Skip navigation

API Notifications

4 Posts authored by: Terry McCorkle

This update to QualysGuard 8.0 includes improvements to the QualysGuard API, allowing you to integrate your programs and API calls with QualysGuard Vulnerability Management (VM) and QualysGuard Policy Compliance (PC).

 

What’s New

VM - “Security Risk Score” summary added to XML and CSV reports

VM & PC - "Network Support API” Updates

 

QualysGuard API Server URL. The QualysGuard API documentation and sample code use the API server URL for QualysGuard US Platform 1. If your account is located on another platform, please replace this URL with the appropriate server URL for your account.

 

Account  Location

API  Server URL for login
QualysGuard  US Platform https://qualysapi.qualys.com

QualysGuard  US Platform 2

https://qualysapi.qg2.apps.qualys.com

QualysGuard  EU Platformhttps://qualysapi.qualys.eu
QualysGuard  @Customerhttps://qualysapi.<customer_base_url>

 

QualysGuard API Documentation. API user guides and other documentation are available in your account’s Resources section (Help > Resources > API). Note: The service enforces limits on the API calls users can make within a subscription. See “QualysGuard API Limits” for details.

 

VM - “Security Risk Score” summary added to  XML and CSV reports

With this release vulnerability scan reports include a security risk score summary for the report and per host, in all report formats - earlier this was not in XML or  CSV. As before the risk score summary appears when your report template is configured for host based findings (automatic data) and the Text Summary option is selected. The asset_data_report.dtd was updated - we’ll show you the changes.

 

Tell me about the Security Risk Score. The score for the overall report is the average security risk for all hosts in the report. The score for each host is the average severity level detected (the default) or the highest severity level detected. Managers can configure the calculation method for the subscription by going to Reports > Setup > Security Risk. Are you an Express Lite user? If yes the average severity level is always used.

 

Sample reports. These reports were created using a scan report template configured with host based findings and Text Summary is selected (under Display > Detailed Results).

 

CSV report:

New rows show you the security risk score summary for the report and per host.

8.0Image.png

 

XML report:

New XML elements show you the security risk summary for the report (see  <RISK_SCORE_SUMMARY>)  and per host <see RISK_SCORE_PER_HOST>.

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE ASSET_DATA_REPORT SYSTEM "https://qualysguard.qualys.com/asset_data_report.dtd">
<ASSET_DATA_REPORT>
  <HEADER>
    <COMPANY><![CDATA[Qualys, Inc.]]></COMPANY>
    <USERNAME>USERNAME</USERNAME>
    <GENERATION_DATETIME>2014-03-11T23:56:22Z</GENERATION_DATETIME>
    ...
    <RISK_SCORE_SUMMARY>
      <TOTAL_VULNERABILITIES>14</TOTAL_VULNERABILITIES>
      <AVG_SECURITY_RISK>2.6</AVG_SECURITY_RISK>
      <BUSINESS_RISK>13/100</BUSINESS_RISK>
    </RISK_SCORE_SUMMARY>
  </HEADER>
<RISK_SCORE_PER_HOST>
  <HOSTS>
    <IP_ADDRESS>10.10.24.104</IP_ADDRESS>
    <TOTAL_VULNERABILITIES>4</TOTAL_VULNERABILITIES>
    <SECURITY_RISK>2.5</SECURITY_RISK>
  </HOSTS>
  <HOSTS>
    <IP_ADDRESS>10.10.24.106</IP_ADDRESS>
    <TOTAL_VULNERABILITIES>10</TOTAL_VULNERABILITIES>
    <SECURITY_RISK>2.6</SECURITY_RISK>
  </HOSTS>
</RISK_SCORE_PER_HOST>
  <HOST_LIST>
    <HOST>
      <IP>10.10.24.104</IP>
      <TRACKING_METHOD>IP</TRACKING_METHOD>
...

 

DTD updates:

You’ll see the updated asset_data_report.dtd below. There’s  new elements RISK_SCORE_PER_HOST and RISK_SCORE_SUMMARY.

<!-- QUALYS ASSET DATA REPORT DTD -->

<!ELEMENT ASSET_DATA_REPORT (ERROR | (HEADER, RISK_SCORE_PER_HOST?, HOST_LIST?, GLOSSARY?, APPENDICES?))>


<!ELEMENT ERROR (#PCDATA)*>
<!ATTLIST ERROR number CDATA #IMPLIED>




<!-- HEADER -->


<!ELEMENT HEADER (COMPANY, USERNAME, GENERATION_DATETIME, TEMPLATE,
                  TARGET, RISK_SCORE_SUMMARY?)>


<!ELEMENT COMPANY (#PCDATA)>
<!ELEMENT USERNAME (#PCDATA)>
<!ELEMENT GENERATION_DATETIME (#PCDATA)>
<!ELEMENT TEMPLATE (#PCDATA)>
<!ELEMENT TARGET (USER_ASSET_GROUPS?, USER_IP_LIST?, COMBINED_IP_LIST?, 
                  ASSET_TAG_LIST?)>


<!ELEMENT USER_ASSET_GROUPS (ASSET_GROUP_TITLE+)>
<!ELEMENT ASSET_GROUP_TITLE (#PCDATA)>


<!ELEMENT USER_IP_LIST (RANGE*)>
<!ELEMENT RANGE (START, END)>
<!ELEMENT START (#PCDATA)>
<!ELEMENT END (#PCDATA)>


<!ELEMENT COMBINED_IP_LIST (RANGE*)>


<!ELEMENT ASSET_TAG_LIST (INCLUDED_TAGS, EXCLUDED_TAGS?)>


<!ELEMENT INCLUDED_TAGS (ASSET_TAG*)>
<!ATTLIST INCLUDED_TAGS scope CDATA #IMPLIED>


<!ELEMENT EXCLUDED_TAGS (ASSET_TAG*)>
<!ATTLIST EXCLUDED_TAGS scope CDATA #IMPLIED>


<!-- AVERAGE RISK_SCORE_SUMMARY -->
<!ELEMENT RISK_SCORE_SUMMARY (TOTAL_VULNERABILITIES, AVG_SECURITY_RISK,
                              BUSINESS_RISK)>
<!ELEMENT TOTAL_VULNERABILITIES (#PCDATA)>
<!ELEMENT AVG_SECURITY_RISK (#PCDATA)>
<!ELEMENT BUSINESS_RISK (#PCDATA)>


<!-- RISK_SCORE_PER_HOST -->
<!ELEMENT RISK_SCORE_PER_HOST (HOSTS+)>
<!ELEMENT HOSTS (IP_ADDRESS, TOTAL_VULNERABILITIES, SECURITY_RISK)>
<!ELEMENT IP_ADDRESS (#PCDATA)>
<!ELEMENT SECURITY_RISK (#PCDATA)>


<!-- HOST_LIST -->


<!ELEMENT HOST_LIST (HOST+)>
...

 

VM & PC - Network Support API Updates

 

We made some updates to the Network Support API for QualysGuard 8.0. You’ll find the latest information integrated into this user guide. You might like to review the latest changes below.

 

Set Up Networks

 

Scanner Appliance List API v2 - filter by network ID

The Scanner Appliance List API v2 (resource /api/2.0/fo/appliance/ with action=list) returns scanner appliances in your account. Now you can use the new input parameter “network_id” (optional) to return a list of scanner appliances for a certain network. Specify 0 for the Global Default Network or a custom network ID.

 

For example:

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl"

"https://qualysapi.qualys.com/api/2.0/fo/appliance/?action=list&network_id=1002"

 

Organize Assets by Network

 

Asset Group List API v1 - network ID added to group’s IPs

The Asset Group List API v1 (/msp/asset_group_list.php) is used to retrieve a list of asset groups in your account. We added a new attribute “network_id” to the subelement /SCANIPS/IP in the XML output (asset_group_list.dtd). This appears for an All asset group that is not the same as the subscription’s All asset group.

 

Have multiple All asset groups? Yes you might. There is always 1 All asset group for the subscription - this includes all assets, visible to Managers. If you have business units, there is 1 unique All asset group for each business unit. If you have Scanners and/or Readers, there is 1 unique All asset group for each Scanner/Reader account. (There is no All asset group for a network.)

 

Sample XML output:

Sample XML output showing an All asset group that is not the subscription’s All asset group:

...
<ASSET_GROUP>
  <ID>5010</ID>
  <TITLE><![CDATA[All]]></TITLE>
  <SCANIPS>
    <IP network_id="0"> 10.0.0.0-10.10.10.11</IP>
    <IP network_id="0"> 10.10.10.13-10.10.10.247</IP>
    <IP network_id="1193"> 10.0.0.0-10.10.10.11</IP>
    <IP network_id="1193"> 10.10.10.13-10.10.10.247</IP>
...

 

DTD update:

New “network_id” attribute added to the subelement /IP.

...
<!ELEMENT IP (#PCDATA)>
<!ATTLIST IP network_id CDATA "0">
...

 

Asset Management

Support for IP List API v2

The IP List API v2 (resource /api/2.0/fo/asset/ip/ with action=list) is used to retrieve a list of IP addresses in your account. The XML output now lists the network ID for each IP address/range when the request is made by a sub-user with access to multiple networks. We added a new attribute “network_id” to the subelements /IP_SET/IP and /IP_SET/IP_RANGE in the XML output (ip_list_output.dtd).

 

Good to know:

 

  • Managers will not see the “network_id” attribute for any IP or IP_RANGE elements in the output since Managers can see all IPs for all networks.
  • Any sub-user with access to only a single network (the Global Default Network or a custom network) will not see the “network_id” attribute either. This is for consistency with the UI, where these users do not see the network workflows.

 

Sample XML output:

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE IP_LIST_OUTPUT SYSTEM "https://qualysapi.qualys.com/api/2.0/fo/asset/ip/ip_list_output.dtd">
<IP_LIST_OUTPUT>
  <RESPONSE>
    <DATETIME>2014-02-14T22:47:32Z</DATETIME>
    <IP_SET>
      <IP_RANGE network_id="0">1.0.0.0-10.10.10.14</IP_RANGE>
      <IP_RANGE network_id="0">10.10.10.17-10.10.10.29</IP_RANGE>
      <IP network_id="0">10.10.10.32</IP>
    </IP_SET>
  </RESPONSE>
</IP_LIST_OUTPUT>

 

 

DTD updates:

New “network_id” attribute added to the subelements /IP_SET/IP and /IP_SET/IP_RANGE.

...
<!ELEMENT IP_SET ((IP|IP_RANGE)+)>
<!ELEMENT IP (#PCDATA)>
<!ATTLIST IP
  network_id  CDATA  "0"
>
<!ELEMENT IP_RANGE (#PCDATA)>
<!ATTLIST IP_RANGE
  network_id  CDATA  "0"
>
...

 

Support for Excluded IP List API v2

The Excluded IP List API v2 (/api/2.0/fo/asset/excluded_ip/ with action=list) returns a list of excluded hosts.

 

Use the new input parameter “network_id” (optional) to return a list of excluded IPs for a certain network.

 

The XML output now identifies the network ID for each IP address/range when your subscription has at least 1 network defined. We added a new attribute “network_id” to the subelements /IP_SET/IP and /IP_SET/IP_RANGE in the XML output (ip_list_output.dtd).

 

Sample XML output:

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE IP_LIST_OUTPUT SYSTEM "https://qualysapi.qualys.com/api/2.0/fo/asset/excluded_ip/ip_list_output.dtd">
<IP_LIST_OUTPUT>
  <RESPONSE>
    <DATETIME>2014-03-20T20:49:19Z</DATETIME>
    <IP_SET>
      <IP network_id="0">10.10.10.19</IP>
      <IP_RANGE network_id="1275">10.10.50.6-10.10.50.10</IP_RANGE>
    </IP_SET>
  </RESPONSE>
</IP_LIST_OUTPUT>

 

DTD updates:

New “network_id” attribute added to the subelements /IP_SET/IP and /IP_SET/IP_RANGE.

...
<!ELEMENT IP_SET ((IP|IP_RANGE)+)>
<!ELEMENT IP (#PCDATA)>
<!ATTLIST IP
  network_id  CDATA  "0"
>
<!ELEMENT IP_RANGE (#PCDATA)>
<!ATTLIST IP_RANGE
  network_id  CDATA  "0"
>
...

 

Support for Excluded IP Change History API v2

The excluded IP change history V2 API (/api/2.0/fo/asset/excluded_ip/history/ with action=list) returns a change history for excluded hosts.

 

Use the new input parameter “network_id” (optional) to return a list of excluded IPs for a certain network.

 

The XML output now identifies the network ID for each IP address/range when your subscription has at least 1 network defined. We added a new attribute “network_id” to the subelements /IP_SET/IP and /IP_SET/IP_RANGE in the XML output (history_list_output.dtd).

 

Sample XML output:

...
 <HISTORY_LIST>
      <HISTORY>
        <ID>1441</ID>
        <IP_SET>
          <IP_RANGE network_id="0">10.10.10.234-10.10.10.235</IP_RANGE>
        </IP_SET>
        <ACTION>Added</ACTION>
...

 

DTD updates:

New “network_id” attribute added to the subelements /IP_SET/IP and /IP_SET/IP_RANGE.

...
<!ELEMENT IP_SET ((IP|IP_RANGE)+)>
<!ELEMENT IP (#PCDATA)>
<!ATTLIST IP
    network_id  CDATA  "0"
>           
<!ELEMENT IP_RANGE (#PCDATA)>
<!ATTLIST IP_RANGE
    network_id  CDATA  "0"
>
...

This API notification provides an early preview into the coming API changes in QualysGuard, allowing you to proactively identify any changes that might be required for your automated scripts or programs that utilize the API methods described below.  There is one primary API change in this release:

 

New API: Asset Management and Tagging API v2

 

This release will apply to the following platforms:

 

  • The specified item was not found.
  • The specified item was not found.
  • The specified item was not found.

 

Full release notes will be available to customers on the day of the release.

 

API Enhancements

 

Tag API

          The Tags API provides a suite of API functions for managing tags. The supported Tag operations are get, create, update, search, count, delete and evaluate.

 

          Tag operations

                    Get Tag

                    Create Tag

                    Update Tag

                    Search Tags

                    Count Tags

                    Delete Tag

                    Evaluate Tag

 

 

Example:

          Fetch tag ID 12345.

 

Request:

          curl -n -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/rest/2.0/get/am/tag/12345"

 

 

Response:

 

<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2.0/am/tag.xsd">
  <responseCode>SUCCESS</responseCode>
  <count>1</count>
  <data>
    <Tag>
      <id>12345</id>
      <name>Test Tag</name>
      <created>2014-02-06T19:14:50Z</created>
      <modified>2014-02-06T19:14:50Z</modified>
      <color>#FFFFFF</color>
      <ruleText>asset.installedSoftwares.contains { it.name == "Windows" }</ruleText>
      <ruleType>GROOVY</ruleType>
      <children>
        <list/>
      </children>
    </Tag>
  </data>
</ServiceResponse>

 

Host Asset API

          The Host Asset API provides a suite of API functions for managing host assets. In many cases these are hosts detected by our cloud scanners. Host assets can also be added manually by the QualysGuard API or user interface. The HostAsset members identify operating system, NetBIOS, tags, open ports, NICs, installed software, EC2 source information and current vulnerabilities (all instances).

 

          Host Asset operations

                    Get Host Asset

                    Create Host Asset

                    Update Host Asset

                    Search Hosts Assets

                    Count Host Assets

                    Delete Host Asset

                    Activate Host Asset

 

Example:

          Fetch the host asset ID 12345 and list host asset details.

 

Request:

          curl -n -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/rest/2.0/get/am/hostasset/12345"

 

Response:

 

<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2.0/am/hostasset.xsd">
  <responseCode>SUCCESS</responseCode>
  <count>1</count>
  <data>
    <HostAsset>
      <id>2020094</id>
      <name>My Windows Asset</name>
      <created>2014-02-06T19:16:35Z</created>
      <modified>2014-02-06T19:16:35Z</modified>
      <type>HOST</type>
      <tags>
        <list>
            <TagSimple>
                <id>12345</id>
                <name>Tag 1</name>
            </TagSimple>
            <TagSimple>
                <id>54321</id>
                <name>Tag 2</name>
            </TagSimple>
        </list>
      </tags>
      <sourceInfo>
        <list/>
      </sourceInfo>
      <os>Windows 7</os>
      <dnsHostName>localhost</dnsHostName>
      <netbiosName>TEST</netbiosName>
      <netbiosNetworkId>10</netbiosNetworkId>
      <networkGuid>66bf43c8-7392-4257-b856-a320fde231eb</networkGuid>
      <address>127.0.0.1</address>
      <trackingMethod>IP</trackingMethod>
      <openPort>
        <list/>
      </openPort>
      <software>
        <list/>
      </software>
      <vuln>
        <list/>
      </vuln>
    </HostAsset>
  </data>
</ServiceResponse>

 

Asset API

          The Asset API is a subset of the Host Asset API. The Asset members identify name, tags, and EC2 source information.

 

          Asset operations

                    Get Asset

                    Update Asset

                    Search Assets

                    Count Assets

                    Delete Asset

                    Activate Asset

 

Example:

          This example fetches the asset ID 12345 and lists asset details.

 

Request:

          curl -n -u “USERNAME:PASSWORD” "https://qualysapi.qualys.com/rest/2.0/get/am/asset/12345"

 

Response:

 

<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2.0/am/asset.xsd">
  <responseCode>SUCCESS</responseCode>
  <count>1</count>
  <data>
    <Asset>
      <id>12345</id>
      <name>My Windows Asset</name>
      <created>2014-02-06T19:16:35Z</created>
      <modified>2014-02-06T19:16:35Z</modified>
      <type>HOST</type>
      <tags>
        <list>
            <TagSimple>
                <id>12345</id>
                <name>Tag 1</name>
            </TagSimple>
            <TagSimple>
                <id>54321</id>
                <name>Tag 2</name>
            </TagSimple>
        </list>
      </tags>
    </Asset>
  </data>
</ServiceResponse>

 

Host Instance Vulnerability API

          The Host Instance Vulnerability API provides a suite of API functions for managing vulnerability instances found on host assets. The supported Host Instance Vulnerability operations are get, count and search.

 

    Host Instance Vulnerability operations

                    Get Host Instance Vulnerability

                    Search Host Instance Vulnerabilities

                    Count Host Instance Vulnerabilities

 

Example:

          Fetch the host instance vulnerability with the ID 12345.

 

Request:

          curl -n -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/rest/2.0/get/am/hostinstancevuln/12345"

 

Response:

 

<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2.0/am/hostinstancevuln.xsd">
  <responseCode>SUCCESS</responseCode>
  <count>1</count>
  <data>
    <HostInstanceVuln>
      <id>9534081</id>
      <hostAssetId>1543621</hostAssetId>
      <qid>38167</qid>
      <port>25</port>
      <ssl>true</ssl>
      <found>true</found>
      <ignored>false</ignored>
      <disabled>false</disabled>
      <updated>2012-10-19T21:56:23Z</updated>
      <protocol>TCP</protocol>
      <source>HOST</source>
    </HostInstanceVuln>
  </data>
</ServiceResponse>

A new release of QualysGuard Portal, Version 2.3.0, is targeted for release in US production in March 2014. The exact release date has not yet been set.  This release contains changes to the APIs that requires a 30-day notification.  Only the API changes that impact existing APIs are included in the 30 day notification.  The notification will be updated to include any new API functionality at least 15 days prior to release.

 

AM v1 API Changes

 

In the Portal 2.3.0 release the VM v1 API will remove the <SITE> and <NETWORK> objects in preparation for the new multiple network support feature. These objects were not used in the VM v1 API and there should be no impact to customers.

 

Full release notes will be available to customers on the day of the release.

This update to QualysGuard 7.13 includes improvements to the QualysGuard API, allowing you to integrate your programs and API calls with QualysGuard Vulnerability Management (VM) and QualysGuard Policy Compliance (PC).

 

Highlights Include:

 

  • VM and PC - “Report Share” API v2 download CSV reports without headers
  • VM - New "HTTP Authentication”
  • API v2 PC - New "Policy Merge”
  • API v2 PC - Policy Report XML now includes custom control references
  • PC - “Apache Authentication” API v2 - Support for multiple instances per host
  • PC - “MS SQL Authentication” API v2 - Auto discover database instances

 

VM and PC - “Report Share” API v2 download CSV reports without headers

 

The “Report Share” API v2 (/api/2.0/fo/report/) allows you to launch and download reports. With this release you can choose to download reports in CSV format without the header information for all VM reports and PC reports that can be downloaded in CSV format. Basically we’ll include just the central CSV tables containing your security and compliance data, not the header metadata.

 

Want to omit the header from your CSV report? Using the“Report Share” API v2 first launch this report with the input parameter “hide_header=1” and then download the report in the usual way.

 

Step 1 - Launch your report in CSV format

 

API request:
curl -k -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl"-X "POST" -d "action=launch&template_id=123&output_format=csv&hide_header=1" "https://qualysapi.qualys.com/api/2.0/fo/report/

 

XML output:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE GENERIC SYSTEM "https://qualysapi.qualys.com/api/2.0/simple_return.dtd">
<SIMPLE_RETURN>
  <RESPONSE>
    <DATETIME>2012-12-11T21:45:23Z</DATETIME>
    <TEXT>New report launched</TEXT>
    <ITEM_LIST>
      <ITEM>
      <KEY>ID</KEY>
      <VALUE>6622</VALUE>
      </ITEM>
    </ITEM_LIST>
  </RESPONSE>
</SIMPLE_RETURN>

 

Step 2 - Download your CSV report

 

API request:
curl -k -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d "action=fetch&id=6622" "https://qualysapi.qualys.com/api/2.0/fo/report/"

 

CSV output:

You’ll notice there’s no header information (report title, date,user who launched the report, etc).

 

         CSV - Headers.png

 

VM – New "HTTP Authentication” API v2

 

You now have the option to choose HTTP authentication for vulnerability scans using QualysGuard Vulnerability Management (VM). Use the“HTTP Authentication” API v2 (/api/2.0/fo/auth/http/) for scanning protected portions of web sites and devices like printers and routers that require HTTP protocol level authentication. (Note this is not Form-based authentication). By authenticating we can perform additional vulnerability tests that we couldn’t do otherwise.

 

How it works – During a vulnerability scan, if we come across a web page that requires HTTP authentication then we’ll check to see if an HTTP record exists in your account with applicable credentials. If yes,we’ll use the credentials in the record to perform HTTP authentication.

 

List HTTP records

 


API request:
curl -k -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -d "action=list&ids=55111" "https://qualysapi.qualys.com/api/2.0/fo/auth/http/"

 

XML output:

 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE AUTH_HTTP_LIST_OUTPUT SYSTEM "https://qualysapi.qualys.com/api/2.0/fo/auth/http/auth_http_list_output.dtd">
<AUTH_HTTP_LIST_OUTPUT>
 <RESPONSE>
   <DATETIME>2014-01-03T08:08:19Z</DATETIME>
   <AUTH_HTTP_LIST>
     <AUTH_HTTP>
       <ID>55111</ID>
       <TITLE><![CDATA[My HTTPRecord]]></TITLE>
       <USERNAME><![CDATA[jsmith]]></USERNAME>
       <SSL>0</SSL>
       <REALM><![CDATA[MyHomepage]]></REALM>
       <CREATED>
         <DATETIME>2014-01-03T07:51:48Z</DATETIME>
         <BY>acme_ab1</BY>
       </CREATED>
       <LAST_MODIFIED>
       <DATETIME>2014-01-03T07:51:48Z</DATETIME>
       </LAST_MODIFIED>
     </AUTH_HTTP>
   </AUTH_HTTP_LIST>
 </RESPONSE>
</AUTH_HTTP_LIST_OUTPUT>

 

HTTP record list output DTD:

 

<!-- QUALYS AUTH_HTTP_LIST_OUTPUT DTD -->
<!ELEMENTAUTH_HTTP_LIST_OUTPUT (REQUEST?, RESPONSE)>
<!ELEMENT REQUEST (DATETIME,USER_LOGIN, RESOURCE, PARAM_LIST?, POST_DATA?)>
<!ELEMENT DATETIME(#PCDATA)>
<!ELEMENT USER_LOGIN (#PCDATA)>
<!ELEMENT RESOURCE(#PCDATA)>
<!ELEMENT PARAM_LIST (PARAM+)>
<!ELEMENT PARAM (KEY,VALUE)>
<!ELEMENT KEY (#PCDATA)>
<!ELEMENT VALUE (#PCDATA)>
<!-- if returned, POST_DATA will be urlencoded -->
<!ELEMENT POST_DATA(#PCDATA)>
<!ELEMENT RESPONSE (DATETIME, (AUTH_HTTP_LISTID_SET)?,WARNING_LIST?, GLOSSARY?)>
<!ELEMENT AUTH_HTTP_LIST (AUTH_HTTP+)>
<!ELEMENT AUTH_HTTP (ID, TITLE, USERNAME, SSL, (REALMVHOST), IP_SET?,CREATED, LAST_MODIFIED, COMMENTS?)>
<!ELEMENT ID (#PCDATA)>
<!ELEMENT TITLE (#PCDATA)>
<!ELEMENT USERNAME (#PCDATA)>
<!ELEMENT SSL (#PCDATA)>
<!ELEMENT REALM (#PCDATA)>
<!ELEMENTVHOST (#PCDATA)>
<!ELEMENT IP_SET (IPIP_RANGE)+>
<!ELEMENT IP(#PCDATA)>
<!ELEMENT IP_RANGE (#PCDATA)>
<!ELEMENT CREATED(DATETIME, BY)>
<!ELEMENT BY (#PCDATA)>
<!ELEMENT LAST_MODIFIED(DATETIME)>
<!ELEMENT COMMENTS (#PCDATA)>
<!ELEMENT WARNING_LIST(WARNING+)>
<!ELEMENT WARNING (CODE?, TEXT, URL?, ID_SET?)>
<!ELEMENT CODE (#PCDATA)>
<!ELEMENT TEXT (#PCDATA)>
<!ELEMENTURL (#PCDATA)>
<!ELEMENT ID_SET (IDID_RANGE)+>
<!ELEMENT ID_RANGE(#PCDATA)>
<!ELEMENT GLOSSARY (USER_LIST?)>
<!ELEMENT USER_LIST(USER+)>
<!ELEMENT USER (USER_LOGIN, FIRST_NAME, LAST_NAME)>
<!ELEMENT FIRST_NAME (#PCDATA)>
<!ELEMENT LAST_NAME (#PCDATA)>
<!-- EOF -->

 

Create a new HTTP record - realm

 

API request:
curl -k -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -d "action=create&amp;username=jsmith&amp;password=abc123&amp;title=MyHTTPRecord1&amp;realm=MyHomepage" "https://qualysapi.qualys.com/api/2.0/fo/auth/http/"

 

XML output:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE BATCH_RETURN SYSTEM "https://qualysapi.qualys.com/api/2.0/batch_return.dtd">
<BATCH_RETURN>
  <RESPONSE>
    <DATETIME>2014-01-03T07:51:48Z</DATETIME>
    <BATCH_LIST>
      <BATCH>
        <TEXT>Successfully Created</TEXT>
        <ID_SET>
          <ID>55111</ID>
        </ID_SET>
      </BATCH>
    </BATCH_LIST>
  </RESPONSE>
</BATCH_RETURN>

 

 

Create a new HTTP record - virtual host

 

API request:
curl -k -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -d "action=create&amp;username=jsmith&amp;password=abc123&amp;title=MyHTTPRecord+2&amp;vhost=bank.us.corp1.com" "https://qualysapi.qualys.com/api/2.0/fo/auth/http/"

 

 

 

Update an HTTP record

 

API request:
curl -k -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -d "action=update&ids=55114&realm=11" "https://qualysapi.qualys.com/api/2.0/fo/auth/http/"

 

 

 

Delete an HTTP record

 

API request:
curl -k -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -d "action=delete&ids=55114" "https://qualysapi.qualys.com/api/2.0/fo/auth/http/"

 

 

 

List authentication records - now includes HTTP records

 

API request:
curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -d "action=list&id_min=54190&id_max=54436" "https://qualysapi.qualys.com/api/2.0/fo/auth/"

 

 

PC - New "Policy Merge” API v2

 

We’re pleased to introduce the new “Policy Merge” API v2 (resource /api/2.0/fo/compliance/policy/ with the parameter action=merge). This new API allows you to merge (combine) 2 or more compliance policies using QualysGuard Policy Compliance (PC). You can choose to merge some or all parts of a new policy into an existing one. Also you can preview merge changes before saving them. This API is available to Managers and Auditors.

 

For example, say you imported a policy from our library (Policy A) and configured it to add asset groups, controls and sections. Later we might release an updated version of this policy (Policy B) with new controls and technologies. In this scenario you can use the Policy Merge API to add the new controls and technologies from Policy B into Policy A (your existing policy) without losing the asset groups, controls and sections you added.

 

Policy Merge Request 1 - preview merged policy

 

Policy ID 15993 (Policy A) will be updated with content merged from policy ID 15994 (Policy B) and the XML output will show the merged policy in preview mode. Policy changes will not be saved in Policy 15993 since the request includes “preview_merge=1”.

 

API request:
curl -k -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" "https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/?action=merge&id=15993&merge_policy_id=15994&replace_cover_page=1&add_new_asset_groups=1&add_new_technologies=1&update_section_heading=1&add_new_controls=1&update_existing_controls=1&preview_merge=1"

 

 

PC - Policy Report XML now includes custom control references

 

With this release you can choose to create policy reports with your custom control references in XML and CSV format - just follow the steps below.

 

The policy report XML output now lists the control references defined for each control. We’ve updated the policy report DTD (compliance_policy_report.dtd) to add the new element <CONTROL_REFERENCES>.

 

Step 1 - Configure the template settings

 

Configure your policy report template using the user interface (under PC > Reports > Templates). Be sure to choose the Group by Controls option and under Sections choose Control References.

 

 

Step 2 - Launch a PC policy report

 

API request:
curl -k -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d"action=launch&template_id=55469&output_format=xml" "https://qualysapi.qualys.com/api/2.0/fo/report/"

 

 

XML output:

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPEGENERIC SYSTEM "https://qualysapi.qualys.com/api/2.0/simple_return.dtd">
<SIMPLE_RETURN>
  <RESPONSE>
    <DATETIME>2013-12-11T21:45:23Z</DATETIME>
    <TEXT>New reportlaunched</TEXT>
    <ITEM_LIST>
      <ITEM>
        <KEY>ID</KEY>
        <VALUE>1665</VALUE>
      </ITEM>
    </ITEM_LIST>
  </RESPONSE>
</SIMPLE_RETURN>

 

Step 3 - Download report XML

 

API request:
curl -k -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d"action=fetch&id=1665" "https://qualysapi.qualys.com/api/2.0/fo/report/"

 

 

XML output:

...          
         <CONTROL_LIST>           
           <CONTROL>             
             <CID>1376</CID>             
             <STATEMENT><![CDATA[Status of the'Interactive Logon: Do not require CTRLALTDEL'
                         setting]]></STATEMENT>             
             <CONTROL_REFERENCES>ABC123,4.6.88</CONTROL_REFERENCES>             
             <RATIONALE><![CDATA[The Windows OS behaves differently when the'CTRLALTDelete' is invoked 
                         before login--this guarantees that the authentication process for the system 
                         is engaged. Otherwise, when only the two-line login screen is presented, it
                         is possible that a Trojan program is displaying a phony userid/password login 
                         screen, which will collect the credentials and exit, leaving the user believing
                         that he/she simply mistype done or both of the required values. NOTE: As this 
                         is one of the reverse-logic controls, it is important to remember that this 
                         should be DISABLED to actually be enabled.]]>
             </RATIONALE>
             <STATUS><![CDATA[Passed]]></STATUS>
             <EVIDENCE><![CDATA[CHECK1]]></EVIDENCE>
           </CONTROL>  
... 

 

 

PC - “Apache Authentication” API v2 – Support for multiple instances per host

Apache Server authentication is available for compliance scans using QualysGuard Policy Compliance (PC). With this release the “Apache Authentication” API v2 (/api/2.0/fo/auth/apache/) now supports authentication to multiple Apache server instances on the same host.

 

Want to set it up? Just create multiple Apache server authentication records - 1 record for each host instance. In each record, a host instance is defined by a unique IP address and configuration file pair.You can create 2 records for the same IP address, but the config file can’t be the same in the 2 records.

 

Create multiple Apache records

 

To scan 2 Apache instances on the same IP, you’ll create 2 Apache authentication records. This is how you create 2 records for IP10.10.25.25 - note the 2 different configuration files.

 

 

API request (record 1):

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d "action=create&amp;title=ApacheRecord1&amp;unix_apache_config_file=/opt/IBM/HTTPServer/conf/httpd.conf1&amp;unix_apache_control_command=/opt/IBM/HTTPServer/bin1&amp;ips=10.10.25.25" "https://qualysapi.qualys.com/api/2.0/fo/auth/apache/"

 

 

API request (record 2):

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d "action=create&amp;title=ApacheRecord2&amp;unix_apache_config_file=/opt/IBM/HTTPServer/conf/httpd.conf2&amp;unix_apache_control_command=/opt/IBM/HTTPServer/bin1&amp;ips=10.10.25.25" "https://qualysapi.qualys.com/api/2.0/fo/auth/apache/"

 

 

List Apache records

 

This is a way you can review the authentication record settings before you scan. The Apache records list XML (auth_apache_list_output.dtd)did not change.

 

 

Reporting of Apache Server instances

 

Your PC reports identify compliance evaluation findings forApache instances. With this release each instance identifies the configuration file path.

 

PC - “MS SQL Authentication” API v2 - Autodiscover database instances

 

MS SQL Server authentication is available for compliance scans using QualysGuard Policy Compliance (PC). With this release the “MS SQL authentication” API v2 (/api/2.0/fo/auth/ms_sql/) supports the automatic discovery of MS SQL Server instances. Just specify the auto discovery option(s) in your records and we’ll find all matching instances on target hosts and attempt authentication.

 

Create MS SQL records

 

API request (record 1):

For IP 10.10.25.25 auto discover instance names, database names and ports.

curl -u "USERNAME:PASSWORD" -H "X-Requested-With:Curl" -X "POST" -d "action=create&amp;title=MSSQLRecord+1&amp;username=myname&amp;password=mypassword&amp;ips=10.10.25.25&amp;auto_discover_instances=1&amp;auto_discover_databases=1&amp;auto_discover_ports=1" "https://qualysapi.qualys.com/api/2.0/fo/auth/ms_sql/"

 

 

API request (record 2):

For IP 10.10.25.100 we’ll auto discover ports and instances but the database name will be set to “mydbname”.

curl -u "USERNAME:PASSWORD" -H "X-Requested-With:Curl" -X "POST" -d "action=create&amp;title=MSSQLRecord+2&amp;username=myname&amp;password=mypassword&amp;ips=10.10.25.100&amp;auto_discover_ports=1&amp;auto_discover_instances=1&amp;database=mydbname" "https://qualysapi.qualys.com/api/2.0/fo/auth/ms_sql/"

 

 

List MS SQL records

 

This is a way you can review the authentication record settings before you scan. The MS SQL records list XML (auth_ms_sql_list_output.dtd)has been updated.

 

API request:

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d "action=list" "https://qualysapi.qualys.com/api/2.0/fo/auth/ms_sql/"

Filter Blog

By date: By tag: