Skip navigation

A new release of QualysGuard, Version 7.5, will be available in production by the end of October 2012. The final date has not been determined yet but this release contains changes to the API that requires a 30 day notification. More information specific to this release, including the date of global availability, will be communicating via the Release Notification pages here:


This API notification provides an early preview into the coming API changes, allowing you to proactively figure out any changes that might be required for your automated scripts or programs that make API calls the following functions:

  • New API to launch Policy Compliance scans: “/api/2.0/fo/scan/compliance/” with “action=launch
  • Update to “scan_list_output.dtd” DTD for XML output of the new “/api/2.0/fo/scan/compliance/?action=list” API request only
  • Update to Policy Compliance XML scan results with a new section to show scan authentication issues
  • Update to Policy Compliance XML reports generated with the UI or the API “/api/2.0/fo/report/?action=fetch”.  <HOST_STATISTICS> section now contains the Operating System information
  • Update to “/api/2.0/fo/auth/oracle” with a option to support “invPtrLoc” file path
  • Update to “/msp/ticket_edit.php” API with a new option to support reopen date
  • /msp/scheduled_scans.php” XML output updated to show continuous tasks


Warning: all the examples provided below use “”. Replace this FQDN by the API server FQDN of your QualysGuard datacenter (for instance: “”).


New API to launch and manage Policy Compliance scans


QualysGuard 7.5 now includes a new API to manage Policy Compliance scans. This API includes 5 key functions:

  • Launch, to start a compliance scan
  • Pause, to pause a compliance scan
  • Resume, to resume a previously paused scan
  • List, to retrieve the list of compliance scans with their respective status, reference key, etc...
  • Fetch, to retrieve information for a specific compliance scan
  • Cancel, to cancel a compliance scan


The “New Scanner Services” is required for these API, please refer to the link here after for more information:


A new DTD “compliance_scan_result_output.dtd” has been released.


Example: launch a new Policy Compliance scan:

HTTP POST is required for "action=launch"


$ curl -u "USER:PASSWORD" -H "X-Requested-With: curl" -X "POST" -d "action=launch&option_title=SCAN_OPTION_PROFILE_TITLE&ip=IP_ADDRESS&iscanner_name=SCANNER_APPLIANCE_NAME" ""

<?xml version="1.0" encoding="UTF-8" ?>
    <TEXT>New compliance scan launched</TEXT>



Update to “scan_list_output.dtd” DTD


This DTD describes the XML results of the existing “/api/2.0/fo/scan/?action=list” output and the new “/api/2.0/fo/scan/compliance/?action=list” output.


There is a new optional <ID> XML element which is only returned by the new “/api/2.0/fo/scan/compliance/” API.


The output of “/api/2.0/fo/scan/?action=list” has not been changed even if the XML output is described by the same DTD.


Example: list Policy Compliance scans:



$ curl -k -u "USER:PASSWORD" -H "X-Requested-With: curl" -X "POST" -d "action=list" ""

<?xml version="1.0" encoding="UTF-8" ?>


Updates to “compliance_scan.dtd” and “compliance_scan_result_output.dtd” DTD to show host reasons for authentication issues


With QualysGuard 7.5, detailed reasons for authentication issues are returned in the policy compliance XML scan results downloaded with the UI (compliance_scan.dtd), and the policy compliance XML scan results downloaded with the API (compliance_scan_result_output.dtd) like in this example:


$ curl -k -u "USER:PASSWORD" -H "X-Requested-With: curl" -X "POST" ""


A new <AUTH_SCAN_ISSUES> XML section has been added and provides additional information when host authentication issues happened, including failed authentication or insufficient privileges.




<?xml version="1.0" encoding="UTF-8" ?>
                                        <CAUSE><![CDATA[Unable to complete Windows login for host=, user=Administrator, domain=, ntstatus=c000006d]]></CAUSE>
                                        <CAUSE><![CDATA[Unable to complete login for host=, user=root]]></CAUSE>
                                        <CAUSE><![CDATA[Insufficient privileges]]></CAUSE>



Update to “compliance_policy_report.dtd” DTD to add Operating System informatio to Policy Compliance XML reports


The policy compliance reports returned in XML are now displaying a new <OPERATING_SYSTEM> XML element for each host lke in this example:


$ curl -k -u "USER:PASSWORD" -H "X-Requested-With: curl" ""

<?xml version="1.0" encoding="UTF-8" ?>
        <OPERATING_SYSTEM><![CDATA[Windows XP Service Pack 3]]></OPERATING_SYSTEM>
        <PERCENTAGE>66.67% (4 of 6)</PERCENTAGE>


“/api/2.0/fo/auth/oracle” option to support “invPtrLoc”


QualysGuard 7.5 supports the “invPtrLoc” parameter for OPatch detections. This parameter identifies the location of the oraInst.loc file. Using this parameter allows users to identify a custom inventory for patches.


Using the “Oracle authentication” API v2 (/api/2.0/fo/auth/oracle/), users have the option to define the “invPtrLoc” parameter when creating and editing Oracle records.


$ curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d


When defined for an Oracle record, this parameter is included in the Oracle authentication records list. The “auth_oracle_list_output.dtd” DTD has been updated.


$ curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" ""

<?xml version="1.0" encoding="UTF-8" ?>


“/msp/ticket_edit.php” new option to support “reopen” date


The “/msp/ticket_edit.php” function supports a new parameter “reopen_ignored_days” which may be specified to automatically reopen Closed/Ignored tickets in a set number of days. This new parameter was added to the XML output and the “ticket_edit_output.dtd” DTD was updated.


$ curl -u USERNAME:PASSWORD -H "X-Requested-With: Curl" ""

<?xml version="1.0" encoding="UTF-8" ?>


“/msp/scheduled_scans.php” XML output updated to show continuous tasks


QualysGuard 7.5 supports a new type of scheduled scan, also called “continuous scanning”. When a scheduled task is configured as a continuous scan, a new instance of a scan is launched right after the previous instanced is finished. The XML output of “/msp/scheduled_scan.php” has been updated with a new <RELAUNCH_ON_FINISH> XML element and the “scheduled_scans.dtd" has been updated.


$ curl -u "USER:PASSWORD" -H "X-Requested-With: curl" ""

<?xml version="1.0" encoding="UTF-8" ?>
     <SCAN active="no" ref="647xx">
               <RELAUNCH_ON_FINISH />




Full release notes will be available to customers from within the Resources section of your QualysGuard account.

Filter Blog

By date: By tag: