Skip navigation
1 2 3 Previous Next

API Notifications

143 posts

A new release of Qualys Cloud Platform v2.42 (WAS/AM/SAQ) includes an updated API which is targeted for release in November 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.


What’s New
AWS Asset Data Connector: Support for New Regions
The Asset Management and Tagging API has been updated to support the following new regions: GovCloud: us-gov-east-1China: cn-northwest-1Bahrain: me-south-1

 

Host Asset API: Search IBM assets
The Asset Management and Tagging API has been updated to allow searching for IBM assets in your account.

 

Security Assessment Questionnaire: New Campaign API
Introducing 2 new APIs for SAQ: Questionnaire Campaign API and Questionnaire API

 

Web Application Scanning (WAS): Tag Details in Web App API
With introduction of new optional parameter for Web Applications API, you can now also view the list of tags (and not just count of tags) associated with the web application.

 

WAS: XSS Payloads Option for Standard Scans
You can now enable comprehensive tests for cross-site scripting vulnerabilities to be executed during our standard scan using the new parameter in option profile. The comprehensive tests includes XSS with exhaustive set of payloads including set of standard payloads. Running a scan with XSS payloads option enabled in the detection scope of standard scan will provide the best assurance that your web application is free from XSS vulnerabilities. However, enabling this option leads to significant increase in the scan time.

 

WAS: New Groups for Information Gathered Issues
Currently, all Information Gathered issues in WAS are clubbed together in the report. We have now introduced two new groups for issues of type Information Gathered:- Diagnostic IG (general information about the scan)- Weakness IG (issues that are security weakness or conflict with best practices)

 

WAS: Cancel Scan with Results Support for Scans
Currently, canceling an unfinished scan on a web application which is in the user’s scope does not return any results. We have now introduced a new parameter <cancelWithResults> that allows you to cancel the scan and still retain results. You can use the scan ID and generate a report to view the results.

 

WAS: Scan Again Support for Scan API
We now provide the option to execute a previous scan again. Identify the scan you want to run again and use scanagain action. We'll pre-fill the scan settings to match the original scan.

A new release of Qualys Cloud Platform 8.21.6 includes an updated API which is targeted for release in November 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

 

 

What’s New

 

New Oracle HTTP Server Authentication API
/api/2.0/fo/auth/
/api/2.0/fo/auth/oracle_http_server/
Oracle HTTP Server authentication is now supported for compliance scans on Unix and Windows. The new Oracle HTTP Server Authentication API (api/2.0/fo/auth/oracle_http_server/) lets you list, create, update and delete Oracle HTTP Server authentication records. User permissions for this API are the same as other authentication record APIs. Note that the API supports authentication record creation only for Oracle Server installed on respective OS - Unix or Windows.

 

 

Support for File Content Check on Windows
/api/2.0/fo/compliance/posture/info/?action=list
/api/2.0/fo/compliance/control/?action=list
/api/2.0/fo/compliance/policy/?action=export
With this release, you can now configure a File Content Check control to check the contents of a Windows file. Tell us which file you want to evaluate and what you're looking for. We'll return all lines in the file that match. You can specify your file location using any of the path types: Registry Key, File Search, File Path

 

 

Support for HashiCorp vault in Database Authentication records   
/api/2.0/fo/auth/  
HashiCorp Vault is now supported for the following database authentication records: MySQL, MariaDB, Sybase, PostgreSQL, MongoDB. You can create, update, list, and view authentication credentials from a HashiCorp vault.

 

Updates to Input Parameters for Cloud Perimeter Scan Jobs
/api/2.0/fo/scan/cloud/
It’s now possible to launch a cloud perimeter scan job without specifying the platform, region code, vpc id or asset tags. Multiple input parameters changed from Required to Optional to provide this flexibility. Note - There are no changes to the XML output or DTD.

 

 

 

Sybase Authentication is Now Supported in VM
/api/2.0/fo/auth/sybase/
/api/2.0/fo/subscription/option_profile/
Sybase authentication was already supported for PC and now it’s also supported in VM for vulnerability scanning. Each Sybase record identifies account login credentials, database information and target host IPs for authenticating to Sybase Adaptive Server Enterprise (ASE) instances. How you create and manage Sybase records is the same as previously documented for PC. You can find all the details in the Qualys API (VM/PC) User Guide. 

 

We made updates to the VM option profile API to allow users to enable Sybase authentication for vulnerability scans. You’ll also see Sybase in the XML output when you list/export option profiles with Sybase enabled. Note that there are no DTD changes.

Version changed from 8.22 to 8.21.6

 

A new release of Qualys Cloud Platform 8.21.6 includes an updated API which is targeted for release in November 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.


What’s New
Support for File Content Check on Windows
/api/2.0/fo/compliance/posture/info/?action=list
/api/2.0/fo/compliance/control/?action=list
/api/2.0/fo/compliance/policy/?action=export

With this release you can now configure a File Content Check control to check the contents of a Windows file. Tell us which file you want to evaluate and what you're looking for. We'll return all lines in the file that match. You can specify your file location using any of the path types: Registry Key, File Search, File Path

A new release of Qualys Cloud Platform v2.41 (WAS/WAF) includes an updated API which is targeted for release in September 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.


What’s New
WAS API: New DNS Override Support
/qps/rest/3.0/get/was/dnsoverride/{id}
/qps/rest/3.0/count/was/dnsoverride/
/qps/rest/3.0/search/was/dnsoverride/
/qps/rest/3.0/create/was/dnsoverride/
/qps/rest/3.0/update/was/dnsoverride/{id}
/qps/rest/3.0/delete/was/dnsoverride/{id}
By default we'll use the DNS for the web application URL to crawl the web app and perform scanning. If you provide a DNS override record through our new API, we'll use the mappings in your record instead.

 

HTTP Profile API: Support for Keeping/Removing Accept Encoding Header Field in Request Header
/qps/rest/2.0/get/waf/httpprofile/<id>
/qps/rest/2.0/search/waf/httpprofile
/qps/rest/2.0/create/waf/httpprofile/qps
/rest/2.0/update/waf/httpprofile
You can now create an HTTP profile for your web application to specify the WAF application to either retain or remove the Accept Encoding header field in requests. If you choose to retain the Accept Encoding header field then WAF will keep the header field in requests that contain this header field while forwarding the requests to your web application. By default, WAF will remove this header field.

 

New API to Search for Security Events
/qps/rest/2.0/search/waf/eventlog
You can now search for security events detected for your web application in the event log using the search filters provided by the Eventlog API.

A new release of Qualys Cloud Platform v8.21.2 (VM/PC) includes an updated API which is targeted for release in September 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.


What’s New
IBM WebSphere App Server and JBoss Server: Instance Discovery, Auto Record Creation and more
/api/2.0/fo/auth/unix/
/api/2.0/fo/auth/windows/
Instance discovery and auto record creation is now supported for IBM WebSphere App Server/JBoss Server (UI and API). As before a single IBM WebSphere/JBoss record may be used when the same record configuration is replicated across hosts in the record.

 

Compliance Posture API: Parameters added to show fail/pass dates for controls
/api/2.0/fo/subscription/option_profile/pc/
We have added 5 new parameters to the Compliance Posture API to show you the following information in the posture information output: 1) for failed controls, the first and last failed dates. 2) for passed controls, the first and last passed dates and 3) previous posture status (failed/passed) for a control.

A new release of Qualys Cloud Platform v8.21 (VM/PC) includes an updated API which is targeted for release in August 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.


What’s New
API Support for New Vault Types for Cisco and Checkpoint
/api/2.0/fo/auth/unix/
We now support few more vault types as part of authentication record settings for Unix Subtypes: Cisco and Checkpoint Firewall. Newly supported vault types for Cisco authentication records are Azure Key and HashiCorp vaults and newly supported vault type for Checkpoint Firewall is HashiCorp vault. These vaults are already supported for these authentication types in the UI.

A new release of Qualys Cloud Platform v2.40 (WAS) includes an updated API which is targeted for release in August 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.


What’s New
WAS API: Option to choose all Detections in Option Profile
/qps/rest/3.0/get/was/optionprofile/<id>
/qps/rest/3.0/create/was/optionprofile
/qps/rest/3.0/update/was/optionprofile/<id>
You can now configure the option profile for you scan so that it could include all the WAS related detections. We have now introduced a new option named "Everything" for detection scope of Option Profile that includes every WAS related detection during the scan.

 

WAS API: Unique ID for Findings
/qps/rest/3.0/get/was/finding/<id>
/qps/rest/3.0/search/was/finding
/qps/rest/3.0/count/was/finding
/qps/rest/3.0/ignore/was/finding
/qps/rest/3.0/activate/was/finding
/qps/rest/3.0/editSeverity/was/finding
/qps/rest/3.0/restoreSeverity/was/finding
/qps/rest/3.0/retest/was/finding
We have now introduced 36-bit unique ID (uniqueId) for each finding. The ID would be unique for every finding. Earlier, the combination of three fields namely: finding ID, finding type and finding category would make a finding unique. Now, with the implementation of uniqueId, you can easily distinguish every finding

A new release of Qualys Cloud Platform v2.39 (WAS/AM) includes an updated API which is targeted for release in June 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.


What’s New
Web Application Scanning API: Enhanced Crawling
/qps/rest/3.0/get/was/optionprofile/<id>
/qps/rest/3.0/create/was/optionprofile
/qps/rest/3.0/update/was/optionprofile/<id>
You can now enable enhanced crawling in your option profile for your scans to improve scan coverage for your web application. With the enhanced crawling enabled, more links can be crawled and will improve scan coverage. We will re-crawl individual directories present in the links which are found during crawling.

 

Asset Management & Tagging API: Search host assets using IBM attributes
/qps/rest/2.0/search/am/hostasset
The Asset Management and Tagging API has been updated to allow searching host assets using IBM attributes.

 

Asset Management & Tagging API: New API for Azure Asset Data Connector

/qps/rest/2.0/create/am/azureassetdataconnector
/qps/rest/2.0/update/am/azureassetdataconnector
/qps/rest/2.0/delete/am/azureassetdataconnector/<id>
/qps/rest/2.0/get/am/azureassetdataconnector
/qps/rest/2.0/search/am/awsassetdataconnector
We have now introduced new API for Azure connectors. You can create, update, delete or view the list of Azure connectors.

A new release of Qualys Cloud Platform v8.20 (VM,PC) includes an updated API which is targeted for release in June 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.


What’s New
New Database UDCs for Oracle and MSSQL
With this release you can now create custom controls for Oracle database and MSSQL database. To support database controls, we’ve added new elements to the XML output and DTDs for Control List Output, Policy Export Output, Posture Info List Output, and the ImportableControl.xsd schema.

 

Control List Output - DTD Change
The Control List Output DTD is used to view the list of compliance controls which are visible in your account.

 

Policy Export Output - DTD Change
The Policy Export Output DTD is used to export compliance policies from your account to an XML file.

 

Subscription API: Import/Export Email Notification Settings for Password Expiry
We have updated the Export Subscription Configurations API output to include configuration settings for password expiry notification emails in the “USERS” element. New settings indicate whether users in the subscription will be notified by email before their password expires, how often password expiration emails will be sent and when to switch to daily emails

 

Subscription API - Import/Export Session Timeout Settings for User Roles
We updated the Export Subscription Configurations API output to include session timeout settings by user role. New settings indicate whether the option to customize session timeout by user role is enabled and the session timeout value for each role. The session timeout setting is configured under Users > Setup > Security in the UI. Note that not all user roles are available in all subscriptions.

A new release of Qualys Cloud Platform v8.20 (VM,PC) includes an updated API which is targeted for release in June 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.


What’s New
New Database UDCs for Oracle and MSSQL
With this release you can now create custom controls for Oracle database and MSSQL database. To support database controls, we’ve added new elements to the XML output and DTDs for Control List Output, Policy Export Output, Posture Info List Output, and the ImportableControl.xsd schema.

 

Subscription API: Import/Export Email Notification Settings for Password Expiry
We have updated the Export Subscription Configurations API output to include configuration settings for password expiry notification emails in the “USERS” element. New settings indicate whether users in the subscription will be notified by email before their password expires, how often password expiration emails will be sent and when to switch to daily emails

A new release of Qualys Cloud Platform v8.19 (VM,PC) includes an updated API which is targeted for release in May 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.


What’s New
Sybase Authentication - Password Encryption and Auto Discover Databases
/api/2.0/fo/auth/sybase/
This release introduces 2 new options for Sybase authentication - Password Encryption and Auto Discover Databases.

Password Encryption - Enable this option when your Sybase database instance requires an encrypted password for successful login. If password encryption is required and you do not enable this option then authentication will fail.

Auto Discover Databases - Enable this option and we'll find all Sybase database names on each host for you. This means you no longer have to create a separate Sybase record for each database name. Create one record with Auto Discover Databases enabled to authenticate to multiple databases on the same host.

 

PC - New MS Exchange Server Authentication API
/api/2.0/fo/auth/
Microsoft Exchange Server authentication is now supported for compliance scans. The new MS Exchange Server Authentication API (api/2.0/fo/auth/ms_exchange/) lets you list, create, update and delete MS Exchange Server authentication records. User permissions for this API are the same as other authentication record APIs. Note that the API supports authentication record creation only for MS Exchange Server installed on Windows.

 

New Support for Microsoft Azure Key Vault
/api/2.0/fo/auth/windows/
/api/2.0/fo/auth/unix/
/api/2.0/fo/auth/ms_sql/
/api/2.0/fo/auth/mysql/
/api/2.0/fo/auth/mariadb/
/api/2.0/fo/auth/mongodb/
/api/2.0/fo/auth/oracle/
/api/2.0/fo/auth/postgresql/
This new vault type can be used to retrieve authentication credentials from an Azure key vault. We updated the authentication vault API (create, update, list, view) and the authentication record API (create, update, list) to support the new vault type.

A new release of Qualys Cloud Platform v8.19 (VM,PC) includes an updated API which is targeted for release in April 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.


What’s New
Sybase Authentication - Password Encryption and Auto Discover Databases
/api/2.0/fo/auth/sybase/
This release introduces 2 new options for Sybase authentication - Password Encryption and Auto Discover Databases.

Password Encryption - Enable this option when your Sybase database instance requires an encrypted password for successful login. If password encryption is required and you do not enable this option then authentication will fail.

Auto Discover Databases - Enable this option and we'll find all Sybase database names on each host for you. This means you no longer have to create a separate Sybase record for each database name. Create one record with Auto Discover Databases enabled to authenticate to multiple databases on the same host.

 

PC - New MS Exchange Server Authentication API
/api/2.0/fo/auth/
Microsoft Exchange Server authentication is now supported for compliance scans. The new MS Exchange Server Authentication API (api/2.0/fo/auth/ms_exchange/) lets you list, create, update and delete MS Exchange Server authentication records. User permissions for this API are the same as other authentication record APIs. Note that the API supports authentication record creation only for MS Exchange Server installed on Windows.

A new release of Qualys Cloud Platform v2.38 (WAS) includes an updated API which is targeted for release in April 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.


What’s New
WAS API: Enhancements to Finding API response

/qps/rest/3.0/get/was/finding/<id>/

/qps/rest/3.0/search/was/finding
We have now improved the response for Finding API to include following details:
-the tags associated with the web application on which the finding was detected.
-details related to ignored finding

A new release of Qualys Cloud Platform v1.8 (Cloudview) includes an updated API which is targeted for release in April 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.


What’s New
CloudView API URLs updated
With the CloudView 1.8, the URLs for all the CLoudView REST APIs are updated. The API URLs that currently use 1.5 will be replaced with v1 across all the CloudView API URLs. Additionally, we have also updated the "lastsynch" to "lastSyncedOn" in the response.

 

AWS API Updates
We have now added a new element named isPortalConnector. The new element is a boolean flag to indicate whether the AWS connector is also created in Portal module or not (Asset View). If not, you can set this element to true and automatically create the same connector in AssetView module. However, if the connector is created in AssetView as well, then the authentication information associated with the connector is linked to CloudView as well. If you update the authentication information for the connector in AssetView, it will automatically reflect in CloudView as well.

 

Azure APIs (New)
We have now introduced APIs for your Azure Connectors. We support the following operations and evaluations for your Azure Connector:
Get list of connectors
Get the details of Azure connector
Create a new Azure connector
Run the specified Azure connector
Update the existing Azure connector
Delete the Azure connectors
Azure Evaluations

 

GCP APIs (New)
We support the following operations for GCP Connector:
Get list of GCP connectors
Get the details of a specified GCP connector
Create a new GCP connector
Run the specified GCP connector
Update the existing GCP connector
Delete the specified GCP connectors
GCP Evaluations

 

Reports API (New)
We support the following operations for Reports API:
Get list of report configurations
Get list of all supported mandates
Get list of all supported policies
Get the complete data of the specified report
Get the details of specified report configuration
Create a new report configuration
Update the existing report configurations
Delete the provided report configurations

A new release of Qualys Cloud Suite QWEB 8.18.1 (VM/PC) includes an updated API which is targeted for release in April 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What’s New
New Support for HashiCorp Vault
/api/2.0/fo/vault
/api/2.0/fo/auth/windows/
/api/2.0/fo/auth/unix/
This new vault type can be used to retrieve authentication credentials from a HashiCorp vault. We updated the authentication vault API (create, update, list, view) and the authentication record API (create, update, list) to support the new vault type. We updated the DTDs for listing Windows and Unix record.

 

Option Profile API - DTD/XSD Change
We added VAULT_SECRET_KV_PATH?, VAULT_SECRET_KV_NAME?, VAULT_SECRET_KV_KEY to the Windows and Unix Authentication List Output DTDs. The Cisco authentication record uses Unix Authentication List Output DTD.

Filter Blog

By date: By tag: