Your Activity Log

Go to Users > Activity Log and you'll see a list of user actions like when a user logged in, launched a scan, edited configurations like asset groups, etc.

Your user role determines which actions you'll see

Managers see all actions taken by all users. Unit Managers see actions taken by users in their business unit. Scanners and Readers see their own actions only.

We show actions for your default timeframe

Go to Users > Setup > Activity Log if you want to configure your default timeframe.

* For Express Lite users, the default timeframe is set to 30 days and users can't change this.

Want to disable logging policy auto update activities?

Go to Users > Setup > Activity Log to disable saving of the policy auto update activity logs for the custom controls that are generated during the scan process. By default, all activity logs are saved.

Want to see API calls?

Select Filters > Recent API Calls. You'll see API calls performed in your subscription. By default, we'll show you API calls in the past week that were submitted (by users) and/or updated (by our service).

*This option is not available to Express Lite users.

API Limits

We enforce limits on the API calls subscription users can make. We implement separate controls for rate limits and concurrency limits. All API controls are applied to every subscription. Want more info? See the document "Qualys API Limits" for all the details. Just go to Help > Resources and download the PDF.

What are the possible states?

Queued, Running, Expired, Finished, Blocked (Rate) or Blocked (Concurrency). The states "Blocked (Rate)" tells you the API call was blocked due to the API rate limit controls, and "Blocked (Concurrency)" tell you that the API call was blocked due to the API concurrency limit controls.

What does the dash (-) mean?

You'll see a dash (-) next to an API call if these 2 conditions are both met:

1) the user who performed the API call is not in your business unit, and

2) your subscription has this user permission selected (checked): "Restrict view of user information for users outside of business unit" (under Setup > User Permissions).

Session login/logout not shown

This API calls for session login/logout do not appear in the API Processes list: "api/2.0/fo/session/index.php" V2 API (session login/logout). These API calls are not subject to the API limits enforced by our service.