Enterprise TruRisk™ Platform Release 10.36 API
October 23, 2025
Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.
We have implemented versioning for APIs. For more information on API versioning, refer to the Updates on API Versioning Standards & Deprecation Timelines blog.
Qualys Vulnerability Management (VM)
Option Profile API: Enhancement in Default Enablement of Recommended Option Profile
| New or Updated API | Updated |
| API Endpoint | /api/3.0/fo/subscription/option_profile/vm/ |
| EOS Timeline: December 2025 | |
| EOL Timeline: June 2026 | |
| API Endpoint (New Version) |
/api/4.0/fo/subscription/option_profile/vm/ |
| Method | POST |
| DTD or XSD changes | Yes |
In an earlier release, we introduced the Qualys Recommended Option Profile for all new VM/VMDR subscriptions. Refer to Cloud Platform 10.30 Release Notes.
With this release, we have further enhanced the Qualys Recommended Option Profile to provide improved configuration for all new VM/VMDR subscriptions.
When you select the overall performance as Normal, the following are the enhanced default settings:
- The number of Scanner Appliances is increased from 30 to 50. This helps to speed up the scanning process, as more scanner appliances can function simultaneously.
- Total process and HTTP processes is increased from 10 to 20. This allows each host to handle more scan tasks at once, improving overall scan throughput.
For existing recommended and non-recommended Option Profile users, the default settings for overall performance for Normal remain the same as earlier as 30, 10, and 10 for Scanner Appliances, Total Processes, and HTTP Processes.
Sample - Create Option ProfileSample - Create Option Profile
API Request
curl --location --request POST '
<qualys_base_url>/api/4.0/fo/subscription/option_profile/vm/?action=create&title=Option%20profile%20V4%20API1&scan_tcp_ports=standard&scan_udp_ports=standard&vulnerability_detection=complete&basic_information_gathering=all&map_tcp_ports_standard_scan=1&map_tcp_ports_additional=1' \
--header 'X-Requested-With: xxx' \
--header 'Authorization: Bearer <JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "<qualys_base_url>/api/4.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2025-09-18T05:44:15Z</DATETIME>
<TEXT>Option profile successfully added.</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>ID</KEY>
<VALUE>7723450</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>
Sample - Update Option ProfileSample - Update Option Profile
API Request
curl --location --request POST '
<qualys_base_url>/api/4.0/fo/subscription/option_profile/vm/?action=update&title=Option%20profile%20V4%20API%20updated&id=7721450' \
--header 'X-Requested-With: test' \
--header 'Authorization: Bearer <JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "<qualys_base_url>/api/4.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2025-09-18T05:50:54Z</DATETIME>
<TEXT>Option profile successfully updated.</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>ID</KEY>
<VALUE>7721450</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>
Sample - List the Option ProfileSample - List the Option Profile
API Request
curl --location '
<qualys_base_url>/api/4.0/fo/subscription/option_profile/vm/?action=list&id=7723450' \
--header 'X-Requested-With: curl' \
--header 'Content-type: text/xml' \
--header 'Authorization: Bearer <JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE OPTION_PROFILES SYSTEM "
<qualys_base_url>/api/4.0/fo/subscription/option_profile/option_profile_info.dtd">
<OPTION_PROFILES>
<OPTION_PROFILE>
<BASIC_INFO>
<ID>7723450</ID>
<GROUP_NAME>
<![CDATA[Option profile V4 API1]]>
</GROUP_NAME>
<GROUP_TYPE>user</GROUP_TYPE>
<USER_ID>
<![CDATA[name (username)]]>
</USER_ID>
<UNIT_ID>0</UNIT_ID>
<SUBSCRIPTION_ID>4073130</SUBSCRIPTION_ID>
<IS_DEFAULT>0</IS_DEFAULT>
<IS_GLOBAL>0</IS_GLOBAL>
<IS_OFFLINE_SYNCABLE>0</IS_OFFLINE_SYNCABLE>
<UPDATE_DATE>2025-09-18T05:43:45Z</UPDATE_DATE>
</BASIC_INFO>
<SCAN>
<PORTS>
<TCP_PORTS>
<TCP_PORTS_TYPE>standard</TCP_PORTS_TYPE>
<THREE_WAY_HANDSHAKE>0</THREE_WAY_HANDSHAKE>
</TCP_PORTS>
<UDP_PORTS>
<UDP_PORTS_TYPE>standard</UDP_PORTS_TYPE>
</UDP_PORTS>
<AUTHORITATIVE_OPTION>0</AUTHORITATIVE_OPTION>
</PORTS>
<SCAN_DEAD_HOSTS>0</SCAN_DEAD_HOSTS>
<PURGE_OLD_HOST_OS_CHANGED>1</PURGE_OLD_HOST_OS_CHANGED>
<PERFORMANCE>
<PARALLEL_SCALING>1</PARALLEL_SCALING>
<OVERALL_PERFORMANCE>Normal</OVERALL_PERFORMANCE>
<HOSTS_TO_SCAN>
<EXTERNAL_SCANNERS>15</EXTERNAL_SCANNERS>
<SCANNER_APPLIANCES>49</SCANNER_APPLIANCES>
</HOSTS_TO_SCAN>
<PROCESSES_TO_RUN>
<TOTAL_PROCESSES>20</TOTAL_PROCESSES>
<HTTP_PROCESSES>20</HTTP_PROCESSES>
</PROCESSES_TO_RUN>
<PACKET_DELAY>Medium</PACKET_DELAY>
<PORT_SCANNING_AND_HOST_DISCOVERY>Normal</PORT_SCANNING_AND_HOST_DISCOVERY>
</PERFORMANCE>
<LOAD_BALANCER_DETECTION>0</LOAD_BALANCER_DETECTION>
<VULNERABILITY_DETECTION>
<COMPLETE>
<![CDATA[complete]]>
</COMPLETE>
<DETECTION_INCLUDE>
<BASIC_HOST_INFO_CHECKS>0</BASIC_HOST_INFO_CHECKS>
<OVAL_CHECKS>0</OVAL_CHECKS>
</DETECTION_INCLUDE>
</VULNERABILITY_DETECTION>
<AUTHENTICATION>
<![CDATA[Windows,Unix]]>
</AUTHENTICATION>
<ADDL_CERT_DETECTION>0</ADDL_CERT_DETECTION>
</SCAN>
<MAP>
<BASIC_INFO_GATHERING_ON>all</BASIC_INFO_GATHERING_ON>
<TCP_PORTS>
<TCP_PORTS_STANDARD_SCAN>1</TCP_PORTS_STANDARD_SCAN>
<TCP_PORTS_ADDITIONAL>
<HAS_ADDITIONAL>1</HAS_ADDITIONAL>
<ADDITIONAL_PORTS>1</ADDITIONAL_PORTS>
</TCP_PORTS_ADDITIONAL>
</TCP_PORTS>
<MAP_OPTIONS>
<PERFORM_LIVE_HOST_SWEEP>0</PERFORM_LIVE_HOST_SWEEP>
<DISABLE_DNS_TRAFFIC>0</DISABLE_DNS_TRAFFIC>
</MAP_OPTIONS>
<MAP_PERFORMANCE>
<OVERALL_PERFORMANCE>Normal</OVERALL_PERFORMANCE>
<MAP_PARALLEL>
<EXTERNAL_SCANNERS>6</EXTERNAL_SCANNERS>
<SCANNER_APPLIANCES>8</SCANNER_APPLIANCES>
<NETBLOCK_SIZE>16384 IPs</NETBLOCK_SIZE>
</MAP_PARALLEL>
<PACKET_DELAY>Minimum</PACKET_DELAY>
</MAP_PERFORMANCE>
<MAP_AUTHENTICATION>none</MAP_AUTHENTICATION>
</MAP>
<ADDITIONAL>
<HOST_DISCOVERY>
<TCP_PORTS>
<STANDARD_SCAN>1</STANDARD_SCAN>
</TCP_PORTS>
<UDP_PORTS>
<STANDARD_SCAN>1</STANDARD_SCAN>
</UDP_PORTS>
<ICMP>0</ICMP>
</HOST_DISCOVERY>
<PACKET_OPTIONS>
<IGNORE_FIREWALL_GENERATED_TCP_RST>1</IGNORE_FIREWALL_GENERATED_TCP_RST>
<IGNORE_ALL_TCP_RST>0</IGNORE_ALL_TCP_RST>
<IGNORE_FIREWALL_GENERATED_TCP_SYN_ACK>1</IGNORE_FIREWALL_GENERATED_TCP_SYN_ACK>
<NOT_SEND_TCP_ACK_OR_SYN_ACK_DURING_HOST_DISCOVERY>0</NOT_SEND_TCP_ACK_OR_SYN_ACK_DURING_HOST_DISCOVERY>
</PACKET_OPTIONS>
</ADDITIONAL>
</OPTION_PROFILE>
</OPTION_PROFILES>
Sample - Delete Option ProfileSample - Delete Option Profile
API Request
curl --location --request POST '
<qualys_base_url>/api/4.0/fo/subscription/option_profile/vm/?action=delete&id=7721449
--header 'X-Requested-With: xxx' \
--header 'Authorization: Bearer <JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE SIMPLE_RETURN SYSTEM " <qualys_base_url>/api/4.0/simple_return.dtd"> <SIMPLE_RETURN> <RESPONSE> <DATETIME>2025-09-24T06:46:17Z</DATETIME> <TEXT>Option Profile Deleted Successfully</TEXT> <ITEM_LIST> <ITEM> <KEY>ID</KEY> <VALUE>7721451</VALUE> </ITEM> </ITEM_LIST> </RESPONSE> </SIMPLE_RETURN>
Sample - List all the IDs in the Option profileSample - List all the IDs in the Option profile
API Request
curl --location '
<qulays_base_url>/api/2.0/fo/subscription/option_profile/vm/?action=list' \
--header 'X-Requested-With: test' \
--header 'Authorization: Bearer <JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE OPTION_PROFILES SYSTEM "
<qualys_base_url>/api/4.0/fo/subscription/option_profile/option_profile_info.dtd">
<OPTION_PROFILES>
<OPTION_PROFILE>
<BASIC_INFO>
<ID>7319681</ID>
<GROUP_NAME>
<![CDATA[Vmware and Vcenter]]>
</GROUP_NAME>
<GROUP_TYPE>user</GROUP_TYPE>
<USER_ID>
<![CDATA[Shreya Joshi (quays_xs70)]]>
</USER_ID>
<UNIT_ID>0</UNIT_ID>
<SUBSCRIPTION_ID>4073130</SUBSCRIPTION_ID>
<IS_DEFAULT>0</IS_DEFAULT>
<IS_GLOBAL>0</IS_GLOBAL>
<IS_OFFLINE_SYNCABLE>0</IS_OFFLINE_SYNCABLE>
<UPDATE_DATE>2024-10-21T15:59:47Z</UPDATE_DATE>
</BASIC_INFO>
<SCAN>
<PORTS>
<TCP_PORTS>
<TCP_PORTS_TYPE>standard</TCP_PORTS_TYPE>
<THREE_WAY_HANDSHAKE>0</THREE_WAY_HANDSHAKE>
</TCP_PORTS>
<UDP_PORTS>
<UDP_PORTS_TYPE>standard</UDP_PORTS_TYPE>
</UDP_PORTS>
<AUTHORITATIVE_OPTION>0</AUTHORITATIVE_OPTION>
</PORTS>
<SCAN_DEAD_HOSTS>0</SCAN_DEAD_HOSTS>
<PURGE_OLD_HOST_OS_CHANGED>1</PURGE_OLD_HOST_OS_CHANGED>
<PERFORMANCE>
<PARALLEL_SCALING>1</PARALLEL_SCALING>
<OVERALL_PERFORMANCE>Normal</OVERALL_PERFORMANCE>
<HOSTS_TO_SCAN>
<EXTERNAL_SCANNERS>15</EXTERNAL_SCANNERS>
<SCANNER_APPLIANCES>30</SCANNER_APPLIANCES>
</HOSTS_TO_SCAN>
<PROCESSES_TO_RUN>
<TOTAL_PROCESSES>10</TOTAL_PROCESSES>
<HTTP_PROCESSES>10</HTTP_PROCESSES>
</PROCESSES_TO_RUN>
<PACKET_DELAY>Medium</PACKET_DELAY>
<PORT_SCANNING_AND_HOST_DISCOVERY>Normal</PORT_SCANNING_AND_HOST_DISCOVERY>
</PERFORMANCE>
<LOAD_BALANCER_DETECTION>0</LOAD_BALANCER_DETECTION>
<VULNERABILITY_DETECTION>
<COMPLETE>
<![CDATA[complete]]>
</COMPLETE>
<DETECTION_INCLUDE>
<BASIC_HOST_INFO_CHECKS>0</BASIC_HOST_INFO_CHECKS>
<OVAL_CHECKS>0</OVAL_CHECKS>
</DETECTION_INCLUDE>
</VULNERABILITY_DETECTION>
<AUTHENTICATION>
<![CDATA[Windows,Unix,VMware]]>
</AUTHENTICATION>
<AUTHENTICATION_LEAST_PRIVILEGE>
<![CDATA[Unix]]>
</AUTHENTICATION_LEAST_PRIVILEGE>
<ADDL_CERT_DETECTION>0</ADDL_CERT_DETECTION>
</SCAN>
<MAP>
<BASIC_INFO_GATHERING_ON>register</BASIC_INFO_GATHERING_ON>
<TCP_PORTS>
<TCP_PORTS_STANDARD_SCAN>1</TCP_PORTS_STANDARD_SCAN>
</TCP_PORTS>
<MAP_OPTIONS>
<PERFORM_LIVE_HOST_SWEEP>1</PERFORM_LIVE_HOST_SWEEP>
<DISABLE_DNS_TRAFFIC>0</DISABLE_DNS_TRAFFIC>
</MAP_OPTIONS>
<MAP_PERFORMANCE>
<OVERALL_PERFORMANCE>Normal</OVERALL_PERFORMANCE>
<MAP_PARALLEL>
<EXTERNAL_SCANNERS>6</EXTERNAL_SCANNERS>
<SCANNER_APPLIANCES>8</SCANNER_APPLIANCES>
<NETBLOCK_SIZE>16384 IPs</NETBLOCK_SIZE>
</MAP_PARALLEL>
<PACKET_DELAY>Minimum</PACKET_DELAY>
</MAP_PERFORMANCE>
<MAP_AUTHENTICATION>vCenter</MAP_AUTHENTICATION>
</MAP>
<ADDITIONAL>
<HOST_DISCOVERY>
<TCP_PORTS>
<STANDARD_SCAN>1</STANDARD_SCAN>
</TCP_PORTS>
<UDP_PORTS>
<STANDARD_SCAN>1</STANDARD_SCAN>
</UDP_PORTS>
<ICMP>0</ICMP>
</HOST_DISCOVERY>
<PACKET_OPTIONS>
<IGNORE_FIREWALL_GENERATED_TCP_RST>1</IGNORE_FIREWALL_GENERATED_TCP_RST>
<IGNORE_ALL_TCP_RST>0</IGNORE_ALL_TCP_RST>
<IGNORE_FIREWALL_GENERATED_TCP_SYN_ACK>1</IGNORE_FIREWALL_GENERATED_TCP_SYN_ACK>
<NOT_SEND_TCP_ACK_OR_SYN_ACK_DURING_HOST_DISCOVERY>0</NOT_SEND_TCP_ACK_OR_SYN_ACK_DURING_HOST_DISCOVERY>
</PACKET_OPTIONS>
</ADDITIONAL>
</OPTION_PROFILE>
<OPTION_PROFILE>
<BASIC_INFO>
<ID>7349173</ID>
<GROUP_NAME>
<![CDATA[option profile parallel scanning]]>
</GROUP_NAME>
<GROUP_TYPE>user</GROUP_TYPE>
<USER_ID>
<![CDATA[Shreya Joshi (quays_xs70)]]>
</USER_ID>
<UNIT_ID>0</UNIT_ID>
<SUBSCRIPTION_ID>4073130</SUBSCRIPTION_ID>
<IS_DEFAULT>0</IS_DEFAULT>
<IS_GLOBAL>0</IS_GLOBAL>
<IS_OFFLINE_SYNCABLE>0</IS_OFFLINE_SYNCABLE>
<UPDATE_DATE>2025-02-17T13:40:37Z</UPDATE_DATE>
</BASIC_INFO>
<SCAN>
<PORTS>
<TCP_PORTS>
<TCP_PORTS_TYPE>standard</TCP_PORTS_TYPE>
<THREE_WAY_HANDSHAKE>0</THREE_WAY_HANDSHAKE>
</TCP_PORTS>
<UDP_PORTS>
<UDP_PORTS_TYPE>standard</UDP_PORTS_TYPE>
</UDP_PORTS>
<AUTHORITATIVE_OPTION>0</AUTHORITATIVE_OPTION>
</PORTS>
<SCAN_DEAD_HOSTS>0</SCAN_DEAD_HOSTS>
<PURGE_OLD_HOST_OS_CHANGED>1</PURGE_OLD_HOST_OS_CHANGED>
<PERFORMANCE>
<PARALLEL_SCALING>1</PARALLEL_SCALING>
<OVERALL_PERFORMANCE>High</OVERALL_PERFORMANCE>
<HOSTS_TO_SCAN>
<EXTERNAL_SCANNERS>20</EXTERNAL_SCANNERS>
<SCANNER_APPLIANCES>61</SCANNER_APPLIANCES>
</HOSTS_TO_SCAN>
<PROCESSES_TO_RUN>
<TOTAL_PROCESSES>20</TOTAL_PROCESSES>
<HTTP_PROCESSES>20</HTTP_PROCESSES>
</PROCESSES_TO_RUN>
<PACKET_DELAY>Short</PACKET_DELAY>
<PORT_SCANNING_AND_HOST_DISCOVERY>Normal</PORT_SCANNING_AND_HOST_DISCOVERY>
</PERFORMANCE>
<LOAD_BALANCER_DETECTION>0</LOAD_BALANCER_DETECTION>
<VULNERABILITY_DETECTION>
<COMPLETE>
<![CDATA[complete]]>
</COMPLETE>
<DETECTION_INCLUDE>
<BASIC_HOST_INFO_CHECKS>0</BASIC_HOST_INFO_CHECKS>
<OVAL_CHECKS>0</OVAL_CHECKS>
</DETECTION_INCLUDE>
</VULNERABILITY_DETECTION>
<AUTHENTICATION>
<![CDATA[Windows,Unix]]>
</AUTHENTICATION>
<ADDL_CERT_DETECTION>0</ADDL_CERT_DETECTION>
</SCAN>
<MAP>
<BASIC_INFO_GATHERING_ON>register</BASIC_INFO_GATHERING_ON>
<TCP_PORTS>
<TCP_PORTS_STANDARD_SCAN>1</TCP_PORTS_STANDARD_SCAN>
</TCP_PORTS>
<MAP_OPTIONS>
<PERFORM_LIVE_HOST_SWEEP>1</PERFORM_LIVE_HOST_SWEEP>
<DISABLE_DNS_TRAFFIC>0</DISABLE_DNS_TRAFFIC>
</MAP_OPTIONS>
<MAP_PERFORMANCE>
<OVERALL_PERFORMANCE>Normal</OVERALL_PERFORMANCE>
<MAP_PARALLEL>
<EXTERNAL_SCANNERS>6</EXTERNAL_SCANNERS>
<SCANNER_APPLIANCES>8</SCANNER_APPLIANCES>
<NETBLOCK_SIZE>16384 IPs</NETBLOCK_SIZE>
</MAP_PARALLEL>
<PACKET_DELAY>Minimum</PACKET_DELAY>
</MAP_PERFORMANCE>
<MAP_AUTHENTICATION>none</MAP_AUTHENTICATION>
</MAP>
<ADDITIONAL>
<HOST_DISCOVERY>
<TCP_PORTS>
<STANDARD_SCAN>1</STANDARD_SCAN>
</TCP_PORTS>
<UDP_PORTS>
<STANDARD_SCAN>1</STANDARD_SCAN>
</UDP_PORTS>
<ICMP>0</ICMP>
</HOST_DISCOVERY>
<PACKET_OPTIONS>
<IGNORE_FIREWALL_GENERATED_TCP_RST>1</IGNORE_FIREWALL_GENERATED_TCP_RST>
<IGNORE_ALL_TCP_RST>0</IGNORE_ALL_TCP_RST>
<IGNORE_FIREWALL_GENERATED_TCP_SYN_ACK>1</IGNORE_FIREWALL_GENERATED_TCP_SYN_ACK>
<NOT_SEND_TCP_ACK_OR_SYN_ACK_DURING_HOST_DISCOVERY>0</NOT_SEND_TCP_ACK_OR_SYN_ACK_DURING_HOST_DISCOVERY>
</PACKET_OPTIONS>
</ADDITIONAL>
</OPTION_PROFILE>
...
</OPTION_PROFILES>
Scans API and Scan Schedule API: Validation for DNS Character Limit in VM-to-PCI Scan Sharing
| New or Updated API | Updated |
| API Endpoint | /api/2.0/fo/scan/ |
| Method | POST |
| DTD or XSD changes | No |
With this enhancement, a validation message has been introduced during scan launch from both the VM and PCI portals. If the asset group or FQDN contains DNS entries exceeding 4000 characters, users will be notified before the scan is initiated. This proactive check prevents scan sharing failures and improves user experience.
| New or Updated API | Updated |
| API Endpoint | /api/2.0/fo/schedule/scan/ |
| Method | POST |
| DTD or XSD changes | No |
With this enhancement, a validation message has been introduced during schedule scan from both the VM and PCI portals. If the asset group or FQDN contains DNS entries exceeding 4000 characters, users will be notified before scheduling scan. This proactive check prevents scan schedule failures and improves user experience.
Users API: Enhancement to State Selection in User Creation
| New or Updated API | Updated |
| API Endpoint | /msp/user.php/ |
| Method | GET |
| DTD or XSD changes | No |
With this feature, we have expanded the list of available states in the state input parameter by adding Ladakh and Telangana. When you create or edit a user, you can now have these two state codes added to the list.
EOL/EOS in QWEB-VM APIs
With this release, all VM API versions will follow a defined lifecycle ending in December 2025. After the 10.35.0.0 release, each API version will remain valid for one year, comprising six months of End of Service (EOS) followed by six months of End-of-Life (EOL).
The API response returns the following warning messages:
- Before the EOS period:
API EOS Warning This API Path "<qualys_base_url>/api/2.0/fo/knowledge_base/vuln/index.php" will be EOS in 84 days and EOL in 265 days. Please use new API path "<qualys_base_url>/api/3.0/fo/knowledge_base/vuln/index.php". // - After EOS and before EOL:
API EOS Warning This API Path "<qualys_base_url>/api/3.0/fo/asset/host/index.php" has reached End-of-Service (EOS) and EOL in 265 days. Please use new API path "<qualys_base_url>/api/4.0/fo/asset/host/index.php". // - After the EOL period, it returns an error message:
<RESPONSE>
<DATETIME>2025-10-07T08:41:54Z</DATETIME>
<CODE>2510</CODE>
<TEXT>API URL <qualys_base_url>/api/3.0/fo/asset/host/index.php is EOL. Use new API path <qualys_base_url>/api/4.0/fo/asset/host/index.php </TEXT>
</RESPONSE>
Refer to the table below for specific timeline:
| API Name | APIs | EOS | EOL |
| VM Asset Host Detection | /api/4.0/fo/asset/host/vm/detection/index.php (latest) | ||
| /api/3.0/fo/asset/host/vm/detection/index.php | December 2025 | June 2026 | |
| /api/2.0/fo/asset/host/vm/detection/index.php | December 2025 | June 2026 | |
| Asset Host | /api/5.0/fo/asset/host/index.php (latest) | ||
| /api/4.0/fo/asset/host/index.php | December 2025 | June 2026 | |
| /api/3.0/fo/asset/host/index.php | December 2025 | June 2026 | |
| /api/2.0/fo/asset/host/index.php | December 2025 | June 2026 | |
| Scan Cloud Perimeter Job | /api/4.0/fo/scan/cloud/perimeter/job/index.php (latest) | ||
| /api/3.0/fo/scan/cloud/perimeter/job/index.php | December 2025 | June 2026 | |
| /api/2.0/fo/scan/cloud/perimeter/job/index.php | December 2025 | June 2026 | |
| Schedule Scan | /api/5.0/fo/schedule/scan/index.php (latest) | ||
| /api/4.0/fo/schedule/scan/index.php | December 2025 | June 2026 | |
| /api/3.0/fo/schedule/scan/index.php | December 2025 | June 2026 | |
| /api/2.0/fo/schedule/scan/index.php | December 2025 | June 2026 | |
| Report Template Scan | /api/4.0/fo/report/template/scan/index.php (latest) | ||
| /api/3.0/fo/report/template/scan/index.php | December 2025 | June 2026 | |
| /api/2.0/fo/report/template/scan/index.php | December 2025 | June 2026 | |
| Report | /api/3.0/fo/report/index.php (latest) | ||
| /api/2.0/fo/report/index.php | December 2025 | June 2026 | |
| Knowledge Base QVS | /api/3.0/fo/knowledge_base/qvs/index.php (latest) | ||
| /api/2.0/fo/knowledge_base/qvs/index.php | December 2025 | June 2026 | |
| Knowledge Base Vulnerability | /api/3.0/fo/knowledge_base/vuln/index.php (latest) | ||
| /api/2.0/fo/knowledge_base/vuln/index.php | December 2025 | June 2026 | |
| Asset Group | /api/2.0/fo/asset/group/index.php (latest) | ||
| Asset IP | /api/2.0/fo/asset/ip/index.php (latest) | ||
| Report Template Map | /api/2.0/fo/report/template/map/index.php (latest) | ||
| Scan | /api/3.0/fo/scan/index.php (latest) | ||
| /api/2.0/fo/scan/index.php | December 2025 | June 2026 | |
| Auth Sybase | /api/3.0/fo/auth/sybase/index.php (latest) | ||
| /api/2.0/fo/auth/sybase/index.php | December 2025 | June 2026 | |
| Compliance Control | /api/3.0/fo/compliance/control/index.php (latest) | ||
| /api/2.0/fo/compliance/control/index.php | December 2025 | June 2026 | |
| PC Subscription Option Profile | /api/5.0/fo/subscription/option_profile/pc/index.php (latest) | ||
| /api/4.0/fo/subscription/option_profile/pc/index.php | December 2025 | June 2026 | |
| /api/3.0/fo/subscription/option_profile/pc/index.php | December 2025 | June 2026 | |
| /api/2.0/fo/subscription/option_profile/pc/index.php | December 2025 | June 2025 | |
| My SQL Authentication | /api/3.0/fo/auth/mysql/index.php (latest) | ||
| /api/2.0/fo/auth/mysql/index.php | December 2025 | June 2026 | |
| VM Subscription Option Profile | /api/3.0/fo/subscription/option_profile/vm/index.php (latest) | ||
| /api/2.0/fo/subscription/option_profile/vm/index.php | December 2025 | June 2026 | |
| Compliance Policy | /api/4.0/fo/compliance/policy/index.php (latest) | ||
| /api/3.0/fo/compliance/policy/index.php | December 2025 | June 2026 | |
| /api/2.0/fo/compliance/policy/index.php | December 2025 | June 2026 | |
| Scan Cloud Internal Job | /api/2.0/fo/scan/cloud/internal/job/index.php (latest) | ||
For more information on EOS and EOL, refer to our blog.
Qualys Policy Compliance (PC)
For the list of features and improvements made in Policy Compliance/Policy Audit, refer to the Policy Audit API Release Notes for Release 1.4.
Issues Addressed
The following reported and notable customer API issue are fixed in this release:
| Component/Category | Application |
Description |
| VM - Scan API | Vulnerability Management | When users called the API and the values were set to ON for the following notifications: Delay in scan, Scan launch skipped, and Scan deactivated, the distribution groups were not displayed in the API response. Relevant code changes are made to fix the issue. Now, the users can view distribution group information in the API responses for all the notifications (Before scan starts, After scan completes, Delay in scan, Scan launch skipped, and Scan deactivated) |
| VM - Scan API | Vulnerability Management | When the users observed the API output, the EASM scans appeared in the VMS scan list, scan summary APIs, and portal infra. Relevant code changes have been made to fix the issue. Now, the users can view the EASM scans listed only in the Portal infra API. |
| VM - Knowledge Base | Vulnerability Management | When users attempted to retrieve the knowledge base data through the API, they were unable to obtain the CVSSv3 score. Relevant code changes have been made to fix the issue. Now, users can retrieve knowledge base data through the API. |
| VM - Scan API | Vulnerability Management | When users had Network Support Feature enabled and tried to create/update their scheduled scan by assigning the input parameter scanners_in_network to 1 in the /api/2.0/fo/schedule/scan/ API, an error was encountered as Cannot launch scan. Relevant code changes have been made to fix the issue. |
| VM - API General | Vulnerability Management | When users attempted to create or resolve tags via the API, the operation failed with internal error code 1905 ("tags create or tag resolve is fail for tags: Cloud Agent Please try again"). In some cases, the HTTP status codes returned by different based on different errors may exhibit inconsistent behavior. To ensure reliable and consistent error handling, we recommend that customers rely primarily on the internal error code included in the API response body. This internal error code provides a more accurate representation of the issue encountered. |
| VM - API General | Vulnerability Management | When users attempted to update a Static Search List containing a large number of QIDs (more than 4,000), the API call failed after processing some QIDs. This occurred because a new curl_init() connection was opened for each QIDS call to fetch vulnerability details, exhausting ephemeral ports on OCI-based pod infrastructure. To resolve this, we now initiate curl_init() only once and reuse it for subsequent QIDS calls. As a result, API calls for updating Static Search Lists with large QID volumes complete successfully without errors. |
For the list of issues addressed in Policy Compliance/Policy Audit, refer to the Policy Audit API Release Notes for Release 1.4.