Create VM Option Profile

For API version information, refer to the API Version History section.

V2.0| V3.0

V2.0

POST/api/2.0/fo/subscription/option_profile/vm/?action=create

Create a VM option profile in the user's account.

Permissions - A Manager will be able to create option profiles in the subscription. A Unit Manager will be able to create option profiles for users in their business unit.

A Manager will be able to create, update, and delete option profiles in the subscription, and a Unit Manager will be able to create, update, and delete option profiles for users in their business unit.

Input ParametersInput Parameters

Parameter

Required/Optional

Data Type

Description

action=create

Required

String 

Specify action to create VM option profile.

echo_request={0|1}

Optional

Integer 

Specify 1 to view (echo) input parameters in the XML output. By default these are not included.

title={value}

Required

String 

The title of the option profile.

id=value Required Integer

An option profile ID.

scan_tcp_ports={none|full|standard|light}

Required Boolean We use ports to send packets to the host in order to determine whether the host is alive and also to do fingerprinting for the discovery of services. Specify “full” to scan all ports, “standard” to scan standard ports or “light” to scan fewer ports. We will scan the standard list of ports unless you choose a different option in the profile.

scan_udp_ports={none|full

standard|light}

Required

Boolean

Specify “full” to scan all ports, “standard” to scan standard ports or “light” to scan fewer ports. We will scan the standard list of ports unless you choose a different option in the profile.

vulnerability_detection=

{complete|custom|runtime}

Required

Integer

With a "complete" scan we'll scan for all vulnerabilities (QIDs) in the KnowledgeBase applicable to each host being scanned. Specify "custom" to limit the scan to specified QIDs only. Then add the QIDs you want to scan. Specify “runtime” to scan QIDs at runtime.

basic_information_gathering=

{all|register|netblockonly|none}

Required

Boolean

Perform basic information gathering on:

All: All Hosts (hosts detected by the map),

Register: Registered Hosts (hosts in your account),

Netblockonly: Netblock Hosts (hosts added by a user to the netblock for the target domain) or None.

purge_host_data

Default value (1)

Optional Integer Specify 1 to purge host data. Especially useful if you have systems that are regularly decommissioned or replaced. By specifying this option you are telling us you want to purge the host if we detect a change in the host's Operating System (OS) vendor at scan time, for example the OS changed from Linux to Windows or Debian to Ubuntu. We will not purge the host for an OS version change like Linux 2.8.13 to Linux 2.9.4.

scan_parallel_scaling

Default value (1)

Optional Integer

Useful in subscriptions that have physical and virtual scanner appliances with different performance characteristics (For example, CPU, RAM).  

Dynamically scale up the number of hosts to scan in parallel (at scan time) to a calculated value which is based upon the computing resources available on each appliance. Note that the number of hosts to scan in parallel value determines how many hosts each appliance will target concurrently, not how many appliances will be used for the scan.

enable_dissolvable_
agent

Default value (1)

Optional Integer Required for certain scan features like Windows Share Enumeration. At scan time the Agent is installed on Windows devices to collect data, and once the scan is complete it removes itself completely from target systems.

authentication

Default value
(Windows, Unix)

Optional String

Perform a more in-depth assessment and get you the most accurate results with fewer false positives.

Specify one or more technologies for the hosts you want to scan. Be sure that you have configured authentication records (under Scans > Authentication) before running your scan.

The following options are available:

- Windows

- Unix

- Oracle

- Oracle Listener

- SNMP

- VMware

- DB2

- HTTP

- MySQL

- MongoDB

- Tomcat Server

- Palo Alto Networks Firewall

- Sybase

Note: If the end-user does not pass this parameter (authentication=unauth).

authentication_least_
privilege

Default value (Unix)

Optional String Specify authentication_least_privilege=Unix (this value is case sensitive) to use the least privileges required for Unix authentication. When specified, the scanner will not pass root delegation information specified in the Unix record to the scanner for vulnerability scans. When not specified (the default), root delegation will be used if specified in the Unix record. Note: Unix authentication must be enabled in the same option profile (authentication=Unix).

icmp

Default value (0)

Optional Integer Discover live hosts that respond to an ICMP ping. Default setting is 1.

ignore_firewall_
generated_
tcp_rst_packets

Default value (1)

Optional Integer Specify 1 to ignore all TCP RESET packets - firewall-generated and live-host-generated.

ignore_firewall_generated_
tcp_syn_
ack_packets

Default value (1)

Optional Integer Specify 1 to determine if TCP SYN-ACK packets are generated by a filtering device and ignore packets that appear to originate from such devices

 

Click here to view list of optional parameters

Sample - Create VM Option ProfileSample - Create VM Option Profile

API Request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl" -X POST"action=create&title=99&global=1&scan_tcp_ports=full&scan_udp_ports=standard&&scan_overall_performance=normal&vulnerability_detection=complete&basic_information_gathering=all" "http://<qualys_base_url>/api/2.0/fo/subscription/option_profile/vm/"

XML Output

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "http://<qualys_base_url>/api/2.0/simple_return.dtd">
<SIMPLE_RETURN>
  <RESPONSE>
    <DATETIME>2018-04-26T06:40:03Z</DATETIME>
    <TEXT>Option profile successfully added.</TEXT>
    <ITEM_LIST>
      <ITEM>
        <KEY>ID</KEY>
        <VALUE>32112</VALUE>
      </ITEM>
    </ITEM_LIST>
  </RESPONSE>
</SIMPLE_RETURN>

Sample - Create VM Option Profile With SSL/TLS Auditing EnabledSample - Create VM Option Profile With SSL/TLS Auditing Enabled

API Request

curl --location --request POST "/api/2.0/fo/subscription/option_profile/vm/?action=create&title=VM_API_Option_profile_696969&scan_tcp_ports=none&scan_udp_ports=none&vulnerability_detection=complete&basic_information_gatheri ng=none &enable_partial_ssl_tls_auditing=1" 
\--header "ContentType: application/x-www-form-urlencoded" 
\--header "X-RequestedWith: curl demo2" 
\--header 'Accept: "*/* \--header "Content-Length: 0" \--header "Authorization: Basic"

XML Output

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM 
"<qualys_base_url>/api/2.0/simple_return.dtd">
<SIMPLE_RETURN>
 <RESPONSE>
 <DATETIME>2023-08-31T10:05:16Z</DATETIME>
 <TEXT>Option profile successfully added.</TEXT>
 <ITEM_LIST>
 <ITEM>
 <KEY>ID</KEY>
 <VALUE>2445054</VALUE>
 </ITEM>
 </ITEM_LIST>
 </RESPONSE>
</SIMPLE_RETURN>

Sample - Create Option ProfileSample - Create Option Profile

PI Request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl" -X POST"?action=create&purge_host_data=1&scan_parallel_scaling=1&scan_scanner
_appliances=50&scan_total_process=20&scan
_http_process=20&authentication_
least_privilege=Unix&enable_dissolvable_agent=1&icmp=0&ignore_
firewall_generated_tcp_rst_packets=1&ignore_firewall_generated_
tcp_syn_ack_packets=1&title=VM_API_Option_profile&scan_tcp_
ports=none&scan_udp_ports=none&vulnerability_detection=
complete&basic_information_gathering=none&scan_overall_
performance=custom&authentication=Unix" '<qualys_base_url>/api/2.0/fo/subscription/option_profile/vm/'

XML Response

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM 
"<qualys_base_url>/api/2.0/simple_return.dtd">
<SIMPLE_RETURN>
    <RESPONSE>
       <DATETIME>2024-08-23T07:45:54Z</DATETIME>
       <TEXT>Option profile successfully added.</TEXT>
           <ITEM_LIST>
              <ITEM>
                 <KEY>ID</KEY>
                <VALUE>2665297</VALUE>
              </ITEM>
           </ITEM_LIST>
    </RESPONSE>
 </SIMPLE_RETURN>

DTD

<platform API server>/api/2.0/simple_return.dtd

V3.0

POST/api/3.0/fo/subscription/option_profile/vm/?action=create

Create a VM option profile in the user's account.

Permissions - A Manager will be able to create option profiles in the subscription. A Unit Manager will be able to create option profiles for users in their business unit.

A Manager will be able to create, update, and delete option profiles in the subscription, and a Unit Manager will be able to create, update, and delete option profiles for users in their business unit.

Input ParameterInput Parameter

Parameter

Required/Optional

Data Type

Description

action=create

Required

String 

Specify action to create VM option profile.

echo_request={0|1}

Optional

Integer 

Specify 1 to view (echo) input parameters in the XML output. By default these are not included.

title={value}

Required

String 

The title of the option profile.

id=value Required Integer

An option profile ID.

scan_tcp_ports={none|full|standard|light}

Required Boolean We use ports to send packets to the host in order to determine whether the host is alive and also to do fingerprinting for the discovery of services. Specify “full” to scan all ports, “standard” to scan standard ports or “light” to scan fewer ports. We will scan the standard list of ports unless you choose a different option in the profile.

scan_udp_ports={none|full

standard|light}

Required

Boolean

Specify “full” to scan all ports, “standard” to scan standard ports or “light” to scan fewer ports. We will scan the standard list of ports unless you choose a different option in the profile.

vulnerability_detection=

{complete|custom|runtime}

Required

Integer

With a "complete" scan we'll scan for all vulnerabilities (QIDs) in the KnowledgeBase applicable to each host being scanned. Specify "custom" to limit the scan to specified QIDs only. Then add the QIDs you want to scan. Specify “runtime” to scan QIDs at runtime.

basic_information_gathering=

{all|register|netblockonly|none}

Required

Boolean

Perform basic information gathering on:

All: All Hosts (hosts detected by the map),

Register: Registered Hosts (hosts in your account),

Netblockonly: Netblock Hosts (hosts added by a user to the netblock for the target domain) or None.

scan_disconnected_esxi Optional Boolean Launch the authenticated scan on ESXi hosts without creating VMware authorization records and VMware, vCenter mapping.
1 - If set to 1, the Disconnected ESXi checkbox is selected.
0 - If set to 0, the Disconnected ESXi checkbox is not selected.

Click here to view list of optional parameters

Sample - Create VM Option ProfileSample - Create VM Option Profile

API Request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl" -X POST"action=create&title=Option_profile_vCenter_scan_disconnected_esxi&scan_tcp_ports=none&scan_udp_ports=none&vulnerability_detection=complete&basic_information_gathering=none&map_authentication=vCenter&scan_disconnected_esxi=1"
"https://<qualys_base_url>/api/3.0/fo/subscription/option_profile/vm/"

XML Output

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM
"https://
<qualys_base_url>/api/3.0/simple_return.dtd">
    <SIMPLE_RETURN>
        <RESPONSE>
            <DATETIME>2024-07-01T09:55:47Z</DATETIME>
            <TEXT>Option profile successfully added.</TEXT>
            <ITEM_LIST>
                <ITEM>
                    <KEY>ID</KEY>
                    <VALUE>2633919</VALUE>
                </ITEM>
            </ITEM_LIST>
        </RESPONSE>
    </SIMPLE_RETURN>

Sample - Create VM Option Profile With SSL/TLS Auditing EnabledSample - Create VM Option Profile With SSL/TLS Auditing Enabled

API Request

curl --location --request POST "https://<qualys_base_url>/api/3.0/fo/subscription/option_profile/vm/?action=create&title=VM_API_Option_profile_696969_mob&scan_tcp_ports=none&scan_udp_ports=none&vulnerability_detection=complete&basic_information_gathering=none%20&enable_partial_ssl_tls_auditing=1" 
\--header "Content-Type: application/x-www-form-urlencoded" 
\--header "X-Requested-With: curl demo2" 
\--header "Accept: */* "
\--header "Content-Length: 0" 
\--header "Authorization: Basic YWdtc19uYjpRYXRlbXAxMjMj"

XML Output

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "
https://<qualys_base_url>/api/3.0/simple_return.dtd">
<SIMPLE_RETURN>
    <RESPONSE>
        <DATETIME>2024-07-09T07:16:57Z</DATETIME>
        <TEXT>Option profile successfully added.</TEXT>
        <ITEM_LIST>
            <ITEM>
                <KEY>ID</KEY>
                <VALUE>2639625</VALUE>
            </ITEM>
        </ITEM_LIST>
    </RESPONSE>
</SIMPLE_RETURN>

DTD

<platform API server>/api/3.0/simple_return.dtd

API Version History

The following table depicts the information about the different versions of this API along with the status:

API Version API Status Release Date
/api/2.0/fo/subscription/option_profile/?action=create To be deprecated January 2025
/api/3.0/fo/subscription/option_profile/?action=create Active

July 2024


 

 

Was this topic helpful?

success Thank you! We're glad to hear that this topic was useful.
success We appreciate your feedback. We'll work to make this topic better for you in the future.