Tell me about the SCAP ARF Report

You can launch a SCAP scan report in Asset Reporting Format (ARF) using our API, a requirement in the SCAP 1.2 specifications from NIST.

Tell me about user permissions

How do I launch this report?

Use the SCAP ARF Report API v2 (the resource /api/2.0/fo/compliance/scap/arf/). You'll need to provide the scan ID for a finished SCAP scan (use the "id" input parameter). You can limit the report to certain IP addresses only (use the optional "ips" parameter). Do you have the Networks feature turned on? If yes and you specify "ips" you can limit the report to a specific network (use the optional "ips_network_id" parameter).

How do I find the SCAP scan ID?

API Request

Here's a sample API request:

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X POST -d
"scan_id=3362251&ips=10.10.10.1-10.10.10.10"
"https://qualysapi.qualys.com/api/2.0/fo/compliance/scap/arf/"

Tell me about the Cloud Platform URL

XML Output

The XML output is compliant with the ARF 1.1 Schema. Show me this Schema

Where can I learn more about using the API?

Refer to the Qualys API User Guide for a better understanding of API conventions and detailed instructions on using API functions. Get the latest information from our Community.

From the Community
Qualys API (VM, PC) User Guide