Dynamic Search List

/api/2.0/fo/qid/search_list/dynamic/

List dynamic search lists and manage them (create, update, delete).

Permissions - Managers, Unit Managers, Scanners and Readers have permission to list and manage dynamic search lists.

Actions: List | Create and Update | Delete

List Dynamic Search Lists

Input ParametersInput Parameters

Parameter

Required/Optional

Data Type

Description

action=list

Required

String

Supported methods are GET, POST

echo_request={0|1}

Optional

Integer

Specify 1 to view (echo) input parameters in the XML output. By default these are not included.

ids={id1,id2,...}

Optional

Integer

One or more search list IDs to display. Multiple IDs are comma separated.

show_qids={0|1}

Optional

Integer

Set to 0 to hide QIDs defined for each search list in the XML output. By default these QIDs are shown.

show_option_profiles={0|1}

Optional

Integer

Set to 0 to hide option profiles associated with each search list in the XML output. By default these option profiles are shown.

show_distribution_groups={0|1}

Optional

Integer

Set to 0 to hide distribution groups associated with each search list in the XML output. By default these distribution groups are shown.

show_report_templates={0|1}

Optional

Integer

Set to 0 to hide report templates associated with each search list in the XML output. By default these report templates will be shown.

show_remediation_policies={0|1}

Optional

Integer

Set to 0 to hide remediation policies associated with each search list in the XML output. By default these remediation policies will be shown.

Sample  - List Dynamic Search ListSample  - List Dynamic Search List

API Request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" "https://<qualys_base_url>/api/2.0/fo/qid/search_list/dynamic/? action=list&ids=381"

XML Output

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE DYNAMIC_SEARCH_LIST_OUTPUT SYSTEM
"https://<qualys_base_url>/api/2.0/fo/qid/search_list/dynamic/d
ynamic_list_output.dtd">
<SEARCH_LIST_OUTPUT>
 <RESPONSE>
 <DATETIME>2015-01-06T06:20:03Z</DATETIME>
 <DYNAMIC_LISTS>
 <DYNAMIC_LIST>
 <ID>381</ID> 
 <TITLE><![CDATA[static search list]]></TITLE>
 <GLOBAL>Yes</GLOBAL>
 <OWNER>acme_tb</OWNER>
 <CREATED><![CDATA[07/27/2015 at 15:18:42 
(GMT+0530)]]></CREATED>
 <MODIFIED_BY>acme_tb</MODIFIED_BY>
 <MODIFIED><![CDATA[07/27/2015 at 15:18:42 
(GMT+0530)]]></MODIFIED> 
 <QIDS>
 <QID>1000<QID>
 <QID>1001<QID>
 </QIDS>
 <CRITERIA>
 <VULNERABILITY_TITLE><![CDATA[NOT 
Title]]></VULNERABILITY_TITLE>
 <DISCOVERY_METHOD><![CDATA[Authenticated 
Only]]></DISCOVERY_METHOD>
 <AUTHENTICATION_TYPE><![CDATA[HTTP, Oracle, 
Unix]]></AUTHENTICATION_TYPE>
 <USER_CONFIGURATION><![CDATA[Disabled, 
Edited]]></USER_CONFIGURATION>
 <CATEGORY><![CDATA[NOT Backdoors and trojan horses, DNS 
and BIND]]> </CATEGORY>
 <CONFIRMED_SEVERITY><![CDATA[1, 
2]]></CONFIRMED_SEVERITY>
 <POTENTIAL_SEVERITY><![CDATA[2, 
3]]></POTENTIAL_SEVERITY>
 <INFORMATION_SEVERITY><![CDATA[4, 
5]]></INFORMATION_SEVERITY>
 <VENDOR><![CDATA[NOT 2brightsparks,3com,4d]]></VENDOR>
 <PRODUCT><![CDATA[NOT .net_framework]]></PRODUCT>
 <CVSS_BASE_SCORE><![CDATA[2]]></CVSS_BASE_SCORE>
 
<CVSS_TEMPORAL_SCORE><![CDATA[3]]></CVSS_TEMPORAL_SCORE>
 <CVSS_ACCESS_VECTOR><![CDATA[Adjacent 
Network]]></CVSS_ACCESS_VECTOR>
 <PATCH_AVAILABLE><![CDATA[Yes, No]]></PATCH_AVAILABLE>
<VIRTUAL_PATCH_AVAILABLE><![CDATA[Yes]]></VIRTUAL_PATCH_AVAILABLE>
<CVE_ID><![CDATA[NOT CVE]]></CVE_ID>
<CVE_ID_FILTER><![CDATAContains]></CVE_ID_FILTER>
 <EXPLOITABILITY><![CDATA[ExploitKits, Immunity - 
Dsquare]]> </EXPLOITABILITY>
 <ASSOCIATED_MALWARE><![CDATA[Trend 
Micro]]></ASSOCIATED_MALWARE>
 <VENDOR_REFERENCE><![CDATA[NOT 
Linux]]></VENDOR_REFERENCE>
 <BUGTRAQ_ID><![CDATA[NOT 15656]]></BUGTRAQ_ID> 
<VULNERABILITY_DETAILS><![CDATA[details]]></VULNERABILITY_DETAILS>
 
<COMPLIANCE_DETAILS><![CDATA[details]]></COMPLIANCE_DETAILS>
 <COMPLIANCE_TYPE><![CDATA[PCI, CobIT, HIPAA, GLBA, 
SOX]]></COMPLIANCE_TYPE>
 <QUALYS_TOP_20><![CDATA[Top Internal 10, Top External 
10]]></QUALYS_TOP_20>
 <OTHER><![CDATA[Not exploitable due to configuration, 
Non-running services, 2008 SANS 20]]></OTHER>
 <NETWORK_ACCESS><![CDATA[NAC / NAM]]></NETWORK_ACCESS>
 <USER_MODIFIED><![CDATA[NOT 07/27/2015-
07/27/2015]]></USER_MODIFIED>
 <PUBLISHED><![CDATA[NOT 06/02/2015-
07/20/2015]]></PUBLISHED>
 <SERVICE_MODIFIED><![CDATA[NOT Previous 1 
week]]></SERVICE_MODIFIED>
 </CRITERIA>
 </CRITERIA>
 <!-- This list is used in the following option profiles //-
->
 <OPTION_PROFILES>
 <OPTION_PROFILE>
 <ID>135<ID>
 <TITLE><![CDATA[Initial Options]]></TITLE>
 <OPTION_PROFILE>
 </OPTION_PROFILES>
 <!-- This list is used in the following report templates 
//-->
 <REPORT_TEMPLATES>
 <REPORT_TEMPLATE>
 <ID>256<ID>
 <TITLE><![CDATA[Scan Report Template]]></TITLE>
 <REPORT_TEMPLATE>
 </REPORT_TEMPLATES>
 <!-- This list is used in the following remediation 
policies. //-->
 <REMEDIATION_POLICIES>
 <REMEDIATION_POLICY>
<ID>655<ID>
 <TITLE><![CDATA[Remediation Policy 1]]></TITLE>
 <REMEDIATION_POLICY>
 </REMEDIATION_POLICIES>
 <!-- This search list is associated with following 
distribution groups. //-->
 <DISTRIBUTION_GROUPS>
 <DISTRIBUTION_GROUP>
 <ID>226<ID>
 <TITLE><![CDATA[All]]></TITLE>
 <DISTRIBUTION_GROUP>
 </DISTRIBUTION_GROUPS>
 <COMMENTS><![CDATA[This is my first comment for this 
list]]></COMMENTS>
 </DYNAMIC_LIST>
 </DYNAMIC_LISTS>
 </RESPONSE>
</SEARCH_LIST_OUTPUT>

DTD for Dynamic Search ListDTD for Dynamic Search List

<platform API server>/api/2.0/fo/qid/search_list/dynamic/dynamic_list_output.dtd

Create / Update Dynamic Search List

Input ParametersInput Parameters

Parameter

Required/Optional

Data Type

Description

action=create|update

Required

String

Supported method is POST

echo_request={0|1}

Optional

Integer

Specify 1 to view (echo) input parameters in the XML output. By default these are not included.

title={value}

Required for create action, optional for update

String

A user defined search list title. Maximum is 256 characters (ascii).

global={0|1}

Optional

Integer

Specify 1 to make this a global search list. By default a new search list is not set to global (i.e. set to 0).

Search Criteria

 

 

 

 

 

 

For create request: Search criteria is required.

For update request: Only criteria specified in an update request will overwrite existing criteria, if any. For example, if a search list has confirmed_severities=3,4 and you make an update request with confirmed_severities=5, the search list will be updated to confirmed_severities=5.

vuln_title={value}

 

String

Vulnerability title (string); to unset value use update request and set to empty value

not_vuln_title={0|1}

 

Integer

Set to 1 for vulnerability title that does not match vuln_title parameter value

discovery_methods={value}

 

String

One or more discovery methods: Remote, Authenticated, Remote_Authenticated; by default all methods are included

auth_types={value}

 

String

One or more of these authentication types: Windows, Unix, Oracle, SNMP, VMware, DB2, HTTP, MySQL; multiple values are comma separated; to unset value use update request and set to empty value

user_configuration={value}

 

Integer

One or more of these user configuration values: disabled, custom; multiple values are comma separated; to unset value use update request and set to empty value

categories={value}

 

String

One or more vulnerability category names (strings); to unset value use update request and set to empty value

not_categories={0|1}

 

Integer

Set to 1 for categories that do not match categories parameter values

confirmed_severities={value}

 

Integer

One or more confirmed vulnerability severities (1-5); multiple severities are comma separated; to unset value use update request and set to empty value

potential_severities={value}

 

Integer

One or more potential vulnerability severities (1-5); multiple severities are comma separated; to unset value use update request and set to empty value

ig_severities={value}

 

Integer

One or more information gathered severities (1-5); multiple severities are comma separated; to unset value use update request and set to empty value

vendor_ids={value}

 

Integer

One or more vendor IDs; multiple IDs are comma separated; to unset value use update request and set to empty value

not_vendor_ids={0|1}

 

Integer

Set to 1 for vendor IDs that do not match vendor_ids parameter values

products={value}

 

String

Vendor product names; multiple names are comma separated; to unset value use update request and set to empty value

not_products={0|1}

 

Integer

Set to 1 for product names that do not match products parameter values

patch_available={value}

 

Integer

Vulnerabilities with patches: 0 (no), 1 (yes); by default all vulnerabilities with and without patches are included; multiple values are comma separated; to unset value use update request and set to empty value

virtual_patch_available={value}

 

Integer

Vulnerabilities with Trend Micro virtual patches: 0 (no), 1 (yes); by default vulnerabilities with and without these virtual patches are included: multiple values are comma separated; to unset value use update request and set to empty value

cve_ids_filter

Optional

Integer

Filter CVE IDs with the “Exact Match” or “Contains” search criteria:

- Set to 1 to filter the CVE IDs that match exactly with the input CVE strings.

- Set to 2 to filter the CVE IDs that contain the input CVE string.

cve_ids={value}

Optional

Integer

One or more CVE IDs; multiple IDs are comma separated; to unset value use update request and set to empty value

not_cve_ids={0|1}

Optional

Integer

Set to 1 for CVE IDs that do not match cve_ids parameter values

exploitability={value}

Optional

String

One or more vendors with exploitability info; multiple references are comma separated; to unset value use update request and set to empty value

malware_associated={value}

Optional

String

One or more vendors with malware info; multiple references are comma separated; to unset value use update request and set to empty value

vendor_refs={value}

Optional

String

One or more vendor references; multiple vendors are comma separated; to unset value use update request and set to empty value

not_vendor_refs={0|1}

Optional

Integer

Set to 1 for vendor references that do not match vendor_refs parameter values

bugtraq_id={value}

Optional

Integer

Vulnerabilities with a Bugtraq ID number; to unset value use update request and set to empty value

not_bugtraq_id={0|1}

Optional

Integer

Set to 1 for vulnerabilities with Bugtraq IDs that do not match the bugtraq_id parameter value

vuln_details={value}

Optional

String

A string matching vulnerability details; to unset value use update request and set to empty value

compliance_details={value}

Optional

String

A string matching compliance details; to unset value use update request and set to empty value

supported_modules={value}

Optional

String

One or more of these Qualys modules: VM, CA-Windows Agent, CA-Linux Agent, WAS, WAF, MD; multiple values are comma separated; to unset value use update request and set to empty value

compliance_types={value}

Optional

Integer

One or more compliance types: PCI, CobiT, HIPAA, GLBA, SOX; multiple values are comma separated; to unset value use update request and set to empty value

qualys_top_lists={value}

Optional

Integer

One or more Qualys top lists: Internal_10, Extermal_10; multiple values are comma separated; to unset value use update request and set to empty value

cpe={value}

Optional

String

One or more CPE values: Operating System, Application, Hardware, None; multiple values are comma separated.

qids_not_exploitable={0|1}

Optional

Integer

Set to 1 for vulnerabilities that are not exploitable due to configuration.

non_running_services={0|1}

Optional

Integer

Set to 1 for vulnerabilities on non running services.

sans_20={0|1}

Optional

Integer

Set to 1 for vulnerabilities in 2008 SANS 20 list

nac_nam={0|1}

Optional

Integer

Set to 1 for NAC/NAM vulnerabilities

vuln_provider={value}

Optional

Integer

Provider of the vulnerability if not Qualys; valid value is iDefense

cvss_base={value}

Optional

Integer

CVSS base score value (matches greater than or equal to this value); to unset value use update request and set to empty value

cvss_temp={value}

Optional

Integer

CVSS temporal score value (matches greater than or equal to this value); to unset value use update request and set to empty value

cvss_access_vector={value}

Optional

Integer

CVSS access vector, one of: Undefined, Local, Adjacent_Network, Network; to unset value use update request and set to empty value

cvss_base_operand={value}

Optional

Integer

Set the value to 1 to use the greater than equal to operand.

Set the value to 2 to use the less than operand.

You must always specify the "cvss_base" parameter along with the "cvss_base_operand" parameter in the API request.

cvss_temp_operand={value}

Optional

Integer

Set the value to 1 to use the greater than equal to operand.

Set the value to 2 to use the less than operand.

You must always specify the "cvss_temp" parameter along with the "cvss_temp_operand" parameter in the API request.

cvss3_base={value}

Optional

Integer

CVSS3 base score value assigned to the CVEs by NIST (matches greater than, less than, or equal to this value); to unset value use update request and set to empty value.

cvss3_temp={value}

Optional

Integer

CVSS3 temporal score value assigned to the CVEs by NIST (matches greater than, less than, or equal to this value); to unset value use update request and set to empty value.

cvss3_base_operand={value}

Optional

Integer

Set the value to 1 to use the greater than equal to operand.

Set the value to 2 to use the less than operand.

You must always specify the "cvss3_base" parameter along with the "cvss3_base_operand" parameter in the API request.

cvss3_temp_operand={value}

Optional

Integer

Set the value to 1 to use the greater than equal to operand.

Set the value to 2 to use the less than operand.

You must always specify the "cvss3_temp" parameter along with the "cvss3_temp_operand" parameter in the API request.

User Modified Filters

Optional

Integer

User modified filter parameters are mutually exclusive; only 1 parameter per request

user_modified_date_between
={value}

Optional

Integer

date range in format (mm/dd/yyyy-mm/dd/yyyy)

user_modified_date_today
={0|1}

Optional

Integer

set to 1 for modified by user today; set to 0 for not modified by user today

user_modified_date_in previous
={value}

Optional

Integer

one of: Year, Month, Week, Quarter

user_modified_date_within_
last_days={value}

Optional

Integer

number of days: 1-9999

not_user_modified={0|1}

Optional

Integer

set to 1 to set the "not" flag for one of the user_modified parameters

Service Modified Filters

Optional

Integer

Service modified filter parameters are mutually exclusive; only 1 parameter per request

service_modified_date_between
={value}

Optional

Integer

date range in format (mm/dd/yyyy-mm/dd/yyyy)

service_modified_date_
today={0|1}

Optional

Integer

set to 1 for modified by our service today; set to 0 for not modified by our service today

service_modified_date_
in previous={value}

Optional

Integer

one of: Year, Month, Week, Quarter

service_modified_date_within_
last_days={value}

Optional

Integer

number of days: 1-9999

not_service_modified={0|1}

Optional

Integer

set to 1 to set the "not" flag for one of the service_modified parameters

Published Filters

Optional

Integer

Published filter parameters are mutually exclusive; only 1 parameter per request

published_date_between
={value}

Optional

Integer

date range in format (mm/dd/yyyy-mm/dd/yyyy)

published_date_today={0|1}

Optional

Integer

set to 1 for published today; set to 0 for not published today

published_date_in previous
={value}

Optional

Integer

one of: Year, Month, Week, Quarter

published_date_within_
last_days={value}

Optional

Integer

number of days: 1-9999

not_published={0|1}

Optional

Integer

set to 1 to set the "not" flag for one of the published parameters

Update Request Only

 

 

 

unset_user_modified_
date={value}

Optional

Integer

Set to empty value to unset the user modified date in the search list parameters.

unset_published_
date={value}

Optional

Integer

Set to empty value to unset the published date in the search list parameters.

unset_service_modified_
date={value}

Optional

Integer

Set to empty value to unset the service modified date in the search list parameters.

Sample 1 - Create New Dynamic Search ListSample 1 - Create New Dynamic Search List

API Request

curl -u "USERNAME:PASSWD" -H "X-Requested-With: Curl" -X "POST" -d"action=create&title=My+Dynamic+Search+List&global=1&published_date_within_last_days=7&patch_available=1""https://<qualys_base_url>/api/2.0/fo/qid/search_list/dynamic/"

XML Output

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "https://<qualys_base_url>/api/2.0/simple_return.dtd">
<SIMPLE_RETURN>
  <RESPONSE>
    <DATETIME>2015-09-01T21:32:40Z</DATETIME>
    <TEXT>New search list created successfully</TEXT>
    <ITEM_LIST>
      <ITEM>
        <KEY>ID</KEY>
        <VALUE>136992</VALUE>
      </ITEM>
    </ITEM_LIST>
  </RESPONSE>
</SIMPLE_RETURN>

Sample 2 - Create New Dynamic Search List, CVSS ScoresSample 2 - Create New Dynamic Search List, CVSS Scores

API Request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl demo2" -d "action=create&title=mytest_DL313&cvss_base=3&cvss_base_operand=1&cvss_temp=2&cvss_temp_operand=2&cvss3_base=2&cvss3_base_operand=1&cvss3_temp=2&cvss3_temp_operand=2" "https://<qualys_base_url>/api/2.0/fo/qid/search_list/dynamic/"

Sample 3 - Update Dynamic Search ListSample 3 - Update Dynamic Search List

API Request

curl -u "USERNAME:PASSWD" -H "X-Requested-With: Curl" -X "POST" -d "action=delete&id=123456" "https://<qualys_base_url>/api/2.0/fo/qid/search_list/dynamic/"

XML Output

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM 
"https://<qualys_base_url>/api/2.0/simple_return.dtd">
<SIMPLE_RETURN>
 <RESPONSE>
 <DATETIME>2015-09-01T21:32:40Z</DATETIME>
 <TEXT>search list deleted successfully</TEXT>
 <ITEM_LIST>
 <ITEM>
 <KEY>ID</KEY>
 <VALUE>123456</VALUE>
 </ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>

Delete Dynamic Search List

Input ParametersInput Parameters

Parameter

Required/Optional

Data Type

Description

action=delete

Required

String

Supported method is POST

echo_request={0|1}

Optional

Integer

Specify 1 to view (echo) input parameters in the XML output. By default these are not included.

id={id}

Required

Integer

The ID of the search list you want to delete.

Sample - Delete Dynamic Search ListSample - Delete Dynamic Search List

API Request

curl -u "USERNAME:PASSWD" -H "X-Requested-With: Curl" -X "POST" -d"action=delete&id=123456&global=1&qids=68518-68522,48000-48004""https://<qualys_base_url>/api/2.0/fo/qid/search_list/dynamic/"

XML Output

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "https://<qualys_base_url>/api/2.0/simple_return.dtd">
<SIMPLE_RETURN>
  <RESPONSE>
    <DATETIME>2015-09-01T21:32:40Z</DATETIME>
    <TEXT>search list deleted successfully</TEXT>
    <ITEM_LIST>
      <ITEM>
        <KEY>ID</KEY>
        <VALUE>123456</VALUE>
      </ITEM>
    </ITEM_LIST>
  </RESPONSE>
</SIMPLE_RETURN>

DTD for Dynamic Search List (Create, Update, Delete)

<platform API server>/api/2.0/simple_return.dtd

 


 

 

Was this topic helpful?

success Thank you! We're glad to hear that this topic was useful.
success We appreciate your feedback. We'll work to make this topic better for you in the future.