Scan Summary



This is the original VM Scan Summary API for identifying hosts that were not scanned and why. We recommend you try the new improved VM Scan Summary API which has more filter options and enhanced output content. See VM Scan Summary.

Permissions - Manager role is required.

How it works - First we’ll find all the scans launched since the date (or within the date range) that you specify. Then we’ll identify hosts that were included in the scan target but not scanned for some reason. For each host you’ll see the category/reason it was not scanned and the host’s tracking method.

Input Parameters






(Optional) Specify 1 to view (echo) input parameters in the XML output. By default these are not included.


(Required) Include scans started since a certain date. Specify the date in YYYY-MM-DD format. The date must be less than or equal to today’s date.


(Optional) Include scans started up to a certain date. Specify the date in YYYY-MM-DD format. The date must be more than or equal to scan_date_since, and less than or equal to today’s date.


(Optional) The output format: XML (the default), CSV or JSON.


(Optional) By default hosts with any tracking method will be returned in the output. Use this option to only include hosts with a certain tracking method. Valid values are: IP, DNS, NETBIOS.


(Optional) Set to 0 if you do not want to include dead hosts in the output. Dead hosts are included by default.


(Optional) Set to 1 to include hosts that were excluded from a scan in the output. Excluded hosts are not included by default.


(Optional) Set to 1 to include unresolved hosts in the output. Unresolved hosts are not included by default.


(Optional) Set to 1 to include cancelled hosts in the output. Cancelled hosts are not included by default.


(Optional) Set to 1 to include hosts that are not vulnerable in the output. Not vulnerable hosts are not included by default.


(Optional) Set to 1 to include blocked hosts in the output. Blocked hosts are not included by default.


(Optional) Set to 1 to include duplicate hosts in the output. Duplicate hosts are not included by default.


(Optional) Set to 1 to include aborted hosts in the output. Aborted hosts are not included by default.


Sample - List scan summary

API request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" "



XML output

<?xml version="1.0" encoding="UTF-8" ?>









       <HOST_SUMMARY category="notvuln" tracking="IP">,</HOST_SUMMARY>

       <HOST_SUMMARY category="notvuln" tracking="DNS">,</HOST_SUMMARY>

       <HOST_SUMMARY category="notvuln" tracking="NETBIOS">gfi-31-3,gfi-31-4</HOST_SUMMARY>

       <HOST_SUMMARY category="cancelled" tracking="IP">,</HOST_SUMMARY>

       <HOST_SUMMARY category="cancelled" tracking="DNS">,</HOST_SUMMARY>

       <HOST_SUMMARY category="dead" tracking="IP"></HOST_SUMMARY>

       <HOST_SUMMARY category="dead" tracking="NETBIOS">gfi-31-10,gfi-31-11</HOST_SUMMARY>

       <HOST_SUMMARY category="excluded" tracking="IP"></HOST_SUMMARY>

       <HOST_SUMMARY category="unresolved" tracking="NETBIOS">gfi-31-13</HOST_SUMMARY>

       <HOST_SUMMARY category="duplicate" tracking="IP"></HOST_SUMMARY>

       <HOST_SUMMARY category="duplicate" tracking="DNS"></HOST_SUMMARY>





Categories for hosts not scanned

Section tag



The hosts were excluded. Hosts may be excluded on a per scan basis (by the user launching or scheduling the scan) or globally for all scans. Managers and Unit Managers have privileges to edit the global excluded hosts list for the subscription..


Hosts were not scanned because the scan was cancelled. Scans may be cancelled by a user, by an administrator or automatically by the service as specified in scheduled scan settings.


The hosts were not “alive” at the time of the scan, meaning that they did not respond to probes sent by the scanning engine, and the option to Scan Dead Hosts was not enabled.


Hosts were scanned but they could not be reported because the NetBIOS or DNS hostname, whichever tracking method is specified for each host, could not be resolved.


The hosts were duplicated within a single segment/slice of the scan job. For example, two different hostnames resolving to the same IP with tracking by IP.

Not Vulnerable

Hosts were found to be not vulnerable during host discovery without having to run a full scan. This could happen for example if the list of QIDs to be scanned are limited to certain ports and those ports are found to be closed.


The scan was abruptly discontinued. This is a rare occurrence that may be caused for various reasons. Contact Support for assistance.


Hosts were blocked from scanning for some reason.


<platform API server>/api/2.0/fo/scan/summary/scan_summary_output.dtd