Enterprise TruRisk™ Platform Release 10.37 API
January 5, 2026
Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.
We have implemented versioning for APIs. For more information on API versioning, refer to the Updates on API Versioning Standards & Deprecation Timelines blog.
Qualys Vulnerability Management (VM)
New Authentication Support for VMware NSX
| New or Updated API | New/Updated |
| API Endpoint |
/api/2.0/fo/auth/nsx /api/2.0/fo/subscription/option_profile/vm/ |
| Method | GET, POST |
| DTD or XSD changes | Yes |
With this release, we have provided support for VMware NSX-based authentication. You can now create, update, delete, and list all the authentication records using VMware NSX. Both basic and vault based authentication are supported. Vault based authentication is supported only for Hashicorp vault.
Once you launch the scan by creating an option profile, you can view all the details in the response when the scan is completed successfully. You can create, update, delete, and list option profiles for VMware NSX.
Support for creating, updating, deleting, and listing VMware NSX option profiles is available in versions 2.0 and above.
Input ParametersInput Parameters
| Parameter | Required/Optional | Data Type | Description |
|---|---|---|---|
| action={action} | Required | String | Specify any one of the following: create, update, list ,delete. |
| title={value} | Required to create a record | String | A title for the record. Optional to update record. |
| ips={value} | Required Optional to update record |
Integer | IPs to be added to your NSX record. You may enter a combination of IPs and IP ranges to identify compliance hosts. Multiple entries are comma separated. Overwrites (replaces) the IP list for the authentication record. The IPs you specify are added and any existing IPs are removed |
| username={value} | Optional | String | The username to be used for authentication to NSX. |
| password={value} | Optional | String | The password to be used for authentication to NSX. |
| login_type={basic|vault} | Required | Boolean | The login type is basic by default. You can choose vault (for vault based authentication). Set to vault if a third party vault is used to retrieve the password. For vault based authentication, vault parameters need to |
| vault_id={value} | Required if login_type=vault | Integer | The ID of the vault to be used to retrieve the password for login. |
| vault_type={value} | Required if login_type=vault | String | The third party vault to be used to retrieve the password for login. Certain vaults support this capability. View our latest Vault Support Matrix. |
| port={value} | Optional | Integer | The port number that the NSX instance is running on. The default port value is 443. |
| ssl_verify_with_host={0|1} | Optional | Boolean | SSL verification. Set to 1 if you want to verify the server’s certificate is valid and trusted. |
| hosts={value} | Required if ssl_verify=1 | String | A list of FQDNs for all host IP addresses on which a custom SSL certificate signed by a trusted root CA is installed. |
| ids={value} | Required to update record | Integer | NSX Record IDs to update. Specify record IDs and/or ID ranges (for example, 1359-1407). Multiple entries are comma separated. |
| comments={value} | Optional to create or update record | String | User defined comments. Maximum of 1999 characters. |
Sample - Create NSX Option profileSample - Create NSX Option profile
API Request
curl --location --request POST '<qualys_base_url>/api/2.0/fo/subscription/option_profile/vm/?action=create&title=nsxtest1&scan_tcp_ports=none&scan_udp_ports=full&vulnerability_detection=complete&basic_information_gathering=none&authoritative_option=1&authentication=NSX%27 \
--header 'X-Requested-With: hfds' \
--header 'Authorization: Bearer <JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "
<qualys_base_url>/api/2.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2025-12-15T06:41:38Z</DATETIME>
<TEXT>Option profile successfully added.</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>ID</KEY>
<VALUE>8153637</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>
Sample - Update NSX Option ProfileSample - Update NSX Option Profile
API Request
curl --location --request POST '<qualys_base_url>/api/2.0/fo/subscription/option_profile/vm/?scan_tcp_ports=none&scan_udp_ports=full&vulnerability_detection=complete&basic_information_gathering=none&authoritative_option=1&authentication=NSX&action=update&id=8154392%27 \
--header 'X-Requested-With: hfds' \
--header 'Authorization: Bearer <JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "
<qualys_base_url>/api/2.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2025-12-17T05:40:35Z</DATETIME>
<TEXT>Option profile successfully updated.</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>ID</KEY>
<VALUE>8154392</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>
Sample - List Option ProfileSample - List Option Profile
API Request
curl --location --request POST '<qualys_base_url>/api/2.0/fo/subscription/option_profile/vm/?action=list&id=8148496' \
--header 'X-Requested-With: hfds' \
--header 'Authorization: Bearer <JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE OPTION_PROFILES SYSTEM "
<qualys_base_url>/api/2.0/fo/subscription/option_profile/option_profile_info.dtd%22>
<OPTION_PROFILES>
<OPTION_PROFILE>
<BASIC_INFO>
<ID>8153637</ID>
<GROUP_NAME>
<![CDATA[nsxtest1]]>
</GROUP_NAME>
<GROUP_TYPE>user</GROUP_TYPE>
<USER_ID>
<![CDATA[t b (vmspxtb)]]>
</USER_ID>
<UNIT_ID>0</UNIT_ID>
<SUBSCRIPTION_ID>4428525</SUBSCRIPTION_ID>
<IS_DEFAULT>0</IS_DEFAULT>
<IS_GLOBAL>0</IS_GLOBAL>
<IS_OFFLINE_SYNCABLE>0</IS_OFFLINE_SYNCABLE>
<UPDATE_DATE>2025-12-15T06:41:03Z</UPDATE_DATE>
</BASIC_INFO>
<SCAN>
<PORTS>
<TCP_PORTS>
<TCP_PORTS_TYPE>none</TCP_PORTS_TYPE>
<THREE_WAY_HANDSHAKE>0</THREE_WAY_HANDSHAKE>
</TCP_PORTS>
<UDP_PORTS>
<UDP_PORTS_TYPE>full</UDP_PORTS_TYPE>
</UDP_PORTS>
<AUTHORITATIVE_OPTION>1</AUTHORITATIVE_OPTION>
</PORTS>
<SCAN_DEAD_HOSTS>0</SCAN_DEAD_HOSTS>
<PURGE_OLD_HOST_OS_CHANGED>1</PURGE_OLD_HOST_OS_CHANGED>
<PERFORMANCE>
<PARALLEL_SCALING>1</PARALLEL_SCALING>
<OVERALL_PERFORMANCE>Normal</OVERALL_PERFORMANCE>
<HOSTS_TO_SCAN>
<EXTERNAL_SCANNERS>15</EXTERNAL_SCANNERS>
<SCANNER_APPLIANCES>50</SCANNER_APPLIANCES>
</HOSTS_TO_SCAN>
<PROCESSES_TO_RUN>
<TOTAL_PROCESSES>20</TOTAL_PROCESSES>
<HTTP_PROCESSES>20</HTTP_PROCESSES>
</PROCESSES_TO_RUN>
<PACKET_DELAY>Medium</PACKET_DELAY>
<PORT_SCANNING_AND_HOST_DISCOVERY>Normal</PORT_SCANNING_AND_HOST_DISCOVERY>
<HOST_CGI_CHECKS>0</HOST_CGI_CHECKS>
<MAX_TARGETS_PER_SLICE>0</MAX_TARGETS_PER_SLICE>
<CONF_SCAN_LIMITED_CONNECTIVITY>0</CONF_SCAN_LIMITED_CONNECTIVITY>
<SKIP_PRE_SCANNING>0</SKIP_PRE_SCANNING>
<SCAN_MULTIPLE_SLICES_PER_SCANNER>0</SCAN_MULTIPLE_SLICES_PER_SCANNER>
</PERFORMANCE>
<LOAD_BALANCER_DETECTION>0</LOAD_BALANCER_DETECTION>
<VULNERABILITY_DETECTION>
<COMPLETE>
<![CDATA[complete]]>
</COMPLETE>
<DETECTION_INCLUDE>
<BASIC_HOST_INFO_CHECKS>0</BASIC_HOST_INFO_CHECKS>
<OVAL_CHECKS>0</OVAL_CHECKS>
<QRDI_CHECKS>0</QRDI_CHECKS>
</DETECTION_INCLUDE>
</VULNERABILITY_DETECTION>
<AUTHENTICATION>
<![CDATA[NSX]]>
</AUTHENTICATION>
<ADDL_CERT_DETECTION>0</ADDL_CERT_DETECTION>
<DISSOLVABLE_AGENT>
<DISSOLVABLE_AGENT_ENABLE>1</DISSOLVABLE_AGENT_ENABLE>
<WINDOWS_SHARE_ENUMERATION_ENABLE>0</WINDOWS_SHARE_ENUMERATION_ENABLE>
</DISSOLVABLE_AGENT>
</SCAN>
<MAP>
<BASIC_INFO_GATHERING_ON>none</BASIC_INFO_GATHERING_ON>
<MAP_OPTIONS>
<PERFORM_LIVE_HOST_SWEEP>0</PERFORM_LIVE_HOST_SWEEP>
<DISABLE_DNS_TRAFFIC>0</DISABLE_DNS_TRAFFIC>
</MAP_OPTIONS>
<MAP_PERFORMANCE>
<OVERALL_PERFORMANCE>Normal</OVERALL_PERFORMANCE>
<MAP_PARALLEL>
<EXTERNAL_SCANNERS>6</EXTERNAL_SCANNERS>
<SCANNER_APPLIANCES>8</SCANNER_APPLIANCES>
<NETBLOCK_SIZE>16384 IPs</NETBLOCK_SIZE>
</MAP_PARALLEL>
<PACKET_DELAY>Minimum</PACKET_DELAY>
</MAP_PERFORMANCE>
<MAP_AUTHENTICATION>none</MAP_AUTHENTICATION>
</MAP>
<ADDITIONAL>
<HOST_DISCOVERY>
<TCP_PORTS>
<STANDARD_SCAN>1</STANDARD_SCAN>
</TCP_PORTS>
<UDP_PORTS>
<STANDARD_SCAN>1</STANDARD_SCAN>
</UDP_PORTS>
<ICMP>0</ICMP>
</HOST_DISCOVERY>
<PACKET_OPTIONS>
<IGNORE_FIREWALL_GENERATED_TCP_RST>1</IGNORE_FIREWALL_GENERATED_TCP_RST>
<IGNORE_ALL_TCP_RST>0</IGNORE_ALL_TCP_RST>
<IGNORE_FIREWALL_GENERATED_TCP_SYN_ACK>1</IGNORE_FIREWALL_GENERATED_TCP_SYN_ACK>
<NOT_SEND_TCP_ACK_OR_SYN_ACK_DURING_HOST_DISCOVERY>0</NOT_SEND_TCP_ACK_OR_SYN_ACK_DURING_HOST_DISCOVERY>
</PACKET_OPTIONS>
</ADDITIONAL>
</OPTION_PROFILE>
</OPTION_PROFILES>
Sample - Delete NSX Option ProfileSample - Delete NSX Option Profile
API Request
curl --location --request POST '<qualys_base_url>/api/2.0/fo/subscription/option_profile/vm/?id=8154392&action=delete' \
--header 'X-Requested-With: hfds' \
--header 'Authorization: Bearer <JWT Token>'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "
<qualys_base_url>/api/2.0/simple_return.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2025-12-17T05:41:04Z</DATETIME>
<TEXT>Option Profile Deleted Successfully</TEXT>
<ITEM_LIST>
<ITEM>
<KEY>ID</KEY>
<VALUE>8154392</VALUE>
</ITEM>
</ITEM_LIST>
</RESPONSE>
</SIMPLE_RETURN>
DTD Output for Option ProfileDTD Output for Option Profile
A DTD for the Option Profiles API has been added.
<platform API server><qualys_base_url></api/2.0/fo/subscription/option_profile/option_profile_info.dtd>
DTD output for the Option Profiles API is as follows:
DTD Output
<qualys_base_url>/api/2.0/fo/subscription/option_profile/option_profile_info.dtd
<!ELEMENT OPTION_PROFILES (OPTION_PROFILE)*>
<!ELEMENT OPTION_PROFILE (BASIC_INFO, SCAN, MAP?, ADDITIONAL, INSTANCE_DATA_COLLECTION?,OS_BASED_INSTANCE_DISC_COLLECTION?)>
<!ELEMENT BASIC_INFO (ID, GROUP_NAME, GROUP_TYPE, USER_ID, UNIT_ID, SUBSCRIPTION_ID, IS_DEFAULT?, IS_GLOBAL?, IS_OFFLINE_SYNCABLE?, UPDATE_DATE?)>
<!ELEMENT ID (#PCDATA)>
<!ELEMENT GROUP_NAME (#PCDATA)>
<!ELEMENT GROUP_TYPE (#PCDATA)>
<!ELEMENT USER_ID (#PCDATA)>
<!ELEMENT UNIT_ID (#PCDATA)>
<!ELEMENT SUBSCRIPTION_ID (#PCDATA)>
<!ELEMENT IS_DEFAULT (#PCDATA)>
<!ELEMENT IS_GLOBAL (#PCDATA)>
<!ELEMENT IS_OFFLINE_SYNCABLE (#PCDATA)>
<!ELEMENT UPDATE_DATE (#PCDATA)>
<!ELEMENT SCAN (PORTS?, SCAN_DEAD_HOSTS?, CLOSE_VULNERABILITIES?, PURGE_OLD_HOST_OS_CHANGED?, PERFORMANCE?, LOAD_BALANCER_DETECTION?, PASSWORD_BRUTE_FORCING?, VULNERABILITY_DETECTION?, AUTHENTICATION?, AUTHENTICATION_LEAST_PRIVILEGE?, ADDL_CERT_DETECTION?, DISSOLVABLE_AGENT?, SCAN_RESTRICTION?, DATABASE_PREFERENCE_KEY?, SYSTEM_AUTH_RECORD?, LITE_OS_SCAN?, CUSTOM_HTTP_HEADER?, HOST_ALIVE_TESTING?, ETHERNET_IP_PROBING?, FILE_INTEGRITY_MONITORING?, CONTROL_TYPES?, DO_NOT_OVERWRITE_OS?, TEST_AUTHENTICATION?, MAX_SCAN_DURATION_PER_ASSET?, PERFORM_PARTIAL_SSL_TLS_AUDITING?)>
<!ELEMENT PORTS (TCP_PORTS?, UDP_PORTS?, AUTHORITATIVE_OPTION?, (STANDARD_SCAN|TARGETED_SCAN)?)>
<!ELEMENT TCP_PORTS (TCP_PORTS_TYPE?, TCP_PORTS_STANDARD_SCAN?, TCP_PORTS_ADDITIONAL?, THREE_WAY_HANDSHAKE?, STANDARD_SCAN?, TCP_ADDITIONAL?)>
<!ELEMENT TCP_PORTS_TYPE (#PCDATA)>
<!ELEMENT TCP_PORTS_ADDITIONAL (HAS_ADDITIONAL?, ADDITIONAL_PORTS?)>
<!ELEMENT HAS_ADDITIONAL (#PCDATA)>
<!ELEMENT ADDITIONAL_PORTS (#PCDATA)>
<!ELEMENT THREE_WAY_HANDSHAKE (#PCDATA)>
<!ELEMENT UDP_PORTS (UDP_PORTS_TYPE?, UDP_PORTS_STANDARD_SCAN?, UDP_PORTS_ADDITIONAL?, (STANDARD_SCAN|CUSTOM_PORT)?)>
<!ELEMENT UDP_PORTS_TYPE (#PCDATA)>
<!ELEMENT UDP_PORTS_ADDITIONAL (HAS_ADDITIONAL?, ADDITIONAL_PORTS?)>
<!ELEMENT AUTHORITATIVE_OPTION (#PCDATA)>
<!ELEMENT STANDARD_SCAN (#PCDATA)>
<!ELEMENT TARGETED_SCAN (#PCDATA)>
<!ELEMENT SCAN_DEAD_HOSTS (#PCDATA)>
<!ELEMENT CLOSE_VULNERABILITIES (HAS_CLOSE_VULNERABILITIES?, HOST_NOT_FOUND_ALIVE?)>
<!ELEMENT HAS_CLOSE_VULNERABILITIES (#PCDATA)>
<!ELEMENT HOST_NOT_FOUND_ALIVE (#PCDATA)>
<!ELEMENT PURGE_OLD_HOST_OS_CHANGED (#PCDATA)>
<!ELEMENT PERFORMANCE (PARALLEL_SCALING?, OVERALL_PERFORMANCE, HOSTS_TO_SCAN, PROCESSES_TO_RUN, PACKET_DELAY, PORT_SCANNING_AND_HOST_DISCOVERY, EXTERNAL_SCANNERS_TO_USE?, HOST_CGI_CHECKS?, MAX_CGI_CHECKS?, MAX_TARGETS_PER_SLICE?, MAX_NUMBER_OF_TARGETS?, CONF_SCAN_LIMITED_CONNECTIVITY?, SKIP_PRE_SCANNING?, SCAN_MULTIPLE_SLICES_PER_SCANNER?)>
<!ELEMENT PARALLEL_SCALING (#PCDATA)>
<!ELEMENT OVERALL_PERFORMANCE (#PCDATA)>
<!ELEMENT HOSTS_TO_SCAN (EXTERNAL_SCANNERS, SCANNER_APPLIANCES)>
<!ELEMENT EXTERNAL_SCANNERS (#PCDATA)>
<!ELEMENT SCANNER_APPLIANCES (#PCDATA)>
<!ELEMENT PROCESSES_TO_RUN (TOTAL_PROCESSES, HTTP_PROCESSES)>
<!ELEMENT TOTAL_PROCESSES (#PCDATA)>
<!ELEMENT HTTP_PROCESSES (#PCDATA)>
<!ELEMENT PACKET_DELAY (#PCDATA)>
<!ELEMENT PORT_SCANNING_AND_HOST_DISCOVERY (#PCDATA)>
<!ELEMENT EXTERNAL_SCANNERS_TO_USE (#PCDATA)>
<!ELEMENT HOST_CGI_CHECKS (#PCDATA)>
<!ELEMENT MAX_CGI_CHECKS (#PCDATA)>
<!ELEMENT MAX_TARGETS_PER_SLICE (#PCDATA)>
<!ELEMENT MAX_NUMBER_OF_TARGETS (#PCDATA)>
<!ELEMENT CONF_SCAN_LIMITED_CONNECTIVITY (#PCDATA)>
<!ELEMENT SKIP_PRE_SCANNING (#PCDATA)>
<!ELEMENT SCAN_MULTIPLE_SLICES_PER_SCANNER (#PCDATA)>
<!ELEMENT LOAD_BALANCER_DETECTION (#PCDATA)>
<!ELEMENT PASSWORD_BRUTE_FORCING (SYSTEM?, CUSTOM_LIST?)>
<!ELEMENT SYSTEM (HAS_SYSTEM?, SYSTEM_LEVEL?)>
<!ELEMENT HAS_SYSTEM (#PCDATA)>
<!ELEMENT SYSTEM_LEVEL (#PCDATA)>
<!ELEMENT CUSTOM_LIST (CUSTOM+)>
<!ELEMENT CUSTOM (ID, TITLE, TYPE?, LOGIN_PASSWORD?)+>
<!ELEMENT TITLE (#PCDATA)>
<!ELEMENT TYPE (#PCDATA)>
<!ELEMENT LOGIN_PASSWORD (#PCDATA)>
<!ELEMENT MAX_SCAN_DURATION_PER_ASSET (#PCDATA)>
<!ELEMENT VULNERABILITY_DETECTION ((COMPLETE|CUSTOM_LIST|RUNTIME), DETECTION_INCLUDE?, DETECTION_EXCLUDE?)>
<!ELEMENT COMPLETE (#PCDATA)>
<!ELEMENT RUNTIME (#PCDATA)>
<!ELEMENT DETECTION_INCLUDE (BASIC_HOST_INFO_CHECKS, OVAL_CHECKS, QRDI_CHECKS?)>
<!ELEMENT BASIC_HOST_INFO_CHECKS (#PCDATA)>
<!ELEMENT OVAL_CHECKS (#PCDATA)>
<!ELEMENT QRDI_CHECKS (#PCDATA)>
<!ELEMENT DETECTION_EXCLUDE (CUSTOM_LIST+)>
<!ELEMENT AUTHENTICATION (#PCDATA)>
<!ELEMENT AUTHENTICATION_LEAST_PRIVILEGE (#PCDATA)>
<!ELEMENT ADDL_CERT_DETECTION (#PCDATA)>
<!ELEMENT DISSOLVABLE_AGENT (DISSOLVABLE_AGENT_ENABLE, PASSWORD_AUDITING_ENABLE?, WINDOWS_SHARE_ENUMERATION_ENABLE, WINDOWS_DIRECTORY_SEARCH_ENABLE?)>
<!ELEMENT DISSOLVABLE_AGENT_ENABLE (#PCDATA)>
<!ELEMENT PASSWORD_AUDITING_ENABLE (HAS_PASSWORD_AUDITING_ENABLE?, CUSTOM_PASSWORD_DICTIONARY?)>
<!ELEMENT HAS_PASSWORD_AUDITING_ENABLE (#PCDATA)>
<!ELEMENT CUSTOM_PASSWORD_DICTIONARY (#PCDATA)>
<!ELEMENT WINDOWS_SHARE_ENUMERATION_ENABLE (#PCDATA)>
<!ELEMENT WINDOWS_DIRECTORY_SEARCH_ENABLE (#PCDATA)>
<!ELEMENT SCAN_RESTRICTION (SCAN_BY_POLICY?)>
<!ELEMENT SCAN_BY_POLICY (POLICY+)>
<!ELEMENT POLICY (ID, TITLE)>
<!ELEMENT DATABASE_PREFERENCE_KEY (MSSQL?, ORACLE?, SYBASE?, POSTGRESQL?, SAPIQ?, DB2?)>
<!ELEMENT MSSQL (DB_UDC_RESTRICTION, DB_UDC_LIMIT)>
<!ELEMENT ORACLE (DB_UDC_RESTRICTION, DB_UDC_LIMIT)>
<!ELEMENT SYBASE (DB_UDC_RESTRICTION, DB_UDC_LIMIT)>
<!ELEMENT POSTGRESQL (DB_UDC_RESTRICTION, DB_UDC_LIMIT)>
<!ELEMENT SAPIQ (DB_UDC_RESTRICTION, DB_UDC_LIMIT)>
<!ELEMENT DB2 (DB_UDC_RESTRICTION, DB_UDC_LIMIT)>
<!ELEMENT DB_UDC_RESTRICTION (#PCDATA)>
<!ELEMENT DB_UDC_LIMIT (#PCDATA)>
<!ELEMENT SYSTEM_AUTH_RECORD (ALLOW_AUTH_CREATION|INCLUDE_SYSTEM_AUTH)>
<!ELEMENT ALLOW_AUTH_CREATION (AUTHENTICATION_TYPE_LIST, IBM_WAS_DISCOVERY_MODE?, ORACLE_AUTHENTICATION_TEMPLATE?, MONGODB_AUTHENTICATION_TEMPLATE?)>
<!ELEMENT AUTHENTICATION_TYPE_LIST (AUTHENTICATION_TYPE+)>
<!ELEMENT AUTHENTICATION_TYPE (#PCDATA)>
<!ELEMENT IBM_WAS_DISCOVERY_MODE (#PCDATA)>
<!ELEMENT ORACLE_AUTHENTICATION_TEMPLATE (ID, TITLE)>
<!ELEMENT MONGODB_AUTHENTICATION_TEMPLATE (ID, TITLE)>
<!ELEMENT INCLUDE_SYSTEM_AUTH (ON_DUPLICATE_USE_USER_AUTH|ON_DUPLICATE_USE_SYSTEM_AUTH)>
<!ELEMENT ON_DUPLICATE_USE_USER_AUTH (#PCDATA)>
<!ELEMENT ON_DUPLICATE_USE_SYSTEM_AUTH (#PCDATA)>
<!ELEMENT LITE_OS_SCAN (#PCDATA)>
<!ELEMENT CUSTOM_HTTP_HEADER (VALUE?, DEFINITION_KEY?, DEFINITION_VALUE?)>
<!ELEMENT VALUE (#PCDATA)>
<!ELEMENT DEFINITION_KEY (#PCDATA)>
<!ELEMENT DEFINITION_VALUE (#PCDATA)>
<!ELEMENT HOST_ALIVE_TESTING (#PCDATA)>
<!ELEMENT ETHERNET_IP_PROBING (#PCDATA)>
<!ELEMENT FILE_INTEGRITY_MONITORING (AUTO_UPDATE_EXPECTED_VALUE?)>
<!ELEMENT AUTO_UPDATE_EXPECTED_VALUE (#PCDATA)>
<!ELEMENT CONTROL_TYPES (FIM_CONTROLS_ENABLED?, CUSTOM_WMI_QUERY_CHECKS?)>
<!ELEMENT FIM_CONTROLS_ENABLED (#PCDATA)>
<!ELEMENT CUSTOM_WMI_QUERY_CHECKS (#PCDATA)>
<!ELEMENT DO_NOT_OVERWRITE_OS (#PCDATA)>
<!ELEMENT TEST_AUTHENTICATION (#PCDATA)>
<!ELEMENT PERFORM_PARTIAL_SSL_TLS_AUDITING (#PCDATA)>
<!ELEMENT MAP (BASIC_INFO_GATHERING_ON, TCP_PORTS?, UDP_PORTS?, MAP_OPTIONS?, MAP_PERFORMANCE?, MAP_AUTHENTICATION?)>
<!ELEMENT BASIC_INFO_GATHERING_ON (#PCDATA)>
<!ELEMENT TCP_PORTS_STANDARD_SCAN (#PCDATA)>
<!ELEMENT UDP_PORTS_STANDARD_SCAN (#PCDATA)>
<!ELEMENT MAP_OPTIONS (PERFORM_LIVE_HOST_SWEEP?, DISABLE_DNS_TRAFFIC?)>
<!ELEMENT PERFORM_LIVE_HOST_SWEEP (#PCDATA)>
<!ELEMENT DISABLE_DNS_TRAFFIC (#PCDATA)>
<!ELEMENT MAP_PERFORMANCE (OVERALL_PERFORMANCE, MAP_PARALLEL?, PACKET_DELAY)>
<!ELEMENT MAP_PARALLEL (EXTERNAL_SCANNERS, SCANNER_APPLIANCES, NETBLOCK_SIZE)>
<!ELEMENT NETBLOCK_SIZE (#PCDATA)>
<!ELEMENT MAP_AUTHENTICATION (#PCDATA)>
<!ELEMENT ADDITIONAL (HOST_DISCOVERY, BLOCK_RESOURCES?, PACKET_OPTIONS?)>
<!ELEMENT HOST_DISCOVERY (TCP_PORTS?, UDP_PORTS?, ICMP?)>
<!ELEMENT TCP_ADDITIONAL (HAS_ADDITIONAL?, ADDITIONAL_PORTS?)>
<!ELEMENT CUSTOM_PORT (#PCDATA)>
<!ELEMENT ICMP (#PCDATA)>
<!ELEMENT BLOCK_RESOURCES ((WATCHGUARD_DEFAULT_BLOCKED_PORTS|CUSTOM_PORT_LIST), (ALL_REGISTERED_IPS|CUSTOM_IP_LIST))>
<!ELEMENT WATCHGUARD_DEFAULT_BLOCKED_PORTS (#PCDATA)>
<!ELEMENT CUSTOM_PORT_LIST (#PCDATA)>
<!ELEMENT ALL_REGISTERED_IPS (#PCDATA)>
<!ELEMENT CUSTOM_IP_LIST (#PCDATA)>
<!ELEMENT PACKET_OPTIONS (IGNORE_FIREWALL_GENERATED_TCP_RST?, IGNORE_ALL_TCP_RST?, IGNORE_FIREWALL_GENERATED_TCP_SYN_ACK?, NOT_SEND_TCP_ACK_OR_SYN_ACK_DURING_HOST_DISCOVERY?)>
<!ELEMENT IGNORE_FIREWALL_GENERATED_TCP_RST (#PCDATA)>
<!ELEMENT IGNORE_ALL_TCP_RST (#PCDATA)>
<!ELEMENT IGNORE_FIREWALL_GENERATED_TCP_SYN_ACK (#PCDATA)>
<!ELEMENT NOT_SEND_TCP_ACK_OR_SYN_ACK_DURING_HOST_DISCOVERY (#PCDATA)>
<!ELEMENT INSTANCE_DATA_COLLECTION (DATABASES?)>
<!ELEMENT DATABASES (AUTHENTICATION_TYPES_LIST)>
<!ELEMENT AUTHENTICATION_TYPES_LIST (AUTHENTICATION_TYPE+)>
<!ELEMENT OS_BASED_INSTANCE_DISC_COLLECTION (TECHNOLOGIES?)>
<!ELEMENT TECHNOLOGIES (TECHNOLOGY+)>
<!ELEMENT TECHNOLOGY (#PCDATA)>
Sample - List NSX authentication recordSample - List NSX authentication record
API Request
curl --location --request GET '<qualys_base_url>/api/2.0/fo/auth/nsx/index.php?action=list' \
--header 'X-Requested-With: curl demo2' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Bearer <JWT Token>' \
--data-urlencode 'action=list'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_NSX_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/2.0/fo/auth/nsx/auth_nsx_list_output.dtd">
<AUTH_NSX_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2025-12-11T10:31:18Z</DATETIME>
<AUTH_NSX_LIST>
<AUTH_NSX>
<ID>11500969</ID>
<TITLE>
<![CDATA[nsx_auth]]>
</TITLE>
<USERNAME>
<![CDATA[admin]]>
</USERNAME>
<SSL_VERIFY>
<![CDATA[0]]>
</SSL_VERIFY>
<IP_SET>
<IP>10.xxx.xxx.xxx</IP>
</IP_SET>
<PORT>
<![CDATA[443]]>
</PORT>
<SSL_VERIFY_WITH_HOST>
<![CDATA[0]]>
</SSL_VERIFY_WITH_HOST>
<HOSTS>
<![CDATA[www.google.com]]>
</HOSTS>
<LOGIN_TYPE>
<![CDATA[basic]]>
</LOGIN_TYPE>
<CREATED>
<DATETIME>2025-11-28T07:48:06Z</DATETIME>
<BY>username</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2025-12-10T06:45:07Z</DATETIME>
</LAST_MODIFIED>
</AUTH_NSX>
<AUTH_NSX>
<ID>11541079</ID>
<TITLE>
<![CDATA[mob_api12345]]>
</TITLE>
<USERNAME>
<![CDATA[root]]>
</USERNAME>
<IP_SET>
<IP>111.xx.xx.xx</IP>
</IP_SET>
<PORT>
<![CDATA[443]]>
</PORT>
<LOGIN_TYPE>
<![CDATA[basic]]>
</LOGIN_TYPE>
<CREATED>
<DATETIME>2025-12-04T05:49:51Z</DATETIME>
<BY>username</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2025-12-04T05:49:51Z</DATETIME>
</LAST_MODIFIED>
</AUTH_NSX>
<AUTH_NSX>
<ID>11541968</ID>
<TITLE>
<![CDATA[1234NSX6]]>
</TITLE>
<USERNAME>
<![CDATA[root]]>
</USERNAME>
<IP_SET>
<IP>10.xxx.xxx.xxx</IP>
</IP_SET>
<PORT>
<![CDATA[445]]>
</PORT>
<LOGIN_TYPE>
<![CDATA[basic]]>
</LOGIN_TYPE>
<CREATED>
<DATETIME>2025-12-04T06:42:32Z</DATETIME>
<BY>vmspxtb</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2025-12-04T08:50:33Z</DATETIME>
</LAST_MODIFIED>
</AUTH_NSX>
<AUTH_NSX>
<ID>11542967</ID>
<TITLE>
<![CDATA[1234NSXkk23]]>
</TITLE>
<USERNAME>
<![CDATA[root]]>
</USERNAME>
<IP_SET>
<IP>10.xxx.xxx.xxx</IP>
</IP_SET>
<PORT>
<![CDATA[443]]>
</PORT>
<LOGIN_TYPE>
<![CDATA[basic]]>
</LOGIN_TYPE>
<CREATED>
<DATETIME>2025-12-04T09:11:25Z</DATETIME>
<BY>vmspxtb</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2025-12-04T09:11:25Z</DATETIME>
</LAST_MODIFIED>
</AUTH_NSX>
</AUTH_NSX_LIST>
</RESPONSE>
</AUTH_NSX_LIST_OUTPUT>
Sample - Create NSX authentication recordSample - Create NSX authentication record
API Request
curl --location '<qualys_base_url>/api/2.0/fo/auth/nsx/index.php?action=create&title=1234NSXkk235&ips=10.xxx.xxx.xxx&username=root&password=Password%40456&port=443' \
--header 'X-Requested-With: curl demo2' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Bearer <JWT Token>' \
--data-urlencode 'action=create'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/2.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2025-12-11T10:32:56Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>11629987</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Update NSX authentication recordSample - Update NSX authentication record
API Request
curl --location '<qualys_base_url>/api/2.0/fo/auth/nsx/index.php?action=update%20&username=root&password=Password%40456&ids=11629987' \
--header 'X-Requested-With: curl demo2' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Bearer <JWT Token>' \
--data-urlencode 'action=update'
API Response
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/2.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2025-12-11T10:37:10Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>11629987</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Sample - Delete NSX authentication recordSample - Delete NSX authentication record
API Request
curl --location '<qualys_base_url>/api/2.0/fo/auth/nsx/index.php?action=delete&ids=11629987' \ --header 'X-Requested-With: curl demo2' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: Bearer <JWT Token>' \ --data-urlencode 'action=delete'
API Response
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/2.0/batch_return.dtd"> <BATCH_RETURN> <RESPONSE> <DATETIME>2025-12-11T10:41:22Z</DATETIME> <BATCH_LIST> <BATCH> <TEXT>Successfully Deleted</TEXT> <ID_SET> <ID>11629987</ID> </ID_SET> </BATCH> </BATCH_LIST> </RESPONSE> </BATCH_RETURN>
DTD Output for NSX authentication recordDTD Output for NSX authentication record
A DTD for the Authentication API has been added.
<platform API server>/api/2.0/fo/auth/nsx/auth_nsx_list_output.dtd>
DTD output for the Authentication API is as follows:
DTD Output
<qualys_base_url>/api/2.0/fo/auth/nsx/auth_nsx_list_output.dtd
<!-- QUALYS AUTH_NSX_LIST_OUTPUT DTD -->
<!ELEMENT AUTH_NSX_LIST_OUTPUT (REQUEST?, RESPONSE)>
<!ELEMENT REQUEST (DATETIME, USER_LOGIN, RESOURCE, PARAM_LIST?, POST_DATA?)>
<!ELEMENT DATETIME (#PCDATA)>
<!ELEMENT USER_LOGIN (#PCDATA)>
<!ELEMENT RESOURCE (#PCDATA)>
<!ELEMENT PARAM_LIST (PARAM+)>
<!ELEMENT PARAM (KEY, VALUE)>
<!ELEMENT KEY (#PCDATA)>
<!ELEMENT VALUE (#PCDATA)>
<!-- if returned, POST_DATA will be urlencoded -->
<!ELEMENT POST_DATA (#PCDATA)>
<!ELEMENT RESPONSE (DATETIME, (AUTH_NSX_LIST|ID_SET)?, WARNING_LIST?, GLOSSARY?)>
<!ELEMENT AUTH_NSX_LIST (AUTH_NSX+)>
<!ELEMENT AUTH_NSX (ID,TITLE,USERNAME?,IP_SET?,PORT?,SSL_VERIFY_WITH_HOST?,HOSTS?,LOGIN_TYPE?,DIGITAL_VAULT?,NETWORK_ID?,CREATED,LAST_MODIFIED,COMMENTS?)>
<!ELEMENT ID (#PCDATA)>
<!ELEMENT TITLE (#PCDATA)>
<!ELEMENT USERNAME (#PCDATA)>
<!ELEMENT IP_SET (IP|IP_RANGE)+>
<!ELEMENT IP (#PCDATA)>
<!ELEMENT IP_RANGE (#PCDATA)>
<!ELEMENT PORT (#PCDATA)>
<!ELEMENT HOSTS (#PCDATA)>
<!ELEMENT SSL_VERIFY_WITH_HOST (#PCDATA)>
<!ELEMENT LOGIN_TYPE (#PCDATA)>
<!ELEMENT DIGITAL_VAULT (DIGITAL_VAULT_ID, DIGITAL_VAULT_TYPE, DIGITAL_VAULT_TITLE, VAULT_USERNAME?, VAULT_FOLDER?, VAULT_FILE?, VAULT_SECRET_NAME?, VAULT_SYSTEM_NAME?, VAULT_NS_TYPE?, VAULT_NS_NAME?, VAULT_SECRET_KV_PATH?, VAULT_SECRET_KV_NAME?, VAULT_SECRET_KV_KEY?, VAULT_SERVICE_TYPE?)>
<!ELEMENT DIGITAL_VAULT_ID (#PCDATA)>
<!ELEMENT DIGITAL_VAULT_TYPE (#PCDATA)>
<!ELEMENT DIGITAL_VAULT_TITLE (#PCDATA)>
<!ELEMENT VAULT_USERNAME (#PCDATA)>
<!ELEMENT VAULT_FOLDER (#PCDATA)>
<!ELEMENT VAULT_FILE (#PCDATA)>
<!ELEMENT VAULT_SECRET_NAME (#PCDATA)>
<!ELEMENT VAULT_SYSTEM_NAME (#PCDATA)>
<!ELEMENT VAULT_NS_TYPE (#PCDATA)>
<!ELEMENT VAULT_NS_NAME (#PCDATA)>
<!ELEMENT VAULT_SECRET_KV_PATH (#PCDATA)>
<!ELEMENT VAULT_SECRET_KV_NAME (#PCDATA)>
<!ELEMENT VAULT_SECRET_KV_KEY (#PCDATA)>
<!ELEMENT VAULT_SERVICE_TYPE (#PCDATA)>
<!ELEMENT NETWORK_ID (#PCDATA)>
<!ELEMENT CREATED (DATETIME, BY)>
<!ELEMENT BY (#PCDATA)>
<!ELEMENT LAST_MODIFIED (DATETIME)>
<!ELEMENT COMMENTS (#PCDATA)>
<!ELEMENT WARNING_LIST (WARNING+)>
<!ELEMENT WARNING (CODE?, TEXT, URL?, ID_SET?)>
<!ELEMENT CODE (#PCDATA)>
<!ELEMENT TEXT (#PCDATA)>
<!ELEMENT URL (#PCDATA)>
<!ELEMENT ID_SET (ID|ID_RANGE)+>
<!ELEMENT ID_RANGE (#PCDATA)>
<!ELEMENT GLOSSARY (USER_LIST?)>
<!ELEMENT USER_LIST (USER+)>
<!ELEMENT USER (USER_LOGIN, FIRST_NAME, LAST_NAME)>
<!ELEMENT FIRST_NAME (#PCDATA)>
<!ELEMENT LAST_NAME (#PCDATA)>
<!-- EOF -->
Qualys Policy Compliance (PC)
For the list of features and improvements made in Policy Compliance/Policy Audit, refer to the Policy Audit API Release Notes for Release 1.7.
Issues Addressed
The following reported and notable customer issues are fixed in this release:
| Component/Category | Application |
Description |
| VM - Host List API | Vulnerability Management | When users performed the host list API purge action (/api/fo/asset/host/?action=purge), only versions v2.0 and v3.0 worked as expected. Versions v4.0 and v5.0 did not function properly. Relevant changes have been made to fix the issue. |
| VM - Host List API | Vulnerability Management | When users created encrypted PDF reports with passwords containing certain characters, such as “$”, the system displayed an error, and the report could not be generated. The code has now been updated to handle these characters correctly. The fix has been verified across all report types using password combinations that include A–Z, a–z, 0–9, special characters (! @ # $ % ^ & * ( ) - _ = + [ ] { } ; : , . < > ? / ~ ' "), and shell-sensitive characters (" ' \ $ & |. Users can now successfully generate encrypted PDF reports with these password patterns. Examples of acceptable patterns include 12345$/ABCde and 12345$%ABCde. |
Qualys Policy Compliance (PC)
For the list of features and improvements made in Policy Compliance/Policy Audit, refer to the Policy Audit API Release Notes for Release 1.7.