Version 10.36.1.0
December 26, 2025
This new release of the Qualys Cloud Platform (VM) includes improvements to Vulnerability Management.
Qualys Vulnerability Management (VM)
With this enhancement, a new-gen API endpoint, host/list/detections, has been introduced to return host and associated detection.
The new API endpoint returns data in JSON-based format, replacing the previous XML-based response. This design addresses the scalability and performance limitations of the previous API. It continues to include most host and detection-related information from the earlier implementation. All previously displayed details have been retained, except for a few fields For more details, refer to the field-by-field mapping from XML to JSON format table.
The new JSON-based API maintains the same access control model, ensuring that data visibility remains consistent with existing security and scope limitations.
To leverage a modular architecture and multithreading capabilities, while maintaining a shared data processing layer for consistency. The new API endpoint improves system responsiveness and efficiency, enabling better scalability and performance for future workloads.
The new HLD API offers the following benefits:
The following table contains the behavioral differences for the legacy API (XML) and the new API (JSON):
|
Legacy HLD API |
NEW HLD API (VMRS) |
|
|---|---|---|
| 1 |
API response skips host data having no detections. Example
<?xml version="1.0" encoding="UTF-8" ?> "https://qualysapi.p04.eng.sjc01.qualys.com/api/5.0/fo/asset/host/vm/detection/dtd/output.dtd"> |
All hosts resolved after applying host-level filters are consistently included in the response, even if they have no detections (shown with an empty detection list under that host) Example
{
|
| 2 |
truncation_limit Default : 999 max : Not applicable |
assetsPerPage Default : 1000 max : 10000 |
| 3 |
scan_date_since No date range limit. |
scanDateTime
|
| 4 |
show_results By default the result data will be included in the API response. Default : true |
showResults By default result data will not be included in the API response. Default : false |
| 5 |
Pagination Page URL will have min host ID for next page reference. <WARNING> Next page reference by id_min: https://qualysapi.p04.eng.sjc01.qualys.com/api/5.0/fo/asset/host/vm/detection/?action=list&show_results=0&output_format=XML&ips=10.10.10.114,10.10.10.1,10.11.65.119,10.115.10.129,10.115.98.129&truncation_limit=1&id_min=7146977 |
Pagination Page URL will have page number for next page reference. { "pageNumber" : "1",
Next page reference by pageNumber: https://gateway.p04.eng.sjc01.qualys.com/vmrs/api/1.0/host/list/detections?requestId=4ed09116-970c-4052-9103-d8ee33b971a0&pageNumber=2 |
| 6 |
show_qds By default, QDS score is not included for detections. |
QDS score is included by default for detections. The request parameter is deprecated. |
| 7 | If no host-target parameters (such as IP, hostId, AGs, tags, etc.) are provided, the API returns all hosts and all detections associated with the user. | At least one host-target parameter (IP, hostIds, AGs, tags, etc.) is required. If none are provided, the API returns an error message. User can provide any combination of hostIds, ips, asset groups and tags. |
Description
This document provides a comprehensive, field-by-field mapping from Request params to Request body JSON of HLD API. Sample examples of both the requests are included in each section, allowing you to easily compare the overall structure. A notes column has been added further that highlights any changes in request structure to assist your analysis. Many of the request params are converted to camelCase to comply with JSON standards. Some params are added in hierarchical format in JSON request body for better semantics.
|
Request Parameter - Existing |
Request Body - New |
Description |
|---|---|---|
| echo_request | echoRequest | When set to true, API request is echoed back in response in all API response (Current request and subsequent paginated requests). |
| truncation_limit | assetsPerPage |
(Optional) Specifies the maximum number of host records processed per request. If the requested list identifies more host records than the specified limit, the response will include URL for making another request for the next batch of host records.
|
|
Request Parameter - Existing |
Request Body - New |
Description |
|---|---|---|
|
ids |
hostTarget.hostIds |
(Optional) Show only certain host IDs. One or more host IDs may be specified. Optional only if any of (IPs, AG parameters, Tag parameters) is present. |
|
ips |
hostTarget.ip.addresses |
The hosts within the subscription you want to update. IPs must be specified by using the “ips” parameter (using the POST method). Optional only if any of (ids, AG parameters, Tag parameters) is present |
|
network_ids |
hostTarget.ip.networkIds |
(Optional, and valid only when the Network Support feature is enabled for the user’s account) Restrict the request to certain custom network IDs. Multiple network IDs are comma separated. Restrict the request to a certain custom network by specifying the network ID. When unspecified, we default to-100 (All networds) for the Global Default Network. |
|
ag_ids |
hostTarget.assetGroup.agIds | (Optional) Show only hosts belonging to asset groups with certain IDs. One or more asset group IDs may be specified. |
|
ag_titles |
hostTarget.assetGroup.agTitles | (Optional) Show only hosts belonging to asset groups with certain strings in the asset group title. One or more asset group titles may be specified. |
|
vm_processed_ |
dateFilter.scanDateTime.before |
(Optional) Show hosts scanned and processed before a certain date and time (optional). The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2007-07-01” or “2007-01-25T23:12:00Z”.
|
|
vm_processed_ |
dateFilter.scanDateTime.after |
(Optional) Show hosts scanned and processed since a certain date and time (optional). The date/time is specified in YYYY-MM-DD[THH:MM:SS] format (UTC/GMT), like “2007-07-01” or “2007-01-25T23:12:00”.
|
| tag_set_by | hostTarget.tag.selectBy |
(Optional) Specify “ID” (the default) to select a tag set by providing tag IDs. Specify “NAME” to select a tag set by providing tag names. All Tag based Host target parameters need to be provided under 'hostTarget' → 'tag' JSON key. |
| tag_include_selector | hostTarget.tag.includedJoin |
(Optional) Select “any” (the default) to include hosts that match at least one of the selected tags. Select “all” to include hosts that match all of the selected tags. All Tag based Host target parameters need to be provided under 'hostTarget' → 'tag' JSON key. |
|
tag_exclude_selector |
hostTarget.tag.excludedJoin |
(Optional) Select “ANY” (the default) to exclude hosts that match at least one of the selected tags. Select “All” to exclude hosts that match all of the selected tags. This parameter or another host selection parameter is required. All Tag based Host target parameters need to be provided under 'hostTarget' → 'tag' JSON key. |
|
tag_set_include |
hostTarget.tag.includedIds OR hostTarget.tag.includedNames |
(Optional) Specify a tag set to include. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. Multiple entries are comma separated. This parameter or another host selection parameter is required. Included tag Ids and included tag Names are separated into respective distinct parameters instead of using a single parameter for both cases. |
|
tag_set_exclude |
hostTarget.tag.excludedIds OR hostTarget.tag.excludedNames |
(Optional) Specify a tag set to exclude. Hosts that match these tags will be excluded. You identify the tag set by providing tag name or IDs. Multiple entries are comma separated. This parameter or another host selection parameter is required. Excluded tag Ids and excluded tag names are separated into respective distinct parameters instead of using a single parameter for both cases. |
| os_pattern | osPattern |
(Optional) Show only hosts which have an operating system matching a certain regular expression. An empty value cannot be specified. Use “^$” to match empty string.
For information about the Perl Compatible Regular Expressions (PCRE) standard visit: http://php.net/manual/en/book.pcre.php
|
| id_min | idMin | (Optional) Show only hosts which have a minimum host ID value (for example: If id_min=44286508, then hosts with ids 2186182 and higher value are displayed). |
| ipv6 | hostTarget.ipv6.addresses |
(Optional) Show only certain IPv6 addresses/ranges. One or more IPv6s/ranges may be specified. Multiple entries are comma separated. An IPv6 range is specified with a hyphen (for example: 2001:df1:f600:247c::a73:7c94-2001:df1:f600:247c::a73:7c96).
|
|
Request Parameter - Existing |
Request Body - New |
Description |
|---|---|---|
| arf_filter_keys | arfFilterKeys |
(Optional) Accepts one of these values: non-running-_kernel, non-running-service, and config-not-exploitable. You can apply these values independently or in any combination to refine their filter criteria. For instance, you can use non-running-kernel and non-running-service Combination of the following values can be provided in array: non-running-kernel; non-running-service; config-not-exploitable. |
| detection_updated_since | dateFilter.detectionUpdatedDateTime.after |
(Optional) Show only detections whose detection status changed after a certain date and time. For detections that have never changed the date is applied to the last detection date. Valid date format is: YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2017-02-15” or “2017-02- You can use this parameter in conjunction with the dateFilter.detectionUpdatedDateTime.before parameter to limit the detections shown to a specific date range. One of these parameters may be specified in the same request: dateFilter.detectionUpdatedDateTime.after, dateFilter.detectionUpdatedDateTime.before. All date filters are under single JSON key 'dateFilter'. |
| detection_updated_before | dateFilter.detectionUpdatedDateTime.before |
(Optional) Show only detections whose detection status changed before a certain date and time. Valid date format is: YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like
All date filters are under single JSON key 'dateFilter'. |
| include_ignored | includeIgnored | (Optional) Use this parameter to include or exclude the QIDs that were ignored during detection. Specify "includeIgnored": true to include results in the output. |
| status | status |
(Optional) Show only hosts with one or more of these status values: New, Active, Re-Opened, Fixed. Multiple status values are entered as a comma-separated list. If this parameter is not passed to the API, by default, the output contains detections with New, Active or Re-Opened <STATUS> only.
|
| severities | severities | (Optional) Show only detection records which have certain severities. One or more levels may be specified. |
| qds_min | qdsRange.min |
(Optional) Show only detection records with a QDS value greater than or equal to the QDS min value specified. When qdsrange.min and qdsrange.max are specified in the same request, the qdsrange.min value must
|
| qds_max | qdsRange.max |
(Optional) Show only detection records with a QDS value less than or equal to the QDS max value specified. When qdsRange.min and qdsRange.max are specified in the same request, the qdsRange.min value must be less than the qdsRange.max value. The QDS Scores filters (min and max) are added under the hierarchy of 'qdsRange'. |
|
include_vuln_type |
includeVulnType |
(Optional) Use to download vulnerability information based on their type, confirmed or potential. Specify: "includeVulnType": "Confirmed" to download only confirmed vulnerabilities. "includeVulnType": "Potential" to download only potential vulnerabilities. Exceptional Scenarios
|
|
include_disabled |
includeDisabled | (Optional) Use this parameter to include or exclude the QIDs that were disabled during detection. Specify "includeDisabled": true to include results in the output. |
| result_instance | resultInstance | (Optional) Specify true to display instance level information in the tag in the JSON response. |
|
Request Parameter - Existing |
Request Body - New |
Description |
|---|---|---|
| show_asset_id | showAssetId |
(Optional) When specified, we show the asset ID of the scanned hosts in the output. The default value of this parameter is set to 'false'. When set to 'false', we do not show the asset id information for the scanned hosts. |
| show_arf_data | showArfData | (Optional) Displays the ARF-affected QIDs, with the value as (true/false). If user passes value as 'false', it does not show the ARF filter output data in the output, and if the user passes value as 'true', it shows the ARF filter output data in the output. |
| mitre_attack_details | mitreAttackDetails | (Optional) Specify 'true' to display the MITRE ATT&CK details (MITRE ATT&CK Tactic Name, MITRE ATT&CK Tactic ID, MITRE ATT&CK Technique Name, MITRE ATT&CK Technique ID) in the response, else false. By default, the value is set to be false. |
| show_results | showResults | (Optional) When not specified, results are exclude from output. Specify "showResults": true to include the results. If you exclude the results, JSON will not contain the Results tag. |
| show_reopened_info | showReopenedInfo | (Optional) When not specified, reopened info for reopened vulnerabilities is not included in the output. Specify "showReopenedInfo": true to include reopened info i.e. first/last reopened date, times reopened. |
| show_igs | showIgs |
(Optional except as noted) Specify 'true' to show detection records with information gathered along with confirmed vulnerabilities and potential vulnerabilities. Specify 'false' (default) to hide information gathered. The showIgs parameter is required in one use case. The parameter "showIgs": true must be specified if both these conditions are met: 1) Search lists are included using the parameter qidFilter.searchList.includeTitles or 2) If the included search lists contain only information gathered. |
| show_tags | showTags | (Optional) Specify 'true' to display asset tags associated with each host in the XML output. |
| show_qds_factors | showQdsFactors | (Optional) Specify 'true' to show QDS contributing factors associated with each detection record in the output. Specify 'false' if you do not want to show QDS contributing factors. |
| host_metadata | hostMetadata | (Optional) Specify 'all' to list all assets (cloud and noncloud assets) and the metadata output applicable for cloud assets. For example, if the value is set to ec2, the output lists all assets (cloud and non cloud assets), and the metadata applicable only for ec2 assets. Valid values: all, ec2, google, azure. |
| show_cloud_tags | showCloudTags | (Optional) Specify 'true' to display cloud provider tags for each scanned host asset in the output. The default value of the parameter is set to 'false'. When set to 'false', we will not show the cloud provider tags for the scanned assets. |
| trurisk_eliminate_status | truriskEliminateStatus |
Show TruRisk Elimination Status i.e 'Mitigated' or 'Isolated' for the detections. This feature is limited to TruRisk Eliminate Enabled Subscriptions only. |
| vuln_detection_source | vulnDetectionSource |
Show Detection sources and latest detection source for detected Vulns and IGs. This feature is limited to Detection Source Data Enabled Subscriptions only.
|
| show_asset_cve | showAssetCve |
(Optional) When specified, we show the asset CVEs of the detections in the output. The default value of this parameter is set to false. When set to false, we do not show the asset cve information for the detections. This flag is applicable only when 'assetCveDetection' tweak is enabled for the subscription. |
QID Filters
|
Request Parameter - Existing |
Request Body - New |
Description |
|---|---|---|
| qids | qidFilter.includeQids | (Optional) Show only detection records with certain QIDs. One or more QIDs may be specified. Multiple entries are comma separated. Valid QIDs are required. |
| include_search_list_titles | qidFilter.searchList.includeTitles | (Optional) Show detection records only when a record’s QID is INCLUDED IN in one or more of the specified search list titles. One or more titles may be specified. Multiple titles are comma separated. This parameter cannot be specified with any of these parameters in the same request: qidFilter.includeQids, severities or qidFilter.searchList.includeIds. |
| exclude_search_list_titles | qidFilter.searchList.excludeTitles | (Optional) Show detection records only when a record’s QID is EXCLUDED from one or more of the specified search list titles. One or more titles may be specified. Multiple titles are comma separated. This parameter cannot be specified with any of these parameters in the same request: qidFilter.includeQids, severities or qidFilter.searchList.excludeIds. |
| include_search_list_ids | qidFilter.searchList.includeIds | (Optional) Show detection records only when a record’s QID IS INCLUDED in one or more of the specified search list titles. One or more IDs may be specified. Multiple entries are comma separated. This parameter cannot be specified with any of these parameters in the same request: qidFilter.includeQids, severities or qidFilter.searchList.includeTitles. |
| exclude_search_list_ids | qidFilter.searchList.excludeIds | (Optional) Show detection records only when a record’s QID IS EXCLUDED from one or more of the specified search list titles. One or more IDs may be specified. Multiple entries are comma separated. This parameter cannot be specified with any of these parameters in the same request: qidFilter.includeQids, severities or qidFilter.searchList.excludeTitles. |
|
Request Parameter - Existing |
Request Body - New |
Description |
|---|---|---|
| N/A | requestId |
Each request is identified by a unique request UUID. 'requestId' must be provided along with 'pageNumber' in pagination requests to retrieve a particular page of a request. |
| N/A | pageNumber |
The number of assets per page is defined in the first request to HLD. At this stage the page size is fixed and for subsequent pagination requests, you only need to provide page number. For example, if the hosts are defined from id 1 to 200 and assetsPerPage=100 then each page will have 100 hosts. Hence , if pageNumber=2 → Host ids = 101 to 200. |
| N/A | hostTarget.tagsetId |
Tagset Id can be provided in case it is already created using Portal API. This is an alternative to providing Tag information in 'hostTarget.tag' |
| N/A | hostTarget.ipv6.networklds |
(List of applicable network IDs to the provided IPV6 "addresses". (Valid only when the Network Support feature is enabled for the user’s account)
Restrict the request to a certain custom network by specifying the network ID. When unspecified, we default to “0” for the Global Default Network.) |
The following table contains parameters that have been descoped from the current Beta release to ensure stability and focus.
|
Parameter Name |
|---|
| os_hostname={0|1} |
| show_host_services={0|1} |
| detection_last_tested_since={date} |
| detection_last_tested_since_days={value} |
| detection_last_tested_before={value} |
| detection_last_tested_before_days={date} |
| vm_auth_scan_ date_before={date} |
| vm_auth_scan_ date_after={date} |
| compliance_enabled={0|1} |
| filter_superseded_qids={0|1} |
| host_metadata_fields= {value1,value2} |
| cloud_tag_fields={value1, value2} |
|
Parameter Name |
Comments |
|---|---|
| max_days_since_detection_updated={value} |
The result can be achieved by using the two date filters: dateFilter.detectionUpdatedDateTime.before and dateFilter.detectionUpdatedDateTime.after. These will serve as the only date-based filters applied to detection. |
| detection_processed_before={date} | The result can be achieved by using the two date filters: dateFilter.detectionUpdatedDateTime.before and dateFilter.detectionUpdatedDateTime.after. These will serve as the only date-based filters applied to detection. |
| detection_processed_after={date} | The result can be achieved by using the two date filters: dateFilter.detectionUpdatedDateTime.before and dateFilter.detectionUpdatedDateTime.after. These will serve as the only date-based filters applied to detection. |
| vm_scan_since |
The result can be achieved by using the two date filters: dateFilter.scanDateTime.after and dateFilter.scanDateTime.before. These will serve as the only date-based filters applied to detection. |
| no_vm_scan_since |
The result can be achieved by using the two date filters: dateFilter.scanDateTime.after and dateFilter.scanDateTime.before. These will serve as the only date-based filters applied to detection. |
| max_days_since_last_vm_scan |
The result can be achieved by using the two date filters: dateFilter.scanDateTime.after and dateFilter.scanDateTime.before. These will serve as the only date-based filters applied to detection. |
| vm_scan_date_before |
The result can be achieved by using the two date filters: dateFilter.scanDateTime.after and dateFilter.scanDateTime.before. These will serve as the only date-based filters applied to detection. |
| vm_scan_date_after |
The result can be achieved by using the two date filters: dateFilter.scanDateTime.after and dateFilter.scanDateTime.before. These will serve as the only date-based filters applied to detection. |
| action | Deprecated. This is not required with new HLD API. |
| arf_kernel_filter | Deprecated. This is replaced by parameter, 'ARF_FILTER_KEYS' (New HLD API Param - arfFilterKeys) |
| arf_service_filter | Deprecated. This is replaced by parameter, 'ARF_FILTER_KEYS' (New HLD API Param - arfFilterKeys) |
| arf_config_filter | Deprecated. This is replaced by parameter, 'ARF_FILTER_KEYS' (New HLD API Param - arfFilterKeys) |
| active_kernels_only | Deprecated |
| output_format | Deprecated. The output will always be in JSON format in the newHLD API. |
| suppress_duplicated_data_from_csv | Deprecated. This is CSV specific parameter. |
| use_tags | Deprecated. If hosts are to be selected based on asset tags, 'hostTarget.tag' should be provided in request body of new HLD API. |
| show_qds | Deprecated. The QDS Score is displayed by default in the new HLD API. |
| id_max | Deprecated. This is replaced by 'requestId' and 'pageNumber' in the new HLD API for pagination requests. |
The following is a sample JSON request using the HLD API.
API Request
curl --location '<qualys_base_url>/api/1.0/host/list/detections' \
--header 'x-forwarded-host: xx' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer xxxxxxx' \
--data '{
"assetsPerPage": 1,
"echoRequest": false ,
"hostTarget": {
"hostIds": [
xxxxxxxx
],
"ip": {
"addresses": "10.113.xxx.xx",
"networkIds": [
xxxxxxx,x]
},
"assetGroup": {
"agTitles": [
"XxxxXX",
"xxx"
],
"agIds": [
xxxxxx
]
},
"tagSetId": "e3014xxx-4xxx-1xxx-bxxx-0242acxxxxxx",
"tag": {
"selectBy": "NAME",
"includedIds": [
xxxxxxxxx,
xxxxxxxxx
],
"excludedIds": [
xxxxxxxxx
],
"includedNames": [
"xxxxxxx",
"xxxxxxx"
],
"excludedNames": [
"xxxxxxx"
],
"includedJoin": "ALL",
"excludedJoin": "ANY"
}
},
"severities": [
1,
2,
3,4,5
],
"status": [
"Fixed", "New","Active","Re-Opened"
],
"showQdsFactors": false,
"qdsRange": {
"min": 0,
"max": 100
},
"dateFilter": {
"scanDateTime": {
"after": "2023-07-03T09:26:46.531Z",
"before": "2024-07-03T09:26:46.531Z"
},
"detectionUpdatedDateTime": {
"after": "2023-07-03T09:26:46Z",
"before": "2024-07-03T09:26:46Z"
}
},
"showArfData": true,
"includeIgnored": true,
"showIgs": true,
"showReopenedInfo": true,
"showResults": true,
"showTags": true,
"showCloudTags": true,
"showAssetId": true,
"showAssetCve" : true,
"mitreAttackDetails": true,
"truriskEliminationStatus": true,
"vulnDetectionSource": true
}'
The following is a sample JSON response using the HLD API.
JSON Response
{
"hostListDetections": {
"dateTime": "2025-11-07T05:51:03Z",
"userLogin": "XXXXXX",
"hostList": [
{
"id": "XXXX",
"ip": "10.XX.XX.XX",
"trackingMethod": "EC2",
"networkId": "XXXXXX",
"os": "XXXXXXX",
"dns": "ip-XXXXX.internal",
"dnsData": {
"hostname": "XXXX",
"domain": "XX",
"fqdn": "XXXXX"
},
"cloudProvider": "XX",
"cloudService": "XX",
"cloudResourceId": "i-XXXXXXXXXX",
"qgHostid": "XXX-XXXX-XXXX-XXXX-XXXXXXX",
"lastScanDatetime": "2025-11-06T23:16:45Z",
"lastVmScannedDate": "2025-11-06T22:37:52Z",
"lastVmScannedDuration": "447",
"lastVmAuthScannedDate": "2025-11-06T22:37:52Z",
"detectionList": [
{
"uniqueVulnId": XXXX,
"qid": XXX,
"type": "Confirmed",
"severity": 3,
"ssl": "0",
"status": "Active",
"firstFoundDatetime": "2024-11-05T14:01:00Z",
"lastFoundDatetime": "2025-11-06T22:37:52Z",
"qds": {
"score": "30",
"severity": "Low"
},
"timesFound": "608",
"lastTestDatetime": "2025-11-06T22:37:52Z",
"lastUpdateDatetime": "2025-11-06T23:16:45Z",
"lastFixedDatetime": "2024-12-04T11:23:12Z",
"isIgnored": 0,
"isDisabled": 0,
"lastProcessedDatetime": "2025-11-06T23:16:45Z"
},
{
"uniqueVulnId": XX,
"qid": XXXX,
"type": "Confirmed",
"severity": 3,
"ssl": "0",
"status": "Active",
"firstFoundDatetime": "2024-11-05T14:01:00Z",
"lastFoundDatetime": "2025-11-06T22:37:52Z",
"qds": {
"score": "30",
"severity": "Low"
},
"timesFound": "608",
"lastTestDatetime": "2025-11-06T22:37:52Z",
"lastUpdateDatetime": "2025-11-06T23:16:45Z",
"lastFixedDatetime": "2024-12-04T11:23:12Z",
"isIgnored": 0,
"isDisabled": 0,
"lastProcessedDatetime": "2025-11-06T23:16:45Z"
}
]
}
]
},
"pageNumber": "1",
"requestId": "fdc2f0fe-953f-4aa5-bc32-fe0b2f77eeb0",
"nextPageRef": "https://gateway.p04.eng.sjc01.qualys.com/vmrs/api/1.0/host/list/detections?requestId=fdc2f0fe-953f-4aa5-bc32-fe0b2f77eeb0&pageNumber=2",
"status": "success"
}
The following is a sample JSON pagination request using the HLD API.
API Request
{
"requestId": "e3014432-4e0d-11ed-bdc3-0242ac120002",
"pageNumber": 2,
}
The following is a sample JSON pagination response using the HLD API.
JSON Response
{
"hostListDetections" : {
"dateTime" : "2025-11-27T11:44:21Z",
"userLogin" : "testqxss",
"hostList" : [
{
"id" : "16932436",
"ipv6" : "2XXX:cXX:1XXX:8XX:2XX:5XXX:fXXX:6XXX",
"trackingMethod" : "IP",
"networkId" : "0",
"os" : "Linux 2.4-2.6 / Embedded Device / F5 Networks Big-IP",
"dns" : "i-0889af89d653a94ff",
"dnsData" : {
"hostname" : "i-0889af89d653a94ff"
},
"lastScanDatetime" : "2025-10-28T14:16:40Z",
"lastVmScannedDate" : "2025-10-28T14:16:23Z",
"lastVmScannedDuration" : "6",
"detectionList" : [
{
"uniqueVulnId" : 200957962,
"qid" : 38711,
"type" : "Confirmed",
"severity" : 5,
"ssl" : "0",
"status" : "New",
"firstFoundDatetime" : "2025-10-28T14:16:23Z",
"lastFoundDatetime" : "2025-10-28T14:16:23Z",
"qds" : {
"score" : "100",
"severity" : "Critical"
},
"timesFound" : "1",
"lastTestDatetime" : "2025-10-28T14:16:23Z",
"lastUpdateDatetime" : "2025-10-28T14:16:40Z",
"isIgnored" : 0,
"isDisabled" : 0,
"lastProcessedDatetime" : "2025-10-28T14:16:40Z"
}
]
},
{
"id" : "17311485",
"ip" : "10.XXX.XXX.XXX",
"trackingMethod" : "IP",
"networkId" : "0",
"os" : "EulerOS / Ubuntu / Fedora / Tiny Core Linux / Linux 3.x / IBM / FortiSOAR / F5 Networks Big-IP",
"dns" : "iaasn00384936.svr.us.jpmchase.net",
"dnsData" : {
"hostname" : "iaasn00384936",
"domain" : "svr.us.jpmchase.net",
"fqdn" : "iaasn00384936.svr.us.jpmchase.net"
},
"lastScanDatetime" : "2025-11-26T08:55:43Z",
"lastVmScannedDate" : "2025-09-08T01:26:49Z",
"lastVmScannedDuration" : "1332",
"detectionList" : [
{
"uniqueVulnId" : 201422810,
"qid" : 11406,
"type" : "Confirmed",
"severity" : 5,
"port" : "8089",
"protocol" : "tcp",
"ssl" : "1",
"status" : "New",
"firstFoundDatetime" : "2025-09-08T01:26:49Z",
"lastFoundDatetime" : "2025-09-08T01:26:49Z",
"qds" : {
"score" : "100",
"severity" : "Critical"
},
"timesFound" : "1",
"lastTestDatetime" : "2025-09-08T01:26:49Z",
"lastUpdateDatetime" : "2025-11-26T08:55:43Z",
"isIgnored" : 0,
"isDisabled" : 0,
"lastProcessedDatetime" : "2025-11-26T08:55:43Z"
},
{
"uniqueVulnId" : 201422814,
"qid" : 11406,
"type" : "Confirmed",
"severity" : 5,
"port" : "8089",
"protocol" : "tcp",
"ssl" : "0",
"status" : "New",
"firstFoundDatetime" : "2025-09-08T01:26:49Z",
"lastFoundDatetime" : "2025-09-08T01:26:49Z",
"qds" : {
"score" : "100",
"severity" : "Critical"
},
"timesFound" : "1",
"lastTestDatetime" : "2025-09-08T01:26:49Z",
"lastUpdateDatetime" : "2025-11-26T08:55:43Z",
"isIgnored" : 0,
"isDisabled" : 0,
"lastProcessedDatetime" : "2025-11-26T08:55:43Z"
}
]
}
]
},
"pageNumber" : "2",
"requestId" : "08610c56-9c9c-4fd9-b9fe-4e0deee80c8e",
"nextPageRef": "https://gateway.p04.eng.sjc01.qualys.com/vmrs/api/1.0/host/list/detections?requestId= 08610c56-9c9c-4fd9-b9fe-4e0deee80c8e&pageNumber= 3",
"status" : "success"
}
This document provides a comprehensive, field-by-field mapping from XML to JSON, including the complete path for both formats. Sample examples of both XML and JSON responses are included for each section, allowing you to easily compare the full structure. A notes column highlights any changes in response fields to assist your analysis. Most of the response fields remain the same as in the XML; they have simply been converted to camelCase, which is the standard representation in JSON responses.
|
XML Path |
JSON Path |
|
|---|---|---|
Login User details and request datetime |
||
| /HOST_LIST_VM_DETECTION_OUTPUT/REQUEST | hostListDetections.request | |
| /HOST_LIST_VM_DETECTION_OUTPUT/REQUEST/DATETIME | hostListDetections.dateTime | |
| /HOST_LIST_VM_DETECTION_OUTPUT/REQUEST/USER_LOGIN | hostListDetections.userLogin | |
Echo Request |
||
| /HOST_LIST_VM_DETECTION_OUTPUT/REQUEST/PARAM_LIST/PARAM/KEY | hostListDetections.request.<various fields> | |
Host List |
||
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/ID | hostListDetections.hostList[].id | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/ASSET_ID | hostListDetections.hostList[].assetId | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/IP | hostListDetections.hostList[].ip | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/IPV6 | hostListDetections.hostList[].ipv6 | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/TRACKING_METHOD | hostListDetections.hostList[].trackingMethod | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/NETWORK_ID | hostListDetections.hostList[].networkId | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/OS | hostListDetections.hostList[].os | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DNS | hostListDetections.hostList[].dns | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DNS_DATA/HOSTNAME | hostListDetections.hostList[].dnsData.hostname | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DNS_DATA/DOMAIN | hostListDetections.hostList[].dnsData.domain | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DNS_DATA/FQDN | hostListDetections.hostList[].dnsData.fqdn | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/CLOUD_PROVIDER | hostListDetections.hostList[].cloudProvider | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/CLOUD_SERVICE | hostListDetections.hostList[].cloudService | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/CLOUD_RESOURCE_ID | hostListDetections.hostList[].cloudResourceId | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/LAST_SCAN_DATETIME | hostListDetections.hostList[].lastScanDatetime | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/LAST_VM_SCANNED_DATE | hostListDetections.hostList[].lastVmScannedDate | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/LAST_VM_SCANNED_DURATION | hostListDetections.hostList[].lastVmScannedDuration | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/LAST_VM_AUTH_SCANNED_DURATION | hostListDetections.hostList[].lastVmAuthScannedDuration | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/TAGS/TAG | hostListDetections.hostList[].tags[] | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/METADATA/<TYPE> | hostListDetections.hostList[].metadata.type | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/METADATA/ATTRIBUTE/NAME | ||
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/METADATA/ATTRIBUTE/LAST_STATUS | hostListDetections.hostList[].metadata.attributes[].lastStatus | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/METADATA/ATTRIBUTE/VALUE | hostListDetections.hostList[].metadata.attributes[].value | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/METADATA/ATTRIBUTE/LAST_SUCCESS_DATE | hostListDetections.hostList[].metadata.attributes[].lastSuccessDate | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/METADATA/ATTRIBUTE/LAST_ERROR_DATE | hostListDetections.hostList[].metadata.attributes[].lastErrorDate | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/METADATA/ATTRIBUTE/LAST_ERROR | hostListDetections.hostList[].metadata.attributes[].lastError | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/CLOUD_PROVIDER_TAGS/CLOUD_TAG/NAME | hostListDetections.hostList[].cloudTags[].name | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/CLOUD_PROVIDER_TAGS/CLOUD_TAG/VALUE | hostListDetections.hostList[].cloudTags[].value | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/CLOUD_PROVIDER_TAGS/CLOUD_TAG/LAST_SUCCESS_DATE | hostListDetections.hostList[].cloudTags[].lastSuccessDate | |
Detection |
||
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/UNIQUE_VULN_ID | hostListDetections.hostList[].detectionList[].uniqueVulnId | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/QID | hostListDetections.hostList[].detectionList[].qid | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/TYPE | hostListDetections.hostList[].detectionList[].type | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/SEVERITY | hostListDetections.hostList[].detectionList[].severity | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/PORT | hostListDetections.hostList[].detectionList[].port | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/PROTOCOL | hostListDetections.hostList[].detectionList[].protocol | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/SSL | hostListDetections.hostList[].detectionList[].ssl | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/RESULT_INSTANCE | hostListDetections.hostList[].detectionList[].resultInstance | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/RESULTS | hostListDetections.hostList[].detectionList[].results | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/STATUS | hostListDetections.hostList[].detectionList[].status | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/FIRST_FOUND_DATETIME | hostListDetections.hostList[].detectionList[].firstFoundDatetime | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/LAST_FOUND_DATETIME | hostListDetections.hostList[].detectionList[].lastFoundDatetime | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/TIMES_FOUND | hostListDetections.hostList[].detectionList[].timesFound | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/LAST_TEST_DATETIME | hostListDetections.hostList[].detectionList[].lastTestDatetime | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/LAST_UPDATE_DATETIME | hostListDetections.hostList[].detectionList[].lastUpdateDatetime | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/LAST_FIXED_DATETIME | hostListDetections.hostList[].detectionList[].lastFixedDatetime | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/FIRST_REOPENED_DATETIME | hostListDetections.hostList[].detectionList[].firstReopenedDatetime | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/LAST_REOPENED_DATETIME | hostListDetections.hostList[].detectionList[].lastReopenedDatetime | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/TIMES_REOPENED | hostListDetections.hostList[].detectionList[].timesReopened | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/IS_IGNORED | hostListDetections.hostList[].detectionList[].isIgnored | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/IS_DISABLED | hostListDetections.hostList[].detectionList[].isDisabled | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/LAST_PROCESSED_DATETIME | hostListDetections.hostList[].detectionList[].lastProcessedDatetime | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/QDS/<ATTR:SEVERITY> | hostListDetections.hostList[].detectionList[].qds.score | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/QDS_FACTORS/QDS_FACTOR/<ATTR: NAME> | hostListDetections.hostList[].detectionList[].qds.severity | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/VULNERABILITY_DETECTION_SOURCES | hostListDetections.hostList[].detectionList[].vulnerabilityDetectionSources | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/LATEST_VULNERABILITY_DETECTION_SOURCE | hostListDetections.hostList[].detectionList[].latestVulnerabilityDetectionSource | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/MITRE_TACTIC_NAME | hostListDetection.hostList[].detectionList[].mitreinfo.tactic.name | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/MITRE_TECHNIQUE_NAME | hostListDetection.hostList[].detectionList[].mitreinfo.technique.name | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/MITRE_TACTIC_ID | hostListDetection.hostList[].detectionList[].mitreinfo.tactic.id | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/DETECTION_LIST/DETECTION/MITRE_TECHNIQUE_ID | hostListDetection.hostList[].detectionList[].mitreinfo.technique.id | |
Pagination |
||
| NA | pageNumber | |
| NA | requestId | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/WARNING/URL | nextPageRef | |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/WARNING/CODE | status | |
The following fields have been deprecated and will not be supported in future releases
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/OS_HOSTNAME |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/NETWORK_NAME |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/ASSET_GROUP_LIST/ASSET_GROUP |
| XML Path - Current HLD API Response |
Comments |
|---|---|
| /HOST_LIST_VM_DETECTION_OUTPUT/REQUEST/RESOURCE | Deprecated. No Need for Request URL in Response. |
| /HOST_LIST_VM_DETECTION_OUTPUT/RESPONSE/HOST_LIST/HOST/EC2_INSTANCE_ID | Deprecated. New tag CLOUD_RESOURCE_ID. |