How to exclude non-exploitable QIDs from the host detection API

Document created by Jeff Leggett Employee on Oct 11, 2017Last modified by Jeff Leggett Employee on Oct 12, 2017
Version 4Show Document
  • View in full screen mode

In Qualys Cloud Platform QWEB 8.10 we added a new feature to "exclude non-exploitable QIDs" from reports and related.


While there are open FR's today to do this in the host detection and host list API's you can do it today with a search list, here's how:


First Create a new Dynamic Search list in the UI:


Call it something easily used in an API call, like "NonExploitableQIDs". Then the next screen scroll down to where you see "Other: " and click the "Not exploitable due to configuration" checkbox.  Then Save.


Now you can use that search list to exclude those QID's from results in API's that have an exclude_search_list_titles or similar parameter (Host List and Host List Detection for example).