Enterprise TruRisk™ Platform Release 10.38.3 API

May 11, 2026

In the API Release Notes, <qualys_base_url> is used as a sample API request to represent the API server URL. To learn more about the API server URL for your environment, refer to the Know Your Qualys API Server URL section.

API versioning is supported across Qualys APIs. To learn more about versioning standards and deprecation timelines, refer to the Updates on API Versioning Standards & Deprecation Timelines blog.

Qualys Vulnerability Management (VM)

Scans API: Support for Google Cloud Platform Instance-Based Scans for IPv4

New or Updated API	Updated
API Endpoint	/api/2.0/fo/scan/cloud/internal/job/
	EOS Timeline: November 2026
	EOL Timeline: May 2027
API Endpoint (New Version)	/api/3.0/fo/scan/cloud/internal/job/
Method	POST
DTD or XSD changes	No

Cloud Internal Scan now supports Google Cloud Platform instance based scans. You can now create and update internal scans for Assets in GCP Cloud. Earlier, GCP supported only perimeter scans, while AWS EC2 and Azure supported both internal and perimeter scans. With this enhancement, you can now perform internal scans on GCP instances to enable deeper vulnerability visibility and improved security coverage for GCP environments or assets.

Only Manager, Unit Manager, and Scanner role users have permission to launch GCP internal scans.

Input Parameters - Creating and Updating a GCP Cloud Internal ScanInput Parameters - Creating and Updating a GCP Cloud Internal Scan

Parameter Name	Required/ Optional	Data Type	Description
action={create\|update}	Required	String	Specify create to configure a new internal GCP schedule scan job. Specify update to make changes to an existing scan job.
scan_title={value}	Required	String	The scan title to create.
connector_name={value}	Required	String	The name of the connector to be used. We check if the specified connector_name exists for your Qualys subscription. If the specified connector name does not exists in your Qualys subscription, then the API request returns an error message - Invalid connector_name provided. One of these parameters must be specified in the request: connector_name or connector_uuid. These are mutually exclusive and cannot be specified in the same request.
connector_uuid={value}	Required	Integer	The ID of the connector to be used. We check if the specified connector_uuid exists for your Qualys subscription. If the specified connector name does not exists in your Qualys subscription, then the API request returns an error message - Invalid connector_uuid provided One of these parameters must be specified in the request: conector_name or connector_uuid. These are mutually exclusive and cannot be specified in the same request.
active={0\|1}	required if the request action is create	Boolean	Specify 1 to create an active schedule. Specify 0 to create an inactive schedule.
option_title={value}	Required	String	The title of the option profile to be used. One of these parameters must be specified in the request: option_title or option_id. These are mutually exclusive and cannot be specified in the same request.
option_id={value}	Required	Integer	The ID of the option profile to be used. One of these parameters must be specified in the request: option_title or option_id. These are mutually exclusive and cannot be specified in the same request.
id={value}	Required	Integer	Only applicable for Update requests. The ID of the scan schedule you want to update.
module={vm}	Required if the request action is create	String	Currently enabled for VM only.
schedule={now\|recurring}	Required if the request action is create	String	Specify now to schedule the scan job for now. Specify recurring to schedule the scan job to start at a later time or on a recurring basis. See Scheduling Parameters.
cloud_provider={gcp}	Required	String	Supports GCP.
cloud_service={compute_engine}	Required	String	Currently providing only the compute engine cloud service.
priority={value}	Optional	Integer	Specify a value of 0 - 9 to set a processing priority level for the scan. When not specified, a value of 0 (no priority) is used. Valid values are: 0 = No Priority (the default) 1 = Emergency 2 = Ultimate 3 = Critical 4 = Major 5 = High 6 = Standard 7 = Medium 8 = Minor 9 = Low
iscanner_id={value}	Required	Integer	The IDs of the scanner appliances to be used. Multiple entries are comma-separated. iscanner_id and iscanner_name cannot be specified in the same request.
iscanner_name={value}	Required	String	The friendly names of the scanner appliances to be used. iscanner_id and iscanner_name cannot be specified in the same request.
region_code={value}	Optional	String	The GCP region code. For example, values are: ap-northeast-1, ap-southeast-1, ap-southeast-2, ap-east-1, eu-west-1, eu-north-1, asa-east-1, us-east-1, us-west-1, uswest-2, me-south-1, eu-south-1, and af-south-1
virtual_network_id={value}	Optional	Integer	Provide the Id of the GCP virtual network.
tag_include_selector={all\|any}	Optional	String	Select any (the default) to include hosts that match at least one of the selected tags. Select all to include hosts that match all of the selected tags.
tag_exclude_selector={all\|any}	Optional	String	Select any (the default) to exclude hosts that match at least one of the selected tags. Select all to exclude hosts that match all of the selected tags.
tag_set_by={id\|name}	Optional	String	Specify id (the default) to select a tag set by providing tag IDs. Specify name to select a tag set by providing tag names. We will check if the tag ids or tag names are valid.
tag_set_include={value}	Optional	String	Specify a tag set to include. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. Multiple entries are comma-separated.
tag_set_exclude={value}	Optional	String	Specify a tag set to exclude. Hosts that match these tags will be excluded. You identify the tag set by providing tag name or IDs. Multiple entries are comma separated.
cloud_resource_ids={remove\|any VM ID}	Optional	String	Specific VM IDs on which scan needs to be launched (VM IDs are comma separated). The following are only applicable for Update request: Specify remove to delete the existing VM-IDs. Specify any VM ID to replace the existing VM-IDs.

Refer to the following Scan Schedule parameters:

Input Parameters - Scan Schedule Occurrence Input Parameters - Scan Schedule Occurrence

Parameter Name	Required/ Optional	Data Type	Description
occurrence=daily	Required	String	Required for a daily scan.
frequency_days={value}	Required	Integer	Required for daily scan. The scan will run every N number of days. Value is an integer from 1 to 365.
occurrence=weekly	Required	String	Required for a weekly scan.
frequency_weeks={value}	Required	Integer	Required for a weekly scan. The scan will run every N number of weeks. Value is an integer from 1 to 52.
weekdays={value}	Required	String	Required for a weekly scan. The scan will run on one or more weekdays. Value is one or more days: Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday. Multiple days are comma separated.
occurrence=monthly	Required	String	Required for a monthly scan.
frequency_months={value}	Required	Integer	Required for a monthly scan. The scan will run every N number of months. Value is an integer from 1 to 12.
day_of_month={value}	Required	Integer	Required for a monthly scan - N^th day of the month. The scan will run on the N^th day of the month. Value is an integer from 1 to 31.
day_of_week={value}	Required	Integer	Required for a monthly scan - day in N^th week. The scan will run on this day of the week. Value is and integer from 0 to 6, where 0 is Sunday and 2 is Tuesday.
week_of_month={value}	Required	String	Required for a monthly scan - day in N^th week. The scan will run on this week of the month. Value is one of: first, second, third, fourth, last.

Input Parameters - Scan Schedule Start Time Input Parameters - Scan Schedule Start Time

Parameter Name	Required/ Optional	Data Type	Description
start_date={mm/dd/yyyy}	Optional	Integer	By default the start date is the date when the schedule is created. You can define another start date in mm/dd/yyyy format.
start_hour={hour}	Required	Integer	The hour when a scan will start. The hour is an integer from 0 to 23, where 0 represents 12 AM, 7 represents 7 AM, and 22 represents 10 PM.
start_minute={minute}	Required	Integer	The minute when a scan will start. A valid value is an integer from 0 to 59.
time_zone_code={value}	Required	String	The time zone code for starting a scan, in upper case. For example, the time zone code for US California is US-CA. Valid codes are returned by the Time Zone Code API (/msp/time_zone_code_list.php).
observe_dst={yes\|no}	Optional	String	Specify yes to observe Daylight Saving Time (DST). This parameter is valid when the time zone code specified in time_zone_code supports DST.
recurrence={value}	Optional	Integer	The number of times the scan will be run before it is deactivated. For example, if you set recurrence=2, the scan schedule will be deactivated after it runs 2 times. By default, no value is set. A valid value is an integer from 1 to 99.
end_after={value}	Optional	Integer	End a scan after some number of hours. A valid value is from 0 to 119.
end_after_mins={value}	Optional	Integer	Allows monthly scan - N^th day of the month. The scan will run on the N^th day of the month. Value is an integer from 1 to 31. Must be specified with end_after. For example, to end the scan after 2 hours and 30 minutes, you would specify end_after=2 and end_after_mins=30. When end_after is set to 0, the minimum value for end_after_mins is 15.
pause_after_hours={value}	Optional	Integer	Pause a scan after some number of hours if the scan has not finished by then. A valid value is an integer from 0 to 119.
pause_after_mins={value}	Optional	Integer	Pause a scan after some number of minutes if the scan has not finished by then. A valid value is an integer from 0-59. Must be specified with pause_after_hours. For example, to pause the scan after 2 hours and 30 minutes, you would specify pause_after_hours=2 and pause_after_mins=30. When pause_after_hours is set to 0, the minimum value for pause_after_mins is 15.
resume_in_days={value}	Optional	Integer	Resume a paused scan in some number of days. A valid value is an integer from 0 to 9 or Manually.
resume_in_hours={value}	Optional	Integer	Resume a paused scan in some number of hours. A valid value is an integer from 0-23. Must be specified with pause_after_hours and resume_in_days. For example, to resume your scan in 5 hours, specify resume_in_days=0 and resume_in_hours=5. To resume your scan in 1 day and 12 hours, specify resume_in_days=1 and resume_in_hours=12. The value you set for pause will determine the minimum value for resume. For example, if you set the scan to pause after 1 hour then you can set it to resume in 2 or more hours. If you set the scan to pause between 1-2 hours (from 1hr, 1min to 1 hr, 59min) then you can set it to resume in 3 hours or more.
set_start_time={0\|1}	Required	Integer	(Optional for Update only) Specify set_start_time=1 to update any of the start time parameters. Must be specified with all start time parameters together: start_date, start_hour, start_minute, time_zone_code, observe_dst

Input Parameters - Scan Schedule NotificationsInput Parameters - Scan Schedule Notifications

Parameter Name	Required/ Optional	Data Type	Description
before_notify={0\|1}	Optional	Integer	Specify before_notify=1 to send a notification before the scan starts. When not specified during a create request no notification is sent. When not specified during an update request we keep the previous setting.
before_notify_unit={value}	Optional	String	Specify the time unit for when to send the before scan notification. Possible values are: days, hours, minutes. This parameter is required when before_notify=1. Not valid when before_notify=0.
before_notify_time={value}	Optional	Integer	Indicates the number of days, hours, or minutes before the scan starts the notification will be sent. For days, enter a value of 1-31. For hours, enter a value of 1-24. For minutes, enter a value of 5-120. This parameter is required when before_notify=1. Not valid when before_notify=0.
before_notify_message= {value}	Optional	String	Specify a custom message to add to the before scan notification. The notification will always include certain details like the scan title, owner, option profile and start time. Include up to 4000 characters, no HTML tags. For update requests: - When not specified we keep the previous setting. - Specify an empty string to delete the last saved message. This parameter is only valid when before_notify=1
after_notify={0\|1}	Optional	Integer	Specify after_notify=1 to send a notification after the scan is finished. When not specified during a create request no notification is sent. When not specified during an update request we keep the previous setting.
after_notify_message= {value}	Optional	String	Specify a custom message to add to the after scan notification. When not specified during a create request, no notification message is saved. Include up to 4000 characters, no HTML tags. For update requests: - When not specified we keep the previous setting. - Specify an empty string to delete the last saved message. - If both notifications are disabled (before_notify=0 and after_notify=0) we will delete the after notify message. This parameter is only valid when after_notify=1.
recipient_group_ids={value}	Optional	Integer	The notification recipients in the form of one or more valid distribution group IDs. When not specified during a create request, only the task owner will be notified. For update requests: - When not specified we keep the previous setting. - Specify an empty string to delete the list of IDs. - If both notifications are disabled (before_notify=0 and after_notify=0) we will delete the list of IDs. This parameter is only valid when before_notify=1 or after_notify=1 is specified in the same request.

Sample - Create GCP Internal ScanSample - Create GCP Internal Scan

API Request

curl --location --request POST '<qualys_base_url>/api/3.0/fo/scan/cloud/internal/job/index.php?action=create&scan_title=GCP_Test_API3&connector_name=xxxxxx3&active=1&option_title=Qualys%20Recommended%20Option%20Profile&module=vm&schedule=now&cloud_provider=gcp&iscanner_name=RM_GCP_SCANNER&cloud_service=compute_engine&virtual_network_id=projects%2Fqlys-devqa-qweb%2FvirtualNetworks%2Fvpc-qlys-devqa-xxx' \
--header 'X-Requested-With: xxxx' \
--header 'User-Agent: Apidog/1.0.0 (https://apidog.com)' \
--header 'Accept: */*' \
--header 'Host: <qualys_base_url>' \
--header 'Connection: keep-alive' \
--header 'Authorization: Bearer <JWT Token>'

API Response

 <?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "<qualys_base_url>/api/3.0/simple_return.dtd">
<SIMPLE_RETURN>
    <RESPONSE>
        <DATETIME>2026-04-10T07:45:30Z</DATETIME>
        <TEXT>Scan has been created successfully</TEXT>
        <ITEM_LIST>
            <ITEM>
                <KEY>ID</KEY>
                <VALUE>7469466</VALUE>
            </ITEM>
        </ITEM_LIST>
    </RESPONSE>
</SIMPLE_RETURN>

Sample - Update GCP Internal ScanSample - Update GCP Internal Scan

API Request

curl --location --request POST '<qualys_base_url>/api/3.0/fo/scan/cloud/internal/job/index.php?action=update&connector_name=CPSGLOBAL_clvautomationproject&active=1&option_title=Qualys%20Recommended%20Option%20Profile&schedule=now&cloud_provider=gcp&iscanner_name=RM_GCP_SCANNER&cloud_service=compute_engine&cloud_resource_ids=us-central1&virtual_network_id=projects%2Fqlys-devqa-qweb%2FvirtualNetworks%2Fvpc-qlys-devqa-xx&id=7530283' \
--header 'X-Requested-With: xxxxx' \
--header 'User-Agent: Apidog/1.0.0 (https://apidog.com)' \
--header 'Accept: */*' \
--header 'Host: <qualys_base_url>' \
--header 'Connection: keep-alive' \
--header 'Authorization: Bearer <JWT Token>'

API Response

 <?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "<qualys_base_url>/api/3.0/simple_return.dtd">
<SIMPLE_RETURN>
    <RESPONSE>
        <DATETIME>2026-04-21T10:23:20Z</DATETIME>
        <TEXT>Scan has been updated successfully</TEXT>
        <ITEM_LIST>
            <ITEM>
                <KEY>ID</KEY>
                <VALUE>7530283</VALUE>
            </ITEM>
        </ITEM_LIST>
    </RESPONSE>
</SIMPLE_RETURN>

Added Active Directory Support to VMware NSX Authentication

New or Updated API	Updated
API Endpoint	/api/2.0/fo/auth/nsx
	EOS Timeline: November 2026
	EOL Timeline: May 2027
API Endpoint (New Version)	/api/3.0/fo/auth/nsx
Method	GET, POST
DTD or XSD changes	Yes

You can now use Active Directory (AD) support with HashiCorp Vault when you create, update, list, and delete VMware NSX authentication records for authenticated scans of VMware NSX environments. This enables you to securely retrieve AD credentials from Vault.

Input ParameterInput Parameter

Parameter	Required/Optional	Data Type	Description
use_ad_hashicorp={0\|1}	Required	Boolean	Specify 1 to enable the Active Directory when the HashiCorp Vault is selected.

Sample - Create VMware NSX authentication record with AD enabledSample - Create VMware NSX authentication record with AD enabled

API Request

curl --location '<qualys_base_url>/api/3.0/fo/auth/nsx/index.php' \
--header 'X-Requested-With: curl demo2' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Bearer<JWT Token>' \
--data-urlencode 'action=create' \
--data-urlencode 'title=API NSX1211' \
--data-urlencode 'username=nsxuser' \
--data-urlencode 'ips=10.xxx.xxx.xxx' \
--data-urlencode 'port=443' \
--data-urlencode 'ssl_verify_with_host=1' \
--data-urlencode 'hosts=aa.aa' \
--data-urlencode 'login_type=vault' \
--data-urlencode 'vault_type=HashiCorp' \
--data-urlencode 'vault_id=4980801' \
--data-urlencode 'secret_kv_name=Test' \
--data-urlencode 'use_ad_hashicorp=1'

API Response

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
    <RESPONSE>
        <DATETIME>2026-04-07T06:09:35Z</DATETIME>
        <BATCH_LIST>
            <BATCH>
                <TEXT>Successfully Created</TEXT>
                <ID_SET>
                    <ID>12426426</ID>
                </ID_SET>
            </BATCH>
        </BATCH_LIST>
    </RESPONSE>
</BATCH_RETURN>

Sample - Update VMware NSX authentication record with AD enabledSample - Update VMware NSX authentication record with AD enabled

API Request

curl --location '<qualys_base_url>/api/3.0/fo/auth/nsx/index.php' \
--header 'X-Requested-With: curl demo2' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Bearer<JWT Token>' \
--data-urlencode 'action=update' \
--data-urlencode 'login_type=vault' \
--data-urlencode 'vault_type=HashiCorp' \
--data-urlencode 'vault_id=4980801' \
--data-urlencode 'secret_kv_name=Test' \
--data-urlencode 'use_ad_hashicorp=1' \
--data-urlencode 'ids=12427803' \
--data-urlencode 'secret_kv_key=566'

API Response

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
    <RESPONSE>
        <DATETIME>2026-04-07T10:15:27Z</DATETIME>
        <BATCH_LIST>
            <BATCH>
                <TEXT>Successfully Updated</TEXT>
                <ID_SET>
                    <ID>12427803</ID>
                </ID_SET>
            </BATCH>
        </BATCH_LIST>
    </RESPONSE>
</BATCH_RETURN>

Sample - List VMware NSX authentication record with AD enabledSample - List VMware NSX authentication record with AD enabled

API Request

curl --location '<qualys_base_url>/api/3.0/fo/auth/nsx/index.php?action=list&ids=12426322' \
--header 'X-Requested-With: curl demo2' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Bearer<JWT Token>' \
--data-urlencode 'action=list

API Response

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_NSX_LIST_OUTPUT SYSTEM "<qualys_base_url>/api/3.0/fo/auth/nsx/auth_nsx_list_output.dtd">
<AUTH_NSX_LIST_OUTPUT>
    <RESPONSE>
        <DATETIME>2026-04-07T06:09:03Z</DATETIME>
        <AUTH_NSX_LIST>
            <AUTH_NSX>
                <ID>12426322</ID>
                <TITLE>
                    <![CDATA[NSX_AD ]]>
                </TITLE>
                <USERNAME>
                    <![CDATA[root]]>
                </USERNAME>
                <IP_SET>
                    <IP>10.xxx.xxx.xxx</IP>
                </IP_SET>
                <PORT>
                    <![CDATA[443]]>
                </PORT>
                <SSL_VERIFY_WITH_HOST>
                    <![CDATA[0]]>
                </SSL_VERIFY_WITH_HOST>
                <LOGIN_TYPE>
                    <![CDATA[vault]]>
                </LOGIN_TYPE>
                <DIGITAL_VAULT>
                    <DIGITAL_VAULT_ID>
                        <![CDATA[4980801]]>
                    </DIGITAL_VAULT_ID>
                    <DIGITAL_VAULT_TYPE>
                        <![CDATA[HashiCorp]]>
                    </DIGITAL_VAULT_TYPE>
                    <DIGITAL_VAULT_TITLE>
                        <![CDATA[Nutanix_HashiCorp]]>
                    </DIGITAL_VAULT_TITLE>
                    <VAULT_SECRET_KV_PATH>
                        <![CDATA[/tmp]]>
                    </VAULT_SECRET_KV_PATH>
                    <VAULT_SECRET_KV_NAME>
                        <![CDATA[adnsx]]>
                    </VAULT_SECRET_KV_NAME>
                    <VAULT_USE_AD_HASHICORP>
                        <![CDATA[1]]>
                    </VAULT_USE_AD_HASHICORP>
                </DIGITAL_VAULT>
                <CREATED>
                    <DATETIME>2026-04-07T05:25:48Z</DATETIME>
                    <BY>vmspxtb</BY>
                </CREATED>
                <LAST_MODIFIED>
                    <DATETIME>2026-04-07T05:25:48Z</DATETIME>
                </LAST_MODIFIED>
            </AUTH_NSX>
        </AUTH_NSX_LIST>
    </RESPONSE>
</AUTH_NSX_LIST_OUTPUT>

Sample - Delete VMware NSX authentication record with AD enabledSample - Delete VMware NSX authentication record with AD enabled

API Request

curl --location '<qualys_base_url>/api/3.0/fo/auth/nsx/index.php?action=delete&ids=12426426' \
--header 'X-Requested-With: curl demo2' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Bearer <JWT Token>' \
--data-urlencode 'action=list'

API Response

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "<qualys_base_url>/api/3.0/batch_return.dtd">
<BATCH_RETURN>
    <RESPONSE>
        <DATETIME>2026-04-07T06:29:43Z</DATETIME>
        <BATCH_LIST>
            <BATCH>
                <TEXT>Successfully Deleted</TEXT>
                <ID_SET>
                    <ID>12426426</ID>
                </ID_SET>
            </BATCH>
        </BATCH_LIST>
    </RESPONSE>
</BATCH_RETURN>

DTD OutputDTD Output

A DTD for the Authentication API has been added.
<platform API server>/api/3.0/fo/auth/nsx/auth_nsx_list_output.dtd>

DTD output for the Authentication API is as follows:

DTD Output

<!-- QUALYS AUTH_NSX_LIST_OUTPUT DTD -->
<!ELEMENT AUTH_NSX_LIST_OUTPUT (REQUEST?, RESPONSE)>
<!ELEMENT REQUEST (DATETIME, USER_LOGIN, RESOURCE, PARAM_LIST?, POST_DATA?)>
<!ELEMENT DATETIME (#PCDATA)>
<!ELEMENT USER_LOGIN (#PCDATA)>
<!ELEMENT RESOURCE (#PCDATA)>
<!ELEMENT PARAM_LIST (PARAM+)>
<!ELEMENT PARAM (KEY, VALUE)>
<!ELEMENT KEY (#PCDATA)>
<!ELEMENT VALUE (#PCDATA)>
<!-- if returned, POST_DATA will be urlencoded -->
<!ELEMENT POST_DATA (#PCDATA)>
<!ELEMENT RESPONSE (DATETIME, (AUTH_NSX_LIST|ID_SET)?, WARNING_LIST?, GLOSSARY?)>
<!ELEMENT AUTH_NSX_LIST (AUTH_NSX+)>
<!ELEMENT AUTH_NSX (ID,TITLE,USERNAME?,IP_SET?,TAGS?,PORT?,SSL_VERIFY_WITH_HOST?,HOSTS?,LOGIN_TYPE?,DIGITAL_VAULT?,NETWORK_ID?,CREATED,LAST_MODIFIED,COMMENTS?)>
<!ELEMENT ID (#PCDATA)>
<!ELEMENT TITLE (#PCDATA)>
<!ELEMENT USERNAME (#PCDATA)>
<!ELEMENT IP_SET (IP|IP_RANGE)+>
<!ELEMENT IP (#PCDATA)>
<!ELEMENT IP_RANGE (#PCDATA)>
<!ELEMENT TAGS (TAG_TYPE, TAGS_INCLUDE, TAGS_EXCLUDE?)>
<!ELEMENT TAG_TYPE (#PCDATA)>
<!ELEMENT TAGS_INCLUDE (SELECTOR, TAG+)>
<!ELEMENT SELECTOR (#PCDATA)>
<!ELEMENT TAG (ID, NAME)>
<!ELEMENT NAME (#PCDATA)>
<!ELEMENT TAGS_EXCLUDE (SELECTOR, TAG+)>
<!ELEMENT PORT (#PCDATA)>
<!ELEMENT HOSTS (#PCDATA)>
<!ELEMENT SSL_VERIFY_WITH_HOST (#PCDATA)>
<!ELEMENT LOGIN_TYPE (#PCDATA)>
<!ELEMENT DIGITAL_VAULT (DIGITAL_VAULT_ID, DIGITAL_VAULT_TYPE, DIGITAL_VAULT_TITLE, VAULT_USERNAME?, VAULT_FOLDER?, VAULT_FILE?, VAULT_SECRET_NAME?, VAULT_SYSTEM_NAME?, VAULT_NS_TYPE?, VAULT_NS_NAME?, VAULT_SECRET_KV_PATH?, VAULT_SECRET_KV_NAME?, VAULT_SECRET_KV_KEY?, VAULT_SERVICE_TYPE?, VAULT_USE_AD_HASHICORP?)>
<!ELEMENT DIGITAL_VAULT_ID (#PCDATA)>
<!ELEMENT DIGITAL_VAULT_TYPE (#PCDATA)>
<!ELEMENT DIGITAL_VAULT_TITLE (#PCDATA)>
<!ELEMENT VAULT_USERNAME (#PCDATA)>
<!ELEMENT VAULT_FOLDER (#PCDATA)>
<!ELEMENT VAULT_FILE (#PCDATA)>
<!ELEMENT VAULT_SECRET_NAME (#PCDATA)>
<!ELEMENT VAULT_SYSTEM_NAME (#PCDATA)>
<!ELEMENT VAULT_NS_TYPE (#PCDATA)>
<!ELEMENT VAULT_NS_NAME (#PCDATA)>
<!ELEMENT VAULT_SECRET_KV_PATH (#PCDATA)>
<!ELEMENT VAULT_SECRET_KV_NAME (#PCDATA)>
<!ELEMENT VAULT_SECRET_KV_KEY (#PCDATA)>
<!ELEMENT VAULT_SERVICE_TYPE (#PCDATA)>
<!ELEMENT VAULT_USE_AD_HASHICORP (#PCDATA)>
<!ELEMENT NETWORK_ID (#PCDATA)>
<!ELEMENT CREATED (DATETIME, BY)>
<!ELEMENT BY (#PCDATA)>
<!ELEMENT LAST_MODIFIED (DATETIME)>
<!ELEMENT COMMENTS (#PCDATA)>
<!ELEMENT WARNING_LIST (WARNING+)>
<!ELEMENT WARNING (CODE?, TEXT, URL?, ID_SET?)>
<!ELEMENT CODE (#PCDATA)>
<!ELEMENT TEXT (#PCDATA)>
<!ELEMENT URL (#PCDATA)>
<!ELEMENT ID_SET (ID|ID_RANGE)+>
<!ELEMENT ID_RANGE (#PCDATA)>
<!ELEMENT GLOSSARY (USER_LIST?)>
<!ELEMENT USER_LIST (USER+)>
<!ELEMENT USER (USER_LOGIN, FIRST_NAME, LAST_NAME)>
<!ELEMENT FIRST_NAME (#PCDATA)>
<!ELEMENT LAST_NAME (#PCDATA)>
<!-- EOF -->

Download Saved Report API: Enhanced Scan Report Output for Host Based and Scan Based Reports

New or Updated API	Updated
API Endpoint	/api/2.0/fo/report/ /api/3.0/fo/report/
Method	GET, POST
DTD or XSD changes	Yes

The DTD output for Host‑Based and Scan‑Based reports now includes additional vulnerability metadata in both the API versions (V2.0 and V3.0). When you generate the report using this API, the following elements are now available in the DTD output to support improved risk prioritization and better visibility into vulnerabilities detected through Deep Scan.

Host Based report includes the following elements:
- DEEP_SCAN_RESULT - Indicates findings detected through Deep Scan.
- CVE_IDs - Supports vulnerability identification, which includes kernel live patching.
Host Based and Scan Based report include the element CVSS4_BASE, which provides CVSS V4 base score information.

When you generate Host‑Based or Scan‑Based reports in the CSV format, the following new columns are available:

CVSS4 Base
Deep Scan Results

CVSS V4, Kernel live patch, Deep Scan, and IPv6 will be available in the subsequent release, though they are visible in the DTD Response.

DTD Output for Host Based Scan ReportDTD Output for Host Based Scan Report

DTD output for Host Based Scan Report is as follows:

DTD Output

<!-- QUALYS ASSET DATA REPORT DTD -->
<!ELEMENT ASSET_DATA_REPORT (ERROR | (HEADER, RISK_SCORE_PER_HOST?, HOST_LIST?, GLOSSARY?, NON_RUNNING_KERNELS?, APPENDICES?))>
<!ELEMENT ERROR (#PCDATA)*>
<!ATTLIST ERROR number CDATA #IMPLIED>
<!-- HEADER -->
<!ELEMENT HEADER (COMPANY, USERNAME?, GENERATION_DATETIME, TEMPLATE, TARGET, RISK_SCORE_SUMMARY?)>
<!ELEMENT COMPANY (#PCDATA)>
<!ELEMENT USERNAME (#PCDATA)>
<!ELEMENT GENERATION_DATETIME (#PCDATA)>
<!ELEMENT TEMPLATE (#PCDATA)>
<!ELEMENT TARGET (USER_ASSET_GROUPS?, USER_IP_LIST?, COMBINED_IP_LIST?, ASSET_TAG_LIST?)>
<!ELEMENT USER_ASSET_GROUPS (ASSET_GROUP_TITLE+)>
<!ELEMENT ASSET_GROUP_TITLE (#PCDATA)>
<!ELEMENT USER_IP_LIST (RANGE*)>
<!ELEMENT RANGE (START, END)>
<!ATTLIST RANGE network_id  CDATA #IMPLIED>
<!ELEMENT START (#PCDATA)>
<!ELEMENT END (#PCDATA)>
<!ELEMENT COMBINED_IP_LIST (RANGE*)>
<!ELEMENT ASSET_TAG_LIST (INCLUDED_TAGS, EXCLUDED_TAGS?)>
<!ELEMENT INCLUDED_TAGS (ASSET_TAG*)>
<!ATTLIST INCLUDED_TAGS scope CDATA #IMPLIED>
<!ELEMENT EXCLUDED_TAGS (ASSET_TAG*)>
<!ATTLIST EXCLUDED_TAGS scope CDATA #IMPLIED>
<!-- AVERAGE RISK_SCORE_SUMMARY -->
<!ELEMENT RISK_SCORE_SUMMARY (TOTAL_VULNERABILITIES, AVG_SECURITY_RISK, BUSINESS_RISK)>
<!ELEMENT TOTAL_VULNERABILITIES (#PCDATA)>
<!ELEMENT AVG_SECURITY_RISK (#PCDATA)>
<!ELEMENT BUSINESS_RISK (#PCDATA)>
<!-- RISK_SCORE_PER_HOST -->
<!ELEMENT RISK_SCORE_PER_HOST (HOSTS+)>
<!ELEMENT HOSTS (IP_ADDRESS?, IPV6_ADDRESS?, TOTAL_VULNERABILITIES, SECURITY_RISK)>
<!ELEMENT IP_ADDRESS (#PCDATA)>
<!ELEMENT IPV6_ADDRESS (#PCDATA)>
<!ATTLIST IP_ADDRESS
network_id  CDATA  #IMPLIED
>
<!ATTLIST IPV6_ADDRESS
network_id  CDATA  #IMPLIED
>
<!ELEMENT SECURITY_RISK (#PCDATA)>
<!-- HOST_LIST -->
<!ELEMENT HOST_LIST (HOST+)>
<!ELEMENT HOST (ERROR | (IP?,IPV6?, TRACKING_METHOD, ASSET_TAGS?, HOST_ID, ASSET_ID?,
                         DNS?, NETBIOS?, QG_HOSTID?, CLOUD_PROVIDER?, CLOUD_PROVIDER_SERVICE?, CLOUD_SERVICE?, CLOUD_RESOURCE_TYPE?, CLOUD_RESOURCE_ID?, CLOUD_ACCOUNT?, EC2_INSTANCE_ID?, CLOUD_IMAGE_ID?, IP_INTERFACES?,EC2_INFO?, CLOUD_RESOURCE_METADATA?, AZURE_VM_INFO?, OPERATING_SYSTEM?, OS_CPE?,
                         ARS?,TRURISK_SCORE?, ACS?, ASSET_GROUPS?, VULN_INFO_LIST?))>
<!ELEMENT IP (#PCDATA)>
<!ELEMENT IPV6 (#PCDATA)>
<!ATTLIST IP
 network_id  CDATA  #IMPLIED
 v6  CDATA  #IMPLIED
>
<!ATTLIST IPV6
network_id  CDATA  #IMPLIED
v6  CDATA  #IMPLIED
>
<!ELEMENT TRACKING_METHOD (#PCDATA)>
<!ELEMENT ASSET_TAGS (ASSET_TAG+)>
<!ELEMENT ASSET_TAG (#PCDATA)>
<!ELEMENT HOST_ID (#PCDATA)>
<!ELEMENT ASSET_ID (#PCDATA)>
<!ELEMENT DNS (#PCDATA)>
<!ELEMENT NETBIOS (#PCDATA)>
<!ELEMENT QG_HOSTID (#PCDATA)>
<!ELEMENT CLOUD_PROVIDER (#PCDATA)>
<!ELEMENT CLOUD_PROVIDER_SERVICE (#PCDATA)>
<!ELEMENT CLOUD_SERVICE (#PCDATA)>
<!ELEMENT CLOUD_RESOURCE_TYPE (#PCDATA)>
<!ELEMENT CLOUD_RESOURCE_ID (#PCDATA)>
<!ELEMENT CLOUD_ACCOUNT (#PCDATA)>
<!ELEMENT EC2_INSTANCE_ID (#PCDATA)>
<!ELEMENT CLOUD_IMAGE_ID (#PCDATA)>
<!ELEMENT IP_INTERFACES (IP*)>
<!ELEMENT EC2_INFO (PUBLIC_DNS_NAME?,IMAGE_ID?,VPC_ID?,INSTANCE_STATE?,PRIVATE_DNS_NAME?,INSTANCE_TYPE?, ACCOUNT_ID?, REGION_CODE?, SUBNET_ID?)>
<!ELEMENT CLOUD_RESOURCE_METADATA (INSTANCE_ID?, PUBLIC_DNS_NAME?, VM_ID?, VM_NAME?, PLATFORM?, HOST_NAME?, MACHINE_TYPE?,
        MACHINE_STATE?, PROJECT_ID?, PUBLIC_IP_ADDRESS?, VPC_NETWORK?, ZONE?, IMAGE_OFFER?, IMAGE_PUBLISHER?,
        IMAGE_VERSION?, SUBNET?, VM_STATE?, PRIVATE_IP_ADDRESS?, IMAGE_ID?, SPOT_INSTANCE?, AVAILABILITY_ZONE?, VPC_ID?, GROUP_ID?, GROUP_NAME?,
        LOCAL_HOSTNAME?, INSTANCE_STATE?, PRIVATE_DNS_NAME?, INSTANCE_TYPE?, ACCOUNT_ID?, REGION_CODE?, SUBNET_ID?, RESERVATION_ID?,
        SIZE?, SUBSCRIPTION_ID?, LOCATION?, RESOURCE_GROUP_NAME?, MAC_ADDRESS?)>
<!ELEMENT AZURE_VM_INFO (PUBLIC_IP_ADDRESS?,IMAGE_OFFER?,IMAGE_VERSION?,SUBNET?,VM_STATE?,PRIVATE_IP_ADDRESS?,SIZE?, SUBSCRIPTION_ID?, LOCATION?, RESOURCE_GROUP_NAME?)>
<!ELEMENT INSTANCE_ID (#PCDATA)>
<!ELEMENT PUBLIC_DNS_NAME (#PCDATA)>
<!ELEMENT IMAGE_ID (#PCDATA)>
<!ELEMENT SPOT_INSTANCE (#PCDATA)>
<!ELEMENT AVAILABILITY_ZONE (#PCDATA)>
<!ELEMENT VPC_ID (#PCDATA)>
<!ELEMENT GROUP_ID (#PCDATA)>
<!ELEMENT GROUP_NAME (#PCDATA)>
<!ELEMENT INSTANCE_STATE (#PCDATA)>
<!ELEMENT LOCAL_HOSTNAME (#PCDATA)>
<!ELEMENT PRIVATE_DNS_NAME (#PCDATA)>
<!ELEMENT INSTANCE_TYPE (#PCDATA)>
<!ELEMENT ACCOUNT_ID (#PCDATA)>
<!ELEMENT REGION_CODE (#PCDATA)>
<!ELEMENT SUBNET_ID (#PCDATA)>
<!ELEMENT RESERVATION_ID (#PCDATA)>
<!ELEMENT MAC_ADDRESS (#PCDATA)>
<!ELEMENT OPERATING_SYSTEM (#PCDATA)>
<!ELEMENT VM_ID (#PCDATA)>
<!ELEMENT VM_NAME (#PCDATA)>
<!ELEMENT PLATFORM (#PCDATA)>
<!ELEMENT HOST_NAME (#PCDATA)>
<!ELEMENT MACHINE_TYPE (#PCDATA)>
<!ELEMENT MACHINE_STATE (#PCDATA)>
<!ELEMENT PROJECT_ID (#PCDATA)>
<!ELEMENT PUBLIC_IP_ADDRESS (#PCDATA)>
<!ELEMENT VPC_NETWORK (#PCDATA)>
<!ELEMENT ZONE (#PCDATA)>
<!ELEMENT IMAGE_OFFER (#PCDATA)>
<!ELEMENT IMAGE_PUBLISHER (#PCDATA)>
<!ELEMENT IMAGE_VERSION (#PCDATA)>
<!ELEMENT SUBNET (#PCDATA)>
<!ELEMENT VM_STATE (#PCDATA)>
<!ELEMENT PRIVATE_IP_ADDRESS (#PCDATA)>
<!ELEMENT SIZE (#PCDATA)>
<!ELEMENT SUBSCRIPTION_ID (#PCDATA)>
<!ELEMENT LOCATION (#PCDATA)>
<!ELEMENT RESOURCE_GROUP_NAME (#PCDATA)>
<!ELEMENT OS_CPE (#PCDATA)>
<!ELEMENT ARS (#PCDATA)>
<!ELEMENT TRURISK_SCORE (#PCDATA)>
<!ELEMENT ACS (#PCDATA)>
<!ELEMENT ASSET_GROUPS (ASSET_GROUP_TITLE+)>
<!ELEMENT VULN_INFO_LIST (VULN_INFO+)>
<!ELEMENT VULN_INFO (QID, TYPE, PORT?, SERVICE?, FQDN?, PROTOCOL?, SSL?, INSTANCE?,
                     RESULT?, DEEP_SCAN_RESULT?, FIRST_FOUND?, LAST_FOUND?, TIMES_FOUND?,
                     VULN_STATUS?, LAST_FIXED?, FIRST_REOPENED?, LAST_REOPENED?, TIMES_REOPENED?, , CVE_IDS?, CVSS_FINAL?, CVSS3_FINAL?, CVSS3_VERSION?, TICKET_NUMBER?, TICKET_STATE?, ASSET_CVE?, QDS?,
                     VULNERABILITY_DETECTION_SOURCES?, LATEST_VULNERABILITY_DETECTION_SOURCE?)>
<!ELEMENT QID (#PCDATA)>
<!ATTLIST QID id CDATA #REQUIRED>
<!ELEMENT TYPE (#PCDATA)>
<!ELEMENT PORT (#PCDATA)>
<!ELEMENT SERVICE (#PCDATA)>
<!ELEMENT FQDN (#PCDATA)>
<!ELEMENT PROTOCOL (#PCDATA)>
<!ELEMENT SSL (#PCDATA)>
<!ELEMENT RESULT (#PCDATA)>
<!ATTLIST RESULT format CDATA #IMPLIED>
<!ELEMENT DEEP_SCAN_RESULT (#PCDATA)>
<!ATTLIST DEEP_SCAN_RESULT format CDATA #IMPLIED>
<!ELEMENT FIRST_FOUND (#PCDATA)>
<!ELEMENT LAST_FOUND (#PCDATA)>
<!ELEMENT TIMES_FOUND (#PCDATA)>
<!-- Note: VULN_STATUS is N/A for IGs -->
<!ELEMENT VULN_STATUS (#PCDATA)>
<!ELEMENT ASSET_CVE (#PCDATA)>
<!ELEMENT LAST_FIXED (#PCDATA)>
<!ELEMENT FIRST_REOPENED (#PCDATA)>
<!ELEMENT LAST_REOPENED (#PCDATA)>
<!ELEMENT TIMES_REOPENED (#PCDATA)>
<!ELEMENT CVE_IDS (#PCDATA)>
<!ELEMENT CVSS_FINAL (#PCDATA)>
<!ELEMENT CVSS3_FINAL (#PCDATA)>
<!ELEMENT TICKET_NUMBER (#PCDATA)>
<!ELEMENT TICKET_STATE (#PCDATA)>
<!ELEMENT QDS (#PCDATA)>
<!ELEMENT VULNERABILITY_DETECTION_SOURCES (#PCDATA)>
<!ELEMENT LATEST_VULNERABILITY_DETECTION_SOURCE (#PCDATA)>
<!ELEMENT INSTANCE (#PCDATA)>
<!-- GLOSSARY -->
<!ELEMENT GLOSSARY (VULN_DETAILS_LIST)>
<!ELEMENT VULN_DETAILS_LIST (VULN_DETAILS+)>
<!ELEMENT VULN_DETAILS (QID, TITLE, SEVERITY, SOURCE?, CATEGORY,
                        CUSTOMIZED?, THREAT, THREAT_COMMENT?, IMPACT, IMPACT_COMMENT?,
                        SOLUTION, SOLUTION_COMMENT?, COMPLIANCE?, CORRELATION?, PCI_FLAG, LAST_UPDATE?,
                        CVSS_SCORE?, CVSS3_SCORE?, CVSS4_SCORE?, VENDOR_REFERENCE_LIST?, CVE_ID_LIST?, BUGTRAQ_ID_LIST?)>
<!ATTLIST VULN_DETAILS id ID #REQUIRED>
<!ELEMENT TITLE (#PCDATA)>
<!ELEMENT SEVERITY (#PCDATA)>
<!ELEMENT SOURCE (#PCDATA)>
<!ELEMENT CATEGORY (#PCDATA)>
<!ELEMENT CUSTOMIZED (DISABLED?, CUSTOM_SEVERITY?)>
<!ELEMENT DISABLED (#PCDATA)>
<!ELEMENT CUSTOM_SEVERITY (#PCDATA)>
<!ELEMENT THREAT (#PCDATA)>
<!ELEMENT THREAT_COMMENT (#PCDATA)>
<!ELEMENT IMPACT (#PCDATA)>
<!ELEMENT IMPACT_COMMENT (#PCDATA)>
<!ELEMENT SOLUTION (#PCDATA)>
<!ELEMENT SOLUTION_COMMENT (#PCDATA)>
<!ELEMENT PCI_FLAG (#PCDATA)>
<!ELEMENT CORRELATION (EXPLOITABILITY?, MALWARE?)>
<!ELEMENT EXPLOITABILITY (EXPLT_SRC)+>
<!ELEMENT EXPLT_SRC (SRC_NAME, EXPLT_LIST)>
<!ELEMENT SRC_NAME (#PCDATA)>
<!ELEMENT EXPLT_LIST (EXPLT)+>
<!ELEMENT EXPLT (REF, DESC, LINK?)>
<!ELEMENT REF (#PCDATA)>
<!ELEMENT DESC (#PCDATA)>
<!ELEMENT LINK (#PCDATA)>
<!ELEMENT MALWARE (MW_SRC)+>
<!ELEMENT MW_SRC (SRC_NAME, MW_LIST)>
<!ELEMENT MW_LIST (MW_INFO)+>
<!ELEMENT MW_INFO (MW_ID, MW_TYPE?, MW_PLATFORM?, MW_ALIAS?, MW_RATING?, MW_LINK?)>
<!ELEMENT MW_ID (#PCDATA)>
<!ELEMENT MW_TYPE (#PCDATA)>
<!ELEMENT MW_PLATFORM (#PCDATA)>
<!ELEMENT MW_ALIAS (#PCDATA)>
<!ELEMENT MW_RATING (#PCDATA)>
<!ELEMENT MW_LINK (#PCDATA)>
<!ELEMENT LAST_UPDATE (#PCDATA)>
<!ELEMENT CVSS_SCORE (CVSS_BASE?, CVSS_TEMPORAL?)>
<!ELEMENT CVSS_BASE (#PCDATA)>
<!ATTLIST CVSS_BASE
    source CDATA #IMPLIED
>
<!ELEMENT CVSS_TEMPORAL (#PCDATA)>
<!ELEMENT CVSS3_SCORE (CVSS3_BASE?, CVSS3_TEMPORAL?, CVSS3_VERSION?)>
<!ELEMENT CVSS3_BASE (#PCDATA)>
<!ELEMENT CVSS3_TEMPORAL (#PCDATA)>
<!ELEMENT CVSS3_VERSION (#PCDATA)>
<!ELEMENT CVSS4_SCORE (CVSS4_BASE?)>
<!ELEMENT CVSS4_BASE (#PCDATA)>
<!ELEMENT VENDOR_REFERENCE_LIST (VENDOR_REFERENCE+)>
<!ELEMENT VENDOR_REFERENCE (ID,URL)>
<!ELEMENT ID (#PCDATA)>
<!ELEMENT URL (#PCDATA)>
<!ELEMENT CVE_ID_LIST (CVE_ID+)>
<!ELEMENT CVE_ID (ID,URL)>
<!ELEMENT BUGTRAQ_ID_LIST (BUGTRAQ_ID+)>
<!ELEMENT BUGTRAQ_ID (ID,URL)>
<!ELEMENT COMPLIANCE (COMPLIANCE_INFO+)>
<!ELEMENT COMPLIANCE_INFO (COMPLIANCE_TYPE, COMPLIANCE_SECTION, COMPLIANCE_DESCRIPTION)>
<!ELEMENT COMPLIANCE_TYPE (#PCDATA)>
<!ELEMENT COMPLIANCE_SECTION (#PCDATA)>
<!ELEMENT COMPLIANCE_DESCRIPTION (#PCDATA)>
<!-- APPENDICES -->
<!ELEMENT APPENDICES (NO_RESULTS?, NO_VULNS?, TEMPLATE_DETAILS?)>
<!ELEMENT NO_RESULTS (IP_LIST)>
<!ELEMENT IP_LIST (RANGE*)>
<!ELEMENT NO_VULNS (IP_LIST)>
<!ELEMENT TEMPLATE_DETAILS (VULN_LISTS?, SELECTIVE_VULNS?, EXCLUDED_VULN_LISTS?, EXCLUDED_VULNS?, RESULTING_VULNS?, FILTER_SUMMARY?, EXCLUDED_CATEGORIES?)>
<!ELEMENT VULN_LISTS (#PCDATA)>
<!ELEMENT SELECTIVE_VULNS (#PCDATA)>
<!ELEMENT EXCLUDED_VULN_LISTS (#PCDATA)>
<!ELEMENT EXCLUDED_VULNS (#PCDATA)>
<!ELEMENT RESULTING_VULNS (#PCDATA)>
<!ELEMENT FILTER_SUMMARY (#PCDATA)>
<!ELEMENT EXCLUDED_CATEGORIES (#PCDATA)>
<!ELEMENT NON_RUNNING_KERNELS (NON_RUNNING_KERNEL*)>
<!ELEMENT NON_RUNNING_KERNEL (NRK_QID*, IP*, SEVERITY*)>
<!ELEMENT NRK_QID (#PCDATA)>

DTD Output for Scan Based Scan ReportDTD Output for Scan Based Scan Report

DTD output for Scan Based Scan Report API is as follows:

DTD Output

<!-- QUALYS SCAN DTD -->
<!ELEMENT SCAN ((HEADER | ERROR | IP | IPV6)+)>
<!ATTLIST SCAN
    value CDATA #REQUIRED
>
<!ELEMENT ERROR (#PCDATA)>
<!ATTLIST ERROR
    number CDATA #IMPLIED
>
<!-- INFORMATION ABOUT THE SCAN -->
<!ELEMENT HEADER (KEY+, ASSET_GROUPS?, ASSET_TAG_LIST?, OPTION_PROFILE?)>
<!ELEMENT KEY (#PCDATA)>
<!ATTLIST KEY
    value CDATA #IMPLIED
>
<!-- NAME of the asset group with the TYPE attribute with possible values of (DEFAULT | EXTERNAL | ISCANNER) -->
<!ELEMENT ASSET_GROUP (ASSET_GROUP_TITLE)>
<!ELEMENT ASSET_GROUPS (ASSET_GROUP+)?>
<!ELEMENT ASSET_GROUP_TITLE (#PCDATA)>
<!ELEMENT OPTION_PROFILE (OPTION_PROFILE_TITLE)>
<!ELEMENT OPTION_PROFILE_TITLE (#PCDATA)>
<!ATTLIST OPTION_PROFILE_TITLE
    option_profile_default CDATA #IMPLIED
>
<!-- TAGSET -->
<!ELEMENT ASSET_TAG_LIST (INCLUDED_TAGS?, EXCLUDED_TAGS?)?>
<!ELEMENT INCLUDED_TAGS (ASSET_TAG+)>
<!ELEMENT EXCLUDED_TAGS (ASSET_TAG+)>
<!ELEMENT ASSET_TAG (#PCDATA)>
<!ATTLIST INCLUDED_TAGS scope (any|all) #REQUIRED>
<!ATTLIST EXCLUDED_TAGS scope (any|all) #REQUIRED>
<!-- IP -->
<!ELEMENT IP (OS?, OS_CPE?, NETBIOS_HOSTNAME?, INFOS?, SERVICES?, VULNS?, PRACTICES?, NETWORK?)?>
<!ATTLIST IP
    value CDATA #REQUIRED
    name CDATA #IMPLIED
    status CDATA #IMPLIED
>
<!ELEMENT IPV6 (OS?, OS_CPE?, NETBIOS_HOSTNAME?, INFOS?, SERVICES?, VULNS?, PRACTICES?, NETWORK?)?>
<!ATTLIST IPV6
value CDATA #REQUIRED
name CDATA #IMPLIED
status CDATA #IMPLIED
>
<!ELEMENT OS (#PCDATA)>
<!ELEMENT NETWORK (#PCDATA)>
<!ELEMENT OS_CPE (#PCDATA)>
<!ELEMENT NETBIOS_HOSTNAME (#PCDATA)>
<!-- CATEGORIES OF INFO, SERVICE, VULN or PRACTICE -->
<!ELEMENT CAT (INFO+ | SERVICE+ | VULN+ | PRACTICE+)?>
<!ATTLIST CAT
    value CDATA #REQUIRED
    fqdn CDATA #IMPLIED
    port CDATA #IMPLIED
    protocol CDATA #IMPLIED
    misc CDATA #IMPLIED
>
<!-- IP INFORMATIONS -->
<!ELEMENT INFOS (CAT+)?>
<!ELEMENT INFO (TITLE, LAST_UPDATE?, PCI_FLAG, INSTANCE?,
                VENDOR_REFERENCE_LIST?, CVE_ID_LIST?, BUGTRAQ_ID_LIST?,
                DIAGNOSIS?, DIAGNOSIS_COMMENT?, CONSEQUENCE?, CONSEQUENCE_COMMENT?,
                SOLUTION?, SOLUTION_COMMENT?, COMPLIANCE?, CORRELATION?,
                RESULT?, RESULT_ERRORS?, RESULT_DEBUG?)>
<!ATTLIST INFO
    severity CDATA #IMPLIED
    standard-severity CDATA #IMPLIED
    number CDATA #IMPLIED
>
<!-- MAP OF SERVICES -->
<!ELEMENT SERVICES (CAT+)?>
<!ELEMENT SERVICE (TITLE, LAST_UPDATE?, PCI_FLAG, INSTANCE?,
                   VENDOR_REFERENCE_LIST?, CVE_ID_LIST?, BUGTRAQ_ID_LIST?,
                   DIAGNOSIS?, DIAGNOSIS_COMMENT?, CONSEQUENCE?, CONSEQUENCE_COMMENT?,
                   SOLUTION?, SOLUTION_COMMENT?, COMPLIANCE?, CORRELATION?, RESULT?)>
<!ATTLIST SERVICE
    severity CDATA #REQUIRED
    standard-severity CDATA #IMPLIED
    number CDATA #IMPLIED
>
<!-- VULNERABILITIES -->
<!ELEMENT VULNS (CAT+)?>
<!ELEMENT VULN (TITLE, LAST_UPDATE?, CVSS_BASE?, CVSS_TEMPORAL?, CVSS3_BASE?, CVSS3_TEMPORAL?, CVSS3_VERSION?, CVSS4_BASE?, PCI_FLAG, INSTANCE?,
                VENDOR_REFERENCE_LIST?, CVE_ID_LIST?, BUGTRAQ_ID_LIST?,
                DIAGNOSIS?, DIAGNOSIS_COMMENT?, CONSEQUENCE?, CONSEQUENCE_COMMENT?,
                SOLUTION?, SOLUTION_COMMENT?, COMPLIANCE?, CORRELATION?,
                RESULT?, RESULT_ERRORS?, RESULT_DEBUG?)>
<!-- number is Qualys numeric ID -->
<!-- cveid is the CVE identification code (if any) -->
<!-- severity is Qualys severity level 1 to 5 (possibly customized)  -->
<!-- standard-severity is the original Qualys severity level 1 to 5 if it has been customized by the user -->
<!ATTLIST VULN
    number CDATA #REQUIRED
    cveid CDATA #IMPLIED
    severity CDATA #REQUIRED
    standard-severity CDATA #IMPLIED
>
<!-- Required Element -->
<!ELEMENT TITLE (#PCDATA)>
<!-- Optional Elements -->
<!ELEMENT LAST_UPDATE (#PCDATA)>
<!ELEMENT CVSS_BASE (#PCDATA)>
<!ATTLIST CVSS_BASE
    source CDATA #IMPLIED
>
<!ELEMENT CVSS_TEMPORAL (#PCDATA)>
<!ELEMENT CVSS3_BASE (#PCDATA)>
<!ELEMENT CVSS3_TEMPORAL (#PCDATA)>
<!ELEMENT CVSS3_VERSION (#PCDATA)>
<!ELEMENT CVSS4_BASE (#PCDATA)>
<!ELEMENT PCI_FLAG (#PCDATA)>
<!ELEMENT VENDOR_REFERENCE_LIST (VENDOR_REFERENCE+)?>
<!ELEMENT VENDOR_REFERENCE (ID,URL)>
<!ELEMENT ID (#PCDATA)>
<!ELEMENT URL (#PCDATA)>
<!ELEMENT CVE_ID_LIST (CVE_ID+)?>
<!ELEMENT CVE_ID (ID,URL)>
<!ELEMENT BUGTRAQ_ID_LIST (BUGTRAQ_ID+)?>
<!ELEMENT BUGTRAQ_ID (ID,URL)>
<!ELEMENT DIAGNOSIS (#PCDATA)>
<!ELEMENT DIAGNOSIS_COMMENT (#PCDATA)>
<!ELEMENT CONSEQUENCE (#PCDATA)>
<!ELEMENT CONSEQUENCE_COMMENT (#PCDATA)>
<!ELEMENT SOLUTION (#PCDATA)>
<!ELEMENT SOLUTION_COMMENT (#PCDATA)>
<!ELEMENT COMPLIANCE (COMPLIANCE_INFO+)?>
<!ELEMENT COMPLIANCE_INFO (COMPLIANCE_TYPE, COMPLIANCE_SECTION, COMPLIANCE_DESCRIPTION)>
<!ELEMENT COMPLIANCE_TYPE (#PCDATA)>
<!ELEMENT COMPLIANCE_SECTION (#PCDATA)>
<!ELEMENT COMPLIANCE_DESCRIPTION (#PCDATA)>
<!ELEMENT CORRELATION (EXPLOITABILITY?,MALWARE?)?>
<!ELEMENT EXPLOITABILITY (EXPLT_SRC+)?>
<!ELEMENT EXPLT_SRC (SRC_NAME, EXPLT_LIST)>
<!ELEMENT SRC_NAME (#PCDATA)>
<!ELEMENT EXPLT_LIST (EXPLT)+>
<!ELEMENT EXPLT (REF, DESC, LINK?)>
<!ELEMENT REF (#PCDATA)>
<!ELEMENT DESC (#PCDATA)>
<!ELEMENT LINK (#PCDATA)>
<!ELEMENT MALWARE (MW_SRC+)?>
<!ELEMENT MW_SRC (SRC_NAME, MW_LIST)>
<!ELEMENT MW_LIST (MW_INFO+)?>
<!ELEMENT MW_INFO (MW_ID, MW_TYPE?, MW_PLATFORM?, MW_ALIAS?, MW_RATING?, MW_LINK?)?>
<!ELEMENT MW_ID (#PCDATA)>
<!ELEMENT MW_TYPE (#PCDATA)>
<!ELEMENT MW_PLATFORM (#PCDATA)>
<!ELEMENT MW_ALIAS (#PCDATA)>
<!ELEMENT MW_RATING (#PCDATA)>
<!ELEMENT MW_LINK (#PCDATA)>
<!ELEMENT INSTANCE (#PCDATA)>
<!-- if format is set to "table" -->
<!-- tab '\t' is the col separator -->
<!-- and new line '\n' is the end of row -->
<!ELEMENT RESULT (#PCDATA)>
<!ATTLIST RESULT format CDATA #IMPLIED>
<!ELEMENT RESULT_ERRORS (#PCDATA)>
<!ELEMENT RESULT_DEBUG (#PCDATA)>
<!-- SECURITY TIPS -->
<!ELEMENT PRACTICES (CAT+)?>
<!ELEMENT PRACTICE (TITLE, LAST_UPDATE?, CVSS_BASE?, CVSS_TEMPORAL?, CVSS3_BASE?, CVSS3_TEMPORAL?, CVSS3_VERSION?, CVSS4_BASE?, PCI_FLAG, INSTANCE?,
                    VENDOR_REFERENCE_LIST?, CVE_ID_LIST?, BUGTRAQ_ID_LIST?,
                    DIAGNOSIS?, DIAGNOSIS_COMMENT?, CONSEQUENCE?, CONSEQUENCE_COMMENT?,
                    SOLUTION?, SOLUTION_COMMENT?, COMPLIANCE?, CORRELATION?,
                    RESULT?, RESULT_ERRORS?, RESULT_DEBUG?)>
<!ATTLIST PRACTICE
    number CDATA #REQUIRED
    cveid CDATA #IMPLIED
    severity CDATA #REQUIRED
    standard-severity CDATA #IMPLIED
>
<!-- EOF -->

Host Detection List API: Extended EOL Timelines

With this release, we have extended the End of Life (EOL) dates for VM detection API from June 2026 to June 2027.

The updated timeline provides additional year of stability, allowing you to continue using existing integrations without any immediate migration efforts and mor time to plan and adopt upgraded versions of the API.

API Endpoint	End Of Life (EOL)
/api/2.0/fo/asset/host/vm/detection/index.php	June 2027
/api/3.0/fo/asset/host/vm/detection/index.php	June 2027
/api/4.0/fo/asset/host/vm/detection/index.php	June 2027

Extended EOL Timelines for API Endpoints

With this release, we have extended the End of Life (EOL) dates from June 2026 to December 2026 for the below list of APIs.

The updated timeline provides additional time for you to transition from the legacy APIs to the recommended newer versions.

Extended EOL Timelines for API EndpointsExtended EOL Timelines for API Endpoints

Category	API Name	API Endpoint (Previous Version)	EOL (End Of Life)	Recommended API Endpoint (Latest Version)Knowledge Base
Knowledge Base	Knowledge Base Vulnerability API	/api/2.0/fo/knowledge_base/vuln/index.php	December 2026	/api/4.0/fo/knowledge_base/vuln/index.php
Knowledge Base	Knowledge Base QVS API	/api/2.0/fo/knowledge_base/qvs/index.php	December 2026	/api/3.0/fo/knowledge_base/qvs/index.php
Option Profile	Option Profile API	/api/2.0/fo/subscription/option_profile/index.php	December 2026	/api/6.0/fo/subscription/option_profile/index.php
		/api/3.0/fo/subscription/option_profile/index.php	December 2026	/api/6.0/fo/subscription/option_profile/index.php
		/api/4.0/fo/subscription/option_profile/index.php	December 2026	/api/6.0/fo/subscription/option_profile/index.php
Option Profile	VM Option Profile API	/api/2.0/fo/subscription/option_profile/vm/index.php	December 2026	/api/4.0/fo/subscription/option_profile/vm/index.php
Option Profile	VM Option Profile API	/api/3.0/fo/subscription/option_profile/vm/index.php	December 2026	/api/4.0/fo/subscription/option_profile/vm/index.php
Option Profile	PC Option Profile API	/api/2.0/fo/subscription/option_profile/pc/index.php	December 2026	/api/5.0/fo/subscription/option_profile/pc/index.php
		/api/3.0/fo/subscription/option_profile/pc/index.php	December 2026	/api/5.0/fo/subscription/option_profile/pc/index.php
		/api/4.0/fo/subscription/option_profile/pc/index.php	December 2026	/api/5.0/fo/subscription/option_profile/pc/index.php
Report	Report Template Scan API	/api/2.0/fo/report/template/scan/index.php	December 2026	/api/4.0/fo/report/template/scan/index.php
Report	Report Template Scan API	/api/3.0/fo/report/template/scan/index.php	December 2026	/api/4.0/fo/report/template/scan/index.php
Report	Report API	/api/2.0/fo/report/index.php	December 2026	/api/3.0/fo/report/index.php
Exception	Compliance Exception	/api/2.0/fo/compliance/exception/index.php	December 2026	/api/3.0/fo/compliance/exception/index.php
Asset	Asset Host API	/api/2.0/fo/asset/host/index.php	December 2026	/api/5.0/fo/asset/host/index.php
		/api/3.0/fo/asset/host/index.php	December 2026	/api/5.0/fo/asset/host/index.php
		/api/4.0/fo/asset/host/index.php	December 2026	/api/5.0/fo/asset/host/index.php
Scan	Schedule Scan API	/api/2.0/fo/schedule/scan/index.php	December 2026	/api/5.0/fo/schedule/scan/index.php
		/api/3.0/fo/schedule/scan/index.php	December 2026	/api/5.0/fo/schedule/scan/index.php
		/api/4.0/fo/schedule/scan/index.php	December 2026	/api/5.0/fo/schedule/scan/index.php
Scan	Scan API	/api/2.0/fo/scan/index.php	December 2026	/api/3.0/fo/scan/index.php
Scan	Cloud Perimeter Scan API	/api/2.0/fo/scan/cloud/perimeter/job/index.php	December 2026	/api/4.0/fo/scan/cloud/perimeter/job/index.php
Scan	Cloud Perimeter Scan API	/api/3.0/fo/scan/cloud/perimeter/job/index.php	December 2026	/api/4.0/fo/scan/cloud/perimeter/job/index.php
Control	Control List	/api/2.0/fo/compliance/control/index.php	December 2026	/api/4.0/fo/compliance/control/index.php
Control	Control List	/api/3.0/fo/compliance/control/index.php	December 2026	/api/4.0/fo/compliance/control/index.php
Policy	Policy	/api/2.0/fo/compliance/policy/index.php	December 2026	/api/4.0/fo/compliance/policy/index.php
Policy	Policy	/api/3.0/fo/compliance/policy/index.php	december 2026	/api/4.0/fo/compliance/policy/index.php
Authentication	MySQL Authentication	/api/2.0/fo/auth/mysql/index.php	December 2026	/api/3.0/fo/auth/mysql/index.php
Authentication	Sybase Authentication	/api/2.0/fo/auth/sybase/index.php	December 2026	/api/3.0/fo/auth/sybase/index.php
Authentication	Authentication API	/api/2.0/fo/auth/index.php	December 2026	/api/3.0/fo/auth/index.php

Issues Addressed

The following reported and notable customer issues are fixed in this release:

Component/Category	Application	Description
VM - Auth API	Vulnerability Management	When users attempted to create multiple Windows domain authentication records using the API with the same domain but different networks, the request failed with an 'already exists' error, even though this configuration is valid and worked when performed through the UI. This issue has been resolved so that domain authentication records can now be created and updated correctly across different networks using the API, while existing validation behavior remains unchanged for same‑network or non‑network‑supported scenarios.
VM - Scan API	Vulnerability Management	When users retrieved scan results using the /api/2.0/fo/scan/?action=fetch endpoint, the response included two additional columns, Result Errors and Result Debug, that were not documented, leading to confusion. This behavior occurs only for subscriptions where the QRDI feature is enabled. The documentation has now been updated to include these additional columns in both the brief and extended scan result outputs when QRDI is enabled, ensuring the API output aligns with customer expectations.
VM - Host List Detection API	Vulnerability Management	When users launched Host List Detection API by excluding the host_metadata input parameter and status set to fixed, the API returned malformed CSV output with misaligned columns. The issue has now been resolved, and the CSV output is generated with correctly aligned columns. Impacted API: /api/2.0/fo/asset/host/vm/detection/
Integrations - Splunk	Vulnerability Management	When users launched the Host List Detection API endpoint with the vuln_detection_source input parameter set to 1, an error occurred while processing the API response. When the application continuously retried the same API calls, repeatedly encountered the same error, and received no new data. This issue has been resolved, and the API output is now processed successfully, allowing data to be received as expected. Impacted API: /api/4.0/fo/asset/host/vm/detection/

Last updated: May, 2026