Download Saved Report

[GET] [POST] /api/2.0/fo/report/

Download a saved report in the user’s account. You can download all report types (map, scan, patch, authentication, scorecard, remediation, compliance). This option is available when the Report Share feature is enabled in the user’s subscription.

You can also view risk scores to Host Based Scan Reports, including TruRisk score, Asset Criticality Score (ACS) and Qualys Detection Score (QDS). These values appear in all report formats, including XML and CSV. You can download reports from the UI or fetch reports using the API.

Downloading a Policy Report in CSV format? When PCRS is enabled for your subscription, we’ll automatically compress large CSV policy reports and you’ll get a Zip file instead of CSV when the report is greater than 1GB in size. See Launching and Fetching Compliance Reports in CSV Format for important details.

User permissions - Managers can download any saved report. Unit Managers can download a saved report in their own business unit (reports launched by users in their own business unit). Scanners and Readers can download their own saved report.

Input ParametersInput Parameters

Parameter

Required/Optional

Description

action=fetch

Required

 

id={value}

Required

Specifies the report ID of a saved report that you want to download. The status of the report must be 'finished'.

echo_request={0|1}

Optional

Specify 1 to view input parameters in the XML output. When not specified, parameters are not included in the XML output.

Where do I get the report ID?Where do I get the report ID?

Run the report list API.

API Request

 curl -X POST -H "X-Requested-With:POSTMAN" -H "Authorization:Basic
<TOKEN>" -F "action=list"
"https://<qualys_base_url>/api/2.0/fo/report/"

XML Output

 <?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE REPORT_LIST_OUTPUT SYSTEM
"https://<qualys_base_url>/api/2.0/fo/report/report_list_output
.dtd">
<REPORT_LIST_OUTPUT>
    <RESPONSE>
        <DATETIME>2018-07-02T15:29:52Z</DATETIME>
        <REPORT_LIST>
            <REPORT>
                <ID>7592049</ID>
                <TITLE>
                    <![CDATA[FIXED Vuln Report]]>
                </TITLE>
                <TYPE>Scan</TYPE>
                <USER_LOGIN>acme_ur15</USER_LOGIN>
                <LAUNCH_DATETIME>2018-07-02T14:52:45Z</LAUNCH_DATETIME>
                <OUTPUT_FORMAT>HTML</OUTPUT_FORMAT>
                <SIZE>-</SIZE>
                <STATUS>
                    <STATE>Running</STATE>
                    <MESSAGE>
                        <![CDATA[Rendering...]]>
                    </MESSAGE>
                    <PERCENT>80</PERCENT>
                </STATUS>
                <EXPIRATION_DATETIME>2018-07-30T14:52:48Z</EXPIRATION_DATETIME>
            </REPORT>
...
            <REPORT>
                <ID>7589800</ID>
                <TITLE>
                    <![CDATA[My Authentication Report]]>
                </TITLE>
                <TYPE>Authentication</TYPE>
                <USER_LOGIN>acme_ee17</USER_LOGIN>
                <LAUNCH_DATETIME>2018-07-02T07:00:21Z</LAUNCH_DATETIME>
                <OUTPUT_FORMAT>PDF</OUTPUT_FORMAT>
                <SIZE>15 KB</SIZE>
                <STATUS>
                    <STATE>Finished</STATE>
                </STATUS>
                <EXPIRATION_DATETIME>2018-07-
30T07:00:24Z</EXPIRATION_DATETIME>
            </REPORT>
        </REPORT_LIST>
    </RESPONSE>
</REPORT_LIST_OUTPUT>

Another option - go to the user interface

Within the user interface find the report you want to download (go to Reports > Reports) then choose View Report. In the Report Information window, at the top you’ll see the ID in the window URL after id= like this:

https://<qualys_base_url>/fo/report/view_report.php?id =2281222

Sample - Download reportSample - Download report

API Request

 curl -H "X-Requested-With: Curl Sample"-b "QualysSession=71e6cda2a35d2cd404cddaf305ea0208; path=/api;
secure" "https://<qualys_base_url>/api/2.0/fo/report/?action=fetch&id=1462"

Sample - Download Host Based Scan Report in CSV FormatSample - Download Host Based Scan Report in CSV Format

In this sample, we’re downloading a Host Based Scan Report in CSV format. You’ll see the new column headers "QDS", "ARS" and "ACS".

API Request

 curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl" -d "https://<qualys_base_url>/api/2.0/fo/report/?action=fetch&id=123457"

CSV Output

 "Sample Report","05/24/2022 at 18:17:24 (GMT-0800)"
"Qualys","919 E Hillsdale Blvd",,"Foster City","California","United
States of America","94404"
"Joe User","joe_user","Manager"
...
"IP","DNS","NetBIOS","QG Host ID","IP Interfaces","Tracking
Method","OS","IP Status","QID","Title","Vuln
Status","Type","Severity","Port","Protocol","FQDN","SSL","First
Detected","Last Detected","Times Detected","Date Last Fixed","First
Reopened","Last Reopened","Times Reopened","CVE ID","Vendor
Reference","Bugtraq
ID","Threat","Impact","Solution","Exploitability","Associated
Malware","Results","PCI Vuln","Ticket State","Instance","OS
CPE","Category","Associated Ags","Cloud Provider","Cloud Provider
Service","Cloud Service","Cloud Resource ID","Cloud Resource Type","Cloud
Account","Cloud Image ID","Cloud Resource Metadata","EC2 Instance
ID","Public Hostname","Image ID","VPC ID","Instance State","Private
Hostname","Instance Type","Account ID","Region Code","Subnet ID","Host
ID","Asset ID","QDS","ARS","TRURISK SCORE","ACS"
"10.20.30.40","10-20-30-40.bogus.tld",,,,"DNS",,"host scanned, found
vuln","100021","Microsoft Internet Explorer TABLE Status Bar URI
Obfuscation Weakness","New","Vuln","2",,,,,"05/24/2022
10:07:23","05/24/2022 10:07:23","1",,,,,"CVE-2005-
4679",,"11561","Microsoft Internet Explorer is reported prone to a URI
obfuscation weakness. The issue presents itself when a HREF tag contains
an additional HREF tag contained within a TABLE tag. It is reported that
hovering over the link of the second HREF tag will display the hostname
address of the first HREF tag in the status bar of Internet Explorer.
This weakness is reported to affect Internet Explorer 6, but other
versions may also be affected. Windows XP Service Pack 2 is not reported
to be vulnerable.","This issue may be leveraged by an attacker to display
false information in the status bar of an unsuspecting user, allowing an
attacker to present Web pages to users that seem to originate from a
trusted location. This may facilitate phishing style attacks. Other
attacks may also be possible.","This vulnerability is not exploitable with
Windows XP Service Pack 2. There are no solutions available at this time
for Windows 2000 or Windows XP Service Pack 1.",,,,"yes",,,,"Internet
Explorer",,,,,,,,,"[]",,,,,,,,,,,"2685870","14617851","28","104","4"
...

Sample - Download Host Based Scan Report in XML FormatSample - Download Host Based Scan Report in XML Format

API Request

 curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl" -d
"https://<qualys_base_url>/api/2.0/fo/report/?action=fetch&id=123456"

XML Output

 <?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE ASSET_DATA_REPORT SYSTEM
"https://<qualys_base_url>/asset_data_report.dtd">
<ASSET_DATA_REPORT>
    <HEADER>
        <COMPANY>
            <![CDATA[ Qualys ]]>
        </COMPANY>
        <USERNAME>joe_user</USERNAME>
        <GENERATION_DATETIME>2022-05-24T15:30:56Z</GENERATION_DATETIME>
        <TEMPLATE>
            <![CDATA[ ARS_Report ]]>
        </TEMPLATE>
        <TARGET>
            <USER_IP_LIST>
                <RANGE>
                    <START>10.20.30.40</START>
                    <END>10.20.30.40</END>
                </RANGE>
            </USER_IP_LIST>
            <COMBINED_IP_LIST>
                <RANGE>
                    <START>10.20.30.40</START>
                    <END>10.20.30.40</END>
                </RANGE>
            </COMBINED_IP_LIST>
        </TARGET>
        <RISK_SCORE_SUMMARY>
            <TOTAL_VULNERABILITIES>5</TOTAL_VULNERABILITIES>
            <AVG_SECURITY_RISK>2.2</AVG_SECURITY_RISK>
            <BUSINESS_RISK>10/100</BUSINESS_RISK>
        </RISK_SCORE_SUMMARY>
    </HEADER>
    <RISK_SCORE_PER_HOST>
        <HOSTS>
            <IP_ADDRESS>10.20.30.40</IP_ADDRESS>
            <TOTAL_VULNERABILITIES>5</TOTAL_VULNERABILITIES>
            <SECURITY_RISK>2.2</SECURITY_RISK>
        </HOSTS>
    </RISK_SCORE_PER_HOST>
    <HOST_LIST>
        <HOST>
            <IP>10.20.30.40</IP>
            <TRACKING_METHOD>DNS</TRACKING_METHOD>
            <HOST_ID>2685870</HOST_ID>
            <ASSET_ID>14617851</ASSET_ID>
            <DNS>
                <![CDATA[ 10-20-30-40.bogus.tld ]]>
            </DNS>
            <ARS>104</ARS>
            <TRURISK_SCORE>104</TRURISK_SCORE>
            <ACS>4</ACS>
            <VULN_INFO_LIST>
                <VULN_INFO>
                    <QID id="qid_100027">100027</QID>
                    <TYPE>Practice</TYPE>
                    <SSL>false</SSL>
                    <FIRST_FOUND>2022-05-24T04:37:23Z</FIRST_FOUND>
                    <LAST_FOUND>2022-05-24T04:37:23Z</LAST_FOUND>
                    <TIMES_FOUND>1</TIMES_FOUND>
                    <VULN_STATUS>New</VULN_STATUS>
                    <QDS>
                        <![CDATA[ 32 ]]>
                    </QDS>
                </VULN_INFO>