/api/2.0/fo/auth/unix/
[POST]
Create, update, list and delete Unix records for authenticated scans of hosts running on Unix, Cisco and Checkpoint Firewall. Vulnerability and compliance scans are supported on Unix and Cisco systems (using VM, PC). Compliance scans are supported on Checkpoint Firewall systems (using PC).
Download Qualys User Guide - Unix Authentication (pdf)
Parameter |
Description |
action={action} |
(Required) Specify create, update, delete (using POST) or list (using GET or POST). See List Auth Records for type |
sub_type={cisco|checkpoint_firewall} |
(Required for hosts running on Cisco or Checkpoint Fiirewall) Choose cisco or checkpoint_firewall if you're scanning one of these system types. |
echo_request={0|1} |
(Optional) Specify 1 to view (echo) input parameters in the XML output. By default these are not included. |
ids={value} |
(Required to update or delete record) Record IDs to update/delete. Specify record IDs and/or ID ranges (for example, 1359-1407). Multiple entries are comma separated. |
title={value} |
(Required to create record) A title for the record. The title must be unique. Maximum 255 characters (ascii). |
comments={value} |
(Optional to create or update record) User defined comments. Maximum of 1999 characters. |
port={value} |
(Optional and valid for compliance scans only) Custom ports to be used to perform authenticated compliance assessment (control testing). |
Login Credentials |
|
username={value} |
(Required to create record, optional to update record) The username of the account to be used for authentication. If login_type=vault is specified, this is the username of a vault account. Maximum 255 characters (ascii). |
password={value} |
(To create record password or login_type=vault is required) The password of the PostgreSQL account to be used for authentication when a vault will not be used. Maximum 100 characters (ascii). |
login_type=(basic|vault} |
(To create record password or login_type=vault is required) Set to vault if a third party vault will be used to retrieve password. Vault parameters need to be provided in the record. |
cleartext_password={0|1} |
(Optional) When not specified, the scanning engine only uses strong password encryption for remote login. Specify 1 to allow your password to be transmitted in clear text when connecting to services which do not support strong password encryption. For more info, search for "Clear Text Password" in online help. For a create request, if cleartext_password=1, the password parameter is required. For an update request, if cleartext_password=1, and the record does not have a password set, then cleartext_password=1 is *silently ignored*. |
skip_password={0|1} |
(Optional and valid only for Unix record,
i.e not supported for Cisco or Checkpoint Firewall sub-type) |
enable_password={value} |
(Optional and valid only for Cisco sub-type) The password required for executing the “enable” command on the target hosts. The password may include 1-31 characters (ascii). Note: The pooled credentials feature is not supported if the “enable” command requires a password and it is specified using the enable_password parameter. |
expert_password={value} |
(Optional and valid only for Checkpoint Firewall sub-type) The password required for executing the “expert” command on the target hosts. The password may include 1-31 characters (ascii). |
target_type={value} |
(Optional) Specify the target type. You can choose from the following values: - A10 - HP_COMWARE - CISCO_ASA_WITH_FIREPOWE - auto (default) |
Kerberos/GSSAPI authentication details, if it is enabled for the target host |
|
use_kerberos={0|1} |
(Optional) Specify 1 to enable Kerberos authentication. By default, the value is set to 0. |
realm_discovery={value} |
(Mandatory, if ‘use_kerberos=1’) Specify the realm discovery method. The available values are manual, single, and DNS. |
user_realm={value} |
(Mandatory, if ‘use_kerberos=1’) Specify the name of the realm that a user belongs to. |
service_realm={value} |
(Mandatory, if ‘use_kerberos=1’) Specify the name of the realm that the service belongs to, when a user wants to access a service that is part of a different realm. Note: This parameter is valid only if the “realm_discovery” parameter is set to “manual”. |
service_kdc={value} |
(Optional) Specify the KDC that manages authentication for the service in its realm, when a user wants to access a service that is part of a different realm. Note: This parameter is valid only if the “realm_discovery” parameter is set to “manual”. |
user_kdc={value} |
(Optional) Specify the KDC (Key Distribution Center) that is responsible for authenticating users and issuing ticket-granting tickets (TGTs) for the realm. |
krb5_password={value} |
(Mandatory, if ‘use_kerberos= 1’) Enter the password to authenticate to the Kerberos Key Distribution Center (KDC). |
krb5_login_type={value} |
(Optional) Specify the type of login used to authenticate to the Kerberos Key Distribution Center (KDC). The available values are “basic” and “vault”. |
krb5_<vaultparameters>={value} |
(Mandatory, if krb5_login_type =vault) If krb5_login_type is 'vault', then all vault parameter fields must be added with the prefix 'krb5_'. For example, krb5_vault_type, krb5_vault_id, etc. The vault-specific parameters depend on the vault type you have selected. See the “Vault Definition” section in the API user guide. |
Unix only |
|
{XML File} |
(Optional and valid only for Unix record, i.e. not supported for Cisco or Checkpoint Firewall sub-type) XML file where you define private-key certificates and root delegations. These are defined using this DTD: <platform API server>/api/2.0/fo/auth/unix/unix_auth_params.dtd |
use_agentless_tracking={0|1} |
(Optional and valid for Unix record only, i.e. not supported for Cisco or Checkpoint Firewall sub-type) Specify "1" to enable Agentless Tracking. |
agentless_tracking_path={value} |
(Required if use_agentless_tracking=1 for Unix record, i.e. not supported for Cisco or Checkpoint Firewall sub-type) The pathname where you would like the service to store the host ID file on each host. This is required to enable Agentless Tracking for Unix. |
Target Hosts |
Important: Each IP address may be included in one Unix or one Cisco or one Checkpoint Firewall record within one Qualys user account. |
ips={value} |
(Required to create record) IPs to be added to your record. Multiple entries are comma separated. (Optional to update record) IPs specified will overwrite existing IPs in the record, and existing IPs will be removed. This parameter and the add_ips parameter or the remove_ips parameter cannot be specified in the same request. |
add_ips={value} |
(Optional to update record) IPs to be added to an existing record. Multiple IPs/ranges are comma separated. This parameter and the ips parameter cannot be specified in the same request. |
remove_ips={value} |
(Optional to update record) IPs to be removed from your record. You may enter a combination of IPs and ranges. Multiple entries are comma separated. This parameter and the ips parameter cannot be specified in the same request. |
network_id={value} |
(Optional to create or update record, and valid when the networks feature is enabled) The network ID for the record. |
Target Hosts with Tag Support |
Note: Applicable only when you have Asset Tagging and Tag Support for Authentication Records enabled for your subscription. |
asset_type={ips|asset_tags|ip_range_tag_rule} |
(Optional) Indicates how assets will be defined in the record. Valid values are ips (the default), asset_tags, ip_range_tag_rule. When not specified, we will use asset_type=ips. ips - Specify this value to assign IP addresses/ranges to the record asset_tags - Specify this value to add tags to the record for the assets you want included. IP addresses with the selected tags already assigned will be associated with the record. ip_range_tag_rule - Specify this value to add tags that have IP address ranges defined in the tag rule. All IP addresses defined in the tag rule will be associated with the record, including IPs that do not already have the tag assigned. |
tag_set_by={id|name} |
(Optional when asset_type=asset_tags or ip_range_tag_rule) Specify "id" (the default) to select a tag set by providing tag ids. Specify "name" to select a tag set by providing tag names. |
tags_include={tag1, tag2...} |
(Required when asset_type=asset_tags or ip_range_tag_rule) Specify a tag set to include in the record. Hosts that match these tags will be included. You identify the tag set by providing tag names or IDs. Multiple entries are comma-separated. To specify tag names, you must also specify tag_set_by=name. |
tags_exclude={tag1, tag2...} |
(Optional when asset_type=asset_tags or ip_range_tag_rule) Specify a tag set to exclude in the record. Hosts that match these tags will be excluded. You identify the tag set by providing tag names or IDs. Multiple entries are comma-separated. To specify tag names, you must also specify tag_set_by=name. |
tag_include_selector={any|all} |
(Optional when asset_type=asset_tags or ip_range_tag_rule) Select "any" (the default) to include hosts that match at least one of the selected tags. Select "all" to include hosts that match all of the selected tags. |
tag_exclude_selector={any|all} |
(Optional when asset_type=asset_tags or ip_range_tag_rule) Select "any" (the default) to exclude hosts that match at least one of the selected tags. Select "all" to exclude hosts that match all of the selected tags. |
ips={value} |
(Required to create record when asset_type=ips or asset_type is not specified) The IP address(es) the server will log into using the record’s credentials. Multiple entries are comma separated. (Optional to update record when asset_type=ips) IPs specified will overwrite existing IPs in the record, and existing IPs will be removed. This parameter and the add_ips parameter or the remove_ips parameter cannot be specified in the same request. |
add_ips={value} |
(Optional to update record when asset_type=ips) Add IPs and/or ranges to the IPs list for this record. Multiple IPs/ranges are comma separated. This parameter and the ips parameter cannot be specified in the same request. |
remove_ips={value} |
(Optional to update record when asset_type=ips) IPs to be removed from your record. You may enter a combination of IPs and ranges. Multiple entries are comma separated. This parameter and the ips parameter cannot be specified in the same request. |
The actual ports used for compliance scanning (Unix, Cisco, Checkpoint Firewall) depends on scan settings in 1) compliance option profile, and 2) Unix authentication record as indicated.
Scan settings |
Ports scanned |
Option Profile set to Standard Scan and... |
|
Auth record set to UI; Well Known Ports |
~ 1900 Ports (includes Ports 22, 23, 513) |
Auth record set to UI: Custom Ports |
~ 1900 Ports + Custom Ports in record |
Option Profile set to Targeted Scan and... |
|
Auth record set to UI: Well Known Ports |
Ports 22, 23 and 513 only |
Auth record set to UI: Custom Ports |
Custom Ports in record |
Applies to record type Unix, Cisco and Checkpoint Firewall
API request
curl -H "X-Requested-With: curl" -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/api/2.0/fo/auth/unix/?action=create&title=Unix&username=root&password=crazy8!&ips=10.10.36.63"
XML output
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "https://qualysapi.qualys.com/api/2.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2018-03-11T20:17:42Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>84307</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Applies to record type Unix only (not sub-types)
API request
curl -H "X-Requested-With: curl" -H "Content-type:text/xml" -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/api/2.0/fo/auth/unix/action=create&title=Unix&vault&username=Qualys&ips=10.113.195.152&port=5857&login_type=vault&vault_type=LiebermanERPM&vault_id=10873203&auto_discover_system_name=0&system_name_single_host=a&custom_system_type=custom&system_type=custom" --data-binary @add_params.xml
add_params.xml
<?xml version="1.0" encoding="UTF-8" ?>
<UNIX_AUTH_PARAMS>
<ROOT_TOOLS>
<ROOT_TOOL>
<STANDARD_TYPE type="pimsu"/>
<PASSWORD_INFO type="vault">
<DIGITAL_VAULT>
<VAULT_USERNAME><![CDATA[root]]></VAULT_USERNAME>
<VAULT_TYPE>Thycotic Secret Server</VAULT_TYPE>
<VAULT_ID>25026922</VAULT_ID>
<SECRET_NAME><![CDATA[super_secret_name]]></SECRET_NAME>
</DIGITAL_VAULT>
</PASSWORD_INFO>
</ROOT_TOOL>
<ROOT_TOOL>
<CUSTOM_TYPE><![CDATA[test]]></CUSTOM_TYPE>
<PASSWORD_INFO type="basic">
<PASSWORD><![CDATA[password]]></PASSWORD>
</PASSWORD_INFO>
</ROOT_TOOL>
</ROOT_TOOLS>
<PRIVATE_KEY_CERTIFICATES>
<PRIVATE_KEY_CERTIFICATE>
<PRIVATE_KEY_INFO type="vault">
<DIGITAL_VAULT>
<VAULT_TYPE>Cyber-Ark AIM</VAULT_TYPE>
<VAULT_ID>25026922</VAULT_ID>
<FOLDER><![CDATA[folder]]></FOLDER>
<FILE><![CDATA[file]]></FILE>
</DIGITAL_VAULT>
</PRIVATE_KEY_INFO>
<PASSPHRASE_INFO type="basic">
<PASSPHRASE><![CDATA[passphrase]]></PASSPHRASE>
</PASSPHRASE_INFO>
</PRIVATE_KEY_CERTIFICATE>
<PRIVATE_KEY_CERTIFICATE>
<PRIVATE_KEY_INFO type="basic">
<PRIVATE_KEY type="rsa">
<![CDATA[-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,F9A653E2D12E019357B349B6EEE068B1
FiLfGHOc0rREmC0cBPsiyqqaitPNYTGeqKRmSBwGNrAzNTAcsKslsoY/WkMDW6QD
dLZNiGB0CFag94zyoMyCjyrdpayACAOWfH5w8VixxHF16Vxx5b6foLBE40FOYAIP
sdm1HvCfSFaN2dPf1Unb0erwjigjJNwYIV78529elE+2+dZIemi90ibh0R35NB60
TLeS3UUVezp/O9ZPLf0pqPPHnWgfW4GXp/SUpwojES9fCQE+BW4MMWHWu8XKtytt
....
-----END RSA PRIVATE KEY-----]]></PRIVATE_KEY>
</PRIVATE_KEY_INFO>
<PASSPHRASE_INFO type="vault">
<DIGITAL_VAULT>
<VAULT_USERNAME><![CDATA[PASSPHRASE USERNAME]]></VAULT_USERNAME>
<VAULT_TYPE>Quest Vault</VAULT_TYPE>
<VAULT_ID>35046922</VAULT_ID>
<SYSTEM_NAME><![CDATA[quest_system_name]]></SYSTEM_NAME>
</DIGITAL_VAULT>
</PASSPHRASE_INFO>
<CERTIFICATE type="openssh">
<![CDATA[[email protected] AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgwR4bJSiBtJlOgCAQUF3yZ6Io2WYfnBiOEsQ45RKbqLgAAAADAQABAAABAQC5sVLb7emh8/v2uHp6x1pN5R+MHQwz3A5M3GRKtuuu1Njc/XYgqeWLMOJpbVtCVXwUcPgKt4Q0DmlGqc4uhZhzrdtpQGHrEivndNNLY9NQj7LozE7x/sGiWdtmlucUh1teXMaBpM4aER9Y6uW5wv6ZylY7CAV9bcVz/ljlSypmjzkPjJ39AJq+QxZkIv+H4uh/T05LwHdilFrjWWwEoI8DV/DRIw3h8o4jhnj1QxBxyjad3efmFaejgRnY6cBW821gm...
</CERTIFICATE>
</PRIVATE_KEY_CERTIFICATE>
<PRIVATE_KEY_CERTIFICATE>
<PRIVATE_KEY_INFO type="basic">
<PRIVATE_KEY type="rsa">
<![CDATA[-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jYmMAAAAGYmNyeXB0AAAAGAAAABCPiEUH5L3LZGInEw+h/m4+AAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQCpuwFVTYVmske0bdFjSlYgsfvyCr7e5irIfoW7B8hNY0XJWyOEqZ5BzwPAEtzjua6m3vnqKPEQD1HyFdLse62JE7x0jDXLr9bZ64THFpogERC/gI2aorrLKLxdr0K7u5wQUTm1L0xO7Y0hE9Bbi8ok++xTW+Ymf7LbVRLWVdN6kUBunIGow3W+tHIohPoUlw82QayZRa4iXpqpWVbh/9OMnb1raC
....
-----END OPENSSH PRIVATE KEY-----]]></PRIVATE_KEY>
</PRIVATE_KEY_INFO>
</PRIVATE_KEY_CERTIFICATE>
</PRIVATE_KEY_CERTIFICATES>
</UNIX_AUTH_PARAMS>
XML output
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "https://qualysapi.qualys.com/api/2.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2018-03-27T20:17:42Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>999988</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
Provide a target type while creating or updating the Unix (SSH2) authentication record.
API request
curl -H "X-Requested-With: curl" -u "USERNAME:PASSWORD"
"https://qualysapi.qualys.com/api/2.0/fo/auth/unix/?action=create&title=ux-target-type&username=root&ips=10.11.42.114&login_type=basic&password=root&target_type=HP_COMWARE
XML output
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "https://qualysapi.qualys.com/api/2.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2020-05-26T21:17:17Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>149016</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
In this sample, a new Unix record is created with asset_type=ip_range_tag_rule.
API request
curl -H "X-Requested-With: curl" -u "USERNAME:PASSWORD"
"https://qualysapi.qualys.com/api/2.0/fo/auth/unix/?action=create&title=unix&username=root&asset_type=ip_range_tag_rule&tags_include=7515612&tag_i
nclude_selector=all&tags_exclude=7514462&tag_exclude_selector=all"
XML output
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM
"https://qualysapi.qualys.com/api/2.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2021-03-08T22:00:50Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>204020</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API request
curl --location --request POST
'https://qualysapi.qualys.com/api/2.0/fo/auth/unix/?username=root&action=create&ips=10.0.0.1&title=unix krbsapi&use_kerberos=1&realm_discovery=manual&user_realm=realm.com&service_realm=abc.com&service_kdc=kdc&user_kdc=kerbs&krb5_password=123aa&krb5_login_type=basic'
--header 'X-Requested-With: portal'
--header 'Authorization: Basic <token>'
--data-raw ''
XML output
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_UNIX_LIST_OUTPUT SYSTEM
"
<qualys_base_url>/api/2.0/fo/auth/unix/dtd/auth_list_output.dtd">
<AUTH_UNIX_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2023-02-13T04:08:26Z</DATETIME>
<AUTH_UNIX_LIST>
<AUTH_UNIX>
<ID>214497</ID>
<TITLE>
<![CDATA[krbs]]>
</TITLE>
<USERNAME>
<![CDATA[root]]>
</USERNAME>
<SKIP_PASSWORD>0</SKIP_PASSWORD>
<CLEARTEXT_PASSWORD>0</CLEARTEXT_PASSWORD>
<TARGET_TYPE>
<![CDATA[Auto (default)]]>
</TARGET_TYPE>
<KERBEROS_AUTHENTICATION>1</KERBEROS_AUTHENTICATION>
<REALM_DISCOVERY>
<![CDATA[manual]]>
</REALM_DISCOVERY>
<USER_REALM>
<![CDATA[jsm.com]]>
</USER_REALM>
<USER_KDC>
<![CDATA[kerbs.jsm.com]]>
</USER_KDC>
<SERVICE_REALM>
<![CDATA[kerbs.jsm.com]]>
</SERVICE_REALM>
<SERVICE_KDC>
<![CDATA[krb]]>
</SERVICE_KDC>
<IP_SET>
<IP>0.0.0.0</IP>
</IP_SET>
<NETWORK_ID>0</NETWORK_ID>
<CREATED>
<DATETIME>2023-02-06T09:48:20Z</DATETIME>
<BY>test_pq4</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2023-02-06T12:30:33Z</DATETIME>
</LAST_MODIFIED>
</AUTH_UNIX>
<AUTH_UNIX>
<ID>214498</ID>
<TITLE>
<![CDATA[k1]]>
</TITLE>
<USERNAME>
<![CDATA[root]]>
</USERNAME>
<SKIP_PASSWORD>0</SKIP_PASSWORD>
<CLEARTEXT_PASSWORD>0</CLEARTEXT_PASSWORD>
<TARGET_TYPE>
<![CDATA[Auto (default)]]>
</TARGET_TYPE>
<KERBEROS_AUTHENTICATION>1</KERBEROS_AUTHENTICATION>
<REALM_DISCOVERY>
<![CDATA[manual]]>
</REALM_DISCOVERY>
<USER_REALM>
<![CDATA[fwwqw]]>
</USER_REALM>
<USER_KDC>
<![CDATA[user]]>
</USER_KDC>
<SERVICE_REALM>
<![CDATA[s1sdd]]>
</SERVICE_REALM>
<SERVICE_KDC>
<![CDATA[]]>
</SERVICE_KDC>
<KERBEROS_LOGIN_INFO type="vault">
<DIGITAL_VAULT>
<DIGITAL_VAULT_ID>
<![CDATA[55014]]>
</DIGITAL_VAULT_ID>
<DIGITAL_VAULT_TYPE>
<![CDATA[Quest Vault]]>
</DIGITAL_VAULT_TYPE>
<DIGITAL_VAULT_TITLE>
<![CDATA[quest]]>
</DIGITAL_VAULT_TITLE>
<VAULT_SYSTEM_NAME>
<![CDATA[fhk]]>
</VAULT_SYSTEM_NAME>
</DIGITAL_VAULT>
</KERBEROS_LOGIN_INFO>
<IP_SET>
<IP>0.0.0.0</IP>
</IP_SET>
<NETWORK_ID>0</NETWORK_ID>
<CREATED>
<DATETIME>2023-02-06T12:54:00Z</DATETIME>
<BY>test_pq4</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2023-02-08T10:45:46Z</DATETIME>
</LAST_MODIFIED>
</AUTH_UNIX>
</AUTH_UNIX_LIST>
</RESPONSE>
</AUTH_UNIX_LIST_OUTPUT>
API request
curl -H "X-Requested-With: curl" -u "USERNAME:PASSWORD"
https://qualysapi.qualys.com/api/2.0/fo/auth/unix/?action=update&ids=149016&target_type=CISCO_ASA_WITH_FIREPOWE
XML output
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "https://qualysapi.qualys.com/api/2.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2020-05-26T21:34:18Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>149016</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API request
curl -H "X-Requested-With: curl" -u "USERNAME:PASSWORD" https://qualysapi.qualys.com/api/2.0/fo/auth/unix/?action=list&ids=149016
XML output
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_UNIX_LIST_OUTPUT SYSTEM "https://qualysapi.qualys.com/api/2.0/fo/auth/unix/auth_unix_list_output.dtd">
<AUTH_UNIX_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2020-05-26T21:35:23Z</DATETIME>
<AUTH_UNIX_LIST>
<AUTH_UNIX>
<ID>149016</ID>
<TITLE>
<![CDATA[ux-target-type]]>
</TITLE>
<USERNAME>
<![CDATA[root]]>
</USERNAME>
<SKIP_PASSWORD>0</SKIP_PASSWORD>
<CLEARTEXT_PASSWORD>0</CLEARTEXT_PASSWORD>
<TARGET_TYPE>
<![CDATA[Cisco Adaptive Security Appliance with FirePower]]>
</TARGET_TYPE>
<IP_SET>
<IP>10.11.42.114</IP>
</IP_SET>
<NETWORK_ID>0</NETWORK_ID>
<CREATED>
<DATETIME>2020-05-26T21:17:17Z</DATETIME>
<BY>username</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2020-05-26T21:34:18Z</DATETIME>
</LAST_MODIFIED>
</AUTH_UNIX>
</AUTH_UNIX_LIST>
</RESPONSE>
</AUTH_UNIX_LIST_OUTPUT>
Qualys API - Unix Authentication API samples (GitHub)
<platform API server>/api/2.0/batch_return.dtd
<platform API server>/api/2.0/fo/auth/unix/auth_unix_list_output.dtd
For Unix type record type only, root delegation tools and private-key certificates are specified using the unix_auth_params.dtd here
<platform API server>/api/2.0/fo/auth/unix/unix_auth_params.dtd