For API version information, refer to the API Version History section.
List dynamic search lists and manage them (create, update, delete).
Permissions - Managers, Unit Managers, Scanners and Readers have permission to list and manage dynamic search lists.
Actions: List | Create and Update | Delete
|
Parameter |
Required/Optional |
Data Type |
Description |
|---|---|---|---|
|
action=list |
Required |
String |
Supported methods are GET, POST |
|
echo_request={0|1} |
Optional |
Integer |
Specify 1 to view (echo) input parameters in the XML output. By default these are not included. |
|
ids={id1,id2,...} |
Optional |
Integer |
One or more search list IDs to display. Multiple IDs are comma separated. |
|
show_qids={0|1} |
Optional |
Integer |
Set to 0 to hide QIDs defined for each search list in the XML output. By default these QIDs are shown. |
|
show_option_profiles={0|1} |
Optional |
Integer |
Set to 0 to hide option profiles associated with each search list in the XML output. By default these option profiles are shown. |
|
show_distribution_groups={0|1} |
Optional |
Integer |
Set to 0 to hide distribution groups associated with each search list in the XML output. By default these distribution groups are shown. |
|
show_report_templates={0|1} |
Optional |
Integer |
Set to 0 to hide report templates associated with each search list in the XML output. By default these report templates will be shown. |
|
show_remediation_policies={0|1} |
Optional |
Integer |
Set to 0 to hide remediation policies associated with each search list in the XML output. By default these remediation policies will be shown. |
API Request
curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" "https://<qualys_base_url>/api/2.0/fo/qid/search_list/dynamic/? action=list&ids=381"XML Output
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE DYNAMIC_SEARCH_LIST_OUTPUT SYSTEM
"https://<qualys_base_url>/api/2.0/fo/qid/search_list/dynamic/d
ynamic_list_output.dtd">
<SEARCH_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2015-01-06T06:20:03Z</DATETIME>
<DYNAMIC_LISTS>
<DYNAMIC_LIST>
<ID>381</ID>
<TITLE><![CDATA[static search list]]></TITLE>
<GLOBAL>Yes</GLOBAL>
<OWNER>acme_tb</OWNER>
<CREATED><![CDATA[07/27/2015 at 15:18:42
(GMT+0530)]]></CREATED>
<MODIFIED_BY>acme_tb</MODIFIED_BY>
<MODIFIED><![CDATA[07/27/2015 at 15:18:42
(GMT+0530)]]></MODIFIED>
<QIDS>
<QID>1000<QID>
<QID>1001<QID>
</QIDS>
<CRITERIA>
<VULNERABILITY_TITLE><![CDATA[NOT
Title]]></VULNERABILITY_TITLE>
<DISCOVERY_METHOD><![CDATA[Authenticated
Only]]></DISCOVERY_METHOD>
<AUTHENTICATION_TYPE><![CDATA[HTTP, Oracle,
Unix]]></AUTHENTICATION_TYPE>
<USER_CONFIGURATION><![CDATA[Disabled,
Edited]]></USER_CONFIGURATION>
<CATEGORY><![CDATA[NOT Backdoors and trojan horses, DNS
and BIND]]> </CATEGORY>
<CONFIRMED_SEVERITY><![CDATA[1,
2]]></CONFIRMED_SEVERITY>
<POTENTIAL_SEVERITY><![CDATA[2,
3]]></POTENTIAL_SEVERITY>
<INFORMATION_SEVERITY><![CDATA[4,
5]]></INFORMATION_SEVERITY>
<VENDOR><![CDATA[NOT 2brightsparks,3com,4d]]></VENDOR>
<PRODUCT><![CDATA[NOT .net_framework]]></PRODUCT>
<CVSS_BASE_SCORE><![CDATA[2]]></CVSS_BASE_SCORE>
<CVSS_TEMPORAL_SCORE><![CDATA[3]]></CVSS_TEMPORAL_SCORE>
<CVSS_ACCESS_VECTOR><![CDATA[Adjacent
Network]]></CVSS_ACCESS_VECTOR>
<PATCH_AVAILABLE><![CDATA[Yes, No]]></PATCH_AVAILABLE>
<VIRTUAL_PATCH_AVAILABLE><![CDATA[Yes]]></VIRTUAL_PATCH_AVAILABLE>
<CVE_ID><![CDATA[NOT CVE]]></CVE_ID>
<CVE_ID_FILTER><![CDATAContains]></CVE_ID_FILTER>
<EXPLOITABILITY><![CDATA[ExploitKits, Immunity -
Dsquare]]> </EXPLOITABILITY>
<ASSOCIATED_MALWARE><![CDATA[Trend
Micro]]></ASSOCIATED_MALWARE>
<VENDOR_REFERENCE><![CDATA[NOT
Linux]]></VENDOR_REFERENCE>
<BUGTRAQ_ID><![CDATA[NOT 15656]]></BUGTRAQ_ID>
<VULNERABILITY_DETAILS><![CDATA[details]]></VULNERABILITY_DETAILS>
<COMPLIANCE_DETAILS><![CDATA[details]]></COMPLIANCE_DETAILS>
<COMPLIANCE_TYPE><![CDATA[PCI, CobIT, HIPAA, GLBA,
SOX]]></COMPLIANCE_TYPE>
<QUALYS_TOP_20><![CDATA[Top Internal 10, Top External
10]]></QUALYS_TOP_20>
<OTHER><![CDATA[Not exploitable due to configuration,
Non-running services, 2008 SANS 20]]></OTHER>
<NETWORK_ACCESS><![CDATA[NAC / NAM]]></NETWORK_ACCESS>
<USER_MODIFIED><![CDATA[NOT 07/27/2015-
07/27/2015]]></USER_MODIFIED>
<PUBLISHED><![CDATA[NOT 06/02/2015-
07/20/2015]]></PUBLISHED>
<SERVICE_MODIFIED><![CDATA[NOT Previous 1
week]]></SERVICE_MODIFIED>
</CRITERIA>
</CRITERIA>
<!-- This list is used in the following option profiles //-
->
<OPTION_PROFILES>
<OPTION_PROFILE>
<ID>135<ID>
<TITLE><![CDATA[Initial Options]]></TITLE>
<OPTION_PROFILE>
</OPTION_PROFILES>
<!-- This list is used in the following report templates
//-->
<REPORT_TEMPLATES>
<REPORT_TEMPLATE>
<ID>256<ID>
<TITLE><![CDATA[Scan Report Template]]></TITLE>
<REPORT_TEMPLATE>
</REPORT_TEMPLATES>
<!-- This list is used in the following remediation
policies. //-->
<REMEDIATION_POLICIES>
<REMEDIATION_POLICY>
<ID>655<ID>
<TITLE><![CDATA[Remediation Policy 1]]></TITLE>
<REMEDIATION_POLICY>
</REMEDIATION_POLICIES>
<!-- This search list is associated with following
distribution groups. //-->
<DISTRIBUTION_GROUPS>
<DISTRIBUTION_GROUP>
<ID>226<ID>
<TITLE><![CDATA[All]]></TITLE>
<DISTRIBUTION_GROUP>
</DISTRIBUTION_GROUPS>
<COMMENTS><![CDATA[This is my first comment for this
list]]></COMMENTS>
</DYNAMIC_LIST>
</DYNAMIC_LISTS>
</RESPONSE>
</SEARCH_LIST_OUTPUT><platform API server>/api/2.0/fo/qid/search_list/dynamic/dynamic_list_output.dtd
|
Parameter |
Required/Optional |
Data Type |
Description |
|---|---|---|---|
|
action=create|update |
Required |
String |
Supported method is POST |
|
echo_request={0|1} |
Optional |
Integer |
Specify 1 to view (echo) input parameters in the XML output. By default these are not included. |
|
title={value} |
Required for create action, optional for update |
String |
A user defined search list title. Maximum is 256 characters (ascii). |
|
global={0|1} |
Optional |
Integer |
Specify 1 to make this a global search list. By default a new search list is not set to global (i.e. set to 0). |
|
Search Criteria |
|
|
|
|
|
For create request: Search criteria is required. For update request: Only criteria specified in an update request will overwrite existing criteria, if any. For example, if a search list has confirmed_severities=3,4 and you make an update request with confirmed_severities=5, the search list will be updated to confirmed_severities=5. |
||
|
vuln_title={value} |
|
String |
Vulnerability title (string); to unset value use update request and set to empty value |
|
not_vuln_title={0|1} |
|
Integer |
Set to 1 for vulnerability title that does not match vuln_title parameter value |
|
discovery_methods={value} |
|
String |
One or more discovery methods: Remote, Authenticated, Remote_Authenticated; by default all methods are included |
|
auth_types={value} |
|
String |
One or more of these authentication types: Windows, Unix, Oracle, SNMP, VMware, DB2, HTTP, MySQL; multiple values are comma separated; to unset value use update request and set to empty value |
|
user_configuration={value} |
|
Integer |
One or more of these user configuration values: disabled, custom; multiple values are comma separated; to unset value use update request and set to empty value |
|
categories={value} |
|
String |
One or more vulnerability category names (strings); to unset value use update request and set to empty value |
|
not_categories={0|1} |
|
Integer |
Set to 1 for categories that do not match categories parameter values |
|
confirmed_severities={value} |
|
Integer |
One or more confirmed vulnerability severities (1-5); multiple severities are comma separated; to unset value use update request and set to empty value |
|
potential_severities={value} |
|
Integer |
One or more potential vulnerability severities (1-5); multiple severities are comma separated; to unset value use update request and set to empty value |
|
ig_severities={value} |
|
Integer |
One or more information gathered severities (1-5); multiple severities are comma separated; to unset value use update request and set to empty value |
|
vendor_ids={value} |
|
Integer |
One or more vendor IDs; multiple IDs are comma separated; to unset value use update request and set to empty value |
|
not_vendor_ids={0|1} |
|
Integer |
Set to 1 for vendor IDs that do not match vendor_ids parameter values |
|
products={value} |
|
String |
Vendor product names; multiple names are comma separated; to unset value use update request and set to empty value |
|
not_products={0|1} |
|
Integer |
Set to 1 for product names that do not match products parameter values |
|
patch_available={value} |
|
Integer |
Vulnerabilities with patches: 0 (no), 1 (yes); by default all vulnerabilities with and without patches are included; multiple values are comma separated; to unset value use update request and set to empty value |
|
virtual_patch_available={value} |
|
Integer |
Vulnerabilities with Trend Micro virtual patches: 0 (no), 1 (yes); by default vulnerabilities with and without these virtual patches are included: multiple values are comma separated; to unset value use update request and set to empty value |
|
cve_ids_filter |
Optional |
Integer |
Filter CVE IDs with the “Exact Match” or “Contains” search criteria: - Set to 1 to filter the CVE IDs that match exactly with the input CVE strings. - Set to 2 to filter the CVE IDs that contain the input CVE string. |
|
cve_ids={value} |
Optional |
Integer |
One or more CVE IDs; multiple IDs are comma separated; to unset value use update request and set to empty value |
|
not_cve_ids={0|1} |
Optional |
Integer |
Set to 1 for CVE IDs that do not match cve_ids parameter values |
|
exploitability={value} |
Optional |
String |
One or more vendors with exploitability info; multiple references are comma separated; to unset value use update request and set to empty value |
|
malware_associated={value} |
Optional |
String |
One or more vendors with malware info; multiple references are comma separated; to unset value use update request and set to empty value |
|
vendor_refs={value} |
Optional |
String |
One or more vendor references; multiple vendors are comma separated; to unset value use update request and set to empty value |
|
not_vendor_refs={0|1} |
Optional |
Integer |
Set to 1 for vendor references that do not match vendor_refs parameter values |
|
bugtraq_id={value} |
Optional |
Integer |
Vulnerabilities with a Bugtraq ID number; to unset value use update request and set to empty value |
|
not_bugtraq_id={0|1} |
Optional |
Integer |
Set to 1 for vulnerabilities with Bugtraq IDs that do not match the bugtraq_id parameter value |
|
vuln_details={value} |
Optional |
String |
A string matching vulnerability details; to unset value use update request and set to empty value |
|
compliance_details={value} |
Optional |
String |
A string matching compliance details; to unset value use update request and set to empty value |
|
supported_modules={value} |
Optional |
String |
One or more of these Qualys modules: VM, CA-Windows Agent, CA-Linux Agent, WAS, WAF, MD; multiple values are comma separated; to unset value use update request and set to empty value |
|
compliance_types={value} |
Optional |
Integer |
One or more compliance types: PCI, CobiT, HIPAA, GLBA, SOX; multiple values are comma separated; to unset value use update request and set to empty value |
|
qualys_top_lists={value} |
Optional |
Integer |
One or more Qualys top lists: Internal_10, Extermal_10; multiple values are comma separated; to unset value use update request and set to empty value |
|
cpe={value} |
Optional |
String |
One or more CPE values: Operating System, Application, Hardware, None; multiple values are comma separated. |
|
qids_not_exploitable={0|1} |
Optional |
Integer |
Set to 1 for vulnerabilities that are not exploitable due to configuration. |
|
non_running_services={0|1} |
Optional |
Integer |
Set to 1 for vulnerabilities on non running services. |
|
sans_20={0|1} |
Optional |
Integer |
Set to 1 for vulnerabilities in 2008 SANS 20 list |
|
nac_nam={0|1} |
Optional |
Integer |
Set to 1 for NAC/NAM vulnerabilities |
|
vuln_provider={value} |
Optional |
Integer |
Provider of the vulnerability if not Qualys; valid value is iDefense |
|
cvss_base={value} |
Optional |
Integer |
CVSS base score value (matches greater than or equal to this value); to unset value use update request and set to empty value |
|
cvss_temp={value} |
Optional |
Integer |
CVSS temporal score value (matches greater than or equal to this value); to unset value use update request and set to empty value |
|
cvss_access_vector={value} |
Optional |
Integer |
CVSS access vector, one of: Undefined, Local, Adjacent_Network, Network; to unset value use update request and set to empty value |
|
cvss_base_operand={value} |
Optional |
Integer |
Set the value to 1 to use the greater than equal to operand. Set the value to 2 to use the less than operand. You must always specify the "cvss_base" parameter along with the "cvss_base_operand" parameter in the API request. |
|
cvss_temp_operand={value} |
Optional |
Integer |
Set the value to 1 to use the greater than equal to operand. Set the value to 2 to use the less than operand. You must always specify the "cvss_temp" parameter along with the "cvss_temp_operand" parameter in the API request. |
|
cvss3_base={value} |
Optional |
Integer |
CVSS3 base score value assigned to the CVEs by NIST (matches greater than, less than, or equal to this value); to unset value use update request and set to empty value. |
|
cvss3_temp={value} |
Optional |
Integer |
CVSS3 temporal score value assigned to the CVEs by NIST (matches greater than, less than, or equal to this value); to unset value use update request and set to empty value. |
|
cvss3_base_operand={value} |
Optional |
Integer |
Set the value to 1 to use the greater than equal to operand. Set the value to 2 to use the less than operand. You must always specify the "cvss3_base" parameter along with the "cvss3_base_operand" parameter in the API request. |
|
cvss3_temp_operand={value} |
Optional |
Integer |
Set the value to 1 to use the greater than equal to operand. Set the value to 2 to use the less than operand. You must always specify the "cvss3_temp" parameter along with the "cvss3_temp_operand" parameter in the API request. |
|
User Modified Filters |
Optional |
Integer |
User modified filter parameters are mutually exclusive; only 1 parameter per request |
|
user_modified_date_between |
Optional |
Integer |
date range in format (mm/dd/yyyy-mm/dd/yyyy) |
|
user_modified_date_today |
Optional |
Integer |
set to 1 for modified by user today; set to 0 for not modified by user today |
|
user_modified_date_in previous |
Optional |
Integer |
one of: Year, Month, Week, Quarter |
|
user_modified_date_within_ |
Optional |
Integer |
number of days: 1-9999 |
|
not_user_modified={0|1} |
Optional |
Integer |
set to 1 to set the "not" flag for one of the user_modified parameters |
|
Service Modified Filters |
Optional |
Integer |
Service modified filter parameters are mutually exclusive; only 1 parameter per request |
|
service_modified_date_between |
Optional |
Integer |
date range in format (mm/dd/yyyy-mm/dd/yyyy) |
|
service_modified_date_ |
Optional |
Integer |
set to 1 for modified by our service today; set to 0 for not modified by our service today |
|
service_modified_date_ |
Optional |
Integer |
one of: Year, Month, Week, Quarter |
|
service_modified_date_within_ |
Optional |
Integer |
number of days: 1-9999 |
|
not_service_modified={0|1} |
Optional |
Integer |
set to 1 to set the "not" flag for one of the service_modified parameters |
|
Published Filters |
Optional |
Integer |
Published filter parameters are mutually exclusive; only 1 parameter per request |
|
published_date_between |
Optional |
Integer |
date range in format (mm/dd/yyyy-mm/dd/yyyy) |
|
published_date_today={0|1} |
Optional |
Integer |
set to 1 for published today; set to 0 for not published today |
|
published_date_in previous |
Optional |
Integer |
one of: Year, Month, Week, Quarter |
|
published_date_within_ |
Optional |
Integer |
number of days: 1-9999 |
|
not_published={0|1} |
Optional |
Integer |
set to 1 to set the "not" flag for one of the published parameters |
|
Update Request Only |
|
|
|
|
unset_user_modified_ |
Optional |
Integer |
Set to empty value to unset the user modified date in the search list parameters. |
|
unset_published_ |
Optional |
Integer |
Set to empty value to unset the published date in the search list parameters. |
|
unset_service_modified_ |
Optional |
Integer |
Set to empty value to unset the service modified date in the search list parameters. |
API Request
curl -u "USERNAME:PASSWD" -H "X-Requested-With: Curl" -X "POST" -d"action=create&title=My+Dynamic+Search+List&global=1&published_date_within_last_days=7&patch_available=1""https://<qualys_base_url>/api/2.0/fo/qid/search_list/dynamic/"XML Output
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "https://<qualys_base_url>/api/2.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2015-09-01T21:32:40Z</DATETIME>
<TEXT>New search list created successfully</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>ID</KEY>
<VALUE>136992</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>API Request
curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl demo2" -d "action=create&title=mytest_DL313&cvss_base=3&cvss_base_operand=1&cvss_temp=2&cvss_temp_operand=2&cvss3_base=2&cvss3_base_operand=1&cvss3_temp=2&cvss3_temp_operand=2" "https://<qualys_base_url>/api/2.0/fo/qid/search_list/dynamic/"API Request
curl -u "USERNAME:PASSWD" -H "X-Requested-With: Curl" -X "POST" -d "action=delete&id=123456" "https://<qualys_base_url>/api/2.0/fo/qid/search_list/dynamic/"XML Output
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM
"https://<qualys_base_url>/api/2.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2015-09-01T21:32:40Z</DATETIME>
<TEXT>search list deleted successfully</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>ID</KEY>
<VALUE>123456</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>|
Parameter |
Required/Optional |
Data Type |
Description |
|---|---|---|---|
|
action=delete |
Required |
String |
Supported method is POST |
|
echo_request={0|1} |
Optional |
Integer |
Specify 1 to view (echo) input parameters in the XML output. By default these are not included. |
|
id={id} |
Required |
Integer |
The ID of the search list you want to delete. |
API Request
curl -u "USERNAME:PASSWD" -H "X-Requested-With: Curl" -X "POST" -d"action=delete&id=123456&global=1&qids=68518-68522,48000-48004""https://<qualys_base_url>/api/2.0/fo/qid/search_list/dynamic/"XML Output
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "https://<qualys_base_url>/api/2.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2015-09-01T21:32:40Z</DATETIME>
<TEXT>search list deleted successfully</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>ID</KEY>
<VALUE>123456</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN><platform API server>/api/2.0/simple_return.dtd
List dynamic search lists and manage them (create, update, delete).
Permissions - Managers, Unit Managers, Scanners and Readers have permission to list and manage dynamic search lists.
Actions: List | Create and Update | Delete
|
Parameter |
Required/Optional |
Data Type |
Description |
|---|---|---|---|
|
action=list |
Required |
String |
Supported methods are GET, POST |
|
echo_request={0|1} |
Optional |
Integer |
Specify 1 to view (echo) input parameters in the XML output. By default these are not included. |
|
ids={id1,id2,...} |
Optional |
Integer |
One or more search list IDs to display. Multiple IDs are comma separated. |
|
show_qids={0|1} |
Optional |
Integer |
Set to 0 to hide QIDs defined for each search list in the XML output. By default these QIDs are shown. |
|
show_option_profiles={0|1} |
Optional |
Integer |
Set to 0 to hide option profiles associated with each search list in the XML output. By default these option profiles are shown. |
|
show_distribution_groups={0|1} |
Optional |
Integer |
Set to 0 to hide distribution groups associated with each search list in the XML output. By default these distribution groups are shown. |
|
show_report_templates={0|1} |
Optional |
Integer |
Set to 0 to hide report templates associated with each search list in the XML output. By default these report templates will be shown. |
|
show_remediation_policies={0|1} |
Optional |
Integer |
Set to 0 to hide remediation policies associated with each search list in the XML output. By default these remediation policies will be shown. |
| cloud_agent_scan_type |
Optional | String | Required for creating, updating/removing, listing actions of dynamic search list for Deep Scan QIDs. |
API Request
curl location <qualys_base_url>/api/3.0/fo/qid/search_list/dynamic/?action=list&ids=6343529&show_qids=0' \
header 'Content-Type: test/xml' \
header 'X-Requested-With: test' \
header 'Authorization: Bearer <JWT Token>'XML Output
curl location <qualys_base_url>/api/3.0/fo/qid/search_list/dynamic/?action=list&ids=6343529&show_qids=0' \
header 'Content-Type: test/xml' \
header 'X-Requested-With: test' \
header 'Authorization: Bearer <JWT Token><?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE DYNAMIC_SEARCH_LIST_OUTPUT SYSTEM <qualys_base_url>/api/3.0/fo/qid/search_list/dynamic/dynamic_list_output.dtd">
<DYNAMIC_SEARCH_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2025-12-11T09:06:19Z</DATETIME>
<DYNAMIC_LISTS>
<DYNAMIC_LIST>
<ID>6343529</ID>
<TITLE>
<![CDATA[2 Deep Scan API Testing]]>
</TITLE>
<GLOBAL>Yes</GLOBAL>
<OWNER>
<![CDATA[Amol Zambare (vmdrxaz7)]]>
</OWNER>
<CREATED>2025-12-11T08:46:28Z</CREATED>
<MODIFIED_BY>
<![CDATA[Amol Zambare (vmdrxaz7)]]>
</MODIFIED_BY>
<MODIFIED>2025-12-11T08:54:45Z</MODIFIED>
<CRITERIA>
<DISCOVERY_METHOD>
<![CDATA[All]]>
</DISCOVERY_METHOD>
<CLOUD_AGENT_SCAN_TYPE>
<![CDATA[Deep Scan - Windows]]>
</CLOUD_AGENT_SCAN_TYPE>
<PROVIDER>
<![CDATA[iDefense]]>
</PROVIDER>
</CRITERIA>
</DYNAMIC_LIST>
</DYNAMIC_LISTS>
</RESPONSE>
</DYNAMIC_SEARCH_LIST_OUTPUT>'
|
Parameter |
Required/Optional |
Data Type |
Description |
|---|---|---|---|
|
action=create|update |
Required |
String |
Supported method is POST |
|
echo_request={0|1} |
Optional |
Integer |
Specify 1 to view (echo) input parameters in the XML output. By default these are not included. |
|
title={value} |
Required for create action, optional for update |
String |
A user defined search list title. Maximum is 256 characters (ascii). |
|
global={0|1} |
Optional |
Integer |
Specify 1 to make this a global search list. By default a new search list is not set to global (i.e. set to 0). |
|
Search Criteria |
|
|
|
|
|
For create request: Search criteria is required. For update request: Only criteria specified in an update request will overwrite existing criteria, if any. For example, if a search list has confirmed_severities=3,4 and you make an update request with confirmed_severities=5, the search list will be updated to confirmed_severities=5. |
||
|
vuln_title={value} |
|
String |
Vulnerability title (string); to unset value use update request and set to empty value |
|
not_vuln_title={0|1} |
|
Integer |
Set to 1 for vulnerability title that does not match vuln_title parameter value |
|
discovery_methods={value} |
|
String |
One or more discovery methods: Remote, Authenticated, Remote_Authenticated; by default all methods are included |
|
auth_types={value} |
|
String |
One or more of these authentication types: Windows, Unix, Oracle, SNMP, VMware, DB2, HTTP, MySQL; multiple values are comma separated; to unset value use update request and set to empty value |
|
user_configuration={value} |
|
Integer |
One or more of these user configuration values: disabled, custom; multiple values are comma separated; to unset value use update request and set to empty value |
|
categories={value} |
|
String |
One or more vulnerability category names (strings); to unset value use update request and set to empty value |
|
not_categories={0|1} |
|
Integer |
Set to 1 for categories that do not match categories parameter values |
|
confirmed_severities={value} |
|
Integer |
One or more confirmed vulnerability severities (1-5); multiple severities are comma separated; to unset value use update request and set to empty value |
|
potential_severities={value} |
|
Integer |
One or more potential vulnerability severities (1-5); multiple severities are comma separated; to unset value use update request and set to empty value |
|
ig_severities={value} |
|
Integer |
One or more information gathered severities (1-5); multiple severities are comma separated; to unset value use update request and set to empty value |
|
vendor_ids={value} |
|
Integer |
One or more vendor IDs; multiple IDs are comma separated; to unset value use update request and set to empty value |
|
not_vendor_ids={0|1} |
|
Integer |
Set to 1 for vendor IDs that do not match vendor_ids parameter values |
|
products={value} |
|
String |
Vendor product names; multiple names are comma separated; to unset value use update request and set to empty value |
|
not_products={0|1} |
|
Integer |
Set to 1 for product names that do not match products parameter values |
|
patch_available={value} |
|
Integer |
Vulnerabilities with patches: 0 (no), 1 (yes); by default all vulnerabilities with and without patches are included; multiple values are comma separated; to unset value use update request and set to empty value |
|
virtual_patch_available={value} |
|
Integer |
Vulnerabilities with Trend Micro virtual patches: 0 (no), 1 (yes); by default vulnerabilities with and without these virtual patches are included: multiple values are comma separated; to unset value use update request and set to empty value |
|
cve_ids_filter |
Optional |
Integer |
Filter CVE IDs with the “Exact Match” or “Contains” search criteria: - Set to 1 to filter the CVE IDs that match exactly with the input CVE strings. - Set to 2 to filter the CVE IDs that contain the input CVE string. |
|
cve_ids={value} |
Optional |
Integer |
One or more CVE IDs; multiple IDs are comma separated; to unset value use update request and set to empty value |
|
not_cve_ids={0|1} |
Optional |
Integer |
Set to 1 for CVE IDs that do not match cve_ids parameter values |
|
exploitability={value} |
Optional |
String |
One or more vendors with exploitability info; multiple references are comma separated; to unset value use update request and set to empty value |
|
malware_associated={value} |
Optional |
String |
One or more vendors with malware info; multiple references are comma separated; to unset value use update request and set to empty value |
|
vendor_refs={value} |
Optional |
String |
One or more vendor references; multiple vendors are comma separated; to unset value use update request and set to empty value |
|
not_vendor_refs={0|1} |
Optional |
Integer |
Set to 1 for vendor references that do not match vendor_refs parameter values |
|
bugtraq_id={value} |
Optional |
Integer |
Vulnerabilities with a Bugtraq ID number; to unset value use update request and set to empty value |
|
not_bugtraq_id={0|1} |
Optional |
Integer |
Set to 1 for vulnerabilities with Bugtraq IDs that do not match the bugtraq_id parameter value |
|
vuln_details={value} |
Optional |
String |
A string matching vulnerability details; to unset value use update request and set to empty value |
|
compliance_details={value} |
Optional |
String |
A string matching compliance details; to unset value use update request and set to empty value |
|
supported_modules={value} |
Optional |
String |
One or more of these Qualys modules: VM, CA-Windows Agent, CA-Linux Agent, WAS, WAF, MD; multiple values are comma separated; to unset value use update request and set to empty value |
|
compliance_types={value} |
Optional |
Integer |
One or more compliance types: PCI, CobiT, HIPAA, GLBA, SOX; multiple values are comma separated; to unset value use update request and set to empty value |
|
qualys_top_lists={value} |
Optional |
Integer |
One or more Qualys top lists: Internal_10, Extermal_10; multiple values are comma separated; to unset value use update request and set to empty value |
|
cpe={value} |
Optional |
String |
One or more CPE values: Operating System, Application, Hardware, None; multiple values are comma separated. |
|
qids_not_exploitable={0|1} |
Optional |
Integer |
Set to 1 for vulnerabilities that are not exploitable due to configuration. |
|
non_running_services={0|1} |
Optional |
Integer |
Set to 1 for vulnerabilities on non running services. |
|
sans_20={0|1} |
Optional |
Integer |
Set to 1 for vulnerabilities in 2008 SANS 20 list |
|
nac_nam={0|1} |
Optional |
Integer |
Set to 1 for NAC/NAM vulnerabilities |
|
vuln_provider={value} |
Optional |
Integer |
Provider of the vulnerability if not Qualys; valid value is iDefense |
|
cvss_base={value} |
Optional |
Integer |
CVSS base score value (matches greater than or equal to this value); to unset value use update request and set to empty value |
|
cvss_temp={value} |
Optional |
Integer |
CVSS temporal score value (matches greater than or equal to this value); to unset value use update request and set to empty value |
|
cvss_access_vector={value} |
Optional |
Integer |
CVSS access vector, one of: Undefined, Local, Adjacent_Network, Network; to unset value use update request and set to empty value |
|
cvss_base_operand={value} |
Optional |
Integer |
Set the value to 1 to use the greater than equal to operand. Set the value to 2 to use the less than operand. You must always specify the "cvss_base" parameter along with the "cvss_base_operand" parameter in the API request. |
|
cvss_temp_operand={value} |
Optional |
Integer |
Set the value to 1 to use the greater than equal to operand. Set the value to 2 to use the less than operand. You must always specify the "cvss_temp" parameter along with the "cvss_temp_operand" parameter in the API request. |
|
cvss3_base={value} |
Optional |
Integer |
CVSS3 base score value assigned to the CVEs by NIST (matches greater than, less than, or equal to this value); to unset value use update request and set to empty value. |
|
cvss3_temp={value} |
Optional |
Integer |
CVSS3 temporal score value assigned to the CVEs by NIST (matches greater than, less than, or equal to this value); to unset value use update request and set to empty value. |
|
cvss3_base_operand={value} |
Optional |
Integer |
Set the value to 1 to use the greater than equal to operand. Set the value to 2 to use the less than operand. You must always specify the "cvss3_base" parameter along with the "cvss3_base_operand" parameter in the API request. |
|
cvss3_temp_operand={value} |
Optional |
Integer |
Set the value to 1 to use the greater than equal to operand. Set the value to 2 to use the less than operand. You must always specify the "cvss3_temp" parameter along with the "cvss3_temp_operand" parameter in the API request. |
|
User Modified Filters |
Optional |
Integer |
User modified filter parameters are mutually exclusive; only 1 parameter per request |
|
user_modified_date_between |
Optional |
Integer |
date range in format (mm/dd/yyyy-mm/dd/yyyy) |
|
user_modified_date_today |
Optional |
Integer |
set to 1 for modified by user today; set to 0 for not modified by user today |
|
user_modified_date_in previous |
Optional |
Integer |
one of: Year, Month, Week, Quarter |
|
user_modified_date_within_ |
Optional |
Integer |
number of days: 1-9999 |
|
not_user_modified={0|1} |
Optional |
Integer |
set to 1 to set the "not" flag for one of the user_modified parameters |
|
Service Modified Filters |
Optional |
Integer |
Service modified filter parameters are mutually exclusive; only 1 parameter per request |
|
service_modified_date_between |
Optional |
Integer |
date range in format (mm/dd/yyyy-mm/dd/yyyy) |
|
service_modified_date_ |
Optional |
Integer |
set to 1 for modified by our service today; set to 0 for not modified by our service today |
|
service_modified_date_ |
Optional |
Integer |
one of: Year, Month, Week, Quarter |
|
service_modified_date_within_ |
Optional |
Integer |
number of days: 1-9999 |
|
not_service_modified={0|1} |
Optional |
Integer |
set to 1 to set the "not" flag for one of the service_modified parameters |
|
Published Filters |
Optional |
Integer |
Published filter parameters are mutually exclusive; only 1 parameter per request |
|
published_date_between |
Optional |
Integer |
date range in format (mm/dd/yyyy-mm/dd/yyyy) |
|
published_date_today={0|1} |
Optional |
Integer |
set to 1 for published today; set to 0 for not published today |
|
published_date_in previous |
Optional |
Integer |
one of: Year, Month, Week, Quarter |
|
published_date_within_ |
Optional |
Integer |
number of days: 1-9999 |
|
not_published={0|1} |
Optional |
Integer |
set to 1 to set the "not" flag for one of the published parameters |
|
Update Request Only |
|
|
|
|
unset_user_modified_ |
Optional |
Integer |
Set to empty value to unset the user modified date in the search list parameters. |
|
unset_published_ |
Optional |
Integer |
Set to empty value to unset the published date in the search list parameters. |
|
unset_service_modified_ |
Optional |
Integer |
Set to empty value to unset the service modified date in the search list parameters. |
| cloud_agent_scan_type |
Optional | String | Required for creating, updating/removing, listing actions of dynamic search list for Deep Scan QIDs. |
API Request
curl location <qualys_base_url>/api/3.0/fo/qid/search_list/dynamic/' \
header 'X-Requested-With: Curl' \
header 'Content-Type: application/x-www-form-urlencoded' \
header 'Authorization: Bearer <JWT Token>' \
data-urlencode 'action=create' \
data-urlencode 'title=2 Deep Scan API Testing' \
data-urlencode 'global=1' \
data-urlencode 'cloud_agent_scan_type=Deep Scan - Windows'XML Output
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE SIMPLE_RETURN SYSTEM <qualys_base_url>/api/3.0/simple_return.dtd"> <SIMPLE_RETURN> <RESPONSE> <DATETIME>2025-12-11T08:46:29Z</DATETIME> <TEXT>New search list created successfully</TEXT> <ITEM_LIST> <ITEM> <KEY>ID</KEY> <VALUE>6343529</VALUE> </ITEM> </ITEM_LIST> </RESPONSE> </SIMPLE_RETURN>
API Request
curl location <qualys_base_url>/api/3.0/fo/qid/search_list/dynamic/' \
header 'X-Requested-With: Curl' \
header 'Content-Type: application/x-www-form-urlencoded' \
header 'Authorization: Bearer <JWT Token>' \
data-urlencode 'action=update' \
data-urlencode 'title=2 Deep Scan API Testing' \
data-urlencode 'global=1' \
data-urlencode 'vuln_provider=iDefense' \
data-urlencode 'cloud_agent_scan_type=Deep Scan - Windows' \
data-urlencode 'id=xxxxxxx'XML Output
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM <qualys_base_url>/api/3.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2025-12-11T08:54:46Z</DATETIME>
<TEXT>search list updated successfully</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>ID</KEY>
<VALUE>6343529</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>
|
Parameter |
Required/Optional |
Data Type |
Description |
|---|---|---|---|
|
action=delete |
Required |
String |
Supported method is POST |
|
echo_request={0|1} |
Optional |
Integer |
Specify 1 to view (echo) input parameters in the XML output. By default these are not included. |
|
id={id} |
Required |
Integer |
The ID of the search list you want to delete. |
| cloud_agent_scan_type |
Optional | String | Required for creating, updating/removing, listing actions of dynamic search list for Deep Scan QIDs. |
API Request
curl location <qualys_base_url>/api/3.0/fo/qid/search_list/dynamic/' \
header 'X-Requested-With: Curl' \
header 'Content-Type: application/x-www-form-urlencoded' \
header 'Authorization: Bearer <JWT Token> \
data-urlencode 'action=update' \
data-urlencode 'title=2 Deep Scan API Testing' \
data-urlencode 'global=1' \
data-urlencode 'vuln_provider=iDefense' \
data-urlencode 'cloud_agent_scan_type=' \
data-urlencode 'id=xxxxxxx'XML Output
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM <qualys_base_url>/api/3.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2025-12-11T09:16:30Z</DATETIME>
<TEXT>search list updated successfully</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>ID</KEY>
<VALUE>6343529</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN><platform API server>/api/3.0/simple_return.dtd
The following table depicts the information about the different versions of this API along with the status:
| API Version | EOS | EOL |
| api/3.0/fo/qid/search_list/dynamic/ | Active | Active |
| api/2.0/fo/qid/search_list/dynamic/ | August 2026 | February 2027 |