IPv6 Support is a subscription-level option that must be enabled for your subscription by Qualys Support in order to start managing and scanning IPv6 hosts. Follow the steps below to get started with managing and scanning IPv6 hosts using the API.
IPv6 scanning is supported using a scanner appliance enabled with IPv6. You can enable this by editing the appliance within the Qualys user interface. Once IPv6 is enabled, the appliance uses stateless address autoconfiguration to obtain an IPv6 address from the router (note that stateful configuration through DHCPv6 or Static IPv6 is not supported).
Using the Qualys API you can launch scans on the IPv4 addresses which are mapped to IPv6 addresses.
The scan results XML output will include IPv4 addresses only. Also, scan reports downloaded from the user interface will include IPv4 addresses only.
The host list detection output returned from a host list detection API request (api/2.0/fo/asset/host/vm/detection/?action=list ) gives you the IPv6 address, if available, along with the “automatic” vulnerability detection data.
To request a list of VM scanned hosts which have IPv4 addresses that are mapped to IPv6 addresses in your account, you enter the IPv4 addresses for the ips parameter.
For example, if the special IPv4 address 0.0.0.199 is mapped to an IPv6 address in your account and this IP address has been scanned, you can make this API request:
API Request
curl -H "X-Requested-With: Curl Sample" -u "username:password"
"https://<qualys base url>/api/2.0/fo/asset/host/vm/detection/?action=list&ips=0.0.0.100""
The XML output returned will show the IPv4 address and the IPv6 address for the host, as shown below (XML fragment):
API Request
<HOST>
<ID>276010</ID>
<IP>0.0.0.100</IP>
<IPV6>2001:470:8418:a18::a0a:18c7</IPV6>
<TRACKING_METHOD>IP</TRACKING_METHOD>
<OS>
<![CDATA[Windows 2003 Service Pack 2]]>
</OS>
<DNS>
<![CDATA[mssql2k8-24-199.patch.qualys.com]]>
</DNS>
<LAST_SCAN_DATETIME>2018-06-
17T19:06:31Z</LAST_SCAN_DATETIME>
<DETECTION_LIST>