Policy Audit Release 1.6 API
December 4, 2025
Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.
We have implemented versioning for APIs. For more information on API versioning, refer to the Updates on API Versioning Standards & Deprecation Timelines blog.
Get Posture Info API: Extended Support to exclude Extended Evidence
| New or Updated API | Updated |
| API Endpoint | /pcrs/4.0/posture/postureInfo/ |
| EOS Timeline: May 2026 | |
| EOL Timeline: November 2026 | |
| API Endpoint (New Version) |
/pcrs/5.0/posture/postureInfo/ |
| Method | POST |
| DTD or XSD changes | No |
With this release, we have added support for extended evidence as a dedicated request parameter, giving users explicit control over whether to retrieve extended evidence.
Previously, extended evidence was always bundled with the evidence object when we set evidenceRequired=1. The API did not provide a separate toggle, which limited flexibility and differed from the functionality available in the legacy Posture API (show_extended_evidence).
Input ParametersInput Parameters
| Parameter Name | Required / Optional | Data Type | Description |
| evidenceRequired={0|1} | Optional | Integer | Set as 1 to retrieve evidence data for posture info or else set 0. By default, the value is set as 0. |
| extendedEvidenceRequired={0|1} | Optional | Integer | Set as 1 to retrieve extended evidence data or else set to 0. For using this field, set evidenceRequired=1. |
Sample - extendedEvidenceRequired field is set to 0 Sample - extendedEvidenceRequired field is set to 0
API Request
curl location '<qualys_base_url>/pcrs/5.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0&extendedEvidenceRequired=0%27 \
header 'Content-Type: application/json' \
header 'Authorization: Bearer <JWT TOKEN>' \
data '[
{
"policyId": "1627436",
"subscriptionId": "583816",
"hostIds": [
"5400713"
]
}
]'
API Response
{
"id": 25598740,
"instance": "os",
"policyId": 1627436,
"policyTitle": "OCA Policy",
"netBios": null,
"controlId": 4358,
"controlStatement": "Status of the 'aaa authentication login' configuration command on the device",
"rationale": "Requiring an AAA Authentication method(s) to be employed for local user logins provides a source for managing and monitoring access into the device. Setting the AAA Authentication for local user logins enforces a username and password combination be used when logging into the device locally. If a named AAA Authentication list is used in place of the default setting, authentication is required to be configured for each IOS line for each interface.",
"remediation": "Before you configure default login authentication methods, configure RADIUS or TACACS+ server groups as needed\nExecute the following commands to set the default authentication method\n1. configure terminal\n2. aaa authentication login default { group 'group-list' [ none ]| local | none }\n3. exit",
"category": "OS Security Settings",
"subCategory": "Network Settings (OSI Layers 2-5)",
"controlReference": null,
"technologyId": 200,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2025-08-20T06:54:10Z",
"lastPassDate": "2025-08-20T06:59:21Z",
"postureModifiedDate": "2025-08-20T06:54:10Z",
"lastEvaluatedDate": "2025-08-20T06:59:21Z",
"created": "2025-10-22T08:19:41Z",
"hostId": 5400713,
"ip": "123.231.42.198",
"trackingMethod": "OCA",
"os": "Arista EOS 4",
"osCpe": null,
"domainName": null,
"dns": null,
"qgHostid": "003e160a-7b12-442f-a67c-7c7a08badb5d",
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-06-07T00:00:00Z",
"customerUuid": "bb662c39-f363-d58f-825d-abbcf4f035c2",
"customerId": "1334625",
"assetId": 44524164,
"technology": {
"id": 200,
"name": "Arista EOS 4.x"
},
"criticality": {
"label": "MEDIUM",
"value": 4
},
"evidence": {
"expectedValues": "\nFilter not found\n OR \nCommand not found\n OR \nmatches regular expression list\n.*",
"currentValues": [
"Filter not found"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "",
"extendedEvidence": null
},
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "2.47",
"totalDataSizeKB": "2.47",
"currentBatch": 2,
"totalBatches": 16,
"CLOUD_RESOURCE_ID": null
}
Sample - extendedEvidenceRequired field is set to 1 or is not used Sample - extendedEvidenceRequired field is set to 1 or is not used
API Request
curl location '<qualys_base_url>/pcrs/5.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0&extendedEvidenceRequired=1%27 \
header 'Content-Type: application/json' \
header 'Authorization: Bearer <JWT TOKEN>' \
data '[
{
"policyId": "1627436",
"subscriptionId": "583816",
"hostIds": [
"5400713"
]
}
]'
API Response
{
"id": 25598740,
"instance": "os",
"policyId": 1627436,
"policyTitle": "OCA Policy",
"netBios": null,
"controlId": 4358,
"controlStatement": "Status of the 'aaa authentication login' configuration command on the device",
"rationale": "Requiring an AAA Authentication method(s) to be employed for local user logins provides a source for managing and monitoring access into the device. Setting the AAA Authentication for local user logins enforces a username and password combination be used when logging into the device locally. If a named AAA Authentication list is used in place of the default setting, authentication is required to be configured for each IOS line for each interface.",
"remediation": "Before you configure default login authentication methods, configure RADIUS or TACACS+ server groups as needed\nExecute the following commands to set the default authentication method\n1. configure terminal\n2. aaa authentication login default { group 'group-list' [ none ]| local | none }\n3. exit",
"category": "OS Security Settings",
"subCategory": "Network Settings (OSI Layers 2-5)",
"controlReference": null,
"technologyId": 200,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2025-08-20T06:54:10Z",
"lastPassDate": "2025-08-20T06:59:21Z",
"postureModifiedDate": "2025-08-20T06:54:10Z",
"lastEvaluatedDate": "2025-08-20T06:59:21Z",
"created": "2025-10-22T08:19:41Z",
"hostId": 5400713,
"ip": "123.231.42.198",
"trackingMethod": "OCA",
"os": "Arista EOS 4",
"osCpe": null,
"domainName": null,
"dns": null,
"qgHostid": "003e160a-7b12-442f-a67c-7c7a08badb5d",
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-06-07T00:00:00Z",
"customerUuid": "bb662c39-f363-d58f-825d-abbcf4f035c2",
"customerId": "1334625",
"assetId": 44524164,
"technology": {
"id": 200,
"name": "Arista EOS 4.x"
},
"criticality": {
"label": "MEDIUM",
"value": 4
},
"evidence": {
"expectedValues": "\nFilter not found\n OR \nCommand not found\n OR \nmatches regular expression list\n.*",
"currentValues": [
"Filter not found"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "",
"extendedEvidence": "Row 1:Command,Filter 1: ^aaa authentication login\nRow 2:show running-config all,\n",
"description": "The following List String value(s) X indicates the status of the aaa authentication login configuration command on the host."
},
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "2.47",
"totalDataSizeKB": "2.47",
"currentBatch": 2,
"totalBatches": 16,
"CLOUD_RESOURCE_ID": null
}
Get Host ID API: Resolve Host IDs for Compliance Policies
| New or Updated API | Updated |
| API Endpoint | /pcrs/4.0/posture/hostids/ |
| EOS Timeline: NA | |
| EOL Timeline: NA | |
| API Endpoint (New Version) |
/pcrs/5.0/posture/hostids/ |
| Method | GET |
| DTD or XSD changes | No |
With this release, we have included two new input parameters – assetDeploymentType and assetState. When selected, these parameters enable you to filter cloud-based hosts from compliance policies.
With launch of the new API endpoint - /pcrs/5.0/posture/hostids/, we will not be adding End of Support (EOS) and End of Life (EOL) for its previous version - /pcrs/4.0/posture/hostids/. Simillarly, to be aligned with all the versions of the HostID API, we are also removing the EOS and EOL from pcrs/1.0/posture/hostids/
The V5.0, V4.0 and V3.0 APIs are designed specifically to retrieve Policy Audit (PA) / Policy Compliance (PC) asset data. To fetch both PA/PC and SCA asset data, you should continue using V2.0. If you require V5.0, V4.0 and V3.0 to support SCA asset data, please contact your Technical Account Manager (TAM).
Input ParametersInput Parameters
| Parameter Name | Required / Optional | Data Type | Description |
| assetDeploymentType | No | String | Filter by asset deployment type: ON-PREM, CLOUD, or ALL. |
| assetState | No | String | Filter by asset state: TERMINATED, ACTIVE, or ALL. |
Asset Filter ChangesAsset Filter Changes
- The API supports filtering by assetDeploymentType (CLOUD, ON-PREM, ALL).
- Cloud Assets
- Identified using integration with connectors (AWS, Azure, GCP).
- Deployment type is automatically classified as CLOUD.
- On-Premises Assets
- Identified by IP, hostname, or agent installation within corporate datacenters.
- Assets not mapped to a cloud provider are categorized as ON-PREM.
- For On-Prem assets, state information is not tracked. If assetDeploymentType=ON-PREM is selected, the assetState (see below) filter is ignored.
- Cloud Assets
- The API supports filtering by assetState (ACTIVE, TERMINATED, ALL). Each cloud provider (AWS, Azure, GCP) exposes multiple lifecycle states, such as, RUNNING, STOPPED, DEALLOCATED, and TERMINATED.To keep API usage consistent, we normalize them into three categories:
- ACTIVE - Hosts that are not decommissioned are considered active.
- TERMINATED - Host is permanently deleted or decommissioned, not expected to return.
- ALL - Includes every state, for broader queries.
assetState filter is only applicable for cloud assets.
Sample 1 - Retrieve all active cloud assets for a given policySample 1 - Retrieve all active cloud assets for a given policy
API Request
curl -X GET <qualys_base_url>/pcrs/5.0/posture/hostids?policyId=4677689&lastScanDate=2025-08-25&assetDeploymentType=CLOUD&assetState=ACTIVE ' \-H 'accept: */*' -H 'Authorization: Bearer <AuthToken>
API Response
[
{
"policyId": "4677689",
"subscriptionId": "41",
"hostIds": [
"924781",
"724905"
]
}
]
Sample 2 - Retrieve cloud assets that are permanently decommissionedSample 2 - Retrieve cloud assets that are permanently decommissioned
API Request
curl -X GET <qualys_base_url>/pcrs/5.0/posture/hostids?policyId=4677689&lastScanDate=2025-08- 25&assetDeploymentType=CLOUD&assetState=TERMINATED ' \ -H 'accept: */*' -H 'Authorization: Bearer <AuthToken>’
API Response
[
{
"policyId": "4677689",
"subscriptionId": "41",
"hostIds": [
"504718”
]
}
]
Sample 3 - For On-Premises assets, state is not trackedSample 3 - For On-Premises assets, state is not tracked
API Request
curl -X GET <qualys_base_url>/pcrs/5.0/posture/hostids?policyId=4677689&lastScanDate=2025-08-25&assetDeploymentType=ON-PREM' \ -H 'accept: */*' -H 'Authorization: Bearer <AuthToken>’
API Response
[
{
"policyId": "4677689",
"subscriptionId": "41",
"hostIds": [
"3001",
"3002",
"3003"
]
}
]
Sample 4 - deploymentType and assetState fields are omittedSample 4 - deploymentType and assetState fields are omitted
API Request
curl -X GET <qualys_base_url>/pcrs/5.0/posture/hostids?policyId=4677689&lastScanDate=2025-08- 25 ' \ -H 'accept: */*' -H 'Authorization: Bearer <AuthToken>’
API Response
[
{
"policyId": "4677689",
"subscriptionId": "41",
"hostIds": [
"924781",
"724905",
"504718",
]
}
]
Sample 5 - deploymentType is set to ALL and assetState is ACTIVESample 5 - deploymentType is set to ALL and assetState is ACTIVE
API Request
curl -X GET <qualys_base_url>/pcrs/5.0/posture/hostids?policyId=4677689&lastScanDate=2025-08- 25&assetDeploymentType=ALL&assetState=ACTIVE ' \ -H 'accept: */*' -H 'Authorization: Bearer <AuthToken>’ OR curl -X GET <qualys_base_url>/pcrs/5.0/posture/hostids?policyId=4677689&lastScanDate=2025-08- 25&assetState=ACTIVE ' \ -H 'accept: */*' -H 'Authorization: Bearer <AuthToken>’
API Response
[
{
"policyId": "4677689",
"subscriptionId": "41",
"hostIds": [
"924781",
"724905",
"3001",
"3002",
"3003"
]
}
]
Issues Addressed
The following reported and notable customer API issue are fixed in this release:
| Component/Category | Application |
Description |
| PA / PC - PCRS API | Policy Audit / Policy Compliance | When the user executed the PCRS API (/pcrs/3.0/posture/hostids/) with 100,000 host IDs, they received an error indicating that the execution had failed. This was because the request exceeded the number of host IDs that can be retrieved. Relevant code changes have been made to fix the issue. |