Enterprise TruRisk™ Platform Release 10.37.2 API
February 16, 2026
In the API Release Notes, <qualys_base_url> is used as a sample API request to represent the API server URL. To learn more about the API server URL for your environment, refer to the Know Your Qualys API Server URL section.
API versioning is supported across Qualys APIs. To learn more about versioning standards and deprecation timelines, refer to the Updates on API Versioning Standards & Deprecation Timelines blog.
Qualys Vulnerability Management (VM)
KnowledgeBase Enhancement - Support for Search List for Deep Scan QIDs
With this feature, we have introduced support for filtering Deep Scan QIDs in the KnowledgeBase and Dynamic Search List APIs. This enhancement allows you to retrieve QIDs associated with Deep Scan - Windows scans.
KnowledgeBase API
Added a new input parameter, cloud_agent_scan_type. Use this parameter to filter QIDs based on the Cloud Agent Scan Type.
When this filter is applied, only Deep Scan QIDs are returned in the response.
| New or Updated API | Updated |
| API Endpoint | /api/3.0/fo/knowledge_base/vuln/ |
| EOS Timeline: December 2025 | |
| EOL Timeline: June 2026 | |
| API Endpoint (New Version) |
/api/4.0/fo/knowledge_base/vuln/ |
| Method | GET |
| DTD or XSD changes | No |
Input ParameterInput Parameter
| Parameter Name |
Required/ Optional |
Data Type |
Description |
| cloud_agent_scan_type |
Optional | String | Required for fetching data for Deep Scan QIDs. |
Sample - Knowledge Base APISample - Knowledge Base API
API Request
curl location <qualys_base_url>/api/4.0/fo/knowledge_base/vuln/?action=list&details=None&cloud_agent_scan_type=Deep%20Scan%20-%20Windows' \ header 'Content-Type: test/xml' \ header 'X-Requested-With: test' \ header 'Accept-Encoding: *' \ header 'Authorization: Bearer <JWT Token>
API Response
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE KNOWLEDGE_BASE_VULN_LIST_OUTPUT SYSTEM <qualys_base_url>/api/4.0/fo/knowledge_base/vuln/knowledge_base_vuln_list_output.dtd"> <KNOWLEDGE_BASE_VULN_LIST_OUTPUT> <RESPONSE> <DATETIME>2025-12-11T10:08:37Z</DATETIME> <ID_SET> <ID>45692</ID> <ID>92291</ID> <ID>92310</ID> <ID>92316</ID> <ID>92319</ID> <ID>382697</ID> <ID>382991</ID> <ID>383087</ID> <ID_RANGE>383090-383092</ID_RANGE> <ID>383097</ID> <ID>383116</ID> <ID>383138</ID> <ID_RANGE>383140-383141</ID_RANGE> <ID>383243</ID> <ID_RANGE>383249-383250</ID_RANGE> <ID>383396</ID> <ID>383400</ID> <ID>383414</ID> <ID>383416</ID> <ID>383422</ID> <ID>383426</ID> <ID>383428</ID> <ID>383463</ID> <ID>383478</ID> <ID>383481</ID> <ID_RANGE>383568-383569</ID_RANGE> <ID>383572</ID> <ID>383578</ID> <ID>383587</ID> <ID_RANGE>383592-383593</ID_RANGE> <ID>383596</ID> <ID>383598</ID> <ID>383609</ID> <ID>383645</ID> <ID_RANGE>383648-383657</ID_RANGE> <ID_RANGE>383660-383662</ID_RANGE> <ID>383664</ID> <ID_RANGE>383669-383670</ID_RANGE> <ID_RANGE>383672-383705</ID_RANGE> <ID>383709</ID> <ID>383711</ID> <ID>383717</ID> <ID_RANGE>383719-383725</ID_RANGE> <ID_RANGE>383729-383730</ID_RANGE> <ID_RANGE>383741-383850</ID_RANGE> <ID_RANGE>383852-383915</ID_RANGE> <ID_RANGE>383917-383939</ID_RANGE> <ID>383941</ID> <ID_RANGE>383943-383946</ID_RANGE> <ID>383966</ID> <ID_RANGE>383971-384172</ID_RANGE> <ID_RANGE>384174-384256</ID_RANGE> <ID_RANGE>384258-384329</ID_RANGE> <ID_RANGE>384332-384349</ID_RANGE> <ID_RANGE>384511-384518</ID_RANGE> <ID_RANGE>384574-384578</ID_RANGE> <ID_RANGE>384580-384605</ID_RANGE> <ID_RANGE>384611-384613</ID_RANGE> <ID>384615</ID> <ID_RANGE>384626-384644</ID_RANGE> <ID_RANGE>384649-384650</ID_RANGE> <ID>384652</ID> <ID_RANGE>384654-384674</ID_RANGE> <ID>384676</ID> <ID_RANGE>384678-384687</ID_RANGE> <ID>384689</ID> <ID>384692</ID> <ID>385099</ID> <ID_RANGE>385106-385108</ID_RANGE> <ID>385148</ID> <ID_RANGE>385160-385203</ID_RANGE> <ID_RANGE>385205-385206</ID_RANGE> <ID_RANGE>385208-385230</ID_RANGE> <ID_RANGE>385238-385270</ID_RANGE> <ID_RANGE>385272-385273</ID_RANGE> <ID_RANGE>385275-385276</ID_RANGE> <ID_RANGE>385278-385279</ID_RANGE> <ID_RANGE>385281-385285</ID_RANGE> <ID_RANGE>385287-385330</ID_RANGE> <ID_RANGE>385358-385365</ID_RANGE> <ID_RANGE>385368-385372</ID_RANGE> <ID>385374</ID> <ID>385385</ID> <ID_RANGE>385397-385401</ID_RANGE> <ID_RANGE>385403-385424</ID_RANGE> <ID_RANGE>385432-385436</ID_RANGE> <ID_RANGE>385448-385451</ID_RANGE> <ID_RANGE>385456-385477</ID_RANGE> <ID_RANGE>385479-385484</ID_RANGE> <ID_RANGE>385486-385493</ID_RANGE> <ID_RANGE>385496-385501</ID_RANGE> <ID>385504</ID> <ID>385508</ID> <ID>385526</ID> <ID>385536</ID> <ID>385593</ID> <ID>385604</ID> <ID_RANGE>385609-385611</ID_RANGE> <ID>385773</ID> <ID_RANGE>385775-385777</ID_RANGE> <ID_RANGE>385793-385857</ID_RANGE> <ID>385865</ID> <ID>385941</ID> <ID>385979</ID> <ID_RANGE>385998-386013</ID_RANGE> <ID>386019</ID> <ID_RANGE>386054-386059</ID_RANGE> <ID_RANGE>386120-386122</ID_RANGE> <ID>386128</ID> <ID>386130</ID> <ID>386136</ID> </ID_SET> </RESPONSE> </KNOWLEDGE_BASE_VULN_LIST_OUTPUT>
Dynamic Search List API
Added a new input parameter, cloud_agent_scan_type. Use this parameter to create, update, remove, list QIDs based on the Cloud Agent Scan Type.
When this filter is applied, only Deep Scan QIDs are returned in the response.
DTD changes implemented for new parameter and tags.
| New or Updated API | Updated |
| API Endpoint | api/2.0/fo/qid/search_list/dynamic/ |
| EOS Timeline: December 2025 | |
| EOL Timeline: June 2026 | |
| API Endpoint (New Version) |
api/3.0/fo/qid/search_list/dynamic/ |
| Method | GET |
| DTD or XSD changes | Yes |
Input ParameterInput Parameter
| Parameter Name |
Required/ Optional |
Data Type |
Description |
| cloud_agent_scan_type |
Optional | String | Required for creating, updating/removing, listing actions of dynamic search list for Deep Scan QIDs. |
Sample - Create Dynamic Search List APISample - Create Dynamic Search List API
API Request
curl location <qualys_base_url>/api/3.0/fo/qid/search_list/dynamic/' \
header 'X-Requested-With: Curl' \
header 'Content-Type: application/x-www-form-urlencoded' \
header 'Authorization: Bearer <JWT Token>' \
data-urlencode 'action=create' \
data-urlencode 'title=2 Deep Scan API Testing' \
data-urlencode 'global=1' \
data-urlencode 'cloud_agent_scan_type=Deep Scan - Windows'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM <qualys_base_url>/api/3.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2025-12-11T08:46:29Z</DATETIME>
<TEXT>New search list created successfully</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>ID</KEY>
<VALUE>6343529</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>
Sample - Update Dynamic Search List APISample - Update Dynamic Search List API
API Request
curl location <qualys_base_url>/api/3.0/fo/qid/search_list/dynamic/' \
header 'X-Requested-With: Curl' \
header 'Content-Type: application/x-www-form-urlencoded' \
header 'Authorization: Bearer <JWT Token>' \
data-urlencode 'action=update' \
data-urlencode 'title=2 Deep Scan API Testing' \
data-urlencode 'global=1' \
data-urlencode 'vuln_provider=iDefense' \
data-urlencode 'cloud_agent_scan_type=Deep Scan - Windows' \
data-urlencode 'id=xxxxxxx'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM <qualys_base_url>/api/3.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2025-12-11T08:54:46Z</DATETIME>
<TEXT>search list updated successfully</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>ID</KEY>
<VALUE>6343529</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>
Sample - Remove Dynamic Search List APISample - Remove Dynamic Search List API
API Request
curl location <qualys_base_url>/api/3.0/fo/qid/search_list/dynamic/' \ header 'X-Requested-With: Curl' \ header 'Content-Type: application/x-www-form-urlencoded' \ header 'Authorization: Bearer <JWT Token> \ data-urlencode 'action=update' \ data-urlencode 'title=2 Deep Scan API Testing' \ data-urlencode 'global=1' \ data-urlencode 'vuln_provider=iDefense' \ data-urlencode 'cloud_agent_scan_type=' \ data-urlencode 'id=xxxxxxx'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM <qualys_base_url>/api/3.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2025-12-11T09:16:30Z</DATETIME>
<TEXT>search list updated successfully</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>ID</KEY>
<VALUE>6343529</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>
Sample - List Dynamic Search List APISample - List Dynamic Search List API
API Request
curl location <qualys_base_url>/api/3.0/fo/qid/search_list/dynamic/?action=list&ids=6343529&show_qids=0' \
header 'Content-Type: test/xml' \
header 'X-Requested-With: test' \
header 'Authorization: Bearer <JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE DYNAMIC_SEARCH_LIST_OUTPUT SYSTEM <qualys_base_url>/api/3.0/fo/qid/search_list/dynamic/dynamic_list_output.dtd">
<DYNAMIC_SEARCH_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2025-12-11T09:06:19Z</DATETIME>
<DYNAMIC_LISTS>
<DYNAMIC_LIST>
<ID>6343529</ID>
<TITLE>
<![CDATA[2 Deep Scan API Testing]]>
</TITLE>
<GLOBAL>Yes</GLOBAL>
<OWNER>
<![CDATA[Amol Zambare (vmdrxaz7)]]>
</OWNER>
<CREATED>2025-12-11T08:46:28Z</CREATED>
<MODIFIED_BY>
<![CDATA[Amol Zambare (vmdrxaz7)]]>
</MODIFIED_BY>
<MODIFIED>2025-12-11T08:54:45Z</MODIFIED>
<CRITERIA>
<DISCOVERY_METHOD>
<![CDATA[All]]>
</DISCOVERY_METHOD>
<CLOUD_AGENT_SCAN_TYPE>
<![CDATA[Deep Scan - Windows]]>
</CLOUD_AGENT_SCAN_TYPE>
<PROVIDER>
<![CDATA[iDefense]]>
</PROVIDER>
</CRITERIA>
</DYNAMIC_LIST>
</DYNAMIC_LISTS>
</RESPONSE>
</DYNAMIC_SEARCH_LIST_OUTPUT>
DTD Output for Dynamic Search ListDTD Output for Dynamic Search List
A DTD for the Dynamic Search List API has been added.
<platform API server>/api/3.0/fo/qid/search_list/dynamic/dynamic_list_output.dtd>
DTD output for the Dynamic Search List API is as follows:
DTD Output
<qualys_base_url>/api/3.0/fo/qid/search_list/dynamic/dynamic_list_output.dtd <!QUALYS DYNAMIC\_SEARCH\_LIST\_OUTPUT DTD> <!$Revision$> <!ELEMENT DYNAMIC\_SEARCH\_LIST\_OUTPUT (REQUEST?,RESPONSE)> <!ELEMENT REQUEST (DATETIME, USER\_LOGIN, RESOURCE, PARAM\_LIST?, POST\_DATA?)> <!ELEMENT DATETIME (#PCDATA)> <!ELEMENT USER\_LOGIN (#PCDATA)> <!ELEMENT RESOURCE (#PCDATA)> <!ELEMENT PARAM\_LIST (PARAM+)> <!ELEMENT PARAM (KEY, VALUE)> <!ELEMENT KEY (#PCDATA)> <!ELEMENT VALUE (#PCDATA)> <!if returned, POST\_DATA will be urlencoded > <!ELEMENT POST\_DATA (#PCDATA)> <!ELEMENT RESPONSE (DATETIME, DYNAMIC\_LISTS?)> <!ELEMENT DYNAMIC\_LISTS (DYNAMIC\_LIST+)> <!ELEMENT DYNAMIC\_LIST (ID, TITLE, GLOBAL, OWNER, CREATED?, MODIFIED\_BY?, MODIFIED?, QIDS?, CRITERIA, OPTION\_PROFILES?, REPORT\_TEMPLATES?, REMEDIATION\_POLICIES?, DISTRIBUTION\_GROUPS?, COMMENTS?)> <!ELEMENT ID (#PCDATA)> <!ELEMENT TITLE (#PCDATA)> <!ELEMENT GLOBAL (#PCDATA)> <!ELEMENT OWNER (#PCDATA)> <!ELEMENT CREATED (#PCDATA)> <!ELEMENT MODIFIED\_BY (#PCDATA)> <!ELEMENT MODIFIED (#PCDATA)> <!ELEMENT QIDS (QID+)> <!ELEMENT QID (#PCDATA)> <!ELEMENT CRITERIA (VULNERABILITY\_TITLE?, DISCOVERY\_METHOD?, AUTHENTICATION\_TYPE?, USER\_CONFIGURATION?, CATEGORY?, CONFIRMED\_SEVERITY?, POTENTIAL\_SEVERITY?, INFORMATION\_SEVERITY?, VENDOR?, PRODUCT?, CVSS\_BASE\_SCORE?, CVSS\_TEMPORAL\_SCORE?, CVSS3\_BASE\_SCORE?, CVSS3\_TEMPORAL\_SCORE?, CVSS\_ACCESS\_VECTOR?, PATCH\_AVAILABLE?, VIRTUAL\_PATCH\_AVAILABLE?, CVE\_ID?, CVE\_ID\_FILTER?, CPE?, EXPLOITABILITY?, ASSOCIATED\_MALWARE?, VENDOR\_REFERENCE?, BUGTRAQ\_ID?, VULNERABILITY\_DETAILS?, SUPPORTED\_MODULES?, CLOUD\_AGENT\_SCAN\_TYPE? ,COMPLIANCE\_DETAILS?, COMPLIANCE\_TYPE?, QUALYS\_TOP\_20?, OTHER?, NETWORK\_ACCESS?, PROVIDER?, CVSS\_BASE\_SCORE\_OPERAND?, CVSS\_TEMPORAL\_SCORE\_OPERAND?, CVSS3\_BASE\_SCORE\_OPERAND?, CVSS3\_TEMPORAL\_SCORE\_OPERAND?, CVSS3\_VERSION?, CVSS4\_BASE\_SCORE?, CVSS4\_BASE\_SCORE\_OPERAND?, CVSS4\_VERSION?, USER\_MODIFIED?, PUBLISHED?, SERVICE\_MODIFIED? )> <!ELEMENT VULNERABILITY\_TITLE (#PCDATA)> <!ELEMENT DISCOVERY\_METHOD (#PCDATA)> <!ELEMENT AUTHENTICATION\_TYPE (#PCDATA)> <!ELEMENT USER\_CONFIGURATION (#PCDATA)> <!ELEMENT CATEGORY (#PCDATA)> <!ELEMENT CONFIRMED\_SEVERITY (#PCDATA)> <!ELEMENT POTENTIAL\_SEVERITY (#PCDATA)> <!ELEMENT INFORMATION\_SEVERITY (#PCDATA)> <!ELEMENT VENDOR (#PCDATA)> <!ELEMENT PRODUCT (#PCDATA)> <!ELEMENT CVSS\_BASE\_SCORE (#PCDATA)> <!ELEMENT CVSS\_TEMPORAL\_SCORE (#PCDATA)> <!ELEMENT CVSS\_ACCESS\_VECTOR (#PCDATA)> <!ELEMENT PATCH\_AVAILABLE (#PCDATA)> <!ELEMENT VIRTUAL\_PATCH\_AVAILABLE (#PCDATA)> <!ELEMENT CVE\_ID (#PCDATA)> <!ELEMENT CVE\_ID\_FILTER (#PCDATA)> <!ELEMENT EXPLOITABILITY (#PCDATA)> <!ELEMENT ASSOCIATED\_MALWARE (#PCDATA)> <!ELEMENT VENDOR\_REFERENCE (#PCDATA)> <!ELEMENT BUGTRAQ\_ID (#PCDATA)> <!ELEMENT VULNERABILITY\_DETAILS (#PCDATA)> <!ELEMENT SUPPORTED\_MODULES (#PCDATA)> <!ELEMENT CLOUD\_AGENT\_SCAN\_TYPE (#PCDATA)> <!ELEMENT COMPLIANCE\_DETAILS (#PCDATA)> <!ELEMENT COMPLIANCE\_TYPE (#PCDATA)> <!ELEMENT QUALYS\_TOP\_20 (#PCDATA)> <!ELEMENT OTHER (#PCDATA)> <!ELEMENT NETWORK\_ACCESS (#PCDATA)> <!ELEMENT PROVIDER (#PCDATA)> <!ELEMENT CVSS\_BASE\_SCORE\_OPERAND (#PCDATA)> <!ELEMENT CVSS\_TEMPORAL\_SCORE\_OPERAND (#PCDATA)> <!ELEMENT CVSS3\_BASE\_SCORE (#PCDATA)> <!ELEMENT CVSS3\_TEMPORAL\_SCORE (#PCDATA)> <!ELEMENT CVSS3\_BASE\_SCORE\_OPERAND (#PCDATA)> <!ELEMENT CVSS3\_TEMPORAL\_SCORE\_OPERAND (#PCDATA)> <!ELEMENT CVSS3\_VERSION (#PCDATA)> <!ELEMENT CVSS4\_BASE\_SCORE (#PCDATA)> <!ELEMENT CVSS4\_BASE\_SCORE\_OPERAND (#PCDATA)> <!ELEMENT CVSS4\_VERSION (#PCDATA)> <!ELEMENT OPTION\_PROFILES (OPTION\_PROFILE+)> <!ELEMENT OPTION\_PROFILE (ID, TITLE)> <!ELEMENT REPORT\_TEMPLATES (REPORT\_TEMPLATE+)> <!ELEMENT REPORT\_TEMPLATE (ID, TITLE)> <!ELEMENT REMEDIATION\_POLICIES (REMEDIATION\_POLICY+)> <!ELEMENT REMEDIATION\_POLICY (ID, TITLE)> <!ELEMENT DISTRIBUTION\_GROUPS (DISTRIBUTION\_GROUP+)> <!ELEMENT DISTRIBUTION\_GROUP (NAME)> <!ELEMENT NAME (#PCDATA)> <!ELEMENT COMMENTS (#PCDATA)> <!ELEMENT USER\_MODIFIED (#PCDATA)> <!ELEMENT PUBLISHED (#PCDATA)> <!ELEMENT SERVICE\_MODIFIED (#PCDATA)> <!ELEMENT CPE (#PCDATA)> <!EOF>
Issues Addressed
The following reported and notable customer issues are fixed in this release:
| Component/Category | Application |
Description |