Enterprise TruRisk™ Platform Release 10.35 API
July 7, 2025
Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.
We have implemented versioning for APIs. For more information on API versioning, refer to the Introducing API Versioning: A Strategic Upgrade for Enhanced Stability and Control for API Integrations blog.
VM, PC API Versioning
We have scheduled API versioning for End-of-Support (EOS) and End-of-Life (EOL). We recommend migrating to the latest versions of these APIs to ensure continued compatibility, support, and access to the latest features and security enhancements.
Impacted APIs
The following are the impacted APIs for VM, PC:
For more information, refer to the Qualys API (VM, PC) User Guide.
To support your understanding, definitions of key terms such as End-of-Support (EOS) and End-of-life (EOL) are given below, explaining the lifecycle of each endpoint.
End of Support (EOS)End of Support (EOS)
End-of-Support for an API version signifies the point at which Qualys will no longer actively maintain or enhance that specific version. While the API may continue to function, it will not receive new features, performance improvements, or security updates. This phase is intended to provide a grace period for API consumers to migrate to newer versions.
Implications of End-of-Support
- No New Features: The API version will not receive any further functional enhancements or new capabilities.
- Limited Bug Fixes: Critical security vulnerabilities may be addressed on a case-by-case basis, but general bug fixes for non-critical issues will stop.
- No Performance Improvements: Optimization efforts focus solely on newer API versions.
- Reduced Support Channels: Technical support for issues related to this specific API version may become limited, and users are strongly recommended to upgrade.
- No Guarantees of Reliability: While the API may remain operational, Qualys offers no guarantees regarding its continued reliability beyond the EOS date.
End of Life (EOL)End of Life (EOL)
End-of-Life for an API version is the final stage where the API version is officially retired and will be completely decommissioned. After the EOL date, the API will no longer be available, and any calls to it will result in errors. This marks the complete discontinuation of service for that specific API version.
Implications of End-of-Life
- API Decommissioning: The API endpoint for this version is shut down and will no longer accept requests.
- Complete Service Stoppage: All functionalities provided by this API version will cease to exist.
- Error Responses: Any attempt to call the EOL API results in HTTP error codes, such as 404 Not Found or 410 Gone, or similar error messages.
- No Support: All forms of support, documentation, and resources related to this API version will be discontinued.
Qualys Vulnerability Management (VM)
Schedule Scan List API:
With this release, we have added two new tags for for Azure and EC2 scans and one new tag to identify recently updated scheduled scans in the API response of the scheduled scan list API.
View Details of Connectors in Scheduled Scans
| New or Updated API | Updated |
| API Endpoint | /api/4.0/fo/schedule/scan/ |
| EOS Timeline: January 2026 | |
| EOL Timeline: July 2026 | |
| API Endpoint (New Version) |
/api/5.0/fo/schedule/scan/ |
| Method | GET |
| DTD or XSD changes | Yes |
With this feature, the following new tags are added to the scheduled scan API responses for Azure and EC2 to identify whether the scans were previously launched using public load balancers or public application gateway load balancers from the selected connector.
- INCLUDE_LOAD_BALANCER_FROM_CONNECTOR
- INCLUDE_APP_GATEWAY_LB_FROM_CONNECTOR
These tags are added under the CLOUD_DETAILS tag in the response. This helps streamline their decision-making and reduces configuration errors.
When you perform a scheduled scan, the following tags are fetched in the API response as per the cloud providers:
- For Azure scan, you can view both tags.
- For EC2 scan, only INCLUDE_LOAD_BALANCER_FROM_CONNECTOR is provided
- For the Google Cloud Platform (GCP)scan, both tags are not supported.
Sample - Display the tags in Azure Cloud Perimeter Scan ResponseSample - Display the tags in Azure Cloud Perimeter Scan Response
API Request
curl --location 'https://<qualys_base_url>/api/5.0/fo/schedule/scan/?action=list&id=1460152&show_cloud_details=1' \
--header 'X-Requested-With: John' \
--header 'Authorization: Basic Encoded username:passwordstring'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SCHEDULE_SCAN_LIST_OUTPUT SYSTEM "https://<qualys_base_url>/api/5.0/fo/schedule/scan/schedule_scan_list_output.dtd">
<SCHEDULE_SCAN_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2025-05-22T06:26:45Z</DATETIME>
<SCHEDULE_SCAN_LIST>
<SCAN>
<ID>1460152</ID>
<ACTIVE>1</ACTIVE>
<TITLE>
<![CDATA[sch_cps_azure_lb_appgtw]]>
</TITLE>
<USER_LOGIN>John</USER_LOGIN>
<TARGET>
<![CDATA[Asset Tags Included]]>
</TARGET>
<NETWORK_ID>
<![CDATA[0]]>
</NETWORK_ID>
<ISCANNER_NAME>
<![CDATA[Azure_Internal_Scanner_John]]>
</ISCANNER_NAME>
<CLOUD_DETAILS>
<PROVIDER>AZURE</PROVIDER>
<CONNECTOR>
<UUID></UUID>
<NAME>
<![CDATA[]]>
</NAME>
</CONNECTOR>
<SCAN_TYPE>Cloud Perimeter</SCAN_TYPE>
<INCLUDE_LOAD_BALANCER_FROM_CONNECTOR>1</INCLUDE_LOAD_BALANCER_FROM_CONNECTOR>
<INCLUDE_APP_GATEWAY_LB_FROM_CONNECTOR>1</INCLUDE_APP_GATEWAY_LB_FROM_CONNECTOR>
</CLOUD_DETAILS>
<ASSET_TAGS>
<TAG_INCLUDE_SELECTOR>any</TAG_INCLUDE_SELECTOR>
<TAG_SET_INCLUDE>
<![CDATA[xxx_Azure]]>
</TAG_SET_INCLUDE>
<USE_IP_NT_RANGE_TAGS>0</USE_IP_NT_RANGE_TAGS>
<USE_IP_NT_RANGE_TAGS_INCLUDE>0</USE_IP_NT_RANGE_TAGS_INCLUDE>
</ASSET_TAGS>
<ELB_DNS>
<DNS>
<![CDATA[abc.com]]>
</DNS>
</ELB_DNS>
<OPTION_PROFILE>
<TITLE>
<![CDATA[Initial Options]]>
</TITLE>
<DEFAULT_FLAG>1</DEFAULT_FLAG>
</OPTION_PROFILE>
<PROCESSING_PRIORITY>1 - Emergency</PROCESSING_PRIORITY>
<SCHEDULE>
<DAILY frequency_days="1" />
<START_DATE_UTC>2025-05-16T09:51:00Z</START_DATE_UTC>
<MODIFIED_DATE_UTC>2025-05-21T06:43:31Z</MODIFIED_DATE_UTC>
<START_HOUR>15</START_HOUR>
<START_MINUTE>21</START_MINUTE>
<NEXTLAUNCH_UTC>2025-05-22T09:51:00</NEXTLAUNCH_UTC>
<TIME_ZONE>
<TIME_ZONE_CODE>IN</TIME_ZONE_CODE>
<TIME_ZONE_DETAILS>(GMT+0530) India: Asia/Calcutta</TIME_ZONE_DETAILS>
</TIME_ZONE>
<DST_SELECTED>0</DST_SELECTED>
<LAUNCH_TYPE>recurring</LAUNCH_TYPE>
</SCHEDULE>
</SCAN>
</SCHEDULE_SCAN_LIST>
</RESPONSE>
</SCHEDULE_SCAN_LIST_OUTPUT>
Sample - Display the tags in EC2 Cloud Perimeter Scan ResponseSample - Display the tags in EC2 Cloud Perimeter Scan Response
API Request
curl --location 'https://<qualys_base_url>/api/5.0/fo/schedule/scan/?action=list&id=1460151&show_cloud_details=1' \
--header 'X-Requested-With: John' \
--header 'Authorization: Basic username:passwordstring'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SCHEDULE_SCAN_LIST_OUTPUT SYSTEM "https://<qualys_base_url>/api/5.0/fo/schedule/scan/schedule_scan_list_output.dtd">
<SCHEDULE_SCAN_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2025-05-22T07:48:19Z</DATETIME>
<SCHEDULE_SCAN_LIST>
<SCAN>
<ID>1460151</ID>
<ACTIVE>1</ACTIVE>
<TITLE>
<![CDATA[sch_cps_ec2_lb]]>
</TITLE>
<USER_LOGIN>John</USER_LOGIN>
<TARGET>
<![CDATA[]]>
</TARGET>
<NETWORK_ID>
<![CDATA[0]]>
</NETWORK_ID>
<ISCANNER_NAME>
<![CDATA[External Scanner]]>
</ISCANNER_NAME>
<EC2_INSTANCE>
<CONNECTOR_UUID>
<![CDATA[9a6b3e27-594e-4035-838c-5ab71e440365]]>
</CONNECTOR_UUID>
<EC2_ENDPOINT>
<![CDATA[1507b6c1-07a7-4d88-acf2-8c6b63e749c4]]>
</EC2_ENDPOINT>
<EC2_ONLY_CLASSIC>
<![CDATA[0]]>
</EC2_ONLY_CLASSIC>
</EC2_INSTANCE>
<CLOUD_DETAILS>
<PROVIDER>AWS</PROVIDER>
<CONNECTOR>
<ID>1752755</ID>
<UUID>9a6b3e27-594e-4035-838c-5ab71e440365</UUID>
<NAME>
<![CDATA[EC2_Connector_TB]]>
</NAME>
</CONNECTOR>
<SCAN_TYPE>Cloud Perimeter</SCAN_TYPE>
<INCLUDE_LOAD_BALANCER_FROM_CONNECTOR>1</INCLUDE_LOAD_BALANCER_FROM_CONNECTOR>
<CLOUD_TARGET>
<PLATFORM>VPC</PLATFORM>
<REGION>
<UUID>1507b6c1-07a7-4d88-acf2-8c6b63e749c4</UUID>
<CODE>us-east-1</CODE>
<NAME>
<![CDATA[US East (N. Virginia)]]>
</NAME>
</REGION>
<VPC_SCOPE>All</VPC_SCOPE>
</CLOUD_TARGET>
</CLOUD_DETAILS>
<ELB_DNS>
<DNS>
<![CDATA[abc.com]]>
</DNS>
</ELB_DNS>
<OPTION_PROFILE>
<TITLE>
<![CDATA[Initial Options]]>
</TITLE>
<DEFAULT_FLAG>1</DEFAULT_FLAG>
</OPTION_PROFILE>
<PROCESSING_PRIORITY>0 - No Priority</PROCESSING_PRIORITY>
<SCHEDULE>
<DAILY frequency_days="1" />
<START_DATE_UTC>2025-05-16T09:50:00Z</START_DATE_UTC>
<MODIFIED_DATE_UTC>2025-05-16T09:47:03Z</MODIFIED_DATE_UTC>
<START_HOUR>15</START_HOUR>
<START_MINUTE>20</START_MINUTE>
<NEXTLAUNCH_UTC>2025-05-22T09:50:00</NEXTLAUNCH_UTC>
<TIME_ZONE>
<TIME_ZONE_CODE>IN</TIME_ZONE_CODE>
<TIME_ZONE_DETAILS>(GMT+0530) India: Asia/Calcutta</TIME_ZONE_DETAILS>
</TIME_ZONE>
<DST_SELECTED>0</DST_SELECTED>
<LAUNCH_TYPE>recurring</LAUNCH_TYPE>
</SCHEDULE>
</SCAN>
</SCHEDULE_SCAN_LIST>
</RESPONSE>
</SCHEDULE_SCAN_LIST_OUTPUT>
DTD UpdateDTD Update
A DTD for the Scheduled Scan List API has been added.
<platform API server>/api/5.0/fo/schedule/scan/schedule_scan_list_output.dtd">
DTD output for the Scheduled Scan List API is as follows:
DTD Output
<!-- QUALYS SCHEDULE_SCAN_LIST_OUTPUT DTD -->
<!ELEMENT SCHEDULE_SCAN_LIST_OUTPUT (REQUEST?,RESPONSE)>
<!ELEMENT REQUEST (DATETIME, USER_LOGIN, RESOURCE, PARAM_LIST?, POST_DATA?)>
<!ELEMENT DATETIME (#PCDATA)>
<!ELEMENT USER_LOGIN (#PCDATA)>
<!ELEMENT RESOURCE (#PCDATA)>
<!ELEMENT PARAM_LIST (PARAM+)>
<!ELEMENT PARAM (KEY, VALUE)>
<!ELEMENT KEY (#PCDATA)>
<!ELEMENT VALUE (#PCDATA)>
<!-- if returned, POST_DATA will be urlencoded -->
<!ELEMENT POST_DATA (#PCDATA)>
<!ELEMENT RESPONSE (DATETIME, SCHEDULE_SCAN_LIST?)>
<!ELEMENT SCHEDULE_SCAN_LIST (SCAN+)>
<!ELEMENT SCAN (ID, SCAN_TYPE?, ACTIVE, TITLE?, CLIENT?, USER_LOGIN, TARGET, NETWORK_ID?, ISCANNER_NAME?, POOL_OF_SCANNERS?, EC2_INSTANCE?, CLOUD_DETAILS?, ASSET_GROUP_TITLE_LIST?, ASSET_TAGS?, EXCLUDE_IP_PER_SCAN?, USER_ENTERED_IPS?, USER_ENTERED_IPv6_IPS?, ELB_DNS?,MANUAL_CLOUD_RESOURCE_IDS?, OPTION_PROFILE?, PROCESSING_PRIORITY?, SCHEDULE, NOTIFICATIONS?)>
<!ELEMENT ID (#PCDATA)>
<!ELEMENT ACTIVE (#PCDATA)>
<!ELEMENT TITLE (#PCDATA)>
<!ELEMENT CLIENT (ID,NAME)>
<!ELEMENT TARGET (#PCDATA)>
<!ELEMENT NETWORK_ID (#PCDATA)>
<!ELEMENT ISCANNER_NAME (#PCDATA)>
<!ELEMENT POOL_OF_SCANNERS (#PCDATA)>
<!ELEMENT EC2_INSTANCE (CONNECTOR_UUID, EC2_ENDPOINT, EC2_ONLY_CLASSIC?)>
<!ELEMENT CONNECTOR_UUID (#PCDATA)>
<!ELEMENT EC2_ENDPOINT (#PCDATA)>
<!ELEMENT EC2_ONLY_CLASSIC (#PCDATA)>
<!ELEMENT CLOUD_DETAILS (PROVIDER, CONNECTOR?, SCAN_TYPE, INCLUDE_APP_GATEWAY_LB_FROM_CONNECTOR?, INCLUDE_LOAD_BALANCER_FROM_CONNECTOR?, CLOUD_TARGET?)>
<!ELEMENT PROVIDER (#PCDATA)>
<!ELEMENT CONNECTOR (ID?, UUID, NAME)>
<!ELEMENT UUID (#PCDATA)>
<!ELEMENT NAME (#PCDATA)>
<!ELEMENT SCAN_TYPE (#PCDATA)>
<!ELEMENT INCLUDE_LOAD_BALANCER_FROM_CONNECTOR (#PCDATA)>
<!ELEMENT INCLUDE_APP_GATEWAY_LB_FROM_CONNECTOR (#PCDATA)>
<!ELEMENT CLOUD_TARGET (PLATFORM, REGION?, VPC_SCOPE?, VPC_LIST?, VIRTUAL_NETWORK?)>
<!ELEMENT PLATFORM (#PCDATA)>
<!ELEMENT REGION (UUID?, CODE?, NAME?)>
<!ELEMENT VIRTUAL_NETWORK (ID, NAME?, RESOURCE_GROUP)>
<!ELEMENT RESOURCE_GROUP (NAME)>
<!ELEMENT CODE (#PCDATA)>
<!ELEMENT VPC_SCOPE (#PCDATA)>
<!ELEMENT VPC_LIST (VPC+)>
<!ELEMENT VPC (UUID)>
<!ELEMENT ASSET_GROUP_TITLE_LIST (ASSET_GROUP_TITLE+)>
<!ELEMENT ASSET_GROUP_TITLE (#PCDATA)>
<!ELEMENT ASSET_TAGS (TAG_INCLUDE_SELECTOR, TAG_SET_INCLUDE, TAG_EXCLUDE_SELECTOR?, TAG_SET_EXCLUDE?, USE_IP_NT_RANGE_TAGS?, USE_IP_NT_RANGE_TAGS_INCLUDE, USE_IP_NT_RANGE_TAGS_EXCLUDE?)>
<!ELEMENT TAG_INCLUDE_SELECTOR (#PCDATA)>
<!ELEMENT TAG_SET_INCLUDE (#PCDATA)>
<!ELEMENT TAG_EXCLUDE_SELECTOR (#PCDATA)>
<!ELEMENT TAG_SET_EXCLUDE (#PCDATA)>
<!ELEMENT USE_IP_NT_RANGE_TAGS (#PCDATA)>
<!ELEMENT USE_IP_NT_RANGE_TAGS_INCLUDE (#PCDATA)>
<!ELEMENT USE_IP_NT_RANGE_TAGS_EXCLUDE (#PCDATA)>
<!ELEMENT EXCLUDE_IP_PER_SCAN (#PCDATA)>
<!ELEMENT USER_ENTERED_IPS (RANGE+)>
<!ELEMENT USER_ENTERED_IPv6_IPS (RANGE+)>
<!ELEMENT ELB_DNS (DNS+)>
<!ELEMENT DNS (#PCDATA)>
<!ELEMENT MANUAL_CLOUD_RESOURCE_IDS (CLOUD_RESOURCE_ID+)>
<!ELEMENT CLOUD_RESOURCE_ID (#PCDATA)>
<!ELEMENT RANGE (START, END)>
<!ELEMENT START (#PCDATA)>
<!ELEMENT END (#PCDATA)>
<!ELEMENT OPTION_PROFILE (TITLE, DEFAULT_FLAG?)>
<!ELEMENT DEFAULT_FLAG (#PCDATA)>
<!ELEMENT PROCESSING_PRIORITY (#PCDATA)>
<!ELEMENT SCHEDULE ((DAILY|WEEKLY|MONTHLY), START_DATE_UTC, MODIFIED_DATE_UTC, START_HOUR, START_MINUTE, END_AFTER_HOURS?, END_AFTER_MINUTES?, PAUSE_AFTER_HOURS?, PAUSE_AFTER_MINUTES?, RESUME_IN_DAYS?, RESUME_IN_HOURS?, NEXTLAUNCH_UTC?, TIME_ZONE, DST_SELECTED, MAX_OCCURRENCE?, LAUNCH_TYPE?)>
<!ELEMENT DAILY EMPTY>
<!ATTLIST DAILY
frequency_days CDATA #REQUIRED>
<!-- weekdays is comma-separated list of weekdays e.g. 0,1,4,5 -->
<!ELEMENT WEEKLY EMPTY>
<!ATTLIST WEEKLY
frequency_weeks CDATA #REQUIRED
weekdays CDATA #REQUIRED>
<!-- either day of month, or (day of week and week of month) must be provided -->
<!ELEMENT MONTHLY EMPTY>
<!ATTLIST MONTHLY
frequency_months CDATA #REQUIRED
day_of_month CDATA #IMPLIED
day_of_week (0|1|2|3|4|5|6) #IMPLIED
week_of_month (1|2|3|4|5) #IMPLIED>
<!-- start date of the task in UTC -->
<!ELEMENT START_DATE_UTC (#PCDATA)>
<!-- User Selected hour -->
<!ELEMENT START_HOUR (#PCDATA)>
<!-- User Selected Minute -->
<!ELEMENT START_MINUTE (#PCDATA)>
<!ELEMENT END_AFTER_HOURS (#PCDATA)>
<!ELEMENT END_AFTER_MINUTES (#PCDATA)>
<!ELEMENT PAUSE_AFTER_HOURS (#PCDATA)>
<!ELEMENT PAUSE_AFTER_MINUTES (#PCDATA)>
<!ELEMENT RESUME_IN_DAYS (#PCDATA)>
<!ELEMENT RESUME_IN_HOURS (#PCDATA)>
<!ELEMENT NEXTLAUNCH_UTC (#PCDATA)>
<!ELEMENT TIME_ZONE (TIME_ZONE_CODE, TIME_ZONE_DETAILS)>
<!-- timezone code like US-CA -->
<!ELEMENT TIME_ZONE_CODE (#PCDATA)>
<!-- timezone details like (GMT-0800) United States (California): Los Angeles, Sacramento, San Diego, San Francisco-->
<!ELEMENT TIME_ZONE_DETAILS (#PCDATA)>
<!-- Did user select DST? 0-not selected 1-selected -->
<!ELEMENT DST_SELECTED (#PCDATA)>
<!ELEMENT MAX_OCCURRENCE (#PCDATA)>
<!ELEMENT LAUNCH_TYPE (#PCDATA)>
<!-- notifications -->
<!ELEMENT NOTIFICATIONS (BEFORE_LAUNCH?, AFTER_COMPLETE?,LAUNCH_DELAY?, LAUNCH_SKIP?, DEACTIVATE_SCHEDULE?, DISTRIBUTION_GROUPS?)>
<!ELEMENT BEFORE_LAUNCH (TIME, UNIT, MESSAGE)>
<!ELEMENT TIME (#PCDATA)>
<!ELEMENT UNIT (#PCDATA)>
<!ELEMENT MESSAGE (#PCDATA)>
<!ELEMENT AFTER_COMPLETE (MESSAGE)>
<!ELEMENT LAUNCH_DELAY (MESSAGE)>
<!ELEMENT LAUNCH_SKIP (MESSAGE)>
<!ELEMENT DEACTIVATE_SCHEDULE (MESSAGE)>
<!ELEMENT DISTRIBUTION_GROUPS (DISTRIBUTION_GROUP+)>
<!ELEMENT DISTRIBUTION_GROUP (ID, TITLE)>
<!-- EOF -->
View the Modified Date for Schedule Scan
With this feature, the MODIFIED_DATE_UTC tag is added to the response of the scheduled scan list API to identify recently updated scheduled scans. You can view this tag under the schedule tag section in the API response. Earlier, you were able to fetch only the start date of the scheduled scan. With this enhancement, you can view the modified date in the scheduled scan list.
Sample - Display the modified date in the scheduled scan listSample - Display the modified date in the scheduled scan list
API Request
curl --location 'https://<qualys_base_url>/api/5.0/fo/schedule/scan/?action=list&id=1460801' \
--header 'X-Requested-With: John' \
--header 'Authorization: Basic username:passwordstring'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SCHEDULE_SCAN_LIST_OUTPUT SYSTEM "https://<qualys_base_url>/api/5.0/fo/schedule/scan/schedule_scan_list_output.dtd">
<SCHEDULE_SCAN_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2025-05-21T11:38:34Z</DATETIME>
<SCHEDULE_SCAN_LIST>
<SCAN>
<ID>1460801</ID>
<ACTIVE>1</ACTIVE>
<TITLE>
<![CDATA[Cloud Perimeter Scan111 20250519-153303]]>
</TITLE>
<USER_LOGIN>vmsp_ag1</USER_LOGIN>
<TARGET>
<![CDATA[]]>
</TARGET>
<NETWORK_ID>
<![CDATA[0]]>
</NETWORK_ID>
<ISCANNER_NAME>
<![CDATA[External Scanner]]>
</ISCANNER_NAME>
<EC2_INSTANCE>
<CONNECTOR_UUID>
<![CDATA[9a6b3e27-594e-4035-838c-5ab71e440365]]>
</CONNECTOR_UUID>
<EC2_ENDPOINT>
<![CDATA[1507b6c1-07a7-4d88-acf2-8c6b63e749c4]]>
</EC2_ENDPOINT>
<EC2_ONLY_CLASSIC>
<![CDATA[0]]>
</EC2_ONLY_CLASSIC>
</EC2_INSTANCE>
<OPTION_PROFILE>
<TITLE>
<![CDATA[Initial Options]]>
</TITLE>
<DEFAULT_FLAG>1</DEFAULT_FLAG>
</OPTION_PROFILE>
<PROCESSING_PRIORITY>0 - No Priority</PROCESSING_PRIORITY>
<SCHEDULE>
<DAILY frequency_days="1" />
<START_DATE_UTC>2025-05-17T18:30:00Z</START_DATE_UTC>
<MODIFIED_DATE_UTC>2025-05-19T10:12:38Z</MODIFIED_DATE_UTC>
<START_HOUR>0</START_HOUR>
<START_MINUTE>0</START_MINUTE>
<NEXTLAUNCH_UTC>2025-05-21T18:30:00</NEXTLAUNCH_UTC>
<TIME_ZONE>
<TIME_ZONE_CODE>IN</TIME_ZONE_CODE>
<TIME_ZONE_DETAILS>(GMT+0530) India: Asia/Calcutta</TIME_ZONE_DETAILS>
</TIME_ZONE>
<DST_SELECTED>0</DST_SELECTED>
<LAUNCH_TYPE>recurring</LAUNCH_TYPE>
</SCHEDULE>
</SCAN>
</SCHEDULE_SCAN_LIST>
</RESPONSE>
</SCHEDULE_SCAN_LIST_OUTPUT>
DTD UpdateDTD Update
DTD for the Scheduled Scan List API has been added.
<platform API server>/api/5.0/fo/schedule/scan/schedule_scan_list_output.dtd">
DTD output for the Scheduled Scan List API is as follows:
DTD Output
<!-- QUALYS SCHEDULE_SCAN_LIST_OUTPUT DTD -->
<!ELEMENT SCHEDULE_SCAN_LIST_OUTPUT (REQUEST?,RESPONSE)>
<!ELEMENT REQUEST (DATETIME, USER_LOGIN, RESOURCE, PARAM_LIST?, POST_DATA?)>
<!ELEMENT DATETIME (#PCDATA)>
<!ELEMENT USER_LOGIN (#PCDATA)>
<!ELEMENT RESOURCE (#PCDATA)>
<!ELEMENT PARAM_LIST (PARAM+)>
<!ELEMENT PARAM (KEY, VALUE)>
<!ELEMENT KEY (#PCDATA)>
<!ELEMENT VALUE (#PCDATA)>
<!-- if returned, POST_DATA will be urlencoded -->
<!ELEMENT POST_DATA (#PCDATA)>
<!ELEMENT RESPONSE (DATETIME, SCHEDULE_SCAN_LIST?)>
<!ELEMENT SCHEDULE_SCAN_LIST (SCAN+)>
<!ELEMENT SCAN (ID, SCAN_TYPE?, ACTIVE, TITLE?, CLIENT?, USER_LOGIN, TARGET, NETWORK_ID?, ISCANNER_NAME?, POOL_OF_SCANNERS?, EC2_INSTANCE?, CLOUD_DETAILS?, ASSET_GROUP_TITLE_LIST?, ASSET_TAGS?, EXCLUDE_IP_PER_SCAN?, USER_ENTERED_IPS?, USER_ENTERED_IPv6_IPS?, ELB_DNS?,MANUAL_CLOUD_RESOURCE_IDS?, OPTION_PROFILE?, PROCESSING_PRIORITY?, SCHEDULE, NOTIFICATIONS?)>
<!ELEMENT ID (#PCDATA)>
<!ELEMENT ACTIVE (#PCDATA)>
<!ELEMENT TITLE (#PCDATA)>
<!ELEMENT CLIENT (ID,NAME)>
<!ELEMENT TARGET (#PCDATA)>
<!ELEMENT NETWORK_ID (#PCDATA)>
<!ELEMENT ISCANNER_NAME (#PCDATA)>
<!ELEMENT POOL_OF_SCANNERS (#PCDATA)>
<!ELEMENT EC2_INSTANCE (CONNECTOR_UUID, EC2_ENDPOINT, EC2_ONLY_CLASSIC?)>
<!ELEMENT CONNECTOR_UUID (#PCDATA)>
<!ELEMENT EC2_ENDPOINT (#PCDATA)>
<!ELEMENT EC2_ONLY_CLASSIC (#PCDATA)>
<!ELEMENT CLOUD_DETAILS (PROVIDER, CONNECTOR?, SCAN_TYPE, INCLUDE_APP_GATEWAY_LB_FROM_CONNECTOR?, INCLUDE_LOAD_BALANCER_FROM_CONNECTOR?, CLOUD_TARGET?)>
<!ELEMENT PROVIDER (#PCDATA)>
<!ELEMENT CONNECTOR (ID?, UUID, NAME)>
<!ELEMENT UUID (#PCDATA)>
<!ELEMENT NAME (#PCDATA)>
<!ELEMENT SCAN_TYPE (#PCDATA)>
<!ELEMENT INCLUDE_LOAD_BALANCER_FROM_CONNECTOR (#PCDATA)>
<!ELEMENT INCLUDE_APP_GATEWAY_LB_FROM_CONNECTOR (#PCDATA)>
<!ELEMENT CLOUD_TARGET (PLATFORM, REGION?, VPC_SCOPE?, VPC_LIST?, VIRTUAL_NETWORK?)>
<!ELEMENT PLATFORM (#PCDATA)>
<!ELEMENT REGION (UUID?, CODE?, NAME?)>
<!ELEMENT VIRTUAL_NETWORK (ID, NAME?, RESOURCE_GROUP)>
<!ELEMENT RESOURCE_GROUP (NAME)>
<!ELEMENT CODE (#PCDATA)>
<!ELEMENT VPC_SCOPE (#PCDATA)>
<!ELEMENT VPC_LIST (VPC+)>
<!ELEMENT VPC (UUID)>
<!ELEMENT ASSET_GROUP_TITLE_LIST (ASSET_GROUP_TITLE+)>
<!ELEMENT ASSET_GROUP_TITLE (#PCDATA)>
<!ELEMENT ASSET_TAGS (TAG_INCLUDE_SELECTOR, TAG_SET_INCLUDE, TAG_EXCLUDE_SELECTOR?, TAG_SET_EXCLUDE?, USE_IP_NT_RANGE_TAGS?, USE_IP_NT_RANGE_TAGS_INCLUDE, USE_IP_NT_RANGE_TAGS_EXCLUDE?)>
<!ELEMENT TAG_INCLUDE_SELECTOR (#PCDATA)>
<!ELEMENT TAG_SET_INCLUDE (#PCDATA)>
<!ELEMENT TAG_EXCLUDE_SELECTOR (#PCDATA)>
<!ELEMENT TAG_SET_EXCLUDE (#PCDATA)>
<!ELEMENT USE_IP_NT_RANGE_TAGS (#PCDATA)>
<!ELEMENT USE_IP_NT_RANGE_TAGS_INCLUDE (#PCDATA)>
<!ELEMENT USE_IP_NT_RANGE_TAGS_EXCLUDE (#PCDATA)>
<!ELEMENT EXCLUDE_IP_PER_SCAN (#PCDATA)>
<!ELEMENT USER_ENTERED_IPS (RANGE+)>
<!ELEMENT USER_ENTERED_IPv6_IPS (RANGE+)>
<!ELEMENT ELB_DNS (DNS+)>
<!ELEMENT DNS (#PCDATA)>
<!ELEMENT MANUAL_CLOUD_RESOURCE_IDS (CLOUD_RESOURCE_ID+)>
<!ELEMENT CLOUD_RESOURCE_ID (#PCDATA)>
<!ELEMENT RANGE (START, END)>
<!ELEMENT START (#PCDATA)>
<!ELEMENT END (#PCDATA)>
<!ELEMENT OPTION_PROFILE (TITLE, DEFAULT_FLAG?)>
<!ELEMENT DEFAULT_FLAG (#PCDATA)>
<!ELEMENT PROCESSING_PRIORITY (#PCDATA)>
<!ELEMENT SCHEDULE ((DAILY|WEEKLY|MONTHLY), START_DATE_UTC, MODIFIED_DATE_UTC, START_HOUR, START_MINUTE, END_AFTER_HOURS?, END_AFTER_MINUTES?, PAUSE_AFTER_HOURS?, PAUSE_AFTER_MINUTES?, RESUME_IN_DAYS?, RESUME_IN_HOURS?, NEXTLAUNCH_UTC?, TIME_ZONE, DST_SELECTED, MAX_OCCURRENCE?, LAUNCH_TYPE?)>
<!ELEMENT DAILY EMPTY>
<!ATTLIST DAILY
frequency_days CDATA #REQUIRED>
<!-- weekdays is comma-separated list of weekdays e.g. 0,1,4,5 -->
<!ELEMENT WEEKLY EMPTY>
<!ATTLIST WEEKLY
frequency_weeks CDATA #REQUIRED
weekdays CDATA #REQUIRED>
<!-- either day of month, or (day of week and week of month) must be provided -->
<!ELEMENT MONTHLY EMPTY>
<!ATTLIST MONTHLY
frequency_months CDATA #REQUIRED
day_of_month CDATA #IMPLIED
day_of_week (0|1|2|3|4|5|6) #IMPLIED
week_of_month (1|2|3|4|5) #IMPLIED>
<!-- start date of the task in UTC -->
<!ELEMENT START_DATE_UTC (#PCDATA)>
<!-- modified date of the task in UTC -->
<!ELEMENT MODIFIED_DATE_UTC (#PCDATA)>
<!-- User Selected hour -->
<!ELEMENT START_HOUR (#PCDATA)>
<!-- User Selected Minute -->
<!ELEMENT START_MINUTE (#PCDATA)>
<!ELEMENT END_AFTER_HOURS (#PCDATA)>
<!ELEMENT END_AFTER_MINUTES (#PCDATA)>
<!ELEMENT PAUSE_AFTER_HOURS (#PCDATA)>
<!ELEMENT PAUSE_AFTER_MINUTES (#PCDATA)>
<!ELEMENT RESUME_IN_DAYS (#PCDATA)>
<!ELEMENT RESUME_IN_HOURS (#PCDATA)>
<!ELEMENT NEXTLAUNCH_UTC (#PCDATA)>
<!ELEMENT TIME_ZONE (TIME_ZONE_CODE, TIME_ZONE_DETAILS)>
<!-- timezone code like US-CA -->
<!ELEMENT TIME_ZONE_CODE (#PCDATA)>
<!-- timezone details like (GMT-0800) United States (California): Los Angeles, Sacramento, San Diego, San Francisco-->
<!ELEMENT TIME_ZONE_DETAILS (#PCDATA)>
<!-- Did user select DST? 0-not selected 1-selected -->
<!ELEMENT DST_SELECTED (#PCDATA)>
<!ELEMENT MAX_OCCURRENCE (#PCDATA)>
<!ELEMENT LAUNCH_TYPE (#PCDATA)>
<!-- notifications -->
<!ELEMENT NOTIFICATIONS (BEFORE_LAUNCH?, AFTER_COMPLETE?,LAUNCH_DELAY?, LAUNCH_SKIP?, DEACTIVATE_SCHEDULE?, DISTRIBUTION_GROUPS?)>
<!ELEMENT BEFORE_LAUNCH (TIME, UNIT, MESSAGE)>
<!ELEMENT TIME (#PCDATA)>
<!ELEMENT UNIT (#PCDATA)>
<!ELEMENT MESSAGE (#PCDATA)>
<!ELEMENT AFTER_COMPLETE (MESSAGE)>
<!ELEMENT LAUNCH_DELAY (MESSAGE)>
<!ELEMENT LAUNCH_SKIP (MESSAGE)>
<!ELEMENT DEACTIVATE_SCHEDULE (MESSAGE)>
<!ELEMENT DISTRIBUTION_GROUPS (DISTRIBUTION_GROUP+)>
<!ELEMENT DISTRIBUTION_GROUP (ID, TITLE)>
<!-- EOF -->
Scans API: Support to Reset Scheduled Scan for Cloud Perimeter Scans
| New or Updated API | Updated |
| API Endpoint | /api/3.0/fo/scan/cloud/perimeter/job/ |
| EOS Timeline: January 2026 | |
| EOL Timeline: July 2026 | |
| API Endpoint (New Version) |
/api/4.0/fo/scan/cloud/perimeter/job/ |
| Method | POST |
| DTD or XSD changes | No |
With this feature, we have provided support to reset the scheduled scan's pause/cancel and recurrence scheduling settings for cloud perimeter scans. This helps you ensure consistent scanning of cloud assets, minimizing the risk of missed vulnerabilities. Earlier, you were only able to set the duration for scheduled scans in the API. Now, with this release, you can reset the duration, and to support this reset functionality, we have introduced two new parameters. These parameters are applicable only to update action.
Input ParametersInput Parameters
| Parameter Name |
Required/ Optional |
Data Type |
Description |
| remove_recurrence={0|1} | Optional | Boolean |
Specify 1 to reset after the recurrence value. For example, reset the recurrence after two scans. This parameter cannot be passed with: |
| remove_duration={0|1} | Optional | Boolean |
Specify 1 to reset the cancel/pause after the duration setting.
|
Sample - Reset the scheduled scan duration and recurrenceSample - Reset the scheduled scan duration and recurrence
API Request
curl --location --request POST '
<qualys_base_url>/api/4.0/fo/scan/cloud/perimeter/job/index.php?`action=update&id=1458384&active=1&remove_duration=1&remove_recurrence=1' \
--header 'X-Requested-With: postman' \
--header 'Authorization: Basic Encoded username:passwordstring'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "<qualys_base_url>/api/4.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2025-06-17T09:41:09Z</DATETIME>
<TEXT>Scan has been updated successfully</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>ID</KEY>
<VALUE>1458384</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>
Support to Create a FQDN Based Scan Report
With this feature, you can now launch scan reports using a Fully Qualified Domain Name (FQDN) by creating a scan report template using Scan Template API: FQDN Based Scan Report Template. Once you create a scan report template, you can launch the scan report by using Reports API: FQDN Based Scan Report and create a scan report based on the FQDNs.
To create and update the scan template and launch the scan report, we have introduced a new parameter, fqdns.
- This Feature can be enabled only when you have migrated to VMSP and is not available by default. To enable this, contact your Technical Account Manager (TAM) or Qualys technical Support.
- The FQDN supports up to 4000 characters only. It is available only for Host Based Reports.
Input ParameterInput Parameter
| Parameter Name |
Required/ Optional |
Data Type |
Description |
| fqdns={value} | Optional | Integer | The target FQDN for a vulnerability scan. You must specify at least one target such as IPs, asset groups, or FQDNs. Multiple values are comma-separated. |
Scan Template API: FQDN Based Scan Report Template
| New or Updated API | Updated |
| API Endpoint | api/3.0/fo/report/template/scan/ |
| EOS Timeline: January 2026 | |
| EOL Timeline: July 2026 | |
| API Endpoint (New Version) |
api/4.0/fo/report/template/scan/ |
| Method | GET, POST |
| DTD or XSD changes | No |
With this feature, you can now create, update, delete, and export the scan report template using FQDN. This allows more precise and flexible targeting of assets in dynamic environments where IPs are not static. This improves scan accuracy, enhances efficiency, and supports consistent vulnerability assessment.
Sample - Create Scan TemplateSample - Create Scan Template
API Request
curl --location --request POST '<qualys_base_url>/api/4.0/fo/report/template/scan/?action=create&report_format=xml' \
--header 'Accept: */*' \
--header 'X-Requested-With: curl' \
--header 'content-type: text/xml' \
--header 'Authorization: Basic Encoded username:passwordstring'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "<qualys_base_url>/api/4.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2025-06-17T04:57:23Z</DATETIME>
<TEXT>Scan Report Template(s) Successfully Created.</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>ID</KEY>
<VALUE>8737800</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>
Sample - Update Scan TemplateSample - Update Scan Template
API Request
curl --location --request POST '<qualys_base_url>/api/4.0/fo/report/template/scan/?action=update&report_format=xml&template_id=8708009' \
--header 'Accept: */*' \
--header 'X-Requested-With: curl' \
--header 'content-type: text/xml' \
--header 'Authorization: Basic Encoded username:passwordstring'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "<qualys_base_url>/api/4.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2025-06-17T10:46:08Z</DATETIME>
<TEXT>Scan Report Template Successfully Updated.</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>ID</KEY>
<VALUE>8737800</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>
Sample - Delete Scan TemplateSample - Delete Scan Template
API Request
curl --location '<qualys_base_url>/api/4.0/fo/report/template/scan/' \
--header 'X-Requested-With: curl' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic Encoded username:passwordstring' \
--data-urlencode 'template_id=8737800' \
--data-urlencode 'action=delete'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "<qualys_base_url>/api/4.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2025-06-17T10:58:30Z</DATETIME>
<TEXT>Scan Report Template(s) Successfully Deleted.</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>ID</KEY>
<VALUE>8737800</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>
Sample - Export Scan TemplateSample - Export Scan Template
API Request
curl --location '
<qualys_base_url>/api/4.0/fo/report/template/scan/?action=export&report_format=xml&template_id=8737800' \
--header 'X-Requested-With: curl' \
--header 'Authorization: Basic Encoded username:passwordstring'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE REPORTTEMPLATE SYSTEM "
<qualys_base_url>/api/4.0/fo/report/template/scan/scanreporttemplate_info.dtd">
<REPORTTEMPLATE>
<SCANTEMPLATE>
<TITLE>
<INFO key="template_id">
<![CDATA[8737800]]>
</INFO>
<INFO key="title">
<![CDATA[FQDN_API_Template_FQDNS_API]]>
</INFO>
<INFO key="owner">
<![CDATA[3766154]]>
</INFO>
</TITLE>
<TARGET>
<INFO key="scan_selection">
<![CDATA[HostBased]]>
</INFO>
<INFO key="include_trending">
<![CDATA[0]]>
</INFO>
<INFO key="asset_groups">
<![CDATA[]]>
</INFO>
<INFO key="network">
<![CDATA[]]>
</INFO>
<INFO key="ips">
<![CDATA[10.xx.xx.xx]]>
</INFO>
<INFO key="host_with_cloud_agents">
<![CDATA[]]>
</INFO>
<INFO key="fqdns">
<![CDATA[panzer.qa.qualys.com]]>
</INFO>
</TARGET>
<DISPLAY>
<INFO key="graph_business_risk">
<![CDATA[0]]>
</INFO>
<INFO key="graph_vuln_over_time">
<![CDATA[0]]>
</INFO>
<INFO key="display_text_summary">
<![CDATA[1]]>
</INFO>
<INFO key="graph_status">
<![CDATA[1]]>
</INFO>
<INFO key="graph_potential_status">
<![CDATA[1]]>
</INFO>
<INFO key="graph_severity">
<![CDATA[1]]>
</INFO>
<INFO key="graph_potential_severity">
<![CDATA[1]]>
</INFO>
<INFO key="graph_ig_severity">
<![CDATA[1]]>
</INFO>
<INFO key="graph_top_categories">
<![CDATA[1]]>
</INFO>
<INFO key="graph_top_vulns">
<![CDATA[1]]>
</INFO>
<INFO key="graph_os">
<![CDATA[1]]>
</INFO>
<INFO key="graph_services">
<![CDATA[0]]>
</INFO>
<INFO key="graph_top_ports">
<![CDATA[0]]>
</INFO>
<INFO key="display_custom_footer">
<![CDATA[0]]>
</INFO>
<INFO key="display_custom_footer_text">
<![CDATA[]]>
</INFO>
<INFO key="sort_by">
<![CDATA[host]]>
</INFO>
<INFO key="cvss">
<![CDATA[all]]>
</INFO>
<INFO key="host_details">
<![CDATA[0]]>
</INFO>
<INFO key="host_ag_details">
<![CDATA[0]]>
</INFO>
<INFO key="qualys_system_ids">
<![CDATA[0]]>
</INFO>
<INFO key="include_text_summary">
<![CDATA[1]]>
</INFO>
<INFO key="include_vuln_details">
<![CDATA[1]]>
</INFO>
<INFO key="include_vuln_details_threat">
<![CDATA[1]]>
</INFO>
<INFO key="include_vuln_details_impact">
<![CDATA[1]]>
</INFO>
<INFO key="include_vuln_details_solution">
<![CDATA[1]]>
</INFO>
<INFO key="include_vuln_details_vpatch">
<![CDATA[1]]>
</INFO>
<INFO key="include_vuln_details_compliance">
<![CDATA[1]]>
</INFO>
<INFO key="include_vuln_details_exploit">
<![CDATA[1]]>
</INFO>
<INFO key="include_vuln_details_malware">
<![CDATA[1]]>
</INFO>
<INFO key="include_vuln_details_results">
<![CDATA[1]]>
</INFO>
<INFO key="include_vuln_details_appendix">
<![CDATA[1]]>
</INFO>
<INFO key="exclude_account_id">
<![CDATA[0]]>
</INFO>
<INFO key="include_vuln_details_reopened">
<![CDATA[1]]>
</INFO>
<INFO key="metadata_ec2_instances">
<![CDATA[0]]>
</INFO>
<INFO key="cloud_provider_metadata">
<![CDATA[0]]>
</INFO>
<INFO key="include_vuln_details_detection_logic">
<![CDATA[0]]>
</INFO>
<INFO key="include_trurisk_details">
<![CDATA[1]]>
</INFO>
</DISPLAY>
<FILTER>
<INFO key="selective_vulns">
<![CDATA[complete]]>
</INFO>
<INFO key="search_list_ids">
<![CDATA[]]>
</INFO>
<INFO key="exclude_qid_option">
<![CDATA[0]]>
</INFO>
<INFO key="exclude_search_list_ids">
<![CDATA[]]>
</INFO>
<INFO key="included_os">
<![CDATA[ALL]]>
</INFO>
<INFO key="status_new">
<![CDATA[1]]>
</INFO>
<INFO key="status_active">
<![CDATA[1]]>
</INFO>
<INFO key="status_reopen">
<![CDATA[1]]>
</INFO>
<INFO key="status_fixed">
<![CDATA[1]]>
</INFO>
<INFO key="vuln_active">
<![CDATA[1]]>
</INFO>
<INFO key="vuln_disabled">
<![CDATA[1]]>
</INFO>
<INFO key="vuln_ignored">
<![CDATA[1]]>
</INFO>
<INFO key="potential_active">
<![CDATA[1]]>
</INFO>
<INFO key="potential_disabled">
<![CDATA[1]]>
</INFO>
<INFO key="potential_ignored">
<![CDATA[1]]>
</INFO>
<INFO key="ig_active">
<![CDATA[1]]>
</INFO>
<INFO key="ig_disabled">
<![CDATA[1]]>
</INFO>
<INFO key="ig_ignored">
<![CDATA[1]]>
</INFO>
<INFO key="display_non_running_kernels">
<![CDATA[0]]>
</INFO>
<INFO key="exclude_non_running_kernel">
<![CDATA[0]]>
</INFO>
<INFO key="exclude_non_running_services">
<![CDATA[0]]>
</INFO>
<INFO key="exclude_superceded_patches">
<![CDATA[0]]>
</INFO>
<INFO key="exclude_qids_not_exploitable_due_to_configuration">
<![CDATA[0]]>
</INFO>
<INFO key="categories_list">
<![CDATA[ALL]]>
</INFO>
<INFO key="qds_score_min">
<![CDATA[]]>
</INFO>
<INFO key="qds_score_max">
<![CDATA[]]>
</INFO>
</FILTER>
<SERVICESPORTS>
<INFO key="required_services">
<![CDATA[]]>
</INFO>
<INFO key="unauthorized_services">
<![CDATA[]]>
</INFO>
<INFO key="services_info">
<![CDATA[]]>
</INFO>
<INFO key="required_ports">
<![CDATA[]]>
</INFO>
<INFO key="unauthorized_ports">
<![CDATA[]]>
</INFO>
</SERVICESPORTS>
<USERACCESS>
<INFO key="global">
<![CDATA[1]]>
</INFO>
<INFO key="report_access_users">
<![CDATA[]]>
</INFO>
</USERACCESS>
</SCANTEMPLATE>
</REPORTTEMPLATE>
Reports API: FQDN Based Scan Report
| New or Updated API | Updated |
| API Endpoint | api/2.0/fo/report/ |
| EOS Timeline: January 2026 | |
| EOL Timeline: July 2026 | |
| API Endpoint (New Version) |
api/3.0/fo/report/ |
| Method | GET, POST |
| DTD or XSD changes | No |
With this feature, you can now launch, fetch, list, and cancel the scan report using FQDN. This enhances the accurate management of scan data for dynamic assets. This ensures efficient vulnerability tracking in the changing environment.
Sample - Launch the ReportSample - Launch the Report
API Request
curl --location '<qualys_base_url>/api/3.0/fo/report/?action=launch&output_format=csv&template_id=8737800' \ --header 'X-Requested-With: Curl Sample' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: Basic Encoded username:passwordstring' \ --data-urlencode 'action=launch' \ --data-urlencode 'report_title=FQDN_API_CSV_Launch' \ --data-urlencode 'fqdns=ctomcatw2012.cis2016.comp.rdlab.qualys.com'
API Response
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE SIMPLE_RETURN SYSTEM "<qualys_base_url>/api/3.0/simple_return.dtd"> <SIMPLE_RETURN> <RESPONSE> <DATETIME>2025-06-17T05:45:04Z</DATETIME> <TEXT>New report launched</TEXT> <ITEM_LIST> <ITEM> <KEY>ID</KEY> <VALUE>6627423</VALUE> </ITEM> </ITEM_LIST> </RESPONSE> </SIMPLE_RETURN>
Sample - List the ReportSample - List the Report
API Request
curl --location --request POST '<qualys_base_url>/api/3.0/fo/report/?echo_request=1&action=list&id=6626811' \
--header 'X-Requested-With: curl' \
--header 'Authorization: Basic Encoded username:passwordstring'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE REPORT_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/report/report_list_output.dtd">
<REPORT_LIST_OUTPUT>
<REQUEST>
<DATETIME>2025-06-17T12:25:55Z</DATETIME>
<USER_LOGIN>John_doe</USER_LOGIN>
<RESOURCE><qualys_base_url>/api/3.0/fo/report/</RESOURCE>
<PARAM_LIST>
<PARAM>
<KEY>echo_request</KEY>
<VALUE>1</VALUE>
</PARAM>
<PARAM>
<KEY>action</KEY>
<VALUE>list</VALUE>
</PARAM>
<PARAM>
<KEY>id</KEY>
<VALUE>6626811</VALUE>
</PARAM>
</PARAM_LIST>
</REQUEST>
<RESPONSE>
<DATETIME>2025-06-17T12:25:56Z</DATETIME>
<REPORT_LIST>
<REPORT>
<ID>6626811</ID>
<TITLE>
<![CDATA[FQDN_template_Multiple]]>
</TITLE>
<TYPE>Scan</TYPE>
<USER_LOGIN>John_doe</USER_LOGIN>
<LAUNCH_DATETIME>2025-06-16T08:57:52Z</LAUNCH_DATETIME>
<OUTPUT_FORMAT>CSV</OUTPUT_FORMAT>
<SIZE>1.15 MB</SIZE>
<STATUS>
<STATE>Finished</STATE>
</STATUS>
<EXPIRATION_DATETIME>2025-06-23T08:57:55Z</EXPIRATION_DATETIME>
</REPORT>
</REPORT_LIST>
</RESPONSE>
</REPORT_LIST_OUTPUT>
Sample - Fetch the ReportSample - Fetch the Report
API Request
curl --location '<qualys_base_url>/api/3.0/fo/report/?echo_request=1&action=fetch&id=6626811' \
--header 'X-Requested-With: curl' \
--header 'Authorization: Basic Encoded username:passwordstring'
API Response
"FQDN_template_Multiple","06/16/2025 at 14:30:35 (GMT+0530)"
"QA testing Team","pune","pune","pune","Georgia","United States of America","111"
"Testing QA Manager","john_doe","Manager"
"Asset Groups","IPs","Active Hosts","Hosts Matching Filters","Trend Analysis","Date Range","Network","Asset Tags"
"NONE","NONE","5","5","Past 2 detections","N/A","Global Default Network","NONE"
"Total Vulnerabilities","Avg Security Risk","Business Risk"
"500","3.4","0"
"IP","Network","Total Vulnerabilities","Security Risk"
"10.xx.xx.94","ACustom_Net1","104","3.1"
"10.xx.xx.94","Global Default Network","139","3.5"
"10.xx.xx.71","Global Default Network","60","3.9"
"10.xx.xx.86","Global Default Network","63","3.2"
"10.xx.xx.1","Global Default Network","134","3.2"
"IP","Network","DNS","NetBIOS","QG Host ID","IP Interfaces","Tracking Method","OS","IP Status","QID","Title","Vuln Status","Type","Severity","Port","Protocol","FQDN","SSL","First Detected","Last Detected","Times Detected","Date Last Fixed","First Reopened","Last Reopened","Times Reopened","CVE ID","Vendor Reference","Bugtraq ID","CVSS","CVSS Base","CVSS Temporal","CVSS Environment","CVSS3.1","CVSS3.1 Base","CVSS3.1 Temporal","Threat","Impact","Solution","Exploitability","Associated Malware","Results","PCI Vuln","Ticket State","Instance","Category","Associated AGs","Non-running Kernel","Cloud Provider","Cloud Provider Service","Cloud Service","Cloud Resource ID","Cloud Resource Type","Cloud Account","Cloud Image ID","Cloud Resource Metadata","EC2 Instance ID","Public Hostname","Image ID","VPC ID","Instance State","Private Hostname","Instance Type","Account ID","Region Code","Subnet ID","Host ID","Asset ID","QDS","ARS","ACS","TruRisk Score","MITRE ATT&CK Tactic Name","MITRE ATT&CK Technique Name","MITRE ATT&CK Tactic ID","MITRE ATT&CK Technique ID"
"10.44.201.71","Global Default Network","qwiki.intranet.qualys.com",,,,"DNS",,"host scanned, found vuln","732544","Atlassian Confluence Server and Data Center Xstream Dependency Vulnerability (CONFSERVER-99568)","New","Vuln","4","443","tcp",,,"06/02/2025 13:56:58","06/02/2025 13:56:58","1",,,,,"CVE-2024-47072","CONFSERVER-99568",,"4","5.4 (AV:A/AC:M/Au:M/C:N/I:C/A:P)","4.0 (E:U/RL:OF/RC:C)","Asset Group: -, Collateral Damage Potential: -, Target Distribution: -, Confidentiality Requirement: -, Integrity Requirement: -, Availability Requirement: -","6.5","7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)","6.5 (E:U/RL:O/RC:C)","Confluence is team collaboration software written in Java. Affected version: PLEASE FILL THE AFFECTED VERSIONS MANUALLY QID Detection Logic:(Unauthenticated) It checks for vulnerable version of Atlassian Confluence Server. QID Detection Logic(Authenticated): Operating System: (Windows) The QID checks for vulnerable versions of Confluence Server with registry path QID Detection Logic(Authenticated): Operating System: (Unix) The QID checks for vulnerable versions of Confluence Server advised by the vendor using install location","Successful exploitation of this vulnerability could lead to a security breach or affect confidentiality, integrity, and availability.","Customers are advised to refer to CONFSERVER-99568 (https://jira.atlassian.com/browse/CONFSERVER-99568) for updates pertaining to this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
CONFSERVER-99568 (https://jira.atlassian.com/browse/CONFSERVER-99568)",,,"Vulnerable Atlassian Confluence detected on port: 443
Printed by Atlassian Confluence 8.9.1 #","no","Open",,"CGI",,"No",,,,,,,,"[]",,,,,,,,,,,"15840097","69114947","35","333","2","333",,,,
"10.xx.xx.71","Global Default Network","qwiki.intranet.qualys.com",,,,"DNS",,"host scanned, found vuln","732543","Atlassian Confluence Server and Data Center Third-Party Dependency Vulnerability (CONFSERVER-99686)","New","Vuln","4","443","tcp",,,"06/02/2025 13:56:58","06/02/2025 13:56:58","1",,,,,"CVE-2025-31650","CONFSERVER-99686",,"4.2","5.4 (AV:A/AC:M/Au:M/C:N/I:C/A:P)","4.3 (E:POC/RL:OF/RC:C)","Asset Group: -, Collateral Damage Potential: -, Target Distribution: -, Confidentiality Requirement: -, Integrity Requirement: -, Availability Requirement: -","6.7","7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)","6.7 (E:P/RL:O/RC:C)","Confluence is team collaboration software written in Java. Affected version: PLEASE FILL THE AFFECTED VERSIONS MANUALLY QID Detection Logic:(Unauthenticated) It checks for vulnerable version of Atlassian Confluence Server. QID Detection Logic(Authenticated): Operating System: (Windows) The QID checks for vulnerable versions of Confluence Server with registry path QID Detection Logic(Authenticated): Operating System: (Unix) The QID checks for vulnerable versions of Confluence Server advised by the vendor using install location","Successful exploitation of this vulnerability could lead to a security breach or affect confidentiality, integrity, and availability.","Customers are advised to refer to CONFSERVER-99686 (https://jira.atlassian.com/browse/CONFSERVER-99686) for updates pertaining to this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
CONFSERVER-99686 (https://jira.atlassian.com/browse/CONFSERVER-99686)","Source: github-exploits
Reference:CVE-2025-31650
Description:sattarbug/Analysis-of-TomcatKiller---CVE-2025-31650-Exploit-Tool exploit repository
Link:https://github.com/sattarbug/Analysis-of-TomcatKiller---CVE-2025-31650-Exploit-Tool
Reference:CVE-2025-31650
Description:assad12341/Dos-exploit- exploit repository
Link:https://github.com/assad12341/Dos-exploit-
Reference:CVE-2025-31650
Description:tunahantekeoglu/CVE-2025-31650 exploit repository
Link:https://github.com/tunahantekeoglu/CVE-2025-31650
Reference:CVE-2025-31650
Description:absholi7ly/TomcatKiller-CVE-2025-31650 exploit repository
Link:https://github.com/absholi7ly/TomcatKiller-CVE-2025-31650
Source: exploitdb
Reference:CVE-2025-31650
Description:Apache Tomcat 10.1.39 - Denial of Service (DoS)
Link:https://www.exploit-db.com/exploits/52318
Source: blogs
Reference:CVE-2025-31650
Description:Apache Tomcat 10.1.39 - Denial of Service (DOS)
Link:https://www.exploit-db.com/raw/52318",,"Vulnerable Atlassian Confluence detected on port: 443
Printed by Atlassian Confluence 8.9.1 #","no","Open",,"CGI",,"No",,,,,,,,"[]",,,,,,,,,,,"15840097","69114947","42","333","2","333",,,,
"10.44.201.71","Global Default Network","qwiki.intranet.qualys.com",,,,"DNS",,"host scanned, found vuln","732438","Atlassian Confluence Server and Data Center Denial of Service (DoS) Vulnerability (CONFSERVER-99540)","New","Vuln","4","443","tcp",,,"06/02/2025 13:56:58","06/02/2025 13:56:58","1",,,,,"CVE-2025-24970","CONFSERVER-99540",,"4","5.4 (AV:A/AC:M/Au:M/C:N/I:C/A:P)","4.0 (E:U/RL:OF/RC:C)","Asset Group: -, Collateral Damage Potential: -, Target Distribution: -, Confidentiality Requirement: -, Integrity Requirement: -, Availability Requirement: -","6.5","7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)","6.5 (E:U/RL:O/RC:C)","Confluence is team collaboration software written in Java.
Affected version:
All versions of Confluence Data Center and Server from 7.19 to 7.19.30
All versions of Confluence Data Center and Server from 7.20 to 7.20.3
All versions of Confluence Data Center and Server from 8.0 to 8.5.19
All versions of Confluence Data Center and Server from 8.6.0 to 8.6.2
All versions of Confluence Data Center and Server from 8.7.0 to 8.7.2
All versions of Confluence Data Center and Server from 8.8.0 to 8.8.1
All versions of Confluence Data Center and Server from 8.9.0 to 8.9.8
All versions of Confluence Data Center and Server from 9.0.0 to 9.0.3
All versions of Confluence Data Center and Server from 9.1.0 to 9.1.1
All versions of Confluence Data Center and Server from 9.2.0 to 9.2.1
All versions of Confluence Data Center and Server from 9.3.0 to 9.3.1
QID Detection Logic:(Unauthenticated)
It checks for vulnerable version of Atlassian Confluence Server by hitting the GET request on ""login.action"" endpoint.
QID Detection Logic(Authenticated): Operating System: (Windows)
The QID checks for vulnerable versions of Confluence Server with registry path
QID Detection Logic(Authenticated): Operating System: (Unix)
The QID checks for vulnerable versions of Confluence Server advised by the vendor using install location","Successful exploitation of this vulnerability could lead to a security breach or affect confidentiality, integrity, and availability.","Customers are advised to refer to CONFSERVER-99540 (https://jira.atlassian.com/browse/CONFSERVER-99540) for updates pertaining to this vulnerability.
Sample - Cancel the ReportSample - Cancel the Report
API Request
curl --location --request POST '<qualys_base_url>/api/3.0/fo/report/?echo_request=1&action=cancel&id=6619731' \
--header 'X-Requested-With: curl' \
--header 'Authorization: Basic Encoded username:passwordstring'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "
<qualys_base_url>/api/3.0/simple_return.dtd">
<SIMPLE_RETURN>
<REQUEST>
<DATETIME>2025-06-17T11:05:51Z</DATETIME>
<USER_LOGIN>akkqa_tq</USER_LOGIN>
<RESOURCE>
<qualys_base_url>/api/3.0/fo/report/
</RESOURCE>
<PARAM_LIST>
<PARAM>
<KEY>echo_request</KEY>
<VALUE>1</VALUE>
</PARAM>
<PARAM>
<KEY>action</KEY>
<VALUE>cancel</VALUE>
</PARAM>
<PARAM>
<KEY>id</KEY>
<VALUE>6627719</VALUE>
</PARAM>
</PARAM_LIST>
</REQUEST>
<RESPONSE>
<DATETIME>2025-06-17T11:05:51Z</DATETIME>
<TEXT>Report canceled</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>ID</KEY>
<VALUE>6627719</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>
Support for API Access for SAML Users
With this release, we have removed the earlier restrictions that applied to SAML (Security Assertion Markup Language) SSO (Single Sign-On) enabled user accounts.
Previously, if a user account with SAML SSO enabled, attempted to run an API request, an error indicating that the operation could not be processed was displayed. This limitation was in place because SAML-enabled accounts were not allowed to use basic authentication (username and password) methods for API access.
Now, with this release, SAML-enabled users can successfully run API requests using OpenID Connect API authentication. This enhancement allows SAML users to securely access APIs without encountering previous validation errors.
Qualys Policy Compliance (PC)
For the list of features and improvements made in Policy Compliance/Policy Audit, refer to the Policy Audit API Release Notes for Release 1.1.0.
Issues Addressed
The following reported and notable customer API issue are fixed in this release:
| Component/Category | Application |
Description |
| VM - API General | Vulnerability Management | When the user executed a V3 or V4 API call with the result_instance parameter for the API (api/4.0/fo/asset/host/vm/detection/) in a VMSP subscription, the request failed due to a broken user_vuln SQL query. Relevant code changes have made to fix the issue. |
| VM - API General | Vulnerability Management | When the user executed the SCIM API to create user (/api/2.0/fo/scim/) a code 999 error was encountered. Relevant code changes have been made to fix the issue and now users are getting created using SCIM API. |
| VM - Users API | Vulnerability Management | When the users used the API filter to edit the sub-users, the configurations were reflected in the UI, but a HTTP 501 error was encountered along with an incident signature in the API. Relevant code changes are made to fix the issue. |
For the list of issues addressed in Policy Compliance/Policy Audit, refer to the Policy Audit API Release Notes for Release 1.1.0.