Skip navigation

API Notifications

12 Posts authored by: Eric Perraudeau

A new release of QualysGuard, Version 7.11, will be available in production in August 2013. The final date has not been determined yet, but this release contains changes to the APIs and DTDs that requires a 30-day notification. More information specific to this release, including the date of global availability, will be communicating 2 weeks before the release date via the Release Notification pages here:

 

This API notification provides an early preview into the coming API changes in QualysGuard 7.11, allowing you to proactively figure out any changes that might be required for your automated scripts or programs that make call to the API functions describe provided below:

  • Enhancements to “/api/2.0/fo/asset/host” API
    • support for asset tags as input parameter for host selection
    • support for asset tags in the XML output
    • support for Qualys Host ID in the XML output when Agentless Tracking is used
    • support for custom page size output
    • “host_list_output.dtd” updated
  • Enhancements to “/api/2.0/fo/asset/host/vm/detection”
    • support for asset tags as input parameter for host selection
    • support for asset tags in the XML output
    • support for Qualys Host ID in the XML output when Agentless Tracking is used
    • “host_list_vm_detection_output.dtd” updated
  • New technology available in Authentication API V2 “/api/2.0/fo/auth”
    • support for Apache 2.2 (IBM http Server 7.x running on RHEL 5.x and 6.x)
    • support for Apache 2.2 (VMWare vFabric Web Server 5.2)
    • support for Microsoft IIS 6.x and 7.x
    • support for IBM WebSphere Application Server 7.0
  • Enhancements to “/api/2.0/fo/auth” API
    • output contains new authentication records mentioned above
    • “auth_records.dtd” updated

 

Full release notes will be available to customers from within the Resources section of your QualysGuard account.


Enhancements to “/api/2.0/fo/asset/host” API

New input parameters

New input parameters allow you to list hosts using asset tags, and return the list of asset tags in the XML output. The example provided below is a request to list all the hosts tagged with the tag "US-HQ" but not tagged with the tag "US-HQ-FINANCE", and return the list of the asset tags for all the hosts record in the XML output:

 

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d
     "action=list&use_tags=1&show_tags=1&tag_set_by=name&tag_include_selector=any&
     tag_exclude_selector=any&tag_set_include=US-HQ&tag_set_exclude=US-HQ-FINANCE"
     "https://qualysapi.qualys.com/api/2.0/fo/asset/host/"

 

Support for custom page size output

To optimize the processing of the XML output by the API client, the output of the Host List API is paginated. By default, a maximum of 1,000 host records are returned per page. Now with QualysGuard 7,11, you can customize the page size (i.e. the number of host records) by using the parameter “truncation_limit=10000” for instance. In this case the results will be return with pages of 10,000 host records.

 

When using “truncation_limit=0” it means that the output is not paginated and all the records are returned in a single output.

 

XML output includes new elements

The XML output returned from a Host List API v2 request now includes new information and the output DTD was updated. This information is returned:

  • The QG Host ID assigned to each host when Agentless Tracking is used
  • The tags associated with each host when show_tags=1 is specified

 

"host_list_output.dtd" changes

[...]

<!ELEMENT HOST_LIST (HOST+)>

<!ELEMENT HOST (ID, IP?, TRACKING_METHOD?, DNS?, EC2_INSTANCE_ID?,

                      NETBIOS?, OS?, QG_HOSTID?, TAGS?, LAST_VULN_SCAN_DATETIME?,

                      LAST_COMPLIANCE_SCAN_DATETIME?, OWNER?, COMMENTS?,

                      USER_DEF?, ASSET_GROUP_IDS?)>

<!ELEMENT TAGS (TAG+)>

<!ELEMENT TAG (TAG_ID, NAME)>

[...]

 

Sample Output


<HOST_LIST>
  <HOST>
    <ID>2162066</ID>
    <IP>10.10.10.33</IP>
    <TRACKING_METHOD>IP</TRACKING_METHOD>
    <DNS><![CDATA[dhcp-33.qualys.com]]></DNS>
    <OS><![CDATA[AIX 5.3]]></OS>
    <QG_HOSTID><![CDATA[51da79a3-0375-0002-605b-005056a91eec]]></QG_HOSTID>
    <TAGS>
      <TAG>
        <TAG_ID><![CDATA[301370]]></TAG_ID>
        <NAME><![CDATA[US-HQ]]></NAME>
      </TAG>
      <TAG>
        <TAG_ID><![CDATA[262969]]></TAG_ID>
        <NAME><![CDATA[port-111]]></NAME>
      </TAG>
    </TAGS>
  </HOST>
</HOST_LIST>

 

Enhancements to “/api/2.0/fo/asset/host/vm/detection”

New input parameters

New input parameters allow you to list host detections using asset tags, and return the list of asset tags in the XML output. It is similar to the changes explained below for the host API.

 

XML output includes new elements

The XML output returned from a vulnerability detection API request now includes new information and the output DTD was updated. This information is returned:

  • The QG Host ID assigned to each host when Agentless Tracking is used
  • The tags associated with each host when show_tags=1 is specified
  • The fixed date/time for each vulnerability with a Fixed status (when the vulnerability was verified fixed by a scan)

 

"host_list_vm_detection_output.dtd" changes

[...]

<!ELEMENT HOST_LIST (HOST+)>

<!ELEMENT HOST (ID, IP?, IPV6?, TRACKING_METHOD?, OS?, OS_CPE?, DNS?,

                      NETBIOS?, QG_HOSTID?, TAGS?, LAST_SCAN_DATETIME?,

                      DETECTION_LIST?)>

<!ELEMENT TAGS (TAG+)>

<!ELEMENT TAG (TAG_ID, NAME)>

<!ELEMENT DETECTION_LIST (DETECTION+)>

<!ELEMENT DETECTION_LIST (DETECTION+)>

<!ELEMENT DETECTION (QID, TYPE, PORT?, PROTOCOL?, FQDN?, SSL?, INSTANCE?,

                     RESULTS?, STATUS?, FIRST_FOUND_DATETIME?, LAST_FOUND_DATETIME?,

                     LAST_TEST_DATETIME?, LAST_UPDATE_DATETIME?, LAST_FIXED_DATETIME?)>

[...]

 

Sample Output

 

 

<HOST_LIST>
  <HOST>
    <ID>2167925</ID>
    <IP>10.10.30.156</IP>
    <TRACKING_METHOD>IP</TRACKING_METHOD>
    <OS><![CDATA[Linux 2.4-2.6 / Embedded Device / F5 Networks Big-IP]]></OS>
    <LAST_SCAN_DATETIME>2013-06-11T18:04:43Z</LAST_SCAN_DATETIME>
    <TAGS>
      <TAG>
        <TAG_ID><![CDATA[299373]]></TAG_ID>
        <NAME><![CDATA[US-HQ]]></NAME>
      </TAG>
    </TAGS>
    <DETECTION_LIST>
      <DETECTION>
        <QID>12476</QID>
        <TYPE>Confirmed</TYPE>
        <PORT>8080</PORT>
        <PROTOCOL>tcp</PROTOCOL>
        <SSL>0</SSL>
        <RESULTS><![CDATA[JBoss HttpAdaptor JMXInvokerServlet is accessible to Unauthenticated Remote Users]]></RESULTS>
        <STATUS>New</STATUS>
        <FIRST_FOUND_DATETIME>2013-06-11T17:40:35Z</FIRST_FOUND_DATETIME>
        <LAST_FOUND_DATETIME>2013-06-11T17:40:35Z</LAST_FOUND_DATETIME>
        <LAST_TEST_DATETIME>2013-06-11T17:40:35Z</LAST_TEST_DATETIME>
        <LAST_FIXED_DATETIME>2013-06-11T18:04:43Z</LAST_FIXED_DATETIME>
      </DETECTION>
    </DETECTION_LIST>
  </HOST>
<HOST_LIST>

 

Update to the Authentication API to support new application server technologies

QualysGuard 7.11 now provides the ability to manage authentication record for the following technologies using the Authentication API V2 “/api/2.0/fo/auth”:

  • support for Apache 2.2 (IBM http Server 7.x runnign on RHEL 5.x and 6.x)
  • support for Apache 2.2 (VMWare vFabric Web Server 5.2)
  • support for Microsoft IIS 6.x and 7.x
  • support for IBM WebSphere Application Server 7.0

 

The Authentication API V2 includes the ability manage authentication records for the technologies listed above and:

  • Create new authentication records
  • Update authentication records
  • Delete authentication records
  • List Authentication records

 

Example: Create a new Apache record

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST"

          -d "action=create&title=Apache+Record&unix_apache_config_file=/opt/IBM/HTTPServer/conf/httpd.conf1&

     unix_apache_control_command=/opt/IBM/HTTPServer/bin2&ips=10.10.25.25"

          "https://qualysapi.qualys.com/api/2.0/fo/auth/apache/"

 

Example: Update an Apache record

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST"

          -d "action=update&ids=1234&unix_apache_config_file=/opt/IBM/HTTPServer/conf/httpd.conf2"

          "https://qualysapi.qualys.com/api/2.0/fo/auth/apache/"

 

Example: Delete an Apache record

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST"

          -d "action=delete&ids=1234"

          "https://qualysapi.qualys.com/api/2.0/fo/auth/apache/"

 

Example: List Apache records

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST"

          -d "action=list"

          "https://qualysapi.qualys.com/api/2.0/fo/auth/apache/"

 

Sample Apache record output:


 <?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_APACHE_LIST_OUTPUT SYSTEM "https://qualysapi.qualys.com/api/2.0/fo/auth/apache/auth_apache_list_output.dtd">
<AUTH_APACHE_LIST_OUTPUT>
  <RESPONSE>
    <DATETIME>2013-06-25T17:55:32Z</DATETIME>
      <AUTH_APACHE_LIST>
        <AUTH_APACHE>
          <ID>8795</ID>
          <TITLE><![CDATA[Apache - IBM HTS 7.0]]></TITLE>
          <IP_SET>
            <IP>10.10.26.26</IP>
            <IP>10.10.30.38</IP>
            <IP>10.10.30.71</IP>
          </IP_SET>
        <UNIX_CONFIGURATION_FILE><![CDATA[/opt/IBM/HTTPServer/conf/httpd.conf2]]></UNIX_CONFIGURATION_FILE>
        <UNIX_CONTROL_COMMAND><![CDATA[/opt/IBM/HTTPServer/bin2]]></UNIX_CONTROL_COMMAND>
        <CREATED>
          <DATETIME>2013-05-07T20:38:06Z</DATETIME>
          <BY>quays_cd3</BY>
        </CREATED>
        <LAST_MODIFIED>
          <DATETIME>2013-06-20T18:12:37Z</DATETIME>
        </LAST_MODIFIED>
        <COMMENTS><![CDATA[some comment text]]></COMMENTS>
      </AUTH_APACHE>
    </AUTH_APACHE_LIST>
  </RESPONSE>
</AUTH_APACHE_LIST_OUTPUT>

 

Enhancements to “/api/2.0/fo/auth” API

The “Authentication List” API v2 lists all authentication records in the user’s account.

 

Example:

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d

       "action=list" "https://qualysapi.qualys.com/api/2.0/fo/auth/"

 

XML output modified and “/api/2.0/fo/auth/auth_records.dtd” updated:

 

[...]

<!ELEMENT RESPONSE (DATETIME, AUTH_RECORDS?, WARNING_LIST?)>

<!ELEMENT AUTH_RECORDS (AUTH_UNIX_IDS?, AUTH_WINDOWS_IDS?, AUTH_ORACLE_IDS?,

                                                AUTH_ORACLE_LISTENER_IDS?, AUTH_SNMP_IDS?, AUTH_MS_SQL_IDS?,

                                                AUTH_IBM_DB2_IDS?, AUTH_VMWARE_IDS?, AUTH_MS_IIS_IDS?, AUTH_APACHE_IDS?,

                                                AUTH_IBM_WEBSPHERE_IDS?)

<!ELEMENT AUTH_MS_IIS_IDS (ID_SET)>

<!ELEMENT AUTH_APACHE_IDS (ID_SET)>

<!ELEMENT AUTH_IBM_WEBSPHERE_IDS (ID_SET)>

[...]

A new API to manage assets and asset tags, including dynamic tags, in the Asset Management module is now available in production. Details are in the QualysGuard Asset Management and Tagging API User Guide.

 

With this new API, users can perform "Create", "Update", "Get", "Count", "Search" and "Delete" operations for the following objects:

  • Static Tags
  • Dynamic Tags
  • Host Assets
  • Amazon EC2 Assets

 

Example:  Create a dynamic asset tag

This example create a dynamic asset tags that will be applied to any asset which hostname starts with "hostname-corp"

 

curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" --data-binary @-
     "https://qualysapi.qualys.com/qps/rest/1.0/create/am/tag" < file.xml

 

 

<ServiceRequest>
  <data>
    <Tag>
      <scope>USER</scope>
      <name><![CDATA[create dynamic tag - test]]></name>
      <description><![CDATA[sample dynamic tag for asset name - test]]></description>
      <dynamicTagEngine>NAME_CONTAINS</dynamicTagEngine>
      <dynamicTagRule><![CDATA[hostname-corp.*]]></dynamicTagRule>
      <reindex>false</reindex>
      <display>
        <foregroundColor>-7197</foregroundColor>
        <backgroundColor>-3407872</backgroundColor>
      </display>
      <parent>
        <id>737931</id>
      </parent>
    </Tag>
  </data>
</ServiceRequest>

A new release of QualysGuard, Version 7.9, will be available in production by the end of April 2013. The final date has not been determined yet, but this release contains changes to the APIs and DTDs that requires a 30-day notification. More information specific to this release, including the date of global availability, will be communicating 2 weeks before the release date via the Release Notification pages here:

 

This API notification provides an early preview into the coming API changes in QualysGuard 7.9, allowing you to proactively figure out any changes that might be required for your automated scripts or programs.

 

With this release users can view the Oracle DB instance a vulnerability was detected on. This information appears in scan reports when an Oracle authentication record was used for scanning. Multiple scan report DTDs have been updated to show vulnerability instance information:

 

  • scan results DTD "scan-1.dtd" used by:
    • Ouput of API "/msp/scan.php"
    • Ouput of API "/msp/scan_report.php"
    • XML scan results downloaded using the User Interface


  • scan report DTD "asset_data_report.dtd" used by:
    • Output of API "/msp/asset_data_report.php"
    • XML vulnerability reports downloaded using the User Interface


  • vulnerability detection DTD "host_list_vm_detection_output.dtd" used by:
    • Output of API "/api/2.0/fo/asset/host/vm/detection/?action=list"


  • host information DTD "get_host_info.dtd" used by:
    • Output of API "/msp/get_host_info.php"

 

  • ticket list output DTD "ticket_list_output.dtd" used by:
    • Output of API "/msp/ticket_list.php"

 

The Oracle DB instance includes the technology name, SID and port number like this: "Oracle9:ora9206p:1521"

 

Full release notes will be available to customers from within the Resources section of your QualysGuard account.


Changes to scan-1.dtd

A new optional XML child element <INSTANCE> has been added to the following XML parent elements <INFO>, <SERVICE>, <VULN>, <PRACTICE> as show below in this DTD update:

 

<!ELEMENT INFO (TITLE, LAST_UPDATE?, PCI_FLAG, INSTANCE?,
                VENDOR_REFERENCE_LIST?, CVE_ID_LIST?, BUGTRAQ_ID_LIST?,
                DIAGNOSIS?, DIAGNOSIS_COMMENT?, CONSEQUENCE?,
                CONSEQUENCE_COMMENT?, SOLUTION?, SOLUTION_COMMENT?,
                COMPLIANCE?, CORRELATION?, RESULT?)>

<!ELEMENT SERVICE (TITLE, LAST_UPDATE?, PCI_FLAG, INSTANCE?,
                   VENDOR_REFERENCE_LIST?, CVE_ID_LIST?,
                   BUGTRAQ_ID_LIST?, DIAGNOSIS?, DIAGNOSIS_COMMENT?,
                   CONSEQUENCE?, CONSEQUENCE_COMMENT?, SOLUTION?,
                   SOLUTION_COMMENT?, COMPLIANCE?, CORRELATION?, RESULT?)>

<!ELEMENT VULN (TITLE, LAST_UPDATE?, CVSS_BASE?, CVSS_TEMPORAL?, PCI_FLAG, INSTANCE?,
                VENDOR_REFERENCE_LIST?, CVE_ID_LIST?, BUGTRAQ_ID_LIST?, DIAGNOSIS?,
                DIAGNOSIS_COMMENT?, CONSEQUENCE?, CONSEQUENCE_COMMENT?, SOLUTION?,
                SOLUTION_COMMENT?, COMPLIANCE?, CORRELATION?, RESULT?)>

<!ELEMENT PRACTICE (TITLE, LAST_UPDATE?, CVSS_BASE?, CVSS_TEMPORAL?,
                    PCI_FLAG, INSTANCE?, VENDOR_REFERENCE_LIST?,
                    CVE_ID_LIST?, BUGTRAQ_ID_LIST?, DIAGNOSIS?,
                    DIAGNOSIS_COMMENT?, CONSEQUENCE?,
                    CONSEQUENCE_COMMENT?, SOLUTION?, SOLUTION_COMMENT?,
                    COMPLIANCE?, CORRELATION?, RESULT?)>

<!ELEMENT INSTANCE (#PCDATA)>

 

Example:

 

 <INFO number="19129" severity="1">
     <TITLE><![CDATA[Oracle Authentication Method]]></TITLE>
     <LAST_UPDATE><![CDATA[2008-05-13T00:11:25Z]]></LAST_UPDATE>
     <PCI_FLAG>0</PCI_FLAG>
     <INSTANCE><![CDATA[Oracle9:ora9206p:1527]]></INSTANCE>
     <DIAGNOSIS><![CDATA[...]]></DIAGNOSIS>
     <CONSEQUENCE><![CDATA[N/A]]></CONSEQUENCE>
     <SOLUTION><![CDATA[N/A]]></SOLUTION>
     <RESULT><![CDATA[...]]></RESULT>
</INFO>

 

Changes to asset_data_report.dtd

A new optional XML child element <INSTANCE> has been added to the following XML parent element <VULN_INFO> as show below in this DTD update:

 

<!ELEMENT VULN_INFO (QID, TYPE, PORT?, SERVICE?, FQDN?, PROTOCOL?, SSL?,
                     INSTANCE?, RESULT?, FIRST_FOUND?, LAST_FOUND?,
                     TIMES_FOUND?, VULN_STATUS?, CVSS_FINAL?,
                     TICKET_NUMBER?, TICKET_STATE?)>
<!ELEMENT INSTANCE (#PCDATA)>

 

Example:

 

<VULN_INFO>
     <QID id="qid_19134">19134</QID>
     <TYPE>Vuln</TYPE>
     <PORT>1521</PORT>
     <SERVICE>oracle</SERVICE>
     <PROTOCOL>tcp</PROTOCOL>
     <SSL>false</SSL>
     <INSTANCE><![CDATA[Oracle9:ora9206p:1521]]></INSTANCE>
     <RESULT><![CDATA[...]]></RESULT>
     <FIRST_FOUND>2013-03-13T04:00:49Z</FIRST_FOUND>
     <LAST_FOUND>2013-03-18T21:46:33Z</LAST_FOUND>
     <TIMES_FOUND>5</TIMES_FOUND>
     <VULN_STATUS>Active</VULN_STATUS>
</VULN_INFO>

 

Changes to host_list_vm_detection_output.dtd

A new optional XML child element <INSTANCE> has been added to the following XML parent element <DETECTION> as show below in this DTD update:

 

<!ELEMENT DETECTION (QID, TYPE, PORT?, PROTOCOL?, FQDN?, SSL?, INSTANCE?,
                     RESULTS?, STATUS?, FIRST_FOUND_DATETIME?,
                     LAST_FOUND_DATETIME?, LAST_TEST_DATETIME?,
                     LAST_UPDATE_DATETIME?)>
<!ELEMENT INSTANCE (#PCDATA)>

 

Example:

 

<DETECTION>
          <QID>19134</QID>
          <TYPE>Confirmed</TYPE>
          <PORT>1521</PORT>
          <PROTOCOL>tcp</PROTOCOL>
          <SSL>0</SSL>
          <INSTANCE><![CDATA[Oracle9:ora9206p:1521]]></INSTANCE>
          <RESULTS><![CDATA[...]]></RESULTS>
          <STATUS>Active</STATUS>
          <FIRST_FOUND_DATETIME>2013-03-13T04:00:49Z</FIRST_FOUND_DATETIME>
          <LAST_FOUND_DATETIME>2013-03-15T20:00:35Z</LAST_FOUND_DATETIME>
          <LAST_TEST_DATETIME>2013-03-15T20:00:35Z</LAST_TEST_DATETIME>
          <LAST_UPDATE_DATETIME>2013-03-15T21:13:15Z</LAST_UPDATE_DATETIME>
</DETECTION>

Changes to get_host_info.dtd

A new optional XML child element <INSTANCE> has been added to the following XML parent element <VULNINFO> as show below in this DTD update:

 

<!ELEMENT VULNINFO (QID, SEVERITY_LEVEL, TITLE, VULN_STATUS?, CATEGORY?,
                    PORT?, SERVICE?, PROTOCOL?, INSTANCE?,
                    CVSS_SCORE?, FIRST_FOUND?, LAST_FOUND?,
                    TIMES_FOUND?, VENDOR_REFERENCE_LIST?, CVE_ID_LIST?,
                    BUGTRAQ_ID_LIST?, LAST_UPDATE?, DIAGNOSIS?,
                    DIAGNOSIS_COMMENT?, CONSEQUENCE?,
                    CONSEQUENCE_COMMENT?, SOLUTION?, SOLUTION_COMMENT?,
                    COMPLIANCE?, CORRELATION?, RESULT?)>
<!ELEMENT INSTANCE (#PCDATA)>

 

Example:

 

<VULNINFO>
          <QID><![CDATA[19134]]></QID>
          <SEVERITY_LEVEL><![CDATA[2]]></SEVERITY_LEVEL>
          <TITLE><![CDATA[Oracle Server Accounts With Passwords That Do Not Expire]]></TITLE>
          <VULN_STATUS><![CDATA[Active]]></VULN_STATUS>
          <CATEGORY><![CDATA[Database]]></CATEGORY>
          <PORT><![CDATA[1521]]></PORT>
          <SERVICE><![CDATA[oracle]]></SERVICE>
          <INSTANCE><![CDATA[Oracle9:ora9206p:1521]]></INSTANCE>
          <CVSS_SCORE>
                    <CVSS_BASE source="service"><![CDATA[6.8]]></CVSS_BASE>
                    <CVSS_TEMPORAL><![CDATA[5.8]]></CVSS_TEMPORAL>
          </CVSS_SCORE>
          <FIRST_FOUND><![CDATA[2013-03-13T04:00:49Z]]></FIRST_FOUND>
          <LAST_FOUND><![CDATA[2013-03-14T22:25:51Z]]></LAST_FOUND>
          <TIMES_FOUND><![CDATA[2]]></TIMES_FOUND>
          <LAST_UPDATE><![CDATA[2005-06-21T01:22:01Z]]></LAST_UPDATE>
          <DIAGNOSIS><![CDATA[...]]></DIAGNOSIS>
</VULNINFO>

Changes to ticket_list_output.dtd

A new optional XML child element <INSTANCE> has been added to the following XML parent element <DETECTION> as show below in this DTD update:

 

<!ELEMENT DETECTION (IP, DNSNAME?, NBHNAME?, PORT?, SERVICE?, PROTOCOL?,
                     FQDN?, SSL?, INSTANCE?)>
<!ELEMENT INSTANCE (#PCDATA)>

 

Example:

 

<DETECTION>
        <IP>10.10.25.232</IP>
        <DNSNAME><![CDATA[ora9206-25-232]]></DNSNAME>
        <NBHNAME><![CDATA[ORA9206-25-232]]></NBHNAME>
        <PORT>1527</PORT>
        <SERVICE>Database</SERVICE>
        <PROTOCOL>tcp</PROTOCOL>
        <INSTANCE><![CDATA[Oracle9:ora9206p:1527]]></INSTANCE>
</DETECTION>

A new release of QualysGuard, Version 7.8, will be available in production by the end of February 2013. The final date has not been determined yet, but this release contains changes to the APIs and DTDs that requires a 30-day notification. More information specific to this release, including the date of global availability, will be communicating 2 weeks before the release date via the Release Notification pages here:

 

This API notification provides an early preview into the coming API changes, allowing you to proactively figure out any changes that might be required for your automated scripts or programs that use the following functions or XML outputs:

  • Improvements of “VM Scan” API v1 for Asset Tag Selection

 

Warning: all the examples provided below use “qualysapi.qualys.com”. Replace this FQDN by the API server FQDN of your QualysGuard datacenter (for instance: “qualysapi.qualys.eu”).

 

Improvements of “VM Scan” API v1 for Asset Tag Selection

With QualysGuard 7.8, XML scan results show tags resolved to host assets when Asset Tagging is enabled for the subscription and a user runs a report using asset tags.

 

This XML output can be downloaded manually using the User Interface, or directly using the API "scan_report.php" and the DTD "scan-1.dtd" was updated:

  • New "<ASSET_TAG_LIST>" "<INCLUDED_TAGS> " "<EXCLUDED_TAGS>" and "<ASSET_TAGS>" XML parent elements have been introduced as shown in the example below:

 

 

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SCAN SYSTEM "https://qualysguard.qualys.com/scan-1.dtd">
 <SCAN value="scan/1358557999.1111"> 
 <HEADER>
  <KEY value="USERNAME">fnmet_ff</KEY>
  <KEY value="COMPANY"><![CDATA[FNJmeter]]></KEY>
  <KEY value="DATE">2013-01-19T01:15:17Z</KEY>
  <KEY value="TITLE"><![CDATA[EC2 Auth Scan]]></KEY>
  <KEY value="TARGET"><![CDATA[...]]></KEY>
  <KEY value="EXCLUDED_TARGET"><![CDATA[N/A]]></KEY>
  <KEY value="DURATION">00:05:17</KEY>
  <KEY value="SCAN_HOST">VPC0000-1 ...</KEY>
  <KEY value="NBHOST_ALIVE">3</KEY>
  <KEY value="NBHOST_TOTAL">8</KEY>
  <KEY value="REPORT_TYPE">On-demand EC2 (default option profile)</KEY>
  <KEY value="OPTIONS"><![CDATA[...]]></KEY>
  <KEY value="STATUS">FINISHED</KEY>
  <ASSET_TAG_LIST>
    <INCLUDED_TAGS scope="any">
      <ASSET_TAG><![CDATA[EC2 Scannable hosts ...]]></ASSET_TAG>
    </INCLUDED_TAGS>
    <EXCLUDED_TAGS scope="all">
      <ASSET_TAG><![CDATA[Ignore EC2 Assets Ta...]]></ASSET_TAG>
    </EXCLUDED_TAGS>
  </ASSET_TAG_LIST>
  <OPTION_PROFILE>
    <OPTION_PROFILE_TITLE option_profile_default="1"><![CDATA[Initial Options]]></OPTION_PROFILE_TITLE>
  </OPTION_PROFILE>
</HEADER>
[...]
</SCAN>

 

Full release notes will be available to customers from within the Resources section of your QualysGuard account.

A new release of QualysGuard, Version 7.7, will be available in production by the end of December 2012. The final date has not been determined yet, but this release contains changes to the APIs and DTDs that requires a 30-day notification. More information specific to this release, including the date of global availability, will be communicating 2 weeks before the release date via the Release Notification pages here:

 

This API notification provides an early preview into the coming API changes, allowing you to proactively figure out any changes that might be required for your automated scripts or programs that use the following functions or XML outputs:

  • Detailed Asset Tag Information added to XML Reports
  • Improvements of “PC Scan” API v2 for Asset Tag Selection
  • Support for Agentless Tracking added to “Scan Authentication” API v2

 

Warning: all the examples provided below use “qualysapi.qualys.com”. Replace this FQDN by the API server FQDN of your QualysGuard datacenter (for instance: “qualysapi.qualys.eu”).

 

Detailed Asset Tag Information Added to XML Reports

 

With QualysGuard 7.7, XML reports show tags resolved to host assets when a user runs a report using asset tags. The DTDs for these reports were updated:

 

  • "asset_data_report.dtd": Used for the automatic vulnerability reports generated in the XML format using the User Interface or the APIs "/api/2.0/fo/report/" and "/msp/asset_data_report.php"

New "<ASSET_TAG_LIST>" and "<ASSET_TAGS>" XML parent elements have been introduced as shown in the example below:

 

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE ASSET_DATA_REPORT SYSTEM "https://qualysguard.qualys.com/asset_data_report.dtd">
<ASSET_DATA_REPORT>
 <HEADER>
  [..]
  <TARGET>
   <ASSET_TAG_LIST>
    <INCLUDED_TAGS scope="any">
     <ASSET_TAG><![CDATA[Linux]]></ASSET_TAG>
     <ASSET_TAG><![CDATA[US]]></ASSET_TAG>
    </INCLUDED_TAGS>
    <EXCLUDED_TAGS scope="all">
     <ASSET_TAG><![CDATA[Redhat]]></ASSET_TAG>
     <ASSET_TAG><![CDATA[California]]></ASSET_TAG>
    </INCLUDED_TAGS>
   </ASSET_TAG_LIST>
  </TARGET>
 </HEADER>
 <HOST_LIST>
  <HOST>
   <IP>10.10.10.65</IP>
   <TRACKING_METHOD>IP</TRACKING_METHOD>
   <ASSET_TAGS>
    <ASSET_TAG><![CDATA[Linux]]></ASSET_TAG>
    <ASSET_TAG><![CDATA[Milwaukee]]></ASSET_TAG>
   </ASSET_TAGS>
   <DNS><![CDATA[krb5.corp1.corp.com]]></DNS>
   <OPERATING_SYSTEM><![CDATA[Debian Linux 4.0]]></OPERATING_SYSTEM>
   <OS_CPE><![CDATA[cpe:/o:debian:debian_linux:4.0:::]]></OS_CPE>
   <ASSET_GROUPS>[...]</ASSET_GROUPS>
   <VULN_INFO_LIST>
    <VULN_INFO>[...]</VULN_INFO>
   </VULN_INFO_LIST>
  </HOST>
  [...]
 </HOST_LIST>
</ASSET_DATA_REPORT>

 

  • "asset_search_report.dtd": Used for the XML Asset Search Report generated using the User Interface via "Asset > Asset Search" or using the API "/msp/asset_search.php"

New "<ASSET_TAGS>" and "<HOST_TAGS>" XML parent elements have been introduced as shown in the example below:

 

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE ASSET_SEARCH_REPORT SYSTEM "https://qualysguard.qualys.com/asset_search_report.dtd">
<ASSET_SEARCH_REPORT>
 <HEADER>
  <COMPANY>Qualys, Inc.</COMPANY>
  <USERNAME>Bill Smith</USERNAME>
  <GENERATION_DATETIME>2012-11-14T20:35:27Z</GENERATION_DATETIME>
  <FILTERS>
   <ASSET_TAGS>
    <INCLUDED_TAGS scope="any">
     <ASSET_TAG><![CDATA[US]]></ASSET_TAG>
    </INCLUDED_TAGS>
   </ASSET_TAGS>
  </FILTERS>
 </HEADER>
 <HOST_LIST>
  <HOST>
   <IP>10.10.10.65</IP>
   <HOST_TAGS>
    <![CDATA[10.10.10-network, Linux, Milwaukee, US;]]>
   </HOST_TAGS>
   <TRACKING_METHOD>IP</TRACKING_METHOD>
   <DNS><![CDATA[krb5.corp1.corp.com]]></DNS>
   <OPERATING_SYSTEM><![CDATA[Debian Linux 4.0]]></OPERATING_SYSTEM>
   <OS_CPE><![CDATA[cpe:/o:debian:debian_linux:4.0:::]]></OS_CPE>
   <LAST_SCAN_DATE>2012-11-12T21:50:51Z</LAST_SCAN_DATE>
  </HOST>
 </HOST_LIST>
 [...]
<ASSET_SEARCH_REPORT>

 

  • "compliance_authentication_report.dtd": Used for XML Policy Compliance Authentication Report generated via the API or using the "/api/2.0/fo/report/"

New "<ASSET_TAG_LIST>" XML parent elements have been introduced as shown in the example below:

 

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE COMPLIANCE_AUTHENTICATION_REPORT SYSTEM "https://qualysapi.qualys.com/compliance_authentication_report.dtd">
<COMPLIANCE_AUTHENTICATION_REPORT>
 <HEADER>
  <NAME><![CDATA[Authentication Report]]></NAME>
  <GENERATION_DATETIME>2012-11-14T00:47:04Z</GENERATION_DATETIME>
  <COMPANY_INFO>[...]</COMPANY_INFO>
  <USER_INFO>[...]</USER_INFO>
  <FILTERS>
   <ASSET_TAG_LIST>
    <INCLUDED_TAGS scope="any">
     <TAG_ITEM><![CDATA[24 Range -3 Ips]]></TAG_ITEM>
     <TAG_ITEM><![CDATA[2 IPs-24 range]]></TAG_ITEM>
     <TAG_ITEM><![CDATA[Windows XP tag]]></TAG_ITEM>
    </INCLUDED_TAGS>
    <EXCLUDED_TAGS scope="any">
     <TAG_ITEM><![CDATA[10.10.10.29]]></TAG_ITEM>
     <TAG_ITEM><![CDATA[29 and 54]]></TAG_ITEM>
     <TAG_ITEM><![CDATA[33]]></TAG_ITEM>
    </EXCLUDED_TAGS>
   </ASSET_TAG_LIST>
  </FILTERS>
 </HEADER>
 <ASSET_TAG_LIST>
  <ASSET_TAG>
   <INCLUDED_TAGS scope="any">
    <TAG_ITEM><![CDATA[2 IPs-24 range]]></TAG_ITEM>
    <TAG_ITEM><![CDATA[Windows XP tag]]></TAG_ITEM>
    <TAG_ITEM><![CDATA[24 Range -3 Ips]]></TAG_ITEM>
   </INCLUDED_TAGS>
   <EXCLUDED_TAGS scope="any">
    <TAG_ITEM><![CDATA[10.10.10.29]]></TAG_ITEM>
    <TAG_ITEM><![CDATA[29 and 54]]></TAG_ITEM>
    <TAG_ITEM><![CDATA[33]]></TAG_ITEM>
   </EXCLUDED_TAGS>
   <AUTH_PASSED>7</AUTH_PASSED>
   <AUTH_INSUFFICIENT>0</AUTH_INSUFFICIENT>
   <AUTH_TOTAL>7</AUTH_TOTAL>
   <PASSED_PERCENTAGE>100</PASSED_PERCENTAGE>
   <TECHNOLOGY_LIST>
    <TECHNOLOGY>
     <NAME><![CDATA[Windows]]></NAME>
     <HOST_LIST>[...]</HOST_LIST>
    </TECHNOLOGY>
    [...]
   </TECHNOLOGY_LIST>
  </ASSET_TAG>
 </ASSET_TAG_LIST>
</COMPLIANCE_AUTHENTICATION_REPORT>

 

Improvements of “PC Scan” API v2 for Asset Tag Selection

 

The API v2 "/api/2.0/fo/scan/compliance/" with "action=launch" allows users to launch compliance scans using asset tags.

 

QualysGuard 7.7 will now allows users to launch scans using more complex tag selections (match any tags, include and exclude tags) and launch scans on IPs defined in tags. Details about the new input parameters for asset tag selection are going to be provided in the release note and the update API v2 user guide the day of the release.

 

No change was made to the DTD.

 

Support for Agentless Tracking added to “Scan Authentication” API v2

 

The new "Agentless Tracking" feature allows customers to track hosts by host ID, instead of IP address (or DNS name or NetBIOS name). When enabled, the service tags target Windows and/or Unix hosts with a unique host ID during the scanning process and reports on the host ID for the current and future scans of the same host. This provides a scan option for customers who would like to scan systems with multiple IP addresses.

 

How it works: Once this feature enabled by the Manager primary contact of the subscription, users can select agentless tracking on a per scan basis by selecting this option in Windows and/or Unix authentication records. During the scanning process the service assigns a unique host ID to each target host, storing the host ID on the host’s local file system or registry. In future scans of the same host the service references the host ID and reports on it.

 

The following APIs were updated in this release:

  • Windows authentication API "/api/2.0/fo/auth/windows/" has new a input parameter to setup the Agentless Tracking feature and the DTD "auth_windows_list_output.dtd" has been updated with a new "<USE_AGENTLESS_TRACKING>" XML element as shown in the example below:

 

curl -n -H "X-Requested-With:curl" "https://qualysapi.qualys.com/api/2.0/fo/auth/windows/?action=list"

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_WINDOWS_LIST_OUTPUT SYSTEM "https://qualysapi.qualys.com/api/2.0/fo/auth/windows/auth_windows_list_output.dtd">
<AUTH_WINDOWS_LIST_OUTPUT>
 <REQUEST>
  [...]
 </REQUEST>
 <RESPONSE>
  <DATETIME>2012-11-14T20:55:53Z</DATETIME>
  <AUTH_WINDOWS_LIST>
   <AUTH_WINDOWS>
    <ID>35102</ID>
    <TITLE><![CDATA[Windows]]></TITLE>
    [...]
    <USE_AGENTLESS_TRACKING><![CDATA[1]]></USE_AGENTLESS_TRACKING>
   </AUTH_WINDOWS>
  </AUTH_WINDOWS_LIST>
 </RESPONSE>
</AUTH_WINDOWS_LIST_OUTPUT>

 

  • Unix authentication API "/api/2.0/fo/auth/unix/" has new a input parameter to setup the Agentless Tracking feature and the DTD "auth_windows_list_output.dtd" has been updated with a new "<USE_AGENTLESS_TRACKING>" and "<AGENTLESS_TRACKING_PATH>" XML elements as shown in the example below:

 

curl -n -H "X-Requested-With:curl" "https://qualysapi.qualys.com/api/2.0/fo/auth/unix/?action=list"

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_UNIX_LIST_OUTPUT SYSTEM "https://qualysapi.qualys.com/api/2.0/fo/auth/unix/auth_unix_list_output.dtd">
<AUTH_UNIX_LIST_OUTPUT>
 <REQUEST>
  [...]
 </REQUEST>
 <RESPONSE>
  <DATETIME>2012-11-14T19:57:57Z</DATETIME>
  <AUTH_UNIX_LIST>
   <AUTH_UNIX>
    <ID>35103</ID>
    <TITLE><![CDATA[Unix - Qualys Host ID]]></TITLE>
    [...]
    <USE_AGENTLESS_TRACKING><![CDATA[1]]></USE_AGENTLESS_TRACKING>
    <AGENTLESS_TRACKING_PATH><![CDATA[/tmp]]></AGENTLESS_TRACKING_PATH>
   </AUTH_UNIX>
  </AUTH_UNIX_LIST>
 </RESPONSE>
</AUTH_UNIX_LIST_OUTPUT>

 

Full release notes will be available to customers from within the Resources section of your QualysGuard account.


A new release of QualysGuard, Version 7.6, will be available in production on November 29, 2012. More information specific to this release, including the date of global availability, will be communicating via the Release Notification pages here:

 

This API notification provides an early preview into the coming API changes, allowing you to proactively figure out any changes that might be required for your automated scripts or programs that make API calls the following functions:

  • Update to “/api/2.0/fo/auth/db2/” API to support authenticated VM scans of IBM DB2 database

 

Warning: all the examples provided below use “qualysapi.qualys.com”. Replace this FQDN by the API server FQDN of your QualysGuard datacenter (for instance: “qualysapi.qualys.eu”).

 

Update to “/api/2.0/fo/auth/db2/” API to support authenticated VM scans of IBM DB2 database

A new request parameter for this API, called “pc_only” can be used to configure DB2 authentication records for PC scans only (pc_only=1) or for both PC and VM scans (pc_only=0).

 

Example: Create DB2 Record for Vulnerability Scans. The option "pc_only=0" is used.

 

 
$ curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d "action=create&title=NewDB2RecordWithAPI&username=administrator&ips=10.10.10.2&password=abc123&database=DB1&port=50000&pc_only=0" "https://qualysapi.qualys.com/api/2.0/fo/auth/ibm_db2/"

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "https://qualysapi.qualys.com/api/2.0/fo/auth/ibm_db2/batch_return.dtd">
<BATCH_RETURN>
 <RESPONSE>
  <DATETIME>2012-10-26T21:16:41Z</DATETIME>
  <BATCH_LIST>
   <BATCH>
    <TEXT>Successfully Created</TEXT>
    <ID_SET>
     <ID>30486</ID>
    </ID_SET>
   </BATCH>
  </BATCH_LIST>
 </RESPONSE>
</BATCH_RETURN>


 

 

Full release notes will be available to customers from within the Resources section of your QualysGuard account.

A new release of QualysGuard, Version 7.5, will be available in production by the end of October 2012. The final date has not been determined yet but this release contains changes to the API that requires a 30 day notification. More information specific to this release, including the date of global availability, will be communicating via the Release Notification pages here:

 

This API notification provides an early preview into the coming API changes, allowing you to proactively figure out any changes that might be required for your automated scripts or programs that make API calls the following functions:

  • New API to launch Policy Compliance scans: “/api/2.0/fo/scan/compliance/” with “action=launch
  • Update to “scan_list_output.dtd” DTD for XML output of the new “/api/2.0/fo/scan/compliance/?action=list” API request only
  • Update to Policy Compliance XML scan results with a new section to show scan authentication issues
  • Update to Policy Compliance XML reports generated with the UI or the API “/api/2.0/fo/report/?action=fetch”.  <HOST_STATISTICS> section now contains the Operating System information
  • Update to “/api/2.0/fo/auth/oracle” with a option to support “invPtrLoc” file path
  • Update to “/msp/ticket_edit.php” API with a new option to support reopen date
  • /msp/scheduled_scans.php” XML output updated to show continuous tasks

 

Warning: all the examples provided below use “qualysapi.qualys.com”. Replace this FQDN by the API server FQDN of your QualysGuard datacenter (for instance: “qualysapi.qualys.eu”).

 

New API to launch and manage Policy Compliance scans

 

QualysGuard 7.5 now includes a new API to manage Policy Compliance scans. This API includes 5 key functions:

  • Launch, to start a compliance scan
  • Pause, to pause a compliance scan
  • Resume, to resume a previously paused scan
  • List, to retrieve the list of compliance scans with their respective status, reference key, etc...
  • Fetch, to retrieve information for a specific compliance scan
  • Cancel, to cancel a compliance scan

 

The “New Scanner Services” is required for these API, please refer to the link here after for more information: https://discussions.qualys.com/docs/DOC-3695

 

A new DTD “compliance_scan_result_output.dtd” has been released.

 

Example: launch a new Policy Compliance scan:

HTTP POST is required for "action=launch"

 

 
$ curl -u "USER:PASSWORD" -H "X-Requested-With: curl" -X "POST" -d "action=launch&option_title=SCAN_OPTION_PROFILE_TITLE&ip=IP_ADDRESS&iscanner_name=SCANNER_APPLIANCE_NAME" "https://qualysapi.qualys.com/api/2.0/fo/scan/compliance/"

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "https://qualysapi.qualys.com/api/2.0/simple_return.dtd">
<SIMPLE_RETURN>
  <RESPONSE>
    <DATETIME>2012-09-17T18:55:29Z</DATETIME>
    <TEXT>New compliance scan launched</TEXT>
    <ITEM_LIST>
      <ITEM>
        <KEY>ID</KEY>
        <VALUE>3337xxx</VALUE>
      </ITEM>
      <ITEM>
        <KEY>REFERENCE</KEY>
        <VALUE>compliance/1347908128.37xxx</VALUE>
      </ITEM>
    </ITEM_LIST>
  </RESPONSE>
</SIMPLE_RETURN>

 

 

Update to “scan_list_output.dtd” DTD

 

This DTD describes the XML results of the existing “/api/2.0/fo/scan/?action=list” output and the new “/api/2.0/fo/scan/compliance/?action=list” output.

 

There is a new optional <ID> XML element which is only returned by the new “/api/2.0/fo/scan/compliance/” API.

 

The output of “/api/2.0/fo/scan/?action=list” has not been changed even if the XML output is described by the same DTD.

 

Example: list Policy Compliance scans:

 

 

$ curl -k -u "USER:PASSWORD" -H "X-Requested-With: curl" -X "POST" -d "action=list" "https://qualysapi.qualys.com/api/2.0/fo/scan/compliance/"

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SCAN_LIST_OUTPUT SYSTEM "https://qualysapi.qualys.com/api/2.0/fo/scan/scan_list_output.dtd">
<SCAN_LIST_OUTPUT>
  <RESPONSE>
    <DATETIME>2012-09-17T23:15:40Z</DATETIME>
    <SCAN_LIST>
      <SCAN>
        <ID>3337xxx</ID>
        <REF>compliance/1347920xxx.37xxx</REF>
        <TYPE>API</TYPE>
        <TITLE><![CDATA[N/A]]></TITLE>
        <USER_LOGIN>manager</USER_LOGIN>
        <LAUNCH_DATETIME>2012-09-17T22:26:00Z</LAUNCH_DATETIME>
        <STATUS>
          <STATE>Finished</STATE>
        </STATUS>
        <TARGET><![CDATA[10.10.10.29]]></TARGET>
      </SCAN>
      </SCAN_LIST>
  </RESPONSE>
</SCAN_LIST_OUTPUT>

 

Updates to “compliance_scan.dtd” and “compliance_scan_result_output.dtd” DTD to show host reasons for authentication issues

 

With QualysGuard 7.5, detailed reasons for authentication issues are returned in the policy compliance XML scan results downloaded with the UI (compliance_scan.dtd), and the policy compliance XML scan results downloaded with the API (compliance_scan_result_output.dtd) like in this example:

 

$ curl -k -u "USER:PASSWORD" -H "X-Requested-With: curl" -X "POST" "https://qualysapi.qualys.com/api/2.0/fo/scan/compliance/?action=fetch&scan_ref=compliance/1347909093.37xxx"

 

A new <AUTH_SCAN_ISSUES> XML section has been added and provides additional information when host authentication issues happened, including failed authentication or insufficient privileges.

 

Example:

 

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE COMPLIANCE_SCAN SYSTEM "https://qualysapi.qualys.com/compliance_scan.dtd">
<COMPLIANCE_SCAN>
          <HEADER>[...]</HEADER>
          <AUTH_SCAN_ISSUES>
                    <AUTH_SCAN_FAILED>
                              <HOST_INFO>
                                        <DNS><![CDATA[u-wxp-10-25]]></DNS>
                                        <IP><![CDATA[10.10.10.25]]></IP>
                                        <NETBIOS><![CDATA[U-WXP-10-25]]></NETBIOS>
                                        <INSTANCE><![CDATA[os]]></INSTANCE>
                                        <CAUSE><![CDATA[Unable to complete Windows login for host=10.10.10.25, user=Administrator, domain=, ntstatus=c000006d]]></CAUSE>
                              </HOST_INFO>
                              <HOST_INFO>
                                        <DNS><![CDATA[-]]></DNS>
                                        <IP><![CDATA[10.10.10.95]]></IP>
                                        <NETBIOS><![CDATA[-]]></NETBIOS>
                                        <INSTANCE><![CDATA[os]]></INSTANCE>
                                        <CAUSE><![CDATA[Unable to complete login for host=10.10.10.95, user=root]]></CAUSE>
                              </HOST_INFO>
                    </AUTH_SCAN_FAILED>
                    <AUTH_SCAN_INSUFFICIENT>
                              <HOST_INFO>
                                        <DNS><![CDATA[cisco2600.corp.com]]></DNS>
                                        <IP><![CDATA[10.10.10.101]]></IP>
                                        <NETBIOS><![CDATA[-]]></NETBIOS>
                                        <INSTANCE><![CDATA[os]]></INSTANCE>
                                        <CAUSE><![CDATA[Insufficient privileges]]></CAUSE>
                              </HOST_INFO>
                    </AUTH_SCAN_INSUFFICIENT>
          </AUTH_SCAN_ISSUES>
          <APPENDIX>[...]</APPENDIX>
</COMPLIANCE_SCAN>

 

 

Update to “compliance_policy_report.dtd” DTD to add Operating System informatio to Policy Compliance XML reports

 

The policy compliance reports returned in XML are now displaying a new <OPERATING_SYSTEM> XML element for each host lke in this example:

 

$ curl -k -u "USER:PASSWORD" -H "X-Requested-With: curl" "https://qualysapi.qualys.com/api/2.0/fo/report/?action=fetch&id=320xxx"

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE COMPLIANCE_POLICY_REPORT SYSTEM "https://qualysguard.qualys.com/compliance_policy_report.dtd">
<COMPLIANCE_POLICY_REPORT>
  <HEADER>...</HEADER>
  <SUMMARY>
    <TOTAL_ASSETS>14</TOTAL_ASSETS>
    <TOTAL_CONTROLS>20</TOTAL_CONTROLS>
    <CONTROL_INSTANCES>...</CONTROL_INSTANCES>
    <HOST_STATISTICS>
      <HOST_INFO>
        <IP><![CDATA[10.10.10.29]]></IP>
        <DNS><![CDATA[xpsp3-10-29.patch.ad.corp.com]]></DNS>
        <NETBIOS><![CDATA[XPSP3-10-29]]></NETBIOS>
        <OPERATING_SYSTEM><![CDATA[Windows XP Service Pack 3]]></OPERATING_SYSTEM>
        <LAST_SCAN_DATE><![CDATA[2012-08-09T23:00:59Z]]></LAST_SCAN_DATE>
        <PERCENTAGE>66.67% (4 of 6)</PERCENTAGE>
      </HOST_INFO>
    </HOST_STATISTICS>
  </SUMMARY>
  [...]
</COMPLIANCE_POLICY_REPORT>

 

“/api/2.0/fo/auth/oracle” option to support “invPtrLoc”

 

QualysGuard 7.5 supports the “invPtrLoc” parameter for OPatch detections. This parameter identifies the location of the oraInst.loc file. Using this parameter allows users to identify a custom inventory for patches.

 

Using the “Oracle authentication” API v2 (/api/2.0/fo/auth/oracle/), users have the option to define the “invPtrLoc” parameter when creating and editing Oracle records.

 

$ curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d
       "action=create&title=TITLE&
       username=USERNAME&password=PASSWORD&
       ips=10.10.10.5&
       sid=SID_NAME&
       perform_unix_os_checks=1&
       perform_unix_opatch_checks=1&
       [...]
       unix_invptrloc=/usr/opt/oracle/network/admin/tnsnames.ora"
       "https://qualysapi.qualys.com/api/2.0/fo/auth/oracle/" 

 

When defined for an Oracle record, this parameter is included in the Oracle authentication records list. The “auth_oracle_list_output.dtd” DTD has been updated.

 

$ curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" "https://qualysapi.qualys.com/api/2.0/fo/auth/oracle/?action=list"

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_ORACLE_LIST_OUTPUT SYSTEM "https://qualysapi.qualys.com/api/2.0/fo/auth/oracle/auth_oracle_list_output.dtd">
<AUTH_ORACLE_LIST_OUTPUT>
     <RESPONSE>
          <DATETIME>2012-09-17T17:38:06Z</DATETIME>
          <AUTH_ORACLE_LIST>
               <AUTH_ORACLE>
                    <ID>34xxx</ID>
                    <TITLE>TITLE</TITLE>
                    <USERNAME><![CDATA[oracle_user]]></USERNAME>
                    <SID><![CDATA[oraInst]]></SID>
                    <PORT>All</PORT>
                    <IP_SET>[...]</IP_SET>
                    <WINDOWS_OS_CHECKS>0</WINDOWS_OS_CHECKS>
                    <UNIX_OPATCH_CHECKS>1</UNIX_OPATCH_CHECKS>
                    <UNIX_OS_CHECKS>1</UNIX_OS_CHECKS>
                    <UNIX_OS_OPTIONS>
                         [...]
                         <UNIX_INVPTRLOC_PATH><![CDATA[/usr/opt/oracle/network/admin/oraInst.loc]]></UNIX_INVPTRLOC_PATH>
                    </UNIX_OS_OPTIONS>
                    <CREATED>[...]</CREATED>
                    <LAST_MODIFIED>[...]</LAST_MODIFIED>
                    <COMMENTS>[...]</COMMENTS>
               </AUTH_ORACLE>
          </AUTH_ORACLE_LIST>
     </RESPONSE>
</AUTH_ORACLE_LIST_OUTPUT>

 

“/msp/ticket_edit.php” new option to support “reopen” date

 

The “/msp/ticket_edit.php” function supports a new parameter “reopen_ignored_days” which may be specified to automatically reopen Closed/Ignored tickets in a set number of days. This new parameter was added to the XML output and the “ticket_edit_output.dtd” DTD was updated.

 

$ curl -u USERNAME:PASSWORD -H "X-Requested-With: Curl" "https://qualysapi.qualys.com/msp/ticket_edit.php?ticket_numbers=907xx&reopen_ignored_days=30"

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE TICKET_EDIT_OUTPUT SYSTEM "https://qualysapi.qualys.com/ticket_edit_output.dtd">
<TICKET_EDIT_OUTPUT>
     <HEADER>
          <USER_LOGIN>qualys_user</USER_LOGIN>
          <COMPANY><![CDATA[Qualys]]></COMPANY>
          <DATETIME>2012-09-17T10:33:53Z</DATETIME>
          <UPDATE>
               <REOPEN_IGNORED_DAYS>30</REOPEN_IGNORED_DAYS>
          </UPDATE>
          <WHERE>
               <TICKET_NUMBERS>90783</TICKET_NUMBERS>
          </WHERE>
     </HEADER>
</TICKET_EDIT_OUTPUT>

 

“/msp/scheduled_scans.php” XML output updated to show continuous tasks

 

QualysGuard 7.5 supports a new type of scheduled scan, also called “continuous scanning”. When a scheduled task is configured as a continuous scan, a new instance of a scan is launched right after the previous instanced is finished. The XML output of “/msp/scheduled_scan.php” has been updated with a new <RELAUNCH_ON_FINISH> XML element and the “scheduled_scans.dtd" has been updated.

 

$ curl -u "USER:PASSWORD" -H "X-Requested-With: curl" "https://qualysapi.qualys.com/msp/scheduled_scans.php"

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE SCHEDULEDSCANS SYSTEM "https://qualysapi.qualys.com/scheduled_scans.dtd">
<SCHEDULEDSCANS>
     <SCAN active="no" ref="647xx">
          <TITLE><![CDATA[TITLE]]></TITLE>
          <TARGETS>[...]</TARGETS>
          <SCHEDULE>
               <RELAUNCH_ON_FINISH />
               <START_DATE_UTC>2012-09-17T18:35:00</START_DATE_UTC>
               <START_HOUR>11</START_HOUR>
               <START_MINUTE>35</START_MINUTE>
               <TIME_ZONE>[...]</TIME_ZONE>
               <DST_SELECTED>1</DST_SELECTED>
          </SCHEDULE>
          [...]
</SCAN>
</SCHEDULEDSCANS>

 

 

 

Full release notes will be available to customers from within the Resources section of your QualysGuard account.


On September 29, 2012, the old URL https://qualysapi.qualys.de will no longer be available for API access to the QualysGuard Cloud Platform located in Europe.


As part of our move to migrate the datacenter from Frankfurt, Germany to Geneva, Switzerland  in March 2010, the new URL https://qualysapi.qualys.eu was enabled as communicated in the migration plan.

 

For your convenience, here are the notifications we sent.
November 2009:
http://notifications.qualys.com/content/EU_Platform, and
February 2010:
http://notifications.qualys.com/content/EU_move

 

What is going to happen after the 29th of September 2012 if “qualys.de” URL are still used?

After the 29th of September 2012, API scripts that are still using "https://qualysapi.qualys.de" URLs may not be able to access your QualysGuard data, or may experience SSL errors as the SSL certificates for qualys.de URLs are due to expire.

 

What is the correct URLs?

All API scripts and API connectors must use https://qualysapi.qualys.eu

 

Note: For user acess please refer to The specified item was not found.

 

What actions should be taken?

    Update: An incorrect version of this notification was posted by mistake last week. We apologize for the confusion, and you will find below the correct version that reflects the availability date for this release.


    A new release of QualysGuard, Version 7.4, will be available in production on September 5th in the US datacenter, and on September 11th in the EU datacenter. More information specific to this release are communicating via the Release Notification pages here:

     

    This API notification provides an early preview into the coming API changes, allowing you to proactively figure out any changes that might be required for your automated scripts or programs that make API calls the following functions:

    • New "show_pci_flag=1" parameter for "https://[QUALYSAPISERVER]/msp/knowledgebase_download.php" to return reasons for PCI Compliance Status.
    • New "show_pci_reasons=1" parameter for "https://[QUALYSAPISERVER]/api/2.0/fo/knowledge_base/vuln/" to return reasons for PCI Compliance Status.
    • New "action=edit" parameter for "https://[QUALYSAPISERVER]/api/2.0/fo/auth/vmware/" to create and edit VMWare authentication records.
    • New "Error" value for "<STATUS>" for "https://[QUALYSAPISERVER]/compliance/posture/info/?action=list" to report control with error status.
    • New API function to list PC/FDCC policies: "https://[QUALYSAPISERVER]/api/2.0/fo/compliance/fdcc_policy/?action=list".

     

    Changes to "/msp/knowledgebase_download.php"

    With QualysGuard 7.4 the reasons for passing or failing PCI compliance have been added to the KnowledgeBase for vulnerabilities that are impacted by PCI compliance requirements, as defined by the PCI Council. QualysGuard is compliant with the requirements in the PCI ASV Program Guide.

     

    Requests to the following API "/msp/knowledgebase_download.php?show_pci_flag=1" now returns in the XML output new XML elements that provide details about the PCI complinace requirements for each vulneraiblity like in this example:

     

    $ curl -u "LOGIN:PASSWORD" "https://qualysapi.qualys.com/msp/knowledgebase_download.php?show_pci_flag=1"
    [...]
    <VULN>
        <QID>155754</QID>
        <VULN_TYPE>Vulnerability</VULN_TYPE>
        <SEVERITY_LEVEL>4</SEVERITY_LEVEL>
        <TITLE><![CDATA[Oracle Enterprise Linux Update for Kernel (ELSA-2009-1541)]]></TITLE>
        <CATEGORY>OEL</CATEGORY>
         [...]
        <CVSS_BASE>6.9</CVSS_BASE>
        <CVSS_TEMPORAL>5.4</CVSS_TEMPORAL>
        <PCI_FLAG>1</PCI_FLAG>
        <PCI_REASONS>
          <PCI_REASON>CVSS basescore of 4.0 or greater results in an automatic failure.</PCI_REASON>
        </PCI_REASONS>
    </VULN>
    [...]
    

     

    The DTD "knowledgebase_download.dtd" has been updated with the new XML elements <PCI_REASONS> and <PCI_REASON>.

     

    Changes to "/api/2.0/fo/knowledge_base/vuln/"

    For the same reasons than above, a new parameter "show_pci_reasons=1" has been added to "/api/2.0/fo/knowledge_base/vuln/" to return reasons for PCI Compliance Status.

    Example:

     

    $ curl -u "LOGIN:PASSWORD" -H "X-Requested-With: curl" "https://qualysapi.qualys.com/api/2.0/fo/knowledge_base/vuln/?show_pci_reasons=1"
    [...]
          <VULN>
            <QID>155754</QID>
            <VULN_TYPE>Vulnerability</VULN_TYPE>
            <SEVERITY_LEVEL>4</SEVERITY_LEVEL>
            <TITLE><![CDATA[Oracle Enterprise Linux Update for Kernel (ELSA-2009-1541)]]></TITLE>
    [...]        <PCI_FLAG>1</PCI_FLAG>
            <PCI_REASONS>
              <PCI_REASON>CVSS basescore of 4.0 or greater results in an automatic failure.</PCI_REASON>
            </PCI_REASONS>
    [...]
          </VULN>
    [...]
    

     

    The DTD "knowledge_base_vuln_list_output.dtd" has been updated with the new XML elements <PCI_REASONS> and <PCI_REASON>.

     

    Changes to "/api/2.0/fo/auth/vmware/"

    The new parameter "action=edit" can now be used with "/api/2.0/fo/auth/vmware/" to create and edit VMWare authentication records like in this example:

     

    $ curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d "action=create&title=NewVMwareRecordWithAPI&username=USERNAME&password=PASSWORD&ips=10.10.10.2-10.10.10.4" "https://prod01.qa.qualys.com/api/2.0/fo/auth/vmware/"
    [...]
             <RESPONSE>
               <DATETIME>2012-02-03T21:16:41Z</DATETIME>
               <BATCH_LIST>
                 <BATCH>
                   <TEXT>Successfully Created</TEXT>
                   <ID_SET>
                     <ID>30486</ID>
                   </ID_SET>
                 </BATCH>
               </BATCH_LIST>
             </RESPONSE>
    [...]
    

     

    There is no DTD change.

     

    Changes to "/compliance/posture/info/"

    To reflect the changes of the UI, a new "Error" value of the "<STATUS>" XML element can be returned in the output of the API "/compliance/posture/info/?action=list" like in this example:

     

     

    $ curl -u USERNAME:PASSWORD -H "X-Requested-With: Curl" "https://qualysapi.qualys.com/api/2.0/fo/compliance/posture/info/?action=list&policy_id=10299"
    [...]
          <INFO>
            <ID>1626484</ID>
            <HOST_ID>2139743</HOST_ID>
            <CONTROL_ID>3777</CONTROL_ID>
            <TECHNOLOGY_ID>2</TECHNOLOGY_ID>
            <STATUS>Error</STATUS>
          </INFO>
    [...]
    

     

    There is no DTD change.

     

    New "/api/2.0/fo/compliance/fdcc_policy/"

    The new FDCC policy list API "/api/2.0/fo/compliance/fdcc_policy/?action=list" is used to obtain a list of the FDCC policies in the user’s account. This function can be used in conjunction with the Cyberscope API to generate reports based on specific FDCC policies.

    Example:

     

    curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" "https://qualysapi.qualys.com/api/2.0/fo/compliance/fdcc_policy/?action=list&details=All"
    [...]
    <?xml version="1.0" encoding="UTF-8" ?>
    <!DOCTYPE POLICY_LIST_OUTPUT SYSTEM "https://qualysapi.qualys.com/api/2.0/fo/compliance/fdcc_policy/fdcc_policy_list_output.dtd">
    <FDCC_POLICY_LIST_OUTPUT>
              <RESPONSE>
                        <DATETIME>2012-07-19T22:10:16Z</DATETIME>
                        <FDCC_POLICY_LIST>
                                  <FDCC_POLICY>
                                            <ID>10235</ID>
                                            [...]
                                  </FDCC_POLICY>
                        </FDCC_POLICY_LIST>
              </RESPONSE>
    </FDCC_POLICY_LIST_OUTPUT>
    [...]
    

     

    A new DTD "fdcc_policy_list_output.dtd" has been published.

     

    Additions to Policy Report XML - Host Last Scan Date and Error Posture Status

    The compliance policy report can be downloaded using: a) the QualysGuard user interface, and b) the report share API v2 (/api/2.0/fo/report/?action=fetch). The policy report XML output uses the posture_info_list_output.dtd.

     

    For the 7.4 release, the policy report XML output has these enhancements:

    • New “Last scan date” for each host in the report.
    • New Error posture status for user defined controls, reported in cases where evaluation errors occur at scan time.

     

    Example:

     

    [...]
    <COMPLIANCE_POLICY_REPORT>
              [...]
              <HOST_LIST>
                        <HOST>
                                  <TRACKING_METHOD><![CDATA[IP]]></TRACKING_METHOD>
                                  <IP><![CDATA[10.10.10.92]]></IP>
                                  [...]
                                  <LAST_SCAN_DATE>2012-07-30T23:36:48Z</LAST_SCAN_DATE>
                                  [...]
                                  <TOTAL_ERROR>0</TOTAL_ERROR>
                                  <CONTROL_LIST>
                                            <CONTROL>
                                            [...]
                                            </CONTROL>
                                  </CONTROL_LIST>
                        </HOST>
              </HOST_LIST>
    </COMPLIANCE_POLICY_REPORT>
    
    

     

    The DTD posture_info_list_output.dtd has been updated with the XML elements <LAST_SCAN_DATE> and <TOTAL_ERROR>

     

    Full release notes will be available to customers from within the Resources section of your QualysGuard account.

    A new release of QualysGuard®, Version 7.3, will be available in production the second half of July 2012. More information specific to this release will be communicating via the Release Notification page here:

     

    This notification provides an early preview of the API enhancements for QualysGuard 7.3, allowing you to make any changes to automated scripts or code that utilize the following APIs:

    • https://[QUALYSAPISERVER]/api/2.0/fo/appliance/

     

    Table of content:

    Enhancements to "appliance" API v2

    The “appliance” API v2 (/api/2.0/fo/appliance/), which returns configuration information about the virtual and physical scanner appliances associated with a QualysGuard subscription, has been updated to return the same set of information already available from within the QualysGuard User Interface. In QualysGuard 7.3, when the parameter "output_mode=full" is provided, the output of the “appliance” API will return the following new information:

     

     

     

    XML ElementStatusComments and references to screenshots
    /IDNOT CHANGEDNot displayed in the UI, this is the ID of the QualysGuard object in the database
    /NAMENOT CHANGEDG1
    /SOFTWARE_VERSIONNOT CHANGEDV10
    /RUNNING_SCAN_COUNTNOT CHANGED
    /STATUSNOT CHANGEDG6
    /MODEL_NUMBERNOT CHANGEDG2
    /SERIAL_NUMBERNOT CHANGEDG3
    /LAN_IP_ADDRESSREPLACED by /INTERFACE_SETTINGS/
    INTERFACE=lan/IP_ADDRESS

    /LAN_IPV6_ADDRESSREPLACED by /INTERFACE_SETTINGS/
    INTERFACE=lan/IPV6_ADDRESS

    /WAN_IP_ADDRESSREPLACED by /INTERFACE_SETTINGS/
    INTERFACE=wan/IP_ADDRESS

    /ML_LATESTNEWV5
    /ML_VERSIONUPDATED: new "updated" attribute V4 and V6
    /VULNSIGS_LATESTNEWV2
    /VULNSIGS_VERSIONUPDATED: new "updated" attribute V1 and V3
    /ASSET_GROUP_COUNTNOT CHANGED
    /LAST_UPDATED_DATENOT CHANGEDV9
    /POLLING_INTERVALNOT CHANGEDG4
    /VLAN_ENABLEDREPLACED by /VLANS/SETTING=Enabled
    /FDCC_ENABLEDNOT CHANGEDSO1
    /UPDATEDNOT CHANGED
    /RUNNING_SCANSNOT CHANGED
    /ACTIVATION_CODENEW
    /INTERFACE_SETTINGSNEW
    /INTERFACE_SETTINGS/SETTINGNEWvalue is "disabled" (W1) or not displayed if "enabled"
    /INTERFACE_SETTINGS/INTERFACENEWvalue is "lan" or "wan"
    /INTERFACE_SETTINGS/IP_ADDRESSNEWL4 or W5
    /INTERFACE_SETTINGS/NETMASKNEWL5 or W6
    /INTERFACE_SETTINGS/GATEWAYNEWL6 or W7
    /INTERFACE_SETTINGS/LEASENEWL1 (Static) or W2 (Dynamic for DHCP)
    /INTERFACE_SETTINGS/IPV6_ADDRESSNEWL7
    /INTERFACE_SETTINGS/SPEEDNEWL3 or W4
    /INTERFACE_SETTINGS/DUPLEXNEWL2 or W3
    /INTERFACE_SETTINGS/DNSNEW
    /INTERFACE_SETTINGS/DNS/DOMAINNEWL8
    /INTERFACE_SETTINGS/DNS/PRIMARYNEWL9 or W8
    /INTERFACE_SETTINGS/DNS/SECONDARYNEWL10 or W9
    /PROXY_SETTINGSNEW
    /PROXY_SETTINGS/SETTINGNEWP1
    /PROXY_SETTINGS/PROXYNEW
    /PROXY_SETTINGS/PROXY/TYPENEWvalue is "primary" or "secondary"
    /PROXY_SETTINGS/PROXY/IP_ADDRESSNEWP2 or P3
    /PROXY_SETTINGS/PROXY/PORTNEWP4 or P5
    /PROXY_SETTINGS/PROXY/USERNEWP6 or P7
    /VLANSNEW
    /VLANS/SETTINGNEWvalue is "enabled" or "disabled"
    /VLANS/VLANNEW
    /VLANS/VLAN/IDNEWV3
    /VLANS/VLAN/NAMENEWV4
    /VLANS/VLAN/IP_ADDRESSNEWV1
    /VLANS/VLAN/NETMASKNEWV2
    /STATIC_ROUTESNEW
    /STATIC_ROUTES/ROUTENEW
    /STATIC_ROUTES/ROUTE/NAMENEWSR3
    /STATIC_ROUTES/ROUTE/IP_ADDRESSNEWSR2
    /STATIC_ROUTES/ROUTE/NETMASKNEWSR2
    /STATIC_ROUTES/ROUTE/GATEWAYNEWSR1
    /ASSET_GROUP_LISTNEW
    /ASSET_GROUP_LIST/ASSET_GROUPNEW
    /ASSET_GROUP_LIST/ASSET_GROUP/IDNEW
    /ASSET_GROUP_LIST/ASSET_GROUP/NAMENEWAG1
    /USER_LOGINNEWG5
    /HEARTBEATS_MISSEDNEWG7
    /SS_CONNECTIONNEWV11
    /SS_LAST_CONNECTEDNEWV12
    /USER_LISTNEW
    /USER_LIST/USER_ACCOUNTNEW
    /USER_LIST/USER_ACCOUNT/IDNEWU1
    /USER_LIST/USER_ACCOUNT/NAMENEWU1
    /COMMENTSNEWC1

     

    The following screenshots of Scanner Appliance UI page contain the references to the XML elements presented above. This is provided to help to understand the signification of the XML elements returned in the appliance API output.

    Screen Shot 2012-06-14 at 18.46.34 .pngScreen Shot 2012-06-14 at 18.46.39 .png

    Screen Shot 2012-06-14 at 18.46.45 .pngScreen Shot 2012-06-14 at 18.46.53 .png

    Screen Shot 2012-06-14 at 18.46.59 .pngScreen Shot 2012-06-14 at 18.47.05 .png

    Screen Shot 2012-06-14 at 18.47.13 .pngScreen Shot 2012-06-14 at 18.47.18 .png

    Screen Shot 2012-06-14 at 18.47.24 .pngScreen Shot 2012-06-14 at 18.47.32 .png

    Screen Shot 2012-06-14 at 18.47.41 .png

     

    Preview of the new DTD

     

    <!-- QUALYS APPLIANCE_LIST_OUTPUT DTD -->
    <!-- $Revision$ -->
    <!ELEMENT APPLIANCE_LIST_OUTPUT (REQUEST?,RESPONSE)>
    
    
    <!ELEMENT REQUEST (DATETIME, USER_LOGIN, RESOURCE, PARAM_LIST?, POST_DATA?)>
    <!ELEMENT DATETIME (#PCDATA)>
    <!ELEMENT USER_LOGIN (#PCDATA)>
    <!ELEMENT RESOURCE (#PCDATA)>
    <!ELEMENT PARAM_LIST (PARAM+)>
    <!ELEMENT PARAM (KEY, VALUE)>
    <!ELEMENT KEY (#PCDATA)>
    <!ELEMENT VALUE (#PCDATA)>
    <!-- if returned, POST_DATA will be urlencoded -->
    <!ELEMENT POST_DATA (#PCDATA)>
    
    
    <!ELEMENT RESPONSE (DATETIME, APPLIANCE_LIST?)>
    <!ELEMENT APPLIANCE_LIST (APPLIANCE+)>
    <!ELEMENT APPLIANCE (ID, NAME, SOFTWARE_VERSION, RUNNING_SCAN_COUNT, STATUS, MODEL_NUMBER?, SERIAL_NUMBER?, ACTIVATION_CODE?, INTERFACE_SETTINGS*, PROXY_SETTINGS?, VLANS?, STATIC_ROUTES?, ML_LATEST?, ML_VERSION?, VULNSIGS_LATEST?, VULNSIGS_VERSION?, ASSET_GROUP_COUNT?, ASSET_GROUP_LIST?, LAST_UPDATED_DATE?, POLLING_INTERVAL?, USER_LOGIN?, HEARTBEATS_MISSED?, SS_CONNECTION?, SS_LAST_CONNECTED?, FDCC_ENABLED?, USER_LIST?, UPDATED?, COMMENTS?, RUNNING_SCANS?)>
    <!ELEMENT ID (#PCDATA)>
    <!ELEMENT NAME  (#PCDATA)>
    <!ELEMENT SOFTWARE_VERSION (#PCDATA)>
    <!ELEMENT RUNNING_SCAN_COUNT (#PCDATA)>
    <!ELEMENT STATUS (#PCDATA)>
    <!ELEMENT MODEL_NUMBER (#PCDATA)>
    <!ELEMENT SERIAL_NUMBER (#PCDATA)>
    <!ELEMENT ACTIVATION_CODE (#PCDATA)>
    <!ELEMENT INTERFACE_SETTINGS (SETTING?, INTERFACE, IP_ADDRESS, NETMASK, GATEWAY, LEASE, IPV6_ADDRESS?, SPEED, DUPLEX, DNS)>
    <!ELEMENT SETTING (#PCDATA)>
    <!ELEMENT INTERFACE (#PCDATA)>
    <!ELEMENT IP_ADDRESS (#PCDATA)>
    <!ELEMENT NETMASK (#PCDATA)>
    <!ELEMENT GATEWAY (#PCDATA)>
    <!ELEMENT LEASE (#PCDATA)>
    <!ELEMENT IPV6_ADDRESS (#PCDATA)>
    <!ELEMENT SPEED (#PCDATA)>
    <!ELEMENT DUPLEX (#PCDATA)>
    <!ELEMENT DNS (DOMAIN?, PRIMARY, SECONDARY)>
    <!ELEMENT DOMAIN (#PCDATA)>
    <!ELEMENT PRIMARY (#PCDATA)>
    <!ELEMENT SECONDARY (#PCDATA)>
    <!ELEMENT PROXY_SETTINGS (SETTING, PROXY*)>
    <!ELEMENT PROXY (TYPE, IP_ADDRESS, PORT, USER)>
    <!ELEMENT TYPE (#PCDATA)>
    <!ELEMENT PORT (#PCDATA)>
    <!ELEMENT USER (#PCDATA)>
    <!ELEMENT VLANS (SETTING, VLAN*)>
    <!ELEMENT STATIC_ROUTES (ROUTE*)>
    <!ELEMENT ROUTE (NAME, IP_ADDRESS, NETMASK, GATEWAY)>
    <!ELEMENT VLAN (ID, NAME, IP_ADDRESS, NETMASK)>
    <!ELEMENT ML_LATEST (#PCDATA)>
    <!ELEMENT ML_VERSION (#PCDATA)>
    <!ATTLIST ML_VERSION updated CDATA #IMPLIED>
    <!ELEMENT VULNSIGS_LATEST (#PCDATA)>
    <!ELEMENT VULNSIGS_VERSION (#PCDATA)>
    <!ATTLIST VULNSIGS_VERSION updated CDATA #IMPLIED>
    <!ELEMENT ASSET_GROUP_COUNT (#PCDATA)>
    <!ELEMENT ASSET_GROUP_LIST (ASSET_GROUP*)>
    <!ELEMENT ASSET_GROUP (ID, NAME)>
    <!ELEMENT LAST_UPDATED_DATE (#PCDATA)>
    <!ELEMENT POLLING_INTERVAL (#PCDATA)>
    <!ELEMENT HEARTBEATS_MISSED (#PCDATA)>
    <!ELEMENT SS_CONNECTION (#PCDATA)>
    <!ELEMENT SS_LAST_CONNECTED (#PCDATA)>
    <!ELEMENT FDCC_ENABLED (#PCDATA)>
    <!ELEMENT RUNNING_SCANS (SCAN+)>
    <!ELEMENT SCAN (ID, TITLE, REF, TYPE, SCAN_DATE)>
    <!ELEMENT TITLE (#PCDATA)>
    <!ELEMENT REF (#PCDATA)>
    <!ELEMENT SCAN_DATE (#PCDATA)>
    <!ELEMENT USER_LIST (USER_ACCOUNT*)>
    <!ELEMENT USER_ACCOUNT (ID, NAME)>
    <!ELEMENT UPDATED (#PCDATA)>
    <!ELEMENT COMMENTS (#PCDATA)>
    
    <!-- EOF -->
    
    

     

    Example of the XML output

     

    $ curl -u "PASS:PASSWORD" -H "X-Requested-With: curl" "https://qualysapi.qualys.com/api/2.0/fo/appliance/?action=list&output-mode=full"
    
    <?xml version="1.0" encoding="UTF-8" ?>
    <!DOCTYPE APPLIANCE_LIST_OUTPUT SYSTEM "https://web4.dev.qualys.com:23443/api/2.0/fo/appliance/appliance_list_output.dtd">
    <APPLIANCE_LIST_OUTPUT>
      <RESPONSE>
        <DATETIME>2012-06-13T07:23:49Z</DATETIME>
        <APPLIANCE_LIST>
          <APPLIANCE>
            <ID>248</ID>
            <NAME>is_quays_ra2</NAME>
            <SOFTWARE_VERSION>2.6</SOFTWARE_VERSION>
            <RUNNING_SCAN_COUNT>0</RUNNING_SCAN_COUNT>
            <STATUS>Online</STATUS>
            <MODEL_NUMBER>QGSA-0000-A1</MODEL_NUMBER>
            <SERIAL_NUMBER>0</SERIAL_NUMBER>
            <ACTIVATION_CODE>10148009490167</ACTIVATION_CODE>
            <INTERFACE_SETTINGS>
              <INTERFACE>lan</INTERFACE>
              <IP_ADDRESS>10.40.1.86</IP_ADDRESS>
              <NETMASK>255.255.255.0</NETMASK>
              <GATEWAY>10.40.1.1</GATEWAY>
              <LEASE>Static</LEASE>
              <IPV6_ADDRESS></IPV6_ADDRESS>
              <SPEED>100</SPEED>
              <DUPLEX>Full</DUPLEX>
              <DNS>
                <DOMAIN>ina.hole</DOMAIN>
                <PRIMARY>10.100.1.21</PRIMARY>
                <SECONDARY>10.100.1.22</SECONDARY>
              </DNS>
            </INTERFACE_SETTINGS>
            <INTERFACE_SETTINGS>
              <SETTING>Disabled</SETTING>
              <INTERFACE>wan</INTERFACE>
              <IP_ADDRESS></IP_ADDRESS>
              <NETMASK>255.255.255.0</NETMASK>
              <GATEWAY>127.0.0.1</GATEWAY>
              <LEASE>Dynamic</LEASE>
              <SPEED>10</SPEED>
              <DUPLEX>Half</DUPLEX>
              <DNS>
                <PRIMARY>0.0.0.0</PRIMARY>
                <SECONDARY>0.0.0.0</SECONDARY>
              </DNS>
            </INTERFACE_SETTINGS>
            <PROXY_SETTINGS>
              <SETTING>Disabled</SETTING>
              <PROXY>
                <TYPE>primary</TYPE>
                <IP_ADDRESS>0.0.0.0</IP_ADDRESS>
                <PORT>0</PORT>
                <USER></USER>
              </PROXY>
              <PROXY>
                <TYPE>secondary</TYPE>
                <IP_ADDRESS>0.0.0.0</IP_ADDRESS>
                <PORT>0</PORT>
                <USER></USER>
              </PROXY>
            </PROXY_SETTINGS>
            <VLANS>
              <SETTING>Enabled</SETTING>
              <VLAN>
                <ID>123</ID>
                <NAME>Mine</NAME>
                <IP_ADDRESS>172.168.1.1</IP_ADDRESS>
                <NETMASK>255.255.0.0</NETMASK>
              </VLAN>
            </VLANS>
            <STATIC_ROUTES>
              <ROUTE>
                <NAME>OneRoute</NAME>
                <IP_ADDRESS>192.168.1.0</IP_ADDRESS>
                <NETMASK>255.255.255.0</NETMASK>
                <GATEWAY>192.168.254.1</GATEWAY>
              </ROUTE>
              <ROUTE>
                <NAME>TwoRoute</NAME>
                <IP_ADDRESS>192.168.2.0</IP_ADDRESS>
                <NETMASK>255.255.255.0</NETMASK>
                <GATEWAY>192.168.254.2</GATEWAY>
              </ROUTE>
            </STATIC_ROUTES>
            <ML_LATEST>5.19.41-1</ML_LATEST>
            <ML_VERSION updated="yes">5.19.41-1</ML_VERSION>
            <VULNSIGS_LATEST>1.28.277-2</VULNSIGS_LATEST>
            <VULNSIGS_VERSION updated="yes">1.28.277-2</VULNSIGS_VERSION>
            <ASSET_GROUP_COUNT>10</ASSET_GROUP_COUNT>
            <ASSET_GROUP_LIST>
              <ASSET_GROUP>
                <ID>30560</ID>
                <NAME>112411</NAME>
              </ASSET_GROUP>
              <ASSET_GROUP>
                <ID>33979</ID>
                <NAME>1to100</NAME>
              </ASSET_GROUP>
              <ASSET_GROUP>
                <ID>33980</ID>
                <NAME>1to50</NAME>
              </ASSET_GROUP>
              <ASSET_GROUP>
                <ID>33439</ID>
                <NAME>bad_nb</NAME>
              </ASSET_GROUP>
              <ASSET_GROUP>
                <ID>35014</ID>
                <NAME>cvss</NAME>
              </ASSET_GROUP>
              <ASSET_GROUP>
                <ID>35015</ID>
                <NAME>deadhost</NAME>
              </ASSET_GROUP>
              <ASSET_GROUP>
                <ID>33739</ID>
                <NAME>LotsODNS</NAME>
              </ASSET_GROUP>
              <ASSET_GROUP>
                <ID>20181</ID>
                <NAME>New</NAME>
              </ASSET_GROUP>
              <ASSET_GROUP>
                <ID>21779</ID>
                <NAME>SingleDNS2</NAME>
              </ASSET_GROUP>
              <ASSET_GROUP>
                <ID>33619</ID>
                <NAME>SingleDNS3</NAME>
              </ASSET_GROUP>
            </ASSET_GROUP_LIST>
            <LAST_UPDATED_DATE>2012-06-13T05:53:21Z</LAST_UPDATED_DATE>
            <POLLING_INTERVAL>60 seconds</POLLING_INTERVAL>
            <USER_LOGIN>quays_ra2</USER_LOGIN>
            <HEARTBEATS_MISSED>0</HEARTBEATS_MISSED>
            <SS_CONNECTION>Active</SS_CONNECTION>
            <SS_LAST_CONNECTED>2011-10-25T17:16:51Z</SS_LAST_CONNECTED>
            <FDCC_ENABLED>Yes</FDCC_ENABLED>
            <USER_LIST>
              <USER_ACCOUNT>
                <ID>8453</ID>
                <NAME>quays_ra10</NAME>
              </USER_ACCOUNT>
              <USER_ACCOUNT>
                <ID>15475</ID>
                <NAME>quays_ra21</NAME>
              </USER_ACCOUNT>
            </USER_LIST>
            <UPDATED>Yes</UPDATED>
            <COMMENTS><![CDATA[This is a comment.  OK?
    <script>alert('foo');</script>]]></COMMENTS>
          </APPLIANCE>
        </APPLIANCE_LIST>
      </RESPONSE>
    </APPLIANCE_LIST_OUTPUT>
    <!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides the QualysGuard Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2012, Qualys, Inc. //--> 
    
    

    Dear Customers-

     

    A new update of QualysGuard® version 6.17 will be available in production on Monday, February 7th 2011 for the US platform, and on later on this month for the EU platform. For additional information, please check the US release notification and the EU release notification.

     

    Please, remember that you can receive these QualysGuard Release Notifications using this self-subscription page: https://discussions.qualys.com/community/notifications-api

     

    QualysGuard 6.17 includes the following API enhancements:


    • New QualysGuard Detection API

    QualysGuard 6.17 includes a new “detection” extension to the version 2 API that is available via following URL:

    https://qualysapi.qualys.com/api/2.0/fo/asset/host/vm/detection/.  This gives API users the ability to obtain the most current vulnerability data (“automatic” data) associated to host assets in a XML format that can be easily imported into third party solutions.  The detection API is a recommended replacement for other existing API calls such as “asset_range_info.php”, “asset_data_report.php”, “asset_search.php” and “get_host_info.php”.

    Additional details about the new detection API, including examples and typical uses cases are available here: https://discussions.qualys.com/docs/DOC-2102


    • New Virtual Patch Information

    With QualysGuard 6.17 new virtual patch information is correlated with vulnerabilities when this information is available from Trend Micro. When virtual patch information is correlated with a vulnerability, one or more virtual patches from Trend Micro appear in the Solution section under the solution description provided by Qualys.

    The <SOLUTION> element in the XML output describes the recommended solution for fixing each vulnerability detected by the service. One or more virtual patches will be included, when available from Trend Micro for the following API calls:

      • scan.php
      • scan_report.php
      • asset_range_info.php
      • asset_data_report.php
      • get_host_info.php
      • get_tickets.php
      • ticket_list.php
      • knowledgebase_download.php

     

    • New OS Pattern Filter for Host API

    The new input parameter “os_pattern” for the host API (with the /api/2.0/fo/asset/host API endpoint) allows the user to filter hosts for processing based on a Perl-style regular expression. The “os_pattern” parameter is supported for both a host list request (action=list) and for a host purge request (action=purge).

    The existing input parameters continue to be available, as described in the QualysGuard API documentation. Please see the QualysGuard API V2 User Guide, Chapter 5 for complete information using the host API to view a host list and purge hosts.

     

    • Support for Cisco IOS Authentication

    This release introduces a new authentication type: Cisco IOS. Cisco IOS authentication allows users to perform authenticated scans of Cisco IOS devices that support the SSH protocol (SSH1 and SSH2) and telnet. For compliance scans, successful authentication to target hosts is required.

    Cisco IOS authentication must be performed with superuser (root) privileges. The user account provided for authentication must be able to execute the following commands:

      1. “show version” to identify the version of the Cisco IOS device
      2. “show logging” to gather logging configuration information
      3. “show running-config” (from the “enable” shell) to gather current system configuration settings.

    The /api/2.0/fo/auth/unix resource allows you to manage Unix and Cisco IOS authentication records. You can submit API requests to view Unix authentication records, add new records, update records and delete records.

    Important Note: One IP address in the user’s account can be added to one Cisco IOS record or one Unix record.

     

    Full API release notes will be available to download from within the Resources section of your QualysGuard account. If you have any question, please let us know.

     

    Thanks,

     

    Eric Perraudeau

    Product Manager for API and Integrations

    eperraudeau@qualys.com

    +1 650 801 7750

    A new update of QualysGuard® version 6.16 will be available in production on Thursday, January 6th 2011 for the US platform, and on Thursday, January 13th 2011 for the EU platform. This release is completely transparent to users and will require no scheduled downtime. The release will occur between 12 PM PST (20:00 GMT) and 6 PM PST (02:00 AM GMT next day).

     

     

    QualysGuard 6.16 includes the following API enhancements:

    Unix Authentication API Updates for PowerBroker Support

    Note: Support for BeyondTrust PowerBroker is deprecated as of July 2012. The API will continue to be available to existing customers already using it, but will not be available for new implementations.

     

    For QualysGuard 6.16 updates were made to the Unix scan authentication API to add support for PowerBroker, a root delegation tool. This API allows you to manage Unix authentication records in your QualysGuard account. With this QualysGuard release, users can choose to use PowerBroker, instead of Sudo, by selecting this option within their Unix authentication records.

     

    The /api/2.0/fo/auth/unix resource is used to manage Unix authentication records. For this release changes were made to input parameters used to add or edit a Unix record (action=create and action=update) and the Unix authentication list DTD (auth_unix_list_output.dtd), as described in the sections below.

     

    New Malware Correlation Information

    With this release, QualysGuard correlates malware information with vulnerabilities in the Qualys KnowledgeBase when malware threats for vulnerabilities are published within the Trend Micro Threat Encyclopedia. This correlation will allow QualysGuard users to prioritize and filter vulnerabilities so that they can get actionable information to administrators for remediation of vulnerabilities that can lead to malware infections.

     

    There are 3 important updates to report DTDs to support this new XML structure:

    • New <MALWARE> element and its child elements identify malware correlation information.
    • Child elements of the existing <EXPLOITABILITY> element have new, shorter names.
    • New <CORRELATION> element is the parent element for the <EXPLOITABILITY> element and the new <MALWARE> element.

     

     

    Full details are available about these XML changes within the Qualys community at: https://discussions.qualys.com/docs/DOC-1934

     

    API release notes will be available to customers from within the Resources section of your QualysGuard account.

     

    To receive more information on QualysGuard 6.16, please visit Qualys Community or contact your Technical Account Manager or Qualys' Technical Support Department at support@qualys.com.

     

    Qualys Notifications are moving to self-subscription on the Qualys Community.  To continue receiving notifications like this one please register at:

     

    We thank you for your continued support and look forward to continuously improving our services.

     

    Eric Perraudeau

    Product Manager for API and Integrations

    eperraudeau@qualys.com

    +1 650 801 7750

    Filter Blog

    By date: By tag: