Eric Perraudeau

QualysGuard 6.17 API Notification

Blog Post created by Eric Perraudeau on Feb 1, 2011

Dear Customers-


A new update of QualysGuard® version 6.17 will be available in production on Monday, February 7th 2011 for the US platform, and on later on this month for the EU platform. For additional information, please check the US release notification and the EU release notification.


Please, remember that you can receive these QualysGuard Release Notifications using this self-subscription page:


QualysGuard 6.17 includes the following API enhancements:

  • New QualysGuard Detection API

QualysGuard 6.17 includes a new “detection” extension to the version 2 API that is available via following URL:  This gives API users the ability to obtain the most current vulnerability data (“automatic” data) associated to host assets in a XML format that can be easily imported into third party solutions.  The detection API is a recommended replacement for other existing API calls such as “asset_range_info.php”, “asset_data_report.php”, “asset_search.php” and “get_host_info.php”.

Additional details about the new detection API, including examples and typical uses cases are available here:

  • New Virtual Patch Information

With QualysGuard 6.17 new virtual patch information is correlated with vulnerabilities when this information is available from Trend Micro. When virtual patch information is correlated with a vulnerability, one or more virtual patches from Trend Micro appear in the Solution section under the solution description provided by Qualys.

The <SOLUTION> element in the XML output describes the recommended solution for fixing each vulnerability detected by the service. One or more virtual patches will be included, when available from Trend Micro for the following API calls:

    • scan.php
    • scan_report.php
    • asset_range_info.php
    • asset_data_report.php
    • get_host_info.php
    • get_tickets.php
    • ticket_list.php
    • knowledgebase_download.php


  • New OS Pattern Filter for Host API

The new input parameter “os_pattern” for the host API (with the /api/2.0/fo/asset/host API endpoint) allows the user to filter hosts for processing based on a Perl-style regular expression. The “os_pattern” parameter is supported for both a host list request (action=list) and for a host purge request (action=purge).

The existing input parameters continue to be available, as described in the QualysGuard API documentation. Please see the QualysGuard API V2 User Guide, Chapter 5 for complete information using the host API to view a host list and purge hosts.


  • Support for Cisco IOS Authentication

This release introduces a new authentication type: Cisco IOS. Cisco IOS authentication allows users to perform authenticated scans of Cisco IOS devices that support the SSH protocol (SSH1 and SSH2) and telnet. For compliance scans, successful authentication to target hosts is required.

Cisco IOS authentication must be performed with superuser (root) privileges. The user account provided for authentication must be able to execute the following commands:

    1. “show version” to identify the version of the Cisco IOS device
    2. “show logging” to gather logging configuration information
    3. “show running-config” (from the “enable” shell) to gather current system configuration settings.

The /api/2.0/fo/auth/unix resource allows you to manage Unix and Cisco IOS authentication records. You can submit API requests to view Unix authentication records, add new records, update records and delete records.

Important Note: One IP address in the user’s account can be added to one Cisco IOS record or one Unix record.


Full API release notes will be available to download from within the Resources section of your QualysGuard account. If you have any question, please let us know.




Eric Perraudeau

Product Manager for API and Integrations

+1 650 801 7750