Enterprise TruRisk™ Platform Release 10.36.2 API
December 4, 2025
Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.
We have implemented versioning for APIs. For more information on API versioning, refer to the Updates on API Versioning Standards & Deprecation Timelines blog.
Qualys Vulnerability Management (VM)
Knowledge Base (KB) QVS API: Get CISA CVE Details When KB/QVS API is Executed
| New or Updated API | Updated |
| API Endpoint |
/api/2.0/fo/knowledge_base/qvs/ /api/3.0/fo/knowledge_base/qvs/ |
| Method | GET, POST |
| DTD or XSD changes | No |
With this release, the existing KB QVS API versions 2.0 and 3.0 now provide additional insights by introducing three new attributes - CISA VULN, CISA Added Date, and CISA Due Date. These attributes appear under the contributingFactors tag in the API response, ensuring complete and accurate data for CISA CVE IDs.
Applicable for both GET and POST methods for /api/2.0/fo/knowledge_base/qvs/ and api/3.0/fo/knowledge_base/qvs/
Sample - KB/QVS API Call for Version 2.0Sample - KB/QVS API Call for Version 2.0
API Request
curl --location
'<qualys_base_url>/api/2.0/fo/knowledge_base/qvs/?action=list&cve=CVE-2021-36764%2CCVE-2021-36765%2CCVE-2021-36798%2CCVE-2017-0199&details=All'\
--header 'X-Requested-With: curl demo 2' \
--header 'Authorization: Bearer <JWT Token>'
API Response
"CVE-2017-0199": {
"base": {
"id": "CVE-2017-0199",
"idType": "CVE",
"qvs": "100",
"qvsLastChangedDate": 1664755200,
"nvdPublishedDate": 1492009141
},
"contributingFactors": {
"cvss": "9.3",
"cvssVersion": "v2",
"cvssString": "AV:N\/AC:M\/Au:N\/C:C\/I:C\/A:C",
"threatActors": [
"Stardust Chollima,Cobalt Spider,APT43,Mythic Leopard,SectorJ,APT41,Whisper Spider,SideWinder,Silence,APT34,Kimsuky,Primitive Bear,TA459,Mustang Panda,Cobalt,Gorgon Group,Gothic Panda,Codoso,LABYRINTH CHOLLIMA,Pioneer Kitten,TA558,Dropping Elephant,Subaat,Quilted Tiger,Saaiwc Group,OilRig,Ocean Buffalo,APT19,China Attribution,Helix Kitten,Slayer Kitten,Lazarus Group,Velvet Chollima,BlackTech,Leviathan,SectorA,Dark Pink,CopyKittens,Razor Tiger,Gamaredon,PARASITE,Shadow Crane,Stone Panda,Labyrinth Chollima,Molerats,Kryptonite Panda,FIN7,DarkHotel,North Korea Attribution,Unattributed,Ricochet Chollima,Circuit Panda,RedAlpha,Carbon Spider,Wicked Panda,CHRYSENE,MuddyWater,Luckycat,GreyEnergy,Static Kitten,APT37"
],
"exploitMaturity": [
"poc,weaponized"
],
"trending": [
"10302025,11052025,11032025,10152025,10142025,11022025,11082025,11072025,11102025,10292025,10132025,11012025,10282025,10312025"
],
"malwareName": [
"Leonem,SLoad,Relsloadr,Donoff,Blinky,MalLink,Nemucod,Oneeva,Meterpreter,Emotet,Petya,Pterodo,Powsheldow,IcedID,Amphitryon,Snakekeylogger,Kepavll,Cerber,Cryxos,LokiBot,Powdow,Downlaoder,Valyria,Alien,Bladabhindi,Privateloader,Pidief,Aentdwn,Pantera,Farheyt,Relslodr,DdexLoader,AgentTesla,RTFObfustream,MacroLess,Badur,Razy,Snojan,DdeExec,FormBook,Stelega,TurtleLoader,Generic,WannaCry,EncDoc,Remcos,Negasteal,CobaltStrikeBeacon,Skeeyah,Bitrep,Encrypteddoc,Abnormal,Sonoko,Ymacco,Dotmer,Loki,Powload,Heuristic,RemoteTemplateInj,MesdettyLaunch,GenScript,BlackKingdom,Rasftuby,LockerGoga,Stratos,Madefref,PhishingAdb,Bluteal,Androm,Multiverze,Disco,Znyonm,Upatre,Phonzy,Rozena,Tiggre,Casur,Occamy,Zpevdo,Johnnie,NanoCore,SDrop,Pederr,BadTemplate,Ako,Symmi,Toncteseg,Zenpak,Gluptel,Vigorf,DllHijack,Primarypass,Ofckit,CVE-2017-0199,Risepro,Olemalrtf,Psyme,SpamDocCrypted,Unattributed,Pyfatget,Malgent,Groooboor,Gozi,Wacatac"
],
"malwareHash": [
"7f2a499891a72b9f3b0923be0f9db490463639166b41a15fe3bf5387df660f1c",
"d73c616eaef3c683005a799b7420bae06bd5cd094d3923409f1611de67d4b82f",
"54874f342f9e4d93ccba0208446e6699c489e1f1d99f396c358df63cdfa4535f",
"e29ebea9db086b874310403868dc233b6c03e4305bebca507dbd53f36170dba8",
"645434d52d7e12dbae40d46fef28870785e74d0126d9cead76f46d65fc283a7f",
"34717e10b0f170025c3e380fb0287fe3c1f3347e3071c79c1e39ea94a489e6f7"
],
"rti": [
"dos,remote"
],
"epss": [
"0.xxxx"
],
"cisaVuln": [
"YES"
],
"cisaDueDate": "1651536000000",
"cisaAddedDate": "1635897600000"
}
}
}
Sample - KB/QVS API Call for Version 3.0Sample - KB/QVS API Call for Version 3.0
API Request
curl --location
'<qualys_base_url>/api/3.0/fo/knowledge_base/qvs/?action=list&cve=CVE-2021-36764%2CCVE-2021-36765%2CCVE-2021-36798%2CCVE-2017-0199&details=All'\
--header 'X-Requested-With: curl demo 2' \
--header 'Authorization: Bearer <JWT Token>'
API Response
"CVE-2017-0199": {
"base": {
"id": "CVE-2017-0199",
"idType": "CVE",
"qvs": "100",
"qvsLastChangedDate": 1664755200,
"nvdPublishedDate": 1492009141
},
"contributingFactors": {
"cvss": "9.3",
"cvssVersion": "v2",
"cvssString": "AV:N\/AC:M\/Au:N\/C:C\/I:C\/A:C",
"threatActors": [
"Stardust Chollima,Cobalt Spider,APT43,Mythic Leopard,SectorJ,APT41,Whisper Spider,SideWinder,Silence,APT34,Kimsuky,Primitive Bear,TA459,Mustang Panda,Cobalt,Gorgon Group,Gothic Panda,Codoso,LABYRINTH CHOLLIMA,Pioneer Kitten,TA558,Dropping Elephant,Subaat,Quilted Tiger,Saaiwc Group,OilRig,Ocean Buffalo,APT19,China Attribution,Helix Kitten,Slayer Kitten,Lazarus Group,Velvet Chollima,BlackTech,Leviathan,SectorA,Dark Pink,CopyKittens,Razor Tiger,Gamaredon,PARASITE,Shadow Crane,Stone Panda,Labyrinth Chollima,Molerats,Kryptonite Panda,FIN7,DarkHotel,North Korea Attribution,Unattributed,Ricochet Chollima,Circuit Panda,RedAlpha,Carbon Spider,Wicked Panda,CHRYSENE,MuddyWater,Luckycat,GreyEnergy,Static Kitten,APT37"
],
"exploitMaturity": [
"poc,weaponized"
],
"trending": [
"10302025,11052025,11032025,10152025,10142025,11022025,11082025,11072025,11102025,10292025,10132025,11012025,10282025,10312025"
],
"malwareName": [
"Leonem,SLoad,Relsloadr,Donoff,Blinky,MalLink,Nemucod,Oneeva,Meterpreter,Emotet,Petya,Pterodo,Powsheldow,IcedID,Amphitryon,Snakekeylogger,Kepavll,Cerber,Cryxos,LokiBot,Powdow,Downlaoder,Valyria,Alien,Bladabhindi,Privateloader,Pidief,Aentdwn,Pantera,Farheyt,Relslodr,DdexLoader,AgentTesla,RTFObfustream,MacroLess,Badur,Razy,Snojan,DdeExec,FormBook,Stelega,TurtleLoader,Generic,WannaCry,EncDoc,Remcos,Negasteal,CobaltStrikeBeacon,Skeeyah,Bitrep,Encrypteddoc,Abnormal,Sonoko,Ymacco,Dotmer,Loki,Powload,Heuristic,RemoteTemplateInj,MesdettyLaunch,GenScript,BlackKingdom,Rasftuby,LockerGoga,Stratos,Madefref,PhishingAdb,Bluteal,Androm,Multiverze,Disco,Znyonm,Upatre,Phonzy,Rozena,Tiggre,Casur,Occamy,Zpevdo,Johnnie,NanoCore,SDrop,Pederr,BadTemplate,Ako,Symmi,Toncteseg,Zenpak,Gluptel,Vigorf,DllHijack,Primarypass,Ofckit,CVE-2017-0199,Risepro,Olemalrtf,Psyme,SpamDocCrypted,Unattributed,Pyfatget,Malgent,Groooboor,Gozi,Wacatac"
],
"malwareHash": [
"7f2a499891a72b9f3b0923be0f9db490463639166b41a15fe3bf5387df660f1c",
"d73c616eaef3c683005a799b7420bae06bd5cd094d3923409f1611de67d4b82f",
"54874f342f9e4d93ccba0208446e6699c489e1f1d99f396c358df63cdfa4535f",
"e29ebea9db086b874310403868dc233b6c03e4305bebca507dbd53f36170dba8",
"645434d52d7e12dbae40d46fef28870785e74d0126d9cead76f46d65fc283a7f",
"34717e10b0f170025c3e380fb0287fe3c1f3347e3071c79c1e39ea94a489e6f7"
],
"rti": [
"dos,remote"
],
"epss": [
"0.xxxx"
],
"cisaVuln": [
"YES"
],
"cisaDueDate": "1651536000000",
"cisaAddedDate": "1635897600000"
}
}
}
Qualys Policy Compliance (PC)
For the list of features and improvements made in Policy Compliance/Policy Audit, refer to the Policy Audit API Release Notes for Release 1.6.