Skip navigation

A new release of Qualys Cloud Suite, Version 8.7 includes an API update which is targeted for release in January 2016.   The specific day will differ depending on the platform.  See platform release dates for more information. This API notification provides an early preview into the coming API changes, allowing you to proactively identify any changes that might be required for your automated scripts or programs that utilize the API methods.

 

This release includes features with changes to XML, CSV output, and/or DTD which could impact existing API implementations.  Notification about other new API features along with additional details and examples will be posted prior to the release.

 

For details about the changes, please see the attached detailed release notification below.

 

What's New

  1. Scan Report List - New Target Element
  2. VM - Vulnerability Threat Intelligence Information
  3. VM - Easily Identify Vulnerabilities Supported by Module
  4. VM - First Found Date Added to Asset Search Report CSV, XML

 

Scan Report List - New Target Element

The Scan Report List API (/msp/scan_report_list.php) is used to retrieve a list of saved scan reports in XML format. A new TARGET element in the XML output lists the IP address(es) that were scanned. In previous releases, the target was shown as an attribute of the SCAN_REPORT element.  There are changes to the XML output and DTD.

 

VM - Vulnerability Threat Intelligence Information

We’ve added Real-time Threat Indicators to the vulnerabilities in our KnowledgeBase and you can easily report on them to get threat intelligence information right away.

 

Real-time Threat Indicators are data points collected per vulnerability that contain accurate, timely and actionable information aggregated from multiple reliable data sources, allowing you to prioritize and filter the flood of security alerts.

 

Current Real-time threat indicators include values such as Zero Day, Exploit Public, Active Attacks, High Lateral Movement, Easy Exploit, High Data Loss, Denial of Service, No Patch.

 

Changes are made to the Dynamic Search List API (v2), KnowledgeBase API (v2), and KnowledgeBase Download (v1).  Please review the release notes for details of the changes to the API calls, XML Output, and DTD.

 

VM - Easily Identify Vulnerabilities Supported by Module

Now you can find out what vulnerabilities in our KnowledgeBase are supported by different Qualys modules - VM, Cloud Agent, WAS, WAF and MD. Use the KnowledgeBase Search option to identify vulnerabilities that can be detected by VM scans, Windows Cloud Agent and Linux Cloud Agent plus more. We’ve added a supported modules section to the vulnerability (QID) information, and this is where you’ll see the Qualys modules that may be used to detect each QID.

 

Changes are made to the Dynamic Search List API (v2), KnowledgeBase API (v2), and KnowledgeBase Download (v1).  Please review the release notes for details of the changes to the API calls, XML Output, and DTD.

 

VM - First Found Date Added to Asset Search Report CSV, XML

You can now view the First Found Date of an asset in the same way you download other data of the Asset Search Report.

The report can be downloaded from the Asset Search Report page, or via the Asset Search API (v1).

 

Please review the release notes for details of the changes to the API calls, XML Output, and DTD.

A new release of Qualys WAS, Version 4.5 which includes API updates and updated report formats, is targeted for release in January. The specific day will differ depending on the platform.  See platform release dates for more information.  The updated APIs for WAS 4.5 give you more ways to integrate your programs and API calls with Web Application Scanning (WAS).

 

What’s New

  1. Search Scan API - new CANCELED keyword
  2. Condensed CSV output for Web App and Scan Reports

 

Search Scan API - new CANCELED keyword

The Search Scan API allows you to search for scans that have been canceled. We updated the Criteria “status” to CANCELED, to make it consistent in the WAS application. (In previous releases it was CANCELLED).

 

Affected API: /qps/rest/3.0/search/was/scan/

Updated XSD: scan.xsd, wassscan.xsd

 

Condensed CSV output for Web App and Scan Reports

Now you’ll get more condensed versions of your Web Application Reports and Scan Reports in CSV format. The reports display each vulnerability and sensitive content using a single line.

 

 

Looking for our API user guides? Just log in to your account and go to Help > Resources.

 

Please see the attached PDF for all API details and changes including examples and API base URLs.

Filter Blog

By date: By tag: