List current compliance posture data (info records) for hosts within the user’s account. Each compliance posture info record includes a compliance posture ID and other attributes. This API is supported using PC.
Refer to Posture data - Info Record to view each compliance posture info record in the output
The user has the ability to select the amount of information to include in the posture
information output. By default, basic posture information is included: the posture ID, host ID, control ID, technology ID, technology instance (when applicable), and the compliance status. If an exception has been created, this full exception information is also included: the exception assignee and status, the date/time when the exception was created, when it was last modified, the user who took these actions on the exception, and the date when the exception is set to expire. A glossary of compliance posture information identifies: basic host information and basic control information.
Use the details input parameter to select another level of detail to be included in the
policy information output.
By default, the posture information output shows posture information for all hosts
(IP addresses) in asset groups assigned to the selected policy, provided the user has
permission to view the hosts themselves. If you have a sub-account like a Unit Manager, Scanner, or Reader, the posture information output only includes hosts that the account has permission to see.
Best Practices - Click here for Best Practices
Maximum Postures for API Request - Click here for Maximum Postures for API Request
Permissions - Click here for permissions info
Parameter |
Required/Optional |
Data Type |
Description |
---|---|---|---|
action=list |
Required |
String |
Specify action to list posture compliance Information. |
echo_request={0|1} |
Optional |
Integer |
Specify 1 to view (echo) input parameters in the XML output. By default these are not included. |
policy_id={value} |
|
Integer |
(policy_id or policy_ids is required) Show compliance posture info records for a specified policy. A valid policy ID is required. The parameters policy_id and policy_ids cannot be specified in the same request. |
policy_ids={value} |
|
Integer |
(policy_id or policy_ids is required) Show compliance posture info records for multiple policies - up to 10 policies may be requested. Provide a comma-separated list of valid policy IDs. When this parameter is specified, all posture data is downloaded (and the “truncation_limit” parameter is invalid). The parameters policy_id and policy_ids cannot be specified in the same request. When policy_ids is specified, truncation_limit is invalid. For CSV output, policy_id must be specified (and policy_ids is invalid). |
control_ids={value} |
Optional |
Integer |
Show only compliance posture info records for controls which have certain control IDs and/or ranges. One or more control IDs/ranges may be specified. Multiple entries are comma separated. An control ID range entry is specified with a hyphen (for example, 1200-1300). Valid control IDs are required. |
output_format={value} |
Optional |
File |
The output format. A valid value is: xml (default), csv (posture data and metadata, i.e. summary and warning data), csv_no_metadata (posture data only, no metadata). For CSV output, you can include only one policy. For this reason, policy_id is required. |
details={Basic|All|None|Light} |
Optional |
Boolean |
Show a certain amount of information for each compliance posture info record. A valid value is: None - show posture info and minimum exception information (assignee and status) if appropriate Basic (default) - show posture info, full exception information if appropriate, and a minimum glossary (basic info for hosts and controls) Light - show posture info, exception info if appropriate, and a limited glossary (host info and last scan date/time, control ID, and evidence info All - show posture info (including the percentage of controls that passed for each host), exception info if appropriate, posture summary (the number of assets, controls, and control instances evaluated) and a glossary (host info and last scan date/time), control info, technology info, evidence info When hide_evidence=1 is specified in the same request as details=All or details=Light, then evidence info will not be shown in the output. |
hide_evidence={0|1} |
Optional when details=All or details=Light |
Integer |
Set to 1 to hide the evidence information in the output. When set to 0 or unspecified, evidence information is shown in the output. |
include_dp_name={value} |
Optional |
String/ Integer |
Show the name and ID for each data point in the XML output. This is useful for uniquely identifying data points. |
show_remediation_info={0|1} |
Optional |
Integer |
Set to 1 to show remediation information in the XML or CSV output. By default, the output does not include the remediation information. When not specified, the remediation information is not included in the output. |
cause_of_failure={0|1} |
Optional |
Integer |
Set flag to 1 to display the cause of failure of Directory Integrity Monitoring UDCs (user defined controls). When set to 0 or unspecified, cause of failure is not displayed for these UCDs. When set to 1 and Directory Integrity Monitoring UDC control failed assessment, cause of failure info is shown in XML response, i.e. added, removed directories, directories where content changed, permissions changed etc. |
truncation_limit={value} |
Optional |
Integer |
The parameter is valid only when the API request is for a single policy and the policy_id parameter is specified. By default, a limit of 5,000 posture info records are returned per request (when “policy_id” is specified). You may specify a value less than the default (1-4999) or greater than the default (5001-1000000) to configure the number records returned per request. If the requested list identifies more records than the truncation limit, then the XML output includes the <WARNING> element and the URL for making another request for the next batch of records. You can specify truncation_limit=0 for no truncation limit. This means that the output is not paginated and all the records are returned in a single output. WARNING: This can generate very large output and processing large XML files can consume a lot of resources on the client side. In this case it is recommended to use the pagination logic and parallel processing. The previous page can be processed while the next page is being downloaded. |
Hosts |
|
|
|
ips={value} |
Optional |
Integer |
Show only compliance posture info records for compliance hosts which have certain IP addresses/ranges. One or more IP addresses/ranges may be specified. Multiple IPs/ranges are comma separated. |
host_ids={value} |
Optional |
Integer |
Show only compliance posture info records for compliance hosts which have certain host IDs and/or ID ranges. One or more host IDs/ranges may be specified. Multiple entries are comma separated. A host ID range entry is specified with a hyphen (for example, 123-125). Valid host IDs are required. |
asset_group_ids={value} |
Optional |
Integer |
Show only hosts in certain asset groups. Provide a comma-separated list of asset group IDs for the asset groups you want to download compliance posture data for. The asset groups specified do not need to be assigned to the one or more policies requested. Posture data will be returned as long as there are common hosts specified by “asset_group_ids” and asset groups that are assigned to the policies requested. |
filter_hosts={0|1} |
Optional |
Integer |
A Manager or Auditor user can specify filter_hosts=1 to improve performance. The API will skip calling the tag resolution service and directly check the host IDs for the policy. The default value is 0. |
Posture IDs |
|
|
|
ids={value} |
Optional |
Integer |
Show only compliance posture info records for certain compliance posture IDs and/or ID ranges. One or more posture IDs/ranges may be specified. Multiple entries are comma separated. A posture ID range entry is specified with a hyphen (for example, 1-10). Valid posture IDs are required. |
id_min={value} |
Optional |
Integer |
Show only compliance posture info records which have a minimum ID value. A valid posture ID is required. |
id_max={value} |
Optional |
Integer |
(Optional) Show only compliance posture info records which have a maximum ID value. A valid posture ID is required. |
Status |
|
|
|
status_changes_since={date} |
Optional |
Integer |
Show compliance posture info records when the compliance status was changed since a certain date and time (optional). If the policy itself was changed, a warning message is generated. The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2008-05-01” or “2008-05-01T23:12:00Z”. |
evaluation_date={date} |
Optional |
Integer |
Show compliance posture info records when the posture evaluation date is equal to or greater than a certain date and time (optional). The date/time is specified in YYYY-MMDD[THH:MM:SSZ] format (UTC/GMT), like “2021-04-01” or “2021-04-01T23:12:00Z”. |
status={Passed|Failed|Error} |
Optional |
Boolean |
Show only compliance posture info records which have a posture status of Passed, Failed or Error. By default, records with the status Passed, Failed and Error are listed. |
criticality_labels={value} |
Optional |
String |
Show only compliance posture info records for controls which have certain criticality labels. One or more criticality labels (e.g. SERIOUS, CRITICAL, URGENT) may be specified. Multiple entries are comma separated. The parameters criticality_labels and criticality_values cannot be specified in the same request. Note This parameter is not available to VMDR SCA customers using this API. This is because SCA customers do not have access to the Controls tab in the UI. |
criticality_values={value} |
Optional |
Integer |
Show only compliance posture info records for controls which have certain criticality values. One or more criticality values (0-5) may be specified. Multiple entries are comma separated. The parameters criticality_labels and criticality_values cannot be specified in the same request. |
Tags |
|
|
|
tag_set_by={id|name} |
Optional |
String |
Specify “id” (the default) to select a tag set by providing tag IDs. Specify “name” to select a tag set by providing tag names. |
tag_include_selector={all|any} |
Optional |
Boolean |
Select “any” (the default) to include hosts that match at least one of the selected tags. Select “all” to include hosts that match all of the selected tags. |
tag_exclude_selector={all|any} |
Optional |
Boolean |
Select “any” (the default) to exclude hosts that match at least one of the selected tags. Select “all” to exclude hosts that match all of the selected tags. |
tag_set_include={value} |
Optional |
Integer |
Specify a tag set to include. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. Multiple entries are comma separated. |
tag_set_exclude={value} |
Optional |
Integer |
Specify a tag set to exclude. Hosts that match these tags will be excluded. You identify the tag set by providing tag name or IDs. Multiple entries are comma separated. |
In this example, we’re filtering the output by an evaluation date of 2021-03-05. The XML output will only include info records with an evaluation date equal to or greater than March 5, 2021.
API Request
curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -d "action=list&policy_id=3318470&details=Basic&output_format=xml&evaluation_date=2021-03-05" "https://<qualys_base_url>/api/2.0/fo/compliance/posture/info/"
XML Output
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE POSTURE_INFO_LIST_OUTPUT SYSTEM "https://<qualys_base_url>/api/2.0/fo/compliance/posture/info/posture_info_list_output.dtd">
<POSTURE_INFO_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2021-04-07T21:59:40Z</DATETIME>
<INFO_LIST>
<INFO>
<ID>10911451</ID>
<HOST_ID>3077710</HOST_ID>
<CONTROL_ID>1071</CONTROL_ID>
<TECHNOLOGY_ID>43</TECHNOLOGY_ID>
<INSTANCE></INSTANCE>
<STATUS>Passed</STATUS>
<POSTURE_MODIFIED_DATE>2020-11-03T07:12:32Z</POSTURE_MODIFIED_DATE>
<EVALUATION_DATE>2021-04-05T20:36:21Z</EVALUATION_DATE>
<PREVIOUS_STATUS>Passed</PREVIOUS_STATUS>
<FIRST_FAIL_DATE>N/A</FIRST_FAIL_DATE>
<LAST_FAIL_DATE>N/A</LAST_FAIL_DATE>
<FIRST_PASS_DATE>2020-11-03T07:12:32Z</FIRST_PASS_DATE>
<LAST_PASS_DATE>2021-04-05T20:36:22Z</LAST_PASS_DATE>
</INFO>
<INFO>
<ID>10911452</ID>
<HOST_ID>3077710</HOST_ID>
<CONTROL_ID>1113</CONTROL_ID>
<TECHNOLOGY_ID>43</TECHNOLOGY_ID>
<INSTANCE></INSTANCE>
<STATUS>Failed</STATUS>
<POSTURE_MODIFIED_DATE>2020-11-03T07:12:32Z</POSTURE_MODIFIED_DATE>
<EVALUATION_DATE>2021-04-05T20:36:21Z</EVALUATION_DATE>
<PREVIOUS_STATUS>Failed</PREVIOUS_STATUS>
<FIRST_FAIL_DATE>2020-11-03T07:12:32Z</FIRST_FAIL_DATE>
<LAST_FAIL_DATE>2021-04-05T20:36:22Z</LAST_FAIL_DATE>
<FIRST_PASS_DATE>N/A</FIRST_PASS_DATE>
<LAST_PASS_DATE>N/A</LAST_PASS_DATE>
</INFO>
<INFO>
<ID>10911479</ID>
<HOST_ID>4640713</HOST_ID>
<CONTROL_ID>1048</CONTROL_ID>
<TECHNOLOGY_ID>21</TECHNOLOGY_ID>
<INSTANCE></INSTANCE>
<STATUS>Passed</STATUS>
<POSTURE_MODIFIED_DATE>2020-11-03T07:12:33Z</POSTURE_MODIFIED_DATE>
<EVALUATION_DATE>2021-03-05T21:35:00Z</EVALUATION_DATE>
<PREVIOUS_STATUS>Passed</PREVIOUS_STATUS>
<FIRST_FAIL_DATE>N/A</FIRST_FAIL_DATE>
<LAST_FAIL_DATE>N/A</LAST_FAIL_DATE>
<FIRST_PASS_DATE>2020-11-03T07:12:33Z</FIRST_PASS_DATE>
<LAST_PASS_DATE>2021-03-05T21:35:00Z</LAST_PASS_DATE>
</INFO>
<INFO>
<ID>10911480</ID>
<HOST_ID>4640713</HOST_ID>
<CONTROL_ID>1071</CONTROL_ID>
<TECHNOLOGY_ID>21</TECHNOLOGY_ID>
<INSTANCE></INSTANCE>
<STATUS>Passed</STATUS>
<POSTURE_MODIFIED_DATE>2020-11-03T07:12:33Z</POSTURE_MODIFIED_DATE>
<EVALUATION_DATE>2021-03-05T21:35:00Z</EVALUATION_DATE>
<PREVIOUS_STATUS>Passed</PREVIOUS_STATUS>
<FIRST_FAIL_DATE>N/A</FIRST_FAIL_DATE>
<LAST_FAIL_DATE>N/A</LAST_FAIL_DATE>
<FIRST_PASS_DATE>2020-11-03T07:12:33Z</FIRST_PASS_DATE>
<LAST_PASS_DATE>2021-03-05T21:35:00Z</LAST_PASS_DATE>
</INFO>
...
API Request
curl -H "X-Requested-With: Curl" -u "USERNAME:PASSWORD" -d 'https://<qualys_base_url>/api/2.0/fo/compliance/posture/info/?action=list&policy_id=15472&details=All&include_dp_name=1'
XML Output
...
<DPD_LIST>
<DPD>
<LABEL>:dp_1</LABEL>
<ID>136</ID>
<NAME><![CDATA[secman.system.clearpageonshut]]></NAME>
<DESC><![CDATA[This Integer value <B>X</B> indicates the current status of the setting <B>Shutdown: Clear virtual memory pagefile</B> using the registry key path <B>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown</B>. A value of <B>0</B> indicates the setting is <B>Disabled</B>; a value of <B>1</B> indicates the setting is <B>Enabled</B>.]]></DESC>
</DPD>
...
<DPD>
<LABEL>:dp_3</LABEL>
<ID>1001035</ID>
<NAME><![CDATA[custom.win_group_membership.1001035]]></NAME>
<DESC><![CDATA[IIS_IUSR]]></DESC>
</DPD>
...
This applies to database UDCs for Oracle, MSSQL, Sybase, PostgreSQL/Pivotal Greenplum, SAP IQ, and IBM DB2.
When the Posture API output includes database controls, the values returned for the database controls are shown in a tabular format. You'll see these elements in the output: Header (H), Row (R) and Column (C).
API Request
curl -u "username:password" -H "Content-type: text/xml" -X "POST"-d "action=list&policy_id=1303776&details=All&include_dp_name=1" "https://<qualys_base_url>/api/2.0/fo/compliance/posture/info/">PostureInfo.xml
XML Output
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE POSTURE_INFO_LIST_OUTPUT SYSTEM "https://<qualys_base_url>/api/2.0/fo/compliance/posture/info/posture_info_list_output.dtd">
<POSTURE_INFO_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2019-05-03T19:24:32Z</DATETIME>
<INFO_LIST>
<INFO>
<ID>6413404</ID>
<HOST_ID>1843205</HOST_ID>
<CONTROL_ID>100022</CONTROL_ID>
<TECHNOLOGY_ID>22</TECHNOLOGY_ID>
<INSTANCE>MSSQL 2008:1:1433:MSSQLSERVER:master</INSTANCE>
<STATUS>Failed</STATUS>
<POSTURE_MODIFIED_DATE>2019-04-29T20:38:08Z</POSTURE_MODIFIED_DATE>
<EVIDENCE>
<BOOLEAN_EXPR><![CDATA[((:dp_2 matches $tp_2))]]></BOOLEAN_EXPR>
<DPV_LIST>
<DPV lastUpdated="2019-05-03T00:33:14Z">
<LABEL>:dp_2</LABEL>
<V>
<H>
<C><![CDATA[CustomerID]]></C>
<C><![CDATA[CustomerName]]></C>
<C><![CDATA[ContactName]]></C>
<C><![CDATA[Address]]></C>
<C><![CDATA[City]]></C>
<C><![CDATA[PostalCode]]></C>
<C><![CDATA[Country]]></C>
</H>
<R>
<C><![CDATA[1]]></C>
<C><![CDATA[Alfreds Futterkiste]]></C>
<C><![CDATA[Maria Anders]]></C>
<C><![CDATA[Obere Str. 57]]></C>
<C><![CDATA[Berlin]]></C>
<C><![CDATA[12209]]></C>
<C><![CDATA[Germany]]></C>
</R>
<R>
<C><![CDATA[2]]></C>
<C><![CDATA[Ana Trujillo Emparedados y helados]]></C>
<C><![CDATA[Ana Trujillo]]></C>
<C><![CDATA[Avda. de la Constitucion 2222]]></C>
<C><![CDATA[Mexico D.F.]]></C>
<C><![CDATA[05021]]></C>
<C><![CDATA[Mexico]]></C>
</R>
<R>
<C><![CDATA[3]]></C>
<C><![CDATA[Antonio Moreno Taqueria]]></C>
<C><![CDATA[Antonio Moreno]]></C>
<C><![CDATA[Mataderos 2312]]></C>
<C><![CDATA[Mexico D.F.]]></C>
<C><![CDATA[05023]]></C>
<C><![CDATA[Mexico]]></C>
</R>
...
</GLOSSARY>
</RESPONSE>
</POSTURE_INFO_LIST_OUTPUT>
API Request
curl -u "username:password" -H "Content-type: text/xml" -X "POST" -d
"action=list&echo_request=1&policy_id=1758961&details=All&include_dp_name=1" https://qualysapi.qualys.com/api/2.0/fo/compliance/posture/info/">
posture_info_result.xml
XML Output
curl -u "username:password" -H "Content-type: text/xml" -X "POST" -d
"action=list&echo_request=1&policy_id=1758961&details=All&include_dp_name
=1" "https://qualysapi.qualys.com/api/2.0/fo/compliance/posture/info/">
posture_info_result.xml
<INFO_LIST>
<INFO>
<ID>34544283</ID>
<HOST_ID>7368441</HOST_ID>
<CONTROL_ID>100006</CONTROL_ID>
<TECHNOLOGY_ID>75</TECHNOLOGY_ID>
<INSTANCE></INSTANCE>
<STATUS>Passed</STATUS>
<POSTURE_MODIFIED_DATE>2019-10-
14T21:15:46Z</POSTURE_MODIFIED_DATE>
<EVALUATION_DATE>2019-10-14T21:15:46Z</EVALUATION_DATE>
<PREVIOUS_STATUS>Passed</PREVIOUS_STATUS>
<FIRST_FAIL_DATE>N/A</FIRST_FAIL_DATE>
<LAST_FAIL_DATE>N/A</LAST_FAIL_DATE>
<FIRST_PASS_DATE>2019-10-14T21:15:46Z</FIRST_PASS_DATE>
<LAST_PASS_DATE>2019-10-14T21:15:46Z</LAST_PASS_DATE>
<EVIDENCE>
<BOOLEAN_EXPR>
<![CDATA[:dp_2 contains $tp_2]]>
</BOOLEAN_EXPR>
<DPV_LIST>
<DPV lastUpdated="2019-10-14T19:53:41Z">
<LABEL>:dp_2</LABEL>
<V
fileName="c:\Agent\user\test2.txt">
<![CDATA[QWEB]]>
</V>
<TM_REF>@tm_1</TM_REF>
</DPV>
</DPV_LIST>
</EVIDENCE>
</INFO>
<INFO>
<ID>34544284</ID>
<HOST_ID>7368441</HOST_ID>
<CONTROL_ID>100000</CONTROL_ID>
<TECHNOLOGY_ID>75</TECHNOLOGY_ID>
<INSTANCE></INSTANCE>
<STATUS>Failed</STATUS>
<POSTURE_MODIFIED_DATE>2019-10-
14T21:15:46Z</POSTURE_MODIFIED_DATE>
<EVALUATION_DATE>2019-10-14T21:15:46Z</EVALUATION_DATE>
<PREVIOUS_STATUS>Failed</PREVIOUS_STATUS>
<FIRST_FAIL_DATE>2019-10-14T21:15:46Z</FIRST_FAIL_DATE>
<LAST_FAIL_DATE>2019-10-14T21:15:46Z</LAST_FAIL_DATE>
<FIRST_PASS_DATE>N/A</FIRST_PASS_DATE>
<LAST_PASS_DATE>N/A</LAST_PASS_DATE>
<EVIDENCE>
<BOOLEAN_EXPR>
<![CDATA[:dp_1 contains
$tp_1]]>
</BOOLEAN_EXPR>
<DPV_LIST>
<DPV lastUpdated="2019-10-14T19:53:41Z">
<LABEL>:dp_1</LABEL>
<V fileName="C:\preTest2.txt">
<![CDATA[QWEB]]>
</V>
<TM_REF>@tm_2</TM_REF>
</DPV>
</DPV_LIST>
</EVIDENCE>
</INFO>
<INFO>
<ID>34544285</ID>
<HOST_ID>7368441</HOST_ID>
<CONTROL_ID>100026</CONTROL_ID>
<TECHNOLOGY_ID>75</TECHNOLOGY_ID>
<INSTANCE></INSTANCE>
<STATUS>Passed</STATUS>
<POSTURE_MODIFIED_DATE>2019-10-
14T21:15:46Z</POSTURE_MODIFIED_DATE>
<EVALUATION_DATE>2019-10-14T21:15:46Z</EVALUATION_DATE>
<PREVIOUS_STATUS>Passed</PREVIOUS_STATUS>
<FIRST_FAIL_DATE>N/A</FIRST_FAIL_DATE>
<LAST_FAIL_DATE>N/A</LAST_FAIL_DATE>
<FIRST_PASS_DATE>2019-10-14T21:15:46Z</FIRST_PASS_DATE>
<LAST_PASS_DATE>2019-10-14T21:15:46Z</LAST_PASS_DATE>
<EVIDENCE>
<BOOLEAN_EXPR>
<![CDATA[:dp_3 contains
$tp_2]]>
</BOOLEAN_EXPR>
<DPV_LIST>
<DPV lastUpdated="2019-10-14T19:53:41Z">
<LABEL>:dp_3</LABEL>
<V
fileName="C:\user\PreTest\pretestfile1.txt">
<![CDATA[pre$]]>
</V>
<TM_REF>@tm_3</TM_REF>
</DPV>
</DPV_LIST>
</EVIDENCE>
</INFO>
</INFO_LIST>
<SUMMARY>
<TOTAL_ASSETS>1</TOTAL_ASSETS>
<TOTAL_CONTROLS>3</TOTAL_CONTROLS>
<CONTROL_INSTANCES>
<TOTAL>3</TOTAL>
<TOTAL_PASSED>2</TOTAL_PASSED>
<TOTAL_FAILED>1</TOTAL_FAILED>
<TOTAL_ERROR>0</TOTAL_ERROR>
<TOTAL_EXCEPTIONS>0</TOTAL_EXCEPTIONS>
</CONTROL_INSTANCES>
</SUMMARY>
<GLOSSARY>
<HOST_LIST>
<HOST>
<ID>7368441</ID>
<IP>10.115.74.93</IP>
<TRACKING_METHOD>AGENT</TRACKING_METHOD>
<DNS>
<![CDATA[win-890blrmesc6]]>
</DNS>
<NETBIOS>
<![CDATA[WIN-890BLRMESC6]]>
</NETBIOS>
<OS>
<![CDATA[Windows Server 2012 R2 Standard 64 bit
Edition]]>
</OS>
<QG_HOSTID>3031a534-6b78-4c4c-aacddb56257c155f
</
QG_HOSTID>
<ASSET_ID>689027</ASSET_ID>
<LAST_VULN_SCAN_DATETIME>2019-10-
14T19:18:12Z</LAST_VULN_SCAN_DATETIME>
<LAST_COMPLIANCE_SCAN_DATETIME>2019-10-
14T20:21:07Z</LAST_COMPLIANCE_SCAN_DATETIME>
<PERCENTAGE>
<![CDATA[66.67% (2 of 3)]]>
</PERCENTAGE>
</HOST>
</HOST_LIST>
<CONTROL_LIST>
<CONTROL>
<ID>100006</ID>
<STATEMENT>
<![CDATA[Windows_FCC_Use_Reg]]>
</STATEMENT>
<CRITICALITY>
<LABEL>
<![CDATA[min]]>
</LABEL>
<VALUE>1</VALUE>
</CRITICALITY>
<RATIONALE_LIST>
<RATIONALE>
<TECHNOLOGY_ID>75</TECHNOLOGY_ID>
<TEXT>
<![CDATA[rationale]]>
</TEXT>
</RATIONALE>
</RATIONALE_LIST>
</CONTROL>
<CONTROL>
<ID>100000</ID>
<STATEMENT>
<![CDATA[preFCCUDC]]>
</STATEMENT>
<CRITICALITY>
<LABEL>
<![CDATA[min]]>
</LABEL>
<VALUE>1</VALUE>
</CRITICALITY>
<RATIONALE_LIST>
<RATIONALE>
<TECHNOLOGY_ID>75</TECHNOLOGY_ID>
<TEXT>
<![CDATA[rationale]]>
</TEXT>
</RATIONALE>
</RATIONALE_LIST>
</CONTROL>
<CONTROL>
<ID>100026</ID>
<STATEMENT>
<![CDATA[pre_fcc_file_path_regexwith$]]>
</STATEMENT>
<CRITICALITY>
<LABEL>
<![CDATA[min]]>
</LABEL>
<VALUE>1</VALUE>
</CRITICALITY>
<RATIONALE_LIST>
<RATIONALE>
<TECHNOLOGY_ID>75</TECHNOLOGY_ID>
<TEXT>
<![CDATA[ration]]>
</TEXT>
</RATIONALE>
</RATIONALE_LIST>
</CONTROL>
</CONTROL_LIST>
<TECHNOLOGY_LIST>
<TECHNOLOGY>
<ID>75</ID>
<NAME>
<![CDATA[Windows Server 2012 R2]]>
</NAME>
</TECHNOLOGY>
</TECHNOLOGY_LIST>
<DPD_LIST>
<DPD>
<LABEL>:dp_1</LABEL>
<ID>1007020</ID>
<NAME>
<![CDATA[custom.win_file_content_check.1007020]]>
</NAME>
<DESC>
<![CDATA[FileContentChech]]>
</DESC>
</DPD>
<DPD>
<LABEL>:dp_2</LABEL>
<ID>1007110</ID>
<NAME>
<![CDATA[custom.win_file_content_check.1007110]]>
</NAME>
<DESC>
<![CDATA[reg key]]>
</DESC>
</DPD>
<DPD>
<LABEL>:dp_3</LABEL>
<ID>1008003</ID>
<NAME>
<![CDATA[custom.win_file_content_check.1008003]]>
</NAME>
<DESC>
<![CDATA[pre\$]]>
</DESC>
</DPD>
</DPD_LIST>
<TP_LIST>
<TP>
<LABEL>$tp_1</LABEL>
<V>
<![CDATA[true]]>
</V>
</TP>
<TP>
<LABEL>$tp_2</LABEL>
<V>
<![CDATA[.*]]>
</V>
</TP>
</TP_LIST>
<TM_LIST>
<TM>
<LABEL>@tm_1</LABEL>
<PAIR>
<K>
<![CDATA[item not found:2]]>
</K>
<V>
<![CDATA[Set status Passed for â€oeitem not foundâ€?
error]]>
</V>
</PAIR>
</TM>
<TM>
<LABEL>@tm_2</LABEL>
<PAIR>
<K>
<![CDATA[item not found:2]]>
</K>
<V>
<![CDATA[Set status Passed for â€oeitem not foundâ€?
error]]>
</V>
</PAIR>
</TM>
<TM>
<LABEL>@tm_3</LABEL>
<PAIR>
<K>
<![CDATA[item not found:2]]>
</K>
<V>
<![CDATA[Set status Passed for â€oeitem not foundâ€?
error]]>
</V>
</PAIR>
</TM>
</TM_LIST>
</GLOSSARY>undefined</RESPONSE>undefined</POSTURE_INFO_LIST_OUTPUT>
This sample includes 2 INFO records. One record has data for Extended Evidence, and the other record has data for Statistics and Extended Statistics Error.
API Request
curl -H "X-Requested-With:curl" -u "USERNAME:PASSWORD" -d
"action=list&policy_id=1055704&details=All&output_format=xml&show_extended_evidence=1"
"http://qualysapi.qualys.com/api/2.0/fo/compliance/posture/info/"
XML Output
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE POSTURE_INFO_LIST_OUTPUT SYSTEM
"https://qualysapi.qualys.com/api/2.0/fo/compliance/posture/info/posture_
info_list_output.dtd">
<POSTURE_INFO_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2022-04-28T11:08:05Z</DATETIME>
<POLICY>
<ID>1055704</ID>
<DATETIME>2022-04-28T11:08:05Z</DATETIME>
<INFO_LIST>
<INFO>
<ID>10461454</ID>
<HOST_ID>2573671</HOST_ID>
<CONTROL_ID>1071</CONTROL_ID>
<TECHNOLOGY_ID>80</TECHNOLOGY_ID>
<INSTANCE>
<![CDATA[os]]>
</INSTANCE>
<STATUS>Failed</STATUS>
<POSTURE_MODIFIED_DATE>2022-04-
27T08:57:38Z</POSTURE_MODIFIED_DATE>
<EVALUATION_DATE>2022-05-02T06:21:45Z</EVALUATION_DATE>
<PREVIOUS_STATUS>Failed</PREVIOUS_STATUS>
<FIRST_FAIL_DATE>2022-04-27T08:57:38Z</FIRST_FAIL_DATE>
<LAST_FAIL_DATE>2022-05-02T06:21:45Z</LAST_FAIL_DATE>
<FIRST_PASS_DATE>2022-04-21T12:05:56Z</FIRST_PASS_DATE>
<LAST_PASS_DATE>2022-04-21T12:05:56Z</LAST_PASS_DATE>
<EVIDENCE>
<BOOLEAN_EXPR>
<![CDATA[(:dp_2 in #fv_2 or :dp_2 < $tp_1
)]]>
</BOOLEAN_EXPR>
<DPV_LIST>
<DPV lastUpdated="2022-04-28T10:03:33Z">
<LABEL>:dp_2</LABEL>
<V>
<![CDATA[5]]>
</V>
</DPV>
</DPV_LIST>
<EXTENDED_EVIDENCE>
<![CDATA[Row 1:File name,Setting,Value
Row 2:/etc/login.defs,PASS_MIN_LEN,5
]]>
</EXTENDED_EVIDENCE>
<STATISTICS>
<![CDATA[]]>
</STATISTICS>
<EXTENDED_STATISTICS_ERROR>
<![CDATA[]]>
</EXTENDED_STATISTICS_ERROR>
</EVIDENCE>
</INFO>
<INFO>
<ID>10479751</ID>
<HOST_ID>2573673</HOST_ID>
<CONTROL_ID>100002</CONTROL_ID>
<TECHNOLOGY_ID>81</TECHNOLOGY_ID>
<INSTANCE>
<![CDATA[os]]>
</INSTANCE>
<STATUS>Passed</STATUS>
<POSTURE_MODIFIED_DATE>2022-04-
28T10:09:39Z</POSTURE_MODIFIED_DATE>
<EVALUATION_DATE>2022-05-02T06:21:45Z</EVALUATION_DATE>
<PREVIOUS_STATUS>Passed</PREVIOUS_STATUS>
<FIRST_FAIL_DATE>N/A</FIRST_FAIL_DATE>
<LAST_FAIL_DATE>N/A</LAST_FAIL_DATE>
<FIRST_PASS_DATE>2022-04-28T10:09:39Z</FIRST_PASS_DATE>
<LAST_PASS_DATE>2022-05-02T06:21:45Z</LAST_PASS_DATE>
<EVIDENCE>
<BOOLEAN_EXPR>
<![CDATA[:dp_8 matches $tp_5]]>
</BOOLEAN_EXPR>
<DPV_LIST>
<DPV lastUpdated="2022-04-28T10:03:26Z">
<LABEL>:dp_8</LABEL>
<V>
<![CDATA[No data found]]>
</V>
</DPV>
</DPV_LIST>
<EXTENDED_EVIDENCE>
<![CDATA[]]>
</EXTENDED_EVIDENCE>
<STATISTICS>
<![CDATA[Search duration: 63 seconds
]]>
</STATISTICS>
<EXTENDED_STATISTICS_ERROR>
<![CDATA[Error Code 28:Base directory
not foundcan't lstat target of '/usr/lib/debug/usr/.dwz ->
/usr/lib/debug/.dwz' (No such file or directory),can't lstat target of
'/usr/lib/systemd/system/dbus-org.freedesktop.network1.service ->
/usr/lib/systemd/system/systemd-networkd.service' (No such file or
directory),can't lstat target of '/usr/lib/modules/3.10.0-
327.el7.x86_64/build -> /usr/src/kernels/3.10.0-327.el7.x86_64' (No such
file or directory),can't lstat target of '/usr/lib/modules/3.10.0-
327.el7.x86_64/source -> /usr/src/kernels/3.10.0-327.el7.x86_64' (No such
file or directory),can't lstat target of '/usr/share/gdb/auto-load/bin ->
/usr/share/gdb/auto-load/usr/bin' (No such file or directory),can't lstat
target of '/usr/share/gdb/auto-load/lib -> /usr/share/gdb/autoload/
usr/lib' (No such file or directory),can't lstat target of
'/usr/share/gdb/auto-load/sbin -> /usr/share/gdb/auto-load/usr/sbin' (No
such file or directory),can't lstat target of
'/usr/share/PackageKit/icons -> /usr/share/pixmaps/comps' (No such file
or directory)
]]>
</EXTENDED_STATISTICS_ERROR>
</EVIDENCE>
</INFO>
...
<platform API server>/api/2.0/fo/compliance/posture/info/posture_info_list_output.dtd
Was this topic helpful?