Policy Audit Release 1.13 API
July 6, 2026
In the API Release Notes, <qualys_base_url> and <gateway_base_url> is used as a sample API request to represent the API server URL. To learn more about the API server URL for your environment, refer to the Know Your Qualys API Server URL section.
We have implemented versioning for APIs. For more information on API versioning, refer to the Updates on API Versioning Standards & Deprecation Timelines blog.
PCAS Control List API
A new Control List API is now available through the PCAS service to retrieve control details more efficiently.
| New or Updated API | New |
| API Endpoint | /pcas/v1/compliance/controls |
| Method | GET |
This new API provides all the functionality available in the Control List API and additionally supports Audit Commands, enabling you to retrieve the audit commands configured for a control.
In addition to the new fields, the API provides improved performance by leveraging the PCAS service architecture for faster retrieval of control information.
This API feature is available to users with PA subscription only.
Input ParametersInput Parameters
| Parameter Name | Required / Optional | Data Type | Description |
| ids | No | Integer |
Show only certain control IDs and/or ID ranges. One or more control IDs/ranges may be specified. A control ID range entry is specified with a hyphen (for example, 3000-3250). Valid control IDs are required.
The maximum number of IDs that can be returned in an API request is 1000. |
| id_min | No | Integer | Show only controls which have a minimum control ID value. A valid control ID is required |
| id_max | No | Integer | Show only controls which have a maximum control ID value. A valid control ID is required. |
| controlType | No | String | Select the type of control (SDC, UDC, or All). |
| updated_after_datetime | No | Integer | Show only controls updated after a certain date/time (for example, 2025-01-01T00:00:00Z). |
| created_after_datetime | No | Integer | Show only controls created after a certain date/time (for example, 2025-01-01T00:00:00Z). |
| details | No | String | Show the requested amount of host information for each host. A valid value is:
By default, the value is set to 'All'. |
| fields | No | String | Show the different fields, such as, core, criticality, or technologies. For a list of all field groups, refer to the table given below.
If a value is specified for 'fields', the value provided in 'details' is ignored. |
| page | No | Integer | Page number (0-indexed). |
| pageSize | No | Integer | Number of results to be displayed per page. By default, the value is set to 200. |
| echo_request={1|0} | No | Boolean | Specify 1 to display the request parameters in the response, else specify 0. |
The list of groups for the 'fields' parameter is as follows:
| Groups | Fields Included |
| Core | id, type, statement, createdDate, updateDate, category, subCategory |
| Criticality | criticality |
| check_config | checkType, comment, ignoreError, errorSetStatus, evaluateAsString, ignoreItemNotFound, useAgentOnly, autoUpdate, isActive |
| scan_parameters | scanParameters (full atom-level detail for UDC) |
| technologies | technologies.id, technologies.name |
| technologies_rationale | technologies.rationale, technologies.remediation |
| technologies_audit_commands | technologies.auditCommand (SDC) |
| frameworks | frameworks (SDC) |
Sample - Display basic details for a controlSample - Display basic details for a control
API Request
curl --location '<gateway_base_url>/pcas/v1/compliance/controls?details=Basic' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer <Bearer Token>'
JSON Response
{
"data": [
{
"id": 1044,
"type": "SDC",
"updateDate": "2025-07-25T00:00:00Z",
"createdDate": "2007-10-12T00:00:00Z",
"category": "Access Control Requirements",
"subCategory": "Authorizations (Multi-user ACL/role)",
"statement": "Status of the 'O7_DICTIONARY_ACCESSIBILITY' setting in init.ora",
"criticality": {
"label": "CRITICAL",
"value": 4
},
"technologies": [
{
"id": 7,
"name": "Oracle 9i",
"rationale": "The 'O7_DICTIONARY_ACCESSIBILITY' setting controls access to SYS schema objects."
},
{
"id": 8,
"name": "Oracle 10g",
"rationale": "Restricting access prevents unauthorized access to SYS schema objects."
}
]
},
{
"id": 1045,
"type": "SDC",
"updateDate": "2018-10-12T00:00:00Z",
"createdDate": "2007-10-12T00:00:00Z",
"category": "OS Security Settings",
"subCategory": "System Settings (OSI layers 6-7)",
"statement": "Status of the 'Clipbook' service (startup type)",
"criticality": {
"label": "SERIOUS",
"value": 3
},
"technologies": [
{
"id": 1,
"name": "Windows XP desktop",
"rationale": "The Clipbook service transfers clipboard data over the network and should generally be disabled."
},
{
"id": 2,
"name": "Windows 2003 Server",
"rationale": "Disabling the service reduces unnecessary security exposure."
}
]
},
{
"id": 1046,
"type": "SDC",
"updateDate": "2024-09-26T00:00:00Z",
"createdDate": "2007-10-12T00:00:00Z",
"category": "Access Control Requirements",
"subCategory": "Authorization (Single-user ACL/role)",
"statement": "Current status of the '_trace_files_public' initialization parameter",
"criticality": {
"label": "CRITICAL",
"value": 4
},
"technologies": [
{
"id": 7,
"name": "Oracle 9i",
"rationale": "Controls public access to Oracle trace files."
},
{
"id": 216,
"name": "Oracle 19c",
"rationale": "Publicly accessible trace files may expose sensitive audit information."
}
]
}
],
"pagination": {
"page": 0,
"totalPages": 1,
"pageSize": 3,
"totalElements": 3,
"hasMore": false
}
}
Sample - Display controls for a specific IDSample - Display controls for a specific ID
API Request
curl --location '<gateway_base_url>/pcas/v1/compliance/controls?ids=1071' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer <Bearer Token>'
JSON Response
{
"data": [
{
"id": 1071,
"type": "SDC",
"updateDate": "2026-06-01T00:00:00Z",
"createdDate": "2007-10-17T00:00:00Z",
"category": "Access Control Requirements",
"subCategory": "Authentication/Passwords",
"statement": "Status of the 'Minimum Password Length' setting",
"criticality": {
"label": "URGENT",
"value": 5
},
"technologies": [
{
"id": 1,
"name": "Windows XP desktop",
"rationale": "Configuring a minimum password length helps protect against brute-force attacks."
},
{
"id": 10,
"name": "Solaris 10.x",
"rationale": "Checks the configured minimum password length on the system.",
"auditCommand": "Retrieves the PASSLENGTH setting from /etc/default/passwd."
},
{
"id": 91,
"name": "Windows 10",
"rationale": "Configuring a minimum password length improves password security.",
"auditCommand": "Retrieves the status of the 'Minimum Password Length' setting for local accounts."
}
]
}
],
"pagination": {
"page": 0,
"totalPages": 1,
"pageSize": 2,
"totalElements": 1,
"hasMore": false
}
}
Sample - Display controls with certain page sizeSample - Display controls with certain page size
API Request
curl --location '<gateway_base_url>/pcas/v1/compliance/controls?pageSize=3' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer <Bearer Token>'
API Response
{
"data": [
{
"id": 1044,
"type": "SDC",
"updateDate": "2025-07-25T00:00:00Z",
"createdDate": "2007-10-12T00:00:00Z",
"category": "Access Control Requirements",
"subCategory": "Authorizations (Multi-user ACL/role)",
"statement": "Status of the 'O7_DICTIONARY_ACCESSIBILITY' setting in init.ora",
"criticality": {
"label": "CRITICAL",
"value": 4
},
"technologies": [
{
"id": 7,
"name": "Oracle 9i",
"rationale": "The 'O7_DICTIONARY_ACCESSIBILITY' setting controls access to SYS schema objects."
},
{
"id": 99,
"name": "Oracle 12c",
"rationale": "Restricting SYS schema access reduces security risk.",
"auditCommand": "Retrieves the value of the O7_DICTIONARY_ACCESSIBILITY parameter."
}
],
"frameworks": [
{
"id": 2443,
"name": "ISO/IEC 27001:2013 Edition 2013-11",
"references": [
{
"section": "9.4.1",
"comments": "Information access restriction"
}
]
}
]
},
{
"id": 1045,
"type": "SDC",
"updateDate": "2018-10-12T00:00:00Z",
"createdDate": "2007-10-12T00:00:00Z",
"category": "OS Security Settings",
"subCategory": "System Settings (OSI layers 6-7)",
"statement": "Status of the 'Clipbook' service (startup type)",
"criticality": {
"label": "SERIOUS",
"value": 3
},
"technologies": [
{
"id": 1,
"name": "Windows XP desktop",
"rationale": "The Clipbook service should generally be disabled to reduce security exposure."
}
],
"frameworks": [
{
"id": 4941,
"name": "Secure Controls Framework (SCF) 2021.2",
"references": [
{
"section": "CFG-03.1",
"comments": "Periodic Review"
}
]
}
]
},
{
"id": 1046,
"type": "SDC",
"updateDate": "2024-09-26T00:00:00Z",
"createdDate": "2007-10-12T00:00:00Z",
"category": "Access Control Requirements",
"subCategory": "Authorization (Single-user ACL/role)",
"statement": "Current status of the '_trace_files_public' initialization parameter",
"criticality": {
"label": "CRITICAL",
"value": 4
},
"technologies": [
{
"id": 216,
"name": "Oracle 19c",
"rationale": "Public access to trace files may expose sensitive audit information.",
"auditCommand": "Retrieves the value of the _TRACE_FILES_PUBLIC parameter."
}
],
"frameworks": [
{
"id": 6565,
"name": "CIS Oracle Database 12c Benchmark v3.0.0",
"references": [
{
"section": "2.2.17",
"comments": "Ensure '_trace_files_public' Is Set to 'FALSE'"
}
]
}
]
}
],
"pagination": {
"page": 0,
"totalPages": 1,
"pageSize": 3,
"totalElements": 3,
"hasMore": false
}
}
Sample - Display controls update after a certain date and/or timeSample - Display controls update after a certain date and/or time
API Request
curl --location '<gateway_base_url>/pcas/v1/compliance/controls?updated_after_datetime=2026-05-11T00%3A00%3A00Z' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer <Bearer Token>'
JSON Response
{
"data": [
{
"id": 1071,
"type": "SDC",
"updateDate": "2026-06-01T00:00:00Z",
"createdDate": "2007-10-17T00:00:00Z",
"category": "Access Control Requirements",
"subCategory": "Authentication/Passwords",
"statement": "Status of the 'Minimum Password Length' setting",
"criticality": {
"label": "URGENT",
"value": 5
},
"technologies": [
{
"id": 1,
"name": "Windows XP desktop",
"rationale": "Configuring a minimum password length helps protect against brute-force attacks."
},
{
"id": 10,
"name": "Solaris 10.x",
"rationale": "Checks the configured minimum password length on the system.",
"auditCommand": "Retrieves the PASSLENGTH setting from /etc/default/passwd."
},
{
"id": 91,
"name": "Windows 10",
"rationale": "Configuring a minimum password length improves password security.",
"auditCommand": "Retrieves the status of the 'Minimum Password Length' setting for local accounts."
}
]
}
],
"pagination": {
"page": 0,
"totalPages": 1,
"pageSize": 2,
"totalElements": 1,
"hasMore": false
}
}
Sample - Display controls with technology audit commandSample - Display controls with technology audit command
API Request
curl --location '<gateway_base_url>/pcas/v1/compliance/controls?fields=technologies_audit_commands' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer <Bearer Token>'
JSON Response
{
"data": [
{
"id": 1044,
"type": "SDC",
"technologies": [
{
"id": 99,
"name": "Oracle 12c",
"auditCommand": "This signature retrieves the setting of the parameter O7_DICTIONARY_ACCESSIBILITY from the Oracle instance parameters. This parameter controls whether database users have access to all data dictionary objects."
},
{
"id": 175,
"name": "Oracle 18c",
"auditCommand": "This signature retrieves the setting of the parameter O7_DICTIONARY_ACCESSIBILITY from the Oracle instance parameters. This parameter controls whether database users have access to all data dictionary objects."
},
{
"id": 310,
"name": "Oracle 12c Multitenant",
"auditCommand": "The control detects the value of the Oracle database parameter O7_DICTIONARY_ACCESSIBILITY..."
}
]
}
],
"pagination": {
"page": 0,
"totalPages": 1,
"pageSize": 1,
"totalElements": 1,
"hasMore": false
}
}
Sample - Display controls with frameworksSample - Display controls with frameworks
API Request
curl --location '<gateway_base_url>/pcas/v1/compliance/controls?fields=frameworks' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer <Bearer Token>'
JSON Response
{
"data": [
{
"id": 1044,
"type": "SDC",
"frameworks": [
{
"id": 2443,
"name": "ISO/IEC 27001:2013 Edition 2013-11",
"references": [
{
"section": "9.4.1",
"comments": "Information access restriction"
}
]
},
{
"id": 2481,
"name": "Cloud Controls Matrix (CCM) Ver 3.0.1",
"references": [
{
"section": "IAM-02",
"comments": "Credential Lifecycle / Provision Management"
}
]
},
{
"id": 2701,
"name": "Health Insurance Portability and Accountability (HIPAA) Security Rule",
"references": [
{
"section": "164.308(a)(3)(i)",
"comments": "Access Control Policies and Procedures"
},
{
"section": "164.312(a)(2)(i)",
"comments": "Unique user identification (Required)"
}
]
}
]
}
],
"pagination": {
"page": 0,
"totalPages": 1,
"pageSize": 3,
"totalElements": 1,
"hasMore": false
}
}
Sample - Display controls with coreSample - Display controls with core
API Request
curl --location '<gateway_base_url>/pcas/v1/compliance/controls?fields=core' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer <Bearer Token>'
JSON Response
{
"data": [
{
"id": 1044,
"type": "SDC",
"updateDate": "2025-07-25T00:00:00Z",
"createdDate": "2007-10-12T00:00:00Z",
"category": "Access Control Requirements",
"subCategory": "Authorizations (Multi-user ACL/role)",
"statement": "Status of the 'O7_DICTIONARY_ACCESSIBILITY' setting in init.ora"
},
{
"id": 1045,
"type": "SDC",
"updateDate": "2018-10-12T00:00:00Z",
"createdDate": "2007-10-12T00:00:00Z",
"category": "OS Security Settings",
"subCategory": "System Settings (OSI layers 6-7)",
"statement": "Status of the 'Clipbook' service (startup type)"
},
{
"id": 1046,
"type": "SDC",
"updateDate": "2024-09-26T00:00:00Z",
"createdDate": "2007-10-12T00:00:00Z",
"category": "Access Control Requirements",
"subCategory": "Authorization (Single-user ACL/role)",
"statement": "Current status of the '_trace_files_public' initialization parameter"
}
],
"pagination": {
"page": 0,
"totalPages": 1,
"pageSize": 4,
"totalElements": 3,
"hasMore": false
}
}
Mandatory Input Parameters for Updating HashiCorp and WAB Vaults
| New or Updated API | Updated |
| API Endpoint | /api/3.0/fo/auth/ |
| Method | GET and POST |
| DTD or XSD changes | No |
With this release, we have made certain input parameters mandatory for updating authentication records created using HashiCorp or Wallix AdminBastian (WAB) authentication vaults. Previously, this existed for the Infloblox authentication technology V2.0 API. Now we have extended this to the following authentication technology V3.0 APIs:
- DataStax
- OLVM
- NSX
- Cisco APIC
- Infoblox
- Cassandra
When updating authentication records created using a HashiCorp or Wallix AdminBastian vault, the authentication record 'login type' was incorrectly converted to basic. To prevent this, the following existing input parameters are made mandatory when updating authentication records:
- login_type
- vault_type
- secret_kv_name (for HashiCorp vault)
- secret_kv_key (for HashiCorp vault)
- authorization_name (for Wallix AdminBastian vault)
- target_name (for Wallix AdminBastian vault)
Including these parameters ensures that the authentication record retains the correct vault type.
Input ParametersInput Parameters
| Parameter Name | Required / Optional | Data Type | Description |
| login_type={basic|vault} | Required | Boolean | The login type is basic by default. Select vault (for vault-based authentication). |
| vault_type={value} | Required | String | The vault type (HashiCorp and Wallix) to be used for authentication. |
| secret_kv_name={value} | Required when vault_type is selected as HashiCorp | String | The secret name that stores key-value pairs. |
| secret_kv_key={value} | Required when vault_type is selected as HashiCorp | Integer | The key name for identifying a specific key-value pair. |
| authorization_name= {value} |
Required when vault_type is selected as Wallix | String | The name of the authorization that enables secret retrieval from a group of targets. |
| target_name={value} | Required when vault_type is selected as Wallix | String |
Specify the name of the target device using one of these formats:
user@global_WABdomain user@local_WABdomain@device where user is the user with access to the target, global_WABdomain is a domain name in a domain controller, local_WABdomain is a local domain, device is the device you want to scan Use one or more variables in the target name to match For example, the target name |
The above input parameters are mandatory when updating the authentication record for HashiCorp or Wallix authentication vaults details only.
API Request
curl -s -S -H 'X-Requested-With:curl demo2' -u "<username>:<password>" -d "action=update&ids=9321422&title=john_dt&add_ips=1.1.1.14&login_type=vault&secret_kv_name=secret&secret_kv_key=secret&vault_type=HashiCorp""<qualys_base_url>/api/3.0/fo/auth/datastax/"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-07-01T06:08:33Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>9321422</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API Request
curl -s -S -H 'X-Requested-With:curl demo2' -u "<username>:<password>" -d "action=update&ids=9321432&title=john_dt&add_ips=1.1.1.14&login_type=vault&secret_kv_name=secret&secret_kv_key=secret&vault_type=HashiCorp""<qualys_base_url>/api/3.0/fo/auth/olvm/"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-07-01T06:08:33Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>9321432</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API Request
curl -s -S -H 'X-Requested-With:curl demo2' -u "<username>:<password>" -d "action=update&ids=9321402&title=john_dt&add_ips=1.1.1.14&login_type=vault&secret_kv_name=secret&secret_kv_key=secret&vault_type=HashiCorp""<qualys_base_url>/api/3.0/fo/auth/nsx/"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-07-01T06:08:33Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>9321402</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API Request
curl -s -S -H 'X-Requested-With:curl demo2' -u "<username>:<password>" -d "action=update&ids=9321442&title=john_dt&add_ips=1.1.1.14&login_type=vault&secret_kv_name=secret&secret_kv_key=secret&vault_type=HashiCorp""<qualys_base_url>/api/3.0/fo/auth/cisco_apic/"
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2026-07-01T06:08:33Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>9321442</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API Request
curl -s -S -H 'X-Requested-With:curl demo2' -u "<username>:<password>" -d "action=update&ids=9321462&title=john_dt&add_ips=1.1.1.14&login_type=vault&secret_kv_name=secret&secret_kv_key=secret&vault_type=HashiCorp""<qualys_base_url>/api/3.0/fo/auth/cassandra/"
API Response
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd"> <BATCH_RETURN> <RESPONSE> <DATETIME>2026-07-01T06:08:33Z</DATETIME> <BATCH_LIST> <BATCH> <TEXT>Successfully Updated</TEXT> <ID_SET> <ID>9321462</ID> </ID_SET> </BATCH> </BATCH_LIST> </RESPONSE> </BATCH_RETURN>
API Request
curl -s -S -H 'X-Requested-With:curl demo2' -u "<username>:<password>" -d "action=update&ids=9321452&title=john_dt&add_ips=1.1.1.14&login_type=vault&secret_kv_name=secret&secret_kv_key=secret&vault_type=HashiCorp""<qualys_base_url>/api/3.0/fo/auth/infoblox/"
API Response
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd"> <BATCH_RETURN> <RESPONSE> <DATETIME>2026-07-01T06:08:33Z</DATETIME> <BATCH_LIST> <BATCH> <TEXT>Successfully Updated</TEXT> <ID_SET> <ID>9321452</ID> </ID_SET> </BATCH> </BATCH_LIST> </RESPONSE> </BATCH_RETURN>
API Request
curl -s -S -H 'X-Requested-With:curl demo2' -u "<username>:<password>" -d "action=update&ids=9352408&title=john_info&add_ips=1.1.1.14&authorization_name=123&login_type=vault&vault_type=Wallix AdminBastion (WAB)&target_name=user@local_WABdomain@device" "<qualys_base_url>/api/3.0/fo/auth/infoblox/"
API Response
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd"> <BATCH_RETURN> <RESPONSE> <DATETIME>2026-07-01T06:08:33Z</DATETIME> <BATCH_LIST> <BATCH> <TEXT>Successfully Updated</TEXT> <ID_SET> <ID>9321432</ID> </ID_SET> </BATCH> </BATCH_LIST> </RESPONSE> </BATCH_RETURN>
API Request
curl -s -S -H 'X-Requested-With:curl demo2' -u "<username>:<password>" -d "action=update&ids=9321432&title=john_dt&add_ips=1.1.1.14&login_type=vault&secret_kv_name=secret&secret_kv_key=secret&vault_type=HashiCorp""<qualys_base_url>/api/3.0/fo/auth/olvm/"
API Response
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd"> <BATCH_RETURN> <RESPONSE> <DATETIME>2026-07-01T06:08:33Z</DATETIME> <BATCH_LIST> <BATCH> <TEXT>Successfully Updated</TEXT> <ID_SET> <ID>9321432</ID> </ID_SET> </BATCH> </BATCH_LIST> </RESPONSE> </BATCH_RETURN>
API Request
curl -s -S -H 'X-Requested-With:curl demo2' -u "<username>:<password>" -d "action=update&ids=9352408&title=john_info&add_ips=1.1.1.14&authorization_name=123&login_type=vault&vault_type=Wallix AdminBastion (WAB)&target_name=user@local_WABdomain@device" "<qualys_base_url>/api/3.0/fo/auth/olvm/"
API Response
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd"> <BATCH_RETURN> <RESPONSE> <DATETIME>2026-07-01T06:08:33Z</DATETIME> <BATCH_LIST> <BATCH> <TEXT>Successfully Updated</TEXT> <ID_SET> <ID>9321432</ID> </ID_SET> </BATCH> </BATCH_LIST> </RESPONSE> </BATCH_RETURN>
Issues Addressed
The following reported and notable customer issues are fixed in this release:
| Component/Category | Description |
| PA - API | When the user updated authentication records for Cisco APIC, using HashiCorp vault, they observed that the authentication record type was getting incorrectly converted to basic. Relevant code changes have been made to fix the issue. |