Qualys Enterprise TruRisk™ Platform Release 10.33 API
March 26, 2025
Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.
We have implemented versioning for APIs. For more information on API versioning, refer to the Introducing API Versioning: A Strategic Upgrade for Enhanced Stability and Control for API Integrations blog.
Qualys Vulnerability Management (VM)
Added MITRE ATT&CK in Scan Template and Host Detection List API
With this release, we have added MITRE ATT&CK Tactics and Technique details in the scan template and host detection list API. Previously, it was available on the Prioritization tab of Qualys Vulnerability Management, Detection, and Response (VMDR), which is now extended to the API. This helps to prioritize vulnerabilities and detections based on the associated MITRE techniques, enabling more effective remediation strategies.
-
Scan Template API: Enhancement in the Scan Template
New or Updated API Updated API Endpoint (deprecation Timeline - September 2025) /api/2.0/fo/report/template/scan/
API Endpoint
(New Version)/api/3.0/fo/report/template/scan/
Method GET, POST DTD or XSD changes No With this release, you can now create, update, delete, and export scan templates for MITRE ATT&CK details (MITRE Tactic and Technique Details). This enhances threat detection accuracy by aligning scans with known adversary tactics and techniques.
Input ParameterInput Parameter
Parameter
NameRequired/
OptionalData
TypeDescription mitre_attack_details={0|1} Optional Integer Specify 1 to display the MITRE Att&CK details (MITRE ATT&CK Tactic Name, MITRE ATT&CK Tactic ID, MITRE ATT&CK Technique Name, MITRE ATT&CK Technique ID ) in the API response , else 0. By default, the value is set to 0. Sample - Create a scan templateSample - Create a scan template
API Request
curl --location 'https://<qualys_base_url>/api/3.0/fo/report/template/scan/?action=create&report_format=xml' \
--header 'X-Requested-With: curl' \
--header 'Content-Type: text/xml' \
--header 'Authorization: encoded username:passwordstring' \
--data '<?xml version="1.0" encoding="UTF-8" ?>API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "https://<qualys_base_url>/api/3.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2025-03-04T06:04:28Z</DATETIME>
<TEXT>Scan Report Template(s) Successfully Created.</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>ID</KEY>
<VALUE>3038061</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>Sample - Update a scan templateSample - Update a scan template
API Request
curl --location 'https://<qualys_base_url>/api/3.0/fo/report/template/scan/?action=update&report_format=xml&template_id=3038062' \
--header 'X-Requested-With: curl' \
--header 'content-type: text/xml' \
--header 'Authorization: encoded username:passwordstring' \
--data '<?xml version="1.0" encoding="UTF-8" ?>API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "https://<qualys_base_url>/api/3.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2025-03-04T06:10:09Z</DATETIME>
<TEXT>Scan Report Template Successfully Updated.</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>ID</KEY>
<VALUE>3038062</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>Sample - Export a scan templateSample - Export a scan template
API Request
curl --location 'https://<qualys_base_url>/api/3.0/fo/report/template/scan/?action=export&report_format=xml&template_id=3037411' \
--header 'X-Requested-With: curl' \
--header 'Authorization: encoded username:passwordstring'API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE REPORTTEMPLATE SYSTEM "https://<qualys_base_url>/api/3.0/fo/report/template/scan/scanreporttemplate_info.dtd">
<REPORTTEMPLATE>
<SCANTEMPLATE>
<TITLE>
<INFO key="template_id">
<![CDATA[3037411]]>
</INFO>
<INFO key="title">
<![CDATA[API_vapmpdsomiPT]]>
</INFO>
<INFO key="owner">
<![CDATA[895512]]>
</INFO>
</TITLE>
<TARGET>
<INFO key="scan_selection">
<![CDATA[HostBased]]>
</INFO>
<INFO key="include_trending">
<![CDATA[0]]>
</INFO>
<INFO key="asset_groups">
<![CDATA[All]]>
</INFO>
<INFO key="network">
<![CDATA[]]>
</INFO>
<INFO key="ips">
<![CDATA[]]>
</INFO>
<INFO key="host_with_cloud_agents">
<![CDATA[]]>
</INFO>
</TARGET>
<DISPLAY>
<INFO key="graph_business_risk">
<![CDATA[0]]>
</INFO>
<INFO key="graph_vuln_over_time">
<![CDATA[0]]>
</INFO>
<INFO key="display_text_summary">
<![CDATA[1]]>
</INFO>
<INFO key="graph_status">
<![CDATA[0]]>
</INFO>
<INFO key="graph_potential_status">
<![CDATA[0]]>
</INFO>
<INFO key="graph_severity">
<![CDATA[0]]>
</INFO>
<INFO key="graph_potential_severity">
<![CDATA[0]]>
</INFO>
<INFO key="graph_ig_severity">
<![CDATA[0]]>
</INFO>
<INFO key="graph_top_categories">
<![CDATA[0]]>
</INFO>
<INFO key="graph_top_vulns">
<![CDATA[0]]>
</INFO>
<INFO key="graph_os">
<![CDATA[0]]>
</INFO>
<INFO key="graph_services">
<![CDATA[0]]>
</INFO>
<INFO key="graph_top_ports">
<![CDATA[0]]>
</INFO>
<INFO key="display_custom_footer">
<![CDATA[0]]>
</INFO>
<INFO key="display_custom_footer_text">
<![CDATA[]]>
</INFO>
<INFO key="sort_by">
<![CDATA[host]]>
</INFO>
<INFO key="cvss">
<![CDATA[all]]>
</INFO>
<INFO key="host_details">
<![CDATA[0]]>
</INFO>
<INFO key="host_ag_details">
<![CDATA[0]]>
</INFO>
<INFO key="qualys_system_ids">
<![CDATA[0]]>
</INFO>
<INFO key="include_text_summary">
<![CDATA[0]]>
</INFO>
<INFO key="include_vuln_details">
<![CDATA[1]]>
</INFO>
<INFO key="include_vuln_details_threat">
<![CDATA[1]]>
</INFO>
<INFO key="include_vuln_details_impact">
<![CDATA[0]]>
</INFO>
<INFO key="include_vuln_details_solution">
<![CDATA[1]]>
</INFO>
<INFO key="include_vuln_details_vpatch">
<![CDATA[0]]>
</INFO>
<INFO key="include_vuln_details_compliance">
<![CDATA[1]]>
</INFO>
<INFO key="include_vuln_details_exploit">
<![CDATA[0]]>
</INFO>
<INFO key="include_vuln_details_malware">
<![CDATA[0]]>
</INFO>
<INFO key="include_vuln_details_results">
<![CDATA[0]]>
</INFO>
<INFO key="include_vuln_details_appendix">
<![CDATA[1]]>
</INFO>
<INFO key="exclude_account_id">
<![CDATA[0]]>
</INFO>
<INFO key="include_vuln_details_reopened">
<![CDATA[0]]>
</INFO>
<INFO key="metadata_ec2_instances">
<![CDATA[0]]>
</INFO>
<INFO key="cloud_provider_metadata">
<![CDATA[0]]>
</INFO>
<INFO key="mitre_attack_details">
<![CDATA[1]]>
</INFO>
</DISPLAY>
<FILTER>
<INFO key="selective_vulns">
<![CDATA[complete]]>
</INFO>
<INFO key="search_list_ids">
<![CDATA[]]>
</INFO>
<INFO key="exclude_qid_option">
<![CDATA[0]]>
</INFO>
<INFO key="exclude_search_list_ids">
<![CDATA[]]>
</INFO>
<INFO key="included_os">
<![CDATA[ALL]]>
</INFO>
<INFO key="status_new">
<![CDATA[1]]>
</INFO>
<INFO key="status_active">
<![CDATA[1]]>
</INFO>
<INFO key="status_reopen">
<![CDATA[1]]>
</INFO>
<INFO key="status_fixed">
<![CDATA[0]]>
</INFO>
<INFO key="vuln_active">
<![CDATA[1]]>
</INFO>
<INFO key="vuln_disabled">
<![CDATA[0]]>
</INFO>
<INFO key="vuln_ignored">
<![CDATA[0]]>
</INFO>
<INFO key="potential_active">
<![CDATA[1]]>
</INFO>
<INFO key="potential_disabled">
<![CDATA[0]]>
</INFO>
<INFO key="potential_ignored">
<![CDATA[0]]>
</INFO>
<INFO key="ig_active">
<![CDATA[1]]>
</INFO>
<INFO key="ig_disabled">
<![CDATA[0]]>
</INFO>
<INFO key="ig_ignored">
<![CDATA[0]]>
</INFO>
<INFO key="display_non_running_kernels">
<![CDATA[0]]>
</INFO>
<INFO key="exclude_non_running_kernel">
<![CDATA[0]]>
</INFO>
<INFO key="exclude_non_running_services">
<![CDATA[0]]>
</INFO>
<INFO key="exclude_superceded_patches">
<![CDATA[0]]>
</INFO>
<INFO key="exclude_qids_not_exploitable_due_to_configuration">
<![CDATA[0]]>
</INFO>
<INFO key="categories_list">
<![CDATA[ALL]]>
</INFO>
<INFO key="vuln_source_qualys">
<![CDATA[1]]>
</INFO>
<INFO key="vuln_source_thirdparty">
<![CDATA[0]]>
</INFO>
<INFO key="qds_score_min">
<![CDATA[]]>
</INFO>
<INFO key="qds_score_max">
<![CDATA[]]>
</INFO>
</FILTER>
<SERVICESPORTS>
<INFO key="required_services">
<![CDATA[]]>
</INFO>
<INFO key="unauthorized_services">
<![CDATA[]]>
</INFO>
<INFO key="services_info">
<![CDATA[]]>
</INFO>
<INFO key="required_ports">
<![CDATA[]]>
</INFO>
<INFO key="unauthorized_ports">
<![CDATA[]]>
</INFO>
</SERVICESPORTS>
<USERACCESS>
<INFO key="global">
<![CDATA[0]]>
</INFO>
<INFO key="report_access_users">
<![CDATA[]]>
</INFO>
</USERACCESS>
</SCANTEMPLATE>
</REPORTTEMPLATE>Sample - Delete a scan templateSample - Delete a scan template
API Request
curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl" -d "action=delete&template_id=8209""https:// <qualys_base_url>/api/3.0/fo/report/template/scan/"
API Response
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE SIMPLE_RETURN SYSTEM "https:// <qualys_base_url>/api/3.0/simple_return.dtd"> <SIMPLE_RETURN> <RESPONSE> <DATETIME>2017-04-04T10:54:37Z</DATETIME> <CODE>Scan Report Template(s) Deleted Successfully [8209]</CODE> <TEXT></TEXT> </RESPONSE> </SIMPLE_RETURN>
-
Host Detection List API: Display of MITRE ATT&CK Details
New or Updated API Updated API Endpoint (deprecation Timeline - September 2025) /api/3.0/fo/asset/host/vm/detection/
API Endpoint
(New Version)/api/4.0/fo/asset/host/vm/detection/
Method GET DTD or XSD changes Yes With this release, we have introduced the following 4 new tags in the response:
- MITRE_TACTIC_NAME
- MITRE_TECHNIQUE_NAME
- MITRE_TACTIC_ID
- MITRE_TECHNIQUE_ID
This displays the MITRE ATT&CK details associated with QID. This enables more informed decision-making in threat detection, response, and mitigation and also validates your organization’s adherence to MITRE compliance.
Input ParameterInput Parameter
Parameter
NameRequired/
OptionalData
TypeDescription mitre_attack_details={0|1} Optional Integer Specify 1 to display the MITRE Att&CK details (MITRE ATT&CK Tactic Name, MITRE ATT&CK Tactic ID, MITRE ATT&CK Technique Name, MITRE ATT&CK Technique ID ) in the API response , else 0. By default, the value is set to 0. Sample - List the MITRE detailsSample - List the MITRE details
API Request
curl --location 'https://<qualys_base_url>/api/4.0/fo/asset/host/vm/detection/?action=list&output_format=XML&mitre_attack_details=1' \
--header 'X-Requested-With: curl demo2' \
--header 'Authorization: encoded username:passwordstring'API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE HOST_LIST_VM_DETECTION_OUTPUT SYSTEM "https://<qualys_base_url>/api/4.0/fo/asset/host/vm/detection/dtd/output.dtd">
<HOST_LIST_VM_DETECTION_OUTPUT>
<RESPONSE>
<DATETIME>2025-03-04T07:30:28Z</DATETIME>
<!-- keep-alive for HOST_LIST_VM_DETECTION_OUTPUT -->
<HOST_LIST>
<!-- keep-alive for HOST_LIST_VM_DETECTION_OUTPUT -->
<HOST>
<ID>6553022</ID>
<IP>11.111.11.111</IP>
<TRACKING_METHOD>AGENT</TRACKING_METHOD>
<OS>
<![CDATA[Windows 10 Pro N 64 bit Edition Version 22H2]]>
</OS>
<DNS>
<![CDATA[solution2]]>
</DNS>
<DNS_DATA>
<HOSTNAME>
<![CDATA[solution2]]>
</HOSTNAME>
<DOMAIN />
<FQDN />
</DNS_DATA>
<NETBIOS>
<![CDATA[SOLUTION2]]>
</NETBIOS>
<QG_HOSTID>
<![CDATA[311ee428-62a0-4604-b9f9-d874c1efbd88]]>
</QG_HOSTID>
<LAST_SCAN_DATETIME>2025-03-04T04:08:01Z</LAST_SCAN_DATETIME>
<LAST_VM_SCANNED_DATE>2025-03-04T04:07:51Z</LAST_VM_SCANNED_DATE>
<LAST_VM_SCANNED_DURATION>238</LAST_VM_SCANNED_DURATION>
<LAST_VM_AUTH_SCANNED_DATE>2025-03-04T04:07:51Z</LAST_VM_AUTH_SCANNED_DATE>
<DETECTION_LIST>
<DETECTION>
<UNIQUE_VULN_ID>66009800</UNIQUE_VULN_ID>
<QID>378827</QID>
<TYPE>Confirmed</TYPE>
<SEVERITY>4</SEVERITY>
<SSL>0</SSL>
<RESULTS>
<![CDATA[C:\Program Files\VMware\VMware Tools\vmtoolsd.exe Version is 12.2.6.44976]]>
</RESULTS>
<STATUS>Active</STATUS>
<FIRST_FOUND_DATETIME>2024-12-18T09:59:37Z</FIRST_FOUND_DATETIME>
<LAST_FOUND_DATETIME>2025-03-04T04:07:51Z</LAST_FOUND_DATETIME>
<SOURCE>QUALYS</SOURCE>
<MITRE_TACTIC_NAME>credential-access</MITRE_TACTIC_NAME>
<MITRE_TECHNIQUE_NAME>Exploitation for Credential Access</MITRE_TECHNIQUE_NAME>
<MITRE_TACTIC_ID>TA0006</MITRE_TACTIC_ID>
<MITRE_TECHNIQUE_ID>T1212</MITRE_TECHNIQUE_ID>
<TIMES_FOUND>305</TIMES_FOUND>
<LAST_TEST_DATETIME>2025-03-04T04:07:51Z</LAST_TEST_DATETIME>
<LAST_UPDATE_DATETIME>2025-03-04T04:08:01Z</LAST_UPDATE_DATETIME>
<IS_IGNORED>0</IS_IGNORED>
<IS_DISABLED>0</IS_DISABLED>
<LAST_PROCESSED_DATETIME>2025-03-04T04:08:01Z</LAST_PROCESSED_DATETIME>
</DETECTION>
<DETECTION>
<UNIQUE_VULN_ID>66010782</UNIQUE_VULN_ID>
<QID>380293</QID>
<TYPE>Confirmed</TYPE>
<SEVERITY>4</SEVERITY>
<SSL>0</SSL>
<RESULTS>
<![CDATA[C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Version is 92.0.902.67]]>
</RESULTS>
<STATUS>Active</STATUS>
<FIRST_FOUND_DATETIME>2024-12-18T09:59:37Z</FIRST_FOUND_DATETIME>
<LAST_FOUND_DATETIME>2025-03-04T04:07:51Z</LAST_FOUND_DATETIME>
<SOURCE>QUALYS</SOURCE>
<MITRE_TACTIC_NAME>lateral-movement, execution, privilege-escalation</MITRE_TACTIC_NAME>
<MITRE_TECHNIQUE_NAME>Exploitation of Remote Services, Exploitation for Client Execution, Exploitation for Privilege Escalation</MITRE_TECHNIQUE_NAME>
<MITRE_TACTIC_ID>TA0008, TA0002, TA0004</MITRE_TACTIC_ID>
<MITRE_TECHNIQUE_ID>T1210, T1203, T1068</MITRE_TECHNIQUE_ID>
<TIMES_FOUND>305</TIMES_FOUND>
<LAST_TEST_DATETIME>2025-03-04T04:07:51Z</LAST_TEST_DATETIME>
<LAST_UPDATE_DATETIME>2025-03-04T04:08:01Z</LAST_UPDATE_DATETIME>
<IS_IGNORED>0</IS_IGNORED>
<IS_DISABLED>0</IS_DISABLED>
<LAST_PROCESSED_DATETIME>2025-03-04T04:08:01Z</LAST_PROCESSED_DATETIME>
</DETECTION>
<DETECTION>
<UNIQUE_VULN_ID>66307447</UNIQUE_VULN_ID>
<QID>380734</QID>
<TYPE>Confirmed</TYPE>
<SEVERITY>4</SEVERITY>
<SSL>0</SSL>
<RESULTS>
<![CDATA[C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Version is 92.0.902.67]]>
</RESULTS>
<STATUS>Active</STATUS>
<FIRST_FOUND_DATETIME>2025-02-03T12:29:55Z</FIRST_FOUND_DATETIME>
<LAST_FOUND_DATETIME>2025-03-04T04:07:51Z</LAST_FOUND_DATETIME>
<SOURCE>QUALYS</SOURCE>
<MITRE_TACTIC_NAME>lateral-movement, execution</MITRE_TACTIC_NAME>
<MITRE_TECHNIQUE_NAME>Exploitation of Remote Services, Exploitation for Client Execution</MITRE_TECHNIQUE_NAME>
<MITRE_TACTIC_ID>TA0008, TA0002</MITRE_TACTIC_ID>
<MITRE_TECHNIQUE_ID>T1210, T1203</MITRE_TECHNIQUE_ID>
<TIMES_FOUND>104</TIMES_FOUND>
<LAST_TEST_DATETIME>2025-03-04T04:07:51Z</LAST_TEST_DATETIME>
<LAST_UPDATE_DATETIME>2025-03-04T04:08:01Z</LAST_UPDATE_DATETIME>
<IS_IGNORED>0</IS_IGNORED>
<IS_DISABLED>0</IS_DISABLED>
<LAST_PROCESSED_DATETIME>2025-03-04T04:08:01Z</LAST_PROCESSED_DATETIME>
</DETECTION>
<DETECTION>
<UNIQUE_VULN_ID>66307454</UNIQUE_VULN_ID>
<QID>382524</QID>
<TYPE>Confirmed</TYPE>
<SEVERITY>4</SEVERITY>
<SSL>0</SSL>
<RESULTS>
<![CDATA[C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Version is 92.0.902.67]]>
</RESULTS>
<STATUS>Active</STATUS>
<FIRST_FOUND_DATETIME>2025-02-03T12:29:55Z</FIRST_FOUND_DATETIME>
<LAST_FOUND_DATETIME>2025-03-04T04:07:51Z</LAST_FOUND_DATETIME>
<SOURCE>QUALYS</SOURCE>
<MITRE_TACTIC_NAME>execution</MITRE_TACTIC_NAME>
<MITRE_TECHNIQUE_NAME>Exploitation for Client Execution</MITRE_TECHNIQUE_NAME>
<MITRE_TACTIC_ID>TA0002</MITRE_TACTIC_ID>
<MITRE_TECHNIQUE_ID>T1203</MITRE_TECHNIQUE_ID>
<TIMES_FOUND>104</TIMES_FOUND>
<LAST_TEST_DATETIME>2025-03-04T04:07:51Z</LAST_TEST_DATETIME>
<LAST_UPDATE_DATETIME>2025-03-04T04:08:01Z</LAST_UPDATE_DATETIME>
<IS_IGNORED>0</IS_IGNORED>
<IS_DISABLED>0</IS_DISABLED>
<LAST_PROCESSED_DATETIME>2025-03-04T04:08:01Z</LAST_PROCESSED_DATETIME>
</DETECTION>
<DETECTION>
<UNIQUE_VULN_ID>66307462</UNIQUE_VULN_ID>
<QID>382691</QID>
<TYPE>Confirmed</TYPE>
<SEVERITY>4</SEVERITY>
<SSL>0</SSL>
<RESULTS>
<![CDATA[C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Version is 92.0.902.67]]>
</RESULTS>
<STATUS>Active</STATUS>
<FIRST_FOUND_DATETIME>2025-02-03T12:29:55Z</FIRST_FOUND_DATETIME>
<LAST_FOUND_DATETIME>2025-03-04T04:07:51Z</LAST_FOUND_DATETIME>
<SOURCE>QUALYS</SOURCE>
<MITRE_TACTIC_NAME>execution</MITRE_TACTIC_NAME>
<MITRE_TECHNIQUE_NAME>Exploitation for Client Execution</MITRE_TECHNIQUE_NAME>
<MITRE_TACTIC_ID>TA0002</MITRE_TACTIC_ID>
<MITRE_TECHNIQUE_ID>T1203</MITRE_TECHNIQUE_ID>
<TIMES_FOUND>104</TIMES_FOUND>
<LAST_TEST_DATETIME>2025-03-04T04:07:51Z</LAST_TEST_DATETIME>
<LAST_UPDATE_DATETIME>2025-03-04T04:08:01Z</LAST_UPDATE_DATETIME>
<IS_IGNORED>0</IS_IGNORED>
<IS_DISABLED>0</IS_DISABLED>
<LAST_PROCESSED_DATETIME>2025-03-04T04:08:01Z</LAST_PROCESSED_DATETIME>
</DETECTION>
</DETECTION_LIST>
</HOST>
</HOST_LIST>
</RESPONSE>
</HOST_LIST_VM_DETECTION_OUTPUT>DTD OutputDTD Output
A DTD for the Host Detection List API has been added.
<platform API server> /api/4.0/fo/asset/host/vm/detection/dtd/output.dtdDTD output for the Host Detection List API is as follows:
DTD Output
<!-- QUALYS HOST_LIST_VM_DETECTION_OUTPUT DTD -->
<!ELEMENT HOST_LIST_VM_DETECTION_OUTPUT (REQUEST?,RESPONSE)>
<!ELEMENT REQUEST (DATETIME, USER_LOGIN, RESOURCE, PARAM_LIST?, POST_DATA?)>
<!ELEMENT DATETIME (#PCDATA)>
<!ELEMENT USER_LOGIN (#PCDATA)>
<!ELEMENT RESOURCE (#PCDATA)>
<!ELEMENT PARAM_LIST (PARAM+)>
<!ELEMENT PARAM (KEY, VALUE)>
<!ELEMENT KEY (#PCDATA)>
<!ELEMENT VALUE (#PCDATA)>
<!-- if returned, POST_DATA will be urlencoded -->
<!ELEMENT POST_DATA (#PCDATA)>
<!ELEMENT RESPONSE (DATETIME, HOST_LIST?, WARNING?)>
<!ELEMENT HOST_LIST (HOST+)>
<!ELEMENT HOST (ID, ASSET_ID?, IP?, IPV6?, TRACKING_METHOD?, ASSET_GROUP_LIST?, NETWORK_ID?, NETWORK_NAME?, OS_HOSTNAME?,
OS?, OS_CPE?, DNS?, DNS_DATA?, CLOUD_PROVIDER?, CLOUD_SERVICE?, CLOUD_RESOURCE_ID?, EC2_INSTANCE_ID?, NETBIOS?, QG_HOSTID?,
LAST_SCAN_DATETIME?, LAST_VM_SCANNED_DATE?,
LAST_VM_SCANNED_DURATION?, LAST_VM_AUTH_SCANNED_DATE?,
LAST_VM_AUTH_SCANNED_DURATION?, LAST_PC_SCANNED_DATE?, TAGS?, METADATA?, CLOUD_PROVIDER_TAGS?, DETECTION_LIST)>
<!ELEMENT ID (#PCDATA)>
<!ELEMENT ASSET_ID (#PCDATA)>
<!ELEMENT IP (#PCDATA)>
<!ELEMENT IPV6 (#PCDATA)>
<!ELEMENT TRACKING_METHOD (#PCDATA)>
<!ELEMENT ASSET_GROUP_LIST (EMPTY|ASSET_GROUP)*>
<!ELEMENT ASSET_GROUP (ID, TITLE)>
<!ELEMENT TITLE (#PCDATA)>
<!ELEMENT NETWORK_ID (#PCDATA)>
<!ELEMENT NETWORK_NAME (#PCDATA)>
<!ELEMENT OS_HOSTNAME (#PCDATA)>
<!ELEMENT OS (#PCDATA)>
<!ELEMENT OS_CPE (#PCDATA)>
<!ELEMENT DNS (#PCDATA)>
<!ELEMENT DNS_DATA (HOSTNAME?, DOMAIN?, FQDN?)>
<!ELEMENT HOSTNAME (#PCDATA)>
<!ELEMENT DOMAIN (#PCDATA)>
<!ELEMENT FQDN (#PCDATA)>
<!ELEMENT CLOUD_PROVIDER (#PCDATA)>
<!ELEMENT CLOUD_SERVICE (#PCDATA)>
<!ELEMENT CLOUD_RESOURCE_ID (#PCDATA)>
<!ELEMENT EC2_INSTANCE_ID (#PCDATA)>
<!ELEMENT NETBIOS (#PCDATA)>
<!ELEMENT QG_HOSTID (#PCDATA)>
<!ELEMENT LAST_SCAN_DATETIME (#PCDATA)>
<!ELEMENT LAST_VM_SCANNED_DATE (#PCDATA)>
<!ELEMENT LAST_VM_SCANNED_DURATION (#PCDATA)>
<!ELEMENT LAST_VM_AUTH_SCANNED_DATE (#PCDATA)>
<!ELEMENT LAST_VM_AUTH_SCANNED_DURATION (#PCDATA)>
<!ELEMENT LAST_PC_SCANNED_DATE (#PCDATA)>
<!ELEMENT TAGS (TAG+)>
<!ELEMENT TAG (TAG_ID?, NAME, COLOR?, BACKGROUND_COLOR?)>
<!ELEMENT TAG_ID (#PCDATA)>
<!ELEMENT NAME (#PCDATA)>
<!ELEMENT COLOR (#PCDATA)>
<!ELEMENT BACKGROUND_COLOR (#PCDATA)>
<!ELEMENT METADATA (EC2|GOOGLE|AZURE)+>
<!ELEMENT EC2 (ATTRIBUTE*)>
<!ELEMENT GOOGLE (ATTRIBUTE*)>
<!ELEMENT AZURE (ATTRIBUTE*)>
<!ELEMENT ATTRIBUTE (NAME,LAST_STATUS,VALUE,LAST_SUCCESS_DATE?,LAST_ERROR_DATE?,LAST_ERROR?)>
<!ELEMENT LAST_STATUS (#PCDATA)>
<!ELEMENT LAST_SUCCESS_DATE (#PCDATA)>
<!ELEMENT LAST_ERROR_DATE (#PCDATA)>
<!ELEMENT LAST_ERROR (#PCDATA)>
<!ELEMENT CLOUD_PROVIDER_TAGS (CLOUD_TAG+)>
<!ELEMENT CLOUD_TAG (NAME, VALUE, LAST_SUCCESS_DATE)>
<!ELEMENT DETECTION_LIST (DETECTION+)>
<!ELEMENT DETECTION (UNIQUE_VULN_ID, QID, TYPE, SEVERITY?, PORT?, PROTOCOL?, FQDN?, SSL?, INSTANCE?, RESULT_INSTANCE?,
RESULTS?, STATUS?,
FIRST_FOUND_DATETIME?, LAST_FOUND_DATETIME?, SOURCE?, MITRE_TACTIC_NAME?, MITRE_TECHNIQUE_NAME?, MITRE_TACTIC_ID?, MITRE_TECHNIQUE_ID?, QDS?, QDS_FACTORS?, TIMES_FOUND?,
LAST_TEST_DATETIME?,
LAST_UPDATE_DATETIME?,
LAST_FIXED_DATETIME?,
FIRST_REOPENED_DATETIME?, LAST_REOPENED_DATETIME?, TIMES_REOPENED?,
SERVICE?, IS_IGNORED?, IS_DISABLED?, AFFECT_RUNNING_KERNEL?, AFFECT_RUNNING_SERVICE?, AFFECT_EXPLOITABLE_CONFIG?, LAST_PROCESSED_DATETIME?, ASSET_CVE?)>
<!ELEMENT UNIQUE_VULN_ID (#PCDATA)>
<!ELEMENT QID (#PCDATA)>
<!ELEMENT TYPE (#PCDATA)>
<!ELEMENT PORT (#PCDATA)>
<!ELEMENT PROTOCOL (#PCDATA)>
<!ELEMENT SSL (#PCDATA)>
<!ELEMENT INSTANCE (#PCDATA)>
<!ELEMENT RESULT_INSTANCE (#PCDATA)>
<!ELEMENT RESULTS (#PCDATA)>
<!ELEMENT STATUS (#PCDATA)>
<!ELEMENT SEVERITY (#PCDATA)>
<!ELEMENT QDS (#PCDATA)>
<!ATTLIST QDS severity CDATA #REQUIRED>
<!ELEMENT QDS_FACTORS (QDS_FACTOR)*>
<!ELEMENT QDS_FACTOR (#PCDATA)>
<!ATTLIST QDS_FACTOR name CDATA #REQUIRED>
<!ELEMENT FIRST_FOUND_DATETIME (#PCDATA)>
<!ELEMENT LAST_FOUND_DATETIME (#PCDATA)>
<!ELEMENT SOURCE (#PCDATA)>
<!ELEMENT MITRE_TACTIC_NAME (#PCDATA)>
<!ELEMENT MITRE_TECHNIQUE_NAME (#PCDATA)>
<!ELEMENT MITRE_TACTIC_ID (#PCDATA)>
<!ELEMENT MITRE_TECHNIQUE_ID (#PCDATA)>
<!ELEMENT TIMES_FOUND (#PCDATA)>
<!ELEMENT LAST_TEST_DATETIME (#PCDATA)>
<!ELEMENT LAST_UPDATE_DATETIME (#PCDATA)>
<!ELEMENT LAST_FIXED_DATETIME (#PCDATA)>
<!ELEMENT FIRST_REOPENED_DATETIME (#PCDATA)>
<!ELEMENT LAST_REOPENED_DATETIME (#PCDATA)>
<!ELEMENT TIMES_REOPENED (#PCDATA)>
<!ELEMENT SERVICE (#PCDATA)>
<!ELEMENT IS_IGNORED (#PCDATA)>
<!ELEMENT IS_DISABLED (#PCDATA)>
<!ELEMENT AFFECT_RUNNING_KERNEL (#PCDATA)>
<!ELEMENT AFFECT_RUNNING_SERVICE (#PCDATA)>
<!ELEMENT AFFECT_EXPLOITABLE_CONFIG (#PCDATA)>
<!ELEMENT LAST_PROCESSED_DATETIME (#PCDATA)>
<!ELEMENT ASSET_CVE (#PCDATA)>
<!ELEMENT WARNING (CODE?, TEXT, URL?)>
<!ELEMENT CODE (#PCDATA)>
<!ELEMENT TEXT (#PCDATA)>
<!ELEMENT URL (#PCDATA)>
<!-- EOF -->
Cloud Perimeter Scans API: Simplified Load Balancer DNS Names Detection for Azure
| New or Updated API | Updated |
| API Endpoint (deprecation Timeline - September 2025) |
/api/2.0/fo/scan/cloud/perimeter/job/ |
| API Endpoint (New Version) |
/api/3.0/fo/scan/cloud/perimeter/job/ |
| Method | POST |
| DTD or XSD changes | No |
With this release, we have added two new input parameters - include_app_gateway_lb_from_connector and include_lb_from_connector to simplify the process of adding load balancer DNS names when performing a Cloud Perimeter Scan for the cloud provider Microsoft Azure. Once these parameters are specified as 1, the system automatically retrieves the load balancer DNS names list and displays the total count.
The new parameters can be accessed by users having the Vulnerability Management Scan Process (VMSP) subscription enabled and access to the Total Cloud (TC) module.
Input ParametersInput Parameters
| Parameter Name |
Required/ Optional |
Data Type |
Description |
| include_app_gateway_lb_from_connector={0|1} | Optional | Boolean | Specify 1 to include public app gateway load balancers from selected connector, else 0. By default the value is set to 0. |
| include_lb_from_connector={0|1} | Optional | Boolean | Specify 1 to include public load balancers from selected connector, else 0. By default the value is set to 0. |
Create Cloud Perimeter ScanCreate Cloud Perimeter Scan
API Request
curl --location --request POST 'https://<qualys_base_url>/api/3.0/fo/scan/cloud/perimeter/job/?action=create&scan_title=API%20Launch17&configured_from_source=connector_module&source_scan_type=custom&module=vm&active=1&schedule=now&option_title=Initial%20Options&priority=1&cloud_provider=azure&cloud_service=vm&connector_uuid=5fdec014-0562-47fc-8029-a90e7d87add9&include_lb_from_connector=1&include_app_gateway_lb_from_connector=1' \
--header 'X-Requested-With: curl demo2' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dm1zcF9hZzE6UXVhbHlzQDEyMw=='
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "https://<qualys_base_url>/api/3.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2025-03-13T06:12:28Z</DATETIME>
<TEXT>Scan has been created successfully</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>ID</KEY>
<VALUE>1431330</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>
Update Cloud Perimeter ScanUpdate Cloud Perimeter Scan
API Request
curl --location --request POST 'https://<qualys_base_url>/api/3.0/fo/scan/cloud/perimeter/job/?action=update&id=1431330&priority=1&connector_uuid=5fdec014-0562-47fc-8029-a90e7d87add9&include_lb_from_connector=1&include_app_gateway_lb_from_connector=1' \ --header 'X-Requested-With: curl demo2' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: Basic dm1zcF9hZzE6UXVhbHlzQDEyMw=='
API Response
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE SIMPLE_RETURN SYSTEM "https://<qualys_base_url>/api/3.0/simple_return.dtd"> <SIMPLE_RETURN> <RESPONSE> <DATETIME>2025-03-13T06:30:25Z</DATETIME> <TEXT>Scan has been updated successfully</TEXT> <ITEM_LIST> <ITEM> <KEY>ID</KEY> <VALUE>1431330</VALUE> </ITEM> </ITEM_LIST> </RESPONSE> </SIMPLE_RETURN>
Users API: Contact Number now made Optional
| New or Updated API | Updated |
| API Endpoint | /msp/user.php/ |
| Method | GET, POST |
| DTD or XSD changes | No |
With this release, when you add/edit a user account defined in the API user subscription, the contact number is now made optional, which was mandatory earlier. The value of the input parameter phone is now optional for both add and edit request. This helps you to safeguard your security.
Qualys Enterprise TruRisk™ Platform Release 10.33 API - Key Issues and Resolutions
The following reported and notable customer API issue has been fixed in this release:
| Component/Category | Application |
Description |
| VM - Asset API | Vulnerability management | When the users used the API script to add the scanner appliance to the asset group using the scanner ID parameter, the scanner appliance was not getting updated in the asset group list. Relevant code changes have been made to fix the issue. |
| VM - Host List Detection API | Vulnerability management | When user executed HLD API by including the input parameter Exclude Supersede QIDs on multiple hosts, incorrect QIDS were getting excluded from API result. Relevant code changes have been made to fix the issue. |
| Documentation | Vulnerability management | When the users tried to create a scheduled map scan using the API /msp/scheduled_scans.php?, they were unable to find the details in the latest API User Guide. Now we have updated the API User guide with relevant information. For details Refer to Qualys API (VM/PC) Guide. |
| VM - Host List Detection API | Vulnerability Management | When the users were calling the 'vm_processed_before' parameter in the Host List Detection (v2.0 and v3.0) and the Host List (v2.0, v3.0, and v4.0) APIs , they were not receiving the expected results. Relevant code changes have been made to fix the issue. The issue persisted because of the way the query handled date conditions. We have now documented this behavior in the Host List Detection and the Host List APIs section in the Qualys API (VM/PC) User Guide. |