for creating, updating, listing option profiles
Parameters for option profiles are below, using VM Option Profile API (/api/2.0/fo/subscription/option_profile/vm/)
Parameter |
Description |
title={value} |
(Required to create option profile) A title for easy identification. |
id={value} |
(Required to create/update option profile, optional to list profile) An option profile ID. |
owner={value} |
(Optional) The owner of the option profile(s), or the user who created the option profile. |
default={0|1} |
(Optional) Make this profile the default for all scans and maps. Specify 1 to make default. There can only be one default profile for the subscription. |
global={0|1} |
(Optional) Share this profile with other users by making it global. Specify 1 to make global. Are you a Manager? This profile will be available to all users. Are you a Unit Manager? This profile will be available to all users in your business unit. |
offline_scanner={0|1} |
(Optional) Specify to 1 to download this profile to your offline scanners during the next sync. |
scan_tcp_ports={none|full| standard|light} |
(Required) We use ports to send packets to the host in order to determine whether the host is alive and also to do fingerprinting for the discovery of services. Specify “full” to scan all ports, “standard” to scan standard ports or “light” to scan fewer ports. We will scan the standard list of ports unless you choose a different option in the profile. |
scan_tcp_ports_additional= |
Optional) Specify additional ports to scan (up to 12500 ports). |
3_way_handshake={0|1} |
(Optional) Specify 1 to let the scanning engine perform a 3-way handshake with target hosts. After a connection between the service and the target host is established, the connection will be closed. This option should be enabled only if you have a configuration that does not allow an SYN packet to be followed by an RST packet. Also, when this is enabled, TCP based OS detection is not performed on target hosts. Without TCP based OS detection, the service may not be able to identify the operating system installed on target hosts and perform OS-specific vulnerability checks. |
Scan |
|
scan_udp_ports={none|full standard|light} |
(Required) Specify “full” to scan all ports, “standard” to scan standard ports or “light” to scan fewer ports. We will scan the standard list of ports unless you choose a different option in the profile. |
vulnerability_detection= {complete|custom|runtime} |
(Required) With a "complete" scan we'll scan for all vulnerabilities (QIDs) in the KnowledgeBase applicable to each host being scanned. Specify "custom" to limit the scan to specified QIDs only. Then add the QIDs you want to scan. Specify “runtime” to scan QIDs at runtime. |
scan_udp_ports_additional= {port1,port2} |
(Optional) Specify additional ports to scan (up to 20500 ports). |
authoritative_option={0|1} |
(Optional) Specify 1 to enable Authoritative Scan Option. By enabling the authoritative scan option your light scan will work like a full or standard scan. We will update the vulnerability status for all vulnerabilities found, regardless of which ports they were detected on. |
scan_dead_hosts={0|1} |
(Optional) Specify 1 to enable scanning dead hosts. A dead host is a host that is unreachable - it didn't respond to any pings. Your scan may run longer if you choose to scan dead hosts. |
close_vuln_on_dead_hosts= {0|1} |
(Optional) Specify 1 to quickly close vulnerabilities for hosts that are not found alive after a set number of scans. When enabled, we'll mark existing tickets associated with dead hosts as Closed/Fixed and update the vulnerability status to Fixed. |
not_found_alive_times={value} |
(Optional) Specify the number of times the host is not found alive after which the vulnerability should be closed. This setting is available only when close_vuln_on_dead_hosts=1. |
purge_host_data={0|1} |
(Optional) Specify 1 to purge host data. This option is especially useful if you have systems that are regularly decommissioned or replaced. By specifying this option you’re telling us you want to purge the host if we detect a change in the host's Operating System (OS) vendor at scan time, for example the OS changed from Linux to Windows or Debian to Ubuntu. We will not purge the host for an OS version change like Linux 2.8.13 to Linux 2.9.4. |
external_scanners_use={value} |
(Optional) Specify the maximum number of external scanners to use for scanning perimeter assets. (This option is available when your subscription is configured with multiple external scanners). |
scan_parallel_scaling={0|1} |
(Optional) Specify 1 to enable parallel scaling. This setting can be useful in subscriptions which have physical and virtual scanner appliances with different performance characteristics (e.g., CPU, RAM). Specify this option to dynamically scale up the number of hosts to scan in parallel (at scan time) to a calculated value which is based upon the computing resources available on each appliance. Note that the number of hosts to scan in parallel value determines how many hosts each appliance will target concurrently, not how many appliances will be used for the scan. |
scan_overall_performance= {high|normal|low|custom} |
(Optional) The profile “normal” is recommended in most cases. The settings for scan_external_scanners, scan_scanner_appliances, scan_total_process, scan_http_process, scan_packet_delay, and scan_intensity change as per the specified profile. Normal - Well balanced between intensity and speed. High - Recommended only when scanning a single IP or a small number of IPs. Optimized for speed and shorter scan times. Low - Recommended if responsiveness for individual hosts and services is low. Optimized for low bandwidth network connections and highly utilized networks. May take longer to complete. |
scan_external_scanners={value} |
(Optional) Specify the number of external scanners to be used for associated scans. This setting is available only if you have multiple external scanners in your subscription. For example, if you have 10 external scanners in your subscription, you can configure this setting to any number between 1 to 10. |
scan_scanner_appliances={value} |
(Optional) Specify the number of scanner appliances to scan at the same time (per scan task). Launching several concurrent scans on the same scanner appliance has a multiplying effect on bandwidth usage and may exceed available scanner resources. Don't have scanner appliances? Disregard the Scanner Appliance setting. |
scan_total_process={value} |
(Optional) Specify the maximum number of processes to run at the same time per host. Note that the total number of processes includes the HTTP processes. |
scan_http_process={value} |
(Optional) Specify the maximum number of HTTP processes to run at the same time. |
scan_packet_delay= {minimum|short|medium|long|maximum} |
(Optional) Specify the delay between groups of packets sent to each host during a scan. With a short delay, packets are sent more frequently. With a long delay, packets are sent less frequently. |
scan_intensity={normal| medium|low|minimum} |
(Optional) This setting determines the aggressiveness (parallelism) of port scanning and host discovery at the port level. Lowering the intensity level has the effect of serializing port scanning and host discovery. This is useful for certain network conditions like cascading firewalls and lower scan prioritization on the network. Tip - If you are scanning through a firewall we recommended you reduce the intensity level. Unauthenticated scans see more of a performance difference using this option. |
scan_multiple_slices_per_scanner={0|1} |
(Optional) When unspecified or set to 0, scan using multiple slices are not used. Specify 1 to scan multiple slices in a single scan. |
load_balancer={0|1} |
(Optional) Specify 1 to check each target host to determine if it's a load balancer. When a load balancer is detected, we determine the number of Web servers behind it and report QID 86189 "Presence of a Load-Balancing Device Detected" in your results. |
password_brute_forcing_system= {minimal|limited|standard|exhaustive} |
(Optional) How vulnerable are your hosts to password-cracking techniques? we'll attempt to guess the password for each detected login ID on each target host scanned. Specify the level of brute forcing you prefer ("minimal" to "exhaustive"). |
password_brute_forcing_ custom={value1,value2} |
(Optional) Specify titles of the login/password pairs you create for password brute forcing on the Qualys Cloud Platform UI. |
custom_search_list_ids= {value1, value2} |
(Optional) Specify ids of search lists you want to use in your scan. |
custom_search_list_ids= {value1, value2} |
(Optional) Specify ids of search lists you want to use in your scan. |
custom_search_list_title= {value1, value2} |
(Optional) Specify titles of search lists you want to use in your scan. |
basic_host_information_ checks={0|1} |
(Optional) Adds basic host information checks (hostname, OS, etc) to your Custom scans. These are already included in Complete scans. This setting is enabled by default. |
oval_checks={0|1} |
(Optional) Specify 1 to add a search list with QID 105186 (a diagnostic check for OVAL). |
all_qrdi_checks={0|1} |
(Optional) Specify 1 to scan target assets for all QRDI vulnerabilities in your subscription, i.e. all custom vulnerability checks defined with QRDI (Qualys Remote Detection Interface). |
exclude_search_list_ids= {value1, value2} |
(Optional) Specify ids of search lists you want to exclude from your scan. |
authentication={value1,value2} |
(Optional) Want to run authenticated scans? When you use authentication we'll perform a more in-depth assessment and get you the most accurate results with fewer false positives. Specify one or more technologies for the hosts you want to scan. Be sure you've configured authentication records (under Scans > Authentication) before running your scan. The following options are available: - Windows - Unix - Oracle - Oracle Listener - SNMP - VMware - DB2 - HTTP - MySQL - MongoDB - Tomcat Server - Palo Alto Networks Firewall - Sybase |
authentication_least_privilege=Unix |
(Optional) Specify authentication_least_privilege=Unix (this value is case sensitive) to use the least privileges required for Unix authentication. When specified, the scanner will not pass root delegation information specified in the Unix record to the scanner for vulnerability scans. When not specified (the default), root delegation will be used if specified in the Unix record. Note: Unix authentication must be enabled in the same option profile (authentication=Unix). |
enable_additional_certificate_ detection={0|1} |
(Optional) Want to detect additional certificates beyond ports? You need to enable authentication and then run new vulnerability scans. Specify 1 to enable this option before scanning and see additional certificate records (under Assets > Certificates). |
enable_dissolvable_agent={0|1} |
(Optional) Specify 1 to enable dissolvable agent. This is required for certain scan features like Windows Share Enumeration. How does it work? At scan time the Agent is installed on Windows devices to collect data, and once the scan is complete it removes itself completely from target systems. |
enable_windows_share_ enumeration={0|1} |
(Optional) Specify 1 to use Windows Share Enumeration to find and report details about Windows shares that are readable by everyone. This test is performed using QID 90635. Make sure 1) the Dissolvable Agent is enabled, 2) QID 90635 is included in the Vulnerability Detection section, and 3) a Windows authentication record is defined. |
enable_lite_os_scan={0|1} |
(Optional) Only interested in OS detection? Specify 1 to include QID 45017 in the scan (under Vulnerability Detection). |
custom_http_header={value} |
(Optional) Specify a custom value in order to drop defenses (such as logging, IPs, etc) when authorized scans are being run. |
custom_http_definition_key={value} |
(Optional) Specify a custom HTTP header definition key |
custom_http_definition_ header={value} |
(Optional) Specify a value for the custom HTTP header definition key defined in custom_http_definition_key. |
host_alive_testing={0|1} |
(Optional) Specify 1 to run a quick scan to determine which of your target hosts are alive without also performing other scan tests. The Appendix section of your Scan Results report will list the hosts that are alive and hosts that are not alive. You may see some Information Gathered QIDs in the results for hosts found alive. |
not_overwrite_os={0|1} |
(Optional) Specify 1 if you're running a light or custom scan and you don't want to overwrite the OS detected by a previous scan. |
test_authentication={0|1} |
(Optional) Specify 1 to test authentication to target hosts. |
enable_max_scan_duration_per_asset={0|1} |
If flag value is 1 then scan duration is enabled for option profile, else it is disabled. This parameter should be used along with max_scan_duration_per_asset_minutes. |
max_scan_duration_per_asset_minutes=maximum |
Maximum duration in minutes for scan to be performed on each asset. The parameters enable_max_scan_duration_per_asset and max_scan_duration_per_asset are mutually exclusive, and can only be specified if enable_max_scan_duration_per_asset is 1. |
System Authentication |
|
include_system_auth={0|1} |
(Optional to create or update option profile record, applicable for subscriptions with both PC and VM/VMDR) Specify include_system_auth=1 to include system created authentication records in scans along with user created records. When include_system_auth=1, one of these parameters should be enabled: use_system_auth_on_duplicate or use_user_auth_on_duplicate. This identifies which record to use if you have a system created record and a user created record for the same instance configuration. When include_system_auth=0, the user created record will be selected for scans by default. |
use_system_auth_on_duplicate={0|1} |
(Optional to create or update option profile record, applicable for subscriptions with both PC and VM/VMDR) Specify use_system_auth_on_duplicate=1 to use the system created authentication record if you have a system record and user record for the same instance configuration. The parameters use_system_auth_on_duplicate and use_user_auth_on_duplicate are mutually exclusive, and can only be specified if “include_system_auth=1”. |
use_user_auth_on_duplicate={0|1} |
(Optional to create or update option profile record, applicable for subscriptions with both PC and VM/VMDR) Specify use_user_auth_on_duplicate=1 to use the user created authentication record if you have a system record and user record for the same instance. The parameters use_system_auth_on_duplicate and use_user_auth_on_duplicate are mutually exclusive, and can only be specified if “include_system_auth=1”. |
Map |
|
basic_information_gathering= [all|register|netblockonly|none] |
(Required) Perform basic information gathering on: All: All Hosts (hosts detected by the map), Register: Registered Hosts (hosts in your account), Netblockonly: Netblock Hosts (hosts added by a user to the netblock for the target domain) or None. |
map_tcp_ports_standard_ scan={0|1} |
(Optional) Specify 1 to enable standard scan of TCP ports. Standard Scan includes 13 ports: 21-23, 25, 53, 80, 88, 110-111, 135, 139, 443, 445. |
map_tcp_ports_additional= {value1,value2} |
(Optional) Specify additional TCP ports to scan. You can specify up to 20 ports including the standard scan ports. |
map_udp_ports_standard_ scan={0|1} |
(Optional) Specify 1 to enable standard scan of UDP ports. Standard Scan includes 6 ports: 53, 111, 135, 137, 161, 500. |
map_udp_ports_additional= {value1,value2} |
(Optional) Specify additional UDP ports to scan. You can specify up to 10 ports including the standard scan ports. |
perform_live_host_sweep= {0|1} |
(Optional) Default setting is 1. Specify 0 to only discover devices using DNS discovery methods (DNS, Reverse DNS and DNS Zone Transfer.) Active probes will not be sent. As a result, we may not be able to detect all hosts in the netblock, and undetected hosts will not be analyzed. |
disable_dns_traffic={0|1} |
(Optional) Specify 1 if you want to disable DNS traffic for maps. This is valid only when the target domain name includes one or more netblocks, e.g. none:[10.10.10.2-10.10.10.100]. We'll perform network discovery only for the IP addresses in the netblocks. No forward or reverse DNS lookups, DNS zone transfers or DNS guessing/bruteforcing will be made, and DNS information will not be included in map results. |
map_overall_performance= {high|normal|low|custom} |
(Optional) The profile “normal” is recommended in most cases. The settings for map_external_scanners, map_scanner_appliances, map_netblock_size, and map_packet_delay change as per the specified profile. Normal - Well balanced between intensity and speed. High - Optimized for speed. May be faster to complete but may overload firewalls and other networking devices. Low - Optimized for low bandwidth network connections. May take longer to complete. |
map_external_scanners={value} |
(Optional) Specify the number of external scanners for netblocks to map at the same time per scanner. This setting is available only if you have multiple external scanners in your subscription. For example, if you have 10 external scanners in your subscription, you can configure this setting to any number between 1 to 10. |
map_scanner_appliances= {value} |
(Optional) Specify the number of scanner appliances for netblocks to map at the same time per scanner. Launching several concurrent scans on the same scanner appliance has a multiplying effect on bandwidth usage and may exceed available scanner resources. Don't have scanner appliances? Disregard the Scanner Appliance setting. |
map_netblock_size={1024 IPs|4096 IPs|8192 IPs|16384 IPs|32768 IPs|65536 IPs} |
(Optional) Specify the max number of IPs per netblock being mapped. The netblock specified for the domain is broken into smaller netblocks for processing. Each of these smaller netblocks equals a single map process. Use this setting to define how many IPs should be included in each process. |
map_packet_delay= {minimum|short|medium| long|maximum} |
(Optional) This is the delay between groups of packets sent to the netblocks being mapped. With a short delay, packets are sent more frequently, resulting in more bandwidth utilization and a shorter mapping time. With a long delay, packets are sent less frequently, resulting in less bandwidth utilization and a longer mapping time. |
map_authentication={VMware|vCenter} |
(Optional) Authentication enables the scanner to log into hosts at scan time to extend detection capabilities. See the online help to learn how to configure this option. |
Additional |
|
additional_tcp_ports={0|1} |
(Optional) Specify 1 to enable host discovery on additional TCP ports. Default setting is 1. |
additional_tcp_ports_ standard_scan={0|1} |
(Optional) Specify 1 to enable standard scan of additional TCP ports. Standard Scan includes 13 ports: 21-23, 25, 53, 80, 88, 110-111, 135, 139, 443, 445. Default setting is 1. |
additional_tcp_ports_ additional={value1,value2} |
(Optional) Specify additional TCP ports to scan. You can specify up to 20 ports including the standard scan ports. |
additional_udp_ports={0|1} |
(Optional) Specify 1 to enable host discovery on additional UDP ports. Default setting is 1. |
additional_udp_ports_type= {standard|custom} |
(Optional) Specify “standard” to enable standard scan of additional UDP ports. Standard Scan includes 6 ports: 53, 111, 135, 137, 161, 500. Default is “standard”. Specify “custom” to provide a custom list of ports using additional_udp_ports_custom. |
additional_udp_ports_ custom={value1,value2} |
(Optional) Specify additional UDP ports to scan. You can specify up to 10 ports including the standard scan ports. |
icmp={0|1} |
(Optional) Specify 1 to only discover live hosts that respond to an ICMP ping. Default setting is 1. |
blocked_resources={0|1} |
(Optional) Specify 1 in order to add ports protected by your firewall/IDS to prevent them from being scanned. |
protected_ports= {default|custom} |
(Optional) Ports protected by your firewall/IDS. Specify “default” to provide a list of default blocked ports: 0-1, 111, 513-514, 2049, 4100, 6000-6005, 7100, 8000. Default setting is “default”. Specify “custom” to provide a custom list of protected ports using protected_ports_custom. |
protected_ports_custom= {value1,value2} |
(Optional) Specify a custom list of protected ports. |
protected_ips={all|custom} |
(Optional) IP addresses and ranges protected by your firewall/IDS. Default is “all”. |
protected_ips_custom= {value1,value2} |
(Optional) Specify a custom list of IP addresses and ranges protected by your firewall/IDS. |
ignore_firewall_generated_ tcp_rst_packets={0|1} |
(Optional) Specify 1 to identify firewall-generated TCP RESET packets and ignore them. |
ignore_all_tcp_rst_packets={0|1} |
(Optional) Specify 1 to ignore all TCP RESET packets - firewall-generated and live-host-generated. |
ignore_firewall_generated_ tcp_syn_ack_packets={0|1} |
(Optional) Specify 1 to determine if TCP SYN-ACK packets are generated by a filtering device and ignore packets that appear to originate from such devices. |
not_send_tcp_ack_or_syn_ ack_packets_during_host_ discovery={0|1} |
(Optional) Specify 1 if you do not want to send TCP ACK or SYN-ACK packets. Out of state TCP packets are not SYN packets and do not belong to an existing TCP session. |