Your Activity Log

Go to Users > Activity Log and you see a list of user actions like when a user logged in, launched a scan, edited configurations like asset groups, etc.

Your user role determines which actions you can view

  • Managers see all actions taken by all users.
  • Unit Managers see actions taken by users in their business unit.
  • Scanners and Readers see their own actions only.

We show actions for your default timeframe

Go to Users > Setup > Activity Log > Set Default Log Timeframe, if you want to configure your default timeframe.

For Express Lite users, the default timeframe is set to 30 days and users are unable to change this.

Want to disable logging policy auto update activities?

Go to Users > Setup > Activity Log > Auto Update Activity Log to disable saving of the policy auto update activity logs for the custom controls that are generated during the scan process. By default, all activity logs are saved.

Want to see API calls?

Select Filters > Recent API Calls. You see API calls performed in your subscription. By default, we show you API calls in the past week that were submitted (by users) and/or updated (by our service).

This option is not available to Express Lite users.

API Limits

We enforce limits on the API calls subscription users can make. We implement separate controls for rate limits and concurrency limits. All API controls are applied to every subscription. Want more info? See the document "Qualys API Limits" for all the details. Just go to Help > Resources and download the PDF.

Possible States

Queued, Running, Expired, Finished, Blocked (Rate) or Blocked (Concurrency).

  • The states Blocked (Rate) tells you the API call was blocked due to the API rate limit controls.
  • Blocked (Concurrency) tell you that the API call was blocked due to the API concurrency limit controls.

What does the dash (-) mean?

You can see a dash (-) next to an API call if these 2 conditions are both met:

  • The user who performed the API call is not in your business unit, and
  • Your subscription has this user permission selected (checked): "Restrict view of user information for users outside of business unit" (under Setup > User Permissions).

Session login/logout not shown

This API calls for session login/logout do not appear in the API Processes list: "api/2.0/fo/session/index.php" V2 API (session login/logout). These API calls are not subject to the API limits enforced by our service.

The user logged-in event is generated only when the user logs in through the User Interface (UI), not for API logins. API requests, primarily Host List API and Host List Detection API calls, are typically executed every few seconds and do not generate user login events.

 

© 2026 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: February, 2026