for creating and updating scan report templates
Scan template parameters are below. The default value when creating a new template is shown in bold where applicable.
Parameter |
Description |
General Info |
|
action={create|update} |
(Required) The action you want to take. |
report_format=xml |
(Required) XML report format is supported. |
template_id={value} |
(Required for update request) The template ID to update. |
title={value} |
(Optional) A string value for the title (max of 64 characters). |
owner={value} |
(Optional) The name of the owner of this template. |
Display Options |
|
scan_selection= |
(Optional) Specify HostBased for Host Based Findings (default for new template) or ScanBased for Scan Based Findings. Choosing Host Based Findings allows you to report on the latest vulnerability data from all of your scans. Choosing Scan Based Findings allows you to run a report based on saved scan results. |
include_trending={0|1} |
(Optional) Specify 1 to include trending. Choose a timeframe (daily, weekly or monthly) to analyze the vulnerability status for the timeframe selected. This parameter is required only when scan_selection=HostBased. |
limit_timeframe={0|1} |
Specify 1 to only include scan results from the specified time frame. This ensures that only vulnerability information gathered in the timeframe that you've specified is included in the report. If unspecified, vulnerability information for hosts that were last scanned prior to the report timeframe may be included. This parameter is required only if scan_selection=HostBased. |
selection_type= {day|month|weeks| |
Specify whether to include trending information for number of weeks, days or months or a specific date. Specifying none will create a report without any trending information included. Specifying scans will include trending information for the last two detections. This parameter is required only if scan_selection=HostBased. |
selection_range={value} |
Specify the range for the selection type. Specify a number of units (1|3|5|7|15|30|60|90) for days, weeks or months. Date must be in the format yyyy-mm-dd (2017-04-05), and must be less than or equal to today’s date. Trending information since the last number of units or the specified date will be included. This parameter is required only if scan_selection=HostBased. |
asset_groups={value} |
Specify the name of the asset group(s) to report on. Multiple asset groups are comma separated. We'll report on all the IPs in the asset groups. This parameter is required only if scan_selection=HostBased. |
asset_group_ids={value} |
Specify the ID of the asset group(s) to report on. Multiple asset group IDs are comma separated. We'll report on all the IPs in the asset groups. This parameter is required only if scan_selection=HostBased. |
network={value} |
(Valid only when the Networks feature is enabled for your account.) A network name containing the IPs to include. For a new template the default network is Global Default Network. |
ips={value} |
Specify the IPs or IP ranges to report on. Multiple IPs or IP ranges are comma separated. This parameter is required only if scan_selection=HostBased. |
tag_set_by={name|id} |
Specify the name of the tags or the ID of the tags for the hosts you want to report on. Multiple tag names or tag IDs are comma separated. |
tag_include_selector= |
Specify ALL to match all the asset tags for the hosts you want to report on (This is an AND operation). Specifying ANY will match any of the assets tags (This is an OR operation). This parameter is required only if scan_selection=HostBased. |
tag_set_include={value} |
Specify asset tags for the hosts you want to report on. We'll find the hosts in your account that match your tag selection and include them in the report. Multiple tags can be provided using comma separated values. This parameter is required only if scan_selection=HostBased. |
tag_exclude_selector= |
Specify ALL to match all the asset tags for the hosts you want do not want to report on (This is an AND operation). Specifying ANY will match any of the assets tags (This is an OR operation). This parameter is required only if scan_selection=HostBased. |
tag_set_exclude={value} |
Specify asset tags for the hosts you do not want to report on. We'll find the hosts in your account that match your tag selection and exclude them from the report. Multiple tags can be provided using comma separated values. This parameter is required only if scan_selection=HostBased. |
host_with_cloud_agents= |
What host findings to include in the report when CA module is enabled. Your options are: all - All data scan - Scan data, i.e. include findings from scans that didn’t use Agentless Tracking agent - Agent data, i.e. include findings from the agent when merging is enabled (i.e. Show unified view hosts option in UI under Users > Setup > Cloud Agent Setup) |
display_text_summary={0|1} |
Specify 1 to include the following summary info for the entire report: total vulnerabilities detected, overall security risk, business risk (for reports sorted by asset group), total vulnerabilities by status, total vulnerabilities by severity and top 5 vulnerability categories. |
graph_business_risk={0|1} |
Specify 1 to include the business risk information. Note that some graphs are only available when trend information is included. Keep in mind that your filter settings will affect the data reflected in your graphs. |
graph_vuln_over_time={0|1} |
Specify 1 to include the vulnerabilities by severity over time. |
graph_status={0|1} |
Specify 1 to include the vulnerabilities by status. |
graph_potential_status={0|1} |
Specify 1 to include the potential vulnerabilities by status. |
graph_severity={0|1} |
Specify 1 to include the vulnerabilities by severity. |
graph_potential_severity={0|1} |
Specify 1 to include the potential vulnerabilities by severity. |
graph_ig_severity={0|1} |
Specify 1 to include the information gathered by severity. |
graph_top_categories={0|1} |
Specify 1 to include the top five vulnerable categories. |
graph_top_vulns={0|1} |
Specify 1 to include the ten most prevalent vulnerabilities. |
graph_os={0|1} |
Specify 1 to include the operating systems detected. |
graph_services={0|1} |
Specify 1 to include the services detected. |
graph_top_ports={0|1} |
Specify 1 to include the ports detected. |
display_custom_footer={0|1} |
Specify 1 to include custom text in the report footer. |
display_custom_footer_text={value} |
Specify custom text like a disclosure statement or data classification (e.g. Public, Confidential). The text you enter will appear in all reports generated from this template, except reports in XML and CSV formats. Length is maximum 4000 characters. |
sort_by= {host|vuln|os|group| |
Specify how you want to organize the Detailed Results section of your report - by host, vuln (i.e. vulnerability), group (i.e. asset group), service or port. |
cvss={all|cvssv2|cvssv3} |
Specify the CVSS version score you want to display in reports. all - both CVSS versions cvssv2 - CVSS version 2 cvssv3 - CVSS version 3 |
host_details={0|1} |
Specify 1 to include identifying information for each host agent like the asset ID and related IPs (IPv4, IPv6 and MAC addresses). This parameter is required only if scan_selection=HostBased and sort_by=host. |
metadata_ec2_instances={0|1} |
Specify 1 to display “Legacy EC2/Azure Fields” for each EC2 asset. See Cloud Asset Metadata Fields in XML Format in the API (VM, PC) User Guide to know which fields are included with this option. |
cloud_provider_metadata={0|1} |
Specify 1 to display “Cloud Provider Metadata Fields” for each cloud asset. See Cloud Asset Metadata Fields in XML Format in the API (VM, PC) User Guide to know which fields are included with this option. |
qualys_system_ids={0|1} |
Specify 1 to include host ID/asset ID in the host-based scan report. |
include_text_summary={0|1} |
Specify 1 to include the following summary info for each host, vulnerability, asset group, etc (depending on the sorting method you selected): total vulnerabilities detected, the security risk, the business risk (for reports sorted by asset group), total vulnerabilities by status, total vulnerabilities by severity and top 5 vulnerability categories. |
include_vuln_details={0|1} |
Specify 1 to include additional details for each vulnerability in the report. |
include_vuln_details_threat={0|1} |
Specify 1 to include a description of the threat. |
include_vuln_details_impact={0|1} |
Specify 1 to include possible consequences that may occur if the vulnerability is exploited. |
include_vuln_details_solution={0|1} |
Specify 1 to include a verified solution to remedy the issue, such as a link to the vendor's patch, Web site, or a workaround. |
include_vuln_details_vpatch={0|1} |
Specify 1 to include virtual patch information correlated with the vulnerability, obtained from Trend Micro real-time feeds. |
include_vuln_details_compliance={0|1} |
Specify 1 to include compliance information correlated with the vulnerability. |
include_vuln_details_exploit={0|1} |
Specify 1 to include exploitability information correlated with the vulnerability, includes references to known exploits and related security resources. |
include_vuln_details_malware={0|1} |
Specify 1 to include malware information correlated with the vulnerability, obtained from the Trend Micro Threat Encyclopedia. |
include_vuln_details_results={0|1} |
Specify 1 to include specific scan test results for each host, when available. We'll also show the date the vulnerability was first detected, last detected and the number of times it was detected. |
include_vuln_details_reopened={0|1} |
Specify 1 to include information related to reopened vulnerabilities. |
include_vuln_details_appendix={0|1} |
Specify 1 to include more information like IPs in your report target that don't have any scan results, and IPs that were scanned but results are not shown (no vulnerabilities were detected or all vulnerabilities were filtered out). |
include_trurisk_details={0|1} |
Specify 0 to exclude and 1 to include TruRisk details in the report template. By default, the value is set to 1. Note: This parameter is applicable only if: - The scan type is host-based scan (scan_selection= HostBased). - The subscription has Asset Risk Scoring (ARS) enabled. |
exclude_account_id={0|1} |
Specify 1 to exclude the account login ID in the filename of downloaded reports. Use this option to remove the login ID from the filename. |
Filter Options |
|
selective_vulns={complete|custom} |
Specify complete to show results for any and all vulnerabilities found. Specify custom to filter your reports to specific QIDs (add static search lists) or to QIDs that match certain criteria (add dynamic search lists). For example, maybe you only want to report on vulnerabilities with severity 4 or 5. Tip - Exclude QIDs that you don't want in the report. |
search_list_ids={value} |
Specify search list ID or QID. Multiple search list IDs or QIDs can be provided using values separated by a comma. This parameter is required only if selective_vulns=custom. |
exclude_qid_option={0|1} |
Specify 1 to exclude QIDs from the report. |
exclude_search_list_ids={value} |
Specify QID to be excluded from the report. Multiple QIDs can be provided using values separated by a comma. This parameter is required only if exclude_qid_option=1. |
included_os={value} |
Specify the operating system name to filter hosts. For example, to only report on Linux hosts make sure you provide the operating system name for Linux. Multiple operating system names can be provided using values separated by a comma. Specify ALL to include all operating systems. |
status_new={0|1} |
Specify 1 to include vulnerabilities in your report based on the current vulnerability status - New. |
status_active={0|1} |
Specify 1 to filter vulnerabilities in your report based on the current vulnerability status - Active. |
status_reopen={0|1} |
Specify 1 to filter vulnerabilities in your report based on the current vulnerability status - Re-Opened. |
status_fixed={0|1} |
Specify 1 to filter vulnerabilities in your report based on the current vulnerability status - Fixed. |
vuln_active={0|1} |
Specify 1 to filter confirmed vulnerabilities in your report based on the state - Active. |
vuln_disabled={0|1} |
Specify 1 to filter confirmed vulnerabilities in your report based on the state - Disabled. |
vuln_ignored={0|1} |
Specify 1 to filter confirmed vulnerabilities in your report based on the state - Ignored. |
potential_active={0|1} |
Specify 1 to filter potential vulnerabilities in your report based on the state - Active. |
potential_disabled={0|1} |
Specify 1 to filter potential vulnerabilities in your report based on the state - Disabled. |
potential_ignored={0|1} |
Specify 1 to filter potential vulnerabilities in your report based on the state - Ignored. |
ig_active={0|1} |
Specify 1 to filter the information gathered in your report based on the state - Active. |
ig_ignored={0|1} |
Specify 1 to filter the information gathered in your report based on the state - Ignored. |
display_non_running_kernels={0|1} |
Specify 1 to include a list of all vulnerabilities found on non-running kernels. |
exclude_non_running_kernel={0|1} |
Specify 1 to exclude vulnerabilities found on non-running kernels. Use only one parameter at a time: highlight_arf_kernel or arf_kernel. |
exclude_non_running_services={0|1} |
Specify 1 to only include vulnerabilities found where the port/service is running. |
exclude_qids_not_ |
Specify 1 to exclude vulnerabilities that are not exploitable because there’s a specific configuration present on the host. |
exclude_superceded_patches={0|1} |
Specify 1 to exclude every patch QID which is superceded (replaced) by another patch QID recommended for the same Host. |
categories_list={value} |
Specify the category name to filter hosts in your report based on various categories. For example, if you're only interested in Windows vulnerabilities make sure you provide the category name for Windows. Multiple category names can be provided using values separated by a comma. Specify ALL to include all categories. |
Services and Ports |
|
required_services={value} |
Specify the name of a required service. Multiple service names can be provided using values separated by a comma. We'll report QID: 38228 (when a required service is NOT detected). |
unauthorized_services={value} |
Specify the name of an unauthorized service. Multiple service names can be provided using values separated by a comma. We'll report QID: 38175 (when an unauthorized service is detected). |
required_ports={value} |
Specify required ports. Multiple ports can be provided using values separated by a comma. We'll report QID: 82051 (when a required port is NOT detected). |
unauthorized_ports={value} |
Specify unauthorized ports. Multiple ports can be provided using values separated by a comma. We'll report QID: 82043 (when an unauthorized port is detected). |
User Access |
|
global={0|1} |
Share this report template with other users by making it global. Specify 1 to make it global. |
report_access_users={value} |
Specify the username to share the report with a user who wouldn't already have access to the report. Multiple usernames can be provided using values separated by a comma. Each user you add will be able to view reports generated from this template even if they don't have access to the IPs in the report. |