When you download web application scan results using the WAS API, you’ll want to view vulnerability descriptions from the Qualys KnowledgeBase in order to understand the vulnerabilities detected and see our recommended solutions. You can do this programmatically using the KnowledgeBase API (api/2.0/fo/knowledge_base/vuln/?action=list). This API function is part of the Qualys API and it’s described in the Qualys API (VM, SCA, PC) User Guide (click here to download the latest version)
When filter parameters are specified, these parameters are ANDed
|
Parameter |
Mandatory/ Optional |
Data Type |
Description |
|---|---|---|---|
| action=list | Required | list | A flag used to request the download of vulnerability data from the KnowledgeBase. |
| echo_request={0|1} |
Optional |
integer |
Show (echo) the request’s input parameters (names and values) in the XML output. When unspecified, parameters are not included in the XML output. Specify 1 to view parameters in the output |
|
details={Basic|All|None} |
Optional |
integer |
Show the requested amount of information for each vulnerability in the XML output. A valid value is: Basic (default), All, or None. Basic includes basic elements plus CVSS Base and Temporal scores. All includes all vulnerability details, including the Basic details. |
|
ids={value} |
Optional |
Used to filter the XML output to include only vulnerabilities that have QID numbers matching the QID numbers you specify. |
|
|
id_min={value} |
Optional |
Used to filter the XML output to show only vulnerabilities that have a QID number greater than or equal to a QID number you specify. |
|
|
id_max={value} |
Used to filter the XML output to show only vulnerabilities that have a QID number less than or equal to a QID number you specify. | ||
|
is_patchable={0|1} |
Used to filter the XML output to show only vulnerabilities that are patchable or not patchable. A vulnerability is considered patchable when a patch exists for it. When 1 is specified, only vulnerabilities that are patchable will be included in the output. When 0 is specified, only vulnerabilities that are not patchable will be included in the output. When unspecified, patchable and unpatchable vulnerabilities will be included in the output. | ||
|
last_modified_after={date} |
date | Used to filter the XML output to show only vulnerabilities last modified after a certain date and time. When specified vulnerabilities last modified by a user or by the service will be shown. The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT). | |
|
last_modified_ before={date} |
date | Used to filter the XML output to show only vulnerabilities last modified before a certain date and time. When specified vulnerabilities last modified by a user or by the service will be shown. The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT). | |
|
last_modified_by_ user_after={date} |
date | Used to filter the XML output to show only vulnerabilities last modified by a user after a certain date and time. The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT). | |
|
last_modified_by_ user_before={date} |
date | Used to filter the XML output to show only vulnerabilities last modified by a user before a certain date and time. The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT). | |
|
last_modified_by_ service_after={date} |
date | Used to filter the XML output to show only vulnerabilities last modified by the service after a certain date and time. The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT). | |
|
last_modified_by_ service_before={date} |
date | Used to filter the XML output to show only vulnerabilities last modified by the service before a certain date and time. The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT). | |
|
published_after={date} |
date | Used to filter the XML output to show only vulnerabilities published after a certain date and time. The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT). | |
|
published_before={date} |
date | Used to filter the XML output to show only vulnerabilities published before a certain date and time. The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT). | |
|
discovery_method={value} |
Used to filter the XML output to show only vulnerabilities assigned a certain discovery method. A valid value is: Remote, Authenticated, RemoteOnly, AuthenticatedOnly, or RemoteAndAuthenticated.
When “Authenticated” is specified, the service shows vulnerabilities that have at least one associated authentication type. Vulnerabilities that have at least one authentication type can be detected in two ways: 1) remotely without using authentication, and 2) using authentication. |
||
|
discovery_auth_types={value} |
Used to filter the XML output to show only vulnerabilities having one or more authentication types. A valid value is: Windows, Oracle, Unix or SNMP. Multiple values are entered as a comma-separated list. | ||
|
show_pci_reasons={0|1} |
boolean | Used to filter the XML output to show reasons for passing or failing PCI compliance (when the CVSS Scoring feature is turned on in the user’s subscription). Specify 1 to view the reasons in the XML output. When unspecified, the reasons are not included in the XML output. |
API request
curl -u "user:password" -H "X-Requested-With: Curl" -X "POST"
-d "action=list" "<qualys_base_url>/api/2.0/fo/knowledge_base/vuln/" > output.txt
API request
curl -u "user:password" -H "X-Requested-With: Curl" -X "POST"
-d "action=list&ids=1-200&is_patchable=1&details=All" "<qualys_base_url>/api/2.0/fo/knowledge_base/vuln/" > output.txt
API request
curl -u "user:password" -H "X-Requested-With: Curl" -X "POST"
-d "action=list&last_modified_by_service_after=2018-07-20
&discovery_method=RemoteAndAuthenticated" "<qualys_base_url>/api/2.0/fo/knowledge_base/vuln/" > output.txt
<platform API server>/api/2.0/fo/knowledge_base/vuln/knowledge_base_vuln_list_output.dtd