Download a saved report in the user’s account. You can download all report types (map, scan, patch, authentication, scorecard, remediation, compliance). This option is available when the Report Share feature is enabled in the user’s subscription.
You can also view risk scores to Host Based Scan Reports, including TruRisk score, Asset Criticality Score (ACS) and Qualys Detection Score (QDS). These values appear in all report formats, including XML and CSV. You can download reports from the UI or fetch reports using the API.
Downloading a Policy Report in CSV format? When PCRS is enabled for your subscription, we’ll automatically compress large CSV policy reports and you’ll get a Zip file instead of CSV when the report is greater than 1GB in size. See Launching and Fetching Compliance Reports in CSV Format for important details.
User permissions - Managers can download any saved report. Unit Managers can download a saved report in their own business unit (reports launched by users in their own business unit). Scanners and Readers can download their own saved report.
|
Parameter |
Required/Optional |
Description |
|---|---|---|
|
action=fetch |
Required |
|
|
id={value} |
Required |
Specifies the report ID of a saved report that you want to download. The status of the report must be 'finished'. |
|
echo_request={0|1} |
Optional |
Specify 1 to view input parameters in the XML output. When not specified, parameters are not included in the XML output. |
Run the report list API.
API Request
curl -X POST -H "X-Requested-With:POSTMAN" -H "Authorization:Basic <TOKEN>" -F "action=list" "https://<qualys_base_url>/api/2.0/fo/report/"
XML Output
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE REPORT_LIST_OUTPUT SYSTEM "https://<qualys_base_url>/api/2.0/fo/report/report_list_output .dtd"> <REPORT_LIST_OUTPUT> <RESPONSE> <DATETIME>2018-07-02T15:29:52Z</DATETIME> <REPORT_LIST> <REPORT> <ID>7592049</ID> <TITLE> <![CDATA[FIXED Vuln Report]]> </TITLE> <TYPE>Scan</TYPE> <USER_LOGIN>acme_ur15</USER_LOGIN> <LAUNCH_DATETIME>2018-07-02T14:52:45Z</LAUNCH_DATETIME> <OUTPUT_FORMAT>HTML</OUTPUT_FORMAT> <SIZE>-</SIZE> <STATUS> <STATE>Running</STATE> <MESSAGE> <![CDATA[Rendering...]]> </MESSAGE> <PERCENT>80</PERCENT> </STATUS> <EXPIRATION_DATETIME>2018-07-30T14:52:48Z</EXPIRATION_DATETIME> </REPORT> ... <REPORT> <ID>7589800</ID> <TITLE> <![CDATA[My Authentication Report]]> </TITLE> <TYPE>Authentication</TYPE> <USER_LOGIN>acme_ee17</USER_LOGIN> <LAUNCH_DATETIME>2018-07-02T07:00:21Z</LAUNCH_DATETIME> <OUTPUT_FORMAT>PDF</OUTPUT_FORMAT> <SIZE>15 KB</SIZE> <STATUS> <STATE>Finished</STATE> </STATUS> <EXPIRATION_DATETIME>2018-07- 30T07:00:24Z</EXPIRATION_DATETIME> </REPORT> </REPORT_LIST> </RESPONSE> </REPORT_LIST_OUTPUT>
Another option - go to the user interface
Within the user interface find the report you want to download (go to Reports > Reports)
then choose View Report. In the Report Information window, at the top you’ll see the ID in
the window URL after id= like this:
https://<qualys_base_url>/fo/report/view_report.php?id =2281222
API Request
curl -H "X-Requested-With: Curl Sample"-b "QualysSession=71e6cda2a35d2cd404cddaf305ea0208; path=/api; secure" "https://<qualys_base_url>/api/2.0/fo/report/?action=fetch&id=1462"
In this sample, we’re downloading a Host Based Scan Report in CSV format. You’ll see the new column headers "QDS", "ARS" and "ACS".
API Request
curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl" -d "https://<qualys_base_url>/api/2.0/fo/report/?action=fetch&id=123457"
CSV Output
"Sample Report","05/24/2022 at 18:17:24 (GMT-0800)" "Qualys","919 E Hillsdale Blvd",,"Foster City","California","United States of America","94404" "Joe User","joe_user","Manager" ... "IP","DNS","NetBIOS","QG Host ID","IP Interfaces","Tracking Method","OS","IP Status","QID","Title","Vuln Status","Type","Severity","Port","Protocol","FQDN","SSL","First Detected","Last Detected","Times Detected","Date Last Fixed","First Reopened","Last Reopened","Times Reopened","CVE ID","Vendor Reference","Bugtraq ID","Threat","Impact","Solution","Exploitability","Associated Malware","Results","PCI Vuln","Ticket State","Instance","OS CPE","Category","Associated Ags","Cloud Provider","Cloud Provider Service","Cloud Service","Cloud Resource ID","Cloud Resource Type","Cloud Account","Cloud Image ID","Cloud Resource Metadata","EC2 Instance ID","Public Hostname","Image ID","VPC ID","Instance State","Private Hostname","Instance Type","Account ID","Region Code","Subnet ID","Host ID","Asset ID","QDS","ARS","TRURISK SCORE","ACS" "10.20.30.40","10-20-30-40.bogus.tld",,,,"DNS",,"host scanned, found vuln","100021","Microsoft Internet Explorer TABLE Status Bar URI Obfuscation Weakness","New","Vuln","2",,,,,"05/24/2022 10:07:23","05/24/2022 10:07:23","1",,,,,"CVE-2005- 4679",,"11561","Microsoft Internet Explorer is reported prone to a URI obfuscation weakness. The issue presents itself when a HREF tag contains an additional HREF tag contained within a TABLE tag. It is reported that hovering over the link of the second HREF tag will display the hostname address of the first HREF tag in the status bar of Internet Explorer. This weakness is reported to affect Internet Explorer 6, but other versions may also be affected. Windows XP Service Pack 2 is not reported to be vulnerable.","This issue may be leveraged by an attacker to display false information in the status bar of an unsuspecting user, allowing an attacker to present Web pages to users that seem to originate from a trusted location. This may facilitate phishing style attacks. Other attacks may also be possible.","This vulnerability is not exploitable with Windows XP Service Pack 2. There are no solutions available at this time for Windows 2000 or Windows XP Service Pack 1.",,,,"yes",,,,"Internet Explorer",,,,,,,,,"[]",,,,,,,,,,,"2685870","14617851","28","104","4" ...
API Request
curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl" -d
"https://<qualys_base_url>/api/2.0/fo/report/?action=fetch&id=123456"
XML Output
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE ASSET_DATA_REPORT SYSTEM
"https://<qualys_base_url>/asset_data_report.dtd">
<ASSET_DATA_REPORT>
<HEADER>
<COMPANY>
<![CDATA[ Qualys ]]>
</COMPANY>
<USERNAME>joe_user</USERNAME>
<GENERATION_DATETIME>2022-05-24T15:30:56Z</GENERATION_DATETIME>
<TEMPLATE>
<![CDATA[ ARS_Report ]]>
</TEMPLATE>
<TARGET>
<USER_IP_LIST>
<RANGE>
<START>10.20.30.40</START>
<END>10.20.30.40</END>
</RANGE>
</USER_IP_LIST>
<COMBINED_IP_LIST>
<RANGE>
<START>10.20.30.40</START>
<END>10.20.30.40</END>
</RANGE>
</COMBINED_IP_LIST>
</TARGET>
<RISK_SCORE_SUMMARY>
<TOTAL_VULNERABILITIES>5</TOTAL_VULNERABILITIES>
<AVG_SECURITY_RISK>2.2</AVG_SECURITY_RISK>
<BUSINESS_RISK>10/100</BUSINESS_RISK>
</RISK_SCORE_SUMMARY>
</HEADER>
<RISK_SCORE_PER_HOST>
<HOSTS>
<IP_ADDRESS>10.20.30.40</IP_ADDRESS>
<TOTAL_VULNERABILITIES>5</TOTAL_VULNERABILITIES>
<SECURITY_RISK>2.2</SECURITY_RISK>
</HOSTS>
</RISK_SCORE_PER_HOST>
<HOST_LIST>
<HOST>
<IP>10.20.30.40</IP>
<TRACKING_METHOD>DNS</TRACKING_METHOD>
<HOST_ID>2685870</HOST_ID>
<ASSET_ID>14617851</ASSET_ID>
<DNS>
<![CDATA[ 10-20-30-40.bogus.tld ]]>
</DNS>
<ARS>104</ARS>
<TRURISK_SCORE>104</TRURISK_SCORE>
<ACS>4</ACS>
<VULN_INFO_LIST>
<VULN_INFO>
<QID id="qid_100027">100027</QID>
<TYPE>Practice</TYPE>
<SSL>false</SSL>
<FIRST_FOUND>2022-05-24T04:37:23Z</FIRST_FOUND>
<LAST_FOUND>2022-05-24T04:37:23Z</LAST_FOUND>
<TIMES_FOUND>1</TIMES_FOUND>
<VULN_STATUS>New</VULN_STATUS>
<QDS>
<![CDATA[ 32 ]]>
</QDS>
</VULN_INFO>