

Integer

Want to detect additional certificates beyond ports? You need to enable authentication and then run new vulnerability scans. Specify 1 to enable this option before scanning and see additional certificate records (under Assets > Certificates).

enable_dissolvable_agent={0|1}

Optional

Integer

Specify 1 to enable dissolvable agent. This is required for certain scan features like Windows Share Enumeration. How does it work? At scan time the Agent is installed on Windows devices to collect data, and once the scan is complete it removes itself completely from target systems.

enable_windows_share_

enumeration={0|1}

Optional

Integer

Specify 1 to use Windows Share Enumeration to find and report details about Windows shares that are readable by everyone. This test is performed using QID 90635. Make sure 1) the Dissolvable Agent is enabled, 2) QID 90635 is included in the Vulnerability Detection section, and 3) a Windows authentication record is defined.

enable_lite_os_scan={0|1}

Optional

Integer

Only interested in OS detection? Specify 1 to include QID 45017 in the scan (under Vulnerability Detection).

custom_http_header={value}

Optional

Integer

Specify a custom value in order to drop defenses (such as logging, IPs, etc) when authorized scans are being run.

custom_http_definition_key={value}

Optional

Integer

Specify a custom HTTP header definition key

custom_http_definition_

header={value}

Optional

Integer

Specify a value for the custom HTTP header definition key defined in custom_http_definition_key.

host_alive_testing={0|1}

Optional

Integer

Specify 1 to run a quick scan to determine which of your target hosts are alive without also performing other scan tests. The Appendix section of your Scan Results report will list the hosts that are alive and hosts that are not alive. You may see some Information Gathered QIDs in the results for hosts found alive.

not_overwrite_os={0|1}

Optional

Integer

Specify 1 if you're running a light or custom scan and you don't want to overwrite the OS detected

by a previous scan.

test_authentication={0|1}

Optional

Integer

Specify 1 to test authentication to target hosts.

enable_max_scan_duration_per_asset={0|1}

 

Integer

If flag value is 1 then scan duration is enabled for option profile, else it is disabled. This parameter should be used along with max_scan_duration_per_asset_minutes.

max_scan_duration_per_asset_minutes=maximum

 

Integer

Maximum duration in minutes for scan to be performed on each asset. The parameters enable_max_scan_duration_per_asset and max_scan_duration_per_asset are mutually exclusive, and can only be specified if enable_max_scan_duration_per_asset is 1.

System Authentication

 

 

 

include_system_auth={0|1}

Optional to create or update option profile record, applicable for subscriptions with both PC and VM/VMDR

Integer

Specify include_system_auth=1 to include system created authentication records in scans along with user created records.

When include_system_auth=1, one of these parameters should be enabled: use_system_auth_on_duplicate or use_user_auth_on_duplicate. This identifies which record to use if you have a system created record and a user created record for the same instance configuration. When include_system_auth=0, the user created record will be selected for scans by default.

use_system_auth_on_duplicate={0|1}

Optional to create or update option profile record, applicable for subscriptions with both PC and VM/VMDR

Integer

Specify use_system_auth_on_duplicate=1 to use the system created authentication record if you have a system record and user record for the same instance configuration.

The parameters use_system_auth_on_duplicate and use_user_auth_on_duplicate are mutually exclusive, and can only be specified if “include_system_auth=1”.

use_user_auth_on_duplicate={0|1}

Optional to create or update option profile record, applicable for subscriptions with both PC and VM/VMDR

Integer

Specify use_user_auth_on_duplicate=1 to use the user created authentication record if you have a system record and user record for the same instance.

The parameters use_system_auth_on_duplicate and use_user_auth_on_duplicate are mutually exclusive, and can only be specified if “include_system_auth=1”.

Map

 

 

 

basic_information_gathering=

[all|register|netblockonly|none]

Required

Boolean

Perform basic information gathering on:

All: All Hosts (hosts detected by the map),

Register: Registered Hosts (hosts in your account),

Netblockonly: Netblock Hosts (hosts added by a user to the netblock for the target domain) or None.

map_tcp_ports_standard_

scan={0|1}

Optional

Integer

Specify 1 to enable standard scan of TCP ports. Standard Scan includes 13 ports: 21-23, 25, 53, 80, 88, 110-111, 135, 139, 443, 445.

map_tcp_ports_additional=

{value1,value2}

Optional

Integer

Specify additional TCP ports to scan. You can specify up to 20 ports including the standard scan ports.

map_udp_ports_standard_

scan={0|1}

Optional

Integer

Specify 1 to enable standard scan of UDP ports. Standard Scan includes 6 ports: 53, 111, 135, 137, 161, 500.

map_udp_ports_additional=

{value1,value2}

Optional

Integer

Specify additional UDP ports to scan. You can specify up to 10 ports including the standard scan ports.

perform_live_host_sweep=

{0|1}

Optional

Integer

(Optional) Default setting is 1. Specify 0 to only discover devices using DNS discovery methods

(DNS, Reverse DNS and DNS Zone Transfer.) Active probes will not be sent. As a result, we may not be able to detect all hosts in the netblock, and undetected hosts will not be analyzed.

disable_dns_traffic={0|1}

Optional

Integer

Specify 1 if you want to disable DNS traffic for maps. This is valid only when the target domain name includes one or more netblocks, e.g. none:[10.10.10.2-10.10.10.100].

We'll perform network discovery only for the IP addresses in the netblocks. No forward or reverse DNS lookups, DNS zone transfers or DNS guessing/bruteforcing will be made, and DNS information will not be included in map results.

map_overall_performance=

{high|normal|low|custom}

Optional

Boolean

The profile “normal” is recommended in most cases. The settings for map_external_scanners, map_scanner_appliances, map_netblock_size, and map_packet_delay change as per the specified profile.

Normal - Well balanced between intensity and speed.

High - Optimized for speed. May be faster to complete but may overload firewalls and other networking devices.

Low - Optimized for low bandwidth network connections. May take longer to complete.

map_external_scanners={value}

Optional

Integer

Specify the number of external scanners for  netblocks to map at the same time per scanner. This setting is available only if you have multiple external scanners in your subscription. For example, if you have 10 external scanners in your subscription, you can configure this setting to any number between 1 to 10.

map_scanner_appliances=

{value}

Optional

Integer

Specify the number of scanner appliances for netblocks to map at the same time per scanner. Launching several concurrent scans on the same scanner appliance has a multiplying effect on bandwidth usage and may exceed available scanner resources. Don't have scanner appliances? Disregard the Scanner Appliance setting.

map_netblock_size={1024 IPs|4096 IPs|8192 IPs|16384 IPs|32768 IPs|65536 IPs}

Optional

Integer

Specify the max number of IPs per netblock being mapped. The netblock specified for the domain is broken into smaller netblocks for processing. Each of these smaller netblocks equals a single map process. Use this setting to define how many IPs should be included in each process.

map_packet_delay=

{minimum|short|medium|

long|maximum}

Optional

Boolean

This is the delay between groups of packets sent to the netblocks being mapped. With a short delay, packets are sent more frequently, resulting in more bandwidth utilization and a shorter mapping time. With a long delay, packets are sent less frequently, resulting in less bandwidth utilization and a longer mapping time.

map_authentication={VMware|vCenter}

Optional

Boolean

Authentication enables the scanner to log into hosts at scan time to extend detection capabilities. See the online help to learn how to configure this option.

Additional

 

 

 

additional_tcp_ports={0|1}

Optional

Integer

Specify 1 to enable host discovery on additional TCP ports. Default setting is 1.

additional_tcp_ports_

standard_scan={0|1}

Optional

Integer

Specify 1 to enable standard scan of additional TCP ports. Standard Scan includes 13 ports: 21-23, 25, 53, 80, 88, 110-111, 135, 139, 443, 445. Default setting is 1.

additional_tcp_ports_

additional={value1,value2}

Optional

Integer

Specify additional TCP ports to scan. You can specify up to 20 ports including the standard scan ports.

additional_udp_ports={0|1}

Optional

Integer

Specify 1 to enable host discovery on additional UDP ports. Default setting is 1.

additional_udp_ports_type=

{standard|custom}

Optional

Boolean

Specify “standard” to enable standard scan of additional UDP ports. Standard Scan includes 6 ports: 53, 111, 135, 137, 161, 500. Default is “standard”.

Specify “custom” to provide a custom list of ports using additional_udp_ports_custom.

additional_udp_ports_

custom={value1,value2}

Optional

Integer

Specify additional UDP ports to scan. You can specify up to 10 ports including the standard scan ports.

icmp={0|1}

Optional

Integer

Specify 1 to only discover live hosts that respond to an ICMP ping. Default setting is 1.

blocked_resources={0|1}

Optional

Integer

Specify 1 in order to add ports protected by your firewall/IDS to prevent them from being scanned.

protected_ports=

{default|custom}

Optional

Boolean

Ports protected by your firewall/IDS. Specify “default” to provide a list of default blocked ports: 0-1, 111, 513-514, 2049, 4100, 6000-6005, 7100, 8000. Default setting is “default”.

Specify “custom” to provide a custom list of protected ports using protected_ports_custom.

protected_ports_custom=

{value1,value2}

Optional

Integer

Specify a custom list of protected ports.

protected_ips={all|custom}

Optional

Boolean

IP addresses and ranges protected by your firewall/IDS. Default is “all”.

protected_ips_custom=

{value1,value2}

Optional

Integer

Specify a custom list of IP addresses and ranges protected by your firewall/IDS.

ignore_firewall_generated_

tcp_rst_packets={0|1}

Optional

Integer

Specify 1 to identify firewall-generated TCP RESET packets and ignore them.

ignore_all_tcp_rst_packets={0|1}

Optional

Integer

Specify 1 to ignore all TCP RESET packets - firewall-generated and live-host-generated.

ignore_firewall_generated_

tcp_syn_ack_packets={0|1}

Optional

Integer

Specify 1 to determine if TCP SYN-ACK packets are generated by a filtering device and ignore packets that appear to originate from such devices.

not_send_tcp_ack_or_syn_

ack_packets_during_host_

discovery={0|1}

Optional

Integer

Specify 1 if you do not want to send TCP ACK or SYN-ACK packets. Out of state TCP packets are not SYN packets and do not belong to an existing TCP session.