Release 10.30 API

September 06, 2024 (Updated September 20, 2024)

Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.

We have implemented versioning for APIs. For more information on API versioning, refer to the Introducing API Versioning: A Strategic Upgrade for Enhanced Stability and Control for API Integrations blog.

What’s New?

Qualys Vulnerability Management (VM) 

Option Profile API: Default Enablement of Recommended Option Profile 

New or Updated API Updated
API Endpoint  /api/2.0/fo/subscription/option_profile/vm/
Method POST
DTD or XSD changes No

With this release, we have introduced the Qualys Recommended Option Profile for all new VM/VMDR subscriptions. With this enhancement, when creating a new Option Profile, the default settings from the Qualys Recommended Option Profile are applied.

This feature will be available for use from mid-November. For more details, refer to blog - Qualys Recommended Option Profile – Upcoming Important Changes.

The default settings are summarized as follows:

  • The number of standard TCP Ports is increased from 1,900 to 2,800. Also, the number of additional TCP ports is increased from 12,500 to 20,500.
  • The Enable Parallel Scaling for Scanner Appliances setting is now enabled in Option Profiles by default, which helps enhance scan performance and reduces scan completion time.
  • The profile purges old host data when the operating system is updated, which enhances scan performance, and improves record authentication. The Purge action is initiated only when the Operating System is accurately detected during the Authenticated Scans or by the Cloud Agent.
  • Windows and Unix are now enabled by default when creating an Option Profile to help reduce the issues that are encountered due to profiles that are not properly configured. 
  • The Dissolvable Agent option is enabled for all newly created VMDR subscriptions, by default.
  • The Save As option is disabled when editing an existing Option Profile.

For more details on the changes to the default settings, refer to the Release Notes - Cloud Platform 10.30.

Input ParametersInput Parameters

The details of optional input parameters that are set by default are listed in the following table:

Parameter Name Description

purge_host_data

Default value (1)

(Optional) Specify 1 to purge host data. This option is especially useful if you have systems that are regularly decommissioned or replaced. By specifying this option you are telling us you want to purge the host if we detect a change in the host's Operating System (OS) vendor at scan time, for example the OS changed from Linux to Windows or Debian to Ubuntu. We will not purge the host for an OS version change like Linux 2.8.13 to Linux 2.9.4.

scan_parallel_scaling

Default value (1)

(Optional) Specify 1 to enable parallel scaling. This setting can be useful in subscriptions that have physical and virtual scanner appliances with different performance characteristics (For example, CPU, RAM).  

Specify this option to dynamically scale up the number of hosts to scan in parallel (at scan time) to a calculated value which is based upon the computing resources available on each appliance. Note that the number of hosts to scan in parallel value determines how many hosts each appliance will target concurrently, not how many appliances will be used for the scan.

enable_dissolvable_
agent

Default value (1)

(Optional) Specify 1 to enable dissolvable agent. This is required for certain scan features like Windows Share Enumeration. How does it work? At scan time the Agent is installed on Windows devices to collect data, and once the scan is complete it removes itself completely from target systems.

authentication

Default value
(Windows, Unix)

(Optional) Want to run authenticated scans? When you use authentication we will perform a more in-depth assessment and get you the most accurate results with fewer false positives.

Specify one or more technologies for the hosts you want to scan. Be sure that you have configured authentication records (under Scans > Authentication) before running your scan.

The following options are available:

- Windows

- Unix

- Oracle

- Oracle Listener

- SNMP

- VMware

- DB2

- HTTP

- MySQL

- MongoDB

- Tomcat Server

- Palo Alto Networks Firewall

- Sybase

Note: If the end-user does not pass this parameter (authentication=unauth).

authentication_least_
privilege

Default value (Unix)

(Optional) Specify authentication_least_privilege=Unix (this value is case sensitive) to use the least privileges required for Unix authentication. When specified, the scanner will not pass root delegation information specified in the Unix record to the scanner for vulnerability scans. When not specified (the default), root delegation will be used if specified in the Unix record. Note: Unix authentication must be enabled in the same option profile (authentication=Unix).

icmp

Default value (0)

(Optional) Specify 1 to only discover live hosts that respond to an ICMP ping. Default setting is 1.

ignore_firewall_
generated_
tcp_rst_packets

Default value (1)

(Optional) Specify 1 to ignore all TCP RESET packets - firewall-generated and live-host-generated.

ignore_firewall_generated_
tcp_syn_
ack_packets

Default value (1)

(Optional) Specify 1 to determine if TCP SYN-ACK packets are generated by a filtering device and ignore packets that appear to originate from such devices

Sample- Create Option ProfileSample- Create Option Profile

API Request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl" -X POST"?action=create&purge_host_data=1&scan_parallel_scaling=1&scan_scanner_
appliances=50&scan_total_process=20&scan_http_process=20&authentication_
least_privilege=Unix&enable_dissolvable_agent=1&icmp=0&ignore_firewall_
generated_tcp_rst_packets=1&ignore_firewall_generated_tcp_syn_ack_packets
=1&title=VM_API_Option_profile&scan_tcp_ports=none&scan_udp_ports=none&
vulnerability_detection=complete&basic_information_gathering=none&scan_
overall_performance=custom&authentication=Unix"'<qualys_base_url>/api/
2.0/fo/subscription/option_profile/vm/'

XML Response

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM 
"<qualys_base_url>/api/2.0/simple_return.dtd">
<SIMPLE_RETURN>
    <RESPONSE>
       <DATETIME>2024-08-23T07:45:54Z</DATETIME>
       <TEXT>Option profile successfully added.</TEXT>
           <ITEM_LIST>
              <ITEM>
                 <KEY>ID</KEY>
                <VALUE>2665297</VALUE>
              </ITEM>
           </ITEM_LIST>
    </RESPONSE>
 </SIMPLE_RETURN>

Sample- Import Option ProfileSample- Import Option Profile

API Request 

curl --location 'https://<qualys_base_url>/api/2.0/fo/subscription/option_profile/?action=import' \
--header 'X-Requested-With: curl' \
--header 'Content-Type: application/xml' \
--header 'Authorization: Basic cXVheXNfenM2MDpWbWRyQDEyMw==' \
--data '

Request POST Data

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE OPTION_PROFILES SYSTEM "https://<qualys_base_url>/api/2.0/fo/subscription/option_profile/option_profile_info.dtd">
<OPTION_PROFILES>
    <OPTION_PROFILE>
        <BASIC_INFO>
            <ID>26210000</ID>
            <GROUP_NAME>
                <![CDATA[OP import API]]>
            </GROUP_NAME>
            <GROUP_TYPE>user</GROUP_TYPE>
            <USER_ID>
                <![CDATA[Shreya Joshi (quays_zw24)]]>
            </USER_ID>
            <UNIT_ID>0</UNIT_ID>
            <SUBSCRIPTION_ID>1309337</SUBSCRIPTION_ID>
            <IS_DEFAULT>0</IS_DEFAULT>
            <IS_GLOBAL>1</IS_GLOBAL>
            <IS_OFFLINE_SYNCABLE>0</IS_OFFLINE_SYNCABLE>
            <UPDATE_DATE>2024-09-02T10:25:44Z</UPDATE_DATE>
        </BASIC_INFO>
        <SCAN>
            <PORTS>
                <TCP_PORTS>
                    <TCP_PORTS_TYPE>full</TCP_PORTS_TYPE>
                    <THREE_WAY_HANDSHAKE>0</THREE_WAY_HANDSHAKE>
                </TCP_PORTS>
                <UDP_PORTS>
                    <UDP_PORTS_TYPE>full</UDP_PORTS_TYPE>
                </UDP_PORTS>
                <AUTHORITATIVE_OPTION>0</AUTHORITATIVE_OPTION>
            </PORTS>
            <SCAN_DEAD_HOSTS>0</SCAN_DEAD_HOSTS>
            <PURGE_OLD_HOST_OS_CHANGED>1</PURGE_OLD_HOST_OS_CHANGED>
            <PERFORMANCE>
                <PARALLEL_SCALING>1</PARALLEL_SCALING>
                <OVERALL_PERFORMANCE>Normal</OVERALL_PERFORMANCE>
                <HOSTS_TO_SCAN>
                    <EXTERNAL_SCANNERS>15</EXTERNAL_SCANNERS>
                    <SCANNER_APPLIANCES>30</SCANNER_APPLIANCES>
                </HOSTS_TO_SCAN>
                <PROCESSES_TO_RUN>
                    <TOTAL_PROCESSES>10</TOTAL_PROCESSES>
                    <HTTP_PROCESSES>10</HTTP_PROCESSES>
                </PROCESSES_TO_RUN>
                <PACKET_DELAY>Medium</PACKET_DELAY>
                <PORT_SCANNING_AND_HOST_DISCOVERY>Normal</PORT_SCANNING_AND_HOST_DISCOVERY>
                <HOST_CGI_CHECKS>0</HOST_CGI_CHECKS>
                <MAX_TARGETS_PER_SLICE>0</MAX_TARGETS_PER_SLICE>
                <CONF_SCAN_LIMITED_CONNECTIVITY>0</CONF_SCAN_LIMITED_CONNECTIVITY>
                <SKIP_PRE_SCANNING>0</SKIP_PRE_SCANNING>
            </PERFORMANCE>
            <LOAD_BALANCER_DETECTION>0</LOAD_BALANCER_DETECTION>
            <VULNERABILITY_DETECTION>
                <CUSTOM_LIST>
                    <CUSTOM>
                        <ID>1616684</ID>
                        <TITLE>
                            <![CDATA[VM-22616 - Search Lists - CRM]]>
                        </TITLE>
                    </CUSTOM>
                </CUSTOM_LIST>
                <DETECTION_INCLUDE>
                    <BASIC_HOST_INFO_CHECKS>1</BASIC_HOST_INFO_CHECKS>
                    <OVAL_CHECKS>0</OVAL_CHECKS>
                    <QRDI_CHECKS>0</QRDI_CHECKS>
                </DETECTION_INCLUDE>
            </VULNERABILITY_DETECTION>
            <ADDL_CERT_DETECTION>0</ADDL_CERT_DETECTION>
            <DISSOLVABLE_AGENT>
                <DISSOLVABLE_AGENT_ENABLE>1</DISSOLVABLE_AGENT_ENABLE>
                <WINDOWS_SHARE_ENUMERATION_ENABLE>0</WINDOWS_SHARE_ENUMERATION_ENABLE>
            </DISSOLVABLE_AGENT>
        </SCAN>
        <MAP>
            <BASIC_INFO_GATHERING_ON>all</BASIC_INFO_GATHERING_ON>
            <TCP_PORTS>
                <TCP_PORTS_STANDARD_SCAN>1</TCP_PORTS_STANDARD_SCAN>
            </TCP_PORTS>
            <MAP_OPTIONS>
                <PERFORM_LIVE_HOST_SWEEP>1</PERFORM_LIVE_HOST_SWEEP>
                <DISABLE_DNS_TRAFFIC>0</DISABLE_DNS_TRAFFIC>
            </MAP_OPTIONS>
            <MAP_PERFORMANCE>
                <OVERALL_PERFORMANCE>Normal</OVERALL_PERFORMANCE>
                <MAP_PARALLEL>
                    <EXTERNAL_SCANNERS>6</EXTERNAL_SCANNERS>
                    <SCANNER_APPLIANCES>8</SCANNER_APPLIANCES>
                    <NETBLOCK_SIZE>16384 IPs</NETBLOCK_SIZE>
                </MAP_PARALLEL>
                <PACKET_DELAY>Minimum</PACKET_DELAY>
            </MAP_PERFORMANCE>
            <MAP_AUTHENTICATION>none</MAP_AUTHENTICATION>
        </MAP>
        <ADDITIONAL>
            <HOST_DISCOVERY>
                <TCP_PORTS>
                    <STANDARD_SCAN>1</STANDARD_SCAN>
                </TCP_PORTS>
                <UDP_PORTS>
                    <STANDARD_SCAN>1</STANDARD_SCAN>
                </UDP_PORTS>
                <ICMP>0</ICMP>
            </HOST_DISCOVERY>
            <PACKET_OPTIONS>
                <IGNORE_FIREWALL_GENERATED_TCP_RST>1</IGNORE_FIREWALL_GENERATED_TCP_RST>
                <IGNORE_ALL_TCP_RST>0</IGNORE_ALL_TCP_RST>
                <IGNORE_FIREWALL_GENERATED_TCP_SYN_ACK>1</IGNORE_FIREWALL_GENERATED_TCP_SYN_ACK>
                <NOT_SEND_TCP_ACK_OR_SYN_ACK_DURING_HOST_DISCOVERY>0</NOT_SEND_TCP_ACK_OR_SYN_ACK_DURING_HOST_DISCOVERY>
            </PACKET_OPTIONS>
        </ADDITIONAL>
    </OPTION_PROFILE>
</OPTION_PROFILES>

XML Response

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "<qualys_base_url>/api/2.0/simple_return.dtd"> 
<SIMPLE_RETURN>
    <RESPONSE>
        <DATETIME>2024-08-12T11:27:42Z</DATETIME>
        <TEXT>Successfully imported Option profile for the subscription Id 75299</TEXT>
        <ITEM_LIST>
            <ITEM>
                <KEY>70018</KEY>
                <VALUE>
                 OptionProfile-Import6
                </VALUE>
            </ITEM>
        </ITEM_LIST>
    </RESPONSE>
</SIMPLE_RETURN>

KnowledgeBase QVS API: Retrieve Last 15 Days CVE Data

New or Updated API Updated
API Endpoint
(Deprecation Timeline-
March 2025)
api/2.0/fo/knowledge_base/qvs
API Endpoint
(New Version)
api/3.0/fo/knowledge_base/qvs
Method GET
DTD or XSD changes No

With this release, you can now view the list of CVEs for which the QVS score was recently updated. Earlier, the CVE field was mandatory, restricting the use of a few parameters, now CVE is optional. With this, you can idenify which CVEs are published in the last 15 days before or after a specified timeframe with their modified QVS score. If you request beyond 15 days range, you get an error. You can now access the CVEs for which the QVS is modified or updated so that you can get the latest data by using the date filter. You can get the list of all CVEs for your reference to assess the risks associated with each CVE based on the updated QVS score.

 You can provide the request for only 25 CVEs. You can get all the CVEs without the limitation of 15 days.

Input ParametersInput Parameters

The following input parameters have been updated.

Parameter Description
 cve={value} (Optional) Filter the JSON output to show only the CVEs for which the QVS is recently updated. The associated vulnerabilities are shown only when the requested CVE is published.
qvs_last_modified_before={date} (Optional) Show only CVE IDs with a QVS score that was modified for the last 15 days before a specific date and time. Valid date format is: YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2024-08-01” or “2024-0801T23:12:00Z”.
qvs_last_modified_after={date} (Optional) Show only CVE IDs with a QVS score that was modified within the next 15 days after a specific date and time. Valid date format is: YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2024-08-01” or “2024-08-01T23:12:00Z”.
nvd_published_before={date} (Optional) Show only the CVE IDs with modified QVS scores from the past
15 days that were published before a specified date and time. Valid date format is: YYYY-MM-DD[
THH:MM:SSZ] format (UTC/GMT), like “2024-08-01” or “2024-08-01T23:12:00Z”.
nvd_published_after={date} (Optional) Show only the CVE IDs where the QVS scores have been
updated and published within the next 15 days, starting from a specified date and time. Valid date format is: YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like “2024-08-01” or “2024-08-01T23:12:00Z”.
qvs_min={value} (Optional) Show only the CVEs with a QVS value greater than or equal to the QVS min value specified (QVS Prime is not considered). When qvs_min and qvs_max are specified in the same request, the qvs_min value must be less than the qvs_max value.
Note: This shows only the CVEs with a QVS score that was modified for the last 15 days.
qvs_max={value} (Optional) Show only the CVEs with a QVS value less than or equal to the QVS max value specified (QVS Prime is not considered). When qvs_min and qvs_max are specified in the same request, the qvs_min value must be less than the qvs_max value. 
Note: This shows only the CVEs with a QVS score that was modified for the last 15 days.

Sample - QVS last modified before a given dateSample - QVS last modified before a given date

API Request

curl --location 'https://<qualys_base_url>/api/3.0/fo/knowledge_base/qvs/?action=list&qvs_last_modified_before=2024-08-15' \
--header 'X-Requested-With: curl' \
--header 'Authorization: Basic username:password string'

JSON Response

{
"CVE-2017-16260": {
"base": {
"id": "CVE-2017-16260",
"idType": "CVE",
"qvs": "72",
"qvsLastChangedDate": 1722988800,
"nvdPublishedDate": 1673475300
}
},
"CVE-2017-16261": {
"base": {
"id": "CVE-2017-16261",
"idType": "CVE",
"qvs": "42",
"qvsLastChangedDate": 1722988800,
"nvdPublishedDate": 1673475300
}
},
"CVE-2017-16262": {
"base": {
"id": "CVE-2017-16262",
"idType": "CVE",
"qvs": "72",
"qvsLastChangedDate": 1722988800,
"nvdPublishedDate": 1673475300
}
},
"CVE-2023-23948": {
"base": {
"id": "CVE-2023-23948",
"idType": "CVE",
"qvs": "37",
"qvsLastChangedDate": 1722902400,
"nvdPublishedDate": 1676308500
}
},
"CVE-2017-16263": {
"base": {
"id": "CVE-2017-16263",
"idType": "CVE",
"qvs": "72",
"qvsLastChangedDate": 1722988800,
"nvdPublishedDate": 1673475300
}
}

Sample - QVS last modified after a given dateSample - QVS last modified after a given date

API Request

curl --location 'https://<qualys_base_url>/api/3.0/fo/knowledge_base/qvs/?action=list&qvs_last_modified_after=2024-09-05&details=All' \
--header 'X-Requested-With: curl' \
--header 'Authorization: Basic username:password string'

JSON Response

{
"CVE-2024-38858": {
"base": {
"id": "CVE-2024-38858",
"idType": "CVE",
"qvs": "30",
"qvsLastChangedDate": 1725494400,
"nvdPublishedDate": 1725279319
},
"contributingFactors": {
"cvss": "6.1",
"cvssVersion": "v3.x",
"cvssString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N",
"trending": [
"09032024,09042024,08272024,08282024"
],
"epss": [
"0.00043"
]
}
},
"CVE-2018-19183": {
"base": {
"id": "CVE-2018-19183",
"idType": "CVE",
"qvs": "41",
"qvsLastChangedDate": 1725494400,
"nvdPublishedDate": 1541989740
},
"contributingFactors": {
"cvss": "7.5",
"cvssVersion": "v3.x",
"cvssString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H",
"exploitMaturity": [
"poc"
],
"epss": [
"0.00416"
]
}
}

Sample - Display CVEs for QVS minimumSample - Display CVEs for QVS minimum

API Request

curl --location 'https://<qualys_base_url>/api/3.0/fo/knowledge_base
/qvs/?action=list&details=All&qvs_min=95'\ --header 'X-Requested-With: curl' \ --header 'Authorization: Basic username:password string'

JSON Response

{
"CVE-2024-38856": {
"base": {
"id": "CVE-2024-38856",
"idType": "CVE",
"qvs": "95",
"qvsLastChangedDate": 1725956542967,
"nvdPublishedDate": 1722849356
},
"contributingFactors": {
"cvss": "9.8",
"cvssVersion": "v3.x",
"cvssString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H",
"threatActors": [
"Unattributed"
],
"exploitMaturity": [
"weaponized,poc"
],
"trending": [
"08182024,08232024,08092024,08062024,08072024,08262024,08132024,08292024,08302024,08152024,08212024,08112024,08202024,08282024,08252024,08242024,08162024,08042024,08122024"
],
"epss": [
"0.93274"
]
}
},
"CVE-2019-18988": {
"base": {
"id": "CVE-2019-18988",
"idType": "CVE",
"qvs": "95",
"qvsLastChangedDate": 1725956542967,
"nvdPublishedDate": 1581092100
},
"contributingFactors": {
"cvss": "7.0",
"cvssVersion": "v3.x",
"cvssString": "AV:L\/AC:H\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H",
"exploitMaturity": [
"poc,weaponized"
],
"trending": [
"07052024"
],
"epss": [
"0.00358"
]
}
}

Sample - Display CVEs for QVS maximumSample - Display CVEs for QVS maximum

API Request

curl --location 'https://<qualys-base_url>/api/3.0/fo/knowledge_base/qvs/?action=list&details=All&qvs_max=95' \
--header 'X-Requested-With: curl' \
--header 'Authorization: Basic username:password string'

JSON Response

{
    "CVE-2017-16260": {
        "base": {
            "id": "CVE-2017-16260",
            "idType": "CVE",
            "qvs": "71",
            "qvsLastChangedDate": 1725580800,
            "nvdPublishedDate": 1673475300
        },
        "contributingFactors": {
            "cvss": "9.9",
            "cvssVersion": "v3.x",
            "cvssString": "AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H",
            "exploitMaturity": [
                "poc"
            ],
            "epss": [
                "0.00091"
            ]
        }
    },
    "CVE-2017-16261": {
        "base": {
            "id": "CVE-2017-16261",
            "idType": "CVE",
            "qvs": "41",
            "qvsLastChangedDate": 1725580800,
            "nvdPublishedDate": 1673475300
        },
        "contributingFactors": {
            "cvss": "8.8",
            "cvssVersion": "v3.x",
            "cvssString": "AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H",
            "exploitMaturity": [
                "poc"
            ],
            "epss": [
                "0.00091"
            ]
        }
    }

Sample - Display CVEs within QVS min and QVS maxSample - Display CVEs within QVS min and QVS max

API Request

curl --location 'https://<qualys_ase_url>/api/3.0/fo/knowledge_base/
qvs/?action=list&details=All&qvs_min=95&qvs_max=96' \ --header 'X-Requested-With: curl' \ --header 'Authorization: Basic username: password string'

JSON Response

{
"CVE-2024-38856": {
"base": {
"id": "CVE-2024-38856",
"idType": "CVE",
"qvs": "95",
"qvsLastChangedDate": 1725958333539,
"nvdPublishedDate": 1722849356
},
"contributingFactors": {
"cvss": "9.8",
"cvssVersion": "v3.x",
"cvssString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H",
"threatActors": [
"Unattributed"
],
"exploitMaturity": [
"weaponized,poc"
],
"trending": [
"08182024,08232024,08092024,08062024,08072024,08262024,08132024,08292024,08302024,08152024,08212024,08112024,08202024,08282024,08252024,08242024,08162024,08042024,08122024"
],
"epss": [
"0.93274"
]
}
},
"CVE-2019-18988": {
"base": {
"id": "CVE-2019-18988",
"idType": "CVE",
"qvs": "95",
"qvsLastChangedDate": 1725958333539,
"nvdPublishedDate": 1581092100
},
"contributingFactors": {
"cvss": "7.0",
"cvssVersion": "v3.x",
"cvssString": "AV:L\/AC:H\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H",
"exploitMaturity": [
"poc,weaponized"
],
"trending": [
"07052024"
],
"epss": [
"0.00358"
]
}

KnowledgeBase Download API: View Patch Published Date for a QID

New or Updated API Updated
API Endpoint
(Deprecation Timeline-
March 2025)
/api/2.0/fo/knowledge_base/vuln/
API Endpoint
(New Version)
/api/3.0/fo/knowledge_base/vuln/
Method GET and POST
DTD or XSD changes Yes

With this release, we have added the Patch Published Date in the Vulnerability Information window for a particular QID. This enables users to identify the date on which the patches were first released for the QID.

There is no change in the input parameters of the API.

Sample - Fetch Basic Details for VulnerabilitiesSample - Fetch Basic Details for Vulnerabilities

API Request

curl --location 'https://<qualys_base_url>/api/3.0/fo/knowledge_base/vuln/?action=list&details=All&ids=6666666' \
--header 'X-Requested-With: curl demo 2' \
--header 'Authorization: Basic cXVheXNfYXMzOnFhdGVtcA=='

XML Response

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE KNOWLEDGE_BASE_VULN_LIST_OUTPUT SYSTEM "https://<qualys_base_url>/api/3.0/fo/knowledge_base/vuln/knowledge_base_vuln_list_output.dtd">
<KNOWLEDGE_BASE_VULN_LIST_OUTPUT>
    <RESPONSE>
        <DATETIME>2024-09-02T10:55:37Z</DATETIME>
        <VULN_LIST>
            <VULN>
                <QID>6666666</QID>
                <VULN_TYPE>Vulnerability</VULN_TYPE>
                <SEVERITY_LEVEL>3</SEVERITY_LEVEL>
                <TITLE>
                    <![CDATA[Debian 12 Security Update for webkit2gtk (CVE-2024-40780)]]>
                </TITLE>
                <CATEGORY>Debian</CATEGORY>
                <LAST_SERVICE_MODIFICATION_DATETIME>2024-09-02T02:43:07Z</LAST_SERVICE_MODIFICATION_DATETIME>
                <PUBLISHED_DATETIME>2024-08-26T14:08:11Z</PUBLISHED_DATETIME>
                <CODE_MODIFIED_DATETIME>2024-08-26T14:08:11Z</CODE_MODIFIED_DATETIME>
                <PATCHABLE>1</PATCHABLE>
                <PATCH_PUBLISHED_DATE>2024-08-15T00:00:00Z</PATCH_PUBLISHED_DATE>
                <SOFTWARE_LIST>
                    <SOFTWARE>
                        <PRODUCT>
                            <![CDATA[webkit2gtk]]>
                        </PRODUCT>
                        <VENDOR>
                            <![CDATA[debian]]>
                        </VENDOR>
                    </SOFTWARE>
                </SOFTWARE_LIST>
                <VENDOR_REFERENCE_LIST>
                    <VENDOR_REFERENCE>
                        <ID>
                            <![CDATA[webkit2gtk_Debian12]]>
                        </ID>
                        <URL>
                            <![CDATA[https://security-tracker.debian.org/tracker/CVE-2024-40780]]>
                        </URL>
                    </VENDOR_REFERENCE>
                </VENDOR_REFERENCE_LIST>
                <CVE_LIST>
                    <CVE>
                        <ID>
                            <![CDATA[CVE-2024-40780]]>
                        </ID>
                        <URL>
                            <![CDATA[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40780]]>
                        </URL>
                    </CVE>
                </CVE_LIST>
                <DIAGNOSIS>
                    <![CDATA[Debian has released a security update for webkit2gtk to fix the vulnerabilities.]]>
                </DIAGNOSIS>
                <CONSEQUENCE>
                    <![CDATA[Successful exploitation of this vulnerability could lead to a security breach or affect integrity, availability, and confidentiality.]]>
                </CONSEQUENCE>
                <SOLUTION>
                    <![CDATA[Refer to Debian security advisory <A HREF='https://security-tracker.debian.org/tracker/CVE-2024-40780' TARGET='_blank'>CVE-2024-40780</A> for updates and patch information.]]>
                </SOLUTION>
                <PCI_FLAG>0</PCI_FLAG>
                <THREAT_INTELLIGENCE>
                    <THREAT_INTEL id="4">
                        <![CDATA[High_Lateral_Movement]]>
                    </THREAT_INTEL>
                </THREAT_INTELLIGENCE>
                <DISCOVERY>
                    <REMOTE>0</REMOTE>
                    <AUTH_TYPE_LIST>
                        <AUTH_TYPE>Unix</AUTH_TYPE>
                    </AUTH_TYPE_LIST>
                    <ADDITIONAL_INFO>Patch Available</ADDITIONAL_INFO>
                </DISCOVERY>
            </VULN>
        </VULN_LIST>
    </RESPONSE>
</KNOWLEDGE_BASE_VULN_LIST_OUTPUT>

Sample - Patchable VulnerabilitiesSample - Patchable Vulnerabilities

Vulnerabilities with certain QIDs that are patchable.

API Request

curl --location 'https://<qualys_base_url>/api/3.0/fo/knowledge_base/vuln/?action=list&ids=6080871&details=All&is_patchable=1' \
--header 'X-Requested-With: curl demo 2' \
--header 'Authorization: Basic cXVheXNfYXMzOnFhdGVtcA=='

XML Response

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE KNOWLEDGE_BASE_VULN_LIST_OUTPUT SYSTEM "https://<qualys_base_url>/api/3.0/fo/knowledge_base/vuln/knowledge_base_vuln_list_output.dtd">
<KNOWLEDGE_BASE_VULN_LIST_OUTPUT>
    <RESPONSE>
        <DATETIME>2024-09-03T06:03:55Z</DATETIME>
        <VULN_LIST>
            <VULN>
                <QID>6080871</QID>
                <VULN_TYPE>Vulnerability</VULN_TYPE>
                <SEVERITY_LEVEL>5</SEVERITY_LEVEL>
                <TITLE>
                    <![CDATA[VMware Photon OS Security Update for python-cryptography,coredns,grub2 (PHSA-2023-3.0-0681)]]>
                </TITLE>
                <CATEGORY>PhotonOS</CATEGORY>
                <LAST_SERVICE_MODIFICATION_DATETIME>2024-06-25T12:04:37Z</LAST_SERVICE_MODIFICATION_DATETIME>
                <PUBLISHED_DATETIME>2024-06-24T12:55:24Z</PUBLISHED_DATETIME>
                <CODE_MODIFIED_DATETIME>2024-06-24T12:55:24Z</CODE_MODIFIED_DATETIME>
                <PATCHABLE>1</PATCHABLE>
                <PATCH_PUBLISHED_DATE>2023-11-04T00:00:00Z</PATCH_PUBLISHED_DATE>
                <SOFTWARE_LIST>
                    <SOFTWARE>
                        <PRODUCT>
                            <![CDATA[photonos]]>
                        </PRODUCT>
                        <VENDOR>
                            <![CDATA[vmware]]>
                        </VENDOR>
                    </SOFTWARE>
                </SOFTWARE_LIST>
                <VENDOR_REFERENCE_LIST>
                    <VENDOR_REFERENCE>
                        <ID>
                            <![CDATA[PHSA-2023-3.0-0681]]>
                        </ID>
                        <URL>
                            <![CDATA[https://github.com/vmware/photon/wiki/Security-Update-3.0-681]]>
                        </URL>
                    </VENDOR_REFERENCE>
                </VENDOR_REFERENCE_LIST>
                <CVE_LIST>
                    <CVE>
                        <ID>
                            <![CDATA[CVE-2021-28235]]>
                        </ID>
                        <URL>
                            <![CDATA[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28235]]>
                        </URL>
                    </CVE>
                    <CVE>
                        <ID>
                            <![CDATA[CVE-2023-4692]]>
                        </ID>
                        <URL>
                            <![CDATA[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4692]]>
                        </URL>
                    </CVE>
                    <CVE>
                        <ID>
                            <![CDATA[CVE-2023-4693]]>
                        </ID>
                        <URL>
                            <![CDATA[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4693]]>
                        </URL>
                    </CVE>
                    <CVE>
                        <ID>
                            <![CDATA[CVE-2023-32082]]>
                        </ID>
                        <URL>
                            <![CDATA[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32082]]>
                        </URL>
                    </CVE>
                    <CVE>
                        <ID>
                            <![CDATA[CVE-2023-23931]]>
                        </ID>
                        <URL>
                            <![CDATA[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23931]]>
                        </URL>
                    </CVE>
                </CVE_LIST>
                <DIAGNOSIS>
                    <![CDATA[PhotonOS has released a security update for python-cryptography,coredns,grub2 to fix the vulnerabilities.]]>
                </DIAGNOSIS>
                <CONSEQUENCE>
                    <![CDATA[Successful exploitation of this vulnerability could lead to a security breach or affect integrity, availability, and confidentiality.]]>
                </CONSEQUENCE>
                <SOLUTION>
                    <![CDATA[Refer to PhotonOS security advisory <A HREF="https://github.com/vmware/photon/wiki/Security-Update-3.0-681" TARGET="_blank">PHSA-2023-3.0-0681</A> for updates and patch information.]]>
                </SOLUTION>
                <CORRELATION>
                    <EXPLOITS>
                        <EXPLT_SRC>
        </EXPLT_SRC>
                    </EXPLOITS>
                </CORRELATION>
                <PCI_FLAG>1</PCI_FLAG>
                <THREAT_INTELLIGENCE>
                    <THREAT_INTEL id="2">
                        <![CDATA[Exploit_Public]]>
                    </THREAT_INTEL>
                    <THREAT_INTEL id="4">
                        <![CDATA[High_Lateral_Movement]]>
                    </THREAT_INTEL>
                    <THREAT_INTEL id="15">
                        <![CDATA[Remote_Code_Execution]]>
                    </THREAT_INTEL>
                </THREAT_INTELLIGENCE>
                <DISCOVERY>
                    <REMOTE>0</REMOTE>
                    <AUTH_TYPE_LIST>
                        <AUTH_TYPE>Unix</AUTH_TYPE>
                    </AUTH_TYPE_LIST>
                    <ADDITIONAL_INFO>Patch Available, Exploit Available</ADDITIONAL_INFO>
                </DISCOVERY>
            </VULN>
        </VULN_LIST>
    </RESPONSE>
</KNOWLEDGE_BASE_VULN_LIST_OUTPUT>

Sample - Vulnerabilities Modified After DateSample - Vulnerabilities Modified After Date

Vulnerabilities modified by the service after August 20, 2024 and that have discovery method "remote and authenticated".

API Request

curl --location 'https://<qualys_base_url>/api/3.0/fo/knowledge_base/vuln/?action=list&last_modified_by_service_after=2024-08-20&discovery_method=RemoteAndAuthenticated' \
--header 'X-Requested-With: curl demo 2' \
--header 'Authorization: Basic cXVheXNfYXMzOnFhdGVtcA=='

XML Response

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE KNOWLEDGE_BASE_VULN_LIST_OUTPUT SYSTEM "https://<qualys_base_url>/api/3.0/fo/knowledge_base/vuln/knowledge_base_vuln_list_output.dtd">
<KNOWLEDGE_BASE_VULN_LIST_OUTPUT>
    <RESPONSE>
        <DATETIME>2024-09-03T11:00:08Z</DATETIME>
        <VULN_LIST>
            <VULN>
                <QID>12681</QID>
                <VULN_TYPE>Vulnerability</VULN_TYPE>
                <SEVERITY_LEVEL>4</SEVERITY_LEVEL>
                <TITLE>
                    <![CDATA[Adobe ColdFusion Information Disclosure Vulnerability (APSA13-03, APSB13-13)]]>
                </TITLE>
                <CATEGORY>CGI</CATEGORY>
                <LAST_SERVICE_MODIFICATION_DATETIME>2024-09-03T00:00:01Z</LAST_SERVICE_MODIFICATION_DATETIME>
                <PUBLISHED_DATETIME>2013-05-14T20:25:21Z</PUBLISHED_DATETIME>
                <CODE_MODIFIED_DATETIME>2013-05-14T20:25:21Z</CODE_MODIFIED_DATETIME>
                <BUGTRAQ_LIST>
                    <BUGTRAQ>
                        <ID>
                            <![CDATA[59773]]>
        <VULN_LIST>
            <VULN>
                        </ID>
                        <URL>
                            <![CDATA[https://url.com]]>
                        </URL>
                    </BUGTRAQ>
                </BUGTRAQ_LIST>
                <PATCHABLE>1</PATCHABLE>
                <PATCH_PUBLISHED_DATE>2013-05-14T00:00:00Z</PATCH_PUBLISHED_DATE>
                <SOFTWARE_LIST>
                    <SOFTWARE>
                        <PRODUCT>
                            <![CDATA[coldfusion]]>
                        </PRODUCT>
                        <VENDOR>
                            <![CDATA[adobe]]>
                        </VENDOR>
                    </SOFTWARE>
                </SOFTWARE_LIST>
                <VENDOR_REFERENCE_LIST>
                    <VENDOR_REFERENCE>
                        <ID>
                            <![CDATA[APSB13-13]]>
                        </ID>
                        <URL>
                            <![CDATA[https://url.com]]>
                        </URL>
                    </VENDOR_REFERENCE>
                </VENDOR_REFERENCE_LIST>
                <CVE_LIST>
                    <CVE>
                        <ID>
                            <![CDATA[CVE-2013-3336]]>
                        </ID>
                        <URL>
                            <![CDATA[url.com]]>
                        </URL>
                    </CVE>
                </CVE_LIST>
                <DIAGNOSIS>
                    <![CDATA[Adobe ColdFusion is an application for developing Web sites.]]>
                </DIAGNOSIS>
                <CONSEQUENCE>
                    <![CDATA[Exploitation allows an unauthorized user to remotely retrieve files stored on the server.]]>
                </CONSEQUENCE>
                <SOLUTION>
                    <![CDATA[The vendor has released a hotfix to patch this vulnerability.<P>
Workaround:<BR>
Restrict public access to the CFIDE/administrator, CFIDE/adminapi and CFIDE/gettingstarted directories.]]>
                </SOLUTION>
                <CORRELATION>
                    <EXPLOITS>
                        <EXPLT_SRC>
                            <SRC_NAME>
                                <![CDATA[coreimpact]]>
                            </SRC_NAME>
                            <EXPLT_LIST>
                                <EXPLT>
                                    <REF>
                                        <![CDATA[CVE-2013-3336]]>
                                    </REF>
                                    <DESC>
                                        <![CDATA[Adobe ColdFusion l10n.cfm Remote Code Execution Exploit]]>
                                    </DESC>
                                    <LINK>
                                        <![CDATA[https://url.com/core-labs/exploits]]>
                                    </LINK>
                                </EXPLT>
                            </EXPLT_LIST>
                        </EXPLT_SRC>
                        <EXPLT_SRC>
                            <SRC_NAME>
                                <![CDATA[nist-nvd2]]>
                            </SRC_NAME>
                            <EXPLT_LIST>
                                <EXPLT>
                                    <REF>
                                        <![CDATA[CVE-2013-3336]]>
                                    </REF>
                                    <DESC>
                                        <![CDATA[Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors.]]>
                                    </DESC>
                                    <LINK>
                                        <![CDATA[https://url.com/exploits/25305]]>
                                    </LINK>
                                </EXPLT>
                            </EXPLT_LIST>
                        </EXPLT_SRC>
                        <EXPLT_SRC>
                            <SRC_NAME>
                                <![CDATA[exploitdb]]>
                            </SRC_NAME>
                            <EXPLT_LIST>
                                <EXPLT>
                                    <REF>
                                        <![CDATA[CVE-2013-3336]]>
                                    </REF>
                                    <DESC>
                                        <![CDATA[ColdFusion 9-10 - Credential Disclosure]]>
                                    </DESC>
                                    <LINK>
                                        <![CDATA[https://url.com/exploits/25305]]>
                                    </LINK>
                                </EXPLT>
                            </EXPLT_LIST>
                        </EXPLT_SRC>
                    </EXPLOITS>
                </CORRELATION>
                <PCI_FLAG>1</PCI_FLAG>
                <THREAT_INTELLIGENCE>
                    <THREAT_INTEL id="12">
                        <![CDATA[Predicted_High_Risk]]>
                    </THREAT_INTEL>
                    <THREAT_INTEL id="14">
                        <![CDATA[Unauthenticated_Exploitation]]>
                    </THREAT_INTEL>
                    <THREAT_INTEL id="15">
                        <![CDATA[Remote_Code_Execution]]>
                    </THREAT_INTEL>
                </THREAT_INTELLIGENCE>
                <DISCOVERY>
                    <REMOTE>1</REMOTE>
                    <AUTH_TYPE_LIST>
                        <AUTH_TYPE>Windows</AUTH_TYPE>
                    </AUTH_TYPE_LIST>
                    <ADDITIONAL_INFO>Patch Available, Exploit Available</ADDITIONAL_INFO>
                </DISCOVERY>
            </VULN>
            <VULN>
                <QID>19088</QID>
                <VULN_TYPE>Vulnerability or Potential Vulnerability</VULN_TYPE>
                <SEVERITY_LEVEL>4</SEVERITY_LEVEL>
                <TITLE>
                    <![CDATA[IBM DB2 Remote Command Server Privilege Escalation Vulnerability]]>
                </TITLE>
                <CATEGORY>Database</CATEGORY>
                <LAST_SERVICE_MODIFICATION_DATETIME>2024-09-03T00:00:01Z</LAST_SERVICE_MODIFICATION_DATETIME>
                <PUBLISHED_DATETIME>2004-04-08T18:23:47Z</PUBLISHED_DATETIME>
                <BUGTRAQ_LIST>
                    <BUGTRAQ>
                        <ID>
                            <![CDATA[9821]]>
                        </ID>
                        <URL>
                            <![CDATA[https://url.com/bid/9821]]>
                        </URL>
                    </BUGTRAQ>
                </BUGTRAQ_LIST>
                <PATCHABLE>1</PATCHABLE>
                <PATCH_PUBLISHED_DATE>2004-02-20T00:00:00Z</PATCH_PUBLISHED_DATE>
                <SOFTWARE_LIST>
                    <SOFTWARE>
                        <PRODUCT>
                            <![CDATA[db2_universal_database]]>
                        </PRODUCT>
                        <VENDOR>
                            <![CDATA[ibm]]>
                        </VENDOR>
                    </SOFTWARE>
                </SOFTWARE_LIST>
                <VENDOR_REFERENCE_LIST>
                    <VENDOR_REFERENCE>
                        <ID>
                            <![CDATA[IY53894]]>
                        </ID>
                        <URL>
                            <![CDATA[https://url.com/support/docview.wss?uid=swg1IY53894]]>
                        </URL>
                    </VENDOR_REFERENCE>
                </VENDOR_REFERENCE_LIST>
                <CVE_LIST>
                    <CVE>
                        <ID>
                            <![CDATA[CVE-2004-0795]]>
                        </ID>
                        <URL>
                            <![CDATA[https://url.com/cgi-bin/cvename.cgi?name=CVE-2004-0795]]>
                        </URL>
                    </CVE>
                </CVE_LIST>
                <DIAGNOSIS>
                    <![CDATA[The database server includes a component called the Remote Command Server to facilitate execution of commands by remote clients.
<P>
IBM DB2 Remote Command Server is prone to a vulnerability that may permit authenticated users to gain administrative access to the underlying database.]]>
                </DIAGNOSIS>
                <CONSEQUENCE>
                    <![CDATA[By exploiting this vulnerability, an attacker may execute arbitrary commands with the escalated privileges of the &quot;db2admin&quot; account. This issue could be exploited by a Windows &quot;Guest&quot; account.]]>
                </CONSEQUENCE>
                <SOLUTION>
                    <![CDATA[Information about this issue is provided in <A HREF="http://www-01.ibm.com/support/docview.wss?uid=swg1IY53894" TARGET="_blank">APAR IY53894</A>. IBM has included a fix for this problem in<A HREF="http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg27007053" TARGET="_blank">DB2 Version 8 FixPak 5</A>. ]]>
                </SOLUTION>
                <CORRELATION>
                    <EXPLOITS>
                        <EXPLT_SRC>
                            <SRC_NAME>
                                <![CDATA[metasploit]]>
                            </SRC_NAME>
                            <EXPLT_LIST>
                                <EXPLT>
                                    <REF>
                                        <![CDATA[CVE-2004-0795]]>
                                    </REF>
                                    <DESC>
                                        <![CDATA[IBM DB2 db2rcmd.exe Command Execution Vulnerability]]>
                                    </DESC>
                                    <LINK>
                                        <![CDATA[https://url.com/rapid7/metasploit-framework/master/modules/auxiliary/admin/db2/db2rcmd.rb]]>
                                    </LINK>
                                </EXPLT>
                            </EXPLT_LIST>
                        </EXPLT_SRC>
                        <EXPLT_SRC>
                            <SRC_NAME>
                                <![CDATA[Metasploit]]>
                            </SRC_NAME>
                            <EXPLT_LIST>
                                <EXPLT>
                                    <REF>
                                        <![CDATA[CVE-2004-0795]]>
                                    </REF>
                                    <DESC>
                                        <![CDATA[IBM DB2 db2rcmd.exe Command Execution Vulnerability - Metasploit Ref : /modules/auxiliary/admin/db2/db2rcmd]]>
                                    </DESC>
                                    <LINK>
                                        <![CDATA[https://url.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/admin/db2/db2rcmd.rb]]>
                                    </LINK>
                                </EXPLT>
                            </EXPLT_LIST>
                        </EXPLT_SRC>
                        <EXPLT_SRC>
                            <SRC_NAME>
                                <![CDATA[packetstorm]]>
                            </SRC_NAME>
                            <EXPLT_LIST>
                                <EXPLT>
                                    <REF>
                                        <![CDATA[CVE-2004-0795]]>
                                    </REF>
                                    <DESC>
                                        <![CDATA[IBM DB2 Db2rcmd.exe Command Execution]]>
                                    </DESC>
                                    <LINK>
                                        <![CDATA[https://url.com/files/180775/IBM-DB2-Db2rcmd.exe-Command-Execution.html]]>
                                    </LINK>
                                </EXPLT>
                            </EXPLT_LIST>
                        </EXPLT_SRC>
                    </EXPLOITS>
                </CORRELATION>
                <PCI_FLAG>1</PCI_FLAG>
                <THREAT_INTELLIGENCE>
                    </THREAT_INTEL>
                    <THREAT_INTEL id="5">
                        <![CDATA[Easy_Exploit]]>
                    </THREAT_INTEL>
                    <THREAT_INTEL id="6">
                        <![CDATA[High_Data_Loss]]>
                    </THREAT_INTEL>
                    <THREAT_INTEL id="7">
                        <![CDATA[Denial_of_Service]]>
                    </THREAT_INTEL>
                    <THREAT_INTEL id="13">
                        <![CDATA[Privilege_Escalation]]>
                    </THREAT_INTEL>
                </THREAT_INTELLIGENCE>
                <DISCOVERY>
                    <REMOTE>1</REMOTE>
                    <AUTH_TYPE_LIST>
                        <AUTH_TYPE>Windows</AUTH_TYPE>
                    </AUTH_TYPE_LIST>
                    <ADDITIONAL_INFO>Patch Available, Exploit Available</ADDITIONAL_INFO>
                </DISCOVERY>
            </VULN>
            </VULN_LIST>
    </RESPONSE>
</KNOWLEDGE_BASE_VULN_LIST_OUTPUT>

DTD UpdateDTD Update

A new DTD for the KnowledgeBase Download API has been added.
<platform API server>api/3.0/fo/knowledge_base/vuln/knowledge_base_vuln_list_output.dtd

DTD output for the KnowledgeBase Download API is as follows:

DTD Output

<!-- QUALYS KNOWLEDGE_BASE_VULN_LIST_OUTPUT DTD -->
<!-- $Revision: TBD $ -->
<!ELEMENT KNOWLEDGE_BASE_VULN_LIST_OUTPUT (REQUEST?,RESPONSE)>

<!ELEMENT REQUEST (DATETIME, USER_LOGIN, RESOURCE, PARAM_LIST?, POST_DATA?)>
<!ELEMENT DATETIME (#PCDATA)>
<!ELEMENT USER_LOGIN (#PCDATA)>
<!ELEMENT RESOURCE (#PCDATA)>
<!ELEMENT PARAM_LIST (PARAM+)>
<!ELEMENT PARAM (KEY, VALUE)>
<!ELEMENT KEY (#PCDATA)>
<!ELEMENT VALUE (#PCDATA)>
<!-- if returned, POST_DATA will be urlencoded -->
<!ELEMENT POST_DATA (#PCDATA)>

<!ELEMENT RESPONSE (DATETIME, (VULN_LIST|ID_SET)?, WARNING?)>
<!-- DATETIME already defined -->
<!ELEMENT VULN_LIST (VULN*)>
<!ELEMENT VULN (QID, VULN_TYPE, SEVERITY_LEVEL, TITLE, CATEGORY?,TECHNOLOGY?, DETECTION_INFO?,
        LAST_CUSTOMIZATION?, LAST_SERVICE_MODIFICATION_DATETIME?, PUBLISHED_DATETIME, CODE_MODIFIED_DATETIME?,
        BUGTRAQ_LIST?, PATCHABLE, PATCH_PUBLISHED_DATE?, SOFTWARE_LIST?, VENDOR_REFERENCE_LIST?, CVE_LIST?,
        DIAGNOSIS?, DIAGNOSIS_COMMENT?, CONSEQUENCE?, CONSEQUENCE_COMMENT?,
        SOLUTION?, SOLUTION_COMMENT?, COMPLIANCE_LIST?, CORRELATION?, CVSS?, CVSS_V3?, PCI_FLAG?, AUTOMATIC_PCI_FAIL?, PCI_REASONS?, THREAT_INTELLIGENCE?, SUPPORTED_MODULES?, DISCOVERY, IS_DISABLED?, CHANGE_LOG_LIST?  )>

<!ELEMENT QID (#PCDATA)>
<!ELEMENT VULN_TYPE (#PCDATA)>
<!ELEMENT SEVERITY_LEVEL (#PCDATA)>
<!ELEMENT TITLE (#PCDATA)>
<!ELEMENT CATEGORY (#PCDATA)>
<!ELEMENT TECHNOLOGY (#PCDATA)>
<!ELEMENT DETECTION_INFO (#PCDATA)>
<!ELEMENT LAST_CUSTOMIZATION (DATETIME, USER_LOGIN?)>
<!-- USER_LOGIN already defined (no USER_LOGIN for OVAL Vulns) -->
<!ELEMENT LAST_SERVICE_MODIFICATION_DATETIME (#PCDATA)>
<!ELEMENT PUBLISHED_DATETIME (#PCDATA)>
<!ELEMENT CODE_MODIFIED_DATETIME (#PCDATA)>
<!ELEMENT BUGTRAQ_LIST (BUGTRAQ+)>
<!ELEMENT BUGTRAQ (ID, URL)>
<!ELEMENT ID (#PCDATA)>
<!ELEMENT URL (#PCDATA)>
<!ELEMENT PATCHABLE (#PCDATA)>
<!ELEMENT PATCH_PUBLISHED_DATE (#PCDATA)>

<!ELEMENT SOFTWARE_LIST (SOFTWARE+)>
<!ELEMENT SOFTWARE (PRODUCT, VENDOR)>
<!ELEMENT PRODUCT (#PCDATA)>
<!ELEMENT VENDOR (#PCDATA)>
<!ELEMENT VENDOR_REFERENCE_LIST (VENDOR_REFERENCE+)>
<!ELEMENT VENDOR_REFERENCE (ID, URL)>
<!ELEMENT CVE_LIST (CVE+)>
<!ELEMENT CVE (ID, URL)>
<!-- ID, URL already defined -->
<!ELEMENT DIAGNOSIS (#PCDATA)>
<!ELEMENT DIAGNOSIS_COMMENT (#PCDATA)>
<!ELEMENT CONSEQUENCE (#PCDATA)>
<!ELEMENT CONSEQUENCE_COMMENT (#PCDATA)>
<!ELEMENT SOLUTION (#PCDATA)>
<!ELEMENT SOLUTION_COMMENT (#PCDATA)>
<!ELEMENT COMPLIANCE_LIST (COMPLIANCE+)>
<!ELEMENT COMPLIANCE (TYPE, SECTION, DESCRIPTION)>
<!ELEMENT TYPE (#PCDATA)>
<!ELEMENT SECTION (#PCDATA)>
<!ELEMENT DESCRIPTION (#PCDATA)>
<!ELEMENT CORRELATION (EXPLOITS?, MALWARE?)>
<!ELEMENT EXPLOITS (EXPLT_SRC+)>
<!ELEMENT EXPLT_SRC (SRC_NAME, EXPLT_LIST)>
<!ELEMENT SRC_NAME (#PCDATA)>
<!ELEMENT EXPLT_LIST (EXPLT+)>
<!ELEMENT EXPLT (REF, DESC, LINK?)>
<!ELEMENT REF (#PCDATA)>
<!ELEMENT DESC (#PCDATA)>
<!ELEMENT LINK (#PCDATA)>
<!ELEMENT MALWARE (MW_SRC+)>
<!ELEMENT MW_SRC (SRC_NAME, MW_LIST)>
<!ELEMENT MW_LIST (MW_INFO+)>
<!ELEMENT MW_INFO (MW_ID, MW_TYPE?, MW_PLATFORM?, MW_ALIAS?, MW_RATING?, MW_LINK?)>
<!ELEMENT MW_ID (#PCDATA)>
<!ELEMENT MW_TYPE (#PCDATA)>
<!ELEMENT MW_PLATFORM (#PCDATA)>
<!ELEMENT MW_ALIAS (#PCDATA)>
<!ELEMENT MW_RATING (#PCDATA)>
<!ELEMENT MW_LINK (#PCDATA)>
<!ELEMENT CVSS (BASE?, TEMPORAL?, VECTOR_STRING?, ACCESS?, IMPACT?, AUTHENTICATION?,
        EXPLOITABILITY?, REMEDIATION_LEVEL?, REPORT_CONFIDENCE?)>
<!ELEMENT BASE (#PCDATA)>
<!ATTLIST BASE source CDATA #IMPLIED>
<!ELEMENT TEMPORAL (#PCDATA)>
<!ELEMENT VECTOR_STRING (#PCDATA)>
<!ELEMENT CVSS3_VERSION (#PCDATA)>
<!ELEMENT ACCESS (VECTOR?, COMPLEXITY?)>
<!ELEMENT VECTOR (#PCDATA)>
<!ELEMENT COMPLEXITY (#PCDATA)>
<!ELEMENT IMPACT (CONFIDENTIALITY?, INTEGRITY?, AVAILABILITY?)>
<!ELEMENT CONFIDENTIALITY (#PCDATA)>
<!ELEMENT INTEGRITY (#PCDATA)>
<!ELEMENT AVAILABILITY (#PCDATA)>
<!ELEMENT AUTHENTICATION (#PCDATA)>
<!ELEMENT EXPLOITABILITY (#PCDATA)>
<!ELEMENT REMEDIATION_LEVEL (#PCDATA)>
<!ELEMENT REPORT_CONFIDENCE (#PCDATA)>
<!ELEMENT CVSS_V3 (BASE?, TEMPORAL?, VECTOR_STRING?, CVSS3_VERSION?, ATTACK?, IMPACT?, PRIVILEGES_REQUIRED?, USER_INTERACTION?, SCOPE?,
        EXPLOIT_CODE_MATURITY?, REMEDIATION_LEVEL?, REPORT_CONFIDENCE?)>
<!ELEMENT ATTACK (VECTOR?, COMPLEXITY?)>
<!ELEMENT PRIVILEGES_REQUIRED (#PCDATA)>
<!ELEMENT USER_INTERACTION (#PCDATA)>
<!ELEMENT SCOPE (#PCDATA)>
<!ELEMENT EXPLOIT_CODE_MATURITY (#PCDATA)>

<!ELEMENT PCI_FLAG (#PCDATA)>
<!ELEMENT AUTOMATIC_PCI_FAIL (#PCDATA)>
<!ELEMENT PCI_REASONS (PCI_REASON+)>
<!ELEMENT PCI_REASON (#PCDATA)>
<!ELEMENT THREAT_INTELLIGENCE (THREAT_INTEL+)>
<!ELEMENT THREAT_INTEL (#PCDATA)>
<!ATTLIST THREAT_INTEL
        id CDATA #REQUIRED>
<!ELEMENT SUPPORTED_MODULES (#PCDATA)>

<!ELEMENT DISCOVERY (REMOTE, AUTH_TYPE_LIST?, ADDITIONAL_INFO?)>
<!ELEMENT REMOTE (#PCDATA)>
<!ELEMENT AUTH_TYPE_LIST (AUTH_TYPE+)>
<!ELEMENT AUTH_TYPE (#PCDATA)>
<!ELEMENT ADDITIONAL_INFO (#PCDATA)>
<!ELEMENT IS_DISABLED (#PCDATA)>
<!ELEMENT CHANGE_LOG_LIST (CHANGE_LOG_INFO+)>
<!ELEMENT CHANGE_LOG_INFO (CHANGE_DATE, COMMENTS)>
<!ELEMENT CHANGE_DATE (#PCDATA)>
<!ELEMENT COMMENTS (#PCDATA)>

<!ELEMENT ID_SET ((ID|ID_RANGE)+)>
<!-- ID already defined -->
<!ELEMENT ID_RANGE (#PCDATA)>

<!ELEMENT WARNING (CODE?, TEXT, URL?)>
<!ELEMENT CODE (#PCDATA)>
<!ELEMENT TEXT (#PCDATA)>
<!-- URL already defined -->
<!-- EOF -->

Host Detection List API: Enhanced ARF Filter Conditions

New or Updated API Updated
API Endpoint
(Deprecation Timeline-
March 2025)
api/2.0/fo/asset/host/vm/detection/
API Endpoint
(New Version)
api/3.0/fo/asset/host/vm/detection/
Method POST
DTD or XSD changes No

In version 2.0, you need to enter 0|1|2|3|4 values to filter out QIDs. With version 3.0, you can use 0|1|2|3|4 values, or the newly introduced input parameters namely, arf_filter_keys and show_arf_data. The arf_filter_keys parameter displays the respective vulnerable QIDs for the categories= "non-running-kernel, non-running-service, and config-not-exploitable. The show_arf_data parameter displays the tags to ARF affected QID's.

With this release, we implemented an enhanced version of the ARF filter conditions within the Host Detection List. The new design simplifies the filtering process by mapping above ARF filters with non-running kernels, non-running service, exploitable due to configuration from report templates to API. This enhancement reduces the complexity of the ARF filter configuration, improves usability for enterprise customers, and streamlines the filtering process.

Input ParameterInput Parameter

The following two new input parameters have been added:

Parameter Name Description

arf_filter_keys = {value}

(Optional) The arf_filter_keys parameter accepts one of these values - non-running-kernel, non-running-service, and config-not-exploitable.
You can apply these values independently or in any combination to refine their filter criteria. For instance, you can use non-running-kernel and non-running-service values together.

show_arf_data = {integer}

(Optional) The show_arf_data parameter displays the ARF-affected QIDs, with the value as (1/0). If user passes value as 0, it does not show the ARF filter output data in the output, and if the user passes value as 1, it shows the ARF filter output data in the output.

For reference of existing input parameters, refer to the Host Detection List API, in the API User Guide.

You can use either API version 2.0 or 3.0. We recommend using the new version 3.0 as it is a simplified version of the Host Detection List API. However, ensure to use one version, as combining both, V2.0 and V3.0 ARF Input parameters is not supported.

Sample - VM Detection APISample - VM Detection API

API Request

curl --location '<qualys_base_url>/api/3.0/fo/asset/host/vm/detection/?action=list&show_arf_data=1&arf_filter_keys=config-not- exploitable&truncation_limit=10' \ --header 'X-Requested-With: POSTMAN' \

XML Response

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE HOST_LIST_VM_DETECTION_OUTPUT SYSTEM
"<qualys_base_url>/api/3.0/fo/asset/host/vm/detection/dtd/output.dtd>"
    <HOST_LIST_VM_DETECTION_OUTPUT>
        <RESPONSE>
            <DATETIME>2024-08-26T11:52:53Z</DATETIME>
            <HOST_LIST>
                <HOST>
                    <ID>2454304</ID>
                    <IP>11.111.22.44</IP>
                    <TRACKING_METHOD>IP</TRACKING_METHOD>
                    <NETWORK_ID>952199</NETWORK_ID>
                    <LAST_SCAN_DATETIME>2022-08-14T18:56:13Z
                    </LAST_SCAN_DATETIME>
                    <LAST_VM_SCANNED_DATE>2022-08-14T18:40:15Z 
                    </LAST_VM_SCANNED_DATE>
                    <LAST_VM_SCANNED_DURATION>447</LAST_VM_ 
                    SCANNED_DURATION>
                    <DETECTION_LIST>
                          <DETECTION>
                             <UNIQUE_VULN_ID>35787259</UNIQUE_VULN_ID>
                             <QID>316406</QID>
                             <TYPE>Potential</TYPE>
                             <SEVERITY>3</SEVERITY>
                             <SSL>0</SSL>
                             <RESULTS>
                             <![CDATA[Package Installed Version  
                             Required Version
                             firefox 31.3.0-3.el6.centos.x86_64 38.0-4.el6. 
                             centos]]>
                             </RESULTS>
                             <STATUS>New</STATUS>
                             <FIRST_FOUND_DATETIME>2022-03-22T06:54:47Z 
                             </FIRST_FOUND_DATETIME>
                             <LAST_FOUND_DATETIME>2022-03-22T06:54:47Z 
                             </LAST_FOUND_DATETIME>
                             <TIMES_FOUND>1</TIMES_FOUND>
                             <LAST_TEST_DATETIME>2022-03-22T06:54:47Z 
                             </LAST_TEST_DATETIME>
                             <LAST_UPDATE_DATETIME>2022-03-22T07:14:30Z 
                             </LAST_UPDATE_DATETIME>
                             <IS_IGNORED>0</IS_IGNORED>
                             <IS_DISABLED>0</IS_DISABLED>
                             <AFFECT_EXPLOITABLE_CONFIG>0 
                             </AFFECT_EXPLOITABLE_CONFIG>
                             <LAST_PROCESSED_DATETIME>2022-
                             0322T07:14:30Z</LAST_PROCESSED_DATETIME>
                          </DETECTION>
                    </DETECTION_LIST>
                </HOST>
            </HOST_LIST>
        </RESPONSE>
    </HOST_LIST_VM_DETECTION_OUTPUT>

New API: Change Qualys Login Password

New or Updated API New
API Endpoint  api/2.0/fo/user/change_password/
Method POST
DTD or XSD changes No

With this release, we have introduced new API end point for the password change. The introduction of this API simplifies password management by enabling users to update their existing passwords to a new one of their choice. This enhancement strengthens security practices, and offers a more seamless user experience by integrating password management directly into existing workflows.

Input parametersInput parameters

The following new input parameters have been added:

Request Data Description

newPassword

The new password for the user
(formatted as JSON)

Sample - Change PasswordSample - Change Password

API Request

curl --location 
'<qualys_base_url>/api/2.0/fo/user/change_password/index.php' \
--header 'X-Requested-With: test' \
--header 'Content-Type: application/json' \
--data '{
    "newPassword": "password"
}'

XML Response

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM 
"<qualys_base_url>/api/2.0/simple_return.dtd>"
    <SIMPLE_RETURN>
        <RESPONSE>
            <DATETIME>2024-08-23T05:18:08Z</DATETIME>
            <TEXT>Password changed successfully</TEXT>
        </RESPONSE>
    </SIMPLE_RETURN>

Qualys Policy Compliance (PC)

Launch Report API: CSV Report Format Enhancement for Policy Report

New or Updated API Updated
API Endpoint  /api/2.0/fo/report/
Method POST
DTD or XSD changes Not Applicable

There is no change in the input parameters of the API. Only the CSV report format has been enhanced.

The CSV format of the Policy report has been enhanced to include a new section called "Possible reason for empty report" under RESULTS. This section displays the reason for an empty report, along with the corresponding reason code. Knowing the reason helps you to identify and address any issues from your end. Depending on the type of problem causing no data in the report, this section will display different reasons and their corresponding reason codes:

Reason Code Reason
R001 No HostIDs resolved.
R002 No HostIDs matching with policy technology.
R003 No posture data available.
R004 Template setting may not be configured properly. Please verify the template setting.

There is no change in the input parameters of the API. Only the CSV report format has been enhanced.

The following image illustrates the empty report displaying the reason and reason code:

Empty CSV report.

Sample - Download Policy Report in CSV FormatSample - Download Policy Report in CSV Format

API Request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl" -d
"https://<qualys_base_url>/api/2.0/fo/report/?action=fetch&id=123456"

CSV Response

"api_pcrs_call","09/02/2024 at 13:18:00 (GMT+0530)"
"test","add1","add2","Pune","None","Iceland","222"
"M N","test_mn4","Manager"
"SUMMARY"
"Policy Id","Policy Title","Policy Locking","Policy Modified","Policy Last Evaluated","Asset Groups","IPs","Asset Tags","PC Agent IPs","Technologies","Controls","Assets","Control Instances","Passed","Failures","Error","Approved Exceptions","Pending Exceptions"
"5655289","Asset Tag Only","Unlocked","04/17/2024 at 12:10:04 (GMT+0530)","04/17/2024 at 12:10:45 (GMT+0530)","","","","No","CentOS 7.x,CentOS 8.x","1","0","0","0(0%)","0(0%)","0","0","0"
Control Statistics (Percentage of Hosts Passed per Control)
"Order","Control ID","Deprecated","Statement","Criticality Label","Criticality Value","Percentage"
"1.1","8327","0","Status of the 'world-writable' files on the host","CRITICAL","4","N/A"
Host Statistics (Percentage of Controls Passed per Host)
"IP Address","Tracking Method","DNS Name","Netbios Name","Operating System","Last Scan Date","Percentage","Qualys Host ID","Host ID"
ASSET TAGS
RESULTS
"Host IP","DNS Hostname","NetBIOS Hostname","Tracking Method","Operating System","OS CPE","NETWORK","Last Scan Date","Evaluation Date","Control ID","Technology","Control","Criticality Label","Criticality Value","Instance","Rationale","Status","Remediation","Deprecated","Evidence","Exception Assignee","Exception Status","Exception End Date","Exception Creator","Exception Created Date","Exception Modifier","Exception Modified Date","Exception Comments History","Cause of Failure","Qualys Host ID","Previous Status","First Fail Date","Last Fail Date","First Pass Date","Last Pass Date","Control Comments"
Possible reason for empty report
R001 - No HostIDs resolved.

Get Posture Information API

New or Updated API Updated
API Endpoint (Deprecation timeline - March 2025) /pcrs/1.0/posture/postureInfo
API Endpoints (New Version)  /pcrs/2.0/posture/postureInfo
/pcrs/2.0/posture/postureInfo/userdefinedfield
Method POST/GET
DTD or XSD changes Not applicable

This API has been enhanced for the following:

  • Show in the API response the status of the controls on a host as passed when an exception has been created and approved. The controls on which the exception has been approved are displayed as Passed*.

    Exception is a way to temporarily change the status of a control on a host from Failed to PassedE (passed with an exception). To learn about what is exceptions refer to Exceptions- The Basics

 There is no change in the API input parameters. The API response has been enhanced to show the control status as passed.

Sample - Retrieve Compliance Posture Information along with Control Status Sample - Retrieve Compliance Posture Information along with Control Status 

API Request

curl --location 'https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?compressionRequired=0' \
--header 'accept: */*' \
--header 'Authorization: Bearer <Auth Token>' \
--header 'Content-Type: application/json' \
--data '[
    {
        "policyId": "5657103",
        "subscriptionId": "4417720",
        "hostIds": [
            "13372203"
        ]
    }
]' 

Json Response

{
        "id": 29483648,
        "instance": "os",
        "policyId": 5657103,
        "policyTitle": "LinuxAllAssetScan_withAssetTag",
        "netBios": null,
        "controlId": 100000,
        "controlStatement": "File_content_check_udc-2",
        "rationale": "rationale",
        "remediation": null,
        "category": "Access Control Requirements",
        "subCategory": "Authentication/Passwords",
        "controlReference": null,
        "technologyId": 43,
        "status": "Passed*",
        "previousStatus": "Error",
        "firstFailDate": "",
        "lastFailDate": "",
        "firstPassDate": "",
        "lastPassDate": "",
        "postureModifiedDate": "2024-07-10T15:10:32Z",
        "lastEvaluatedDate": "2024-08-25T17:36:31Z",
        "created": "2024-08-29T10:58:49Z",
        "hostId": 13372203,
        "ip": "10.20.31.36",
        "trackingMethod": "IP",
        "os": null,
        "osCpe": null,
        "domainName": null,
        "dns": null,
        "qgHostid": null,
        "networkId": 0,
        "networkName": "Global Default Network",
        "complianceLastScanDate": "2024-06-10T17:08:52Z",
        "customerUuid": "872f6779-71cc-c748-8045-7dfa12015834",
        "customerId": "2727621",
        "assetId": 54149619,
        "technology":
{             "id": 43,             "name": "CentOS 6.x"         }
,
        "criticality":
{             "label": "MEDIUM",             "value": 2         }
,
        "evidence": null,
        "causeOfFailure": null,
        "userDefinedAttributesList": null,
        "currentDataSizeKB": "1.14",
        "totalDataSizeKB": "1.14",
        "currentBatch": 1,
        "totalBatches": 1,
        "CLOUD_RESOURCE_ID": null
    }
  • Added two new fields in the API response to display control category and sub-category.
    • category -Displays control category set on a particular control.
    • SubCategory - Displays control Subcategory set on a particular control.

 There is no change in the API input parameters. The API response has been enhanced to display the control category and sub-category.

Sample -  Retrieve Compliance Posture Information along with Control Category and Sub CategorySample -  Retrieve Compliance Posture Information along with Control Category and Sub Category

API Request

curl --location 
'<qualys_base_url>/pcrs/2.0/posture/postureInfo?evidenceRequired=1&compre
ssionRequired=0' \
--header 'accept: */*' \
--header 'Authorization: Bearer <Auth Token>' \
--header 'Content-Type: application/json' \
--data '[
 {
 "policyId": "5657103",
 "subscriptionId": "4417720",
 "hostIds": [
 "13372203"
 ]
 }
]' 

Json Response

{
        "id": 29347056,
        "instance": "os",
        "policyId": 5657103,
        "policyTitle": "LinuxAllAssetScan_withAssetTag",
        "netBios": null,
        "controlId": 100000,
        "controlStatement": "File_content_check_udc-2",
        "rationale": "rationale",
        "remediation": null,
        "category": "Access Control Requirements",
        "subCategory": "Authentication/Passwords",
        "controlReference": null,
        "technologyId": 43,
        "status": "Error",
        "previousStatus": "Error",
        "firstFailDate": "",
        "lastFailDate": "",
        "firstPassDate": "",
        "lastPassDate": "",
        "postureModifiedDate": "2024-05-21T17:48:39Z",
        "lastEvaluatedDate": "2024-05-21T17:48:39Z",
        "created": "2024-06-10T16:54:18Z",
        "hostId": 13372203,
        "ip": "10.20.31.36",
        "trackingMethod": "IP",
        "os": null,
        "osCpe": null,
        "domainName": null,
        "dns": null,
        "qgHostid": null,
        "networkId": 0,
        "networkName": "Global Default Network",
        "complianceLastScanDate": "2024-05-17T12:25:44Z",
        "customerUuid": "872f6779-71cc-c748-8045-7dfa12015834",
        "customerId": "2727621",
        "assetId": 54149619,
        "technology":
{             "id": 43,             "name": "CentOS 6.x"         }
,
        "criticality":
{             "label": "MEDIUM",             "value": 2         }
,
        "evidence":
{             "expectedValues": "\ncontains regular expression list\ntest",             "currentValues": [                 "Error Code 2:grep: /home/test/file.txt: No such file or directory"             ],             "actualValues": null,             "directoryFimUdc": null,             "lastUpdated": "2024-05-17T12:25:44Z",             "extendedEvidence": null         }
,
        "causeOfFailure": null,
        "userDefinedAttributesList": null,
        "currentDataSizeKB": "1.38",
        "totalDataSizeKB": "1.38",
        "currentBatch": 1,
        "totalBatches": 1,
        "CLOUD_RESOURCE_ID": null
    }

Added a new API endpoint(/pcrs/2.0/posture/postureInfo/userdefinedfield) to view user-defined host attributes and their values while retrieving the compliance posture information in the API response.

Input ParametersInput Parameters

The following new parameters are added:

Parameter Description
evidenceRequired={0|
1}
(Optional) Default value is 0, which indicates that evidence 
data will not be retrieved for the host posture. If you want 
evidence data to be retrieved, change the value to 1.
Note: Changing the value to 1 will increase the time
required to fetch posture data. 
compressionRequire
d={0|1
 (Optional) Default value is 1, which indicates that the output 
will be compressed.If you do not want the data to be 
compressed, change the value to 0.
Note: Not compressing the data will increase the time
required to fetch posture data

Sample- Retrieve Compliance Posture Information along with User Defined Host  Attributes and its ValuesSample- Retrieve Compliance Posture Information along with User Defined Host  Attributes and its Values

API Request

 curl --location 
'https://<qualys_base_url>/pcrs/2.0/posture/postureInfo/userdefinedfield?
evidenceRequired=1&compressionRequired=0' \
--header 'accept: */*' \
--header 'Authorization: Bearer e<Auth Token>' \
--header 'Content-Type: application/json' \
--data '[
 {
 "policyId": "<Policy_ID>",
 "subscriptionId": "<Subscription_id>",
 "hostIds": [
 "<host_id>"
 ]
 }
]'

Json Response

{
  "id": 29347081,
  "instance": "os",
  "policyId": 5657103,
  "policyTitle": "LinuxAllAssetScan_withAssetTag",
  "netBios": null,
  "controlId": 1091,
  "controlStatement": "Status of the number of days before a [Prompt user] password expiration warning prompt is displayed at login",
  "rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting the 'expiration warning date' requirement.  This establishes the number of days before the host will begin to display 'password expiration warning' messages upon login.  Without having a pre-expiration warning message, it is more likely that users will not prepare for this event, which may contribute to the selection of hard-to-remember or easily broken password sequences, which circumvents the intent of having rules for password complexity enforced.  This may cause some users to forget or write down their new password, which can lead either to a system compromise or increased calls to Help Desk resources.",
  "remediation": "# Edit file '/etc/login.defs' to configure 'PASS_WARN_AGE' setting according to the business needs and organization's security policies.\nPASS_WARN_AGE <number>\n\n# Example\nPASS_WARN_AGE 7",
  "category": "Access Control Requirements",
  "subCategory": "Authentication/Passwords",
  "controlReference": null,
  "technologyId": 80,
  "status": "Passed",
  "previousStatus": "Passed",
  "firstFailDate": "",
  "lastFailDate": "",
  "firstPassDate": "2024-05-21T17:48:40Z",
  "lastPassDate": "2024-05-21T17:48:40Z",
  "postureModifiedDate": "2024-05-21T17:48:39Z",
  "lastEvaluatedDate": "2024-05-21T17:48:39Z",
  "created": "2024-06-11T06:58:22Z",
  "hostId": 13372204,
  "ip": "10.11.70.54",
  "trackingMethod": "IP",
  "os": null,
  "osCpe": null,
  "domainName": null,
  "dns": null,
  "qgHostid": null,
  "networkId": 0,
  "networkName": "Global Default Network",
  "complianceLastScanDate": "2024-06-10T17:08:52Z",
  "customerUuid": "872f6779-71cc-c748-8045-7dfa12015834",
  "customerId": "2727621",
  "assetId": 54149223,
  "technology": {
    "id": 80,
    "name": "CentOS 7.x"
  },
  "criticality": {
    "label": "SERIOUS",
    "value": 3
  },
  "evidence": {
    "expectedValues": "\nSetting not found\n------------ OR ------------\nFile not found\n------------ OR ------------\ngreater than or equal to\n0",
    "currentValues": [
      "7"
    ],
    "actualValues": null,
    "directoryFimUdc": null,
    "lastUpdated": "2024-06-10T17:08:52Z",
    "extendedEvidence": "Row 1:File name,Setting,Value\nRow 2:/etc/login.defs,PASS_WARN_AGE,7\n"
  },
  "causeOfFailure": null,
  "userDefinedAttributesList": [
    {
      "position": 1,
      "key": "LocationAttribute",
      "value": "Pune"
    },
    {
      "position": 2,
      "key": "FunctionAttribute",
      "value": "Compliance"
    },
    {
      "position": 3,
      "key": "AssetTagAttribute",
      "value": "PuneAsseTag"
    }
  ],
  "currentDataSizeKB": "2.66",
  "totalDataSizeKB": "61.06",
  "currentBatch": 1,
  "totalBatches": 1,
  "CLOUD_RESOURCE_ID": null
}

Sybase Record API: SSL Verification Enabled for Sybase Authentication Record

New or Updated API Updated
API Endpoint
(Deprecation Timeline-
March 2025)
/api/2.0/fo/auth/sybase/
API Endpoint
(New Version)
/api/3.0/fo/auth/sybase/
Method GET and POST
DTD or XSD changes Yes

With this release, we have added the SSL verification feature to the Sybase Authentication Record. This allows you to scan and authenticate your Sybase Databases using SSL verification in the Policy Compliance module.

Input ParameterInput Parameter

The following new parameters are added:

Parameter Description
ssl_verify {1|0} (Optional) SSL verification. 
1 - If set to 1, verify if the certificate of the server is valid and that it can be trusted.
0 - If set to 0, no verification is required for the server certificate validation.
hosts = {value} A list of FQDNs for all host IP addresses on which a custom SSL certificate signed by a trusted root CA is installed.

Sample - Create Authentication RecordsSample - Create Authentication Records

API Request

curl -s -S -H 'X-Requested-With:curl demo2' -u 
"johnd:yyyy@123" -d "action=create&title=sybase_auth_api&username=
jon&password=passw@123&database=db&port=67&ips=1.1.1.1&ssl_verify=
1&hosts=abc.com,qa&installation_dir=/opt" "https://<qualys_base_url>/api/3.0/fo/auth/sybase/"

XML Response

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "https://<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
    <RESPONSE>
        <DATETIME>2024-08-09T06:53:53Z</DATETIME>
        <BATCH_LIST>
            <BATCH>
                <TEXT>Successfully Created</TEXT>
                <ID_SET>
                    <ID>5555555</ID>
                </ID_SET>
            </BATCH>
        </BATCH_LIST>
    </RESPONSE>
</BATCH_RETURN>

Sample - Update Authentication RecordsSample - Update Authentication Records

API Request

curl -s -S -H 'X-Requested-With:curl demo2' -u 
"johnd:yyyy@123" - d"action=update&title=sybase_auth_apiupdate&
username=abcupdate&password=123m&database=dbupdate
&port=677&ids=5256516&ssl_verify=1&hosts=abc.com" "https://<qualys_base_url>/api/3.0/fo/auth/sybase/" >

XML Response

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "https://<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
    <RESPONSE>
        <DATETIME>2024-08-05T06:13:55Z</DATETIME>
        <BATCH_LIST>
            <BATCH>
                <TEXT>Successfully Updated</TEXT>
                <ID_SET>
                    <ID>5555555</ID>
                </ID_SET>
            </BATCH>
        </BATCH_LIST>
    </RESPONSE>
</BATCH_RETURN>

Sample - Delete Authentication RecordsSample - Delete Authentication Records

API Request

curl -s -S -H 'X-Requested-With:curl demo2' -u "johnd:yyyy@123" -d "action=delete&ids=5555555" "https://<qualys_base_url>/api/3.0/fo/auth/sybase/"

XML Response

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "https://<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
    <RESPONSE>
        <DATETIME>2024-08-05T06:37:28Z</DATETIME>
        <BATCH_LIST>
            <BATCH>
                <TEXT>Successfully Deleted</TEXT>
                <ID_SET>
                    <ID>5555555</ID>
                </ID_SET>
            </BATCH>
        </BATCH_LIST>
    </RESPONSE>
</BATCH_RETURN>

Sample - List Authentication RecordsSample - List Authentication Records

API Request

curl -s -S -H 'X-Requested-With:curl demo2' -u "yyy_web:Yyyyyy123#" -d "action=list&ids=5555555" "https://<qualys_base_url>/api/3.0/fo/auth/sybase/" > sybase_list.txt

XML Response

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_SYBASE_LIST_OUTPUT SYSTEM "https://<qualys_base_url>/api/3.0/fo/auth/sybase/auth_sybase_list_output.dtd">
<AUTH_SYBASE_LIST_OUTPUT>
    <RESPONSE>
        <DATETIME>2024-08-09T06:58:23Z</DATETIME>
        <AUTH_SYBASE_LIST>
            <AUTH_SYBASE>
                <ID>5555555</ID>
                <TITLE>
                    <![CDATA[sybase_auth_apiup]]>
                </TITLE>
                <USERNAME>
                    <![CDATA[abcup]]>
                </USERNAME>
                <DATABASE>
                    <![CDATA[dbup]]>
                </DATABASE>
                <PORT>67</PORT>
                <INSTALLATION_DIR>
                    <![CDATA[/opt/update]]>
                </INSTALLATION_DIR>
                <SSL_VERIFY>true</SSL_VERIFY>
                <HOSTS>
                    <HOST>
                        <![CDATA[agavaa]]>
                    </HOST>
                </HOSTS>
                <IP_SET>
                    <IP>1.1.1.1</IP>
                </IP_SET>
                <CREATED>
                    <DATETIME>2024-08-09T06:53:53Z</DATETIME>
                    <BY>vsh_sm</BY>
                </CREATED>
                <LAST_MODIFIED>
                    <DATETIME>2024-08-09T06:56:43Z</DATETIME>
                </LAST_MODIFIED>
            </AUTH_SYBASE>
        </AUTH_SYBASE_LIST>
    </RESPONSE>
</AUTH_SYBASE_LIST_OUTPUT>

DTD UpdateDTD Update

A new DTD for the Sybase Authentication record has been added.
<platform API server>/api/3.0/fo/auth/sybase/auth_sybase_list_output.dtd

DTD output for Sybase Authentication record is as follows:

DTD Output for Sybase Authentication record

<!-- QUALYS AUTH_SYBASE_LIST_OUTPUT DTD -->
<!ELEMENT AUTH_SYBASE_LIST_OUTPUT (REQUEST?, RESPONSE)>
<!ELEMENT REQUEST (DATETIME, USER_LOGIN, RESOURCE, PARAM_LIST?, POST_DATA?)>
<!ELEMENT DATETIME (#PCDATA)>
<!ELEMENT USER_LOGIN (#PCDATA)>
<!ELEMENT RESOURCE (#PCDATA)>
<!ELEMENT PARAM_LIST (PARAM+)>
<!ELEMENT PARAM (KEY, VALUE)>
<!ELEMENT KEY (#PCDATA)>
<!ELEMENT VALUE (#PCDATA)>
<!-- if returned, POST_DATA will be urlencoded -->
<!ELEMENT POST_DATA (#PCDATA)>
<!ELEMENT RESPONSE (DATETIME, (AUTH_SYBASE_LIST|ID_SET)?, WARNING_LIST?, GLOSSARY?)>
<!ELEMENT AUTH_SYBASE_LIST (AUTH_SYBASE+)>
<!ELEMENT AUTH_SYBASE (ID, TITLE, USERNAME, (DATABASE | AUTO_DISCOVER_DATABASES), PORT, INSTALLATION_DIR?, SSL_VERIFY?, HOSTS?, PASSWORD_ENCRYPTION?, IP_SET?, LOGIN_TYPE?, DIGITAL_VAULT?, NETWORK_ID?, CREATED, LAST_MODIFIED, COMMENTS?)>
<!ELEMENT ID (#PCDATA)>
<!ELEMENT TITLE (#PCDATA)>
<!ELEMENT USERNAME (#PCDATA)>
<!ELEMENT DATABASE (#PCDATA)>
<!ELEMENT PORT (#PCDATA)>
<!ELEMENT SSL_VERIFY (#PCDATA)>
<!ELEMENT HOSTS (HOST+)>
<!ELEMENT HOST (#PCDATA)>
<!ELEMENT INSTALLATION_DIR (#PCDATA)>
<!ELEMENT IP_SET (IP|IP_RANGE)+>
<!ELEMENT IP (#PCDATA)>
<!ELEMENT IP_RANGE (#PCDATA)>
<!ELEMENT LOGIN_TYPE (#PCDATA)>
<!ELEMENT DIGITAL_VAULT (DIGITAL_VAULT_ID, DIGITAL_VAULT_TYPE, DIGITAL_VAULT_TITLE, VAULT_USERNAME?, VAULT_FOLDER?, VAULT_FILE?, VAULT_SECRET_NAME?, VAULT_SYSTEM_NAME?, VAULT_RESOURCE_ID?, VAULT_NS_TYPE?, VAULT_NS_NAME?, VAULT_SECRET_KV_PATH?, VAULT_SECRET_KV_NAME?, VAULT_SECRET_KV_KEY?, VAULT_SERVICE_TYPE?)>
<!ELEMENT DIGITAL_VAULT_ID (#PCDATA)>
<!ELEMENT DIGITAL_VAULT_TYPE (#PCDATA)>
<!ELEMENT DIGITAL_VAULT_TITLE (#PCDATA)>
<!ELEMENT VAULT_USERNAME (#PCDATA)>
<!ELEMENT VAULT_FOLDER (#PCDATA)>
<!ELEMENT VAULT_FILE (#PCDATA)>
<!ELEMENT VAULT_SECRET_NAME (#PCDATA)>
<!ELEMENT VAULT_SYSTEM_NAME (#PCDATA)>
<!ELEMENT VAULT_RESOURCE_ID (#PCDATA)>
<!ELEMENT VAULT_NS_TYPE (#PCDATA)>
<!ELEMENT VAULT_NS_NAME (#PCDATA)>
<!ELEMENT VAULT_SECRET_KV_PATH (#PCDATA)>
<!ELEMENT VAULT_SECRET_KV_NAME (#PCDATA)>
<!ELEMENT VAULT_SECRET_KV_KEY (#PCDATA)>
<!ELEMENT VAULT_SERVICE_TYPE (#PCDATA)>
<!ELEMENT NETWORK_ID (#PCDATA)>
<!ELEMENT CREATED (DATETIME, BY)>
<!ELEMENT BY (#PCDATA)>
<!ELEMENT LAST_MODIFIED (DATETIME)>
<!ELEMENT COMMENTS (#PCDATA)>
<!ELEMENT WARNING_LIST (WARNING+)>
<!ELEMENT WARNING (CODE?, TEXT, URL?, ID_SET?)>
<!ELEMENT CODE (#PCDATA)>
<!ELEMENT TEXT (#PCDATA)>
<!ELEMENT URL (#PCDATA)>
<!ELEMENT ID_SET (ID|ID_RANGE)+>
<!ELEMENT ID_RANGE (#PCDATA)>
<!ELEMENT GLOSSARY (USER_LIST?)>
<!ELEMENT USER_LIST (USER+)>
<!ELEMENT USER (USER_LOGIN, FIRST_NAME, LAST_NAME)>
<!ELEMENT FIRST_NAME (#PCDATA)>
<!ELEMENT LAST_NAME (#PCDATA)>
<!ELEMENT PASSWORD_ENCRYPTION (#PCDATA)>
<!ELEMENT AUTO_DISCOVER_DATABASES (#PCDATA)>
<!-- EOF -->

New DataStax Database Authentication Record

New or Updated API Updated
API Endpoint
(Deprecation Timeline-
March 2025)
/api/2.0/fo/auth/
API Endpoint
(New Version)
/api/3.0/fo/auth/
Method GET 
DTD or XSD changes Yes
New or Updated AP New
API Endpoint /api/2.0/fo/auth/datastax/
Method POST
DTD or XSD changes Yes

DataStax (5.x/6.x) authentication is now supported for only compliance scans. The new DataStax  API (/api/2.0/fo/auth/datastax) lets you list, create, update, and delete DataStax authentication records. User permissions for this API are the same as other authentication record APIs. Note that the API supports only Database authentication. 

Both basic and vault based authentication are supported. Vault based authentication is supported for the following vaults:

  • CyberArk AIM
  • Thycotic Secret Server
  • HashiCorp
  • Azure Key

Input ParameterInput Parameter

The following new parameters are added:

Parameter Description
action={action} Specify any one of the following:
create, update, list, delete.
title={value}  (Required to create a record) A title for the record.
Optional to update record.
ips={value}

(Required) Optional to update record. IPs to be added to your DataStax record.
You may enter a combination of IPs and IP ranges to identify compliance hosts. Multiple entries are comma separated.

Overwrites (replaces) the IP list for
the authentication record. The IPs you specify are added and any existing IPs are removed

username={value} Optional) The username to be used for authentication to DataStax.
password={value} (Optional) The password to be used for authentication to DataStax. 
login_type={basic|vault} (Required) The login type is basic by default. You can choose vault (for vault based authentication). Set to vault if a third party vault is used to retrieve the password. 
Note: For vault based authentication, vault parameters need to be provided in the record
vault_id={value}  (Required if login_type=vault) The ID of the vault to be used to retrieve the password for login. 
vault_type={value}  (Required if login_type=vault) The third party vault to be used to retrieve the password for login. Certain vaults support this capability. See Vault Support matrix in the API user guide. 
port={value} (Optional) The port number that the DataStax database instance is running on.
ssl_verify_with_host={0|1} (Optional) SSL verification. Set to 1 if you want to verify the server’s certificate is valid and trusted.
hosts={value} (Required if ssl_verify_with_host=1) A list of FQDNs for all host IP addresses on which a custom SSL certificate signed by a trusted root CA is installed. 
require_cert={0|1}  (Optional) Set this to 1 when you want to authenticate the DataStax instance via certificate and private_key. Enabling this from API switch on the Require Certificate toggle on UI.
certificate={value} (Required) Certificate content if require_cert is set to 1.
private_key={value}  (Required) private_key details if require_cert is set to 1.
confpath={value} (Optional) The full path to DataStax yaml/yuml file. 
basepath={value}  (Optional) The base path to DataStax installation.
dseconfpath={value}

 (Optional) Configuration path of DataStax conf file.
cleartext={0|1}  (Optional) Set to 1 to send user credentials in clear text.
ids={value} (Required to update record) DataStax Record IDs to update. Specify record IDs and/or ID ranges (for example, 1359-1407). Multiple entries are comma separated.
passphrase={value} (Optional) Specify password passphrase. If a client certificate is required, the private key specifies the client certificate. If this key is protected by a passphrase, you can provide it via this parameter. 
use_vault_passphrase={0|1}  (Optional) Set to 1 if you want to store passphrase to vault. Enabling this from API switches the Get passphrase from vault toggle to Yes on the UI. 
pp_vault_type={value}  (Required if use_vault_passphrase parameter is set to 1) If the passphrase is stored in a vault, this parameter indicates its vault type. Enter the type of the vault that stores the passphrase.
pp_vault_record={value} (Required if use_vault_passphrase parameter is set to 1) If the passphrase is stored in a vault, this parameter indicates its vault ID. Enter the ID of the vault that stores the passphrase. 
pp_<vault_parameters>={v alue}  Optional) If use_vault_passphrase parameter is set to 1 then all vault parameter fields must be added with prefix 'pp_' For example, pp_vault_type,pp_vault_record. Vault specific parameters required depend on the vault type you've selected. See “Vault Definition” in the API user guide. 

Sample - Create Authentication RecordSample - Create Authentication Record

API Request

curl-s -S -H 'X-Requested-With:curl demo2' -u "xx_xx:yyyy123#" -d "action=create&title=datastax_API&login_type=basic&username=test&password=abc123&ips=1.1.1.2&port=12" "https://<qualys_base_url>/api/2.0/fo/auth/datastax/"

XML Response

  <?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "https://<qualys_base_url>/api/2.0/batch_return.dtd">
<BATCH_RETURN>
  <RESPONSE>
    <DATETIME>2024-08-23T13:40:49Z</DATETIME>
    <BATCH_LIST>
      <BATCH>
        <TEXT>Successfully Created</TEXT>
        <ID_SET>
          <ID>5380731</ID>
        </ID_SET>
      </BATCH>
    </BATCH_LIST>
  </RESPONSE>
</BATCH_RETURN>                   

Sample - Update Authentication RecordSample - Update Authentication Record

API Request

curl-s -S -H 'X-Requested-With:curl demo2' -u "xx_xx:yyyy123#" -d "action=update&title=datastax_APIupdate&login_type=basic&username=testupdate&password=abc12312&ids=5380731&port=12" "https://<qualys_base_url>/api/2.0/fo/auth/datastax/"

XML Response

<?xml version="1.0" encoding="utf-8"?> "https://<qualys_base_url>/api/2.0/batch_return.dtd">
<batch_return>
  <response>
    <datetime>2024-08-23T13:43:33Z</datetime>
    <batch_list>
      <batch>
        <text>Successfully Updated</text>
        <id_set>
          <id>5380731</id>
        </id_set>
      </batch>
    </batch_list>
  </response>
</batch_return>

Sample - List Authentication RecordSample - List Authentication Record

API Request

curl-s -S -H 'X-Requested-With:curl demo2' -u "xx_xx:yyyy123#" -d "action=list&ids=5380731" "https://<qualys_base_url>/api/2.0/fo/auth/datastax/"

XML Response

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE AUTH_DATASTAX_LIST_OUTPUT SYSTEM "https://<qualys_base_url>/api/2.0/fo/auth/datastax/auth_datastax_list_output.dtd">
<auth_datastax_list_output>
  <response>
    <datetime>2024-08-23T13:44:50Z</datetime>
    <auth_datastax_list>
      <auth_datastax>
        <id>5380731</id>
        <title>datastax_APIupdate</title>
        <username>testupdate</username>
        <ip_set>
          <ip>1.1.1.1</ip>
        </ip_set>
        <require_cert>0</require_cert>
        <port>12</port>        <ssl_verify_with_host>0</ssl_verify_with_host>
        <login_type>basic</login_type>
        <created>
          <datetime>2024-08-23T13:40:49Z</datetime>
          <by>xx_xx</by>
        </created>
        <last_modified>
          <datetime>2024-08-23T13:43:33Z</datetime>
        </last_modified>
      </auth_datastax>
    </auth_datastax_list>
  </response>
</auth_datastax_list_output>

Sample - Delete Authentication RecordSample - Delete Authentication Record

API Request

curl-s -S -H 'X-Requested-With:curl demo2' -u "xx_xx:yyyy123#" -d "action=delete&ids=5380731" "https://<qualys_base_url>/api/2.0/fo/auth/datastax/" 

XML Response

  <?xml version="1.0" encoding="utf-8"?> "https://<qualys_base_url>/api/2.0/batch_return.dtd">
<batch_return>
  <response>
    <datetime>2024-08-23T13:52:18Z</datetime>
    <batch_list>
      <batch>
        <text>Successfully Deleted</text>
        <id_set>
          <id>5380731</id>
        </id_set>
      </batch>
    </batch_list>
  </response>
</batch_return>

Sample - List All Authentication RecordsSample - List All Authentication Records

API Request

curl -s -S -H 'X-Requested-With:curl demo2' -u "xx_xx:yyyy123#" -d "action=list" "https://<qualys_base_url>/api/3.0/fo/auth/" > list_all_auth.txt

XML Response

  <?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE AUTH_RECORDS_OUTPUT SYSTEM
"https://<qualys_base_url>/api/3.0/fo/auth/auth_records.dtd" 
<auth_records_output>
  <response>
    <datetime>2024-08-23T13:47:54Z</datetime>
    <auth_records>
      <auth_unix_ids>
        <id_set>
          <id>679711</id>
          <id>712175</id>
          <id>958037</id>
          <id>969642</id>
          <id>970675</id>
          <id>970701</id>
          <id>1020544</id>
          <id>1021490</id>
          <id>1022582</id>
          <id>1027482</id>
          <id>1029201</id>
          <id>1091106</id>
          <id>1360974</id>
          <id>1392739</id>
          <id>1393194</id>
          <id>1581709</id>
          <id>1583235</id>
          <id>1701011</id>
          <id>1712145</id>
          <id>1794631</id>
          <id>1806617</id>
          <id>1906524</id>
          <id>2103582</id>
          <id>2118696</id>
          <id>2133877</id>
          <id>2166583</id>
          <id>2455332</id>
          <id>2473316</id>
          <id>2511930</id>
          <id>2568251</id>
          <id>4673941</id>
          <id>4705032</id>
          <id>4724564</id>
          <id>4747900</id>
          <id>4911033</id>
          <id>5073704</id>
          <id>5117459</id>
          <id>5117575</id>
          <id>5190356</id>
          <id>5190862</id>
          <id>5207344</id>
          <id>5295916</id>
          <id_range>2132864-2132865</id_range>
          <id_range>4706061-4706062</id_range>
          <id_range>4706066-4706069</id_range>
        </id_set>
      </auth_unix_ids>
      <auth_windows_ids>
        <id_set>
          <id>679712</id>
          <id>712176</id>
          <id>958039</id>
          <id>965457</id>
          <id>1027642</id>
          <id>1360982</id>
          <id>1699734</id>
          <id>1866874</id>
          <id>2113307</id>
          <id>2266692</id>
          <id>2394475</id>
          <id>2442301</id>
          <id>2455489</id>
          <id>5043106</id>
          <id>5117580</id>
          <id>5256821</id>
          <id>5256826</id>
          <id_range>4704738-4704739</id_range>
        </id_set>
      </auth_windows_ids>
      <auth_oracle_ids>
        <id_set>
          <id>768181</id>
          <id>971683</id>
          <id>1371740</id>
          <id>1371746</id>
          <id>1403716</id>
          <id>5190863</id>
          <id_range>5190867-5190868</id_range>
        </id_set>
      </auth_oracle_ids>
      <auth_snmp_ids>
        <id_set>
          <id>2118698</id>
        </id_set>
      </auth_snmp_ids>
      <auth_ms_sql_ids>
        <id_set>
          <id>2047865</id>
          <id>2266695</id>
          <id>2266910</id>
          <id>5089360</id>
          <id>5091262</id>
          <id>5091305</id>
          <id>5091325</id>
          <id>5092864</id>
          <id>5092910</id>
          <id>5092938</id>
          <id>5092966</id>
          <id>5093027</id>
          <id_range>4713871-4713872</id_range>
          <id_range>5089353-5089356</id_range>
          <id_range>5089363-5089368</id_range>
        </id_set>
      </auth_ms_sql_ids>
      <auth_ibm_db2_ids>
        <id_set>
          <id>2134085</id>
        </id_set>
      </auth_ibm_db2_ids>
      <auth_vmware_ids>
        <id_set>
          <id>1420676</id>
          <id>1424399</id>
          <id_range>2444361-2444363</id_range>
        </id_set>
      </auth_vmware_ids>
      <auth_apache_ids>
        <id_set>
          <id>5096496</id>
          <id>5096516</id>
        </id_set>
      </auth_apache_ids>
      <auth_sybase_ids>
        <id_set>
          <id>1033098</id>
          <id>1033101</id>
          <id>5243997</id>
          <id>5244016</id>
          <id>5257415</id>
          <id>5257664</id>
          <id>5257675</id>
          <id>5258797</id>
          <id>5275407</id>
          <id>5275542</id>
          <id>5275725</id>
          <id_range>5238874-5238875</id_range>
          <id_range>5240379-5240380</id_range>
        </id_set>
      </auth_sybase_ids>
      <auth_mysql_ids>
        <id_set>
          <id>5145480</id>
          <id>5190357</id>
        </id_set>
      </auth_mysql_ids>
      <auth_tomcat_ids>
        <id_set>
          <id>712177</id>
          <id>712187</id>
          <id>712226</id>
          <id>712239</id>
          <id>1701036</id>
          <id>2118902</id>
        </id_set>
      </auth_tomcat_ids>
      <auth_oracle_weblogic_ids>
        <id_set>
          <id>1726135</id>
          <id>2134083</id>
        </id_set>
      </auth_oracle_weblogic_ids>
      <auth_postgresql_ids>
        <id_set>
          <id>1026647</id>
          <id>4706073</id>
          <id>4706075</id>
          <id>4706077</id>
          <id>4706214</id>
          <id>4706324</id>
          <id>4706404</id>
          <id>4706412</id>
          <id>4706517</id>
          <id>5117568</id>
          <id>5117572</id>
        </id_set>
      </auth_postgresql_ids>
      <auth_mongodb_ids>
        <id_set>
          <id>2157859</id>
          <id>2230895</id>
          <id>2283004</id>
          <id>2338797</id>
          <id>2455264</id>
          <id>2455455</id>
          <id>2455462</id>
          <id>2456400</id>
          <id>2456537</id>
          <id>2456539</id>
          <id>4684335</id>
          <id>4713666</id>
          <id>4713674</id>
          <id>4713717</id>
          <id>4713729</id>
          <id>4713874</id>
          <id>5109024</id>
          <id>5109027</id>
          <id_range>2455458-2455460</id_range>
          <id_range>2455464-2455465</id_range>
          <id_range>2456530-2456535</id_range>
          <id_range>5190864-5190866</id_range>
        </id_set>
      </auth_mongodb_ids>
      <auth_vcenter_ids>
        <id_set>
          <id>1423522</id>
          <id>2118903</id>
          <id>2442690</id>
          <id>4684441</id>
          <id_range>2444364-2444365</id_range>
        </id_set>
      </auth_vcenter_ids>
      <auth_mariadb_ids>
        <id_set>
          <id>5238876</id>
        </id_set>
      </auth_mariadb_ids>
      <auth_informixdb_ids>
        <id_set>
          <id_range>1027159-1027160</id_range>
          <id>4747926</id>
        </id_set>
      </auth_informixdb_ids>
      <auth_network_ssh_ids>
        <id_set>
          <id>1043882</id>
          <id>1043889</id>
          <id>1044112</id>
          <id>1044118</id>
          <id>1044161</id>
          <id>1044241</id>
          <id>1052473</id>
          <id>1052553</id>
          <id>2118697</id>
          <id>4713865</id>
          <id_range>1044121-1044123</id_range>
          <id_range>1044158-1044159</id_range>
          <id_range>1051721-1051722</id_range>
        </id_set>
      </auth_network_ssh_ids>
      <auth_nginx_ids>
        <id_set>
          <id>2134081</id>
          <id>2473317</id>
        </id_set>
      </auth_nginx_ids>
      <auth_infoblox_ids>
        <id_set>
          <id>2473315</id>
          <id>4675302</id>
          <id>4675307</id>
          <id>4675316</id>
          <id>4675462</id>
          <id>4675478</id>
          <id>4675502</id>
          <id>4675526</id>
          <id>4713979</id>
        </id_set>
      </auth_infoblox_ids>
      <auth_bind_ids>
        <id_set>
          <id>4703222</id>
        </id_set>
      </auth_bind_ids>
      <auth_cisco_apic_ids>
        <id_set>
          <id>4673926</id>
          <id>4673946</id>
          <id>4675278</id>
          <id>4675281</id>
          <id>4675313</id>
          <id>4704529</id>
          <id>4713981</id>
        </id_set>
      </auth_cisco_apic_ids>
      <auth_cassandra_ids>
        <id_set>
          <id>4703223</id>
          <id>4713982</id>
          <id>4724463</id>
          <id>5207337</id>
          <id>5341160</id>
          <id>5360963</id>
          <id>5364286</id>
          <id>5380621</id>
          <id>5380623</id>
          <id>5380626</id>
          <id>5380730</id>
        </id_set>
      </auth_cassandra_ids>
      <auth_marklogic_ids>
        <id_set>
          <id>4702420</id>
          <id>4706451</id>
          <id>4713859</id>
          <id>4714410</id>
          <id>4714415</id>
          <id>4714429</id>
          <id>4714432</id>
          <id>4714439</id>
          <id>5140524</id>
          <id>5140530</id>
          <id>5140534</id>
          <id_range>4714287-4714288</id_range>
          <id_range>4714384-4714387</id_range>
        </id_set>
      </auth_marklogic_ids>
      <auth_datastax_ids>
        <id_set>
          <id>5291284</id>
          <id>5295929</id>
          <id>5296333</id>
          <id>5305719</id>
          <id>5305752</id>
          <id>5341133</id>
          <id>5341154</id>
          <id>5360961</id>
          <id>5360967</id>
          <id>5361070</id>
          <id>5363948</id>
          <id>5363958</id>
          <id>5363961</id>
          <id>5363973</id>
          <id>5364270</id>
          <id>5364298</id>
          <id>5380620</id>
          <id>5380622</id>
          <id>5380625</id>
          <id>5380731</id>
        </id_set>
      </auth_datastax_ids>
    </auth_records>
  </response>
</auth_records_output>    

Sample - DataStax List Authentication RecordSample - DataStax List Authentication Record

A new DTD for the DataStax Authentication record has been added.
<platform API server> /api/2.0/fo/auth/datastax/auth_datastax_list_output.dtd

DTD output for DataStax Authentication record is as follows:

DTD Output for DataStax List Authentication record

<!-- QUALYS AUTH_DATASTAX_LIST_OUTPUT DTD -->
<!ELEMENT AUTH_DATASTAX_LIST_OUTPUT (REQUEST?, RESPONSE)>
<!ELEMENT REQUEST (DATETIME, USER_LOGIN, RESOURCE, PARAM_LIST?, POST_DATA?)>
<!ELEMENT DATETIME (#PCDATA)>
<!ELEMENT USER_LOGIN (#PCDATA)>
<!ELEMENT RESOURCE (#PCDATA)>
<!ELEMENT PARAM_LIST (PARAM+)>
<!ELEMENT PARAM (KEY, VALUE)>
<!ELEMENT KEY (#PCDATA)>
<!ELEMENT VALUE (#PCDATA)>
<!-- if returned, POST_DATA will be urlencoded -->
<!ELEMENT POST_DATA (#PCDATA)>
<!ELEMENT RESPONSE (DATETIME, (AUTH_DATASTAX_LIST|ID_SET)?, WARNING_LIST?, GLOSSARY?)>
<!ELEMENT AUTH_DATASTAX_LIST (AUTH_DATASTAX+)>
<!ELEMENT AUTH_DATASTAX (ID, TITLE,USERNAME?,WINDOWS_DOMAIN?,IP_SET?,REQUIRE_CERT?, CONFPATH?,BASEPATH?,DSECONFPATH?, DOMAIN?,PORT?,SSL_VERIFY_WITH_HOST?,HOSTS?,CLEARTEXT?, CERTIFICATE?,PRIVATE_KEY?, PASSPHRASE?, PASSPHRASE_DIGITAL_VAULT?, USE_VAULT_PASSPHRASE?, LOGIN_TYPE?,DIGITAL_VAULT?,NETWORK_ID?,CREATED,LAST_MODIFIED,COMMENTS?)>
<!ELEMENT ID (#PCDATA)>
<!ELEMENT TITLE (#PCDATA)>
<!ELEMENT USERNAME (#PCDATA)>
<!ELEMENT IP_SET (IP|IP_RANGE)+>
<!ELEMENT IP (#PCDATA)>
<!ELEMENT IP_RANGE (#PCDATA)>
<!ELEMENT PORT (#PCDATA)>
<!ELEMENT REQUIRE_CERT (#PCDATA)>
<!ELEMENT HOSTS (#PCDATA)>
<!ELEMENT CERTIFICATE (#PCDATA)>
<!ELEMENT PRIVATE_KEY (#PCDATA)>
<!ELEMENT PASSPHRASE (#PCDATA)>
<!ELEMENT DOMAIN (#PCDATA)>
<!ELEMENT WINDOWS_DOMAIN (#PCDATA)>
<!ELEMENT SSL_VERIFY_WITH_HOST (#PCDATA)>
<!ELEMENT CLEARTEXT (#PCDATA)>
<!ELEMENT USE_VAULT_PASSPHRASE (#PCDATA)>
<!ELEMENT CONFPATH (#PCDATA)>
<!ELEMENT BASEPATH (#PCDATA)>
<!ELEMENT DSECONFPATH (#PCDATA)>
<!ELEMENT LOGIN_TYPE (#PCDATA)>
<!ELEMENT DIGITAL_VAULT (DIGITAL_VAULT_ID, DIGITAL_VAULT_TYPE, DIGITAL_VAULT_TITLE, VAULT_USERNAME?, VAULT_FOLDER?, VAULT_FILE?, VAULT_SECRET_NAME?, VAULT_SYSTEM_NAME?, VAULT_NS_TYPE?, VAULT_NS_NAME?, VAULT_SECRET_KV_PATH?, VAULT_SECRET_KV_NAME?, VAULT_SECRET_KV_KEY?, VAULT_SERVICE_TYPE?)>
<!ELEMENT PASSPHRASE_DIGITAL_VAULT (DIGITAL_VAULT_ID, DIGITAL_VAULT_TYPE, DIGITAL_VAULT_TITLE, VAULT_USERNAME?, VAULT_FOLDER?, VAULT_FILE?, VAULT_SECRET_NAME?, VAULT_SYSTEM_NAME?, VAULT_NS_TYPE?, VAULT_NS_NAME?, VAULT_SECRET_KV_PATH?, VAULT_SECRET_KV_NAME?, VAULT_SECRET_KV_KEY?, VAULT_SERVICE_TYPE?)>
<!ELEMENT DIGITAL_VAULT_ID (#PCDATA)>
<!ELEMENT DIGITAL_VAULT_TYPE (#PCDATA)>
<!ELEMENT DIGITAL_VAULT_TITLE (#PCDATA)>
<!ELEMENT VAULT_USERNAME (#PCDATA)>
<!ELEMENT VAULT_FOLDER (#PCDATA)>
<!ELEMENT VAULT_FILE (#PCDATA)>
<!ELEMENT VAULT_SECRET_NAME (#PCDATA)>
<!ELEMENT VAULT_SYSTEM_NAME (#PCDATA)>
<!ELEMENT VAULT_NS_TYPE (#PCDATA)>
<!ELEMENT VAULT_NS_NAME (#PCDATA)>
<!ELEMENT VAULT_SECRET_KV_PATH (#PCDATA)>
<!ELEMENT VAULT_SECRET_KV_NAME (#PCDATA)>
<!ELEMENT VAULT_SECRET_KV_KEY (#PCDATA)>
<!ELEMENT VAULT_SERVICE_TYPE (#PCDATA)>
<!ELEMENT NETWORK_ID (#PCDATA)>
<!ELEMENT CREATED (DATETIME, BY)>
<!ELEMENT BY (#PCDATA)>
<!ELEMENT LAST_MODIFIED (DATETIME)>
<!ELEMENT COMMENTS (#PCDATA)>
<!ELEMENT WARNING_LIST (WARNING+)>
<!ELEMENT WARNING (CODE?, TEXT, URL?, ID_SET?)>
<!ELEMENT CODE (#PCDATA)>
<!ELEMENT TEXT (#PCDATA)>
<!ELEMENT URL (#PCDATA)>
<!ELEMENT ID_SET (ID|ID_RANGE)+>
<!ELEMENT ID_RANGE (#PCDATA)>
<!ELEMENT GLOSSARY (USER_LIST?)>
<!ELEMENT USER_LIST (USER+)>
<!ELEMENT USER (USER_LOGIN, FIRST_NAME, LAST_NAME)>
<!ELEMENT FIRST_NAME (#PCDATA)>
<!ELEMENT LAST_NAME (#PCDATA)>
<!-- EOF -->

DTD Output - All List Authentication RecordDTD Output - All List Authentication Record

DTD Output for List Authentication record

<!-- QUALYS AUTH_RECORDS_OUTPUT DTD -->
<!ELEMENT AUTH_RECORDS_OUTPUT (REQUEST?, RESPONSE)>
<!ELEMENT REQUEST (DATETIME, USER_LOGIN, RESOURCE, PARAM_LIST?, POST_DATA?)>
<!ELEMENT DATETIME (#PCDATA)>
<!ELEMENT USER_LOGIN (#PCDATA)>
<!ELEMENT RESOURCE (#PCDATA)>
<!ELEMENT PARAM_LIST (PARAM+)>
<!ELEMENT PARAM (KEY, VALUE)>
<!ELEMENT KEY (#PCDATA)>
<!ELEMENT VALUE (#PCDATA)>
<!-- if returned, POST_DATA will be urlencoded -->
<!ELEMENT POST_DATA (#PCDATA)>
<!ELEMENT RESPONSE (DATETIME, AUTH_RECORDS?, WARNING_LIST?)>
<!ELEMENT AUTH_RECORDS (AUTH_UNIX_IDS?, AUTH_WINDOWS_IDS?, AUTH_ORACLE_IDS?, AUTH_ORACLE_LISTENER_IDS?, AUTH_SNMP_IDS?, AUTH_MS_SQL_IDS?, AUTH_IBM_DB2_IDS?, AUTH_VMWARE_IDS?, AUTH_MS_IIS_IDS?, AUTH_APACHE_IDS?, AUTH_IBM_WEBSPHERE_IDS?, AUTH_HTTP_IDS?, AUTH_SYBASE_IDS?, AUTH_MYSQL_IDS?, AUTH_TOMCAT_IDS?, AUTH_ORACLE_WEBLOGIC_IDS?, AUTH_DOCKER_IDS?, AUTH_POSTGRESQL_IDS?, AUTH_MONGODB_IDS?, AUTH_PALO_ALTO_FIREWALL_IDS?, AUTH_VCENTER_IDS?, AUTH_JBOSS_IDS?, AUTH_MARIADB_IDS?, AUTH_INFORMIXDB_IDS?, AUTH_MS_EXCHANGE_IDS?, AUTH_ORACLE_HTTP_SERVER_IDS?, AUTH_GREENPLUM_IDS?, AUTH_MICROSOFT_SHAREPOINT_IDS?, AUTH_KUBERNETES_IDS?, AUTH_SAPIQ_IDS?,AUTH_SAP_HANA_IDS?, AUTH_NEO4J_IDS?, AUTH_AZURE_MS_SQL_IDS?, AUTH_NETWORK_SSH_IDS?, AUTH_NGINX_IDS?, AUTH_INFOBLOX_IDS?, AUTH_BIND_IDS?, AUTH_CISCO_APIC_IDS?, AUTH_CASSANDRA_IDS?, AUTH_MARKLOGIC_IDS?, AUTH_DATASTAX_IDS?)>
<!ELEMENT AUTH_UNIX_IDS (ID_SET)>
<!ELEMENT AUTH_WINDOWS_IDS (ID_SET)>
<!ELEMENT AUTH_ORACLE_IDS (ID_SET)>
<!ELEMENT AUTH_ORACLE_LISTENER_IDS (ID_SET)>
<!ELEMENT AUTH_SNMP_IDS (ID_SET)>
<!ELEMENT AUTH_MS_SQL_IDS (ID_SET)>
<!ELEMENT AUTH_IBM_DB2_IDS (ID_SET)>
<!ELEMENT AUTH_VMWARE_IDS (ID_SET)>
<!ELEMENT AUTH_MS_IIS_IDS (ID_SET)>
<!ELEMENT AUTH_APACHE_IDS (ID_SET)>
<!ELEMENT AUTH_IBM_WEBSPHERE_IDS (ID_SET)>
<!ELEMENT AUTH_HTTP_IDS (ID_SET)>
<!ELEMENT AUTH_SYBASE_IDS (ID_SET)>
<!ELEMENT AUTH_MYSQL_IDS (ID_SET)>
<!ELEMENT AUTH_TOMCAT_IDS (ID_SET)>
<!ELEMENT AUTH_ORACLE_WEBLOGIC_IDS (ID_SET)>
<!ELEMENT AUTH_DOCKER_IDS (ID_SET)>
<!ELEMENT AUTH_POSTGRESQL_IDS (ID_SET)>
<!ELEMENT AUTH_MONGODB_IDS (ID_SET)>
<!ELEMENT AUTH_PALO_ALTO_FIREWALL_IDS (ID_SET)>
<!ELEMENT AUTH_VCENTER_IDS (ID_SET)>
<!ELEMENT AUTH_JBOSS_IDS (ID_SET)>
<!ELEMENT AUTH_MARIADB_IDS (ID_SET)>
<!ELEMENT AUTH_INFORMIXDB_IDS (ID_SET)>
<!ELEMENT AUTH_MS_EXCHANGE_IDS (ID_SET)>
<!ELEMENT AUTH_ORACLE_HTTP_SERVER_IDS (ID_SET)>
<!ELEMENT AUTH_GREENPLUM_IDS (ID_SET)>
<!ELEMENT AUTH_MICROSOFT_SHAREPOINT_IDS (ID_SET)>
<!ELEMENT AUTH_KUBERNETES_IDS (ID_SET)>
<!ELEMENT AUTH_SAPIQ_IDS (ID_SET)>
<!ELEMENT AUTH_SAP_HANA_IDS (ID_SET)>
<!ELEMENT AUTH_NEO4J_IDS (ID_SET)>
<!ELEMENT AUTH_AZURE_MS_SQL_IDS (ID_SET)>
<!ELEMENT AUTH_NETWORK_SSH_IDS (ID_SET)>
<!ELEMENT AUTH_NGINX_IDS (ID_SET)>
<!ELEMENT AUTH_INFOBLOX_IDS (ID_SET)>
<!ELEMENT AUTH_BIND_IDS (ID_SET)>
<!ELEMENT AUTH_CISCO_APIC_IDS (ID_SET)>
<!ELEMENT AUTH_CASSANDRA_IDS (ID_SET)>
<!ELEMENT AUTH_MARKLOGIC_IDS (ID_SET)>
<!ELEMENT AUTH_DATASTAX_IDS (ID_SET)>
<!ELEMENT WARNING_LIST (WARNING+)>
<!ELEMENT WARNING (CODE?, TEXT, URL?, ID_SET?)>
<!ELEMENT CODE (#PCDATA)>
<!ELEMENT TEXT (#PCDATA)>
<!ELEMENT URL (#PCDATA)>
<!ELEMENT ID_SET (ID|ID_RANGE)+>
<!ELEMENT ID (#PCDATA)>
<!ELEMENT ID_RANGE (#PCDATA)>
<!-- EOF -->

Host List API: Added New Scan Parameters to Filter the Host

New or Updated API Updated
API Endpoint
(Deprecation Timeline-
March 2025)
/api/2.0/fo/asset/host/
API Endpoint
(New Version)
/api/3.0/fo/asset/host/
Method GET 
DTD or XSD changes Yes

With this release, the following two new parameters are added to the Host list API:

  • pc_auth_success_date_before
  • pc_auth_success_date_after

Now, you can use these parameters to filter the hosts based on their last successful compliance scan date by selecting either a specific date range or timeframe before or after a selected date and time. Earlier, an authenticated report was executed to check if the assets or hosts were ready for compliance, which was taking a considerable amount of time. These parameters help to identify the status of asset compliance for posture reporting without the need to run an authentication report.

To enable this feature for your subscription, reach out to your Technical Account Manager or Qualys Support.

Input ParametersInput Parameters

The following new input parameters have been added.

Parameter Description
 pc_auth_success_date_before={date}

(Optional) Show hosts with a successful compliance scan end date before a certain date and time. Specify the date in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like
“2016-09-12” or “2016-09-12T23:15:00Z”.

Note: When a date is provided without a specific time, the query includes the data on or before the specified date, meaning that the specified date itself is included in the search query.

pc_auth_success_date_after

(Optional) Show hosts with a successful compliance scan end date after a certain date and time. Specify the date in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT), like
“2016-09-12” or “2016-09-12T23:15:00Z”.

Note: When a date is provided without a specific time, the query includes the data after the specified date, meaning that the specified date is excluded from the search query.

Sample - Display the hosts that have completed the compliance scan before a given dateSample - Display the hosts that have completed the compliance scan before a given date

API Request

curl -s -S -H 'X-Requested-With:curl demo2' -u "username:password" -d "action=list&pc_auth_success_date_before=2022-06-06&details=All" "https://<qualys_base_url>/api/3.0/fo/asset/host/"

XML Response

  <?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HOST_LIST_OUTPUT SYSTEM "https://<qualys_base_url>/api/3.0/fo/asset/host/dtd/list/output.dtd">
<host_list_output>
  <response>
    <datetime>2024-09-16T10:58:10Z</datetime>
    <host_list>
      <host>
        <id>2584392</id>
        <ip>11.11.11.111</ip>
        <tracking_method>Cloud Agent</tracking_method>
        <dns>compaix6lpr01</dns>
        <dns_data>
          <hostname>compaix6lpr01</hostname>
          <domain/>
          <fqdn/>
        </dns_data>
        <os>AIX 6.1.0.0</os>
        <qg_hostid>2f06cf12-c127-4cfa-93c1-2fe3b9a1cdec</qg_hostid>
        <last_boot>2022-04-01T18:03:47Z</last_boot>
        <first_found_date>2022-04-27T09:51:52Z</first_found_date>
        <last_activity>2022-05-11T05:36:34Z</last_activity>
        <agent_status>Manifest Downloaded</agent_status>
        <cloud_agent_running_on>QAGENT</cloud_agent_running_on>
        <last_compliance_scan_datetime>2022-05-11T06:52:31Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2022-05-11T06:39:13Z</pc_auth_success_date>
      </host>
      <host>
        <id>2588281</id>
        <ip>11.111.111.111</ip>
        <tracking_method>Cloud Agent</tracking_method>
        <dns>tomcat10.rdlab.in03.qualys.com</dns>
        <dns_data>
          <hostname>tomcat10</hostname>
          <domain>rdlab.in03.qualys.com</domain>
          <fqdn>tomcat10.rdlab.in03.qualys.com</fqdn>
        </dns_data>
        <os>CentOS Linux 7.5.1804 (Core) 7.5.1804</os>
        <qg_hostid>4400c88b-95ba-435d-94f2-8dfc1a1ebe38</qg_hostid>
        <last_boot>2022-01-14T05:41:41Z</last_boot>
        <hardware_uuid>422af3eb-59b3-d7c4-aa71-dd20780e4c0a</hardware_uuid>
        <first_found_date>2022-04-29T07:16:12Z</first_found_date>
        <last_activity>2022-05-17T09:08:13Z</last_activity>
        <agent_status>Configuration Downloaded</agent_status>
        <cloud_agent_running_on>QAGENT</cloud_agent_running_on>
        <last_compliance_scan_datetime>2022-05-17T00:12:37Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2022-05-17T00:15:23Z</pc_auth_success_date>
      </host>
      <host>
        <id>2612147</id>
        <ip>11.11.11.11</ip>
        <tracking_method>Cloud Agent</tracking_method>
        <dns>comwls14c</dns>
        <dns_data>
          <hostname>comwls14c</hostname>
          <domain/>
          <fqdn/>
        </dns_data>
        <os>CentOS Linux 7.8.2003 (Core) 7.8.2003</os>
        <qg_hostid>6020ae3c-cefa-4540-8690-aa9c23cdfd2d</qg_hostid>
        <last_boot>2021-06-15T06:52:48Z</last_boot>
        <hardware_uuid>420cf117-1fcb-0325-1d67-def7b2161823</hardware_uuid>
        <first_found_date>2022-05-05T11:48:45Z</first_found_date>
        <last_activity>2022-05-09T04:49:16Z</last_activity>
        <agent_status>Configuration Downloaded</agent_status>
        <cloud_agent_running_on>QAGENT</cloud_agent_running_on>
        <last_compliance_scan_datetime>2022-05-09T00:19:37Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2022-05-09T00:38:21Z</pc_auth_success_date>
      </host>
    </host_list>
  </response>
</host_list_output>

Sample - Display the hosts that have completed the compliance scan after a given dateSample - Display the hosts that have completed the compliance scan after a given date

API Request

curl -s -S -H 'X-Requested-With:curl demo2' -u "username:password" -d "action=list&pc_auth_success_date_after=2024-08-26&details=All" "https://<qualys_base_url>/api/3.0/fo/asset/host/"

XML Response

  <?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HOST_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/asset/host/dtd/list/output.dtd">
<host_list_output>
  <response>
    <datetime>2024-09-16T11:07:45Z</datetime>
    <host_list>
      <host>
        <id>5583053</id>
        <ip>11.111.111.111</ip>
        <tracking_method>Cloud Agent</tracking_method>
        <dns>nileshcentous7_9</dns>
        <dns_data>
          <hostname>nileshcentous7_9</hostname>
          <domain/>
          <fqdn/>
        </dns_data>
        <os>CentOS Linux 7.9.2009</os>
        <qg_hostid>694b795c-39b2-4e15-b5d1-2015888ecd76</qg_hostid>
        <last_boot>2022-12-08T12:20:16Z</last_boot>
        <serial_number>VMware-42 13 0c f3 66 e0 b6 17-18 37 0c 69 bd 6d b5 2d</serial_number>
        <hardware_uuid>f30c1342-e066-17b6-1837-0c69bd6db52d</hardware_uuid>
        <first_found_date>2024-06-11T04:52:09Z</first_found_date>
        <last_activity>2024-09-16T10:53:53Z</last_activity>
        <agent_status>PC Manifest Downloaded</agent_status>
        <cloud_agent_running_on>QAGENT</cloud_agent_running_on>
        <last_compliance_scan_datetime>2024-09-11T07:13:49Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2024-09-11T07:14:45Z</pc_auth_success_date>
      </host>
      <host>
        <id>5953668</id>
        <ip>11.11.11.111</ip>
        <tracking_method>Cloud Agent</tracking_method>
        <dns>pcw2022.com.local</dns>
        <dns_data>
          <hostname>pcw2022</hostname>
          <domain>com.local</domain>
          <fqdn>pcw2022.com.local</fqdn>
        </dns_data>
        <netbios>PCW2022</netbios>
        <os>Windows Microsoft Windows Server 2022 Datacenter 10.0.20348 Build 20348</os>
        <qg_hostid>660e9f09-03a8-0004-0046-0050568cb2b6</qg_hostid>
        <last_boot>2024-07-11T16:13:07Z</last_boot>
        <serial_number>VMware-42 0c 7e 00 c9 37 08 c4-1f 5c b3 f4 8b 19 02 fe</serial_number>
        <hardware_uuid>007E0C42-37C9-C408-1F5C-B3F48B1902FE</hardware_uuid>
        <first_found_date>2024-08-05T08:40:14Z</first_found_date>
        <last_activity>2024-09-16T05:51:06Z</last_activity>
        <agent_status>Inventory Scan Complete</agent_status>
        <cloud_agent_running_on>QAGENT</cloud_agent_running_on>
        <last_compliance_scan_datetime>2024-09-16T08:21:17Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2024-09-16T08:24:54Z</pc_auth_success_date>
      </host>
      <host>
        <id>5964522</id>
        <ip>11.11.11.111</ip>
        <tracking_method>IP</tracking_method>
        <dns>pcw2022.com.local</dns>
        <dns_data>
          <hostname>pcw2022</hostname>
          <domain>com.local</domain>
          <fqdn>pcw2022.com.local</fqdn>
        </dns_data>
        <netbios>PCW2022</netbios>
        <os>Windows Server 2022 Datacenter 64 bit Edition Version 21H2</os>
        <first_found_date>2024-08-08T12:02:34Z</first_found_date>
        <last_compliance_scan_datetime>2024-09-09T06:31:57Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2024-09-09T07:16:35Z</pc_auth_success_date>
      </host>
      <host>
        <id>5964524</id>
        <ip>11.11.111.11</ip>
        <tracking_method>IP</tracking_method>
        <dns>win-dc01.veda.local</dns>
        <dns_data>
          <hostname>win-dc01</hostname>
          <domain>veda.local</domain>
          <fqdn>win-dc01.veda.local</fqdn>
        </dns_data>
        <netbios>WIN-DC01</netbios>
        <os>Windows Server 2022 Standard 64 bit Edition Version 21H2</os>
        <first_found_date>2024-08-08T12:02:59Z</first_found_date>
        <last_compliance_scan_datetime>2024-09-09T06:31:57Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2024-09-09T07:18:01Z</pc_auth_success_date>
      </host>
      <host>
        <id>5985791</id>
        <ip>11.11.11.11</ip>
        <tracking_method>IP</tracking_method>
        <os>Red Hat Enterprise Linux 9.0</os>
        <qg_hostid>2c4b95d3-51e1-4457-8049-979e80b06527</qg_hostid>
        <first_found_date>2024-08-12T11:17:54Z</first_found_date>
        <last_compliance_scan_datetime>2024-09-12T06:41:52Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2024-09-12T07:42:27Z</pc_auth_success_date>
      </host>
      <host>
        <id>6130324</id>
        <ip>11.11.11.11</ip>
        <tracking_method>IP</tracking_method>
        <os>Oracle Enterprise Linux 9.0</os>
        <first_found_date>2024-09-06T10:55:16Z</first_found_date>
        <last_compliance_scan_datetime>2024-09-11T09:42:36Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2024-09-11T12:03:22Z</pc_auth_success_date>
      </host>
      <host>
        <id>6143865</id>
        <ip>11.11.11.111</ip>
        <tracking_method>IP</tracking_method>
        <dns>win-cr35vneg5h9</dns>
        <dns_data>
          <hostname>win-cr35vneg5h9</hostname>
          <domain/>
          <fqdn/>
        </dns_data>
        <netbios>WIN-CR35VNEG5H9</netbios>
        <os>Windows Server 2022 Standard 64 bit Edition Version 21H2</os>
        <first_found_date>2024-09-10T04:06:38Z</first_found_date>
        <last_compliance_scan_datetime>2024-09-11T09:47:04Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2024-09-11T12:04:32Z</pc_auth_success_date>
      </host>
      <host>
        <id>6144034</id>
        <ip>11.11.11.11</ip>
        <tracking_method>Cloud Agent</tracking_method>
        <dns>orac23cvm.comp.rdlab.qualys.com</dns>
        <dns_data>
          <hostname>orac23cvm</hostname>
          <domain>comp.rdlab.qualys.com</domain>
          <fqdn>orac23cvm.comp.rdlab.qualys.com</fqdn>
        </dns_data>
        <os>Oracle Enterprise Linux 9.0</os>
        <qg_hostid>a2126498-3b97-4d0c-883c-28615acbf0fb</qg_hostid>
        <last_boot>2024-09-13T08:46:06Z</last_boot>
        <serial_number>VMware-42 2e ce a2 1e 23 43 8b-9c d5 82 50 b6 f3 48 9d</serial_number>
        <hardware_uuid>a2ce2e42-231e-8b43-9cd5-8250b6f3489d</hardware_uuid>
        <first_found_date>2024-09-10T05:31:09Z</first_found_date>
        <last_activity>2024-09-16T10:46:06Z</last_activity>
        <agent_status>Inventory Scan Complete</agent_status>
        <cloud_agent_running_on>QAGENT</cloud_agent_running_on>
        <last_compliance_scan_datetime>2024-09-13T15:07:12Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2024-09-13T15:12:17Z</pc_auth_success_date>
      </host>
      <host>
        <id>6149368</id>
        <ip>11.11.11.111</ip>
        <tracking_method>IP</tracking_method>
        <os>Alibaba Cloud Linux 3</os>
        <first_found_date>2024-09-10T21:53:40Z</first_found_date>
        <last_compliance_scan_datetime>2024-09-12T06:41:52Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2024-09-12T07:02:33Z</pc_auth_success_date>
      </host>
      <host>
        <id>6162135</id>
        <ip>11.11.11.11</ip>
        <tracking_method>Cloud Agent</tracking_method>
        <dns>singlestore_test.comp.rdlab.qualys.com</dns>
        <dns_data>
          <hostname>singlestore_test</hostname>
          <domain>comp.rdlab.qualys.com</domain>
          <fqdn>singlestore_test.comp.rdlab.qualys.com</fqdn>
        </dns_data>
        <os>Oracle Enterprise Linux 8.6</os>
        <qg_hostid>24a561a4-5746-4bcb-8229-009a3d4034f2</qg_hostid>
        <last_boot>2024-09-16T09:16:42Z</last_boot>
        <serial_number>VMware-42 2e 4c 03 e3 e6 ba c1-53 66 da 59 f9 60 c4 0a</serial_number>
        <hardware_uuid>034c2e42-e6e3-c1ba-5366-da59f960c40a</hardware_uuid>
        <first_found_date>2024-09-13T09:37:09Z</first_found_date>
        <last_activity>2024-09-16T10:47:42Z</last_activity>
        <agent_status>Inventory Scan Complete</agent_status>
        <cloud_agent_running_on>QAGENT</cloud_agent_running_on>
        <last_compliance_scan_datetime>2024-09-13T14:16:06Z</last_compliance_scan_datetime>
        <pc_auth_success_date>2024-09-13T14:18:16Z</pc_auth_success_date>
      </host>
    </host_list>
  </response>
</host_list_output>        
                     

DTD UpdateDTD Update

Showing the PC authenticated success date in the DTD output.
<platform API server>/api/3.0/fo/asset/host/dtd/list/output.dtd

DTD output for PC authenticated success date is as follows:

DTD Output to show the PC authentication success date.

 <!-- QUALYS HOST_OUTPUT DTD FOR LIST ACTION-->
<!ELEMENT HOST_LIST_OUTPUT (REQUEST?,RESPONSE)>
<!ELEMENT REQUEST (DATETIME, USER_LOGIN, RESOURCE, PARAM_LIST?, POST_DATA?)>
<!ELEMENT DATETIME (#PCDATA)>
<!ELEMENT USER_LOGIN (#PCDATA)>
<!ELEMENT RESOURCE (#PCDATA)>
<!ELEMENT PARAM_LIST (PARAM+)>
<!ELEMENT PARAM (KEY, VALUE)>
<!ELEMENT KEY (#PCDATA)>
<!ELEMENT VALUE (#PCDATA)>
<!-- if returned, POST_DATA will be urlencoded -->
<!ELEMENT POST_DATA (#PCDATA)>
<!ELEMENT RESPONSE (DATETIME, (HOST_LIST|ID_SET)?, WARNING?, GLOSSARY?)>
<!ELEMENT HOST_LIST (HOST+)>
<!ELEMENT HOST (ID, ASSET_ID?, IP?, IPV6?, ASSET_RISK_SCORE?, TRURISK_SCORE?, ASSET_CRITICALITY_SCORE?, ARS_FACTORS?,TRURISK_SCORE_FACTORS?, TRACKING_METHOD?, NETWORK_ID?, OS_HOSTNAME?,
                DNS?, DNS_DATA?, CLOUD_PROVIDER?, CLOUD_SERVICE?, CLOUD_RESOURCE_ID?, EC2_INSTANCE_ID?, NETBIOS?, OS?, QG_HOSTID?, LAST_BOOT?, SERIAL_NUMBER?, HARDWARE_UUID?, FIRST_FOUND_DATE?, LAST_ACTIVITY?, AGENT_STATUS?, CLOUD_AGENT_RUNNING_ON?,TAGS?, METADATA?,
                CLOUD_PROVIDER_TAGS?, LAST_VULN_SCAN_DATETIME?, LAST_VM_SCANNED_DATE?, LAST_VM_SCANNED_DURATION?,
                LAST_VM_AUTH_SCANNED_DATE?, LAST_VM_AUTH_SCANNED_DURATION?,
                LAST_COMPLIANCE_SCAN_DATETIME?, PC_AUTH_SUCCESS_DATE?, LAST_SCAP_SCAN_DATETIME?, OWNER?, COMMENTS?, USER_DEF?, ASSET_GROUP_IDS?)>
<!ELEMENT ID (#PCDATA)>
<!ELEMENT ASSET_ID (#PCDATA)>
<!ELEMENT IP (#PCDATA)>
<!ELEMENT IPV6 (#PCDATA)>
<!ELEMENT ASSET_RISK_SCORE (#PCDATA)>
<!ELEMENT TRURISK_SCORE (#PCDATA)>
<!ELEMENT ASSET_CRITICALITY_SCORE (#PCDATA)>
<!ELEMENT ARS_FACTORS (ARS_FORMULA, VULN_COUNT*)>
<!ELEMENT ARS_FORMULA (#PCDATA)>
<!ELEMENT TRURISK_SCORE_FACTORS (TRURISK_SCORE_FORMULA, VULN_COUNT*)>
<!ELEMENT TRURISK_SCORE_FORMULA (#PCDATA)>
<!ELEMENT VULN_COUNT (#PCDATA)>
<!ATTLIST VULN_COUNT qds_severity CDATA #REQUIRED>
<!ELEMENT TRACKING_METHOD (#PCDATA)>
<!ELEMENT NETWORK_ID (#PCDATA)>
<!ELEMENT OS_HOSTNAME (#PCDATA)>
<!ELEMENT DNS (#PCDATA)>
<!ELEMENT DNS_DATA (HOSTNAME?, DOMAIN?, FQDN?)>
<!ELEMENT HOSTNAME (#PCDATA)>
<!ELEMENT DOMAIN (#PCDATA)>
<!ELEMENT FQDN (#PCDATA)>
<!ELEMENT EC2_INSTANCE_ID (#PCDATA)>
<!ELEMENT CLOUD_PROVIDER (#PCDATA)>
<!ELEMENT CLOUD_SERVICE (#PCDATA)>
<!ELEMENT CLOUD_RESOURCE_ID (#PCDATA)>
<!ELEMENT NETBIOS (#PCDATA)>
<!ELEMENT OS (#PCDATA)>
<!ELEMENT QG_HOSTID (#PCDATA)>
<!ELEMENT LAST_BOOT (#PCDATA)>
<!ELEMENT SERIAL_NUMBER (#PCDATA)>
<!ELEMENT HARDWARE_UUID (#PCDATA)>
<!ELEMENT FIRST_FOUND_DATE (#PCDATA)>
<!ELEMENT LAST_ACTIVITY (#PCDATA)>
<!ELEMENT AGENT_STATUS (#PCDATA)>
<!ELEMENT CLOUD_AGENT_RUNNING_ON (#PCDATA)>
<!ELEMENT TAGS (TAG*)>
<!ELEMENT TAG (TAG_ID?, NAME?)>
<!ELEMENT TAG_ID (#PCDATA)>
<!ELEMENT NAME (#PCDATA)>
<!ELEMENT LAST_VULN_SCAN_DATETIME (#PCDATA)>
<!ELEMENT LAST_VM_SCANNED_DATE (#PCDATA)>
<!ELEMENT LAST_VM_SCANNED_DURATION (#PCDATA)>
<!ELEMENT LAST_VM_AUTH_SCANNED_DATE (#PCDATA)>
<!ELEMENT LAST_VM_AUTH_SCANNED_DURATION (#PCDATA)>
<!ELEMENT LAST_COMPLIANCE_SCAN_DATETIME (#PCDATA)>
<!ELEMENT PC_AUTH_SUCCESS_DATE (#PCDATA)>
<!ELEMENT LAST_SCAP_SCAN_DATETIME (#PCDATA)>
<!ELEMENT OWNER (#PCDATA)>
<!ELEMENT COMMENTS (#PCDATA)>
<!ELEMENT USER_DEF (LABEL_1?, LABEL_2?, LABEL_3?, VALUE_1?, VALUE_2?, VALUE_3?)>
<!ELEMENT LABEL_1 (#PCDATA)>
<!ELEMENT LABEL_2 (#PCDATA)>
<!ELEMENT LABEL_3 (#PCDATA)>
<!ELEMENT VALUE_1 (#PCDATA)>
<!ATTLIST VALUE_1
ud_attr CDATA #REQUIRED>
<!ELEMENT VALUE_2 (#PCDATA)>
<!ATTLIST VALUE_2
ud_attr CDATA #REQUIRED>
<!ELEMENT VALUE_3 (#PCDATA)>
<!ATTLIST VALUE_3
ud_attr CDATA #REQUIRED>
<!ELEMENT METADATA (EC2|GOOGLE|AZURE)+>
<!ELEMENT EC2 (ATTRIBUTE*)>
<!ELEMENT GOOGLE (ATTRIBUTE*)>
<!ELEMENT AZURE (ATTRIBUTE*)>
<!ELEMENT ATTRIBUTE (NAME,LAST_STATUS,VALUE,LAST_SUCCESS_DATE?,LAST_ERROR_DATE?,LAST_ERROR?)>
<!ELEMENT LAST_STATUS (#PCDATA)>
<!ELEMENT LAST_SUCCESS_DATE (#PCDATA)>
<!ELEMENT LAST_ERROR_DATE (#PCDATA)>
<!ELEMENT LAST_ERROR (#PCDATA)>
<!ELEMENT CLOUD_PROVIDER_TAGS (CLOUD_TAG+)>
<!ELEMENT CLOUD_TAG (NAME, VALUE, LAST_SUCCESS_DATE)>
<!ELEMENT ASSET_GROUP_IDS (#PCDATA)>
<!ELEMENT ID_SET ((ID|ID_RANGE)+)>
<!ELEMENT ID_RANGE (#PCDATA)>
<!ELEMENT WARNING (CODE?, TEXT, URL?)>
<!ELEMENT CODE (#PCDATA)>
<!ELEMENT TEXT (#PCDATA)>
<!ELEMENT URL (#PCDATA)>
<!ELEMENT GLOSSARY (USER_DEF?, USER_LIST?, ASSET_GROUP_LIST?)>
<!ELEMENT USER_LIST (USER+)>
<!ELEMENT USER (USER_LOGIN, FIRST_NAME, LAST_NAME)>
<!ELEMENT FIRST_NAME (#PCDATA)>
<!ELEMENT LAST_NAME (#PCDATA)>
<!ELEMENT ASSET_GROUP_LIST (ASSET_GROUP+)>
<!ELEMENT ASSET_GROUP (ID, TITLE)>
<!ELEMENT TITLE (#PCDATA)>
<!-- EOF -->

List Controls API: Added the Datapoint tag to Control List

New or Updated API Updated
API Endpoint
(Deprecation Timeline-
March 2025)
/api/2.0/fo/compliance/control/
API Endpoint
(New Version)
/api/3.0/fo/compliance/control/
Method GET 
DTD or XSD changes Yes

With this release, we have added new tag titled Datapoint for all the SDC controls. This tag will be displayed in the Control API response.

There is no change in the input parameters of the API.

Sample - List ControlsSample - List Controls

API Request

curl -s -S -H 'X-Requested-With:curl demo2' -u "yyyuser:Yuser@123#" -d "action=list" "https://<qualys_base_url>/api/3.0/fo/compliance/control/" 

XML Response

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE CONTROL_LIST_OUTPUT SYSTEM "https://<qualys_base_url>/api/3.0/fo/compliance/control/control_list_output.dtd">
<CONTROL_LIST_OUTPUT>
  <RESPONSE>
    <DATETIME>2024-09-11T09:26:14Z</DATETIME>
    <CONTROL_LIST>
      <CONTROL>
      <ID>1044</ID>
        <UPDATE_DATE>2021-04-14T00:00:00Z</UPDATE_DATE>
        <CREATED_DATE>2007-10-12T00:00:00Z</CREATED_DATE>
        <CATEGORY>Access Control Requirements</CATEGORY>
        <SUB_CATEGORY><![CDATA[Authorizations (Multi-user ACL/role)]]></SUB_CATEGORY>
        <STATEMENT><![CDATA[Status of the &apos;O7_DICTIONARY_ACCESSIBILITY&apos; setting in init.ora]]></STATEMENT>
        <CRITICALITY>
          <LABEL><![CDATA[CRITICAL]]></LABEL>
          <VALUE>4</VALUE>
        </CRITICALITY>
        <TECHNOLOGY_LIST>
          <TECHNOLOGY>
            <ID>7</ID>
            <NAME>Oracle 9i</NAME>
            <RATIONALE><![CDATA[The 'O7_DICTIONARY_ACCESSIBILITY' setting allows control/restrictions to be placed on the user's SYSTEM privileges. If this parameter is set to TRUE, SYS schema access will be allowed, which is the default for Oracle operations.  Restricting this system privilege with a setting of FALSE will allow users or roles granted SELECT ANY TABLE access to objects in the normal schema, but disallow access to objects in the SYS schema, unless access is specifically granted.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>re</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[FALSE]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>8</ID>
            <NAME>Oracle 10g</NAME>
            <RATIONALE><![CDATA[The 'O7_DICTIONARY_ACCESSIBILITY' setting allows control/restrictions to be placed on the user's SYSTEM privileges. If this parameter is set to TRUE, SYS schema access will be allowed, which is the default for Oracle operations.  Restricting this system privilege with a setting of FALSE will allow users or roles granted SELECT ANY TABLE access to objects in the normal schema, but disallow access to objects in the SYS schema, unless access is specifically granted.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>re</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[FALSE]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>9</ID>
            <NAME>Oracle 11g</NAME>
            <RATIONALE><![CDATA[The 'O7_DICTIONARY_ACCESSIBILITY' setting allows control/restrictions to be placed on the user's SYSTEM privileges. If this parameter is set to TRUE, SYS schema access will be allowed, which is the default for Oracle operations.  Restricting this system privilege with a setting of FALSE will allow users or roles granted SELECT ANY TABLE access to objects in the normal schema, but disallow access to objects in the SYS schema, unless access is specifically granted.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>re</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[FALSE]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>99</ID>
            <NAME>Oracle 12c</NAME>
            <RATIONALE><![CDATA[The 'O7_DICTIONARY_ACCESSIBILITY' setting allows control/restrictions to be placed on the user's SYSTEM privileges. If this parameter is set to TRUE, SYS schema access will be allowed, which is the default for Oracle operations.  Restricting this system privilege with a setting of FALSE will allow users or roles granted SELECT ANY TABLE access to objects in the normal schema, but disallow access to objects in the SYS schema, unless access is specifically granted.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>re</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[FALSE]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>175</ID>
            <NAME>Oracle 18c</NAME>
            <RATIONALE><![CDATA[The 'O7_DICTIONARY_ACCESSIBILITY' setting allows control/restrictions to be placed on the user's SYSTEM privileges. If this parameter is set to TRUE, SYS schema access will be allowed, which is the default for Oracle operations.  Restricting this system privilege with a setting of FALSE will allow users or roles granted SELECT ANY TABLE access to objects in the normal schema, but disallow access to objects in the SYS schema, unless access is specifically granted.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>re</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[FALSE]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>310</ID>
            <NAME>Oracle 12c Multitenant</NAME>
            <RATIONALE><![CDATA[The 'O7_DICTIONARY_ACCESSIBILITY' setting allows control/restrictions to be placed on the user's SYSTEM privileges. If this parameter is set to TRUE, SYS schema access will be allowed, which is the default for Oracle operations.  Restricting this system privilege with a setting of FALSE will allow users or roles granted SELECT ANY TABLE access to objects in the normal schema, but disallow access to objects in the SYS schema, unless access is specifically granted.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>re</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[FALSE]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>311</ID>
            <NAME>Oracle 18c Multitenant</NAME>
            <RATIONALE><![CDATA[The 'O7_DICTIONARY_ACCESSIBILITY' setting allows control/restrictions to be placed on the user's SYSTEM privileges. If this parameter is set to TRUE, SYS schema access will be allowed, which is the default for Oracle operations.  Restricting this system privilege with a setting of FALSE will allow users or roles granted SELECT ANY TABLE access to objects in the normal schema, but disallow access to objects in the SYS schema, unless access is specifically granted.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>re</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[FALSE]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
        </TECHNOLOGY_LIST>
      </CONTROL>
      <CONTROL>
        <ID>1045</ID>
        <UPDATE_DATE>2018-10-12T00:00:00Z</UPDATE_DATE>
        <CREATED_DATE>2007-10-12T00:00:00Z</CREATED_DATE>
        <CATEGORY>OS Security Settings</CATEGORY>
        <SUB_CATEGORY><![CDATA[System Settings (OSI layers 6-7)]]></SUB_CATEGORY>
        <STATEMENT><![CDATA[Status of the &apos;Clipbook&apos; service (startup type)]]></STATEMENT>
        <CRITICALITY>
          <LABEL><![CDATA[SERIOUS]]></LABEL>
          <VALUE>3</VALUE>
        </CRITICALITY>
        <TECHNOLOGY_LIST>
          <TECHNOLOGY>
            <ID>1</ID>
            <NAME>Windows XP desktop</NAME>
            <RATIONALE><![CDATA[The 'Clipbook' service is used to transfer Clipboard information across the LAN and is sent in clear text.  The authentication required is a holdover from the 16-bit 'Network Dynamic Data Exchange' protocol, which is a 'network' password among systems sharing the LAN, with a default set allow READ for EVERYONE that has network access.  As this Windows service is not required for any other system operations and increases system vulnerability it should be disabled unless there is a demonstrated need for its use set by the business.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>ge</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[0]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>2</ID>
            <NAME>Windows 2003 Server</NAME>
            <RATIONALE><![CDATA[The 'Clipbook' service is used to transfer Clipboard information across the LAN and is sent in clear text.  The authentication required is a holdover from the 16-bit 'Network Dynamic Data Exchange' protocol, which is a 'network' password among systems sharing the LAN, with a default set allow READ for EVERYONE that has network access.  As this Windows service is not required for any other system operations and increases system vulnerability it should be disabled unless there is a demonstrated need for its use set by the business.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>ge</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[0]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>12</ID>
            <NAME>Windows 2000</NAME>
            <RATIONALE><![CDATA[The 'Clipbook' service is used to transfer Clipboard information across the LAN and is sent in clear text.  The authentication required is a holdover from the 16-bit 'Network Dynamic Data Exchange' protocol, which is a 'network' password among systems sharing the LAN, with a default set allow READ for EVERYONE that has network access.  As this Windows service is not required for any other system operations and increases system vulnerability it should be disabled unless there is a demonstrated need for its use set by the business.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>ge</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[0]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
        </TECHNOLOGY_LIST>
      </CONTROL>
      <CONTROL>
      <ID>1074</ID>
        <UPDATE_DATE>2022-03-10T00:00:00Z</UPDATE_DATE>
        <CREATED_DATE>2007-10-17T00:00:00Z</CREATED_DATE>
        <CATEGORY>OS Security Settings</CATEGORY>
        <SUB_CATEGORY><![CDATA[Database Settings (non-Access Control/Logging)]]></SUB_CATEGORY>
        <STATEMENT><![CDATA[The current list of ORACLE accounts that not having &apos;Maximum Tablespace Quotas&apos; set to &apos;unlimited&apos;]]></STATEMENT>
        <CRITICALITY>
          <LABEL><![CDATA[CRITICAL]]></LABEL>
          <VALUE>4</VALUE>
        </CRITICALITY>
        <TECHNOLOGY_LIST>
          <TECHNOLOGY>
            <ID>7</ID>
            <NAME>Oracle 9i</NAME>
            <RATIONALE><![CDATA[Through 'tablespace quotas,' Oracle can limit the [collective] amount of disk storage made available to objects in a schema.  This permits selective control of the space consumed by those objects according to the schema type.  Quotas should be set for each tablespace, which can eliminate resource-contention/denial-of-service conditions, such as having 'online comment' fields repeatedly filled in by a malicious user's script, eventually consuming enough disk space to cause the database to freeze.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY>is contained in</CARDINALITY>
                <OPERATOR>xre</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[0]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>8</ID>
            <NAME>Oracle 10g</NAME>
            <RATIONALE><![CDATA[Through 'tablespace quotas,' Oracle can limit the [collective] amount of disk storage made available to objects in a schema.  This permits selective control of the space consumed by those objects according to the schema type.  Quotas should be set for each tablespace, which can eliminate resource-contention/denial-of-service conditions, such as having 'online comment' fields repeatedly filled in by a malicious user's script, eventually consuming enough disk space to cause the database to freeze.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY>is contained in</CARDINALITY>
                <OPERATOR>xre</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[0]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>9</ID>
            <NAME>Oracle 11g</NAME>
            <RATIONALE><![CDATA[Through 'tablespace quotas,' Oracle can limit the [collective] amount of disk storage made available to objects in a schema.  This permits selective control of the space consumed by those objects according to the schema type.  Quotas should be set for each tablespace, which can eliminate resource-contention/denial-of-service conditions, such as having 'online comment' fields repeatedly filled in by a malicious user's script, eventually consuming enough disk space to cause the database to freeze.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY>is contained in</CARDINALITY>
                <OPERATOR>xre</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[0]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>99</ID>
            <NAME>Oracle 12c</NAME>
            <RATIONALE><![CDATA[Through 'tablespace quotas,' Oracle can limit the [collective] amount of disk storage made available to objects in a schema.  This permits selective control of the space consumed by those objects according to the schema type.  Quotas should be set for each tablespace, which can eliminate resource-contention/denial-of-service conditions, such as having 'online comment' fields repeatedly filled in by a malicious user's script, eventually consuming enough disk space to cause the database to freeze.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY>is contained in</CARDINALITY>
                <OPERATOR>xre</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[0]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
        </TECHNOLOGY_LIST>
      </CONTROL>
      <CONTROL>
       <CONTROL>
        <ID>1331</ID>
        <UPDATE_DATE>2024-04-18T00:00:00Z</UPDATE_DATE>
        <CREATED_DATE>2007-12-07T00:00:00Z</CREATED_DATE>
        <CATEGORY>OS Security Settings</CATEGORY>
        <SUB_CATEGORY><![CDATA[Network Settings (OSI Layers 2-5)]]></SUB_CATEGORY>
        <STATEMENT><![CDATA[Status of the &apos;TCP packet numbering sequence randomization&apos; (TCP_STRONG) setting]]></STATEMENT>
        <CRITICALITY>
          <LABEL><![CDATA[SERIOUS]]></LABEL>
          <VALUE>3</VALUE>
        </CRITICALITY>
        <TECHNOLOGY_LIST>
          <TECHNOLOGY>
            <ID>4</ID>
            <NAME>Solaris 9.x</NAME>
            <RATIONALE><![CDATA[The 'sequence randomization' for TCP packet numbering was designed to prevent malicious users from crafting TCP packets, that could appear to be part of a pre-existing TCP sequence from one host, while slipping in their own packets from another.  (RFC 793 provides specifics on TCP design.)  As various spoofing and hijacking attacks have been based upon the ability to predict the sequence numbers of TCP packets, the method outlined in RFC1948, using a strong algorithm to randomize TCP sequence numbers, is the most secure option available for protecting the packet sequence and should be applied as appropriate to business needs.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>eq</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[2]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>10</ID>
            <NAME>Solaris 10.x</NAME>
            <RATIONALE><![CDATA[The 'sequence randomization' for TCP packet numbering was designed to prevent malicious users from crafting TCP packets, that could appear to be part of a pre-existing TCP sequence from one host, while slipping in their own packets from another.  (RFC 793 provides specifics on TCP design.)  As various spoofing and hijacking attacks have been based upon the ability to predict the sequence numbers of TCP packets, the method outlined in RFC1948, using a strong algorithm to randomize TCP sequence numbers, is the most secure option available for protecting the packet sequence and should be applied as appropriate to business needs.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>eq</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[2]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>46</ID>
            <NAME>Solaris 11.x</NAME>
            <RATIONALE><![CDATA[The 'sequence randomization' for TCP packet numbering was designed to prevent malicious users from crafting TCP packets, that could appear to be part of a pre-existing TCP sequence from one host, while slipping in their own packets from another.  (RFC 793 provides specifics on TCP design.)  As various spoofing and hijacking attacks have been based upon the ability to predict the sequence numbers of TCP packets, the method outlined in RFC1948, using a strong algorithm to randomize TCP sequence numbers, is the most secure option available for protecting the packet sequence and should be applied as appropriate to business needs.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>ge</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[2]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
        </TECHNOLOGY_LIST>
      </CONTROL>
      <CONTROL>
        <ID>1332</ID>
        <UPDATE_DATE>2019-03-12T00:00:00Z</UPDATE_DATE>
        <CREATED_DATE>2007-12-07T00:00:00Z</CREATED_DATE>
        <CATEGORY>OS Security Settings</CATEGORY>
        <SUB_CATEGORY><![CDATA[Performance Monitoring  (All OSI Layers)]]></SUB_CATEGORY>
        <STATEMENT><![CDATA[Status of the &apos;Graphical User Interface (GUI)&apos; startup environment]]></STATEMENT>
        <CRITICALITY>
          <LABEL><![CDATA[MEDIUM]]></LABEL>
          <VALUE>2</VALUE>
        </CRITICALITY>
        <TECHNOLOGY_LIST>
          <TECHNOLOGY>
            <ID>3</ID>
            <NAME>Red Hat Enterprise Linux 3/4</NAME>
            <RATIONALE><![CDATA[The graphical user interface (GUI) is set up through the kernel and provides windowing system, such as GNOME or KDE, which can be used to conduct host operations.  As the X-windows services used for supporting the GUI operations have been compromised by a number of exploits, use of the GUI and its associated processes should be disabled or restricted and used only where a clear business need is determined to exist.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>eq</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[3]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>4</ID>
            <NAME>Solaris 9.x</NAME>
            <RATIONALE><![CDATA[The graphical user interface (GUI) is set up through the kernel and provides windowing system, such as GNOME or KDE, which can be used to conduct host operations.  As the X-windows services used for supporting the GUI operations have been compromised by a number of exploits, use of the GUI and its associated processes should be disabled or restricted and used only where a clear business need is determined to exist.  (S99dtlogin)]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>ge</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[0]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>5</ID>
            <NAME>HPUX 11.iv1</NAME>
            <RATIONALE><![CDATA[The graphical user interface (GUI) is set up through the kernel and provides windowing system, such as GNOME or KDE, which can be used to conduct host operations.  As the X-windows services used for supporting the GUI operations have been compromised by a number of exploits, use of the GUI and its associated processes should be disabled or restricted and used only where a clear business need is determined to exist.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>re</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[(^DESKTOP=$|161803399999999|314159265358979)]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>11</ID>
            <NAME>Red Hat Enterprise Linux 5.x</NAME>
            <RATIONALE><![CDATA[The graphical user interface (GUI) is set up through the kernel and provides windowing system, such as GNOME or KDE, which can be used to conduct host operations.  As the X-windows services used for supporting the GUI operations have been compromised by a number of exploits, use of the GUI and its associated processes should be disabled or restricted and used only where a clear business need is determined to exist.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>eq</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[3]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>13</ID>
            <NAME>HPUX 11.iv2</NAME>
            <RATIONALE><![CDATA[The graphical user interface (GUI) is set up through the kernel and provides windowing system, such as GNOME or KDE, which can be used to conduct host operations.  As the X-windows services used for supporting the GUI operations have been compromised by a number of exploits, use of the GUI and its associated processes should be disabled or restricted and used only where a clear business need is determined to exist.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>re</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[(^DESKTOP=$|161803399999999|314159265358979)]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>14</ID>
            <NAME>Solaris 8.x</NAME>
            <RATIONALE><![CDATA[The graphical user interface (GUI) is set up through the kernel and provides windowing system, such as GNOME or KDE, which can be used to conduct host operations.  As the X-windows services used for supporting the GUI operations have been compromised by a number of exploits, use of the GUI and its associated processes should be disabled or restricted and used only where a clear business need is determined to exist.  (S99dtlogin)]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>ge</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[0]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>15</ID>
            <NAME>SUSE Linux Enterprise 9/10</NAME>
            <RATIONALE><![CDATA[The graphical user interface (GUI) is set up through the kernel and provides windowing system, such as GNOME or KDE, which can be used to conduct host operations.  As the X-windows services used for supporting the GUI operations have been compromised by a number of exploits, use of the GUI and its associated processes should be disabled or restricted and used only where a clear business need is determined to exist.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>eq</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[3]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>25</ID>
            <NAME>CentOS 4.x</NAME>
            <RATIONALE><![CDATA[The graphical user interface (GUI) is set up through the kernel and provides windowing system, such as GNOME or KDE, which can be used to conduct host operations.  As the X-windows services used for supporting the GUI operations have been compromised by a number of exploits, use of the GUI and its associated processes should be disabled or restricted and used only where a clear business need is determined to exist.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>eq</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[3]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>26</ID>
            <NAME>CentOS 5.x</NAME>
            <RATIONALE><![CDATA[The graphical user interface (GUI) is set up through the kernel and provides windowing system, such as GNOME or KDE, which can be used to conduct host operations.  As the X-windows services used for supporting the GUI operations have been compromised by a number of exploits, use of the GUI and its associated processes should be disabled or restricted and used only where a clear business need is determined to exist.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>eq</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[3]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>27</ID>
            <NAME>Debian GNU/Linux 5.x</NAME>
            <RATIONALE><![CDATA[The graphical user interface (GUI) is set up through the kernel and provides windowing system, such as GNOME or KDE, which can be used to conduct host operations.  As the X-windows services used for supporting the GUI operations have been compromised by a number of exploits, use of the GUI and its associated processes should be disabled or restricted and used only where a clear business need is determined to exist.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY>matches</CARDINALITY>
                <OPERATOR>xre</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[.*]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>33</ID>
            <NAME>Oracle Enterprise Linux 4.x</NAME>
            <RATIONALE><![CDATA[The graphical user interface (GUI) is set up through the kernel and provides windowing system, such as GNOME or KDE, which can be used to conduct host operations.  As the X-windows services used for supporting the GUI operations have been compromised by a number of exploits, use of the GUI and its associated processes should be disabled or restricted and used only where a clear business need is determined to exist.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>eq</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[3]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>34</ID>
            <NAME>Oracle Enterprise Linux 5.x</NAME>
            <RATIONALE><![CDATA[The graphical user interface (GUI) is set up through the kernel and provides windowing system, such as GNOME or KDE, which can be used to conduct host operations.  As the X-windows services used for supporting the GUI operations have been compromised by a number of exploits, use of the GUI and its associated processes should be disabled or restricted and used only where a clear business need is determined to exist.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>eq</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[3]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>35</ID>
            <NAME>AIX 6.x</NAME>
            <RATIONALE><![CDATA[The graphical user interface (GUI) is set up through the kernel and provides windowing system, such as GNOME or KDE, which can be used to conduct host operations.  As the X-windows services used for supporting the GUI operations have been compromised by a number of exploits, use of the GUI and its associated processes should be disabled or restricted and used only where a clear business need is determined to exist.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>eq</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[2]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>36</ID>
            <NAME>HPUX 11.iv3</NAME>
            <RATIONALE><![CDATA[The graphical user interface (GUI) is set up through the kernel and provides windowing system, such as GNOME or KDE, which can be used to conduct host operations.  As the X-windows services used for supporting the GUI operations have been compromised by a number of exploits, use of the GUI and its associated processes should be disabled or restricted and used only where a clear business need is determined to exist.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>re</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[.*]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>38</ID>
            <NAME>SUSE Linux Enterprise 11.x</NAME>
            <RATIONALE><![CDATA[The graphical user interface (GUI) is set up through the kernel and provides windowing system, such as GNOME or KDE, which can be used to conduct host operations.  As the X-windows services used for supporting the GUI operations have been compromised by a number of exploits, use of the GUI and its associated processes should be disabled or restricted and used only where a clear business need is determined to exist.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>ge</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[0]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>43</ID>
            <NAME>CentOS 6.x</NAME>
            <RATIONALE><![CDATA[The graphical user interface (GUI) is set up through the kernel and provides windowing system, such as GNOME or KDE, which can be used to conduct host operations.  As the X-windows services used for supporting the GUI operations have been compromised by a number of exploits, use of the GUI and its associated processes should be disabled or restricted and used only where a clear business need is determined to exist.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>ge</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[0]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>44</ID>
            <NAME>Oracle Enterprise Linux 6.x</NAME>
            <RATIONALE><![CDATA[The graphical user interface (GUI) is set up through the kernel and provides windowing system, such as GNOME or KDE, which can be used to conduct host operations.  As the X-windows services used for supporting the GUI operations have been compromised by a number of exploits, use of the GUI and its associated processes should be disabled or restricted and used only where a clear business need is determined to exist.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>ge</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[0]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>45</ID>
            <NAME>Red Hat Enterprise Linux 6.x</NAME>
            <RATIONALE><![CDATA[The graphical user interface (GUI) is set up through the kernel and provides windowing system, such as GNOME or KDE, which can be used to conduct host operations.  As the X-windows services used for supporting the GUI operations have been compromised by a number of exploits, use of the GUI and its associated processes should be disabled or restricted and used only where a clear business need is determined to exist.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>ge</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[0]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>52</ID>
            <NAME>AIX 7.x</NAME>
            <RATIONALE><![CDATA[The graphical user interface (GUI) is set up through the kernel and provides windowing system, such as GNOME or KDE, which can be used to conduct host operations.  As the X-windows services used for supporting the GUI operations have been compromised by a number of exploits, use of the GUI and its associated processes should be disabled or restricted and used only where a clear business need is determined to exist.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>eq</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[2]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>81</ID>
            <NAME>Red Hat Enterprise Linux 7.x</NAME>
            <RATIONALE><![CDATA[The graphical user interface (GUI) is set up through the kernel and provides windowing system, such as GNOME or KDE, which can be used to conduct host operations.  As the X-windows services used for supporting the GUI operations have been compromised by a number of exploits, use of the GUI and its associated processes should be disabled or restricted and used only where a clear business need is determined to exist.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>ge</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[0]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>94</ID>
            <NAME>SUSE Linux Enterprise 12.x</NAME>
            <RATIONALE><![CDATA[The graphical user interface (GUI) is set up through the kernel and provides windowing system, such as GNOME or KDE, which can be used to conduct host operations.  As the X-windows services used for supporting the GUI operations have been compromised by a number of exploits, use of the GUI and its associated processes should be disabled or restricted and used only where a clear business need is determined to exist.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>ge</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[0]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
          <TECHNOLOGY>
            <ID>96</ID>
            <NAME>Ubuntu 14.x</NAME>
            <RATIONALE><![CDATA[The graphical user interface (GUI) is set up through the kernel and provides windowing system, such as GNOME or KDE, which can be used to conduct host operations.  As the X-windows services used for supporting the GUI operations have been compromised by a number of exploits, use of the GUI and its associated processes should be disabled or restricted and used only where a clear business need is determined to exist.]]></RATIONALE>
            <DATAPOINT>
                <CARDINALITY/>
                <OPERATOR>ge</OPERATOR>
                <DEFAULT_VALUES total="1">
                    <DEFAULT_VALUE><![CDATA[0]]></DEFAULT_VALUE>
                </DEFAULT_VALUES>
            </DATAPOINT>
          </TECHNOLOGY>
        </TECHNOLOGY_LIST>
      </CONTROL>
      </CONTROL_LIST>
  </RESPONSE>
</CONTROL_LIST_OUTPUT>