Skip navigation

A new release of Qualys Cloud Suite, Version 2.34, includes an updated API which is targeted for release in September 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.  Release notes are attached to this post.

 

What’s New
Fetch Docker information through Asset Management API
/qps/rest/2.0/get/am/hostasset
/qps/rest/2.0/search/am/hostasset
The Asset Management API now returns docker (container) information for host assets
matching the provided criteria.

 

Continuous Monitoring (CM) Licensing
/qps/rest/1.0/search/cm/alert/
/qps/rest/1.0/get/cm/alert/<id>
/qps/rest/1.0/download/cm/alert/?format=<format>
/qps/rest/1.0/search/cm/profile/
/qps/rest/1.0/get/cm/profile/<id>
With this release asset licensing is implemented in the Continuous Monitoring (CM) app,
for internal and external assets. This applies to non trial CM customers only. After login to
the CM UI, the customer can add asset tags to be used for licensing under the
Configuration tab called Licensing Details. This allows the customer to select the asset
tags to enforce the licensing.

 

New XSS Power Mode Option Profile in WAS
/qps/rest/3.0/get/was/optionprofile/<id>
/qps/rest/3.0/create/was/optionprofile
/qps/rest/3.0/update/was/optionprofile/<id>
You can now execute specialized scan that performs comprehensive tests for cross-site
scripting vulnerabilities using the new option profile with XSS Power Mode detection scope
that we have introduced. The detection scope performs tests using the standard XSS
payloads, which detect the most common instances of XSS, but also with additional
payloads that can identify XSS in certain, less-common situations. Running a scan with
option profile that has XSS Power Mode detection scope will provide the best assurance
that your web application is free from XSS vulnerabilities.

 

New Security Filters in WAF for Cipher Selection in Web Applications
/qps/rest/2.0/get/waf/webapp/<id>
/qps/rest/2.0/search/waf/webapp/
/qps/rest/2.0/create/waf/webapp
/qps/rest/2.0/update/waf/webapp/<id>
We have made cipher selection for your web applications simple with new security filters.
You can choose one or more one security filters based on your security requirements.
Available security filters are Strong, Good, Weak and Unsafe.

 

Separate VULNSIGS information in Asset Management API for split manifest
/qps/rest/2.0/get/am/hostasset
/qps/rest/2.0/search/am/hostasset
The Asset Management API now returns separate VULNSIGS information for host asset
when using a split manifest for VM, PC, or SCA.

 

WAF APIs for version 1.0 deprecated
WAF APIs for version 1.0 are now deprecated and no longer available. You can use
equivalent version 2.0 APIs to perform WAF operations.

A new release of Qualys Cloud Suite, Version 8.15, includes an updated API which is targeted for release in September 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What’s New
Posture Profile API - DTD Change for show_remediation_info /api/2.0/fo/compliance/posture/info/
In the Posture Profile Information DTD the V value in element <!ELEMENT TP (LABEL, V+)> replaced with <!ELEMENT TP (LABEL, V*)> to ensure that the validation does not fail. This is an optional value.

 

Posture Profile API - New Parameter to Show Cause of Failure /api/2.0/fo/compliance/posture/info/
We added a new parameter to the Posture Profile API to show the cause of failure for CIDs.

 

New EC2 Information in the Host Based Report /api/2.0/fo/report
You will now see three new fields: Account ID, Region Code and Subnet ID in host based reports when you create your report using the Scan or PCI Scan template with the EC2 Related Information option checked.

 

New MariaDB Authentication API /api/2.0/fo/auth/ /api/2.0/fo/auth/mariadb/
MariaDB authentication is now supported for compliance scans. The new MariaDB Authentication API (<baseurl>/api/2.0/fo/auth/mariadb/) lets you list, create, update and delete MariaDB authentication records. User permissions for this API are the same as other authentication record APIs.

 

New JBOSS Server Authentication Record /api/2.0/fo/auth/jboss
We have now added a new API to support JBoss Server Authentication. Using the JBoss Server API (.../api/2.0/fo/auth/jboss) you can perform these actions: create, update, list, delete

 

MySQL DB Authentication API - Support for Vaults /api/2.0/fo/auth/mysql/
Now API users can configure MySQL authentication records to use vaults to access credentials used for authentication. Vaults are already supported for MySQL authentication in the UI.

 

List Tomcat Records - DTD Change /api/2.0/fo/auth/tomcat/?action=list
The Auth Tomcat List Output DTD is used when you list Tomcat authentication records in your account. In this DTD, we changed the element SERVICE_NAME to SERVICE_NAME_WINDOWS.

 

Scanner Appliance: IPv6 Support for VLANs and Static Routes /api/2.0/fo/appliance/*/
We now support IPv6 addresses when defining VLANs and static routes for virtual and physical scanner appliances. Appliances can have a mix of IPv4 configurations and IPv6 configurations.

 

NOTE: We are making our formerly Limited Customer Release Subscription API Generally Available (GA) for all customers. Do note this is only of use if you have and manage multiple subscriptions on the Qualys Cloud Platform. For the majority of customers, this is of no use.


Option Profile API - Export System Profiles /api/2.0/fo/subscription/option_profile/

More Option Profile functions for VM, PCI, PC /api/2.0/fo/subscription/option_profile/*/
You can now create, update, list and delete option profiles for VM, PCI, and PC.

(UPDATE: prior release notes only included partial information on this new API)

Filter Blog

By date: By tag: