Enterprise TruRisk™ Platform Release 10.36.1 API
November 3, 2025
Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.
We have implemented versioning for APIs. For more information on API versioning, refer to the Updates on API Versioning Standards & Deprecation Timelines blog.
Qualys Vulnerability Management (VM)
Host List Detection API: Identify Highest Contributing CVE and Associated Risk Factors
| New or Updated API | Updated |
| API Endpoint | /api/4.0/fo/asset/host/vm/detection/ |
| EOS Timeline: December 2025 | |
| EOL Timeline: June 2026 | |
| API Endpoint (New Version) |
/api/5.0/fo/asset/host/vm/detection/ |
| Method | GET, POST |
| DTD or XSD changes | No |
With this feature, you can now identify the highest contributing CVE under the QDS_FACTORS tag to improve the prioritization and remediation strategies. The Qualys Detection Score (QDS) factor includes the risk factors associated with each detection record, in the response using the existing show_qds_factors parameter. The highest contributing factor is displayed under QDS_FACTORS tag in the response.
API Request
curl --location --request POST '
<qualys_base_url>/api/5.0/fo/asset/host/vm/detection/?action=list&show_qds_factors=1&show_qds=1
--header 'X-Requested-With: xxx' \
--header 'Authorization: Bearer <JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE HOST_LIST_VM_DETECTION_OUTPUT SYSTEM "
<qualys_base_url>/api/5.0/fo/asset/host/vm/detection/dtd/output.dtd">
<HOST_LIST_VM_DETECTION_OUTPUT>
<RESPONSE>
<DATETIME>2025-10-23T05:42:36Z</DATETIME>
<HOST_LIST>
<HOST>
<ID>6885606</ID>
<IP>10.xx.xx.xx</IP>
<TRACKING_METHOD>IP</TRACKING_METHOD>
<NETWORK_ID>0</NETWORK_ID>
<OS>
<![CDATA[Windows 2012 R2 Standard]]>
</OS>
<DNS>
<![CDATA[wdw2012r2ntlm]]>
</DNS>
<DNS_DATA>
<HOSTNAME>
<![CDATA[wdw2012r2ntlm]]>
</HOSTNAME>
<DOMAIN />
<FQDN />
</DNS_DATA>
<NETBIOS>
<![CDATA[WDW2012R2NTLM]]>
</NETBIOS>
<LAST_SCAN_DATETIME>2024-06-02T05:14:11Z</LAST_SCAN_DATETIME>
<LAST_VM_SCANNED_DATE>2024-06-02T05:14:03Z</LAST_VM_SCANNED_DATE>
<LAST_VM_SCANNED_DURATION>570</LAST_VM_SCANNED_DURATION>
<DETECTION_LIST>
<DETECTION>
<UNIQUE_VULN_ID>89625105</UNIQUE_VULN_ID>
<QID>90882</QID>
<TYPE>Confirmed</TYPE>
<SEVERITY>3</SEVERITY>
<PORT>3389</PORT>
<PROTOCOL>tcp</PROTOCOL>
<SSL>0</SSL>
<RESULTS>
<![CDATA[RDP Supported Encryption methods: RC4(40 bit),RC4(56 bit)]]>
</RESULTS>
<STATUS>Active</STATUS>
<FIRST_FOUND_DATETIME>2021-04-19T10:14:24Z</FIRST_FOUND_DATETIME>
<LAST_FOUND_DATETIME>2024-06-02T05:14:03Z</LAST_FOUND_DATETIME>
<QDS severity="LOW">30</QDS>
<QDS_FACTORS>
<QDS_FACTOR name="RTI">
<![CDATA[No_Patch,High_Data_Loss]]>
</QDS_FACTOR>
<QDS_FACTOR name="CVSS">
<![CDATA[4.7]]>
</QDS_FACTOR>
<QDS_FACTOR name="CVSS_version">
<![CDATA[v2]]>
</QDS_FACTOR>
<QDS_FACTOR name="QID_severity">
<![CDATA[3.0]]>
</QDS_FACTOR>
<QDS_FACTOR name="HIGHEST_CONTRIBUTING_CVE">
<![CDATA[90882]]>
</QDS_FACTOR>
</QDS_FACTORS>
<TIMES_FOUND>2</TIMES_FOUND>
<LAST_TEST_DATETIME>2024-06-02T05:14:03Z</LAST_TEST_DATETIME>
<LAST_UPDATE_DATETIME>2024-06-02T05:14:11Z</LAST_UPDATE_DATETIME>
<IS_IGNORED>0</IS_IGNORED>
<IS_DISABLED>0</IS_DISABLED>
<LAST_PROCESSED_DATETIME>2024-06-02T05:14:11Z</LAST_PROCESSED_DATETIME>
</DETECTION>
</DETECTION_LIST>
</HOST>
<HOST>
<ID>6885818</ID>
<IP>10.xx.xx.xx</IP>
<TRACKING_METHOD>IP</TRACKING_METHOD>
<NETWORK_ID>0</NETWORK_ID>
<OS>
<![CDATA[Windows 7 Ultimate]]>
</OS>
<DNS>
<![CDATA[pat-65-37]]>
</DNS>
<DNS_DATA>
<HOSTNAME>
<![CDATA[pat-65-37]]>
</HOSTNAME>
<DOMAIN />
<FQDN />
</DNS_DATA>
<NETBIOS>
<![CDATA[PAT-65-37]]>
</NETBIOS>
<LAST_SCAN_DATETIME>2025-10-22T14:06:29Z</LAST_SCAN_DATETIME>
<LAST_VM_SCANNED_DATE>2025-10-22T14:06:22Z</LAST_VM_SCANNED_DATE>
<LAST_VM_SCANNED_DURATION>863</LAST_VM_SCANNED_DURATION>
<DETECTION_LIST>
<DETECTION>
<UNIQUE_VULN_ID>90073263</UNIQUE_VULN_ID>
<QID>90783</QID>
<TYPE>Confirmed</TYPE>
<SEVERITY>5</SEVERITY>
<SSL>0</SSL>
<RESULTS>
<![CDATA[QID: 90783 detected on port 3389 over TCP.]]>
</RESULTS>
<STATUS>Active</STATUS>
<FIRST_FOUND_DATETIME>2021-05-23T11:28:17Z</FIRST_FOUND_DATETIME>
<LAST_FOUND_DATETIME>2025-10-22T14:06:22Z</LAST_FOUND_DATETIME>
<QDS severity="CRITICAL">95</QDS>
<QDS_FACTORS>
<QDS_FACTOR name="RTI">
<![CDATA[dos]]>
</QDS_FACTOR>
<QDS_FACTOR name="exploit_maturity">
<![CDATA[poc,weaponized]]>
</QDS_FACTOR>
<QDS_FACTOR name="malware_name">
<![CDATA[SlowLoris,Generic,Heuristic,FlyStudio]]>
</QDS_FACTOR>
<QDS_FACTOR name="CVSS">
<![CDATA[9.3]]>
</QDS_FACTOR>
<QDS_FACTOR name="CVSS_version">
<![CDATA[v2]]>
</QDS_FACTOR>
<QDS_FACTOR name="epss">
<![CDATA[0.8547]]>
</QDS_FACTOR>
<QDS_FACTOR name="CVSS_vector">
<![CDATA[AV:N/AC:M/Au:N/C:C/I:C/A:C]]>
</QDS_FACTOR>
<QDS_FACTOR name="malware_hash">
<![CDATA[9bd81d4142a4cd962727332e09982d4df588e777321b442c174c69114becbcbf]]>
</QDS_FACTOR>
<QDS_FACTOR name="malware_hash">
<![CDATA[226f7341be64b865955bbe2d339ad28c49bbec08bb9e4086f3c98e03e5409b4c]]>
</QDS_FACTOR>
<QDS_FACTOR name="malware_hash">
<![CDATA[83d9e97bc58123ae1842fa3e9f8d19ee685170a94588ff4df81cadaedaf27c87]]>
</QDS_FACTOR>
<QDS_FACTOR name="malware_hash">
<![CDATA[a58bcf58422572184759fe64c1746b1cd7a8af5cb8826b76dfeefe6dc7cd6f04]]>
</QDS_FACTOR>
<QDS_FACTOR name="malware_hash">
<![CDATA[1038f183ff1d11066c427923756705c5959d3665fd2726d842ad55ee3c133c30]]>
</QDS_FACTOR>
<QDS_FACTOR name="malware_hash">
<![CDATA[181b169328a15072938c5759392a4d288caea1382460cda636b37a6aadce0d4c]]>
</QDS_FACTOR>
<QDS_FACTOR name="HIGHEST_CONTRIBUTING_CVE">
<![CDATA[CVE-2012-0002]]>
</QDS_FACTOR>
</QDS_FACTORS>
<TIMES_FOUND>557</TIMES_FOUND>
<LAST_TEST_DATETIME>2025-10-22T14:06:22Z</LAST_TEST_DATETIME>
<LAST_UPDATE_DATETIME>2025-10-22T14:06:29Z</LAST_UPDATE_DATETIME>
<LAST_FIXED_DATETIME>2025-09-27T14:09:05Z</LAST_FIXED_DATETIME>
<IS_IGNORED>0</IS_IGNORED>
<IS_DISABLED>0</IS_DISABLED>
<LAST_PROCESSED_DATETIME>2025-10-22T14:06:29Z</LAST_PROCESSED_DATETIME>
</DETECTION>
<DETECTION>
<UNIQUE_VULN_ID>90073265</UNIQUE_VULN_ID>
<QID>90882</QID>
<TYPE>Confirmed</TYPE>
<SEVERITY>3</SEVERITY>
<PORT>3389</PORT>
<PROTOCOL>tcp</PROTOCOL>
<SSL>0</SSL>
<RESULTS>
<![CDATA[RDP Supported Encryption methods: RC4(40 bit),RC4(56 bit)]]>
</RESULTS>
<STATUS>Active</STATUS>
<FIRST_FOUND_DATETIME>2021-05-23T11:28:17Z</FIRST_FOUND_DATETIME>
<LAST_FOUND_DATETIME>2025-10-22T14:06:22Z</LAST_FOUND_DATETIME>
<QDS severity="LOW">30</QDS>
<QDS_FACTORS>
<QDS_FACTOR name="RTI">
<![CDATA[No_Patch,High_Data_Loss]]>
</QDS_FACTOR>
<QDS_FACTOR name="CVSS">
<![CDATA[4.7]]>
</QDS_FACTOR>
<QDS_FACTOR name="CVSS_version">
<![CDATA[v2]]>
</QDS_FACTOR>
<QDS_FACTOR name="QID_severity">
<![CDATA[3.0]]>
</QDS_FACTOR>
<QDS_FACTOR name="HIGHEST_CONTRIBUTING_CVE">
<![CDATA[90882]]>
</QDS_FACTOR>
</QDS_FACTORS>
<TIMES_FOUND>558</TIMES_FOUND>
<LAST_TEST_DATETIME>2025-10-22T14:06:22Z</LAST_TEST_DATETIME>
<LAST_UPDATE_DATETIME>2025-10-22T14:06:29Z</LAST_UPDATE_DATETIME>
<LAST_FIXED_DATETIME>2023-08-29T13:30:08Z</LAST_FIXED_DATETIME>
<IS_IGNORED>0</IS_IGNORED>
<IS_DISABLED>0</IS_DISABLED>
<LAST_PROCESSED_DATETIME>2025-10-22T14:06:29Z</LAST_PROCESSED_DATETIME>
</DETECTION>
<DETECTION>
<UNIQUE_VULN_ID>90073262</UNIQUE_VULN_ID>
<QID>91541</QID>
<TYPE>Confirmed</TYPE>
<SEVERITY>5</SEVERITY>
<SSL>0</SSL>
<RESULTS>
<![CDATA[Microsoft Windows Remote Desktop Services Remote Code Execution Vulnerability Detected (BlueKeep)]]>
</RESULTS>
<STATUS>Active</STATUS>
<FIRST_FOUND_DATETIME>2021-05-23T11:28:17Z</FIRST_FOUND_DATETIME>
<LAST_FOUND_DATETIME>2025-10-22T14:06:22Z</LAST_FOUND_DATETIME>
<QDS severity="CRITICAL">100</QDS>
<QDS_FACTORS>
<QDS_FACTOR name="RTI">
<![CDATA[remote,dos]]>
</QDS_FACTOR>
<QDS_FACTOR name="exploit_maturity">
<![CDATA[weaponized,poc]]>
</QDS_FACTOR>
<QDS_FACTOR name="malware_name">
<![CDATA[Lockbit,Redkeeper,Unattributed,Doppelpaymer,Netwalker,Mailto]]>
</QDS_FACTOR>
<QDS_FACTOR name="threat_actors">
<![CDATA[Velvet Chollima,Silent Chollima,Wizard Spider,Unattributed,Invisimole,Vicious Panda,Microcin,Larva-24005,Emennet Pasargad,China Attribution]]>
</QDS_FACTOR>
<QDS_FACTOR name="CISA_vuln">
<![CDATA[YES]]>
</QDS_FACTOR>
<QDS_FACTOR name="CVSS">
<![CDATA[10.0]]>
</QDS_FACTOR>
<QDS_FACTOR name="CVSS_version">
<![CDATA[v2]]>
</QDS_FACTOR>
<QDS_FACTOR name="epss">
<![CDATA[0.94445]]>
</QDS_FACTOR>
<QDS_FACTOR name="trending">
<![CDATA[10102025,10052025,10072025,10122025,10032025,10042025,09252025,10082025,10062025,09242025,09282025,10132025,10142025,09272025,10012025,09292025,10152025]]>
</QDS_FACTOR>
<QDS_FACTOR name="CVSS_vector">
<![CDATA[AV:N/AC:L/Au:N/C:C/I:C/A:C]]>
</QDS_FACTOR>
<QDS_FACTOR name="malware_hash">
<![CDATA[9966826ada8b1f366a9e7b9b1e7c430a2a49dda60eb7025c7481295e3ab7f9e4]]>
</QDS_FACTOR>
<QDS_FACTOR name="malware_hash">
<![CDATA[8b561784fb52edcdd86adf387c9e2cb152aec027c14cafbee60957b50af7d550]]>
</QDS_FACTOR>
<QDS_FACTOR name="malware_hash">
<![CDATA[28fb99f0193d20d3fff6c40b9b85c0c4b5073166ca50ec83e85c276f4fab8647]]>
</QDS_FACTOR>
<QDS_FACTOR name="malware_hash">
<![CDATA[8402e053d5ad4e21c2c96a04e117d113f7bbdb295e2c55dcf8b94054d83fc1af]]>
</QDS_FACTOR>
<QDS_FACTOR name="malware_hash">
<![CDATA[d4e2240c194c291d9c98454dca2c040902146def53bdee9900f1b9724d418268]]>
</QDS_FACTOR>
<QDS_FACTOR name="malware_hash">
<![CDATA[76991e2f91e7ac9066c94489fdd332ea8e15995a15eabc29647920366e5591b5]]>
</QDS_FACTOR>
<QDS_FACTOR name="CISA_DUE_DATE">
<![CDATA[1651536000000]]>
</QDS_FACTOR>
<QDS_FACTOR name="CISA_ADDED_DATE">
<![CDATA[1635897600000]]>
</QDS_FACTOR>
<QDS_FACTOR name="HIGHEST_CONTRIBUTING_CVE">
<![CDATA[CVE-2019-0708]]>
</QDS_FACTOR>
</QDS_FACTORS>
<TIMES_FOUND>543</TIMES_FOUND>
<LAST_TEST_DATETIME>2025-10-22T14:06:22Z</LAST_TEST_DATETIME>
<LAST_UPDATE_DATETIME>2025-10-22T14:06:29Z</LAST_UPDATE_DATETIME>
<LAST_FIXED_DATETIME>2025-09-27T14:09:05Z</LAST_FIXED_DATETIME>
<IS_IGNORED>0</IS_IGNORED>
<IS_DISABLED>0</IS_DISABLED>
<LAST_PROCESSED_DATETIME>2025-10-22T14:06:29Z</LAST_PROCESSED_DATETIME>
</DETECTION>
</DETECTION_LIST>
</HOST>
</HOST_LIST>
</RESPONSE>
</HOST_LIST_VM_DETECTION_OUTPUT>
EOS Message Applicable Only to XML Response Format
With this release, End-of-Service (EOS) messaging has been added to VM APIs wherever versioning is involved. Currently, the EOS message is shown only in XML response format.
Qualys Policy Compliance (PC)
For the list of features and improvements made in Policy Compliance/Policy Audit, refer to the Policy Audit API Release Notes for Release 1.5.