Host List

Parameter	Optional/Required	Data Type	Description
action=list	Required	String	Specify to make a host list request.
os_hostname={0\|1}	Optional	Integer	Specify 1 to view the OS hostname in the XML output of Host List API request. Else, the OS hostname is not displayed in the XML output. By default this parameter is set to 0.
echo_request={0\|1}	Optional	Integer	Specify 1 to view input parameters in the XML output. When unspecified, parameters are not included in the XML output.
show_asset_id={0\|1}	Optional	Integer	When specified, we show the asset ID of the scanned hosts in the output. The default value of this parameter is set to 0. When set to 0, we do not show the asset id information for the scanned hosts.
details={Basic\| Basic/AGs \| All\|All/ AGs \| None}	Optional	Boolean	Show the requested amount of host information for each host. A valid value is: Basic, Basic/AGs, All, All/AGs, or None. Basic - (default) Show basic host information. Basic host information includes the host ID, IP address, tracking method, DNS and NetBIOS hostnames, and operating system. Basic/AGs - Show basic host information plus asset group information. Asset group information includes the asset group ID and title. All - Show all host information. All host information includes the basic host information plus the last vulnerability and compliance scan dates. All/AGs - Show all host information plus asset group information. Asset group information includes the asset group ID and title. None - Show only the host ID.
os_pattern={expression}	Optional	String	Show only hosts which have an operating system matching a certain regular expression. An empty value cannot be specified. Use “%5E%24” to match empty string. Important: The regular expression string you enter must follow the PCRE standard and it must be URL encoded. Refer to Sample regular expression strings for matching OS names. Click here for info on PCRE format.
truncation_limit={value}	Optional	Integer	Specify the maximum number of host records processed per request. When not specified, the truncation limit is set to 1000 host records. You may specify a value less than the default (1-999) or greater than the default (1001-1000000). If the requested list identifies more host records than the truncation limit, then the XML output includes the <WARNING> element and the URL for making another request for the next batch of host records. See example: Sample - Record Limit Exceeded Warning You can specify truncation_limit=0 for no truncation limit. This means that the output is not paginated and all the records are returned in a single output. WARNING: This can generate very large output and processing large XML files can consume a lot of resources on the client side. In this case it is recommended to use the pagination logic and parallel processing. The previous page can be processed while the next page is downloaded.
ips={value}	Optional	Integer	Show only certain IP addresses/ranges. One or more IPs/ranges may be specified. Multiple entries are comma separated. An IP range is specified with a hyphen (for example, 10.10.10.1-10.10.10.100).
ipv6={value}	Optional	Integer	A valid IPv6 address. Multiple entries are comma separated. If ipv6 is used as filter parameter then other target input filter parameters are not accepted.
ag_ids={value}	Optional	String	Show only hosts belonging to asset groups with certain IDs. One or more asset group IDs and/or ranges may be specified. Multiple entries are comma separated. A range is specified with a dash (for example, 386941-386945). Valid asset group IDs are required.
ag_titles={value}	Optional	String	Show only hosts belonging to asset groups with certain strings in the asset group title. One or more asset group titles may be specified. Multiple entries are comma separated (for example, My+First+Asset+Group,Another+Asset+Group).
ids={value}	Optional	Integer	Show only certain host IDs/ranges. One or more host IDs/ranges may be specified. Multiple entries are comma separated. A host ID range is specified with a hyphen (for example, 190-400).Valid host IDs are required.
id_min={value}	Optional	Integer	Show only hosts which have a minimum host ID value. A valid host ID is required.
id_max={value}	Optional	Integer	Show only hosts which have a maximum host ID value. A valid host ID is required.
network_ids={value}	Optional, and valid only when the Network Support feature is enabled for the user’s account	Integer	Restrict the request to certain custom network IDs. Multiple network IDs are comma separated.
compliance_enabled={0\|1}	Optional	Integer	This parameter is valid only when the policy compliance module is enabled for the user account. This parameter is invalid for an Express Lite user. Use this parameter to filter the scanned hosts list to show either: 1) a list of scanned compliance hosts, or 2) a list of scanned vulnerability management hosts. Specify 1 to list scanned compliance hosts in the user’s account. These hosts are assigned to the policy compliance module. Specify 0 to list scanned hosts which are not assigned to the policy compliance module. A user can specify 0 only when the user has compliance management privileges. For a Unit Manager, Scanner or Reader, the "Manage compliance" permission must be enabled in the user account. If this permission is not enabled and the user makes a request with this parameter set to 0, the request fails with an error (unknown parameter).
Date Filters
no_vm_scan_since= {date}	Optional	Integer	Show hosts not scanned since a certain date and time (optional). The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2007-07-01” or “2007-01-25T23:12:00Z”. Permissions: An Auditor cannot specify this parameter.
no_compliance_scan_ since={date}	Optional	Integer	Show compliance hosts not scanned since a certain date and time (optional). This parameter is invalid for an Express Lite user. The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2007-07-01” or “2007-01-25T23:12:00Z”. Permissions - A sub-account (Unit Manager, Scanner or Reader) can specify this parameter only when the user is granted permissions to manage compliance information.
vm_scan_since={date}	Optional	Integer	Show hosts that were last scanned for vulnerabilities since a certain date and time (optional). Hosts that were the target of a vulnerability scan since the date/time will be shown. Date/time is specified in this format: YYYY-MM-DD[THH:MM:SSZ] (UTC/GMT). Permissions: An Auditor cannot specify this parameter.
compliance_scan_ since={date}	Optional	Integer	Show hosts that were last scanned for compliance since a certain date and time (optional). Hosts that were the target of a compliance scan since the date/time will be shown. This parameter is invalid for an Express Lite user. Date/time is specified in this format: YYYY-MM-DD[THH:MM:SSZ] (UTC/GMT). Permissions - A sub-account (Unit Manager, Scanner or Reader) can specify this parameter only when the user is granted permissions to manage compliance information.
vm_processed_ before={date}	Optional	Integer	Show hosts with vulnerability scan results processed before a certain date and time. Specify the date in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:00Z”. Note: When a date is provided without a specific time, the query includes the data on or before the specified date, meaning that the specified date itself is included in the search query.
vm_processed_ after={date}	Optional	Integer	Show hosts with vulnerability scan results processed after a certain date and time. Specify the date in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:00Z”. Note: When a date is provided without a specific time, the query includes the data after the specified date, meaning that the specified date is excluded from the search query.
vm_scan_date_ before={date}	Optional	Integer	Show hosts with a vulnerability scan end date before a certain date and time. Specify the date in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:00Z”. Note: When a date is provided without a specific time, the query includes the data on or before the specified date, meaning that the specified date itself is included in the search query.
vm_scan_date_ after={date}	Optional	Integer	Show hosts with a vulnerability scan end date after a certain date and time. Specify the date in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:00Z”. Note: When a date is provided without a specific time, the query includes the data after the specified date, meaning that the specified date is excluded from the search query.
vm_auth_scan_date_ before={date}	Optional	Integer	Show hosts with a successful authenticated vulnerability scan end date before a certain date and time. Specify the date in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:00Z”. Note: When a date is provided without a specific time, the query includes the data on or before the specified date, meaning that the specified date itself is included in the search query.
vm_auth_scan_date_ after={date}	Optional	Integer	Show hosts with a successful authenticated vulnerability scan end date after a certain date and time. Specify the date in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:00Z”. Note: When a date is provided without a specific time, the query includes the data after the specified date, meaning that the specified date is excluded from the search query.
pc_auth_success_date_ before={date}	Optional	Integer	Show hosts with a successful compliance scan end date before a certain date and time. Specify the date in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:00Z”. Note: When a date is provided without a specific time, the query includes the data on or before the specified date, meaning that the specified date itself is included in the search query.
pc_auth_success_date_ after={date}	Optional	Integer	Show hosts with a successful compliance scan end date after a certain date and time. Specify the date in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:00Z”. Note: When a date is provided without a specific time, the query includes the data after the specified date, meaning that the specified date is excluded from the search query.
scap_scan_since={date}	Optional	Integer	Show hosts that were last scanned for SCAP since a certain date and time. Hosts that were the target of a SCAP scan since the date/time will be shown. This parameter is invalid for an Express Lite user. Valid date format is: YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2018-07-01” or “2018-01-25T23:12:00Z”.
no_scap_scan_since={date}	Optional	Integer	Show hosts not scanned for SCAP since a certain date and time. This parameter is invalid for an Express Lite user. Valid date format is: YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2018-07-01” or “2018-01-25T23:12:00Z”.
Asset Tags
use_tags={0\|1}	Optional	Integer	Specify 0 (the default) if you want to select hosts based on IP addresses/ranges and/or asset groups. Specify 1 if you want to select hosts based on asset tags.
tag_set_by={id\|name}	Optional when use_tags=1	Integer	Specify “id” (the default) to select a tag set by providing tag IDs. Specify “name” to select a tag set by providing tag names.
tag_include_selector= {any\|all}	Optional when use_tags=1	Boolean	Select “any” (the default) to include hosts that match at least one of the selected tags. Select “all” to include hosts that match all of the selected tags.
tag_exclude_selector= {any\|all}	Optional when use_tags=1	Boolean	Select “any” (the default) to exclude hosts that match at least one of the selected tags. Select “all” to exclude hosts that match all of the selected tags.
tag_set_include= {value}	Optional when use_tags=1	Integer	Specify a tag set to include. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. Multiple entries are comma separated.
tag_set_exclude= {value}	Optional when use_tags=1	Integer	Specify a tag set to exclude. Hosts that match these tags will be excluded. You identify the tag set by providing tag name or IDs. Multiple entries are comma separated.
show_tags={0\|1}	Optional	Integer	Specify 1 to display asset tags associated with each host in the XML output.
Asset Risk Score (ARS)			Note: The ARS parameters will be retained for the next few releases. However, there will be a future update where these parameters will be removed with advance notification. You must start using the new TruRisk parameters mentioned below.
show_ars={0\|1}	Optional	Integer	Specify 1 to show the ARS value in the output. Specify 0 if you do not want to show the ARS value.
ars_min={value}	Optional	Integer	Show only asset records with a ARS value greater than or equal to the ARS min value specified. ars_min can only be specified when show_ars=1. When ars_min and ars_max are specified in the same request, the ars_min value must be less than the ars_max value.
ars_max={value}	Optional	Integer	Show only detection records with an ARS value less than or equal to the ARS max value specified. ars_max can only be specified when show_ars=1. When ars_min and ars_max are specified in the same request, the ars_min value must be less than the ars_max value.
show_ars_factors={0\|1}	Optional	Integer	Specify 1 to show ARS contributing factors associated with each asset record in the output. Specify 0 if you do not want to show ARS contributing factors.
TruRisk Score
show_trurisk={0\|1}	Optional	Integer	Specify 1 to show the TruRisk value in the output. Specify 0 if you do not want to show the TruRisk value.
trurisk_min={value}	Optional	Integer	Show only asset records with a TruRisk value greater than or equal to the TruRisk min value specified. trurisk_min can only be specified when show_trurisk=1. When trurisk_min and trurisk_max are specified in the same request, the trurisk_min value must be less than the trurisk_max value.
trurisk_max={value}	Optional	Integer	Show only detection records with an TruRisk value less than or equal to the TruRisk max value specified. trurisk_max can only be specified when show_trurisk=1. When trurisk_min and trurisk_max are specified in the same request, the trurisk_min value must be less than the trurisk_max value.
show_trurisk_factors={0\|1}	Optional	Integer	Specify 1 to show TruRisk contributing factors associated with each asset record in the output. Specify 0 if you do not want to show TruRisk contributing factors.
AWS EC2/Azure/GCP metadata
host_metadata={value}	Optional	Boolean	Specify “all” to list all assets (cloud and noncloud assets) and the metadata output applicable for cloud assets. For example, if the value is set to ec2, the output lists all assets (cloud and non cloud assets), andthe metadata applicable only for ec2 assets. Valid values: all, ec2, google, azure.
host_metadata_fields= {value1,value2}	Optional when host_metadata is specified	Boolean	Specify metadata fields to only return data for certain attributes.
show_cloud_tags={0\|1}	Optional	Integer	Specify 1 to display cloud provider tags for each scanned host asset in the output. The default value of the parameter is set to 0. When set to 0, we will not show the cloud provider tags for the scanned assets.
cloud_tag_fields {value1, value2}	Optional when show_cloud_tags is specified	Boolean	Specify cloud tags or cloud tag and name combinations to only return information for specified cloud tags. A cloud tag name and value combination is specified with a colon (for example:SomeTag6:AY_ec2). For each cloud tag, we show the cloud tag’s name, its value, and last success date (the tag last success date/time, fetched from instance). If this parameter is not specified and "show_cloud_tags" is set to 1, we will show all the cloud provider tags for the assets.

If a host has a missing or null value for Information Gathered (IG) processed date or vulnerability processed date, it will be excluded when using the vm_processed_before parameter in the Host List API. To include these hosts in the results, use the vm_scan_date_before parameter.

API Request

curl --location --request POST 'https://<qualys_base_url/api/2.0/fo/asset/host/?action=list&compliance_enabled=1&os_pattern=%5EWindows.*2%24' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'X-Requested-With: curl demo2' \
--header 'Accept: /' \
--header 'Content-Length: 0' \
--header 'Authorization: Basic Encoded username:passwordstring'

XML Output

<HOST_LIST_OUTPUT>
    <RESPONSE>
        <DATETIME>2025-01-10T05:07:38Z</DATETIME>
        <HOST_LIST>
            <HOST>
                <ID>66942</ID>
                <IP>11.11.11.11</IP>
                <TRACKING_METHOD>IP</TRACKING_METHOD>
                <NETWORK_ID>0</NETWORK_ID>
                <DNS>
                    <![CDATA[2k3sp2-25-12.2k3.patch.ad.vuln.qa.qualys.com]]>
                </DNS>
                <DNS_DATA>
                    <HOSTNAME>
                        <![CDATA[2k3sp2-25-12]]>
                    </HOSTNAME>
                    <DOMAIN>
                        <![CDATA[2k3.patch.ad.vuln.qa.qualys.com]]>
                    </DOMAIN>
                    <FQDN>
                        <![CDATA[2k3sp2-25-12.2k3.patch.ad.vuln.qa.qualys.com]]>
                    </FQDN>
                </DNS_DATA>
                <NETBIOS>
                    <![CDATA[2K3SP2-25-12]]>
                </NETBIOS>
                <OS>
                    <![CDATA[Windows 2003 R2 Service Pack 2]]>
                </OS>
                <FIRST_FOUND_DATE>2016-11-15T07:39:22Z</FIRST_FOUND_DATE>
            </HOST>
 </HOST_LIST>
    </RESPONSE>
</HOST_LIST_OUTPUT>

API Request

curl --location --request GET '/api/2.0/fo/asset/host/?action=list&show_asset_id=1&host_metadata=all&details=All'--header 'X-Requested-With: curl'--header 'Authorization: token>'

XML Output

...
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE HOST_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/2.0/fo/asset/host/dtd/list/output.dtd">
<HOST_LIST_OUTPUT>
    <RESPONSE>
        <DATETIME>2023-04-25T03:52:05Z</DATETIME>
        <HOST_LIST>
            <HOST>
                <ID>32229</ID>
                <ASSET_ID>454545</ASSET_ID>
                <IP>10.14.28.129</IP>
                <TRACKING_METHOD>Cloud Agent</TRACKING_METHOD>
                <DNS>
                    <![CDATA[pt-w1122h2u]]>
                </DNS>
                <DNS_DATA>
                    <HOSTNAME>
                        <![CDATA[pt-w1122h2u]]>
                    </HOSTNAME>
                    <DOMAIN />
                    <FQDN />
                </DNS_DATA>
                <NETBIOS>
                    <![CDATA[PT-W1122H2U]]>
                </NETBIOS>
                <OS>
                    <![CDATA[Windows Microsoft Windows 11 Enterprise 10.0.22621 Build 22621]]>
                </OS>
                <QG_HOSTID>
                    <![CDATA[c6656ff6-c4c3-40df-81b4-fffe361acf02]]>
                </QG_HOSTID>
                <FIRST_FOUND_DATE>2023-03-15T07:22:33Z</FIRST_FOUND_DATE>
                <LAST_BOOT>2023-03-15T07:22:33Z</LAST_BOOT>
                <SERIAL_NUMBER><![CDATA[hmhC53tK52oWfsv3]]></SERIAL_NUMBER>
                <HARDWARE_UUID><![CDATA[08b829fb-ff42-8e41-a2ae-1269ffc6872b]]></HARDWARE_UUID>
                <LAST_ACTIVITY>2023-03-15T07:22:33Z</LAST_ACTIVITY>
                <AGENT_STATUS><![CDATA[Inventory Scan Complete]]></AGENT_STATUS>
                <CLOUD_AGENT_RUNNING_ON><![CDATA[GCP]]></CLOUD_AGENT_RUNNING_ON>
            </HOST>
        </HOST_LIST>
    </RESPONSE>
</HOST_LIST_OUTPUT>
...

API Request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl""https://<qualys_base_url>/api/2.0/fo/asset/host/?action=list&truncation_limit=10&details=All/AGs&vm_scan_date_before=2017-09-14T06:32:15Z&vm_auth_scan_date_before=2017-09-14T06:32:15Z&vm_scan_date_after=2016-05-12T06:32:15Z&vm_auth_scan_date_after=2016-05-12T06:32:15Z&vm_processed_before=2017-09&scap_scan_since=2018-08-29-14T06:33:24Z&vm_processed_after=2016-09-12T06:33:24Z"-12T06:33:24Z"

API Request

curl --location '/api/2.0/fo/asset/host/?action=list&ips=10.115.126.190&show_trurisk=1&trurisk_min=1&trurisk_max=1000&show_trurisk_factors=1'--header 'X-Requested-With: curl demo2'--header 'Authorization: Basic token>'"https://<qualys_base_url>/api/2.0/fo/asset/host/action=list&ips=10.20.30.40,10.11.12.13&show_ars=1&ars_min=0&ars_max=1000&show_ars_factors=1"

XML Output

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE HOST_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/2.0/fo/asset/host/dtd/list/output.dtd">
<HOST_LIST_OUTPUT>
  <RESPONSE>
    <DATETIME>2023-06-21T06:46:04Z</DATETIME>
    <HOST_LIST>
      <HOST>
        <ID>1800139</ID>
        <IP>10.115.126.190</IP>
        <ASSET_RISK_SCORE>680</ASSET_RISK_SCORE>
        <TRURISK_SCORE>680</TRURISK_SCORE>
        <ASSET_CRITICALITY_SCORE>4</ASSET_CRITICALITY_SCORE>
        <TRURISK_SCORE_FACTORS>
          <TRURISK_SCORE_FORMULA>4 * {(1.0*95*(14^0.01))+(0.6*74*(31^0.01))+(0.4*47*(73^0.01))+(0.2*33*(66^0.01))}</TRURISK_SCORE_FORMULA>
          <VULN_COUNT qds_severity="1">0</VULN_COUNT>
          <VULN_COUNT qds_severity="2">66</VULN_COUNT>
          <VULN_COUNT qds_severity="3">73</VULN_COUNT>
          <VULN_COUNT qds_severity="4">31</VULN_COUNT>
          <VULN_COUNT qds_severity="5">14</VULN_COUNT>
        </TRURISK_SCORE_FACTORS>
        <TRACKING_METHOD>Cloud Agent</TRACKING_METHOD>
        <NETWORK_ID>0</NETWORK_ID>
        <DNS><![CDATA[ca1.rdlab.in03.qualys.com.abc123]]></DNS>
        <DNS_DATA>
          <HOSTNAME><![CDATA[ca1]]></HOSTNAME>
          <DOMAIN><![CDATA[rdlab.in03.qualys.com.abc123]]></DOMAIN>
          <FQDN><![CDATA[ca1.rdlab.in03.qualys.com.abc123]]></FQDN>
        </DNS_DATA>
        <NETBIOS><![CDATA[SYS_10_115_126_190]]></NETBIOS>
        <OS><![CDATA[CentOS Linux 7.5.1804]]></OS>
        <QG_HOSTID><![CDATA[6fc281d4-40e2-4145-bcaa-753f3f0d57d7]]></QG_HOSTID>
        <LAST_BOOT>2022-05-27T18:18:43Z</LAST_BOOT>
        <SERIAL_NUMBER><![CDATA[VMware-56 4d 99 7a 19 f5 a6 94-b5 f0 07 68 7c 9a e5 b5]]></SERIAL_NUMBER>
        <HARDWARE_UUID><![CDATA[564D997A-19F5-A694-B5F0-07687C9AE5B5]]></HARDWARE_UUID>
        <FIRST_FOUND_DATE>2021-07-28T08:37:55Z</FIRST_FOUND_DATE>
        <LAST_ACTIVITY>2023-06-21T06:15:43Z</LAST_ACTIVITY>
        <AGENT_STATUS><![CDATA[Inventory Scan Complete]]></AGENT_STATUS>
        <CLOUD_AGENT_RUNNING_ON><![CDATA[QAGENT]]></CLOUD_AGENT_RUNNING_ON>
      </HOST>
      ...
    </HOST_LIST>
  </RESPONSE>
</HOST_LIST_OUTPUT>

API Request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl" -X POST"action=list&details=All&host_metadata=ec2&host_metadata_fields=region,accountId,instanceId" "https://<qualys_base_url>/api/2.0/fo/asset/host/"

XML Output

<!DOCTYPE HOST_LIST_OUTPUT SYSTEM "https://<qualys_base_url>/api/2.0/fo/asset/host/host_list_output.dtd">
<HOST_LIST_OUTPUT>
  <RESPONSE>
    <DATETIME>2017-04-15T09:50:46Z</DATETIME>
    <HOST_LIST>
       <HOST>
       <ID>135151</ID>
       <IP>10.97.5.247</IP>
       <TRACKING_METHOD>EC2</TRACKING_METHOD>
       <DNS><![CDATA[i-0bb87c3281243cdfd]]></DNS>
       <EC2_INSTANCE_ID><![CDATA[i-0bb87c3281243cdfd]]></EC2_INSTANCE_ID>
       <OS><![CDATA[Amazon Linux 2016.09]]></OS>
       <METADATA>
         <EC2>
           <ATTRIBUTE>
             <NAME><![CDATA[latest/dynamic/instance-
              identity/document/region]]></NAME>
             <LAST_STATUS>Success</LAST_STATUS>
             <VALUE><![CDATA[us-east-1]]></VALUE>
             <LAST_SUCCESS_DATE>2017-03-21T13:39:38Z</LAST_SUCCESS_DATE>
             <LAST_ERROR_DATE></LAST_ERROR_DATE>
             <LAST_ERROR><![CDATA[]]></LAST_ERROR>
           </ATTRIBUTE>
           <ATTRIBUTE>
             <NAME><![CDATA[latest/dynamic/instance-
              identity/document/instanceId]]></NAME>
             <LAST_STATUS>Success</LAST_STATUS>
             <VALUE><![CDATA[i-0bb87c3281243cdfd]]></VALUE>
             <LAST_SUCCESS_DATE>2017-03-21T13:39:38Z</LAST_SUCCESS_DATE>
             <LAST_ERROR_DATE></LAST_ERROR_DATE>
             <LAST_ERROR><![CDATA[]]></LAST_ERROR>
           </ATTRIBUTE>
           <ATTRIBUTE>
             <NAME><![CDATA[latest/dynamic/instance-
              identity/document/accountId]]></NAME>
             <LAST_STATUS>Success</LAST_STATUS>
             <VALUE><![CDATA[205767712438]]></VALUE>
             <LAST_SUCCESS_DATE>2017-03-21T13:39:38Z</LAST_SUCCESS_DATE>
             <LAST_ERROR_DATE></LAST_ERROR_DATE>
             <LAST_ERROR><![CDATA[]]></LAST_ERROR>
           </ATTRIBUTE>
         </EC2>
       </METADATA>
       <LAST_VULN_SCAN_DATETIME>2017-03-
        21T13:39:38Z</LAST_VULN_SCAN_DATETIME>
       <LAST_VM_SCANNED_DATE>2017-03-21T13:39:38Z</LAST_VM_SCANNED_DATE>
       <LAST_VM_SCANNED_DURATION>229</LAST_VM_SCANNED_DURATION>
       <LAST_VM_AUTH_SCANNED_DATE>2017-03-
        21T13:39:38Z</LAST_VM_AUTH_SCANNED_DATE>
       <LAST_VM_AUTH_SCANNED_DURATION>229</LAST_VM_AUTH_SCANNED_DURATION>
       <LAST_COMPLIANCE_SCAN_DATETIME>2017-03-
        21T13:21:51Z</LAST_COMPLIANCE_SCAN_DATETIME>
     </HOST>
    </HOST_LIST>
  </RESPONSE>
</HOST_LIST_OUTPUT>

A truncated response is returned when the API request returns more host records than the truncation limit. In this case 1,000 host records are included in the XML output and the Warning message (shown below) indicates the URL you need to use to request the next 1,000 host records.

XML Output

<RESPONSE>
...
   <WARNING>
            <CODE>1980</CODE>
            <TEXT>100 record limit exceeded. Use URL to get next batch of results.</TEXT>
            <URL>
                <![CDATA[https://qualysapi.p01.eng.sjc01.qualys.com/api/2.0/fo/asset/host/?action=list&details=None&truncation_limit=100&id_min=145359]]>
            </URL>
        </WARNING>
    </RESPONSE>
...

Parameter	Optional/Required	Data Type	Description
action=list	Required	String	Specify to make a host list request.
os_hostname={0\|1}	Optional	Integer	Specify 1 to view the OS hostname in the XML output of Host List API request. Else, the OS hostname is not displayed in the XML output. By default this parameter is set to 0.
echo_request={0\|1}	Optional	Integer	Specify 1 to view input parameters in the XML output. When unspecified, parameters are not included in the XML output.
show_asset_id={0\|1}	Optional	Integer	When specified, we show the asset ID of the scanned hosts in the output. The default value of this parameter is set to 0. When set to 0, we do not show the asset id information for the scanned hosts.
details={Basic\| Basic/AGs \| All\|All/ AGs \| None}	Optional	Boolean	Show the requested amount of host information for each host. A valid value is: Basic, Basic/AGs, All, All/AGs, or None. Basic - (default) Show basic host information. Basic host information includes the host ID, IP address, tracking method, DNS and NetBIOS hostnames, and operating system. Basic/AGs - Show basic host information plus asset group information. Asset group information includes the asset group ID and title. All - Show all host information. All host information includes the basic host information plus the last vulnerability and compliance scan dates. All/AGs - Show all host information plus asset group information. Asset group information includes the asset group ID and title. None - Show only the host ID.
os_pattern={expression}	Optional	String	Show only hosts which have an operating system matching a certain regular expression. An empty value cannot be specified. Use “%5E%24” to match empty string. Important: The regular expression string you enter must follow the PCRE standard and it must be URL encoded. Refer to Sample regular expression strings for matching OS names. Click here for info on PCRE format.
truncation_limit={value}	Optional	Integer	Specify the maximum number of host records processed per request. When not specified, the truncation limit is set to 1000 host records. You may specify a value less than the default (1-999) or greater than the default (1001-1000000). If the requested list identifies more host records than the truncation limit, then the XML output includes the <WARNING> element and the URL for making another request for the next batch of host records. See example: Sample - Record Limit Exceeded Warning You can specify truncation_limit=0 for no truncation limit. This means that the output is not paginated and all the records are returned in a single output. WARNING: This can generate very large output and processing large XML files can consume a lot of resources on the client side. In this case it is recommended to use the pagination logic and parallel processing. The previous page can be processed while the next page is downloaded.
ips={value}	Optional	Integer	Show only certain IP addresses/ranges. One or more IPs/ranges may be specified. Multiple entries are comma separated. An IP range is specified with a hyphen (for example, 10.10.10.1-10.10.10.100).
ipv6={value}	Optional	Integer	A valid IPv6 address. Multiple entries are comma separated. If ipv6 is used as filter parameter then other target input filter parameters are not accepted.
ag_ids={value}	Optional	String	Show only hosts belonging to asset groups with certain IDs. One or more asset group IDs and/or ranges may be specified. Multiple entries are comma separated. A range is specified with a dash (for example, 386941-386945). Valid asset group IDs are required.
ag_titles={value}	Optional	String	Show only hosts belonging to asset groups with certain strings in the asset group title. One or more asset group titles may be specified. Multiple entries are comma separated (for example, My+First+Asset+Group,Another+Asset+Group).
ids={value}	Optional	Integer	Show only certain host IDs/ranges. One or more host IDs/ranges may be specified. Multiple entries are comma separated. A host ID range is specified with a hyphen (for example, 190-400).Valid host IDs are required.
id_min={value}	Optional	Integer	Show only hosts which have a minimum host ID value. A valid host ID is required.
id_max={value}	Optional	Integer	Show only hosts which have a maximum host ID value. A valid host ID is required.
network_ids={value}	Optional, and valid only when the Network Support feature is enabled for the user’s account	Integer	Restrict the request to certain custom network IDs. Multiple network IDs are comma separated.
compliance_enabled={0\|1}	Optional	Integer	This parameter is valid only when the policy compliance module is enabled for the user account. This parameter is invalid for an Express Lite user. Use this parameter to filter the scanned hosts list to show either: 1) a list of scanned compliance hosts, or 2) a list of scanned vulnerability management hosts. Specify 1 to list scanned compliance hosts in the user’s account. These hosts are assigned to the policy compliance module. Specify 0 to list scanned hosts which are not assigned to the policy compliance module. A user can specify 0 only when the user has compliance management privileges. For a Unit Manager, Scanner or Reader, the "Manage compliance" permission must be enabled in the user account. If this permission is not enabled and the user makes a request with this parameter set to 0, the request fails with an error (unknown parameter).
Date Filters
no_vm_scan_since= {date}	Optional	Integer	Show hosts not scanned since a certain date and time (optional). The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2007-07-01” or “2007-01-25T23:12:00Z”. Permissions: An Auditor cannot specify this parameter.
no_compliance_scan_ since={date}	Optional	Integer	Show compliance hosts not scanned since a certain date and time (optional). This parameter is invalid for an Express Lite user. The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2007-07-01” or “2007-01-25T23:12:00Z”. Permissions - A sub-account (Unit Manager, Scanner or Reader) can specify this parameter only when the user is granted permissions to manage compliance information.
vm_scan_since={date}	Optional	Integer	Show hosts that were last scanned for vulnerabilities since a certain date and time (optional). Hosts that were the target of a vulnerability scan since the date/time will be shown. Date/time is specified in this format: YYYY-MM-DD[THH:MM:SSZ] (UTC/GMT). Permissions: An Auditor cannot specify this parameter.
compliance_scan_ since={date}	Optional	Integer	Show hosts that were last scanned for compliance since a certain date and time (optional). Hosts that were the target of a compliance scan since the date/time will be shown. This parameter is invalid for an Express Lite user. Date/time is specified in this format: YYYY-MM-DD[THH:MM:SSZ] (UTC/GMT). Permissions - A sub-account (Unit Manager, Scanner or Reader) can specify this parameter only when the user is granted permissions to manage compliance information.
vm_processed_ before={date}	Optional	Integer	Show hosts with vulnerability scan results processed before a certain date and time. Specify the date in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:00Z”. Note: When a date is provided without a specific time, the query includes the data on or before the specified date, meaning that the specified date itself is included in the search query.
vm_processed_ after={date}	Optional	Integer	Show hosts with vulnerability scan results processed after a certain date and time. Specify the date in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:00Z”. Note: When a date is provided without a specific time, the query includes the data after the specified date, meaning that the specified date is excluded from the search query.
vm_scan_date_ before={date}	Optional	Integer	Show hosts with a vulnerability scan end date before a certain date and time. Specify the date in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:00Z”. Note: When a date is provided without a specific time, the query includes the data on or before the specified date, meaning that the specified date itself is included in the search query.
vm_scan_date_ after={date}	Optional	Integer	Show hosts with a vulnerability scan end date after a certain date and time. Specify the date in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:00Z”. Note: When a date is provided without a specific time, the query includes the data after the specified date, meaning that the specified date is excluded from the search query.
vm_auth_scan_date_ before={date}	Optional	Integer	Show hosts with a successful authenticated vulnerability scan end date before a certain date and time. Specify the date in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:00Z”. Note: When a date is provided without a specific time, the query includes the data on or before the specified date, meaning that the specified date itself is included in the search query.
vm_auth_scan_date_ after={date}	Optional	Integer	Show hosts with a successful authenticated vulnerability scan end date after a certain date and time. Specify the date in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:00Z”. Note: When a date is provided without a specific time, the query includes the data after the specified date, meaning that the specified date is excluded from the search query.
pc_auth_success_date_ before={date}	Optional	Integer	Show hosts with a successful compliance scan end date before a certain date and time. Specify the date in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:00Z”. Note: When a date is provided without a specific time, the query includes the data on or before the specified date, meaning that the specified date itself is included in the search query.
pc_auth_success_date_ after={date}	Optional	Integer	Show hosts with a successful compliance scan end date after a certain date and time. Specify the date in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:00Z”. Note: When a date is provided without a specific time, the query includes the data after the specified date, meaning that the specified date is excluded from the search query.
scap_scan_since={date}	Optional	Integer	Show hosts that were last scanned for SCAP since a certain date and time. Hosts that were the target of a SCAP scan since the date/time will be shown. This parameter is invalid for an Express Lite user. Valid date format is: YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2018-07-01” or “2018-01-25T23:12:00Z”.
no_scap_scan_since={date}	Optional	Integer	Show hosts not scanned for SCAP since a certain date and time. This parameter is invalid for an Express Lite user. Valid date format is: YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2018-07-01” or “2018-01-25T23:12:00Z”.
Asset Tags
use_tags={0\|1}	Optional	Integer	Specify 0 (the default) if you want to select hosts based on IP addresses/ranges and/or asset groups. Specify 1 if you want to select hosts based on asset tags.
tag_set_by={id\|name}	Optional when use_tags=1	Integer	Specify “id” (the default) to select a tag set by providing tag IDs. Specify “name” to select a tag set by providing tag names.
tag_include_selector= {any\|all}	Optional when use_tags=1	Boolean	Select “any” (the default) to include hosts that match at least one of the selected tags. Select “all” to include hosts that match all of the selected tags.
tag_exclude_selector= {any\|all}	Optional when use_tags=1	Boolean	Select “any” (the default) to exclude hosts that match at least one of the selected tags. Select “all” to exclude hosts that match all of the selected tags.
tag_set_include= {value}	Optional when use_tags=1	Integer	Specify a tag set to include. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. Multiple entries are comma separated.
tag_set_exclude= {value}	Optional when use_tags=1	Integer	Specify a tag set to exclude. Hosts that match these tags will be excluded. You identify the tag set by providing tag name or IDs. Multiple entries are comma separated.
show_tags={0\|1}	Optional	Integer	Specify 1 to display asset tags associated with each host in the XML output.
Asset Risk Score (ARS)			Note: The ARS parameters will be retained for the next few releases. However, there will be a future update where these parameters will be removed with advance notification. You must start using the new TruRisk parameters mentioned below.
show_ars={0\|1}	Optional	Integer	Specify 1 to show the ARS value in the output. Specify 0 if you do not want to show the ARS value.
ars_min={value}	Optional	Integer	Show only asset records with a ARS value greater than or equal to the ARS min value specified. ars_min can only be specified when show_ars=1. When ars_min and ars_max are specified in the same request, the ars_min value must be less than the ars_max value.
ars_max={value}	Optional	Integer	Show only detection records with an ARS value less than or equal to the ARS max value specified. ars_max can only be specified when show_ars=1. When ars_min and ars_max are specified in the same request, the ars_min value must be less than the ars_max value.
show_ars_factors={0\|1}	Optional	Integer	Specify 1 to show ARS contributing factors associated with each asset record in the output. Specify 0 if you do not want to show ARS contributing factors.
TruRisk Score
show_trurisk={0\|1}	Optional	Integer	Specify 1 to show the TruRisk value in the output. Specify 0 if you do not want to show the TruRisk value.
trurisk_min={value}	Optional	Integer	Show only asset records with a TruRisk value greater than or equal to the TruRisk min value specified. trurisk_min can only be specified when show_trurisk=1. When trurisk_min and trurisk_max are specified in the same request, the trurisk_min value must be less than the trurisk_max value.
trurisk_max={value}	Optional	Integer	Show only detection records with an TruRisk value less than or equal to the TruRisk max value specified. trurisk_max can only be specified when show_trurisk=1. When trurisk_min and trurisk_max are specified in the same request, the trurisk_min value must be less than the trurisk_max value.
show_trurisk_factors={0\|1}	Optional	Integer	Specify 1 to show TruRisk contributing factors associated with each asset record in the output. Specify 0 if you do not want to show TruRisk contributing factors.
AWS EC2/Azure/GCP metadata
host_metadata={value}	Optional	Boolean	Specify “all” to list all assets (cloud and noncloud assets) and the metadata output applicable for cloud assets. For example, if the value is set to ec2, the output lists all assets (cloud and non cloud assets), andthe metadata applicable only for ec2 assets. Valid values: all, ec2, google, azure.
host_metadata_fields= {value1,value2}	Optional when host_metadata is specified	Boolean	Specify metadata fields to only return data for certain attributes.
show_cloud_tags={0\|1}	Optional	Integer	Specify 1 to display cloud provider tags for each scanned host asset in the output. The default value of the parameter is set to 0. When set to 0, we will not show the cloud provider tags for the scanned assets.
cloud_tag_fields {value1, value2}	Optional when show_cloud_tags is specified	Boolean	Specify cloud tags or cloud tag and name combinations to only return information for specified cloud tags. A cloud tag name and value combination is specified with a colon (for example:SomeTag6:AY_ec2). For each cloud tag, we show the cloud tag’s name, its value, and last success date (the tag last success date/time, fetched from instance). If this parameter is not specified and "show_cloud_tags" is set to 1, we will show all the cloud provider tags for the assets.

If a host has a missing or null value for Information Gathered (IG) processed date or vulnerability processed date, it will be excluded when using the vm_processed_before parameter in the Host List API. To include these hosts in the results, use the vm_scan_date_before parameter.

API Request

curl --location --request POST 'https://<qualys_base_url>/api/3.0/fo/asset/host/?action=list&compliance_enabled=1&os_pattern=%5EWindows.*2%24' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'X-Requested-With: curl demo2' \
--header 'Accept: */*' \
--header 'Content-Length: 0' \
--header 'Authorization: Basic Encoded username:passwordstring'

XML Output

<HOST_LIST_OUTPUT>
    <RESPONSE>
        <DATETIME>2025-01-09T07:36:40Z</DATETIME>
        <HOST_LIST>
            <HOST>
                <ID>66942</ID>
                <IP>11.11.11.11</IP>
                <TRACKING_METHOD>IP</TRACKING_METHOD>
                <NETWORK_ID>0</NETWORK_ID>
                <DNS>
                    <![CDATA[2k3sp2-25-12.2k3.patch.ad.vuln.qa.qualys.com]]>
                </DNS>
                <DNS_DATA>
                    <HOSTNAME>
                        <![CDATA[2k3sp2-25-12]]>
                    </HOSTNAME>
                    <DOMAIN>
                        <![CDATA[2k3.patch.ad.vuln.qa.qualys.com]]>
                    </DOMAIN>
                    <FQDN>
                        <![CDATA[2k3sp2-25-12.2k3.patch.ad.vuln.qa.qualys.com]]>
                    </FQDN>
                </DNS_DATA>
                <NETBIOS>
                    <![CDATA[2K3SP2-25-12]]>
                </NETBIOS>
                <OS>
                    <![CDATA[Windows 2003 R2 Service Pack 2]]>
                </OS>
                <FIRST_FOUND_DATE>2016-11-15T07:39:22Z</FIRST_FOUND_DATE>
            </HOST>
            <HOST>
                <ID>66950</ID>
                <IP>11.11.11.1</IP>
                <TRACKING_METHOD>IP</TRACKING_METHOD>
                <NETWORK_ID>0</NETWORK_ID>
                <DNS>
                    <![CDATA[pci-2k3sp2-25-9]]>
                </DNS>
                <DNS_DATA>
                    <HOSTNAME>
                        <![CDATA[pci-2k3sp2-25-9]]>
                    </HOSTNAME>
                    <DOMAIN />
                    <FQDN />
                </DNS_DATA>
                <NETBIOS>
                    <![CDATA[PCI-2K3SP2-25-9]]>
                </NETBIOS>
                <OS>
                    <![CDATA[Windows 2003 R2 Service Pack 2]]>
                </OS>
                <FIRST_FOUND_DATE>2018-01-26T23:48:25Z</FIRST_FOUND_DATE>
            </HOST>
            <HOST>
                <ID>141141</ID>
                <IP>11.11.11.11</IP>
                <TRACKING_METHOD>IP</TRACKING_METHOD>
                <NETWORK_ID>0</NETWORK_ID>
                <DNS>
                    <![CDATA[com-sql-24-68.lab.ad.vuln.qa.qualys.com]]>
                </DNS>
                <DNS_DATA>
                    <HOSTNAME>
                        <![CDATA[com-sql-24-68]]>
                    </HOSTNAME>
                    <DOMAIN>
                        <![CDATA[lab.ad.vuln.qa.qualys.com]]>
                    </DOMAIN>
                    <FQDN>
                        <![CDATA[com-sql-24-68.lab.ad.vuln.qa.qualys.com]]>
                    </FQDN>
                </DNS_DATA>
                <NETBIOS>
                    <![CDATA[COM-SQL-24-68]]>
                </NETBIOS>
                <OS>
                    <![CDATA[Windows 2003 Service Pack 2]]>
                </OS>
                <FIRST_FOUND_DATE>2018-01-26T23:48:25Z</FIRST_FOUND_DATE>
            </HOST>
            <HOST>
                <ID>141142</ID>
                <IP>11.11.11.111</IP>
                <TRACKING_METHOD>IP</TRACKING_METHOD>
                <NETWORK_ID>0</NETWORK_ID>
                <DNS>
                    <![CDATA[win2k3r2-64bit.lab.ad.vuln.qa.qualys.com]]>
                </DNS>
                <DNS_DATA>
                    <HOSTNAME>
                        <![CDATA[win2k3r2-64bit]]>
                    </HOSTNAME>
                    <DOMAIN>
                        <![CDATA[lab.ad.vuln.qa.qualys.com]]>
                    </DOMAIN>
                    <FQDN>
                        <![CDATA[win2k3r2-64bit.lab.ad.vuln.qa.qualys.com]]>
                    </FQDN>
                </DNS_DATA>
                <NETBIOS>
                    <![CDATA[WIN2K3R2-64BIT]]>
                </NETBIOS>
                <OS>
                    <![CDATA[Windows 2003 R2 Service Pack 2]]>
                </OS>
                <FIRST_FOUND_DATE>2017-11-07T09:10:49Z</FIRST_FOUND_DATE>
            </HOST>
        </HOST_LIST>
    </RESPONSE>
</HOST_LIST_OUTPUT>

API Request

curl --location --request GET '/api/3.0/fo/asset/host/?action=list&show_asset_id=1&host_metadata=all&details=All'--header 'X-Requested-With: curl'--header 'Authorization: token>'

XML Output

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HOST_LIST_OUTPUT SYSTEM "https://<qualys_base_url>/api/3.0/fo/asset/host/dtd/list/output.dtd">
<host_list_output>
  <response>
    <datetime>2024-09-17T07:16:54Z</datetime>
    <host_list>
      <host>
        <id>1295154</id>
        <asset_id>5856721</asset_id>
        <ip>11.11.11.11</ip>
        <tracking_method>IP</tracking_method>
        <os>JUNOS 15.1R6-S2.1</os>
        <first_found_date>2020-08-18T07:08:12Z</first_found_date>
        <last_compliance_scan_datetime>2020-08-18T07:04:32Z</last_compliance_scan_datetime>
      </host>
      <host>
        <id>1295155</id>
        <asset_id>5856524</asset_id>
        <ip>11.11.11.11</ip>
        <tracking_method>IP</tracking_method>
        <netbios>COM-XP-64-32-93</netbios>
        <first_found_date>2020-08-18T07:08:14Z</first_found_date>
        <last_compliance_scan_datetime>2020-08-18T07:04:32Z</last_compliance_scan_datetime>
      </host>
....
      <host>
        <id>6162135</id>
        <asset_id>47773653</asset_id>
        <ip>11.11.11.11</ip>
        <tracking_method>Cloud Agent</tracking_method>        <dns>singlestore_test.comp.rdlab.qualys.com</dns>
        <dns_data>          <hostname>singlestore_test</hostname>        <domain>comp.rdlab.qualys.com</domain>          <fqdn>singlestore_test.comp.rdlab.qualys.com</fqdn>
        </dns_data>
        <os>Oracle Enterprise Linux 8.6</os>
        <qg_hostid>24a561a4-5746-4bcb-8229-009a3d4034f2</qg_hostid>
        <last_boot>2024-09-16T09:16:35Z</last_boot>
        <serial_number>VMware-42 2e 4c 03 e3 e6 ba c1-53 66 da 59 f9 60 c4 0a</serial_number>
        <hardware_uuid>034c2e42-e6e3-c1ba-5366-da59f960c40a</hardware_uuid>
        <first_found_date>2024-09-13T09:37:09Z</first_found_date>
        <last_activity>2024-09-17T07:15:35Z</last_activity>
        <agent_status>Inventory Scan Complete</agent_status>        <cloud_agent_running_on>QAGENT</cloud_agent_running_on>        <last_compliance_scan_datetime>2024-09-17T06:46:48Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2024-09-17T06:48:56Z</pc_auth_success_date>
      </host>
      <host>
        <id>6171463</id>
        <asset_id>47817089</asset_id>
        <ip>11.11.11.11</ip>        <tracking_method>IP</tracking_method>
        <os>Oracle Enterprise Linux 8.6</os>
        <first_found_date>2024-09-16T17:55:07Z</first_found_date>       <last_compliance_scan_datetime>2024-09-16T17:30:19Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2024-09-16T17:55:08Z</pc_auth_success_date>
      </host>
    </host_list>
    <glossary>
      <user_list>
        <user>          <user_login>username</user_login>          <first_name>xxxx</first_name>
          <last_name>yyyy</last_name>
        </user>
      </user_list>
    </glossary>
  </response>
</host_list_output>

API Request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl""https://<qualys_base_url>/api/3.0/fo/asset/host/?action=list&truncation_limit=10&details=All/AGs&vm_scan_date_before=2017-09-14T06:32:15Z&vm_auth_scan_date_before=2017-09-14T06:32:15Z&vm_scan_date_after=2016-05-12T06:32:15Z&vm_auth_scan_date_after=2016-05-12T06:32:15Z&vm_processed_before=2017-09&scap_scan_since=2018-08-29-14T06:33:24Z&vm_processed_after=2016-09-12T06:33:24Z"-12T06:33:24Z"

API Request

curl --location '<qualys_base_url>/api/3.0/fo/asset/host/?action=list&ips=10.115.126.190&show_trurisk=1&trurisk_min=1&trurisk_max=1000&show_trurisk_factors=1'
--header 'X-Requested-With: curl demo2' 
--header 'Authorization: Basic <token>'

XML Output

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE HOST_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/asset/host/dtd/list/output.dtd">
<HOST_LIST_OUTPUT>
  <RESPONSE>
    <DATETIME>2023-06-21T06:46:04Z</DATETIME>
    <HOST_LIST>
      <HOST>
        <ID>1800139</ID>
        <IP>11.111.111.111</IP>
        <ASSET_RISK_SCORE>680</ASSET_RISK_SCORE>
        <TRURISK_SCORE>680</TRURISK_SCORE>
        <ASSET_CRITICALITY_SCORE>4</ASSET_CRITICALITY_SCORE>
        <TRURISK_SCORE_FACTORS>
          <TRURISK_SCORE_FORMULA>4 * {(1.0*95*(14^0.01))+(0.6*74*(31^0.01))+(0.4*47*(73^0.01))+(0.2*33*(66^0.01))}</TRURISK_SCORE_FORMULA>
          <VULN_COUNT qds_severity="1">0</VULN_COUNT>
          <VULN_COUNT qds_severity="2">66</VULN_COUNT>
          <VULN_COUNT qds_severity="3">73</VULN_COUNT>
          <VULN_COUNT qds_severity="4">31</VULN_COUNT>
          <VULN_COUNT qds_severity="5">14</VULN_COUNT>
        </TRURISK_SCORE_FACTORS>
        <TRACKING_METHOD>Cloud Agent</TRACKING_METHOD>
        <NETWORK_ID>0</NETWORK_ID>
        <DNS><![CDATA[ca1.rdlab.in03.qualys.com.abc123]]></DNS>
        <DNS_DATA>
          <HOSTNAME><![CDATA[ca1]]></HOSTNAME>
          <DOMAIN><![CDATA[rdlab.in03.qualys.com.abc123]]></DOMAIN>
          <FQDN><![CDATA[ca1.rdlab.in03.qualys.com.abc123]]></FQDN>
        </DNS_DATA>
        <NETBIOS><![CDATA[SYS_10_115_126_190]]></NETBIOS>
        <OS><![CDATA[CentOS Linux 7.5.1804]]></OS>
        <QG_HOSTID><![CDATA[6fc281d4-40e2-4145-bcaa-753f3f0d57d7]]></QG_HOSTID>
        <LAST_BOOT>2022-05-27T18:18:43Z</LAST_BOOT>
        <SERIAL_NUMBER><![CDATA[VMware-56 4d 99 7a 19 f5 a6 94-b5 f0 07 68 7c 9a e5 b5]]></SERIAL_NUMBER>
        <HARDWARE_UUID><![CDATA[564D997A-19F5-A694-B5F0-07687C9AE5B5]]></HARDWARE_UUID>
        <FIRST_FOUND_DATE>2021-07-28T08:37:55Z</FIRST_FOUND_DATE>
        <LAST_ACTIVITY>2023-06-21T06:15:43Z</LAST_ACTIVITY>
        <AGENT_STATUS><![CDATA[Inventory Scan Complete]]></AGENT_STATUS>
        <CLOUD_AGENT_RUNNING_ON><![CDATA[QAGENT]]></CLOUD_AGENT_RUNNING_ON>
      </HOST>
      ...
    </HOST_LIST>
  </RESPONSE>
</HOST_LIST_OUTPUT>

API Request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl" -X POST"action=list&details=All&host_metadata=ec2&host_metadata_fields=region,accountId,instanceId" "https://<qualys_base_url>/api/3.0/fo/asset/host/"

XML Output

<!DOCTYPE HOST_LIST_OUTPUT SYSTEM "https://<qualys_base_url>/api/3.0/fo/asset/host/host_list_output.dtd">
<HOST_LIST_OUTPUT>
  <RESPONSE>
    <DATETIME>2017-04-15T09:50:46Z</DATETIME>
    <HOST_LIST>
       <HOST>
       <ID>135151</ID>
       <IP>11.11.1.111</IP>
       <TRACKING_METHOD>EC2</TRACKING_METHOD>
       <DNS><![CDATA[i-0bb87c3281243cdfd]]></DNS>
       <EC2_INSTANCE_ID><![CDATA[i-0bb87c3281243cdfd]]></EC2_INSTANCE_ID>
       <OS><![CDATA[Amazon Linux 2016.09]]></OS>
       <METADATA>
         <EC2>
           <ATTRIBUTE>
             <NAME><![CDATA[latest/dynamic/instance-
              identity/document/region]]></NAME>
             <LAST_STATUS>Success</LAST_STATUS>
             <VALUE><![CDATA[us-east-1]]></VALUE>
             <LAST_SUCCESS_DATE>2017-03-21T13:39:38Z</LAST_SUCCESS_DATE>
             <LAST_ERROR_DATE></LAST_ERROR_DATE>
             <LAST_ERROR><![CDATA[]]></LAST_ERROR>
           </ATTRIBUTE>
           <ATTRIBUTE>
             <NAME><![CDATA[latest/dynamic/instance-
              identity/document/instanceId]]></NAME>
             <LAST_STATUS>Success</LAST_STATUS>
             <VALUE><![CDATA[i-0bb87c3281243cdfd]]></VALUE>
             <LAST_SUCCESS_DATE>2017-03-21T13:39:38Z</LAST_SUCCESS_DATE>
             <LAST_ERROR_DATE></LAST_ERROR_DATE>
             <LAST_ERROR><![CDATA[]]></LAST_ERROR>
           </ATTRIBUTE>
           <ATTRIBUTE>
             <NAME><![CDATA[latest/dynamic/instance-
              identity/document/accountId]]></NAME>
             <LAST_STATUS>Success</LAST_STATUS>
             <VALUE><![CDATA[205767712438]]></VALUE>
             <LAST_SUCCESS_DATE>2017-03-21T13:39:38Z</LAST_SUCCESS_DATE>
             <LAST_ERROR_DATE></LAST_ERROR_DATE>
             <LAST_ERROR><![CDATA[]]></LAST_ERROR>
           </ATTRIBUTE>
         </EC2>
       </METADATA>
       <LAST_VULN_SCAN_DATETIME>2017-03-
        21T13:39:38Z</LAST_VULN_SCAN_DATETIME>
       <LAST_VM_SCANNED_DATE>2017-03-21T13:39:38Z</LAST_VM_SCANNED_DATE>
       <LAST_VM_SCANNED_DURATION>229</LAST_VM_SCANNED_DURATION>
       <LAST_VM_AUTH_SCANNED_DATE>2017-03-
        21T13:39:38Z</LAST_VM_AUTH_SCANNED_DATE>
       <LAST_VM_AUTH_SCANNED_DURATION>229</LAST_VM_AUTH_SCANNED_DURATION>
       <LAST_COMPLIANCE_SCAN_DATETIME>2017-03-
        21T13:21:51Z</LAST_COMPLIANCE_SCAN_DATETIME>
     </HOST>
    </HOST_LIST>
  </RESPONSE>
</HOST_LIST_OUTPUT>

A truncated response is returned when the API request returns more host records than the truncation limit. In this case 1,000 host records are included in the XML output and the Warning message (shown below) indicates the URL you need to use to request the next 1,000 host records.

XML Output

<RESPONSE>
        ...
        <WARNING>
            <CODE>1980</CODE>
            <TEXT>100 record limit exceeded. Use URL to get next batch of results.</TEXT>
            <URL>
                <![CDATA[https://qualysapi.p01.eng.sjc01.qualys.com/api/3.0/fo/asset/host/?action=list&details=None&truncation_limit=100&id_min=145359]]>
            </URL>
        </WARNING>
    </RESPONSE>
...

API Request

curl -s -S -H 'X-Requested-With:curl demo2' -u "xx_xx:yyyy123#" -d "action=list&pc_auth_success_date_before=2022-06-06&details=All" "https://<qualys_base_url>/api/3.0/fo/asset/host/"

XML Output

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HOST_LIST_OUTPUT SYSTEM "https://<qualys_base_url>/api/3.0/fo/asset/host/dtd/list/output.dtd">
<host_list_output>
  <response>
    <datetime>2024-09-16T10:58:10Z</datetime>
    <host_list>
      <host>
        <id>2584392</id>
        <ip>11.11.11.111</ip>
        <tracking_method>Cloud Agent</tracking_method>
        <dns>compaix6lpr01</dns>
        <dns_data>
          <hostname>compaix6lpr01</hostname>
          <domain/>
          <fqdn/>
        </dns_data>
        <os>AIX 6.1.0.0</os>
        <qg_hostid>2f06cf12-c127-4cfa-93c1-2fe3b9a1cdec</qg_hostid>
        <last_boot>2022-04-01T18:03:47Z</last_boot>
        <first_found_date>2022-04-27T09:51:52Z</first_found_date>
        <last_activity>2022-05-11T05:36:34Z</last_activity>
        <agent_status>Manifest Downloaded</agent_status>
        <cloud_agent_running_on>QAGENT</cloud_agent_running_on>
        <last_compliance_scan_datetime>2022-05-11T06:52:31Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2022-05-11T06:39:13Z</pc_auth_success_date>
      </host>
      <host>
        <id>2588281</id>
        <ip>11.111.111.111</ip>
        <tracking_method>Cloud Agent</tracking_method>
        <dns>tomcat10.rdlab.in03.qualys.com</dns>
        <dns_data>
          <hostname>tomcat10</hostname>
          <domain>rdlab.in03.qualys.com</domain>
          <fqdn>tomcat10.rdlab.in03.qualys.com</fqdn>
        </dns_data>
        <os>CentOS Linux 7.5.1804 (Core) 7.5.1804</os>
        <qg_hostid>4400c88b-95ba-435d-94f2-8dfc1a1ebe38</qg_hostid>
        <last_boot>2022-01-14T05:41:41Z</last_boot>
        <hardware_uuid>422af3eb-59b3-d7c4-aa71-dd20780e4c0a</hardware_uuid>
        <first_found_date>2022-04-29T07:16:12Z</first_found_date>
        <last_activity>2022-05-17T09:08:13Z</last_activity>
        <agent_status>Configuration Downloaded</agent_status>
        <cloud_agent_running_on>QAGENT</cloud_agent_running_on>
        <last_compliance_scan_datetime>2022-05-17T00:12:37Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2022-05-17T00:15:23Z</pc_auth_success_date>
      </host>
      <host>
        <id>2612147</id>
        <ip>11.11.11.11</ip>
        <tracking_method>Cloud Agent</tracking_method>
        <dns>comwls14c</dns>
        <dns_data>
          <hostname>comwls14c</hostname>
          <domain/>
          <fqdn/>
        </dns_data>
        <os>CentOS Linux 7.8.2003 (Core) 7.8.2003</os>
        <qg_hostid>6020ae3c-cefa-4540-8690-aa9c23cdfd2d</qg_hostid>
        <last_boot>2021-06-15T06:52:48Z</last_boot>
        <hardware_uuid>420cf117-1fcb-0325-1d67-def7b2161823</hardware_uuid>
        <first_found_date>2022-05-05T11:48:45Z</first_found_date>
        <last_activity>2022-05-09T04:49:16Z</last_activity>
        <agent_status>Configuration Downloaded</agent_status>
        <cloud_agent_running_on>QAGENT</cloud_agent_running_on>
        <last_compliance_scan_datetime>2022-05-09T00:19:37Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2022-05-09T00:38:21Z</pc_auth_success_date>
      </host>
    </host_list>
  </response>
</host_list_output>

API Request

curl "<qualys-base_url>/api/4.0/fo/asset/host/?ips=11.111.11.111,11.111.11.111&action=list&details=All&cloud_agent_activationkey=1" -X POST -b "QualysSession=ae630e1f345b6503324a93d52b3a69de" -H "Content-Type: application/x-www-form-urlencoded" -H "X-Requested-With: curl demo2" -H "Accept: /" -H "Content-Length: 0" --compressed -k -v

XML Output

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE HOST_LIST_OUTPUT SYSTEM "https://
<qualys_base_url>/api/4.0/fo/asset/host/dtd/list/output.dtd">
    <HOST_LIST_OUTPUT>
        <RESPONSE>
            <DATETIME>2024-12-20T07:41:21Z</DATETIME>
            <HOST_LIST>
                <HOST>
                    <ID>5962587</ID>
                    <IP>11.111.11.111</IP>
                    <TRACKING_METHOD>Cloud Agent</TRACKING_METHOD>
                    <NETWORK_ID>0</NETWORK_ID>
                    <DNS>
                        <![CDATA[centos7-dns-11-111.rdlab.com]]>
                    </DNS>
                    <DNS_DATA>
                        <HOSTNAME>
                            <![CDATA[centos7-hostname-11-111]]>
                        </HOSTNAME>
                        <DOMAIN>
                            <![CDATA[rdlab.com]]>
                        </DOMAIN>
                        <FQDN>
                            <![CDATA[centos7-fqdn-11-111.rdlab.com]]>
                        </FQDN>
                    </DNS_DATA>
                    <OS>
                        <![CDATA[CentOS Linux 7.9.2009]]>
                    </OS>
                    <QG_HOSTID>
                        <![CDATA[b4192ceb-de61-4884-b392-55135e14ce25]]>
                    </QG_HOSTID>
                    <LAST_BOOT>2024-06-07T04:33:55Z</LAST_BOOT>
                    <SERIAL_NUMBER>
                        <![CDATA[VMware-42 2a 6c b2 02 2c 46 38-fb 92 8d 5f 02 44 b4 ac]]>
                    </SERIAL_NUMBER>
                    <HARDWARE_UUID>
                        <![CDATA[b26c2a42-2c02-3846-fb92-8d5f0244b4ac]]>
                    </HARDWARE_UUID>
                    <FIRST_FOUND_DATE>2024-08-07T07:32:25Z</FIRST_FOUND_DATE>
                    <LAST_ACTIVITY>2024-08-12T10:20:55Z</LAST_ACTIVITY>
                    <AGENT_STATUS>
                        <![CDATA[Inventory Scan Complete]]>
                    </AGENT_STATUS>
                    <CLOUD_AGENT_RUNNING_ON>
                        <![CDATA[QAGENT]]>
                    </CLOUD_AGENT_RUNNING_ON>
                    <AGENT_ACTIVATION_TITLE>
                        <![CDATA[title_Activation_key]]>
                    </AGENT_ACTIVATION_TITLE>
                    <AGENT_ACTIVATION_KEY>
                        <![CDATA[e5decf50-c20a-4782-8e9e-b6a712261a4d]]>
                    </AGENT_ACTIVATION_KEY>
                    <LAST_VULN_SCAN_DATETIME>2024-08-13T03:41:08Z</LAST_VULN_SCAN_DATETIME>
                    <LAST_VM_SCANNED_DATE>2024-08-13T03:41:08Z</LAST_VM_SCANNED_DATE>
                    <LAST_VM_AUTH_SCANNED_DATE>2024-08-13T03:41:08Z</LAST_VM_AUTH_SCANNED_DATE>
                    <LAST_COMPLIANCE_SCAN_DATETIME>2024-08-12T18:33:51Z</LAST_COMPLIANCE_SCAN_DATETIME>
                </HOST>
                <HOST>
                    <ID>5962589</ID>
                    <IP>11.111.11.111</IP>
                    <TRACKING_METHOD>Cloud Agent</TRACKING_METHOD>
                    <NETWORK_ID>0</NETWORK_ID>
                    <DNS>
                        <![CDATA[centos7-dns-11-111.rdlab.com]]>
                    </DNS>
                    <DNS_DATA>
                        <HOSTNAME>
                            <![CDATA[centos7-hostname-11-111]]>
                        </HOSTNAME>
                        <DOMAIN>
                            <![CDATA[rdlab.com]]>
                        </DOMAIN>
                        <FQDN>
                            <![CDATA[centos7-fqdn-11-111.rdlab.com]]>
                        </FQDN>
                    </DNS_DATA>
                    <OS>
                        <![CDATA[CentOS Linux 7.9.2009]]>
                    </OS>
                    <QG_HOSTID>
                        <![CDATA[0714edfe-8a72-44d9-98eb-95401672b235]]>
                    </QG_HOSTID>
                    <LAST_BOOT>2024-06-07T04:45:05Z</LAST_BOOT>
                    <SERIAL_NUMBER>
                        <![CDATA[VMware-42 2a 60 7f 5c 9d 67 71-4b 17 71 35 9b 73 28 d4]]>
                    </SERIAL_NUMBER>
                    <HARDWARE_UUID>
                        <![CDATA[7f602a42-9d5c-7167-4b17-71359b7328d4]]>
                    </HARDWARE_UUID>
                    <FIRST_FOUND_DATE>2024-08-07T07:32:25Z</FIRST_FOUND_DATE>
                    <LAST_ACTIVITY>2024-09-19T12:05:05Z</LAST_ACTIVITY>
                    <AGENT_STATUS>
                        <![CDATA[Inventory Scan Complete]]>
                    </AGENT_STATUS>
                    <CLOUD_AGENT_RUNNING_ON>
                        <![CDATA[QAGENT]]>
                    </CLOUD_AGENT_RUNNING_ON>
                    <AGENT_ACTIVATION_KEY>
                        <![CDATA[fcce41e6-446e-4818-bf3e-4b3e3860574b]]>
                    </AGENT_ACTIVATION_KEY>
                    <LAST_VULN_SCAN_DATETIME>2024-09-19T09:54:48Z</LAST_VULN_SCAN_DATETIME>
                    <LAST_VM_SCANNED_DATE>2024-09-19T09:54:48Z</LAST_VM_SCANNED_DATE>
                    <LAST_VM_AUTH_SCANNED_DATE>2024-09-19T09:54:48Z</LAST_VM_AUTH_SCANNED_DATE>
                    <LAST_COMPLIANCE_SCAN_DATETIME>2024-09-19T04:25:11Z</LAST_COMPLIANCE_SCAN_DATETIME>
                </HOST>
                <HOST>
                    <ID>6060439</ID>
                    <IP>11.111.11.111</IP>
                    <TRACKING_METHOD>IP</TRACKING_METHOD>
                    <NETWORK_ID>6008</NETWORK_ID>
                    <OS>
                        <![CDATA[EulerOS / SuSE Linux / Scientific Linux]]>
                    </OS>
                    <FIRST_FOUND_DATE>2024-08-22T18:10:07Z</FIRST_FOUND_DATE>
                    <LAST_VULN_SCAN_DATETIME>2024-09-01T18:03:32Z</LAST_VULN_SCAN_DATETIME>
                    <LAST_VM_SCANNED_DATE>2024-09-01T18:03:32Z</LAST_VM_SCANNED_DATE>
                    <LAST_VM_SCANNED_DURATION>519</LAST_VM_SCANNED_DURATION>
                </HOST>
                <HOST>
                    <ID>6060639</ID>
                    <IP>11.111.11.111</IP>
                    <TRACKING_METHOD>IP</TRACKING_METHOD>
                    <NETWORK_ID>6008</NETWORK_ID>
                    <OS>
                        <![CDATA[EulerOS / SuSE Linux / Scientific Linux]]>
                    </OS>
                    <FIRST_FOUND_DATE>2024-08-22T18:10:07Z</FIRST_FOUND_DATE>
                    <LAST_VULN_SCAN_DATETIME>2024-09-01T18:03:58Z</LAST_VULN_SCAN_DATETIME>
                    <LAST_VM_SCANNED_DATE>2024-09-01T18:03:58Z</LAST_VM_SCANNED_DATE>
                    <LAST_VM_SCANNED_DURATION>544</LAST_VM_SCANNED_DURATION>
                </HOST>
            </HOST_LIST>
        </RESPONSE>
    </HOST_LIST_OUTPUT>

Parameter	Optional/Required	Data Type	Description
action=list	Required	String	Specify to make a host list request.
os_hostname={0\|1}	Optional	Integer	Specify 1 to view the OS hostname in the XML output of Host List API request. Else, the OS hostname is not displayed in the XML output. By default this parameter is set to 0.
echo_request={0\|1}	Optional	Integer	Specify 1 to view input parameters in the XML output. When unspecified, parameters are not included in the XML output.
show_asset_id={0\|1}	Optional	Integer	When specified, we show the asset ID of the scanned hosts in the output. The default value of this parameter is set to 0. When set to 0, we do not show the asset id information for the scanned hosts.
details={Basic\| Basic/AGs \| All\|All/ AGs \| None}	Optional	Boolean	Show the requested amount of host information for each host. A valid value is: Basic, Basic/AGs, All, All/AGs, or None. Basic - (default) Show basic host information. Basic host information includes the host ID, IP address, tracking method, DNS and NetBIOS hostnames, and operating system. Basic/AGs - Show basic host information plus asset group information. Asset group information includes the asset group ID and title. All - Show all host information. All host information includes the basic host information plus the last vulnerability and compliance scan dates. All/AGs - Show all host information plus asset group information. Asset group information includes the asset group ID and title. None - Show only the host ID.
os_pattern={expression}	Optional	String	Show only hosts which have an operating system matching a certain regular expression. An empty value cannot be specified. Use “%5E%24” to match empty string. Important: The regular expression string you enter must follow the PCRE standard and it must be URL encoded. Refer to Sample regular expression strings for matching OS names. Click here for info on PCRE format.
truncation_limit={value}	Optional	Integer	Specify the maximum number of host records processed per request. When not specified, the truncation limit is set to 1000 host records. You may specify a value less than the default (1-999) or greater than the default (1001-1000000). If the requested list identifies more host records than the truncation limit, then the XML output includes the <WARNING> element and the URL for making another request for the next batch of host records. See example: Sample - Record Limit Exceeded Warning You can specify truncation_limit=0 for no truncation limit. This means that the output is not paginated and all the records are returned in a single output. WARNING: This can generate very large output and processing large XML files can consume a lot of resources on the client side. In this case it is recommended to use the pagination logic and parallel processing. The previous page can be processed while the next page is downloaded.
ips={value}	Optional	Integer	Show only certain IP addresses/ranges. One or more IPs/ranges may be specified. Multiple entries are comma separated. An IP range is specified with a hyphen (for example, 10.10.10.1-10.10.10.100).
ipv6={value}	Optional	Integer	A valid IPv6 address. Multiple entries are comma separated. If ipv6 is used as filter parameter then other target input filter parameters are not accepted.
ag_ids={value}	Optional	String	Show only hosts belonging to asset groups with certain IDs. One or more asset group IDs and/or ranges may be specified. Multiple entries are comma separated. A range is specified with a dash (for example, 386941-386945). Valid asset group IDs are required.
ag_titles={value}	Optional	String	Show only hosts belonging to asset groups with certain strings in the asset group title. One or more asset group titles may be specified. Multiple entries are comma separated (for example, My+First+Asset+Group,Another+Asset+Group).
ids={value}	Optional	Integer	Show only certain host IDs/ranges. One or more host IDs/ranges may be specified. Multiple entries are comma separated. A host ID range is specified with a hyphen (for example, 190-400).Valid host IDs are required.
id_min={value}	Optional	Integer	Show only hosts which have a minimum host ID value. A valid host ID is required.
id_max={value}	Optional	Integer	Show only hosts which have a maximum host ID value. A valid host ID is required.
network_ids={value}	Optional, and valid only when the Network Support feature is enabled for the user’s account	Integer	Restrict the request to certain custom network IDs. Multiple network IDs are comma separated.
compliance_enabled={0\|1}	Optional	Integer	This parameter is valid only when the policy compliance module is enabled for the user account. This parameter is invalid for an Express Lite user. Use this parameter to filter the scanned hosts list to show either: 1) a list of scanned compliance hosts, or 2) a list of scanned vulnerability management hosts. Specify 1 to list scanned compliance hosts in the user’s account. These hosts are assigned to the policy compliance module. Specify 0 to list scanned hosts which are not assigned to the policy compliance module. A user can specify 0 only when the user has compliance management privileges. For a Unit Manager, Scanner or Reader, the "Manage compliance" permission must be enabled in the user account. If this permission is not enabled and the user makes a request with this parameter set to 0, the request fails with an error (unknown parameter).
cloud_agent_activationkey={0\|1}	Optional	Integer	Specify 1, to have two tags AGENT_ACTIVATION_KEY and AGENT_ACTIVATION_TITLE in the response for appropriate assets.
Date Filters
no_vm_scan_since= {date}	Optional	Integer	Show hosts not scanned since a certain date and time (optional). The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2007-07-01” or “2007-01-25T23:12:00Z”. Permissions: An Auditor cannot specify this parameter.
no_compliance_scan_ since={date}	Optional	Integer	Show compliance hosts not scanned since a certain date and time (optional). This parameter is invalid for an Express Lite user. The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2007-07-01” or “2007-01-25T23:12:00Z”. Permissions - A sub-account (Unit Manager, Scanner or Reader) can specify this parameter only when the user is granted permissions to manage compliance information.
vm_scan_since={date}	Optional	Integer	Show hosts that were last scanned for vulnerabilities since a certain date and time (optional). Hosts that were the target of a vulnerability scan since the date/time will be shown. Date/time is specified in this format: YYYY-MM-DD[THH:MM:SSZ] (UTC/GMT). Permissions: An Auditor cannot specify this parameter.
compliance_scan_ since={date}	Optional	Integer	Show hosts that were last scanned for compliance since a certain date and time (optional). Hosts that were the target of a compliance scan since the date/time will be shown. This parameter is invalid for an Express Lite user. Date/time is specified in this format: YYYY-MM-DD[THH:MM:SSZ] (UTC/GMT). Permissions - A sub-account (Unit Manager, Scanner or Reader) can specify this parameter only when the user is granted permissions to manage compliance information.
vm_processed_ before={date}	Optional	Integer	Show hosts with vulnerability scan results processed before a certain date and time. Specify the date in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:00Z”. Note: When a date is provided without a specific time, the query includes the data on or before the specified date, meaning that the specified date itself is included in the search query.
vm_processed_ after={date}	Optional	Integer	Show hosts with vulnerability scan results processed after a certain date and time. Specify the date in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:00Z”. Note: When a date is provided without a specific time, the query includes the data after the specified date, meaning that the specified date is excluded from the search query.
vm_scan_date_ before={date}	Optional	Integer	Show hosts with a vulnerability scan end date before a certain date and time. Specify the date in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:00Z”. Note: When a date is provided without a specific time, the query includes the data on or before the specified date, meaning that the specified date itself is included in the search query.
vm_scan_date_ after={date}	Optional	Integer	Show hosts with a vulnerability scan end date after a certain date and time. Specify the date in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:00Z”. Note: When a date is provided without a specific time, the query includes the data after the specified date, meaning that the specified date is excluded from the search query.
vm_auth_scan_date_ before={date}	Optional	Integer	Show hosts with a successful authenticated vulnerability scan end date before a certain date and time. Specify the date in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:00Z”. Note: When a date is provided without a specific time, the query includes the data on or before the specified date, meaning that the specified date itself is included in the search query.
vm_auth_scan_date_ after={date}	Optional	Integer	Show hosts with a successful authenticated vulnerability scan end date after a certain date and time. Specify the date in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:00Z”. Note: When a date is provided without a specific time, the query includes the data after the specified date, meaning that the specified date is excluded from the search query.
pc_auth_success_date_ before={date}	Optional	Integer	Show hosts with a successful compliance scan end date before a certain date and time. Specify the date in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:00Z”. Note: When a date is provided without a specific time, the query includes the data on or before the specified date, meaning that the specified date itself is included in the search query.
pc_auth_success_date_ after={date}	Optional	Integer	Show hosts with a successful compliance scan end date after a certain date and time. Specify the date in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2016-09-12” or “2016-09-12T23:15:00Z”. Note: When a date is provided without a specific time, the query includes the data after the specified date, meaning that the specified date is excluded from the search query.
scap_scan_since={date}	Optional	Integer	Show hosts that were last scanned for SCAP since a certain date and time. Hosts that were the target of a SCAP scan since the date/time will be shown. This parameter is invalid for an Express Lite user. Valid date format is: YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2018-07-01” or “2018-01-25T23:12:00Z”.
no_scap_scan_since={date}	Optional	Integer	Show hosts not scanned for SCAP since a certain date and time. This parameter is invalid for an Express Lite user. Valid date format is: YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2018-07-01” or “2018-01-25T23:12:00Z”.
Asset Tags
use_tags={0\|1}	Optional	Integer	Specify 0 (the default) if you want to select hosts based on IP addresses/ranges and/or asset groups. Specify 1 if you want to select hosts based on asset tags.
tag_set_by={id\|name}	Optional when use_tags=1	Integer	Specify “id” (the default) to select a tag set by providing tag IDs. Specify “name” to select a tag set by providing tag names.
tag_include_selector= {any\|all}	Optional when use_tags=1	Boolean	Select “any” (the default) to include hosts that match at least one of the selected tags. Select “all” to include hosts that match all of the selected tags.
tag_exclude_selector= {any\|all}	Optional when use_tags=1	Boolean	Select “any” (the default) to exclude hosts that match at least one of the selected tags. Select “all” to exclude hosts that match all of the selected tags.
tag_set_include= {value}	Optional when use_tags=1	Integer	Specify a tag set to include. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. Multiple entries are comma separated.
tag_set_exclude= {value}	Optional when use_tags=1	Integer	Specify a tag set to exclude. Hosts that match these tags will be excluded. You identify the tag set by providing tag name or IDs. Multiple entries are comma separated.
show_tags={0\|1}	Optional	Integer	Specify 1 to display asset tags associated with each host in the XML output.
Asset Risk Score (ARS)			Note: The ARS parameters will be retained for the next few releases. However, there will be a future update where these parameters will be removed with advance notification. You must start using the new TruRisk parameters mentioned below.
show_ars={0\|1}	Optional	Integer	Specify 1 to show the ARS value in the output. Specify 0 if you do not want to show the ARS value.
ars_min={value}	Optional	Integer	Show only asset records with a ARS value greater than or equal to the ARS min value specified. ars_min can only be specified when show_ars=1. When ars_min and ars_max are specified in the same request, the ars_min value must be less than the ars_max value.
ars_max={value}	Optional	Integer	Show only detection records with an ARS value less than or equal to the ARS max value specified. ars_max can only be specified when show_ars=1. When ars_min and ars_max are specified in the same request, the ars_min value must be less than the ars_max value.
show_ars_factors={0\|1}	Optional	Integer	Specify 1 to show ARS contributing factors associated with each asset record in the output. Specify 0 if you do not want to show ARS contributing factors.
TruRisk Score
show_trurisk={0\|1}	Optional	Integer	Specify 1 to show the TruRisk value in the output. Specify 0 if you do not want to show the TruRisk value.
trurisk_min={value}	Optional	Integer	Show only asset records with a TruRisk value greater than or equal to the TruRisk min value specified. trurisk_min can only be specified when show_trurisk=1. When trurisk_min and trurisk_max are specified in the same request, the trurisk_min value must be less than the trurisk_max value.
trurisk_max={value}	Optional	Integer	Show only detection records with an TruRisk value less than or equal to the TruRisk max value specified. trurisk_max can only be specified when show_trurisk=1. When trurisk_min and trurisk_max are specified in the same request, the trurisk_min value must be less than the trurisk_max value.
show_trurisk_factors={0\|1}	Optional	Integer	Specify 1 to show TruRisk contributing factors associated with each asset record in the output. Specify 0 if you do not want to show TruRisk contributing factors.
AWS EC2/Azure/GCP metadata
host_metadata={value}	Optional	Boolean	Specify “all” to list all assets (cloud and noncloud assets) and the metadata output applicable for cloud assets. For example, if the value is set to ec2, the output lists all assets (cloud and non cloud assets), andthe metadata applicable only for ec2 assets. Valid values: all, ec2, google, azure.
host_metadata_fields= {value1,value2}	Optional when host_metadata is specified	Boolean	Specify metadata fields to only return data for certain attributes.
show_cloud_tags={0\|1}	Optional	Integer	Specify 1 to display cloud provider tags for each scanned host asset in the output. The default value of the parameter is set to 0. When set to 0, we will not show the cloud provider tags for the scanned assets.
cloud_tag_fields {value1, value2}	Optional when show_cloud_tags is specified	Boolean	Specify cloud tags or cloud tag and name combinations to only return information for specified cloud tags. A cloud tag name and value combination is specified with a colon (for example:SomeTag6:AY_ec2). For each cloud tag, we show the cloud tag’s name, its value, and last success date (the tag last success date/time, fetched from instance). If this parameter is not specified and "show_cloud_tags" is set to 1, we will show all the cloud provider tags for the assets.

If a host has a missing or null value for Information Gathered (IG) processed date or vulnerability processed date, it will be excluded when using the vm_processed_before parameter in the Host List API. To include these hosts in the results, use the vm_scan_date_before parameter.

API Request

curl --location --request POST 'https://<qualys_base_url>/api/4.0/fo/asset/host/?action=list&compliance_enabled=1&os_pattern=%5EWindows.*2%24&cloud_agent_activationkey=0' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'X-Requested-With: curl demo2' \
--header 'Accept: */*' \
--header 'Content-Length: 0' \
--header 'Authorization: Basic Encoded username:passwordstring'

XML Output

 <HOST_LIST_OUTPUT>
    <RESPONSE>
        <DATETIME>2025-01-09T07:34:37Z</DATETIME>
        <HOST_LIST>
            <HOST>
                <ID>66942</ID>
                <IP>11.11.11.11</IP>
                <TRACKING_METHOD>IP</TRACKING_METHOD>
                <NETWORK_ID>0</NETWORK_ID>
                <DNS>
                    <![CDATA[2k3sp2-25-12.2k3.patch.ad.vuln.qa.qualys.com]]>
                </DNS>
                <DNS_DATA>
                    <HOSTNAME>
                        <![CDATA[2k3sp2-25-12]]>
                    </HOSTNAME>
                    <DOMAIN>
                        <![CDATA[2k3.patch.ad.vuln.qa.qualys.com]]>
                    </DOMAIN>
                    <FQDN>
                        <![CDATA[2k3sp2-25-12.2k3.patch.ad.vuln.qa.qualys.com]]>
                    </FQDN>
                </DNS_DATA>
                <NETBIOS>
                    <![CDATA[2K3SP2-25-12]]>
                </NETBIOS>
                <OS>
                    <![CDATA[Windows 2003 R2 Service Pack 2]]>
                </OS>
                <FIRST_FOUND_DATE>2016-11-15T07:39:22Z</FIRST_FOUND_DATE>
            </HOST>
            <HOST>
                <ID>66950</ID>
                <IP>11.11.11.1</IP>
                <TRACKING_METHOD>IP</TRACKING_METHOD>
                <NETWORK_ID>0</NETWORK_ID>
                <DNS>
                    <![CDATA[pci-2k3sp2-25-9]]>
                </DNS>
                <DNS_DATA>
                    <HOSTNAME>
                        <![CDATA[pci-2k3sp2-25-9]]>
                    </HOSTNAME>
                    <DOMAIN />
                    <FQDN />
                </DNS_DATA>
                <NETBIOS>
                    <![CDATA[PCI-2K3SP2-25-9]]>
                </NETBIOS>
                <OS>
                    <![CDATA[Windows 2003 R2 Service Pack 2]]>
                </OS>
                <FIRST_FOUND_DATE>2018-01-26T23:48:25Z</FIRST_FOUND_DATE>
            </HOST>
            <HOST>
                <ID>141141</ID>
                <IP>11.11.11.11</IP>
                <TRACKING_METHOD>IP</TRACKING_METHOD>
                <NETWORK_ID>0</NETWORK_ID>
                <DNS>
                    <![CDATA[com-sql-24-68.lab.ad.vuln.qa.qualys.com]]>
                </DNS>
                <DNS_DATA>
                    <HOSTNAME>
                        <![CDATA[com-sql-24-68]]>
                    </HOSTNAME>
                    <DOMAIN>
                        <![CDATA[lab.ad.vuln.qa.qualys.com]]>
                    </DOMAIN>
                    <FQDN>
                        <![CDATA[com-sql-24-68.lab.ad.vuln.qa.qualys.com]]>
                    </FQDN>
                </DNS_DATA>
                <NETBIOS>
                    <![CDATA[COM-SQL-24-68]]>
                </NETBIOS>
                <OS>
                    <![CDATA[Windows 2003 Service Pack 2]]>
                </OS>
                <FIRST_FOUND_DATE>2018-01-26T23:48:25Z</FIRST_FOUND_DATE>
            </HOST>
            <HOST>
                <ID>141142</ID>
                <IP>11.11.11.111</IP>
                <TRACKING_METHOD>IP</TRACKING_METHOD>
                <NETWORK_ID>0</NETWORK_ID>
                <DNS>
                    <![CDATA[win2k3r2-64bit.lab.ad.vuln.qa.qualys.com]]>
                </DNS>
                <DNS_DATA>
                    <HOSTNAME>
                        <![CDATA[win2k3r2-64bit]]>
                    </HOSTNAME>
                    <DOMAIN>
                        <![CDATA[lab.ad.vuln.qa.qualys.com]]>
                    </DOMAIN>
                    <FQDN>
                        <![CDATA[win2k3r2-64bit.lab.ad.vuln.qa.qualys.com]]>
                    </FQDN>
                </DNS_DATA>
                <NETBIOS>
                    <![CDATA[WIN2K3R2-64BIT]]>
                </NETBIOS>
                <OS>
                    <![CDATA[Windows 2003 R2 Service Pack 2]]>
                </OS>
                <FIRST_FOUND_DATE>2017-11-07T09:10:49Z</FIRST_FOUND_DATE>
            </HOST>
            <HOST>
                <ID>141146</ID>
                <IP>11.11.11.111</IP>
                <TRACKING_METHOD>IP</TRACKING_METHOD>
                <NETWORK_ID>0</NETWORK_ID>
                <DNS>
                    <![CDATA[vstasp2u-26-106]]>
                </DNS>
                <DNS_DATA>
                    <HOSTNAME>
                        <![CDATA[vstasp2u-26-106]]>
                    </HOSTNAME>
                    <DOMAIN />
                    <FQDN />
                </DNS_DATA>
                <NETBIOS>
                    <![CDATA[VSTASP2U-26-106]]>
                </NETBIOS>
                <OS>
                    <![CDATA[Windows Vista Enterprise Service Pack 2]]>
                </OS>
                <FIRST_FOUND_DATE>2017-11-07T09:11:25Z</FIRST_FOUND_DATE>
            </HOST>
            <HOST>
                <ID>141159</ID>
                <IP>11.11.11.11</IP>
                <TRACKING_METHOD>IP</TRACKING_METHOD>
                <NETWORK_ID>0</NETWORK_ID>
                <DNS>
                    <![CDATA[was-2k3-30-58]]>
                </DNS>
                <DNS_DATA>
                    <HOSTNAME>
                        <![CDATA[was-2k3-30-58]]>
                    </HOSTNAME>
                    <DOMAIN />
                    <FQDN />
                </DNS_DATA>
                <NETBIOS>
                    <![CDATA[WAS-2K3-30-58]]>
                </NETBIOS>
                <OS>
                    <![CDATA[Windows 2003 Service Pack 2]]>
                </OS>
                <FIRST_FOUND_DATE>2017-11-07T09:13:35Z</FIRST_FOUND_DATE>
            </HOST>
        </HOST_LIST>
    </RESPONSE>
</HOST_LIST_OUTPUT>

API Request

curl --location --request GET '/api/4.0/fo/asset/host/?action=list&show_asset_id=1&host_metadata=all&details=All'--header 'X-Requested-With: curl'--header 'Authorization: token>'

XML Output

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HOST_LIST_OUTPUT SYSTEM "https://<qualys_base_url>/api/4.0/fo/asset/host/dtd/list/output.dtd">
<host_list_output>
  <response>
    <datetime>2024-09-17T07:16:54Z</datetime>
    <host_list>
      <host>
        <id>1295154</id>
        <asset_id>5856721</asset_id>
        <ip>11.11.11.11</ip>
        <tracking_method>IP</tracking_method>
        <os>JUNOS 15.1R6-S2.1</os>
        <first_found_date>2020-08-18T07:08:12Z</first_found_date>
        <last_compliance_scan_datetime>2020-08-18T07:04:32Z</last_compliance_scan_datetime>
      </host>
      <host>
        <id>1295155</id>
        <asset_id>5856524</asset_id>
        <ip>11.11.11.11</ip>
        <tracking_method>IP</tracking_method>
        <netbios>COM-XP-64-32-93</netbios>
        <first_found_date>2020-08-18T07:08:14Z</first_found_date>
        <last_compliance_scan_datetime>2020-08-18T07:04:32Z</last_compliance_scan_datetime>
      </host>
....
      <host>
        <id>6162135</id>
        <asset_id>47773653</asset_id>
        <ip>11.11.11.11</ip>
        <tracking_method>Cloud Agent</tracking_method>        <dns>singlestore_test.comp.rdlab.qualys.com</dns>
        <dns_data>          <hostname>singlestore_test</hostname>        <domain>comp.rdlab.qualys.com</domain>          <fqdn>singlestore_test.comp.rdlab.qualys.com</fqdn>
        </dns_data>
        <os>Oracle Enterprise Linux 8.6</os>
        <qg_hostid>24a561a4-5746-4bcb-8229-009a3d4034f2</qg_hostid>
        <last_boot>2024-09-16T09:16:35Z</last_boot>
        <serial_number>VMware-42 2e 4c 03 e3 e6 ba c1-53 66 da 59 f9 60 c4 0a</serial_number>
        <hardware_uuid>034c2e42-e6e3-c1ba-5366-da59f960c40a</hardware_uuid>
        <first_found_date>2024-09-13T09:37:09Z</first_found_date>
        <last_activity>2024-09-17T07:15:35Z</last_activity>
        <agent_status>Inventory Scan Complete</agent_status>        <cloud_agent_running_on>QAGENT</cloud_agent_running_on>        <last_compliance_scan_datetime>2024-09-17T06:46:48Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2024-09-17T06:48:56Z</pc_auth_success_date>
      </host>
      <host>
        <id>6171463</id>
        <asset_id>47817089</asset_id>
        <ip>11.11.11.11</ip>        <tracking_method>IP</tracking_method>
        <os>Oracle Enterprise Linux 8.6</os>
        <first_found_date>2024-09-16T17:55:07Z</first_found_date>       <last_compliance_scan_datetime>2024-09-16T17:30:19Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2024-09-16T17:55:08Z</pc_auth_success_date>
      </host>
    </host_list>
    <glossary>
      <user_list>
        <user>          <user_login>username</user_login>          <first_name>xxxx</first_name>
          <last_name>yyyy</last_name>
        </user>
      </user_list>
    </glossary>
  </response>
</host_list_output>

API Request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl""https://<qualys_base_url>/api/4.0/fo/asset/host/?action=list&truncation_limit=10&details=All/AGs&vm_scan_date_before=2017-09-14T06:32:15Z&vm_auth_scan_date_before=2017-09-14T06:32:15Z&vm_scan_date_after=2016-05-12T06:32:15Z&vm_auth_scan_date_after=2016-05-12T06:32:15Z&vm_processed_before=2017-09&scap_scan_since=2018-08-29-14T06:33:24Z&vm_processed_after=2016-09-12T06:33:24Z"-12T06:33:24Z"

API Request

curl --location '<qualys_base_url>/api/4.0/fo/asset/host/?action=list&ips=10.115.126.190&show_trurisk=1&trurisk_min=1&trurisk_max=1000&show_trurisk_factors=1'
--header 'X-Requested-With: curl demo2' 
--header 'Authorization: Basic <token>'

XML Output

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE HOST_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/4.0/fo/asset/host/dtd/list/output.dtd">
<HOST_LIST_OUTPUT>
  <RESPONSE>
    <DATETIME>2023-06-21T06:46:04Z</DATETIME>
    <HOST_LIST>
      <HOST>
        <ID>1800139</ID>
        <IP>11.111.111.111</IP>
        <ASSET_RISK_SCORE>680</ASSET_RISK_SCORE>
        <TRURISK_SCORE>680</TRURISK_SCORE>
        <ASSET_CRITICALITY_SCORE>4</ASSET_CRITICALITY_SCORE>
        <TRURISK_SCORE_FACTORS>
          <TRURISK_SCORE_FORMULA>4 * {(1.0*95*(14^0.01))+(0.6*74*(31^0.01))+(0.4*47*(73^0.01))+(0.2*33*(66^0.01))}</TRURISK_SCORE_FORMULA>
          <VULN_COUNT qds_severity="1">0</VULN_COUNT>
          <VULN_COUNT qds_severity="2">66</VULN_COUNT>
          <VULN_COUNT qds_severity="3">73</VULN_COUNT>
          <VULN_COUNT qds_severity="4">31</VULN_COUNT>
          <VULN_COUNT qds_severity="5">14</VULN_COUNT>
        </TRURISK_SCORE_FACTORS>
        <TRACKING_METHOD>Cloud Agent</TRACKING_METHOD>
        <NETWORK_ID>0</NETWORK_ID>
        <DNS><![CDATA[ca1.rdlab.in03.qualys.com.abc123]]></DNS>
        <DNS_DATA>
          <HOSTNAME><![CDATA[ca1]]></HOSTNAME>
          <DOMAIN><![CDATA[rdlab.in03.qualys.com.abc123]]></DOMAIN>
          <FQDN><![CDATA[ca1.rdlab.in03.qualys.com.abc123]]></FQDN>
        </DNS_DATA>
        <NETBIOS><![CDATA[SYS_10_115_126_190]]></NETBIOS>
        <OS><![CDATA[CentOS Linux 7.5.1804]]></OS>
        <QG_HOSTID><![CDATA[6fc281d4-40e2-4145-bcaa-753f3f0d57d7]]></QG_HOSTID>
        <LAST_BOOT>2022-05-27T18:18:43Z</LAST_BOOT>
        <SERIAL_NUMBER><![CDATA[VMware-56 4d 99 7a 19 f5 a6 94-b5 f0 07 68 7c 9a e5 b5]]></SERIAL_NUMBER>
        <HARDWARE_UUID><![CDATA[564D997A-19F5-A694-B5F0-07687C9AE5B5]]></HARDWARE_UUID>
        <FIRST_FOUND_DATE>2021-07-28T08:37:55Z</FIRST_FOUND_DATE>
        <LAST_ACTIVITY>2023-06-21T06:15:43Z</LAST_ACTIVITY>
        <AGENT_STATUS><![CDATA[Inventory Scan Complete]]></AGENT_STATUS>
        <CLOUD_AGENT_RUNNING_ON><![CDATA[QAGENT]]></CLOUD_AGENT_RUNNING_ON>
      </HOST>
      ...
    </HOST_LIST>
  </RESPONSE>
</HOST_LIST_OUTPUT>

API Request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl" -X POST"action=list&details=All&host_metadata=ec2&host_metadata_fields=region,accountId,instanceId" "https://<qualys_base_url>/api/4.0/fo/asset/host/"

XML Output

<!DOCTYPE HOST_LIST_OUTPUT SYSTEM "https://<qualys_base_url>/api/4.0/fo/asset/host/host_list_output.dtd">
<HOST_LIST_OUTPUT>
  <RESPONSE>
    <DATETIME>2017-04-15T09:50:46Z</DATETIME>
    <HOST_LIST>
       <HOST>
       <ID>135151</ID>
       <IP>11.11.1.111</IP>
       <TRACKING_METHOD>EC2</TRACKING_METHOD>
       <DNS><![CDATA[i-0bb87c3281243cdfd]]></DNS>
       <EC2_INSTANCE_ID><![CDATA[i-0bb87c3281243cdfd]]></EC2_INSTANCE_ID>
       <OS><![CDATA[Amazon Linux 2016.09]]></OS>
       <METADATA>
         <EC2>
           <ATTRIBUTE>
             <NAME><![CDATA[latest/dynamic/instance-
              identity/document/region]]></NAME>
             <LAST_STATUS>Success</LAST_STATUS>
             <VALUE><![CDATA[us-east-1]]></VALUE>
             <LAST_SUCCESS_DATE>2017-03-21T13:39:38Z</LAST_SUCCESS_DATE>
             <LAST_ERROR_DATE></LAST_ERROR_DATE>
             <LAST_ERROR><![CDATA[]]></LAST_ERROR>
           </ATTRIBUTE>
           <ATTRIBUTE>
             <NAME><![CDATA[latest/dynamic/instance-
              identity/document/instanceId]]></NAME>
             <LAST_STATUS>Success</LAST_STATUS>
             <VALUE><![CDATA[i-0bb87c3281243cdfd]]></VALUE>
             <LAST_SUCCESS_DATE>2017-03-21T13:39:38Z</LAST_SUCCESS_DATE>
             <LAST_ERROR_DATE></LAST_ERROR_DATE>
             <LAST_ERROR><![CDATA[]]></LAST_ERROR>
           </ATTRIBUTE>
           <ATTRIBUTE>
             <NAME><![CDATA[latest/dynamic/instance-
              identity/document/accountId]]></NAME>
             <LAST_STATUS>Success</LAST_STATUS>
             <VALUE><![CDATA[205767712438]]></VALUE>
             <LAST_SUCCESS_DATE>2017-03-21T13:39:38Z</LAST_SUCCESS_DATE>
             <LAST_ERROR_DATE></LAST_ERROR_DATE>
             <LAST_ERROR><![CDATA[]]></LAST_ERROR>
           </ATTRIBUTE>
         </EC2>
       </METADATA>
       <LAST_VULN_SCAN_DATETIME>2017-03-
        21T13:39:38Z</LAST_VULN_SCAN_DATETIME>
       <LAST_VM_SCANNED_DATE>2017-03-21T13:39:38Z</LAST_VM_SCANNED_DATE>
       <LAST_VM_SCANNED_DURATION>229</LAST_VM_SCANNED_DURATION>
       <LAST_VM_AUTH_SCANNED_DATE>2017-03-
        21T13:39:38Z</LAST_VM_AUTH_SCANNED_DATE>
       <LAST_VM_AUTH_SCANNED_DURATION>229</LAST_VM_AUTH_SCANNED_DURATION>
       <LAST_COMPLIANCE_SCAN_DATETIME>2017-03-
        21T13:21:51Z</LAST_COMPLIANCE_SCAN_DATETIME>
     </HOST>
    </HOST_LIST>
  </RESPONSE>
</HOST_LIST_OUTPUT>

A truncated response is returned when the API request returns more host records than the truncation limit. In this case 1,000 host records are included in the XML output and the Warning message (shown below) indicates the URL you need to use to request the next 1,000 host records.

XML Output

<RESPONSE>
    ...
        <WARNING>
            <CODE>1980</CODE>
            <TEXT>100 record limit exceeded. Use URL to get next batch of results.</TEXT>
            <URL>
                <![CDATA[https://qualysapi.p01.eng.sjc01.qualys.com/api/4.0/fo/asset/host/?action=list&details=None&truncation_limit=100&cloud_agent_activationkey=0&id_min=145359]]>
            </URL>
        </WARNING>
    </RESPONSE>
...

API Request

curl -s -S -H 'X-Requested-With:curl demo2' -u "xx_xx:yyyy123#" -d "action=list&pc_auth_success_date_before=2022-06-06&details=All" "https://<qualys_base_url>/api/4.0/fo/asset/host/"

XML Output

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HOST_LIST_OUTPUT SYSTEM "https://<qualys_base_url>/api/4.0/fo/asset/host/dtd/list/output.dtd">
<host_list_output>
  <response>
    <datetime>2024-09-16T10:58:10Z</datetime>
    <host_list>
      <host>
        <id>2584392</id>
        <ip>11.11.11.111</ip>
        <tracking_method>Cloud Agent</tracking_method>
        <dns>compaix6lpr01</dns>
        <dns_data>
          <hostname>compaix6lpr01</hostname>
          <domain/>
          <fqdn/>
        </dns_data>
        <os>AIX 6.1.0.0</os>
        <qg_hostid>2f06cf12-c127-4cfa-93c1-2fe3b9a1cdec</qg_hostid>
        <last_boot>2022-04-01T18:03:47Z</last_boot>
        <first_found_date>2022-04-27T09:51:52Z</first_found_date>
        <last_activity>2022-05-11T05:36:34Z</last_activity>
        <agent_status>Manifest Downloaded</agent_status>
        <cloud_agent_running_on>QAGENT</cloud_agent_running_on>
        <last_compliance_scan_datetime>2022-05-11T06:52:31Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2022-05-11T06:39:13Z</pc_auth_success_date>
      </host>
      <host>
        <id>2588281</id>
        <ip>11.111.111.111</ip>
        <tracking_method>Cloud Agent</tracking_method>
        <dns>tomcat10.rdlab.in03.qualys.com</dns>
        <dns_data>
          <hostname>tomcat10</hostname>
          <domain>rdlab.in03.qualys.com</domain>
          <fqdn>tomcat10.rdlab.in03.qualys.com</fqdn>
        </dns_data>
        <os>CentOS Linux 7.5.1804 (Core) 7.5.1804</os>
        <qg_hostid>4400c88b-95ba-435d-94f2-8dfc1a1ebe38</qg_hostid>
        <last_boot>2022-01-14T05:41:41Z</last_boot>
        <hardware_uuid>422af3eb-59b3-d7c4-aa71-dd20780e4c0a</hardware_uuid>
        <first_found_date>2022-04-29T07:16:12Z</first_found_date>
        <last_activity>2022-05-17T09:08:13Z</last_activity>
        <agent_status>Configuration Downloaded</agent_status>
        <cloud_agent_running_on>QAGENT</cloud_agent_running_on>
        <last_compliance_scan_datetime>2022-05-17T00:12:37Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2022-05-17T00:15:23Z</pc_auth_success_date>
      </host>
      <host>
        <id>2612147</id>
        <ip>11.11.11.11</ip>
        <tracking_method>Cloud Agent</tracking_method>
        <dns>comwls14c</dns>
        <dns_data>
          <hostname>comwls14c</hostname>
          <domain/>
          <fqdn/>
        </dns_data>
        <os>CentOS Linux 7.8.2003 (Core) 7.8.2003</os>
        <qg_hostid>6020ae3c-cefa-4540-8690-aa9c23cdfd2d</qg_hostid>
        <last_boot>2021-06-15T06:52:48Z</last_boot>
        <hardware_uuid>420cf117-1fcb-0325-1d67-def7b2161823</hardware_uuid>
        <first_found_date>2022-05-05T11:48:45Z</first_found_date>
        <last_activity>2022-05-09T04:49:16Z</last_activity>
        <agent_status>Configuration Downloaded</agent_status>
        <cloud_agent_running_on>QAGENT</cloud_agent_running_on>
        <last_compliance_scan_datetime>2022-05-09T00:19:37Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2022-05-09T00:38:21Z</pc_auth_success_date>
      </host>
    </host_list>
  </response>
</host_list_output>

API Request

curl -s -S -H 'X-Requested-With:curl demo2' -u "username:password" -d "action=list&pc_auth_success_date_after=2024-08-26&details=All" "https://<qualys_base_url>/api/4.0/fo/asset/host/"

XML Output

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HOST_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/4.0/fo/asset/host/dtd/list/output.dtd">
<host_list_output>
  <response>
    <datetime>2024-09-16T11:07:45Z</datetime>
    <host_list>
      <host>
        <id>5583053</id>
        <ip>11.111.111.111</ip>
        <tracking_method>Cloud Agent</tracking_method>
        <dns>centous7_9</dns>
        <dns_data>
          <hostname>centous7_9</hostname>
          <domain/>
          <fqdn/>
        </dns_data>
        <os>CentOS Linux 7.9.2009</os>
        <qg_hostid>694b795c-39b2-4e15-b5d1-2015888ecd76</qg_hostid>
        <last_boot>2022-12-08T12:20:16Z</last_boot>
        <serial_number>VMware-42 13 0c f3 66 e0 b6 17-18 37 0c 69 bd 6d b5 2d</serial_number>
        <hardware_uuid>f30c1342-e066-17b6-1837-0c69bd6db52d</hardware_uuid>
        <first_found_date>2024-06-11T04:52:09Z</first_found_date>
        <last_activity>2024-09-16T10:53:53Z</last_activity>
        <agent_status>PC Manifest Downloaded</agent_status>
        <cloud_agent_running_on>QAGENT</cloud_agent_running_on>
        <last_compliance_scan_datetime>2024-09-11T07:13:49Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2024-09-11T07:14:45Z</pc_auth_success_date>
      </host>
      <host>
        <id>5953668</id>
        <ip>11.11.11.111</ip>
        <tracking_method>Cloud Agent</tracking_method>
        <dns>pcw2022.com.local</dns>
        <dns_data>
          <hostname>pcw2022</hostname>
          <domain>com.local</domain>
          <fqdn>pcw2022.com.local</fqdn>
        </dns_data>
        <netbios>PCW2022</netbios>
        <os>Windows Microsoft Windows Server 2022 Datacenter 10.0.20348 Build 20348</os>
        <qg_hostid>660e9f09-03a8-0004-0046-0050568cb2b6</qg_hostid>
        <last_boot>2024-07-11T16:13:07Z</last_boot>
        <serial_number>VMware-42 0c 7e 00 c9 37 08 c4-1f 5c b3 f4 8b 19 02 fe</serial_number>
        <hardware_uuid>007E0C42-37C9-C408-1F5C-B3F48B1902FE</hardware_uuid>
        <first_found_date>2024-08-05T08:40:14Z</first_found_date>
        <last_activity>2024-09-16T05:51:06Z</last_activity>
        <agent_status>Inventory Scan Complete</agent_status>
        <cloud_agent_running_on>QAGENT</cloud_agent_running_on>
        <last_compliance_scan_datetime>2024-09-16T08:21:17Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2024-09-16T08:24:54Z</pc_auth_success_date>
      </host>
      <host>
        <id>5964522</id>
        <ip>11.11.11.111</ip>
        <tracking_method>IP</tracking_method>
        <dns>pcw2022.com.local</dns>
        <dns_data>
          <hostname>pcw2022</hostname>
          <domain>com.local</domain>
          <fqdn>pcw2022.com.local</fqdn>
        </dns_data>
        <netbios>PCW2022</netbios>
        <os>Windows Server 2022 Datacenter 64 bit Edition Version 21H2</os>
        <first_found_date>2024-08-08T12:02:34Z</first_found_date>
        <last_compliance_scan_datetime>2024-09-09T06:31:57Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2024-09-09T07:16:35Z</pc_auth_success_date>
      </host>
      <host>
        <id>5964524</id>
        <ip>11.11.111.11</ip>
        <tracking_method>IP</tracking_method>
        <dns>win-dc01.veda.local</dns>
        <dns_data>
          <hostname>win-dc01</hostname>
          <domain>veda.local</domain>
          <fqdn>win-dc01.veda.local</fqdn>
        </dns_data>
        <netbios>WIN-DC01</netbios>
        <os>Windows Server 2022 Standard 64 bit Edition Version 21H2</os>
        <first_found_date>2024-08-08T12:02:59Z</first_found_date>
        <last_compliance_scan_datetime>2024-09-09T06:31:57Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2024-09-09T07:18:01Z</pc_auth_success_date>
      </host>
      <host>
        <id>5985791</id>
        <ip>11.11.11.11</ip>
        <tracking_method>IP</tracking_method>
        <os>Red Hat Enterprise Linux 9.0</os>
        <qg_hostid>2c4b95d3-51e1-4457-8049-979e80b06527</qg_hostid>
        <first_found_date>2024-08-12T11:17:54Z</first_found_date>
        <last_compliance_scan_datetime>2024-09-12T06:41:52Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2024-09-12T07:42:27Z</pc_auth_success_date>
      </host>
      <host>
        <id>6130324</id>
        <ip>11.11.11.11</ip>
        <tracking_method>IP</tracking_method>
        <os>Oracle Enterprise Linux 9.0</os>
        <first_found_date>2024-09-06T10:55:16Z</first_found_date>
        <last_compliance_scan_datetime>2024-09-11T09:42:36Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2024-09-11T12:03:22Z</pc_auth_success_date>
      </host>
      <host>
        <id>6143865</id>
        <ip>11.11.11.111</ip>
        <tracking_method>IP</tracking_method>
        <dns>win-cr35vneg5h9</dns>
        <dns_data>
          <hostname>win-cr35vneg5h9</hostname>
          <domain/>
          <fqdn/>
        </dns_data>
        <netbios>WIN-CR35VNEG5H9</netbios>
        <os>Windows Server 2022 Standard 64 bit Edition Version 21H2</os>
        <first_found_date>2024-09-10T04:06:38Z</first_found_date>
        <last_compliance_scan_datetime>2024-09-11T09:47:04Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2024-09-11T12:04:32Z</pc_auth_success_date>
      </host>
      <host>
        <id>6144034</id>
        <ip>11.11.11.11</ip>
        <tracking_method>Cloud Agent</tracking_method>
        <dns>orac23cvm.comp.rdlab.qualys.com</dns>
        <dns_data>
          <hostname>orac23cvm</hostname>
          <domain>comp.rdlab.qualys.com</domain>
          <fqdn>orac23cvm.comp.rdlab.qualys.com</fqdn>
        </dns_data>
        <os>Oracle Enterprise Linux 9.0</os>
        <qg_hostid>a2126498-3b97-4d0c-883c-28615acbf0fb</qg_hostid>
        <last_boot>2024-09-13T08:46:06Z</last_boot>
        <serial_number>VMware-42 2e ce a2 1e 23 43 8b-9c d5 82 50 b6 f3 48 9d</serial_number>
        <hardware_uuid>a2ce2e42-231e-8b43-9cd5-8250b6f3489d</hardware_uuid>
        <first_found_date>2024-09-10T05:31:09Z</first_found_date>
        <last_activity>2024-09-16T10:46:06Z</last_activity>
        <agent_status>Inventory Scan Complete</agent_status>
        <cloud_agent_running_on>QAGENT</cloud_agent_running_on>
        <last_compliance_scan_datetime>2024-09-13T15:07:12Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2024-09-13T15:12:17Z</pc_auth_success_date>
      </host>
      <host>
        <id>6149368</id>
        <ip>11.11.11.111</ip>
        <tracking_method>IP</tracking_method>
        <os>Alibaba Cloud Linux 3</os>
        <first_found_date>2024-09-10T21:53:40Z</first_found_date>
        <last_compliance_scan_datetime>2024-09-12T06:41:52Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2024-09-12T07:02:33Z</pc_auth_success_date>
      </host>
      <host>
        <id>6162135</id>
        <ip>11.11.11.11</ip>
        <tracking_method>Cloud Agent</tracking_method>
        <dns>singlestore_test.comp.rdlab.qualys.com</dns>
        <dns_data>
          <hostname>singlestore_test</hostname>
          <domain>comp.rdlab.qualys.com</domain>
          <fqdn>singlestore_test.comp.rdlab.qualys.com</fqdn>
        </dns_data>
        <os>Oracle Enterprise Linux 8.6</os>
        <qg_hostid>24a561a4-5746-4bcb-8229-009a3d4034f2</qg_hostid>
        <last_boot>2024-09-16T09:16:42Z</last_boot>
        <serial_number>VMware-42 2e 4c 03 e3 e6 ba c1-53 66 da 59 f9 60 c4 0a</serial_number>
        <hardware_uuid>034c2e42-e6e3-c1ba-5366-da59f960c40a</hardware_uuid>
        <first_found_date>2024-09-13T09:37:09Z</first_found_date>
        <last_activity>2024-09-16T10:47:42Z</last_activity>
        <agent_status>Inventory Scan Complete</agent_status>        <cloud_agent_running_on>QAGENT</cloud_agent_running_on>        <last_compliance_scan_datetime>2024-09-13T14:16:06Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2024-09-13T14:18:16Z</pc_auth_success_date>
      </host>
    </host_list>
  </response>
</host_list_output>

API Request

curl "<qualys-base_url>/api/4.0/fo/asset/host/?ips=11.111.11.111,11.111.11.111&action=list&details=All&cloud_agent_activationkey=1" -X POST -b "QualysSession=ae630e1f345b6503324a93d52b3a69de" -H "Content-Type: application/x-www-form-urlencoded" -H "X-Requested-With: curl demo2" -H "Accept: /" -H "Content-Length: 0" --compressed -k -v

XML Output

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE HOST_LIST_OUTPUT SYSTEM "https://
<qualys_base_url>/api/4.0/fo/asset/host/dtd/list/output.dtd">
    <HOST_LIST_OUTPUT>
        <RESPONSE>
            <DATETIME>2024-12-20T07:41:21Z</DATETIME>
            <HOST_LIST>
                <HOST>
                    <ID>5962587</ID>
                    <IP>11.111.11.111</IP>
                    <TRACKING_METHOD>Cloud Agent</TRACKING_METHOD>
                    <NETWORK_ID>0</NETWORK_ID>
                    <DNS>
                        <![CDATA[centos7-dns-11-111.rdlab.com]]>
                    </DNS>
                    <DNS_DATA>
                        <HOSTNAME>
                            <![CDATA[centos7-hostname-11-111]]>
                        </HOSTNAME>
                        <DOMAIN>
                            <![CDATA[rdlab.com]]>
                        </DOMAIN>
                        <FQDN>
                            <![CDATA[centos7-fqdn-11-111.rdlab.com]]>
                        </FQDN>
                    </DNS_DATA>
                    <OS>
                        <![CDATA[CentOS Linux 7.9.2009]]>
                    </OS>
                    <QG_HOSTID>
                        <![CDATA[b4192ceb-de61-4884-b392-55135e14ce25]]>
                    </QG_HOSTID>
                    <LAST_BOOT>2024-06-07T04:33:55Z</LAST_BOOT>
                    <SERIAL_NUMBER>
                        <![CDATA[VMware-42 2a 6c b2 02 2c 46 38-fb 92 8d 5f 02 44 b4 ac]]>
                    </SERIAL_NUMBER>
                    <HARDWARE_UUID>
                        <![CDATA[b26c2a42-2c02-3846-fb92-8d5f0244b4ac]]>
                    </HARDWARE_UUID>
                    <FIRST_FOUND_DATE>2024-08-07T07:32:25Z</FIRST_FOUND_DATE>
                    <LAST_ACTIVITY>2024-08-12T10:20:55Z</LAST_ACTIVITY>
                    <AGENT_STATUS>
                        <![CDATA[Inventory Scan Complete]]>
                    </AGENT_STATUS>
                    <CLOUD_AGENT_RUNNING_ON>
                        <![CDATA[QAGENT]]>
                    </CLOUD_AGENT_RUNNING_ON>
                    <AGENT_ACTIVATION_TITLE>
                        <![CDATA[title_Activation_key]]>
                    </AGENT_ACTIVATION_TITLE>
                    <AGENT_ACTIVATION_KEY>
                        <![CDATA[e5decf50-c20a-4782-8e9e-b6a712261a4d]]>
                    </AGENT_ACTIVATION_KEY>
                    <LAST_VULN_SCAN_DATETIME>2024-08-13T03:41:08Z</LAST_VULN_SCAN_DATETIME>
                    <LAST_VM_SCANNED_DATE>2024-08-13T03:41:08Z</LAST_VM_SCANNED_DATE>
                    <LAST_VM_AUTH_SCANNED_DATE>2024-08-13T03:41:08Z</LAST_VM_AUTH_SCANNED_DATE>
                    <LAST_COMPLIANCE_SCAN_DATETIME>2024-08-12T18:33:51Z</LAST_COMPLIANCE_SCAN_DATETIME>
                </HOST>
                <HOST>
                    <ID>5962589</ID>
                    <IP>11.111.11.111</IP>
                    <TRACKING_METHOD>Cloud Agent</TRACKING_METHOD>
                    <NETWORK_ID>0</NETWORK_ID>
                    <DNS>
                        <![CDATA[centos7-dns-11-111.rdlab.com]]>
                    </DNS>
                    <DNS_DATA>
                        <HOSTNAME>
                            <![CDATA[centos7-hostname-11-111]]>
                        </HOSTNAME>
                        <DOMAIN>
                            <![CDATA[rdlab.com]]>
                        </DOMAIN>
                        <FQDN>
                            <![CDATA[centos7-fqdn-11-111.rdlab.com]]>
                        </FQDN>
                    </DNS_DATA>
                    <OS>
                        <![CDATA[CentOS Linux 7.9.2009]]>
                    </OS>
                    <QG_HOSTID>
                        <![CDATA[0714edfe-8a72-44d9-98eb-95401672b235]]>
                    </QG_HOSTID>
                    <LAST_BOOT>2024-06-07T04:45:05Z</LAST_BOOT>
                    <SERIAL_NUMBER>
                        <![CDATA[VMware-42 2a 60 7f 5c 9d 67 71-4b 17 71 35 9b 73 28 d4]]>
                    </SERIAL_NUMBER>
                    <HARDWARE_UUID>
                        <![CDATA[7f602a42-9d5c-7167-4b17-71359b7328d4]]>
                    </HARDWARE_UUID>
                    <FIRST_FOUND_DATE>2024-08-07T07:32:25Z</FIRST_FOUND_DATE>
                    <LAST_ACTIVITY>2024-09-19T12:05:05Z</LAST_ACTIVITY>
                    <AGENT_STATUS>
                        <![CDATA[Inventory Scan Complete]]>
                    </AGENT_STATUS>
                    <CLOUD_AGENT_RUNNING_ON>
                        <![CDATA[QAGENT]]>
                    </CLOUD_AGENT_RUNNING_ON>
                    <AGENT_ACTIVATION_KEY>
                        <![CDATA[fcce41e6-446e-4818-bf3e-4b3e3860574b]]>
                    </AGENT_ACTIVATION_KEY>
                    <LAST_VULN_SCAN_DATETIME>2024-09-19T09:54:48Z</LAST_VULN_SCAN_DATETIME>
                    <LAST_VM_SCANNED_DATE>2024-09-19T09:54:48Z</LAST_VM_SCANNED_DATE>
                    <LAST_VM_AUTH_SCANNED_DATE>2024-09-19T09:54:48Z</LAST_VM_AUTH_SCANNED_DATE>
                    <LAST_COMPLIANCE_SCAN_DATETIME>2024-09-19T04:25:11Z</LAST_COMPLIANCE_SCAN_DATETIME>
                </HOST>
                <HOST>
                    <ID>6060439</ID>
                    <IP>11.111.11.111</IP>
                    <TRACKING_METHOD>IP</TRACKING_METHOD>
                    <NETWORK_ID>6008</NETWORK_ID>
                    <OS>
                        <![CDATA[EulerOS / SuSE Linux / Scientific Linux]]>
                    </OS>
                    <FIRST_FOUND_DATE>2024-08-22T18:10:07Z</FIRST_FOUND_DATE>
                    <LAST_VULN_SCAN_DATETIME>2024-09-01T18:03:32Z</LAST_VULN_SCAN_DATETIME>
                    <LAST_VM_SCANNED_DATE>2024-09-01T18:03:32Z</LAST_VM_SCANNED_DATE>
                    <LAST_VM_SCANNED_DURATION>519</LAST_VM_SCANNED_DURATION>
                </HOST>
                <HOST>
                    <ID>6060639</ID>
                    <IP>11.111.11.111</IP>
                    <TRACKING_METHOD>IP</TRACKING_METHOD>
                    <NETWORK_ID>6008</NETWORK_ID>
                    <OS>
                        <![CDATA[EulerOS / SuSE Linux / Scientific Linux]]>
                    </OS>
                    <FIRST_FOUND_DATE>2024-08-22T18:10:07Z</FIRST_FOUND_DATE>
                    <LAST_VULN_SCAN_DATETIME>2024-09-01T18:03:58Z</LAST_VULN_SCAN_DATETIME>
                    <LAST_VM_SCANNED_DATE>2024-09-01T18:03:58Z</LAST_VM_SCANNED_DATE>
                    <LAST_VM_SCANNED_DURATION>544</LAST_VM_SCANNED_DURATION>
                </HOST>
            </HOST_LIST>
        </RESPONSE>
    </HOST_LIST_OUTPUT>

API Version	API Status	Release Date
/api/2.0/fo/asset/host/?action=list	To be Deprecated	March 2025
/api/3.0/fo/asset/host/?action=list	To be Deprecated	June 2025
/api/4.0/fo/asset/host/?action=list	Active	January 2025

Host List

V2.0

Input ParametersInput Parameters

Sample - Regular expression strings for matching OS namesSample - Regular expression strings for matching OS names

Sample - List AssetsSample - List Assets

Sample - List Assets Based on Scan End Date, Scan Processed DateSample - List Assets Based on Scan End Date, Scan Processed Date

Sample - List Assets with Specific TruRisk ScoreSample - List Assets with Specific TruRisk Score

Sample - List Scanned Assets with Certain EC2 MetadataSample - List Scanned Assets with Certain EC2 Metadata

Sample - Record Limit Exceeded WarningSample - Record Limit Exceeded Warning

More Samples

DTD

V3.0

Input ParametersInput Parameters

Sample regular expression strings for matching OS namesSample regular expression strings for matching OS names

Sample - List AssetsSample - List Assets

Sample - List Assets Based on Scan End Date, Scan Processed DateSample - List Assets Based on Scan End Date, Scan Processed Date

Sample - List Assets with Specific TruRisk ScoreSample - List Assets with Specific TruRisk Score

Sample - List Scanned Assets with Certain EC2 MetadataSample - List Scanned Assets with Certain EC2 Metadata

Sample - Record Limit Exceeded WarningSample - Record Limit Exceeded Warning

Sample - Display the hosts that have completed the compliance scan before a given dateSample - Display the hosts that have completed the compliance scan before a given date

Sample - Display the hosts that have completed the compliance scan after a given date Sample - Display the hosts that have completed the compliance scan after a given date

More Samples

DTD

V4.0

Input ParametersInput Parameters

Sample - Regular expression strings for matching OS namesSample - Regular expression strings for matching OS names

Sample - List AssetsSample - List Assets

Sample - List Assets Based on Scan End Date, Scan Processed DateSample - List Assets Based on Scan End Date, Scan Processed Date

Sample - List Assets with Specific TruRisk ScoreSample - List Assets with Specific TruRisk Score

Sample - List Scanned Assets with Certain EC2 MetadataSample - List Scanned Assets with Certain EC2 Metadata

Sample - Record Limit Exceeded WarningSample - Record Limit Exceeded Warning

Sample - Display the hosts that have completed the compliance scan before a given dateSample - Display the hosts that have completed the compliance scan before a given date

Sample - Display the hosts that have completed the compliance scan after a given date Sample - Display the hosts that have completed the compliance scan after a given date

Sample - Display the Activation Key and Activation Title associated with the agent assetsSample - Display the Activation Key and Activation Title associated with the agent assets

More Samples

DTD

API Version History