Skip navigation

A new release of QualysGuard WAS, Version 2.4.2, will be available in production in the US datacenter March 5th, 2013 and in the EU datacenter March 14th 2013.  This update includes enhancements to many reporting capabilities available via the API, making it easier to integrate WAS with other security solutions.   This release is completely transparent to users and will require no scheduled downtime. The release will occur between 12 PM PST (20:00 GMT) and 8 PM PST (04:00 AM GMT next day).

 

This API notification provides an early preview into the coming API changes, allowing you to proactively identify any changes that might be required for your automated scripts or programs that use the following functions or XML outputs.  All changes to existing APIs were included in the notification posted on January 24th, 2013.  This updated notification includes all changes for WAS 2.4.2 including new API methods that will not impact existing API implementations.

 

Create Report 

With QualysGuard WAS 2.4.2  in both the WebAppReport and ScanReport elements, the searchlists XML element used to define search lists to include will be renamed as includedSearchLists. It will still contain a list of SearchList elements. 

 

Web Application and Scan Reports — Show Vulnerabilities by Status

We’ve added a new VULNERABILITIES_BY_STATUS option to allow you to show vulnerabilities by status in reports. For a Web Application Report this option can be added to the WebAppReportGraph element. For a Scan Report this option can be added to the ScanReportGraph element.

 

Example - Create a web application report

 

Create a web application report in encrypted PDF format, requesting the vulnerabilities by status graph.

 

Request:

curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -d @-"https://qualysapi.qualys.com/qps/rest/3.0/create/was/webapp_report" <file.xml

Note: “file.xml” contains the request POST data.
  
Request POST Data:
<ServiceRequest>
  <data>
    <Report>
      <name><![CDATA[My Web Application Report]]></name>
        <description><![CDATA[A simple WebApp report]]></description>
        <format>PDF_ENCRYPTED</format>
        <password>PASSWORD</password>
        <distributionList>
          <set>
            <EmailAddress>EMAIL ADDRESS</EmailAddress>
            <EmailAddress>EMAIL ADDRESS</EmailAddress>
          </set>
        </distributionList>
        <type>WAS_WEBAPP_REPORT</type>
        <config>
          <webAppReport>
            <target>
              <tags>
                <Tag>
                  <id>243130</id>
                </Tag>
                <Tag>
                  <id>243132</id>
                </Tag>
                </tags>
                <webapps>
                  <WebApp>
                    <id>532510</id>
                  </WebApp> 
                  <WebApp>
                    <id>532601</id>
                  </WebApp>
                </webapps>
              </target>
              <display>
                <contents>
                  <WebAppReportContent>DESCRIPTION</WebAppReportContent>
                  <WebAppReportContent>SUMMARY</WebAppReportContent>
                  <WebAppReportContent>GRAPHS</WebAppReportContent>
                  <WebAppReportContent>RESULTS</WebAppReportContent>
                </contents>
                <graphs>
                  <WebAppReportGraph>VULNERABILITIES_BY_GROUP</WebAppReportGraph>
                  <WebAppReportGraph>VULNERABILITIES_BY_STATUS</WebAppReportGraph>
                </graphs>
                <groups>
                  <WebAppReportGroup>GROUP</WebAppReportGroup>
                  <WebAppReportGroup>OWASP</WebAppReportGroup>
                  <WebAppReportGroup>WASC</WebAppReportGroup>
                </groups>
                <options>
                  <rawLevels>true</rawLevels>
                </options>
                </display>
                <filters>
                  <searchlists>
                    <SearchList>
                      <id>43147</id>
                    </SearchList>
                    </searchlists>
                    <url>http://www.mysite.com/help.html</url>
                    <status>
                      <WebAppFindingStatus>ACTIVE</WebAppFindingStatus>
                      <WebAppFindingStatus>REOPENED</WebAppFindingStatus>
                    </status>
                  </filters>
                </webAppReport>
              </config>
            </Report>
        </data>
     </ServiceRequest>

Response:

<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/report.xsd">
<responseCode>SUCCESS</responseCode>
  <count>1</count>
  <data>
    <Report>
      <id>2629</id>
    </Report>
  </data>
</ServiceResponse>


 

The following changes will be reflected in the schema:

<xs:simpleType name="WebAppReportGraph">
        <xs:restriction base="xs:string">
            <xs:enumeration value="VULNERABILITIES_BY_SEVERITY" />
            <xs:enumeration value="VULNERABILITIES_BY_STATUS" />
            <xs:enumeration value="VULNERABILITIES_BY_GROUP" />
            <xs:enumeration value="VULNERABILITIES_BY_OWASP" />
            <xs:enumeration value="VULNERABILITIES_BY_WASC" />
            <xs:enumeration value="SENSITIVE_CONTENTS_BY_GROUP" />
            <xs:enumeration value="MOST_VULNERABLE_WEB_APPLICATIONS" />
            <xs:enumeration value="MOST_VULNERABLE_URLS" />
            <xs:enumeration value="OPERATING_SYSTEMS_DETECTED" />
        </xs:restriction>
    </xs:simpleType>


    <xs:simpleType name="ScanReportGraph">
        <xs:restriction base="xs:string">
            <xs:enumeration value="VULNERABILITIES_BY_SEVERITY" />
            <xs:enumeration value="VULNERABILITIES_BY_STATUS" />
            <xs:enumeration value="VULNERABILITIES_BY_GROUP" />
            <xs:enumeration value="VULNERABILITIES_BY_OWASP" />
            <xs:enumeration value="VULNERABILITIES_BY_WASC" />
            <xs:enumeration value="SENSITIVE_CONTENTS_BY_GROUP" />
            <xs:enumeration value="MOST_VULNERABLE_URLS" />
        </xs:restriction>
    </xs:simpleType>



 

Web Application and Scan Reports — Use Search Lists to Exclude Vulnerabilities

 

We’ve added the ability to use search lists to identify vulnerabilities to be excluded from a Web Application Report or a Scan Report. The searchLists element used to identify vulnerabilities to include in the report has been renamed includedSearchLists, and we have added the new element excludedSearchLists for identifying vulnerabilities to be excluded from the report.

 

Example - Create a scan report

Create a scan report in PDF format, using search lists to include and exclude vulnerabilities.

 

Example: Request post XML for generating a scan report with both included and excluded search lists via the API:

 

Request:

curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -d @-
"https://qualysapi.qualys.com/qps/rest/3.0/create/was/scan_report" < file.xml

Note: “file.xml” contains the request POST data.


Request POST Data:
<ServiceRequest>
  <data>
    <Report>
      <name><![CDATA[with all parameters HTML_ZIPPED]]></name>
      <description><![CDATA[A simple scan report]]></description>
      <format>PDF</format>
      <type>WAS_SCAN_REPORT</type>
      <config>
        <scanReport>
          <target>
            <scans>
              <WasScan>
                <id>104268</id>
              </WasScan>
            </scans>
          </target>
          <display>
            <contents>
              <ScanReportContent>DESCRIPTION</ScanReportContent>
              <ScanReportContent>SUMMARY</ScanReportContent>
              <ScanReportContent>GRAPHS</ScanReportContent>
              <ScanReportContent>RESULTS</ScanReportContent>
              <ScanReportContent>INDIVIDUAL_RECORDS</ScanReportContent>
              <ScanReportContent>RECORD_DETAILS</ScanReportContent>
              <ScanReportContent>ALL_RESULTS</ScanReportContent>
              <ScanReportContent>APPENDIX</ScanReportContent>
            </contents>
            <graphs>
              <ScanReportGraph>VULNERABILITIES_BY_SEVERITY</ScanReportGraph>
              <ScanReportGraph>VULNERABILITIES_BY_GROUP</ScanReportGraph>
              <ScanReportGraph>VULNERABILITIES_BY_OWASP</ScanReportGraph>
              <ScanReportGraph>VULNERABILITIES_BY_WASC</ScanReportGraph>
              <ScanReportGraph>SENSITIVE_CONTENTS_BY_GROUP</ScanReportGraph>
            </graphs>
            <groups>
              <ScanReportGroup>URL</ScanReportGroup>
              <ScanReportGroup>GROUP</ScanReportGroup>
              <ScanReportGroup>OWASP</ScanReportGroup>
              <ScanReportGroup>WASC</ScanReportGroup>
              <ScanReportGroup>STATUS</ScanReportGroup>
              <ScanReportGroup>CATEGORY</ScanReportGroup>
              <ScanReportGroup>QID</ScanReportGroup>
            </groups>
            <options>
              <rawLevels>true</rawLevels>
            </options>
          </display>
          <filters>
            <includedSearchLists>
              <SearchList>
                <id>35</id>
              </SearchList>
              <SearchList>
                <id>125</id>
              </SearchList>
            </includedSearchLists>
            <excludedSearchLists>
              <SearchList>
                <id>128</id>
              </SearchList>
              <SearchList>
                <id>125</id>
              </SearchList>
            </excludedSearchLists>
            <url>http://www.mysite.com/help.html</url>
            <status>
              <ScanFindingStatus>NEW</ScanFindingStatus>
              <ScanFindingStatus>ACTIVE</ScanFindingStatus>
              <ScanFindingStatus>REOPENED</ScanFindingStatus>
            </status>
          </filters>
        </scanReport>
      </config>
    </Report>
  </data>
</ServiceRequest>

Response:

<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/report.xsd">
<responseCode>SUCCESS</responseCode>
  <count>1</count>
  <data>
    <Report>
      <id>3629</id>
    </Report>
  </data>
</ServiceResponse>

 

 

To support the exclusion search lists the following changes will be reflected in the report.xsd schema:

 

<xs:complexType name="WebAppReport">
        ...
            <xs:element name="filters" minOccurs="0" maxOccurs="1">
                <xs:complexType>
                    <xs:sequence>
                        <xs:element name="includedSearchlists" minOccurs="0">
                            <xs:complexType>
                                <xs:sequence>
                                    <xs:element name="SearchList" type="SearchList" minOccurs="0" maxOccurs="unbounded"></xs:element>
                                </xs:sequence>
                            </xs:complexType>
                        </xs:element>
                        <xs:element name="excludedSearchlists" minOccurs="0">
                            <xs:complexType>
                                <xs:sequence>
                                    <xs:element name="SearchList" type="SearchList" minOccurs="0" maxOccurs="unbounded"></xs:element>
                                </xs:sequence>
                            </xs:complexType>
                        </xs:element>
...



 

Rename "Do Not Apply" Reason

 

The 2.4.2 release will rename the "Do Not Apply" reason to "Not Applicable".

 

A schema change in report.xsd will be required, as the IgnoredReason element will be updated to support this change:

           <xs:simpleType name="IgnoredReason">

                <xs:restriction base="xs:string">
                    <xs:enumeration value="FALSE_POSITIVE"/>
                    <xs:enumeration value="RISK_ACCEPTED"/>
                    <xs:enumeration value="NOT_APPLICABLE"/>
                </xs:restriction>
            </xs:simpleType>




 

 

Web Application Report — Show Ignored Vulnerabilities by Type

 

We’ve added two new filter elements to the Web Application Report API to allow you to show ignored vulnerabilities in the report. The element showIgnored can be used with one of these values: ONLY to show only ignored vulnerabilities or BOTH to show both ignored and non-ignored vulnerabilities.

 

If you use the showIgnored element, you have the option to use the IgnoredReasonList  element to specify the types of ignored vulnerabilities to show (FALSE_POSITIVE, RISK_ACCEPTED, NOT_APPLICABLE).

 

Example - Create a web application report

Create a web application report in encrypted PDF format, requesting both ignored and non-ignored vulnerabilities and all three ignored vulnerability types.

 

Request:

curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -d @-"https://qualysapi.qualys.com/qps/rest/3.0/create/was/webapp_report" <file.xml

Note: “file.xml” contains the request POST data.

Request POST Data:
<ServiceRequest>
  <data>
    <Report>
      <name><![CDATA[My Web Application Report]]></name>
        <description><![CDATA[A simple WebApp report]]></description>
        <format>PDF_ENCRYPTED</format>
        <password>PASSWORD</password>
        <distributionList>
          <set>
            <EmailAddress>EMAIL ADDRESS</EmailAddress>
            <EmailAddress>EMAIL ADDRESS</EmailAddress>
          </set>
        </distributionList>
        <type>WAS_WEBAPP_REPORT</type>
        <config>
          <webAppReport>
            <target>
              <tags>
                <Tag>
                  <id>243130</id>
                </Tag>
                <Tag>
                  <id>243132</id>
                </Tag>
                </tags>
                <webapps>
                  <WebApp>
                    <id>532510</id>
                  </WebApp> 
                  <WebApp>
                    <id>532601</id>
                  </WebApp>
                </webapps>
              </target>
              <display>
                <contents>
                  <WebAppReportContent>DESCRIPTION</WebAppReportContent>
                  <WebAppReportContent>SUMMARY</WebAppReportContent>
                  <WebAppReportContent>GRAPHS</WebAppReportContent>
                  <WebAppReportContent>RESULTS</WebAppReportContent>
                </contents>
                <graphs>
                  <WebAppReportGraph>VULNERABILITIES_BY_GROUP</WebAppReportGraph>
                  <WebAppReportGraph>VULNERABILITIES_BY_OWASP</WebAppReportGraph>
                  <WebAppReportGraph>VULNERABILITIES_BY_WASC</WebAppReportGraph>
                  <WebAppReportGraph>VULNERABILITIES_BY_STATUS</WebAppReportGraph>
                </graphs>
                <groups>
                  <WebAppReportGroup>GROUP</WebAppReportGroup>
                  <WebAppReportGroup>OWASP</WebAppReportGroup>
                  <WebAppReportGroup>WASC</WebAppReportGroup>
                </groups>
                <options>
                  <rawLevels>true</rawLevels>
                </options>
                </display>
                <filters>
                  <searchlists>
                    <SearchList>
                      <id>43147</id>
                    </SearchList>
                    </searchlists>
                    <url>http://www.mysite.com/help.html</url>
                    <status>
                      <WebAppFindingStatus>ACTIVE</WebAppFindingStatus>
                      <WebAppFindingStatus>REOPENED</WebAppFindingStatus>
<WebAppFindingStatusRemediationShowIgnored>BOTH></WebAppFindingStatusRemediationShowIgnored>
                        <IgnoredReasonList>
                          <FALSE_POSITIVE>
                          <RISK_ACCEPTED>
                          <NOT_APPLICABLE>
                        </IgnoredReasonList>
                    </status>
                  </filters>
                </webAppReport>
              </config>
            </Report>
        </data>
     </ServiceRequest>

Response:

<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/report.xsd">
<responseCode>SUCCESS</responseCode>
  <count>1</count>
  <data>
    <Report>
      <id>2629</id>
    </Report>
  </data>
</ServiceResponse>

 

A new WebAppReport/filters/status/remediation/showIgnored element will be added, accepting following values:

  • ONLY - Show only ignored vulnerabilities in report
  • BOTH - Show both non-ignored and ignored vulnerabilities in report

This element shall be included only if the user wants to include ignored vulnerabilities. If not specified, the report will not include ignored vulnerabilities at all.

 

If the user specified the showIgnored element, he may specify an optional WebAppReport/filters/status/remediation/IgnoredReasonList element used to specify what types of ignored vulnerabilities he wants to include.  The following updates will be reflected in the schema:


<xs:element name="WebAppReport">   
   ...
   <xs:element name="filters" minOccurs="0" maxOccurs="1">
       ...
       <xs:element name="remediation" minOccurs="0">
           <xs:element name="showIgnored" type="ShowIgnoredOption"/>
           <xs:element name="IgnoredReasonList" minOccurs="0">
             <xs:complexType>
                <xs:sequence>
                    <xs:element name="status" type="IgnoredReason" minOccurs="1"/>
                </xs:sequence>
             </xs:complexType>
           </xs:element>
       </xs:element>

 
<xs:simpleType name="ShowIgnoredOption">
    <xs:restriction base="xs:string">
        <xs:enumeration value="ONLY"/>
        <xs:enumeration value="BOTH"/>
    </xs:restriction>
</xs:simpleType>
    
<xs:simpleType name="IgnoredReason">
    <xs:restriction base="xs:string">
        <xs:enumeration value="FALSE_POSITIVE"/>
        <xs:enumeration value="RISK_ACCEPTED"/>
        <xs:enumeration value="NOT_APPLICABLE"/>
    </xs:restriction>
</xs:simpleType>

 

Report Find and Get Methods

 

This API will return for each report its size in a SIZE XML element. Corresponding XPATH will be RECORD/SIZE.   The value will be numeric and will represent the size in bytes.


Note: this will require a change in the report.xsd schema to reflect this new element in the Report object.

Example Response from FIND method:


<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://localhost:8080/qps-api-provider/xsd/3.0/was/report.xsd">

  <responseCode>SUCCESS</responseCode>
  <count>11</count>
  <hasMoreRecords>false</hasMoreRecords>
  <data>
    ...
    <Report>
      <id>2787</id>
      <name><![CDATA[Catalog Report]]></name>
      <owner>
        <id>123056</id>
        <username>quays_at3</username>
        <firstName><![CDATA[John]]></firstName>
        <lastName><![CDATA[Doe]]></lastName>
      </owner>
      <type>WAS_CATALOG_REPORT</type>
      <format>HTML_BASE64</format>
      <status>COMPLETE</status>
      <size>1245872</size>
      <creationDate>2012-12-18T15:53:02Z</creationDate>
      <tags>
        <count>0</count>
      </tags>
    </Report>
  </data>
</ServiceResponse>


 

 

Example of Response from GET method:


<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://localhost:8080/qps-api-provider/xsd/3.0/was/report.xsd">
  <responseCode>SUCCESS</responseCode>
  <count>1</count>
  <data>
    <Report>
      <id>2787</id>
      <name><![CDATA[Catalog Report]]></name>
      <owner>
        <id>123056</id>
        <username>quays_at3</username>
        <firstName><![CDATA[John]]></firstName>
        <lastName><![CDATA[Doe]]></lastName>
      </owner>
      <type>WAS_CATALOG_REPORT</type>
      <format>HTML_BASE64</format>
      <status>COMPLETE</status>
      <size>1245872</size>
      <creationDate>2012-12-18T15:53:02Z</creationDate>
      <lastDownloadDate>2012-12-18T15:53:11Z</lastDownloadDate>
      <downloadCount>1</downloadCount>
      <tags>
        <count>0</count>
      </tags>
    </Report>
  </data>
</ServiceResponse>

 

 

Scorecard and Catalog Reports — Date Format Change

 

For the Scorecard Report and the Catalog Report, We’ve simplified the scanDate filter element. You no longer need to include hours, minutes and seconds. The value for the scanDate and endDate elements is now yyyy-mm-dd.

 

Example - Create a scorecard report

 

Create a scorecard report in PDF format, filtered by scan date range.

Request:
 
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -d @-
"https://qualysapi.qualys.com/qps/rest/3.0/create/was/???" < file.xml

Note: “file.xml” contains the request POST data.

Request POST Data: 
<ServiceRequest>
  <data>
    <Report>
      <name><![CDATA[with all parameters PDF with rawLevel false]]></name>
      <description><![CDATA[A simple scorecard report]]></description>
      <format>PDF</format>
      <type>WAS_SCORECARD_REPORT</type>
      <config>
        <scorecardReport>
          <target>
            <tags>
              <Tag>
                <id>243130</id>
              </Tag>
            </tags>
          </target>
          <display>
            <contents>
              <ScorecardReportContent>DESCRIPTION</ScorecardReportContent>
              <ScorecardReportContent>SUMMARY</ScorecardReportContent>
              <ScorecardReportContent>GRAPHS</ScorecardReportContent>
              <ScorecardReportContent>RESULTS</ScorecardReportContent>
            </contents>
            <graphs>
         <ScorecardReportGraph>VULNERABILITIES_BY_GROUP</ScorecardReportGraph>
         <ScorecardReportGraph>VULNERABILITIES_BY_OWASP</ScorecardReportGraph>
         <ScorecardReportGraph>VULNERABILITIES_BY_WASC</ScorecardReportGraph>
           </graphs>
           <groups>
             <scorecardReportGroup>GROUP</ScorecardReportGroup>
             <ScorecardReportGroup>OWASP</ScorecardReportGroup>
             <ScorecardReportGroup>WASC</ScorecardReportGroup>
           </groups>
           <options>
             <rawLevels>false</rawLevels>
           </options>
            </display>
            <filters>
              <searchlists>
                <SearchList>
                  <id>43147</id>
                </SearchList>
                <SearchList>
                  <id>43147</id>
                </SearchList>
              </searchlists>
              <scanDate>
                <startDate>2012-08-28</startDate>
                <endDate>2012-10-28</endDate>
              </scanDate>
              <scanStatus>NO_HOST_ALIVE</scanStatus>
              <scanAuthStatus>NONE</scanAuthStatus> 
            </filters>
          </scorecardReport>
        </config>
      /Report>
   </data>
</ServiceRequest>

Response:
 
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/report.xsd">
<responseCode>SUCCESS</responseCode>
  <count>1</count>
  <data>
    <Report>
      <id>4629</id>
    </Report>
  </data>
</ServiceResponse>

 

 

 

WAS Reports — Add Report Size Information

Report size in bytes is now provided in the response for FIND and GET requests for all WAS reports.  This is new and will not impact existing API calls.

 

 

Example - Create a catalog report in HTML_BASE64 format.    

 

Request:

 

curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -d @-

"https://qualysapi.qualys.com/qps/rest/3.0/create/was/scan_report" < file.xml

 

 

Response:

 

<?xml version="1.0" encoding="UTF-8"?>

<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/report.xsd">

 

  <responseCode>SUCCESS</responseCode>

  <count>1</count>

  <data>

    <Report>

      <id>2787</id>

      <name><![CDATA[Catalog Report]]></name>

      <owner>

        <id>123056</id>

        <username>quays_at3</username>

        <firstName><![CDATA[John]]></firstName>

        <lastName><![CDATA[Doe]]></lastName>

      </owner>

      <type>WAS_CATALOG_REPORT</type>

      <format>HTML_BASE64</format>

      <status>COMPLETE</status>

      <size>1245872</size>

      <creationDate>2012-12-18T15:53:02Z</creationDate>

      <lastDownloadDate>2012-12-18T15:53:11Z</lastDownloadDate>

      <downloadCount>1</downloadCount>

      <tags>

        <count>0</count>

      </tags>

    </Report>

  </data>

</ServiceResponse>

 

 


 

 

Simplified API URL

We’ve simplified the URL for WAS scan and schedule requests. The object alias “wasscan” has been renamed to “scan” and the alias “wasschedule” has been renamed to “schedule”. For example, the URL for requesting the current scan count has been changed as follows:

 

from:

https://qualysapi.qualys.com/qps/rest/3.0/count/was/wasscan

 

to:

https://qualysapi.qualys.com/qps/rest/3.0/count/was/scan

 

If you are developing new functions you should use the new URLs.  No changes are necessary to your existing API requests. You can continue to use the object alias “wasscan” and “wasschedule” if you wish.  However at a later time these may be deprecated.

 

 

 

Full release notes will be available to customers from within the Resources section of your QualysGuard account with the WAS 2.4.2 release.

A release of QualysGuard® Web Application Scanning 2.4.1 with a new scan option will be available in production in the EU on February 7, 2013. This release is completely transparent to users and will require no scheduled downtime. The release will occur between 20:00 GMT and 04:00 AM GMT next day.

 

Cancel Scan After (n) Hours

We’ve added a new optional element to the API for launching an on-demand scan, using the Launch New Scan API (/qps/rest/3.0/launch/was/wasscan). The new optional element, cancelAfterNHours enables you to specify a number of hours after which the scan will be canceled.  When specified, the scan will stop after the selected running time and the scan will have a status of Canceled. Partial scan results may be available if security tests were performed before the scan was canceled.

 

When used, this element is included in the XML output returned using the View Scan Details API (/qps/rest/3.0/get/was/wasscan/<id>) and Retrieve Results of a Scan API (/qps/rest/3.0/download/was/wasscan/<id>).

 

Full details regarding these updates will be available in the WAS API User Guide on the day of the release.

 

Example: Launch a new discovery scan on the web application with the ID 323126 using the option profile with the ID 1021. Set scan to cancel after 1 hour.

 

 

Request:


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -d @- "https://qualysapi.qualys.com/qps/rest/3.0/launch/was/wasscan" < file.xml

 

Note: “file.xml” contains the request POST data below:

 

Request POST Data:

 

<ServiceRequest>

  <data>

    <WasScan>

      <name>New scan launched from API</name>

      <type>DISCOVERY</type>

      <target>

        <webApp>

          <id>323126</id>

        </webApp>

      </target>

      <profile>

        <id>1021</id>

      </profile>

      <options>

        <WasScanOption>

          <name>Cancel After 1 hour</name>

          <value>1</value>

        </WasScanOption>

      </options>

    </WasScan>

  </data>

</ServiceRequest>

 

 

Response:

<?xmlversion="1.0" encoding="UTF-8"?>

<ServiceResponsexmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/wasscan.xsd">

<responseCode>SUCCESS</responseCode>

  <count>1</count>

  <data>

    <WasScan>

      <id>16954</id>

    </WasScan>

  </data>

</ServiceResponse>

 

 

To receive more information on QualysGuard WAS 2.4.1, please visit the QualysGuard WAS community or contact your Technical Account Manager or Qualys' Technical Support Department at support@qualys.com.

A new release of QualysGuard, Version 7.8, will be available in production by the end of February 2013. The final date has not been determined yet, but this release contains changes to the APIs and DTDs that requires a 30-day notification. More information specific to this release, including the date of global availability, will be communicating 2 weeks before the release date via the Release Notification pages here:

 

This API notification provides an early preview into the coming API changes, allowing you to proactively figure out any changes that might be required for your automated scripts or programs that use the following functions or XML outputs:

  • Improvements of “VM Scan” API v1 for Asset Tag Selection

 

Warning: all the examples provided below use “qualysapi.qualys.com”. Replace this FQDN by the API server FQDN of your QualysGuard datacenter (for instance: “qualysapi.qualys.eu”).

 

Improvements of “VM Scan” API v1 for Asset Tag Selection

With QualysGuard 7.8, XML scan results show tags resolved to host assets when Asset Tagging is enabled for the subscription and a user runs a report using asset tags.

 

This XML output can be downloaded manually using the User Interface, or directly using the API "scan_report.php" and the DTD "scan-1.dtd" was updated:

  • New "<ASSET_TAG_LIST>" "<INCLUDED_TAGS> " "<EXCLUDED_TAGS>" and "<ASSET_TAGS>" XML parent elements have been introduced as shown in the example below:

 

 

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SCAN SYSTEM "https://qualysguard.qualys.com/scan-1.dtd">
 <SCAN value="scan/1358557999.1111"> 
 <HEADER>
  <KEY value="USERNAME">fnmet_ff</KEY>
  <KEY value="COMPANY"><![CDATA[FNJmeter]]></KEY>
  <KEY value="DATE">2013-01-19T01:15:17Z</KEY>
  <KEY value="TITLE"><![CDATA[EC2 Auth Scan]]></KEY>
  <KEY value="TARGET"><![CDATA[...]]></KEY>
  <KEY value="EXCLUDED_TARGET"><![CDATA[N/A]]></KEY>
  <KEY value="DURATION">00:05:17</KEY>
  <KEY value="SCAN_HOST">VPC0000-1 ...</KEY>
  <KEY value="NBHOST_ALIVE">3</KEY>
  <KEY value="NBHOST_TOTAL">8</KEY>
  <KEY value="REPORT_TYPE">On-demand EC2 (default option profile)</KEY>
  <KEY value="OPTIONS"><![CDATA[...]]></KEY>
  <KEY value="STATUS">FINISHED</KEY>
  <ASSET_TAG_LIST>
    <INCLUDED_TAGS scope="any">
      <ASSET_TAG><![CDATA[EC2 Scannable hosts ...]]></ASSET_TAG>
    </INCLUDED_TAGS>
    <EXCLUDED_TAGS scope="all">
      <ASSET_TAG><![CDATA[Ignore EC2 Assets Ta...]]></ASSET_TAG>
    </EXCLUDED_TAGS>
  </ASSET_TAG_LIST>
  <OPTION_PROFILE>
    <OPTION_PROFILE_TITLE option_profile_default="1"><![CDATA[Initial Options]]></OPTION_PROFILE_TITLE>
  </OPTION_PROFILE>
</HEADER>
[...]
</SCAN>

 

Full release notes will be available to customers from within the Resources section of your QualysGuard account.

A release of QualysGuard® Web Application Scanning 2.4.1 with a new scan option will be available in production in the US on January 31, 2013. This release is completely transparent to users and will require no scheduled downtime. The release will occur between 12 PM PST (20:00 GMT) and 8 PM PST (04:00 AM GMT next day).

 

Cancel Scan After (n) Hours

We’ve added a new optional element to the API for launching an on-demand scan, using the Launch New Scan API (/qps/rest/3.0/launch/was/wasscan). The new optional element, cancelAfterNHours enables you to specify a number of hours after which the scan will be canceled.  When specified, the scan will stop after the selected running time and the scan will have a status of Canceled. Partial scan results may be available if security tests were performed before the scan was canceled.

 

When used, this element is included in the XML output returned using the View Scan Details API (/qps/rest/3.0/get/was/wasscan/<id>) and Retrieve Results of a Scan API (/qps/rest/3.0/download/was/wasscan/<id>).

 

Full details regarding these updates will be available in the WAS API User Guide on the day of the release.

 

Example: Launch a new discovery scan on the web application with the ID 323126 using the option profile with the ID 1021. Set scan to cancel after 1 hour.

 

 

Request:


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -d @- "https://qualysapi.qualys.com/qps/rest/3.0/launch/was/wasscan" < file.xml

 

Note: “file.xml” contains the request POST data below:

 

Request POST Data:

 

<ServiceRequest>

  <data>

    <WasScan>

      <name>New scan launched from API</name>

      <type>DISCOVERY</type>

      <target>

        <webApp>

          <id>323126</id>

        </webApp>

      </target>

      <profile>

        <id>1021</id>

      </profile>

      <options>

        <WasScanOption>

          <name>Cancel After 1 hour</name>

          <value>1</value>

        </WasScanOption>

      </options>

    </WasScan>

  </data>

</ServiceRequest>

 

 

Response:

<?xmlversion="1.0" encoding="UTF-8"?>

<ServiceResponsexmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/wasscan.xsd">

<responseCode>SUCCESS</responseCode>

  <count>1</count>

  <data>

    <WasScan>

      <id>16954</id>

    </WasScan>

  </data>

</ServiceResponse>

 

 

To receive more information on QualysGuard WAS 2.4.1, please visit the QualysGuard WAS community or contact your Technical Account Manager or Qualys' Technical Support Department at support@qualys.com.

Filter Blog

By date: By tag: