Skip navigation
1 2 3 4 Previous Next

API Notifications

143 posts

A new release of Qualys Cloud Suite v2.37.1 (AM) includes an updated API which is targeted for release in April 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What’s New
Asset Management and Tagging API: Enable connector for CloudView
/qps/rest/2.0/create/am/awsassetdataconnector/
/qps/rest/2.0/update/am/awsassetdataconnector/
/qps/rest/2.0/get/am/awsassetdataconnector/
/qps/rest/2.0/search/am/awsassetdataconnector/

The Asset Management and Tagging API has been updated to provide a new parameter for enabling an AWS connector for CloudView. While creating a new connector or editing an existing connector, you can enable that AWS connector to make it available in the CloudView App as well.

A new release of Qualys Cloud Suite 8.18 (VM/PC) includes an updated API which is targeted for release in March 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What's new
New InformixDB Auth records /api/2.0/fo/auth/informixdb/
InformixDB authentication is now supported for compliance scans. The new InformixDB Authentication API (api/2.0/fo/auth/informixdb/) lets you list, create, update and delete InformixDB authentication records. User permissions for this API are the same as other authentication record APIs. Note that the API supports authentication record creation only for InformixDB installed on Unix.

 

Scan EC2 Assets for Certificate Information
/api/2.0/fo/schedule/scan/
/api/2.0/fo/scan/
You can now collect certificate information from EC2 assets using EC2 CertView scans. We added a new input parameter (scan_type=ec2certview) to scheduled/scan and /scan APIs.

A new release of Qualys Cloud Suite v2.37 (AM/WAS) includes an updated API which is targeted for release in March 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What's new
Asset Management and Tagging API: Fetch AWS Account ID
/qps/rest/2.0/get/am/assetdataconnector/<id>
/qps/rest/2.0/search/am/assetdataconnector
/qps/rest/2.0/get/am/awsassetdataconnector/<id>
The Asset Management and Tagging API has been updated to fetch the AWS Account ID for Asset Data Connectors. You can fetch the AWS Account ID while getting the connector information and search for connectors using a particular AWS Account ID.

 

Asset Management and Tagging API: Activate EC2 Assets in CertView Module
/qps/rest/2.0/get/am/assetdataconnector/<id>
/qps/rest/2.0/update/am/assetdataconnector
/qps/rest/2.0/get/am/awsassetdataconnector/<id>
/qps/rest/2.0/update/am/awsassetdataconnector
/qps/rest/2.0/create/am/awsassetdataconnector
The Asset Management and Tagging API has been updated to add a new connector for the CertView module for AWS Asset Data Connectors.

 

Web Application Scanning API: Send Email only on completion of Multi-Scan
/qps/rest/3.0/get/was/wasscan/<id>
/qps/rest/3.0/launch/was/wasscan
/qps/rest/3.0/get/was/wasscanschedule/<id>
/qps/rest/3.0/create/was/wasscanschedule/
/qps/rest/3.0/update/was/wasscanschedule/<id>
We have now added a new parameter for a multi-scan to configure when the email should be sent: completion of multi-scan or completion of individual scan in a multi-scan.

A new release of Qualys Cloud Suite v8.18 (VM/PC) includes an updated API which is targeted for release in March 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What's new
New InformixDB Auth records /api/2.0/fo/auth/informixdb/
InformixDB authentication is now supported for compliance scans. The new InformixDB Authentication API (api/2.0/fo/auth/informixdb/) lets you list, create, update and delete InformixDB authentication records. User permissions for this API are the same as other authentication record APIs. Note that the API supports authentication record creation only for InformixDB installed on Unix.

A new release of Qualys Cloud Suite - Cloudview App, Version 1 includes an updated API which is targeted for release in March 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What's new
Cloudview APIs URL updated
With CloudView 1.8, the URLs for all the CloudView REST APIs are updated. The API URLs that currently use 1.5 will be replaced with v1 across all the CloudView API URLs.

A new release of Qualys Cloud Suite, Version 8.17, includes an updated API which is targeted for release in February 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What's new

 

Set Scheduled Scan Duration to Less than an Hour /api/2.0/fo/schedule/scan/
Now you can have your scheduled vulnerability scan canceled or paused after running only 15-59 minutes. A value of 0 is now accepted for end_after and pause_after_hours parameters when creating or updating a scheduled scan. When end_after is set to 0 the minimum value for end_after_mins is 15. When pause_after_hours is set to 0 the minimum value for pause_after_mins is 15.

A new release of Qualys Cloud Suite, Version 2.36, includes an updated API which is targeted for release in February 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What's new

Host Asset API: Search using EC2 attributes  /qps/rest/2.0/search/am/hostasset

The Asset Management and Tagging API has been updated to allow searching host assets using EC2 attributes.

A new release of Qualys Cloud Suite, Version 2.35 (AM/WAF/WAS), includes an updated API which is targeted for release in December 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API. Release notes are attached to this post.

 

What's new

New Application Security Categories added in Security Policies
/qps/rest/2.0/get/waf/securitypolicy/<id>
/qps/rest/2.0/search/waf/securitypolicy
/qps/rest/2.0/create/waf/securitypolicy
/qps/rest/2.0/update/waf/securitypolicy
We have added support for four new application security categories. Add the new categories as elements under the applicationSecurity parameter and set confidence values for them.

 

New Conditions Added to Custom Rule
/qps/rest/2.0/get/waf/customrule/<id>
/qps/rest/2.0/search/waf/customrule
/qps/rest/2.0/create/waf/customrule
/qps/rest/2.0/update/waf/customrule
Custom Rule API now supports new conditions and operators for custom rules.

 

Added Support for Response Headers to Custom Rule
/qps/rest/2.0/get/waf/customrule/<id>
/qps/rest/2.0/search/waf/customrule
/qps/rest/2.0/create/waf/customrule
/qps/rest/2.0/update/waf/customrule
We have added three new actions: insertHeader, rewriteHeader and stripHeader to the Custom Rule API. You can configure these actions to insert, modify or remove HTTP headers in responses when the conditions for the actions are met.

 

Schedule Reactivation for Ignored Finding /qps/rest/3.0/ignore/was/finding
You can now schedule a date or the number of days to reactivate an ignored finding. With two new parameters: reactivateDate and reactivateIn, you can let us know when an ignored finding should be reactivated again.

 

Dynamic tagging for AWS, AZURE, GCP 
The Asset Management and Tagging API has been updated to allow dynamic tagging for AWS (EC2), AZURE, and GCP assets. You can now group your cloud assets according to the cloud provider they belong to. Tags are applied to assets found by cloud agents (AWS, AZURE, GCP) and EC2 connectors (AWS).

A new release of Qualys Cloud Suite, Version 8.16 (VM/PC), includes an updated API which is targeted for release in December 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API. Release notes are attached to this post.

 

What's New

New CVSS v3.0 Metrics Added to KnowledgeBase API /api/2.0/fo/knowledge_base/vuln/
We updated the CVSS v2 and CVSS v3 sections of the KnowledgeBase API output. For both CVSS v2 and CVSS v3 we added the vector string. For CVSS v3 we renamed, added and removed metrics to match the CVSS v3 standard.

 

Support for Scanning ESXi Hosts on vCenter /api/2.0/fo/auth/vmware/
You can now specify login_type=vcenter in the API request when creating and updating VMware authentication records.

 

SCAP Last Scanned Date for Asset Search /api/2.0/fo/asset/host/?action=list
We have now introduced two new parameters to filter SCAP last scanned date when you download a list of hosts, based on the scan data available in the user’s account.

 

Host List Detection API - New Filters for Last Detection Tested Date /api/2.0/fo/asset/host/vm/detection
The Host List Detection API includes 4 new filters based on when detections were last tested on a host (as part of a full scan or partial scan). You can filter the list to show detections tested since or before a particular date or number of days. The XML output already includes the LAST TEST DATETIME.

 

OS Authentication Instance-based Technology Discovery /api/2.0/fo/scan/compliance
We can now collect technology data using the underlying OS technology without creating authentication records.

 

New Instance column in STIG Report CSV
A host can have multiple instances and you can now include the host instance in the STIG report. Simply choose “Instance” in the STIG report template from the UI to show this information in the CSV report output.

 

New Search Filter Added to Scanner Appliance API /api/2.0/fo/appliance/
You can now search scanner appliances by platform where scanners are deployed. You'll see the platform provider in the XML output when you also specify “include_cloud_info=1” and “output_mode=full” in the request.

 

New API: List Superseding Patches for an Asset /api/2.0/fo/asset/patch/
We have now introduced a new API: Patch Supersede API that lets you view the list of all superseding patches that will fix detections on a specific host.

 

New API: Scanner Details /api/2.0/fo/scan/scanner
The new Scanner Details API helps you identify the scanner used to scan a particular IP address at a given time. This is supported for vulnerability scans only. This new API is especially useful when you’re scanning a large number of IPs using a pool of scanners and you’re not sure which scanner was used to scan a particular host.

 

Agent UDC Support (coming soon!)
/api/2.0/fo/compliance/control/?action=list
/api/2.0/fo/compliance/policy/?action=export
New Agent UDC Support will be announced soon via the Qualys Technology blog once remaining components are released.

A new release of Qualys Cloud Suite, Version 2.35 (Asset Tagging), includes an updated API which is targeted for release in November 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API. Release notes are attached to this post.

 

What's new
Dynamic tagging for AWS, AZURE, GCP 
The Asset Management and Tagging API has been updated to allow dynamic tagging for AWS (EC2), AZURE, and GCP assets. You can now group your cloud assets according to the cloud provider they belong to. Tags are applied to assets found by cloud agents (AWS, AZURE, GCP) and EC2 connectors (AWS).

A new release of Qualys Cloud Suite, Version 8.16 (PC/VM), includes an updated API which is targeted for release in November 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Statuspage. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API. Release notes are attached to this post.

 

What's new
New CVSS v3.0 Metrics Added to KnowledgeBase API /api/2.0/fo/knowledge_base/vuln/
We updated the CVSS v2 and CVSS v3 sections of the KnowledgeBase API output. For both CVSS v2 and CVSS v3 we added the vector string. For CVSS v3 we renamed, added and removed metrics to match the CVSS v3 standard.

 

Support for Scanning ESXi Hosts on vCenter /api/2.0/fo/auth/vmware/
You can now specify login_type=vcenter in the API request when creating and updating VMware authentication records.

 

SCAP Last Scanned Date for Asset Search /api/2.0/fo/asset/host/?action=list
We have now introduced two new parameters to filter SCAP last scanned date when you download a list of hosts, based on the scan data available in the user’s account.

 

Host List Detection API - New Filters for Detection Tested Date /api/2.0/fo/asset/host/vm/detection
The Host List Detection API has been updated to include new filters based on when detections were last tested on a host. The XML output already includes the LAST TEST DATETIME. Now you can filter the list to only show detections tested since a particular date, before a particular date, or filter by the number of days since the detection was last tested.

 

OS Authentication instance-based technology discovery /api/2.0/fo/scan/compliance
We can now collect technology data using the underlying OS technology without creating authentication records.

 

New Instance column in STIG Report CSV
A host can have multiple instances and you can now include the host instance in the STIG report. Simply choose “Instance” in the STIG report template from the UI to show this information in the CSV report output.

A new release of Qualys Cloud Suite, Version 2.34.1, includes an updated API which is targeted for release in October 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Statuspage. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.  Release notes are attached to this post.

 

What’s New

Search Finding API: Condensed Details for Ignored Finding /qps/rest/3.0/search/was/finding

We have now condensed the response of Search action for Finding API. The Search finding API response was very large when there are large number of ignored finding. To minimize the size of the response size we have condensed the response by removing ignored details from search finding API response. The response will include only ignored status. However, you can always view the data using the Get action for Finding API.

A new release of Qualys Cloud Suite, Version 8.15.2, includes an updated API which is targeted for release in October 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What's new

Apache Authentication - Multiple Improvements - Instance Discovery, Auto Record Creation and More
Instance discovery and auto record creation is now supported using Apache authentication records (UI and API). As before a single Apache record may be used when the same record configuration (Apache configuration file, Apache control command) is replicated across hosts in the record.

 

List Apache Authentication Records API - new filter options, DTD updated /api/2.0/fo/auth/apache/?action=list
New input parameters allow you to filter the Apache authentication record list by status (active or inactive) and creation type (user created or system created). Elements for these properties were added to the Apache auth record list output DTD.

 

Create/Update Apache Authentication Record API - set record to Active or Inactive
/api/2.0/fo/auth/apache/?action=create
/api/2.0/fo/auth/apache/?action=update
We added a new input parameter to support creation of Apache auth records with a certain status (active or inactive). This parameter can also be set when updating user-created Apache records. Note that system-created records cannot be updated.

 

Scan Option Profile Import/Export API - enable Apache instance discovery and auto record creation /api/2.0/fo/subscription/option_profile/
We’ve added new tags and definitions to the DTD and XSD used by the Scan Option Profile Import/Export API to support new capabilities. There were no changes to input parameters.

 

Compliance Scan Results - updated XML/DTD /api/2.0/fo/scan/compliance/?action=fetch
You’ll now see instances discovered under <AUTH_DISCOVERY_INSTANCE_LIST> in the XML output when instance discovery and system record creation is enabled in the option profile used for the scan.

A new release of Qualys Cloud Suite, Version 2.34, includes an updated API which is targeted for release in September 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.  Release notes are attached to this post.

 

What’s New
Fetch Docker information through Asset Management API
/qps/rest/2.0/get/am/hostasset
/qps/rest/2.0/search/am/hostasset
The Asset Management API now returns docker (container) information for host assets
matching the provided criteria.

 

Continuous Monitoring (CM) Licensing
/qps/rest/1.0/search/cm/alert/
/qps/rest/1.0/get/cm/alert/<id>
/qps/rest/1.0/download/cm/alert/?format=<format>
/qps/rest/1.0/search/cm/profile/
/qps/rest/1.0/get/cm/profile/<id>
With this release asset licensing is implemented in the Continuous Monitoring (CM) app,
for internal and external assets. This applies to non trial CM customers only. After login to
the CM UI, the customer can add asset tags to be used for licensing under the
Configuration tab called Licensing Details. This allows the customer to select the asset
tags to enforce the licensing.

 

New XSS Power Mode Option Profile in WAS
/qps/rest/3.0/get/was/optionprofile/<id>
/qps/rest/3.0/create/was/optionprofile
/qps/rest/3.0/update/was/optionprofile/<id>
You can now execute specialized scan that performs comprehensive tests for cross-site
scripting vulnerabilities using the new option profile with XSS Power Mode detection scope
that we have introduced. The detection scope performs tests using the standard XSS
payloads, which detect the most common instances of XSS, but also with additional
payloads that can identify XSS in certain, less-common situations. Running a scan with
option profile that has XSS Power Mode detection scope will provide the best assurance
that your web application is free from XSS vulnerabilities.

 

New Security Filters in WAF for Cipher Selection in Web Applications
/qps/rest/2.0/get/waf/webapp/<id>
/qps/rest/2.0/search/waf/webapp/
/qps/rest/2.0/create/waf/webapp
/qps/rest/2.0/update/waf/webapp/<id>
We have made cipher selection for your web applications simple with new security filters.
You can choose one or more one security filters based on your security requirements.
Available security filters are Strong, Good, Weak and Unsafe.

 

Separate VULNSIGS information in Asset Management API for split manifest
/qps/rest/2.0/get/am/hostasset
/qps/rest/2.0/search/am/hostasset
The Asset Management API now returns separate VULNSIGS information for host asset
when using a split manifest for VM, PC, or SCA.

 

WAF APIs for version 1.0 deprecated
WAF APIs for version 1.0 are now deprecated and no longer available. You can use
equivalent version 2.0 APIs to perform WAF operations.

A new release of Qualys Cloud Suite, Version 8.15, includes an updated API which is targeted for release in September 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What’s New
Posture Profile API - DTD Change for show_remediation_info /api/2.0/fo/compliance/posture/info/
In the Posture Profile Information DTD the V value in element <!ELEMENT TP (LABEL, V+)> replaced with <!ELEMENT TP (LABEL, V*)> to ensure that the validation does not fail. This is an optional value.

 

Posture Profile API - New Parameter to Show Cause of Failure /api/2.0/fo/compliance/posture/info/
We added a new parameter to the Posture Profile API to show the cause of failure for CIDs.

 

New EC2 Information in the Host Based Report /api/2.0/fo/report
You will now see three new fields: Account ID, Region Code and Subnet ID in host based reports when you create your report using the Scan or PCI Scan template with the EC2 Related Information option checked.

 

New MariaDB Authentication API /api/2.0/fo/auth/ /api/2.0/fo/auth/mariadb/
MariaDB authentication is now supported for compliance scans. The new MariaDB Authentication API (<baseurl>/api/2.0/fo/auth/mariadb/) lets you list, create, update and delete MariaDB authentication records. User permissions for this API are the same as other authentication record APIs.

 

New JBOSS Server Authentication Record /api/2.0/fo/auth/jboss
We have now added a new API to support JBoss Server Authentication. Using the JBoss Server API (.../api/2.0/fo/auth/jboss) you can perform these actions: create, update, list, delete

 

MySQL DB Authentication API - Support for Vaults /api/2.0/fo/auth/mysql/
Now API users can configure MySQL authentication records to use vaults to access credentials used for authentication. Vaults are already supported for MySQL authentication in the UI.

 

List Tomcat Records - DTD Change /api/2.0/fo/auth/tomcat/?action=list
The Auth Tomcat List Output DTD is used when you list Tomcat authentication records in your account. In this DTD, we changed the element SERVICE_NAME to SERVICE_NAME_WINDOWS.

 

Scanner Appliance: IPv6 Support for VLANs and Static Routes /api/2.0/fo/appliance/*/
We now support IPv6 addresses when defining VLANs and static routes for virtual and physical scanner appliances. Appliances can have a mix of IPv4 configurations and IPv6 configurations.

 

NOTE: We are making our formerly Limited Customer Release Subscription API Generally Available (GA) for all customers. Do note this is only of use if you have and manage multiple subscriptions on the Qualys Cloud Platform. For the majority of customers, this is of no use.


Option Profile API - Export System Profiles /api/2.0/fo/subscription/option_profile/

More Option Profile functions for VM, PCI, PC /api/2.0/fo/subscription/option_profile/*/
You can now create, update, list and delete option profiles for VM, PCI, and PC.

(UPDATE: prior release notes only included partial information on this new API)

Filter Blog

By date: By tag: