Skip navigation

A new release of Qualys WAS, Version 3.6 which includes new APIs, is targeted for release in late September.

 

This API notification provides an early preview into the coming API additions in Qualys WAS 3.6, allowing you to identify new opportunities to automate your Qualys service or to integrate with other applications.  Qualys WAS 3.6 includes some modifications to existing APIs that required 30 day notification that can be viewed here QualysGuard WAS 3.6 API Release Notification.

 

 

Full release notes will be available to customers on the day of the release. 

 

API Enhancements

New Findings API

The new Findings API (<baseURL>/qps/rest/3.0/<operation>/was/finding) lets you manage the findings (detections) returned from your web application scans.  This provides organizations with an easy way to integrate with an organizations trouble ticketing system that may want to track the status of vulnerabilities. It also provides a way to automate taking actions to ignore or activate vulnerabilities based on events from external systems such as risk management or bug tracking applications.

The API developer guide that includes examples and detailed instructions will be available on the date of the release.  These operations are available:

  • Count
  • Search
  • Get
  • Ignore
  • Activate

 

New Option Profile API

The new Option Profile API (<baseURL>/qps/rest/3.0/<operation>/was/optionprofile) lets you manage option profiles and customize the various scanning options.  The Option Profile API enables automation and integration with the Qualys WAS Option Profile used for scanning.  Option profiles can be created dynamically via API scripts or via integration with external systems.  The API developer guide that includes examples and detailed instructions will be available on the date of the release. 

These operations are available:

  • Count
  • Search
  • Get
  • Create
  • Update
  • Delete

 

What is the <baseurl>?

 

This is the API server URL where your QualysGuard account is located. For an account on US Platform 1, this is <qualysapi.qualys.com>; on US Platform 2, this is <qualysapi.qg2.apps.qualys.com>; on EU Platform, this is <qualysapi.qualys.eu>.

A new release of Qualys, Version 8.2, includes an API update which is targeted for release in October 2014.

 

This API notification provides an early preview into the coming API changes in Qualys 8.2, allowing you to proactively identify any changes that might be required for your automated scripts or programs that utilize the API methods.

 

This release implements new capabilities for Control Criticality ratings in Qualys Policy Compliance.  It includes several changes to XML and CSV output which could impact existing API implementations.  There are also two new optional parameters for the posture API’s that will not impact existing implementations.  Notification about other new API features along with additional details and examples will be posted at a date prior to the release.

 

Control Criticality is a new feature in Policy Compliance that provides ratings for controls, including the ability to customize ratings at the control level or at the policy.  The API has been updated to include these data in API output.

 

Note: Control Criticality must be enabled in your account. By default, control criticality will not be enabled while we are updating the default criticality settings in the control library.  If you are interested in this feature immediately, please contact Support or your Technical Account Manager.

 

For details about the changes, please see the attached detailed release notification below.  Full release notes will be available to customers on the day of the release.

 

Summary of Changes:

  • There are two new optional parameters added to the Compliance Posture Information API v2: criticality_labels, criticality_values.
  • Control Criticality has been added to the following reports when downloaded to XML or CSV formats from the Report Share API or from the user interface: Compliance Policy Report, Individual Host Report
  • CRITICALITY element was added to the following output DTD's
    • posture info list output DTD  (/api/2.0/fo/compliance/posture/info/posture_info_list_output.dtd)
    • control list output DTD (/api/2.0/fo/compliance/control/control_list_output.dtd)
    • policy list output DTD  (/api/2.0/fo/compliance/policy/policy_list_output.dtd)
    • policy export output DTD (/api/2.0/fo/compliance/policy/policy_export_output.dtd)
    • compliance policy report DTD  (compliance_policy_report.dtd)
    • individual host compliance report DTD  (individual_host_compliance_report.dtd)
  • Control Criticality has been added to the XML output returned by:
    • Compliance Control List API v2 (/api/2.0/fo/compliance/control/?action=list)
    • Compliance Policy List API v2 (/api/2.0/fo/compliance/policy/?action=list)
    • Import Compliance Policy API v2 (/api/2.0/fo/compliance/policy/?action=import)
    • Export Compliance Policy API v2 (/api/2.0/fo/compliance/policy/?action=export
  • CRITICALITY element has been added to the user defined control XML schema (ImportableControl.xsd) used to import and export user defined controls from the UI.

Filter Blog

By date: By tag: