Dynamic search list

/api/2.0/fo/qid/search_list/dynamic/

List dynamic search lists and manage them (create, update, delete).

Permissions - Managers, Unit Managers, Scanners and Readers have permission to list and manage dynamic search lists.

Actions: List | Create and Update | Delete

List dynamic search lists

Parameter

Description

action=list

(Required) Supported methods are GET, POST

echo_request={0|1}

(Optional) Specify 1 to view (echo) input parameters in the XML output. By default these are not included.

ids={id1,id2,...}

(Optional) One or more search list IDs to display. Multiple IDs are comma separated.

show_qids={0|1}

(Optional) Set to 0 to hide QIDs defined for each search list in the XML output. By default these QIDs are shown.

show_option_profiles={0|1}

(Optional) Set to 0 to hide option profiles associated with each search list in the XML output. By default these option profiles are shown.

show_distribution_groups={0|1}

(Optional) Set to 0 to hide distribution groups associated with each search list in the XML output. By default these distribution groups are shown.

show_report_templates={0|1}

(Optional) Set to 0 to hide report templates associated with each search list in the XML output. By default these report templates will be shown.

show_remediation_policies={0|1}

(Optional) Set to 0 to hide remediation policies associated with each search list in the XML output. By default these remediation policies will be shown.

 

DTD for dynamic search list

<platform API server>/api/2.0/fo/qid/search_list/dynamic/dynamic_list_output.dtd

Create / Update dynamic search list

Input Parameters

Parameter

Description

action=create|update

(Required) Supported method is POST

echo_request={0|1}

(Optional) Specify 1 to view (echo) input parameters in the XML output. By default these are not included.

title={value}

(Required for create action, optional for update) A user defined search list title. Maximum is 256 characters (ascii).

global={0|1}

(Optional) Specify 1 to make this a global search list. By default a new search list is not set to global (i.e. set to 0).

Search Criteria

 
 

For create request: Search criteria is required.

For update request: Only criteria specified in an update request will overwrite existing criteria, if any. For example, if a search list has confirmed_severities=3,4 and you make an update request with confirmed_severities=5, the search list will be updated to confirmed_severities=5.

vuln_title={value}

Vulnerability title (string); to unset value use update request and set to empty value

not_vuln_title={0|1}

Set to 1 for vulnerability title that does not match vuln_title parameter value

discovery_methods={value}

One or more discovery methods: Remote, Authenticated, Remote_Authenticated; by default all methods are included

auth_types={value}

One or more of these authentication types: Windows, Unix, Oracle, SNMP, VMware, DB2, HTTP, MySQL; multiple values are comma separated; to unset value use update request and set to empty value

user_configuration={value}

One or more of these user configuration values: disabled, custom; multiple values are comma separated; to unset value use update request and set to empty value

categories={value}

One or more vulnerability category names (strings); to unset value use update request and set to empty value

not_categories={0|1}

Set to 1 for categories that do not match categories parameter values

confirmed_severities={value}

One or more confirmed vulnerability severities (1-5); multiple severities are comma separated; to unset value use update request and set to empty value

potential_severities={value}

One or more potential vulnerability severities (1-5); multiple severities are comma separated; to unset value use update request and set to empty value

ig_severities={value}

One or more information gathered severities (1-5); multiple severities are comma separated; to unset value use update request and set to empty value

vendor_ids={value}

One or more vendor IDs; multiple IDs are comma separated; to unset value use update request and set to empty value

not_vendor_ids={0|1}

Set to 1 for vendor IDs that do not match vendor_ids parameter values

products={value}

Vendor product names; multiple names are comma separated; to unset value use update request and set to empty value

not_products={0|1}

Set to 1 for product names that do not match products parameter values

patch_available={value}

Vulnerabilities with patches: 0 (no), 1 (yes); by default all vulnerabilities with and without patches are included; multiple values are comma separated; to unset value use update request and set to empty value

virtual_patch_available={value}

Vulnerabilities with Trend Micro virtual patches: 0 (no), 1 (yes); by default vulnerabilities with and without these virtual patches are included: multiple values are comma separated; to unset value use update request and set to empty value

cve_ids_filter

(Optional) Filter CVE IDs with the “Exact Match” or “Contains” search criteria:

- Set to 1 to filter the CVE IDs that match exactly with the input CVE strings.

- Set to 2 to filter the CVE IDs that contain the input CVE string.

cve_ids={value}

One or more CVE IDs; multiple IDs are comma separated; to unset value use update request and set to empty value

not_cve_ids={0|1}

Set to 1 for CVE IDs that do not match cve_ids parameter values

exploitability={value}

One or more vendors with exploitability info; multiple references are comma separated; to unset value use update request and set to empty value

malware_associated={value}

One or more vendors with malware info; multiple references are comma separated; to unset value use update request and set to empty value

vendor_refs={value}

One or more vendor references; multiple vendors are comma separated; to unset value use update request and set to empty value

not_vendor_refs={0|1}

Set to 1 for vendor references that do not match vendor_refs parameter values

bugtraq_id={value}

Vulnerabilities with a Bugtraq ID number; to unset value use update request and set to empty value

not_bugtraq_id={0|1}

Set to 1 for vulnerabilities with Bugtraq IDs that do not match the bugtraq_id parameter value

vuln_details={value}

A string matching vulnerability details; to unset value use update request and set to empty value

compliance_details={value}

A string matching compliance details; to unset value use update request and set to empty value

supported_modules={value}

One or more of these Qualys modules: VM, CA-Windows Agent, CA-Linux Agent, WAS, WAF, MD; multiple values are comma separated; to unset value use update request and set to empty value

compliance_types={value}

One or more compliance types: PCI, CobiT, HIPAA, GLBA, SOX; multiple values are comma separated; to unset value use update request and set to empty value

qualys_top_lists={value}

One or more Qualys top lists: Internal_10, Extermal_10; multiple values are comma separated; to unset value use update request and set to empty value

cpe={value}

(Optional) One or more CPE values: Operating System, Application, Hardware, None; multiple values are comma separated.

qids_not_exploitable={0|1}

Set to 1 for vulnerabilities that are not exploitable due to configuration.

non_running_services={0|1}

Set to 1 for vulnerabilities on non running services.

sans_20={0|1}

Set to 1 for vulnerabilities in 2008 SANS 20 list

nac_nam={0|1}

Set to 1 for NAC/NAM vulnerabilities

vuln_provider={value}

Provider of the vulnerability if not Qualys; valid value is iDefense

cvss_base={value}

CVSS base score value (matches greater than or equal to this value); to unset value use update request and set to empty value

cvss_temp={value}

CVSS temporal score value (matches greater than or equal to this value); to unset value use update request and set to empty value

cvss_access_vector={value}

CVSS access vector, one of: Undefined, Local, Adjacent_Network, Network; to unset value use update request and set to empty value

cvss_base_operand={value}

Set the value to 1 to use the greater than equal to operand.

Set the value to 2 to use the less than operand.

You must always specify the "cvss_base" parameter along with the "cvss_base_operand" parameter in the API request.

cvss_temp_operand={value}

Set the value to 1 to use the greater than equal to operand.

Set the value to 2 to use the less than operand.

You must always specify the "cvss_temp" parameter along with the "cvss_temp_operand" parameter in the API request.

cvss3_base={value}

CVSS3 base score value assigned to the CVEs by NIST (matches greater than, less than, or equal to this value); to unset value use update request and set to empty value.

cvss3_temp={value}

CVSS3 temporal score value assigned to the CVEs by NIST (matches greater than, less than, or equal to this value); to unset value use update request and set to empty value.

cvss3_base_operand={value}

Set the value to 1 to use the greater than equal to operand.

Set the value to 2 to use the less than operand.

You must always specify the "cvss3_base" parameter along with the "cvss3_base_operand" parameter in the API request.

cvss3_temp_operand={value}

Set the value to 1 to use the greater than equal to operand.

Set the value to 2 to use the less than operand.

You must always specify the "cvss3_temp" parameter along with the "cvss3_temp_operand" parameter in the API request.

User Modified Filters

User modified filter parameters are mutually exclusive; only 1 parameter per request

user_modified_date_between
={value}

date range in format (mm/dd/yyyy-mm/dd/yyyy)

user_modified_date_today
={0|1}

set to 1 for modified by user today; set to 0 for not modified by user today

user_modified_date_in previous
={value}

one of: Year, Month, Week, Quarter

user_modified_date_within_
last_days={value}

number of days: 1-9999

not_user_modified={0|1}

set to 1 to set the "not" flag for one of the user_modified parameters

Service Modified Filters

Service modified filter parameters are mutually exclusive; only 1 parameter per request

service_modified_date_between
={value}

date range in format (mm/dd/yyyy-mm/dd/yyyy)

service_modified_date_
today={0|1}

set to 1 for modified by our service today; set to 0 for not modified by our service today

service_modified_date_
in previous={value}

one of: Year, Month, Week, Quarter

service_modified_date_within_
last_days={value}

number of days: 1-9999

not_service_modified={0|1}

set to 1 to set the "not" flag for one of the service_modified parameters

Published Filters

Published filter parameters are mutually exclusive; only 1 parameter per request

published_date_between
={value}

date range in format (mm/dd/yyyy-mm/dd/yyyy)

published_date_today={0|1}

set to 1 for published today; set to 0 for not published today

published_date_in previous
={value}

one of: Year, Month, Week, Quarter

published_date_within_
last_days={value}

number of days: 1-9999

not_published={0|1}

set to 1 to set the "not" flag for one of the published parameters

Update Request Only

 

unset_user_modified_
date={value}

(Optional) Set to empty value to unset the user modified date in the search list parameters.

unset_published_
date={value}

(Optional) Set to empty value to unset the published date in the search list parameters.

unset_service_modified_
date={value}

(Optional) Set to empty value to unset the service modified date in the search list parameters.

 

Sample 1 - Create new dynamic search list

API request

curl -u "USERNAME:PASSWD" -H "X-Requested-With: Curl" -X "POST" -d

"action=create&title=My+Dynamic+Search+List&global=1&published_date_within_last_days=7&patch_available=1"

"https://qualysapi.qualys.com/api/2.0/fo/qid/search_list/dynamic/"

 

XML output

<?xml version="1.0" encoding="UTF-8" ?>

<!DOCTYPE SIMPLE_RETURN SYSTEM "https://qualysapi.qualys.com/api/2.0/simple_return.dtd">

<SIMPLE_RETURN>

  <RESPONSE>

    <DATETIME>2015-09-01T21:32:40Z</DATETIME>

    <TEXT>New search list created successfully</TEXT>

    <ITEM_LIST>

      <ITEM>

        <KEY>ID</KEY>

        <VALUE>136992</VALUE>

      </ITEM>

    </ITEM_LIST>

  </RESPONSE>

</SIMPLE_RETURN>

Sample 2 - Create new dynamic search list

API request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With:curl demo2" -d "action=create&title=mytest_DL313&cvss_base=3&cvss_base_operand=1&cvss_temp=2&cvss_temp_operand=2&cvss3_base=2&cvss3_base_operand=1&cvss3_temp=2&cvss3_temp_operand=2" "https://qualysapi.qualys.com/api/2.0/fo/qid/search_list/dynamic/"

 

Delete dynamic search list

Input Parameters

Parameter

Description

action=delete

(Required) Supported method is POST

echo_request={0|1}

(Optional) Specify 1 to view (echo) input parameters in the XML output. By default these are not included.

id={id}

(Required) The ID of the search list you want to delete.

 

Sample - Delete dynamic search list

API request

curl -u "USERNAME:PASSWD" -H "X-Requested-With: Curl" -X "POST" -d

"action=delete&id=123456&global=1&qids=68518-68522,48000-48004"

"https://qualysapi.qualys.com/api/2.0/fo/qid/search_list/dynamic/"

XML output

<?xml version="1.0" encoding="UTF-8" ?>

<!DOCTYPE SIMPLE_RETURN SYSTEM "https://qualysapi.qualys.com/api/2.0/simple_return.dtd">

<SIMPLE_RETURN>

  <RESPONSE>

    <DATETIME>2015-09-01T21:32:40Z</DATETIME>

    <TEXT>search list deleted successfully</TEXT>

    <ITEM_LIST>

      <ITEM>

        <KEY>ID</KEY>

        <VALUE>123456</VALUE>

      </ITEM>

    </ITEM_LIST>

  </RESPONSE>

</SIMPLE_RETURN>

 

DTD for dynamic search list (create, update, delete)

<platform API server>/api/2.0/simple_return.dtd