Policy Audit Release 1.2.0 API 

August 4, 2025

Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.

We have implemented versioning for APIs. For more information on API versioning, refer to the Introducing API Versioning: A Strategic Upgrade for Enhanced Stability and Control for API Integrations blog.

Polices List API Upgrade to V4.0

New or Updated API Updated
API Endpoint (deprecation Timeline -  January 2025) /api/3.0/fo/compliance/policy/
API Endpoint
(New Version)

 /api/4.0/fo/compliance/policy/

Method GET and POST
DTD or XSD changes Yes

In the previous release, we upgraded the Policy Export and Policy Import APIs to V4.0, improving usability and enhancing the overall user experience.

With this release, we have also upgraded the Policy List API to V4.0 to maintain consistency with the Policy Export and Policy Import APIs, further streamlining the experience for users interacting with all three APIs.

Sample - List PolicySample - List Policy

API  Request

curl -k -s -S -H 'X-Requested-With:curl demo2' -u "username:password@" -d "action=list&details=Basic&ids=1538419" "https://<qualys_base_url>/api/4.0/fo/compliance/policy/"

API Response

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE POLICY_LIST_OUTPUT SYSTEM "https://<qualys_base_url>/api/4.0/fo/compliance/policy/policy_list_output.dtd">
<POLICY_LIST_OUTPUT>
  <RESPONSE>
    <DATETIME>2025-07-11T10:13:20Z</DATETIME>
    <POLICY_LIST>
      <POLICY>
        <ID>1538419</ID>
        <TITLE><![CDATA[PC-33757]]></TITLE>
        <CREATED>
          <DATETIME>2025-07-07T05:40:23Z</DATETIME>
          <BY>quays_ca7</BY>
        </CREATED>
        <LAST_MODIFIED>
          <DATETIME>2025-07-10T07:05:28Z</DATETIME>
          <BY>quays_ca7</BY>
        </LAST_MODIFIED>
        <LAST_EVALUATED>
          <DATETIME>2025-07-10T07:06:34Z</DATETIME>
        </LAST_EVALUATED>
        <STATUS><![CDATA[active]]></STATUS>
        <IS_LOCKED>0</IS_LOCKED>
        <EVALUATE_NOW><![CDATA[yes]]></EVALUATE_NOW>
        <ASSET_GROUP_IDS>54114745</ASSET_GROUP_IDS>
        <CONTROL_LIST>
          <CONTROL>
            <ID>1071</ID>
            <STATEMENT><![CDATA[Status of the 'Minimum Password Length' setting]]></STATEMENT>
            <CRITICALITY>
              <LABEL><![CDATA[URGENT]]></LABEL>
              <VALUE>5</VALUE>
            </CRITICALITY>
            <STATUS><![CDATA[Active]]></STATUS>
          </CONTROL>
          <CONTROL>
            <ID>1073</ID>
            <STATEMENT><![CDATA[Status of the 'Maximum Password Age' setting (expiration) / Accounts having the 'password never expires' flag set]]></STATEMENT>
            <CRITICALITY>
              <LABEL><![CDATA[URGENT]]></LABEL>
              <VALUE>5</VALUE>
            </CRITICALITY>
            <STATUS><![CDATA[Inactive]]></STATUS>
          </CONTROL>
          <CONTROL>
            <ID>100017</ID>
            <STATEMENT><![CDATA[File Directory Existence_Manager]]></STATEMENT>
            <CRITICALITY>
              <LABEL><![CDATA[URGENT]]></LABEL>
              <VALUE>5</VALUE>
            </CRITICALITY>
            <STATUS><![CDATA[Inactive]]></STATUS>
          </CONTROL>
          <CONTROL>
            <ID>100018</ID>
            <STATEMENT><![CDATA[File/Directory Permission-Manager]]></STATEMENT>
            <CRITICALITY>
              <LABEL><![CDATA[URGENT]]></LABEL>
              <VALUE>5</VALUE>
            </CRITICALITY>
            <STATUS><![CDATA[Active]]></STATUS>
          </CONTROL>
          <CONTROL>
            <ID>100021</ID>
            <STATEMENT><![CDATA[Unix Directory Search Check-Manager]]></STATEMENT>
            <CRITICALITY>
              <LABEL><![CDATA[URGENT]]></LABEL>
              <VALUE>5</VALUE>
            </CRITICALITY>
            <STATUS><![CDATA[Active]]></STATUS>
          </CONTROL>
        </CONTROL_LIST>
      </POLICY>
    </POLICY_LIST>
    <GLOSSARY>
      <ASSET_GROUP_LIST>
        <ASSET_GROUP>
          <ID>54114745</ID>
          <TITLE><![CDATA[10.11.70.160]]></TITLE>
          <NETWORK_ID>0</NETWORK_ID>
        </ASSET_GROUP>
      </ASSET_GROUP_LIST>
    </GLOSSARY>
  </RESPONSE>
</POLICY_LIST_OUTPUT>

 

DTD UpdateDTD Update

A DTD for the List Policies API has been added.
<platform API server>/api/4.0/fo/compliance/policy/policy_list_output.dtd

DTD output for the List Policies API is as follows:

DTD Output

<!-- QUALYS POLICY_LIST_OUTPUT DTD -->
<!-- $Revision$ -->
<!ELEMENT POLICY_LIST_OUTPUT (REQUEST?,RESPONSE)>
<!ELEMENT REQUEST (DATETIME, USER_LOGIN, RESOURCE, PARAM_LIST?, POST_DATA?)>
<!ELEMENT DATETIME (#PCDATA)>
<!ELEMENT USER_LOGIN (#PCDATA)>
<!ELEMENT RESOURCE (#PCDATA)>
<!ELEMENT PARAM_LIST (PARAM+)>
<!ELEMENT PARAM (KEY, VALUE)>
<!ELEMENT KEY (#PCDATA)>
<!ELEMENT VALUE (#PCDATA)>
<!-- if returned, POST_DATA will be urlencoded -->
<!ELEMENT POST_DATA (#PCDATA)>
<!ELEMENT RESPONSE (DATETIME, (POLICY_LIST|ID_SET)?, WARNING_LIST?, GLOSSARY?)>
<!ELEMENT POLICY_LIST (POLICY+)>
<!ELEMENT POLICY (ID, TITLE, CREATED?, LAST_MODIFIED?, LAST_EVALUATED?, STATUS?, IS_LOCKED?, EVALUATE_NOW?, ASSET_GROUP_IDS?, TAG_SET_INCLUDE?, TAG_INCLUDE_SELECTOR?, TAG_SET_EXCLUDE?, TAG_EXCLUDE_SELECTOR?, INCLUDE_AGENT_IPS?, CONTROL_LIST?)>
<!ELEMENT ID (#PCDATA)>
<!ELEMENT TITLE (#PCDATA)>
<!ELEMENT CREATED (DATETIME, BY)>
<!ELEMENT BY (#PCDATA)>
<!ELEMENT LAST_MODIFIED (DATETIME, BY)>
<!ELEMENT LAST_EVALUATED (DATETIME)>
<!ELEMENT STATUS (#PCDATA)>
<!ELEMENT IS_LOCKED (#PCDATA)>
<!ELEMENT EVALUATE_NOW (#PCDATA)>
<!ELEMENT ASSET_GROUP_IDS (#PCDATA)>
<!ATTLIST ASSET_GROUP_IDS has_hidden_data CDATA #IMPLIED>
<!ELEMENT TAG_SET_INCLUDE (TAG_ID+)>
<!ELEMENT TAG_ID (#PCDATA)>
<!ELEMENT TAG_INCLUDE_SELECTOR (#PCDATA)>
<!ELEMENT TAG_SET_EXCLUDE (TAG_ID+)>
<!ELEMENT TAG_EXCLUDE_SELECTOR (#PCDATA)>
<!ELEMENT INCLUDE_AGENT_IPS (#PCDATA)>
<!ELEMENT CONTROL_LIST (CONTROL+)>
<!ELEMENT CONTROL (ID, STATEMENT, CRITICALITY?, STATUS?, DEPRECATED?, TECHNOLOGY_LIST?)>
<!ELEMENT STATEMENT (#PCDATA)>
<!ELEMENT CRITICALITY (LABEL, VALUE)>
<!ELEMENT LABEL (#PCDATA)>
<!ELEMENT DEPRECATED (#PCDATA)>
<!ELEMENT TECHNOLOGY_LIST (TECHNOLOGY+)>
<!ELEMENT TECHNOLOGY (ID, NAME, RATIONALE, CUSTOMIZED, REMEDIATION?)>
<!ELEMENT NAME (#PCDATA)>
<!ELEMENT RATIONALE (#PCDATA)>
<!ELEMENT CUSTOMIZED (#PCDATA)>
<!ELEMENT REMEDIATION (#PCDATA)>
<!ELEMENT ID_SET (ID|ID_RANGE)+>
<!ELEMENT ID_RANGE (#PCDATA)>
<!ELEMENT WARNING_LIST (WARNING+)>
<!ELEMENT WARNING (CODE?, TEXT, URL?)>
<!ELEMENT CODE (#PCDATA)>
<!ELEMENT TEXT (#PCDATA)>
<!ELEMENT URL (#PCDATA)>
<!ELEMENT GLOSSARY (ASSET_GROUP_LIST?, ASSET_TAG_LIST?, USER_LIST?)>
<!ELEMENT ASSET_GROUP_LIST (ASSET_GROUP+)>
<!ELEMENT ASSET_GROUP (ID, TITLE, NETWORK_ID?, IP_SET?)>
<!ELEMENT NETWORK_ID (#PCDATA)>
<!ELEMENT IP_SET (IP|IP_RANGE)+>
<!ELEMENT IP (#PCDATA)>
<!ELEMENT IP_RANGE (#PCDATA)>
<!ELEMENT ASSET_TAG_LIST (ASSET_INCLUDE_TAG_LIST?, ASSET_EXCLUDE_TAG_LIST?)>
<!ELEMENT ASSET_INCLUDE_TAG_LIST (TAG+)>
<!ELEMENT ASSET_EXCLUDE_TAG_LIST (TAG+)>
<!ELEMENT TAG (TAG_ID?, TAG_NAME?)>
<!ELEMENT TAG_NAME (#PCDATA)>
<!ELEMENT USER_LIST (USER+)>
<!ELEMENT USER (USER_LOGIN, FIRST_NAME, LAST_NAME)>
<!ELEMENT FIRST_NAME (#PCDATA)>
<!ELEMENT LAST_NAME (#PCDATA)>
<!-- EOF -->