Skip navigation

This update to QualysGuard 7.13 includes improvements to the QualysGuard API, allowing you to integrate your programs and API calls with QualysGuard Vulnerability Management (VM) and QualysGuard Policy Compliance (PC).

 

Highlights Include:

 

  • VM and PC - “Report Share” API v2 download CSV reports without headers
  • VM - New "HTTP Authentication”
  • API v2 PC - New "Policy Merge”
  • API v2 PC - Policy Report XML now includes custom control references
  • PC - “Apache Authentication” API v2 - Support for multiple instances per host
  • PC - “MS SQL Authentication” API v2 - Auto discover database instances

 

VM and PC - “Report Share” API v2 download CSV reports without headers

 

The “Report Share” API v2 (/api/2.0/fo/report/) allows you to launch and download reports. With this release you can choose to download reports in CSV format without the header information for all VM reports and PC reports that can be downloaded in CSV format. Basically we’ll include just the central CSV tables containing your security and compliance data, not the header metadata.

 

Want to omit the header from your CSV report? Using the“Report Share” API v2 first launch this report with the input parameter “hide_header=1” and then download the report in the usual way.

 

Step 1 - Launch your report in CSV format

 

API request:
curl -k -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl"-X "POST" -d "action=launch&template_id=123&output_format=csv&hide_header=1" "https://qualysapi.qualys.com/api/2.0/fo/report/

 

XML output:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE GENERIC SYSTEM "https://qualysapi.qualys.com/api/2.0/simple_return.dtd">
<SIMPLE_RETURN>
  <RESPONSE>
    <DATETIME>2012-12-11T21:45:23Z</DATETIME>
    <TEXT>New report launched</TEXT>
    <ITEM_LIST>
      <ITEM>
      <KEY>ID</KEY>
      <VALUE>6622</VALUE>
      </ITEM>
    </ITEM_LIST>
  </RESPONSE>
</SIMPLE_RETURN>

 

Step 2 - Download your CSV report

 

API request:
curl -k -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d "action=fetch&id=6622" "https://qualysapi.qualys.com/api/2.0/fo/report/"

 

CSV output:

You’ll notice there’s no header information (report title, date,user who launched the report, etc).

 

         CSV - Headers.png

 

VM – New "HTTP Authentication” API v2

 

You now have the option to choose HTTP authentication for vulnerability scans using QualysGuard Vulnerability Management (VM). Use the“HTTP Authentication” API v2 (/api/2.0/fo/auth/http/) for scanning protected portions of web sites and devices like printers and routers that require HTTP protocol level authentication. (Note this is not Form-based authentication). By authenticating we can perform additional vulnerability tests that we couldn’t do otherwise.

 

How it works – During a vulnerability scan, if we come across a web page that requires HTTP authentication then we’ll check to see if an HTTP record exists in your account with applicable credentials. If yes,we’ll use the credentials in the record to perform HTTP authentication.

 

List HTTP records

 


API request:
curl -k -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -d "action=list&ids=55111" "https://qualysapi.qualys.com/api/2.0/fo/auth/http/"

 

XML output:

 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE AUTH_HTTP_LIST_OUTPUT SYSTEM "https://qualysapi.qualys.com/api/2.0/fo/auth/http/auth_http_list_output.dtd">
<AUTH_HTTP_LIST_OUTPUT>
 <RESPONSE>
   <DATETIME>2014-01-03T08:08:19Z</DATETIME>
   <AUTH_HTTP_LIST>
     <AUTH_HTTP>
       <ID>55111</ID>
       <TITLE><![CDATA[My HTTPRecord]]></TITLE>
       <USERNAME><![CDATA[jsmith]]></USERNAME>
       <SSL>0</SSL>
       <REALM><![CDATA[MyHomepage]]></REALM>
       <CREATED>
         <DATETIME>2014-01-03T07:51:48Z</DATETIME>
         <BY>acme_ab1</BY>
       </CREATED>
       <LAST_MODIFIED>
       <DATETIME>2014-01-03T07:51:48Z</DATETIME>
       </LAST_MODIFIED>
     </AUTH_HTTP>
   </AUTH_HTTP_LIST>
 </RESPONSE>
</AUTH_HTTP_LIST_OUTPUT>

 

HTTP record list output DTD:

 

<!-- QUALYS AUTH_HTTP_LIST_OUTPUT DTD -->
<!ELEMENTAUTH_HTTP_LIST_OUTPUT (REQUEST?, RESPONSE)>
<!ELEMENT REQUEST (DATETIME,USER_LOGIN, RESOURCE, PARAM_LIST?, POST_DATA?)>
<!ELEMENT DATETIME(#PCDATA)>
<!ELEMENT USER_LOGIN (#PCDATA)>
<!ELEMENT RESOURCE(#PCDATA)>
<!ELEMENT PARAM_LIST (PARAM+)>
<!ELEMENT PARAM (KEY,VALUE)>
<!ELEMENT KEY (#PCDATA)>
<!ELEMENT VALUE (#PCDATA)>
<!-- if returned, POST_DATA will be urlencoded -->
<!ELEMENT POST_DATA(#PCDATA)>
<!ELEMENT RESPONSE (DATETIME, (AUTH_HTTP_LISTID_SET)?,WARNING_LIST?, GLOSSARY?)>
<!ELEMENT AUTH_HTTP_LIST (AUTH_HTTP+)>
<!ELEMENT AUTH_HTTP (ID, TITLE, USERNAME, SSL, (REALMVHOST), IP_SET?,CREATED, LAST_MODIFIED, COMMENTS?)>
<!ELEMENT ID (#PCDATA)>
<!ELEMENT TITLE (#PCDATA)>
<!ELEMENT USERNAME (#PCDATA)>
<!ELEMENT SSL (#PCDATA)>
<!ELEMENT REALM (#PCDATA)>
<!ELEMENTVHOST (#PCDATA)>
<!ELEMENT IP_SET (IPIP_RANGE)+>
<!ELEMENT IP(#PCDATA)>
<!ELEMENT IP_RANGE (#PCDATA)>
<!ELEMENT CREATED(DATETIME, BY)>
<!ELEMENT BY (#PCDATA)>
<!ELEMENT LAST_MODIFIED(DATETIME)>
<!ELEMENT COMMENTS (#PCDATA)>
<!ELEMENT WARNING_LIST(WARNING+)>
<!ELEMENT WARNING (CODE?, TEXT, URL?, ID_SET?)>
<!ELEMENT CODE (#PCDATA)>
<!ELEMENT TEXT (#PCDATA)>
<!ELEMENTURL (#PCDATA)>
<!ELEMENT ID_SET (IDID_RANGE)+>
<!ELEMENT ID_RANGE(#PCDATA)>
<!ELEMENT GLOSSARY (USER_LIST?)>
<!ELEMENT USER_LIST(USER+)>
<!ELEMENT USER (USER_LOGIN, FIRST_NAME, LAST_NAME)>
<!ELEMENT FIRST_NAME (#PCDATA)>
<!ELEMENT LAST_NAME (#PCDATA)>
<!-- EOF -->

 

Create a new HTTP record - realm

 

API request:
curl -k -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -d "action=create&amp;username=jsmith&amp;password=abc123&amp;title=MyHTTPRecord1&amp;realm=MyHomepage" "https://qualysapi.qualys.com/api/2.0/fo/auth/http/"

 

XML output:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE BATCH_RETURN SYSTEM "https://qualysapi.qualys.com/api/2.0/batch_return.dtd">
<BATCH_RETURN>
  <RESPONSE>
    <DATETIME>2014-01-03T07:51:48Z</DATETIME>
    <BATCH_LIST>
      <BATCH>
        <TEXT>Successfully Created</TEXT>
        <ID_SET>
          <ID>55111</ID>
        </ID_SET>
      </BATCH>
    </BATCH_LIST>
  </RESPONSE>
</BATCH_RETURN>

 

 

Create a new HTTP record - virtual host

 

API request:
curl -k -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -d "action=create&amp;username=jsmith&amp;password=abc123&amp;title=MyHTTPRecord+2&amp;vhost=bank.us.corp1.com" "https://qualysapi.qualys.com/api/2.0/fo/auth/http/"

 

 

 

Update an HTTP record

 

API request:
curl -k -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -d "action=update&ids=55114&realm=11" "https://qualysapi.qualys.com/api/2.0/fo/auth/http/"

 

 

 

Delete an HTTP record

 

API request:
curl -k -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -d "action=delete&ids=55114" "https://qualysapi.qualys.com/api/2.0/fo/auth/http/"

 

 

 

List authentication records - now includes HTTP records

 

API request:
curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -d "action=list&id_min=54190&id_max=54436" "https://qualysapi.qualys.com/api/2.0/fo/auth/"

 

 

PC - New "Policy Merge” API v2

 

We’re pleased to introduce the new “Policy Merge” API v2 (resource /api/2.0/fo/compliance/policy/ with the parameter action=merge). This new API allows you to merge (combine) 2 or more compliance policies using QualysGuard Policy Compliance (PC). You can choose to merge some or all parts of a new policy into an existing one. Also you can preview merge changes before saving them. This API is available to Managers and Auditors.

 

For example, say you imported a policy from our library (Policy A) and configured it to add asset groups, controls and sections. Later we might release an updated version of this policy (Policy B) with new controls and technologies. In this scenario you can use the Policy Merge API to add the new controls and technologies from Policy B into Policy A (your existing policy) without losing the asset groups, controls and sections you added.

 

Policy Merge Request 1 - preview merged policy

 

Policy ID 15993 (Policy A) will be updated with content merged from policy ID 15994 (Policy B) and the XML output will show the merged policy in preview mode. Policy changes will not be saved in Policy 15993 since the request includes “preview_merge=1”.

 

API request:
curl -k -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" "https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/?action=merge&id=15993&merge_policy_id=15994&replace_cover_page=1&add_new_asset_groups=1&add_new_technologies=1&update_section_heading=1&add_new_controls=1&update_existing_controls=1&preview_merge=1"

 

 

PC - Policy Report XML now includes custom control references

 

With this release you can choose to create policy reports with your custom control references in XML and CSV format - just follow the steps below.

 

The policy report XML output now lists the control references defined for each control. We’ve updated the policy report DTD (compliance_policy_report.dtd) to add the new element <CONTROL_REFERENCES>.

 

Step 1 - Configure the template settings

 

Configure your policy report template using the user interface (under PC > Reports > Templates). Be sure to choose the Group by Controls option and under Sections choose Control References.

 

 

Step 2 - Launch a PC policy report

 

API request:
curl -k -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d"action=launch&template_id=55469&output_format=xml" "https://qualysapi.qualys.com/api/2.0/fo/report/"

 

 

XML output:

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPEGENERIC SYSTEM "https://qualysapi.qualys.com/api/2.0/simple_return.dtd">
<SIMPLE_RETURN>
  <RESPONSE>
    <DATETIME>2013-12-11T21:45:23Z</DATETIME>
    <TEXT>New reportlaunched</TEXT>
    <ITEM_LIST>
      <ITEM>
        <KEY>ID</KEY>
        <VALUE>1665</VALUE>
      </ITEM>
    </ITEM_LIST>
  </RESPONSE>
</SIMPLE_RETURN>

 

Step 3 - Download report XML

 

API request:
curl -k -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d"action=fetch&id=1665" "https://qualysapi.qualys.com/api/2.0/fo/report/"

 

 

XML output:

...          
         <CONTROL_LIST>           
           <CONTROL>             
             <CID>1376</CID>             
             <STATEMENT><![CDATA[Status of the'Interactive Logon: Do not require CTRLALTDEL'
                         setting]]></STATEMENT>             
             <CONTROL_REFERENCES>ABC123,4.6.88</CONTROL_REFERENCES>             
             <RATIONALE><![CDATA[The Windows OS behaves differently when the'CTRLALTDelete' is invoked 
                         before login--this guarantees that the authentication process for the system 
                         is engaged. Otherwise, when only the two-line login screen is presented, it
                         is possible that a Trojan program is displaying a phony userid/password login 
                         screen, which will collect the credentials and exit, leaving the user believing
                         that he/she simply mistype done or both of the required values. NOTE: As this 
                         is one of the reverse-logic controls, it is important to remember that this 
                         should be DISABLED to actually be enabled.]]>
             </RATIONALE>
             <STATUS><![CDATA[Passed]]></STATUS>
             <EVIDENCE><![CDATA[CHECK1]]></EVIDENCE>
           </CONTROL>  
... 

 

 

PC - “Apache Authentication” API v2 – Support for multiple instances per host

Apache Server authentication is available for compliance scans using QualysGuard Policy Compliance (PC). With this release the “Apache Authentication” API v2 (/api/2.0/fo/auth/apache/) now supports authentication to multiple Apache server instances on the same host.

 

Want to set it up? Just create multiple Apache server authentication records - 1 record for each host instance. In each record, a host instance is defined by a unique IP address and configuration file pair.You can create 2 records for the same IP address, but the config file can’t be the same in the 2 records.

 

Create multiple Apache records

 

To scan 2 Apache instances on the same IP, you’ll create 2 Apache authentication records. This is how you create 2 records for IP10.10.25.25 - note the 2 different configuration files.

 

 

API request (record 1):

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d "action=create&amp;title=ApacheRecord1&amp;unix_apache_config_file=/opt/IBM/HTTPServer/conf/httpd.conf1&amp;unix_apache_control_command=/opt/IBM/HTTPServer/bin1&amp;ips=10.10.25.25" "https://qualysapi.qualys.com/api/2.0/fo/auth/apache/"

 

 

API request (record 2):

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d "action=create&amp;title=ApacheRecord2&amp;unix_apache_config_file=/opt/IBM/HTTPServer/conf/httpd.conf2&amp;unix_apache_control_command=/opt/IBM/HTTPServer/bin1&amp;ips=10.10.25.25" "https://qualysapi.qualys.com/api/2.0/fo/auth/apache/"

 

 

List Apache records

 

This is a way you can review the authentication record settings before you scan. The Apache records list XML (auth_apache_list_output.dtd)did not change.

 

 

Reporting of Apache Server instances

 

Your PC reports identify compliance evaluation findings forApache instances. With this release each instance identifies the configuration file path.

 

PC - “MS SQL Authentication” API v2 - Autodiscover database instances

 

MS SQL Server authentication is available for compliance scans using QualysGuard Policy Compliance (PC). With this release the “MS SQL authentication” API v2 (/api/2.0/fo/auth/ms_sql/) supports the automatic discovery of MS SQL Server instances. Just specify the auto discovery option(s) in your records and we’ll find all matching instances on target hosts and attempt authentication.

 

Create MS SQL records

 

API request (record 1):

For IP 10.10.25.25 auto discover instance names, database names and ports.

curl -u "USERNAME:PASSWORD" -H "X-Requested-With:Curl" -X "POST" -d "action=create&amp;title=MSSQLRecord+1&amp;username=myname&amp;password=mypassword&amp;ips=10.10.25.25&amp;auto_discover_instances=1&amp;auto_discover_databases=1&amp;auto_discover_ports=1" "https://qualysapi.qualys.com/api/2.0/fo/auth/ms_sql/"

 

 

API request (record 2):

For IP 10.10.25.100 we’ll auto discover ports and instances but the database name will be set to “mydbname”.

curl -u "USERNAME:PASSWORD" -H "X-Requested-With:Curl" -X "POST" -d "action=create&amp;title=MSSQLRecord+2&amp;username=myname&amp;password=mypassword&amp;ips=10.10.25.100&amp;auto_discover_ports=1&amp;auto_discover_instances=1&amp;database=mydbname" "https://qualysapi.qualys.com/api/2.0/fo/auth/ms_sql/"

 

 

List MS SQL records

 

This is a way you can review the authentication record settings before you scan. The MS SQL records list XML (auth_ms_sql_list_output.dtd)has been updated.

 

API request:

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d "action=list" "https://qualysapi.qualys.com/api/2.0/fo/auth/ms_sql/"

A new release of QualysGuard WAS, Version 3.2, is targeted for release in US production in February 2014. The exact release date has not yet been set.  This release contains changes to the APIs that requires a 30-day notification.  Only the API changes that impact existing APIs are included in the 30 day notification.  The notification will be updated to include any new API functionality at least 15 days prior to release. 

 

More information on specific release dates that correspond to the platforms can be found on the platform release blog pages which will be updated no less than 15 days prior to the release of WAS 3.2.

 

 

This API notification provides an early preview into the coming API changes in QualysGuard WAS 3.2, allowing you to proactively identify any changes that might be required for your automated scripts or programs that utilize the API methods described below.  There are 3 primary API changes in this release:

 

  • Ignore Binary Files Tag Added to XML Reports
  • New cancelScanTime Element
  • Scan Status Data Reported

 

Full release notes will be available to customers on the day of the release. 

 

WAS WebApp and Schedule API now available to Express Lite Customers

Are you a QualysGuard Express Lite User? Now you can use the capabilities of the WAS Scan and Schedule APIs as described in the QualysGuard WAS API User Guide if you have the WAS API option enabled.

 

Ignore Binary Files Tag Added to XML Reports

A new XML tag appears in XML reports to tell you whether the new Ignore Binary Files option profile setting was turned on for the scan being reported on. If yes, the scan ignored files with these extensions: .pdf, .zip and .doc.

 

Scan Results XML

“Ignore Binary Files” is included in the XML output when a user downloads scan results in XML format.

 

Scan Results v3 XML - “Ignore Binary Files” appears in the scan results v3 XML format under the new WasScanOption tag. The v3 XML format is returned when a you make an API request using the download scan API (…/3.0/download/was/wasscan/<id>).

 

...

<WasScanOption>

    <name>Ignore Binary Files</name>

    <value>true</value>

</WasScanOption>

...

 

 

Scan Results v2 XML - “Ignore Binary Files” appears in the scan results v2 XML format (for version 2 and earlier) under the new SCAN_INFO tag. The v2 XML format is returned:

- when a you make an API request using the download scan API (…/2.0/download/was/wasscan/<id>)

- when you select the Download action for a scan using the user interface

 

 

 

 

...

<SUMMARY>

   <SCAN_SUMMARY>

      <SCAN_INFO>

          <KEY>Title</KEY>

          <VALUE><![CDATA[Vulnerability Scan - Ignore Binary On]]></VALUE>

      </SCAN_INFO>

...

 

 

Scan Details v3 XML - “Ignore Binary Files” appears in the scan results v3 XML format under the new WasScanOption tag. The v3 XML format is returned when a you make an API request using the get scan API (…/3.0/get/was/wasscan/<id>).

 

<WasScanOption>

   <name>Ignore Binary Files</name>

   <value><![CDATA[true]]></value>

</WasScanOption>

 

 

Report XML

“Ignore Binary Files” appears in the report XML in the appendix section when you make an API request using the download report API (…/3.0/download/was/report/<id>).

 

...

<APPENDIX_LIST>

    <APPENDIX>

        <VALUE_LIST>

            <VALUE name="Ignore Binary Types">true</VALUE>

 

 

New cancelScanTime Element

The new cancelScanTime element defines the precise hour to cancel a scan.

 

Launch Scan API

Using the launch scan API (…/3.0/launch/was/wasscan) you can include cancelScanTime as a name/value pair in your request POST data.

 

...

<options>

   <WasScanOption>

      <name>cancelScanTime</name>

      <value><![CDATA[1]]></value>

   </WasScanOption>

</options>

...

 

 

Create a Scan Schedule API

Using the create a scan schedule API (…/3.0/create/was/wasscanschedule) you can include cancelScanTime in your request POST data using the cancelTime element

 

 

<scheduling>

        <occurrenceType>WEEKLY</occurrenceType>

        <occurrence>

         <weeklyOccurrence>

                <everyNWeeks>5</everyNWeeks>

                <onDays>

                        <WeekDay>MONDAY</WeekDay>

                        <WeekDay>SATURDAY</WeekDay>

                        <WeekDay>SUNDAY</WeekDay>

                </onDays>

         </weeklyOccurrence>

        </occurrence>

        <timeZone>

          <code>Africa/Ceuta</code>

        </timeZone>

        <startDate>2012-08-01T10:00:00Z</startDate>

        <cancelTime>11:00</cancelTime>

</scheduling>

 

 

 

 

Get Scan Schedule XML

Using the get a scan schedule API (…/3.0/get/was/wassc anschedule/<id>) the XML output includes the cancelScanTime element if the scan cancel time setting is defined for the schedule.

 

 

      <scheduling>

        <startDate>2014-01-13T17:00:00Z</startDate>

        <timeZone>

          <code>Etc/GMT-3</code>

          <offset>+03:00</offset>

        </timeZone>

        <occurrenceType>ONCE</occurrenceType>

        <cancelTime>11:00</cancelTime>

      </scheduling>

 

 

 

New Scan Status Data Reported

Scan Results XML

Using the retrieve scan results API (.../3.0/download/was/wasscan/<id>) the XML output will show the number of links collected, and the average response time.

 

<summary>

    <crawlDuration>16</crawlDuration>

    <testDuration>138</testDuration>

    <linksCollected>10</linksCollected>

    <linksCrawled>1</linksCrawled>

    <nbRequests>503</nbRequests>

    <averageResponseTime>0.001554</averageResponseTime>

    <resultsStatus>SUCCESSFUL</resultsStatus>

    <authStatus>NONE</authStatus>

    <os>Linux 2.4-2.6 / Embedded Device / F5 Networks Big-IP</os>

</summary>

 

 

 

Get Scan Status XML

Using the get a scan schedule API (…/3.0/get/was/wassc anschedule/<id>) the XML output includes the cancelScanTime element if the scan cancel time setting is defined for the schedule.

<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/wasscan.xsd">

  <responseCode>SUCCESS</responseCode>

  <count>1</count>

  <data>

    <WasScan>

      <id>21993</id>

      <status>FINISHED</status>

      <summary>

            <linksCollected>12</linksCollected>

            <linksCrawled>5</linksCrawled>

            <nbRequests>89</nbRequests>

            <averageResponseTime>0.01234</averageResponseTime>

      </summary>

    </WasScan>

  </data>

</ServiceResponse>

 

 

 

Scan Details XML

Using the get scan details API (…/3.0/get/was/wasscan/<id>) the XML XML output will show links collected, links crawled, the number of requests performed and the average response time

<summary>

   <crawlDuration>16</crawlDuration>

   <testDuration>138</testDuration>

   <linksCollected>10</linksCollected>

   <linksCrawled>1</linksCrawled>

   <nbRequests>503</nbRequests>

   <averageResponseTime>0.001554</averageResponseTime>

   <resultsStatus>SUCCESSFUL</resultsStatus>

   <authStatus>NONE</authStatus>

   <os>Linux 2.4-2.6 / Embedded Device / F5 Networks Big-IP</os>

</summary>

 

 

 

A new release of QualysGuard, Version 7.13, will be available in production in February, 2014. The final date has not been determined, but this release contains changes to the APIs and DTDs that require 30-day notification. More information specific to this release, including the date of global availability, will be communicating 2 weeks before the release date via the Release Notification pages here:

 

 

This API notification provides an early preview into the coming API changes in QualysGuard 7.13, allowing you to proactively figure out any changes that might be required for your automated scripts or programs that make call to the API function describe provided below.

 

 

PC Policy Report XML - Control References Added

 

The QualysGuard Policy Compliance (PC) application allows you to add references to each control by using the new policy editor or by editing control details. With this release you can choose to create policy reports with your custom control references in XML format - just follow the steps below. The policy report XML output now lists the control references defined for each control. We’ve updated the policy report DTD (compliance_policy_report.dtd) to add a new element <CONTROL_REFERENCES>.

 

Step 1 - Configure the template settings

Configure your policy report template using the user interface (under PC > Reports > Templates). Be sure to choose the Group by Controls option and under Sections choose Control References.

 

Step 2 - Launch a PC policy report

API request:

 

       curl -k -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d

       "action=launch&template_id=55469&output_format=xml"

       "https://qualysapi.qualys.com/api/2.0/fo/report/"

 

 

XML output:

 

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE GENERIC SYSTEM "https://qualysapi.qualys.com/api/2.0/simple_return.dtd">
<SIMPLE_RETURN>
  <RESPONSE>
    <DATETIME>2013-12-11T21:45:23Z</DATETIME>
    <TEXT>New report launched</TEXT>
      <ITEM_LIST>
        <ITEM>
          <KEY>ID</KEY>
          <VALUE>1665</VALUE>
        </ITEM>
      </ITEM_LIST>
     </RESPONSE>
</SIMPLE_RETURN>

 

 

Step 3 - Download report XML

 

API request:

 

curl -k -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d "action=fetch&id=1665" "https://qualysapi.qualys.com/api/2.0/fo/report/"

 

XML output:

 

...<CONTROL_LIST>
  <CONTROL>
    <CID>1376</CID>
    <STATEMENT><![CDATA[Status of the 'Interactive Logon: Do not require CTRL+ALT+DEL' setting]]></STATEMENT>
    <CONTROL_REFERENCES>ABC123,4.6.88</CONTROL_REFERENCES> 
    <RATIONALE><![CDATA[The Windows OS behaves differently when the 'CTRL+ALT+Delete' is invoked before login--this guarantees that the authentication process for the system is engaged. Otherwise, when only the two-line login screen is presented, it is possible that a Trojan program is displaying a phony userid/password login screen, which will collect the credentials and exit, leaving the user believing that he/she simply mistyped one or both of the required values. NOTE: As this is one of the reverse-logic controls, it is important to remember that this should be DISABLED to actually be enabled.]]></RATIONALE>
  <STATUS><![CDATA[Passed]]></STATUS>
  <EVIDENCE><![CDATA[CHECK1]]></EVIDENCE>
</CONTROL>

 

 

Updated DTD (updates in bold):

 

...
<!ELEMENT CONTROL_LIST (CONTROL*)>
<!ELEMENT CONTROL (CID, STATEMENT, CONTROL_REFERENCES?, DEPRECATED?,
                   RATIONALE?, INSTANCE?, STATUS, EVIDENCE?, EXCEPTION?)>
<!ELEMENT CID (#PCDATA)>
<!ELEMENT STATEMENT (#PCDATA)>
<!ELEMENT CONTROL_REFERENCES (#PCDATA)>
<!ELEMENT RATIONALE (#PCDATA)>
<!ELEMENT STATUS (#PCDATA)>
<!ELEMENT INSTANCE (#PCDATA)>
<!ELEMENT EVIDENCE (#PCDATA)>
<!ELEMENT EXCEPTION (ASSIGNEE, STATUS, END_DATE, CREATED_BY, CREATED_DATE,
...
MODIFIED_BY, MODIFIED_DATE, COMMENT_LIST?)>

Filter Blog

By date: By tag: