Skip navigation

A new release of Qualys Cloud Platform 8.22 (VM/PC) includes an updated API which is targeted for release in December 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

12/5/19 NOTE: The Support for SSH Login on VMware ESXi 5.x/6.x Hosts has been removed from this release.  


What's new
Cloud Perimeter Scan API: New Input Parameter to Include Micro and Nano Instances into Scan
/api/2.0/fo/scan/cloud/perimeter/job/
It’s now possible to include micro/nano instances for scanning when launching a Cloud Perimeter scan for EC2 instances.

 

Cloud Perimeter Scan API: New Input Parameter to Include Connector’s Load Balancers into Scan
/api/2.0/fo/scan/cloud/perimeter/job/
You can now specify in the Cloud Perimeter Scan API to include public load balancers from the selected connector in the scan job.

 

Schedule Scans for Policy Compliance
/api/2.0/fo/schedule/scan/compliance
This API provides you the ability to create, update, list, and delete schedule scans for Policy Compliance.

 

Specify Network ID while Creating Virtual Hosts
/api/2.0/fo/asset/vhost/
You can now specify the network_id while creating the Virtual Host through API. Network support must be enabled to specify the network_id. If network support is enabled and you do not provide a network_id, then the Default Global Network is considered. You can specify only one network_id.

A new release of Qualys Cloud Platform v2.42 (WAS/AM/SAQ) includes an updated API which is targeted for release in November 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.


What’s New
AWS Asset Data Connector: Support for New Regions
The Asset Management and Tagging API has been updated to support the following new regions: GovCloud: us-gov-east-1China: cn-northwest-1Bahrain: me-south-1

 

Host Asset API: Search IBM assets
The Asset Management and Tagging API has been updated to allow searching for IBM assets in your account.

 

Security Assessment Questionnaire: New Campaign API
Introducing 2 new APIs for SAQ: Questionnaire Campaign API and Questionnaire API

 

Web Application Scanning (WAS): Tag Details in Web App API
With introduction of new optional parameter for Web Applications API, you can now also view the list of tags (and not just count of tags) associated with the web application.

 

WAS: XSS Payloads Option for Standard Scans
You can now enable comprehensive tests for cross-site scripting vulnerabilities to be executed during our standard scan using the new parameter in option profile. The comprehensive tests includes XSS with exhaustive set of payloads including set of standard payloads. Running a scan with XSS payloads option enabled in the detection scope of standard scan will provide the best assurance that your web application is free from XSS vulnerabilities. However, enabling this option leads to significant increase in the scan time.

 

WAS: New Groups for Information Gathered Issues
Currently, all Information Gathered issues in WAS are clubbed together in the report. We have now introduced two new groups for issues of type Information Gathered:- Diagnostic IG (general information about the scan)- Weakness IG (issues that are security weakness or conflict with best practices)

 

WAS: Cancel Scan with Results Support for Scans
Currently, canceling an unfinished scan on a web application which is in the user’s scope does not return any results. We have now introduced a new parameter <cancelWithResults> that allows you to cancel the scan and still retain results. You can use the scan ID and generate a report to view the results.

 

WAS: Scan Again Support for Scan API
We now provide the option to execute a previous scan again. Identify the scan you want to run again and use scanagain action. We'll pre-fill the scan settings to match the original scan.

A new release of Qualys Cloud Platform 8.21.6 includes an updated API which is targeted for release in November 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

 

 

What’s New

 

New Oracle HTTP Server Authentication API
/api/2.0/fo/auth/
/api/2.0/fo/auth/oracle_http_server/
Oracle HTTP Server authentication is now supported for compliance scans on Unix and Windows. The new Oracle HTTP Server Authentication API (api/2.0/fo/auth/oracle_http_server/) lets you list, create, update and delete Oracle HTTP Server authentication records. User permissions for this API are the same as other authentication record APIs. Note that the API supports authentication record creation only for Oracle Server installed on respective OS - Unix or Windows.

 

 

Support for File Content Check on Windows
/api/2.0/fo/compliance/posture/info/?action=list
/api/2.0/fo/compliance/control/?action=list
/api/2.0/fo/compliance/policy/?action=export
With this release, you can now configure a File Content Check control to check the contents of a Windows file. Tell us which file you want to evaluate and what you're looking for. We'll return all lines in the file that match. You can specify your file location using any of the path types: Registry Key, File Search, File Path

 

 

Support for HashiCorp vault in Database Authentication records   
/api/2.0/fo/auth/  
HashiCorp Vault is now supported for the following database authentication records: MySQL, MariaDB, Sybase, PostgreSQL, MongoDB. You can create, update, list, and view authentication credentials from a HashiCorp vault.

 

Updates to Input Parameters for Cloud Perimeter Scan Jobs
/api/2.0/fo/scan/cloud/
It’s now possible to launch a cloud perimeter scan job without specifying the platform, region code, vpc id or asset tags. Multiple input parameters changed from Required to Optional to provide this flexibility. Note - There are no changes to the XML output or DTD.

 

 

 

Sybase Authentication is Now Supported in VM
/api/2.0/fo/auth/sybase/
/api/2.0/fo/subscription/option_profile/
Sybase authentication was already supported for PC and now it’s also supported in VM for vulnerability scanning. Each Sybase record identifies account login credentials, database information and target host IPs for authenticating to Sybase Adaptive Server Enterprise (ASE) instances. How you create and manage Sybase records is the same as previously documented for PC. You can find all the details in the Qualys API (VM/PC) User Guide. 

 

We made updates to the VM option profile API to allow users to enable Sybase authentication for vulnerability scans. You’ll also see Sybase in the XML output when you list/export option profiles with Sybase enabled. Note that there are no DTD changes.

Filter Blog

By date: By tag: