Skip navigation

A new release of Qualys Cloud Suite, Version 2.33, includes an updated API which is targeted for release in May 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What’s New
Easily identify ignored WAS findings /qps/rest/3.0/search/was/finding
We have introduced a new element <isIgnored> to easily identify whether a WAS finding (detection) in the user’s scope is ignored or not.

 

HostAsset and Asset APIs show new Cloud Provider metadata for AWS, Azure and GCP

With this release Qualys Cloud Platform shows additional Cloud Provider metadata to users for Amazon AWS, Azure, and Google Cloud Platform. This asset metadata is collected from Vulnerability Scans (using VM), Compliance Scans (using PC or SCA), Cloud Agents and Data Connectors.

 

Schedule auto-update for appliances registered to a cluster
/qps/rest/2.0/create/waf/cluster
/qps/rest/2.0/update/waf/cluster
You can now use the cluster API to specify when the appliances registered with a cluster
get auto-updated. Specify days of the week and the start time. By default, auto-update is
enabled for all days of the week.

 

Validate XML/JSON payload
/qps/rest/2.0/create/waf/httpprofile
/qps/rest/2.0/update/waf/httpprofile
You can now use the HTTP Profiles API to enable XML/JSON parsing to validate that
transmitted payload is XML/JSON compliant. Parsing is not enabled by default.

 

Uninstall Cloud Agent using UUID
/qps/rest/2.0/uninstall/am/asset
/qps/rest/2.0/uninstall/am/hostasset
Cloud Agent uninstall API now allows you to specify the agent UUID to identify an agent
during uninstallation. Agent UUID can be specified in the request XML.

A new release of Qualys Cloud Suite, Version 8.14, this version # applies to Qualys Vulnerability Management (VM) and Policy Compliance (PC), includes an updated API which is targeted for release in June 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API. Please refer to the detailed release notes attached to this notification for more information.

 

What's new
Vault Support API - Cyber-Ark changed to CyberArk
/api/2.0/fo/vault
/api/2.0/fo/auth
We have changed Cyber-Ark to CyberArk for improved integration of CyberArk vaults. The change affects vault-type input parameter during vault creation (CyberArk AIM and CyberArk PIM Suite). The response also reflects the change.

 

Support for Client Id and Name in Multiple APIs
APIs affected:
/api/2.0/fo/scan/?action=list
/api/2.0/fo/scan/?action=launch
/api/2.0/fo/scan/compliance/?action=list
/api/2.0/fo/scan/compliance/?action=launch
/api/2.0/fo/schedule/scan/?action=list
/api/2.0/fo/schedule/scan/?action=create
/api/2.0/fo/schedule/scan/?action=update
/api/2.0/fo/report/?action=list
We now support for client element (id and name) for Consultant type subscriptions in Scan API, Scheduled Scan API, Compliance Scan API, and Report API.

 

New Scan Summary API for Hosts Not Scanned /api/2.0/fo/scan/summary
This new Summary API lets you identify hosts that were not scanned and why.

 

New Support for Wallix AdminBastion (WAB) Vaults

/api/2.0/fo/vault/ /api/2.0/fo/auth/windows/ /api/2.0/fo/auth/unix/
This new vault type can be used to retrieve authentication credentials from a Wallix AdminBastion (WAB) vault. We updated the authentication vault API (create, update, list, view) and the authentication record API (create, update, list) to support the new vault type. We updated the DTDs for listing Windows and Unix records.

 

Fix to Vault View API Output /api/2.0/fo/vault/
We fixed the XML output of the authentication vault view API to fix a DTD validation error. When echo_request=1 is specified as part of the API call, the REQUEST section now correctly appears before the RESPONSE section in the output.

 

Support for EC2 Scanning using only Instance ID /api/2.0/fo/scan/ /api/2.0/fo/scan/compliance/
We now support launch of on demand internal ec2 scans using only ec2 instance ids. You can use tags if needed. Using tags is now optional.

 

Update to CertView Scan Results to include FQDN /api/2.0/fo/scan/?action=fetch
We added FQDN to the header section of CertView scan results where we’ll now list the FQDNs in the scan target, if any. Previously we listed the target FQDNs with the target IPs. You can download scan results from the UI or fetch results from the API. These changes apply to CertView Scans only.

 

Patch Report is now available in XML format /api/2.0/fo/report
You can now launch and download patch reports in XML format using the API and UI.

 

Option Profile - Import/Export Map Authentication /api/2.0/fo/subscription/option_profile/
We have added 2 new values for the tag <MAP_AUTHENTICATION> to support future capabilities: vCenter, none. Also, the value VMware, available in previous release, is now renamed to VMware-ESXi.

A new release of Qualys Cloud Suite, Version 2.33, includes an updated API which is targeted for release in May 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What’s New

Easily identify ignored WAS findings /qps/rest/3.0/search/was/finding
We have introduced a new element <isIgnored> to easily identify whether a WAS finding (detection) in the user’s scope is ignored or not.

 

HostAsset and Asset APIs show new Cloud Provider metadata for AWS, Azure and GCP

With this release Qualys Cloud Platform shows additional Cloud Provider metadata to users for Amazon AWS, Azure, and Google Cloud Platform. This asset metadata is collected from Vulnerability Scans (using VM), Compliance Scans (using PC or SCA), Cloud Agents and Data Connectors.

A new release of Qualys Cloud Suite, Version 2.32.2, includes an updated API which is targeted for release in May 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What’s New

AWS EC2 Connector - Support for Cross-Account Role Authentication
Qualys now supports the creation of EC2 connectors using a cross-account access role. This allows you to grant Qualys access to your AWS EC2 instances without sharing your AWS security credentials. Qualys will access your AWS EC2 instances by assuming the IAM role that you create in your AWS account. With this support, we are discontinuing the creation of EC2 connectors using IAM access keys. We’ll help you migrate your existing EC2 connectors to now use cross-account access roles. Note that this migration to your existing EC2 connector to cross account role is unidirectional and cannot be reverted.

Filter Blog

By date: By tag: