Skip navigation

A new release of Qualys Cloud Suite, Version 2.35 (AM/WAF/WAS), includes an updated API which is targeted for release in December 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API. Release notes are attached to this post.

 

What's new

New Application Security Categories added in Security Policies
/qps/rest/2.0/get/waf/securitypolicy/<id>
/qps/rest/2.0/search/waf/securitypolicy
/qps/rest/2.0/create/waf/securitypolicy
/qps/rest/2.0/update/waf/securitypolicy
We have added support for four new application security categories. Add the new categories as elements under the applicationSecurity parameter and set confidence values for them.

 

New Conditions Added to Custom Rule
/qps/rest/2.0/get/waf/customrule/<id>
/qps/rest/2.0/search/waf/customrule
/qps/rest/2.0/create/waf/customrule
/qps/rest/2.0/update/waf/customrule
Custom Rule API now supports new conditions and operators for custom rules.

 

Added Support for Response Headers to Custom Rule
/qps/rest/2.0/get/waf/customrule/<id>
/qps/rest/2.0/search/waf/customrule
/qps/rest/2.0/create/waf/customrule
/qps/rest/2.0/update/waf/customrule
We have added three new actions: insertHeader, rewriteHeader and stripHeader to the Custom Rule API. You can configure these actions to insert, modify or remove HTTP headers in responses when the conditions for the actions are met.

 

Schedule Reactivation for Ignored Finding /qps/rest/3.0/ignore/was/finding
You can now schedule a date or the number of days to reactivate an ignored finding. With two new parameters: reactivateDate and reactivateIn, you can let us know when an ignored finding should be reactivated again.

 

Dynamic tagging for AWS, AZURE, GCP 
The Asset Management and Tagging API has been updated to allow dynamic tagging for AWS (EC2), AZURE, and GCP assets. You can now group your cloud assets according to the cloud provider they belong to. Tags are applied to assets found by cloud agents (AWS, AZURE, GCP) and EC2 connectors (AWS).

A new release of Qualys Cloud Suite, Version 8.16 (VM/PC), includes an updated API which is targeted for release in December 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API. Release notes are attached to this post.

 

What's New

New CVSS v3.0 Metrics Added to KnowledgeBase API /api/2.0/fo/knowledge_base/vuln/
We updated the CVSS v2 and CVSS v3 sections of the KnowledgeBase API output. For both CVSS v2 and CVSS v3 we added the vector string. For CVSS v3 we renamed, added and removed metrics to match the CVSS v3 standard.

 

Support for Scanning ESXi Hosts on vCenter /api/2.0/fo/auth/vmware/
You can now specify login_type=vcenter in the API request when creating and updating VMware authentication records.

 

SCAP Last Scanned Date for Asset Search /api/2.0/fo/asset/host/?action=list
We have now introduced two new parameters to filter SCAP last scanned date when you download a list of hosts, based on the scan data available in the user’s account.

 

Host List Detection API - New Filters for Last Detection Tested Date /api/2.0/fo/asset/host/vm/detection
The Host List Detection API includes 4 new filters based on when detections were last tested on a host (as part of a full scan or partial scan). You can filter the list to show detections tested since or before a particular date or number of days. The XML output already includes the LAST TEST DATETIME.

 

OS Authentication Instance-based Technology Discovery /api/2.0/fo/scan/compliance
We can now collect technology data using the underlying OS technology without creating authentication records.

 

New Instance column in STIG Report CSV
A host can have multiple instances and you can now include the host instance in the STIG report. Simply choose “Instance” in the STIG report template from the UI to show this information in the CSV report output.

 

New Search Filter Added to Scanner Appliance API /api/2.0/fo/appliance/
You can now search scanner appliances by platform where scanners are deployed. You'll see the platform provider in the XML output when you also specify “include_cloud_info=1” and “output_mode=full” in the request.

 

New API: List Superseding Patches for an Asset /api/2.0/fo/asset/patch/
We have now introduced a new API: Patch Supersede API that lets you view the list of all superseding patches that will fix detections on a specific host.

 

New API: Scanner Details /api/2.0/fo/scan/scanner
The new Scanner Details API helps you identify the scanner used to scan a particular IP address at a given time. This is supported for vulnerability scans only. This new API is especially useful when you’re scanning a large number of IPs using a pool of scanners and you’re not sure which scanner was used to scan a particular host.

 

Agent UDC Support (coming soon!)
/api/2.0/fo/compliance/control/?action=list
/api/2.0/fo/compliance/policy/?action=export
New Agent UDC Support will be announced soon via the Qualys Technology blog once remaining components are released.

A new release of Qualys Cloud Suite, Version 2.35 (Asset Tagging), includes an updated API which is targeted for release in November 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API. Release notes are attached to this post.

 

What's new
Dynamic tagging for AWS, AZURE, GCP 
The Asset Management and Tagging API has been updated to allow dynamic tagging for AWS (EC2), AZURE, and GCP assets. You can now group your cloud assets according to the cloud provider they belong to. Tags are applied to assets found by cloud agents (AWS, AZURE, GCP) and EC2 connectors (AWS).

A new release of Qualys Cloud Suite, Version 8.16 (PC/VM), includes an updated API which is targeted for release in November 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Statuspage. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API. Release notes are attached to this post.

 

What's new
New CVSS v3.0 Metrics Added to KnowledgeBase API /api/2.0/fo/knowledge_base/vuln/
We updated the CVSS v2 and CVSS v3 sections of the KnowledgeBase API output. For both CVSS v2 and CVSS v3 we added the vector string. For CVSS v3 we renamed, added and removed metrics to match the CVSS v3 standard.

 

Support for Scanning ESXi Hosts on vCenter /api/2.0/fo/auth/vmware/
You can now specify login_type=vcenter in the API request when creating and updating VMware authentication records.

 

SCAP Last Scanned Date for Asset Search /api/2.0/fo/asset/host/?action=list
We have now introduced two new parameters to filter SCAP last scanned date when you download a list of hosts, based on the scan data available in the user’s account.

 

Host List Detection API - New Filters for Detection Tested Date /api/2.0/fo/asset/host/vm/detection
The Host List Detection API has been updated to include new filters based on when detections were last tested on a host. The XML output already includes the LAST TEST DATETIME. Now you can filter the list to only show detections tested since a particular date, before a particular date, or filter by the number of days since the detection was last tested.

 

OS Authentication instance-based technology discovery /api/2.0/fo/scan/compliance
We can now collect technology data using the underlying OS technology without creating authentication records.

 

New Instance column in STIG Report CSV
A host can have multiple instances and you can now include the host instance in the STIG report. Simply choose “Instance” in the STIG report template from the UI to show this information in the CSV report output.

Filter Blog

By date: By tag: