Skip navigation
1 2 3 4 5 Previous Next

API Notifications

143 posts

A new release of Qualys Cloud Suite, Version 8.15, this version # applies to Qualys Vulnerability Management (VM) and Policy Compliance (PC), includes an updated API which is targeted for release in August 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API. Please refer to the detailed release notes attached to this notification for more information.


What's new

Posture Profile API - DTD Change for show_remediation_info /api/2.0/fo/compliance/posture/info/

In the Posture Profile Information DTD the V value in element <!ELEMENT TP (LABEL, V+)> replaced with <!ELEMENT TP (LABEL, V*)> to ensure that the validation does not fail. This is an optional value.


Posture Profile API - New Parameter to Show Cause of Failure  
/api/2.0/fo/compliance/posture/info/
We added a new parameter to the Posture Profile API to show the cause of failure for CIDs.

 

New EC2 Information in the Host Based Report  /api/2.0/fo/report
You will now see three new fields: Account ID, Region Code and Subnet ID in host based reports when you create your report using the Scan or PCI Scan template with the EC2 Related Information option checked.

A new release of Qualys Cloud Suite, Version 2.34, this version # applies to Asset Management and Tagging API's (PORTAL), includes an updated API which is targeted for release in August 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API. Please refer to the detailed release notes attached to this notification for more information.

 

What's new
Fetch Docker information through Asset Management API
/qps/rest/2.0/get/am/hostasset
/qps/rest/2.0/search/am/hostasset

The Asset Management API now returns docker (container) information for host assets matching the provided criteria.

 

Continuous Monitoring (CM) Licensing
/qps/rest/1.0/search/cm/alert/
/qps/rest/1.0/get/cm/alert/<id>
/qps/rest/1.0/download/cm/alert/?format=<format>
/qps/rest/1.0/search/cm/profile/
/qps/rest/1.0/get/cm/profile/<id>

A new release of Qualys Cloud Suite, Version 8.14.1, this version # applies to Qualys Policy Compliance (PC), includes an updated API which is targeted for release in July 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API. Please refer to the detailed release notes attached to this notification for more information.

 

What's new

Qualys Host ID Added to Posture Info and Policy Report /api/2.0/fo/compliance/posture/info/

When a Qualys Host ID (QG_HOSTID) is assigned to a host, you’ll now see the ID in the Posture Info API output and in Compliance Policy Reports. You can fetch reports from the API or download them from the UI.

 

A new release of Qualys Cloud Suite, Version 2.33, includes an updated API which is targeted for release in May 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What’s New
Easily identify ignored WAS findings /qps/rest/3.0/search/was/finding
We have introduced a new element <isIgnored> to easily identify whether a WAS finding (detection) in the user’s scope is ignored or not.

 

HostAsset and Asset APIs show new Cloud Provider metadata for AWS, Azure and GCP

With this release Qualys Cloud Platform shows additional Cloud Provider metadata to users for Amazon AWS, Azure, and Google Cloud Platform. This asset metadata is collected from Vulnerability Scans (using VM), Compliance Scans (using PC or SCA), Cloud Agents and Data Connectors.

 

Schedule auto-update for appliances registered to a cluster
/qps/rest/2.0/create/waf/cluster
/qps/rest/2.0/update/waf/cluster
You can now use the cluster API to specify when the appliances registered with a cluster
get auto-updated. Specify days of the week and the start time. By default, auto-update is
enabled for all days of the week.

 

Validate XML/JSON payload
/qps/rest/2.0/create/waf/httpprofile
/qps/rest/2.0/update/waf/httpprofile
You can now use the HTTP Profiles API to enable XML/JSON parsing to validate that
transmitted payload is XML/JSON compliant. Parsing is not enabled by default.

 

Uninstall Cloud Agent using UUID
/qps/rest/2.0/uninstall/am/asset
/qps/rest/2.0/uninstall/am/hostasset
Cloud Agent uninstall API now allows you to specify the agent UUID to identify an agent
during uninstallation. Agent UUID can be specified in the request XML.

A new release of Qualys Cloud Suite, Version 8.14, this version # applies to Qualys Vulnerability Management (VM) and Policy Compliance (PC), includes an updated API which is targeted for release in June 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API. Please refer to the detailed release notes attached to this notification for more information.

 

What's new
Vault Support API - Cyber-Ark changed to CyberArk
/api/2.0/fo/vault
/api/2.0/fo/auth
We have changed Cyber-Ark to CyberArk for improved integration of CyberArk vaults. The change affects vault-type input parameter during vault creation (CyberArk AIM and CyberArk PIM Suite). The response also reflects the change.

 

Support for Client Id and Name in Multiple APIs
APIs affected:
/api/2.0/fo/scan/?action=list
/api/2.0/fo/scan/?action=launch
/api/2.0/fo/scan/compliance/?action=list
/api/2.0/fo/scan/compliance/?action=launch
/api/2.0/fo/schedule/scan/?action=list
/api/2.0/fo/schedule/scan/?action=create
/api/2.0/fo/schedule/scan/?action=update
/api/2.0/fo/report/?action=list
We now support for client element (id and name) for Consultant type subscriptions in Scan API, Scheduled Scan API, Compliance Scan API, and Report API.

 

New Scan Summary API for Hosts Not Scanned /api/2.0/fo/scan/summary
This new Summary API lets you identify hosts that were not scanned and why.

 

New Support for Wallix AdminBastion (WAB) Vaults

/api/2.0/fo/vault/ /api/2.0/fo/auth/windows/ /api/2.0/fo/auth/unix/
This new vault type can be used to retrieve authentication credentials from a Wallix AdminBastion (WAB) vault. We updated the authentication vault API (create, update, list, view) and the authentication record API (create, update, list) to support the new vault type. We updated the DTDs for listing Windows and Unix records.

 

Fix to Vault View API Output /api/2.0/fo/vault/
We fixed the XML output of the authentication vault view API to fix a DTD validation error. When echo_request=1 is specified as part of the API call, the REQUEST section now correctly appears before the RESPONSE section in the output.

 

Support for EC2 Scanning using only Instance ID /api/2.0/fo/scan/ /api/2.0/fo/scan/compliance/
We now support launch of on demand internal ec2 scans using only ec2 instance ids. You can use tags if needed. Using tags is now optional.

 

Update to CertView Scan Results to include FQDN /api/2.0/fo/scan/?action=fetch
We added FQDN to the header section of CertView scan results where we’ll now list the FQDNs in the scan target, if any. Previously we listed the target FQDNs with the target IPs. You can download scan results from the UI or fetch results from the API. These changes apply to CertView Scans only.

 

Patch Report is now available in XML format /api/2.0/fo/report
You can now launch and download patch reports in XML format using the API and UI.

 

Option Profile - Import/Export Map Authentication /api/2.0/fo/subscription/option_profile/
We have added 2 new values for the tag <MAP_AUTHENTICATION> to support future capabilities: vCenter, none. Also, the value VMware, available in previous release, is now renamed to VMware-ESXi.

A new release of Qualys Cloud Suite, Version 2.33, includes an updated API which is targeted for release in May 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What’s New

Easily identify ignored WAS findings /qps/rest/3.0/search/was/finding
We have introduced a new element <isIgnored> to easily identify whether a WAS finding (detection) in the user’s scope is ignored or not.

 

HostAsset and Asset APIs show new Cloud Provider metadata for AWS, Azure and GCP

With this release Qualys Cloud Platform shows additional Cloud Provider metadata to users for Amazon AWS, Azure, and Google Cloud Platform. This asset metadata is collected from Vulnerability Scans (using VM), Compliance Scans (using PC or SCA), Cloud Agents and Data Connectors.

A new release of Qualys Cloud Suite, Version 2.32.2, includes an updated API which is targeted for release in May 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What’s New

AWS EC2 Connector - Support for Cross-Account Role Authentication
Qualys now supports the creation of EC2 connectors using a cross-account access role. This allows you to grant Qualys access to your AWS EC2 instances without sharing your AWS security credentials. Qualys will access your AWS EC2 instances by assuming the IAM role that you create in your AWS account. With this support, we are discontinuing the creation of EC2 connectors using IAM access keys. We’ll help you migrate your existing EC2 connectors to now use cross-account access roles. Note that this migration to your existing EC2 connector to cross account role is unidirectional and cannot be reverted.

A new release of Qualys Cloud Suite, Version 8.14, this version # applies to Qualys Vulnerability Management (VM) and Policy Compliance (PC), includes an updated API which is targeted for release in June 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API. Please refer to the detailed release notes attached to this notification for more information.


What's new
Vault Support API - Cyber-Ark changed to CyberArk
/api/2.0/fo/vault
/api/2.0/fo/auth
We have changed Cyber-Ark to CyberArk for improved integration of CyberArk vaults. The change affects vault-type input parameter during vault creation (CyberArk AIM and CyberArk PIM Suite). The response also reflects the change.

 

Support for Client Id and Name in Multiple APIs
APIs affected:
/api/2.0/fo/scan/?action=list
/api/2.0/fo/scan/?action=launch
/api/2.0/fo/scan/compliance/?action=list
/api/2.0/fo/scan/compliance/?action=launch
/api/2.0/fo/schedule/scan/?action=list
/api/2.0/fo/schedule/scan/?action=create
/api/2.0/fo/schedule/scan/?action=update
/api/2.0/fo/report/?action=list
We now support for client element (id and name) for Consultant type subscriptions in Scan API, Scheduled Scan API, Compliance Scan API, and Report API.

A new release of Qualys Cloud Suite, Version 8.13.1, this version # applies to Qualys Vulnerability Management (VM) and Policy Compliance (PC), includes an updated API which is targeted for release in May 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API. Please refer to the detailed release notes attached to this notification for more information.


What's new
Support for Cloud Perimeter Scan (coming soon)
We’ve made updates to support Cloud Perimeter Scans in a future release (keep in mind Cloud Perimeter Scans are not supported at this time).

A new release of Qualys Cloud Suite, Version 8.13, this version # applies to Qualys Vulnerability Management (VM) and Policy Compliance (PC), includes an updated API which is targeted for release in April 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API. Please refer to the detailed release notes attached to this notification for more information.


What's new
Option Profile API - New Test Authentication Option /api/2.0/fo/subscription/option_profile/

We added a new element to the option profile API. When you export/import an option profile we’ll show you whether the Test Authentication option is enabled or disabled.

 

Option Profile API - DTD Change for DO_NOT_OVERWRITE_OS /api/2.0/fo/subscription/option_profile/
In the Option Profile Information DTD the element DO_NOT_OVERWRITE_OS appeared twice - under SCAN and under CONTROL_TYPES. We removed it from CONTROL_TYPES.

 

Scanner Appliance API - New Option to Filter Asset Tags /api/2.0/fo/appliance/
You can now choose whether to include asset tag information in the scanner appliance list output. Use the new show_tags input parameter in your API request to include or exclude tag information for each scanner appliance.

 

New Replace Scanner Appliance API /api/2.0/fo/appliance/replace_iscanner
Now you can replace a scanner appliance with a new one using the API. Just tell us the name of the appliance you want to replace and the one you want to use. By default we’ll transfer configurations from the old appliance to the new appliance for you but you can choose not to transfer settings.

 

Asset Group API - New Option for User Name /api/2.0/fo/asset/group/
You can now choose whether to display owner name in the asset group list output. Use the show_attributes input parameter with new attribute OWNER_USER_NAME in your API request to include or exclude owner user name for asset group.

A new release of Qualys Cloud Suite, Version 8.13, this version # applies to Qualys Vulnerability Management (VM) and Policy Compliance (PC), includes an updated API which is targeted for release in April 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API. Please refer to the detailed release notes attached to this notification for more information.

 

What's new
Option Profile API - New Test Authentication Option /api/2.0/fo/subscription/option_profile/

We added a new element to the option profile API. When you export/import an option profile we’ll show you whether the Test Authentication option is enabled or disabled.

A new release of Qualys Cloud Suite, Version 2.32, includes an updated API which is targeted for release in March 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What’s New

SAQ - New SAQ API introduced

We've introduced the first of new API's for SAQ. Full User Guide will be available in the documentation links shortly.

 

WAS - Burp API: Support for Latest Burp version /qps/rest/3.0/import/was/burp

We now support import of the latest version of Burp 1.7.24 for Burp API. You can now successfully import Burp files that belong to version 1.7.24.

 

WAS - Option Profile API: Enhancements to Detections /qps/rest/3.0/create/was/optionprofile

We have now introduced a new detection categories and enhanced the scope of detection in Option Profile API.You can now create option profile and associate pre-defined detection categories with Option Profile. 

 

CA - NOT EQUALS operator disabled during uninstall 

/qps/rest/2.0/uninstall/am/hostasset
/qps/rest/2.0/uninstall/am/asset

Use of NOT EQUALS operator is now disabled during agent uninstall. This is to avoid unintended consequences of Tags or Assets being deleted or updated. Service response now displays an error message if you use the NOT EQUALS operator while uninstalling an agent.

 

WAF - New criteria for searching assets many API's affected - see release notes

 

WAF - Add timeout for a Web Server many API's affected - see release notes

 

WAF - Deployment status and date in cluster API many API's affected - see release notes

 

WAF - Display custom page for custom rule many API's affected - see release notes

 

WAF - Add trusted IPs for a Cluster many API's affected - see release notes

 

AWS Asset Data Connector API - Support for EU (Paris) Region

Now you can easily scan EC2 instances included in the AWS EU (Paris) region for vulnerabilities and policy compliance using the Qualys Cloud Platform using the AWS region code “eu-west-3”. You can create/update EC2 connectors to pull instance info from the China region, activate discovered instances for the VM, PC or SCA module, and scan them using our EC2 scan workflow.

A new release of Qualys Cloud Suite, Version 2.32, includes an updated API which is targeted for release in March 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What's new
New CSV_V2 format for WAS Reports /qps/rest/3.0/create/was/report

We have now introduced a new CSV V2 report format for Web application report and Scan report. The CSV_V2 report format provides you information about 12 new fields in addition to all the fields that exist in CSV format.

A new release of Qualys Cloud Suite, Version 8.12, this version # applies to Qualys Vulnerability Management (VM) and Policy Compliance (PC), includes an updated API which is targeted for release in February 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.  Please refer to the detailed release notes attached to this notification for more information.

 

What's new

Enhanced Asset Group API v2 /api/2.0/fo/asset/group/

The Asset Group API v2 (/api/2.0/fo/asset/group/) contains the following new updates:

- Download the API results in a CSV format

- Fetch comments for an asset group

 

Asset Group List Output - DTD Change 
The Asset Group List Output DTD is used when you list the asset groups in your account. We’ve made several changes to this DTD.

 

Compliance Authentication Report - DTD Change /api/2.0/fo/report with action=fetch
The Compliance Authentication Report DTD is used when you download a saved authentication report from your account. We’ve made updates to this DTD to add missing elements that resulted in validation errors.


Dynamic Search List API - Support for CPE Type /api/2.0/fo/qid/search_list/dynamic/
The Dynamic Search List API lets you create/update dynamic search lists and get information about them. We’ve added API support for CPE “part” values (Operating System, Application, Hardware) in dynamic search lists, allowing you to target specific vulnerabilities for sending to the appropriate remediation teams.

 

New VM Scan Statistics API /api/2.0/fo/scan/stats/
The new VM Scan Statistics API allows customers to get details about vulnerability scans and assets that are waiting to be processed. You’ll see these sections in the XML output:
UNPROCESSED SCANS - The total number of scans that are not processed, including scans that are queued, running, loading, finished, etc.
VM RECRYPT BACKLOGS - The total number of assets across your finished scans that are waiting to be processed.
VM RECRYPT BACKLOGS BY SCAN - Scan details for vulnerability scans that are waiting to be processed. For each scan, you’ll see the scan ID, scan title, scan status, processing priority and number of hosts that the scan finished but not processed.
VM RECRYPT BACKLOGS BY TASK - Processing task details for vulnerability scans that are waiting to be processed. For each task, you’ll see the same scan details as VM RECRYPT BACKLOGS BY SCAN plus additional information like the total hosts alive for the scan, the number of hosts from the scan that have been processed, the number of hosts waiting to be processed, the scan start date, the task type and task status.

 

Host List Detection API - New ARF Filters for Kernel, Service and Configuration /api/2.0/fo/asset/host/vm/detection/
You can now filter your host detection list based on Acceptable Risk Factors (ARF) related to kernel, service and host configuration. The risk factor or exploitability of a detected vulnerability is based on an ARF rule, which is pre-defined by Qualys. NOTE: active_kernels_only is now deprecated and will be removed in a future release. Please use arf_kernel_filter instead.

 

Scan Schedule API - Enhanced EC2 Details /api/2.0/fo/schedule/scan/

The Scan Schedule API v2 supports defining schedules for vulnerability scans. We now provide you more details about your EC2 connector. Using the list action, you can now view details such as the provider (Amazon Web Services-AWS), connector name, the unique UUID assigned to it, the region, type of scan, and so on.

 

New element in Authentication Records List DTD /api/2.0/fo/auth/
We’ve made DTD changes to add new elements to the authentication record list output. This is pre-release functionality scheduled for a future release related to VMware vCenter authentication support.

 

Vault Support for VMware Authentication /api/2.0/fo/auth/vmware/
Now users can configure VMware authentication records to use vaults to access credentials used for authentication.

 

Support for CertView scans (coming soon!)

We’ve made updates to the Scan API to support CertView scans when CertView GA is released (keep in mind CertView scans are not supported at this time).

Scan List API /api/2.0/fo/scan/?action=list
Launch Scan API /api/2.0/fo/schedule/scan/?action=launch
Schedule Scan API /api/2.0/fo/schedule/scan/?action=create
Add Asset API /api/2.0/fo/asset/ip/?action=add

A new release of Qualys Cloud Suite, Version 8.12, this version # applies to Qualys Vulnerability Management (VM) and Policy Compliance (PC), includes an updated API which is targeted for release in January 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.  Please refer to the detailed release notes attached to this notification for more information.

 

What's new
Dynamic Search List API - Support for CPE Type /api/2.0/fo/qid/search_list/dynamic/
The Dynamic Search List API lets you create/update dynamic search lists and get information about them. We’ve added API support for CPE “part” values (Operating System, Application, Hardware) in dynamic search lists, allowing you to target specific vulnerabilities for sending to the appropriate remediation teams.

 

Asset Group List Output - DTD Change
The Asset Group List Output DTD is used when you list the asset groups in your account. We’ve made several changes to this DTD.

 

Compliance Authentication Report - DTD Change /api/2.0/fo/report with action=fetch
The Compliance Authentication Report DTD is used when you download a saved authentication report from your account. We’ve made updates to this DTD to add missing elements that resulted in validation errors.

 

Support for CertView scans (coming soon!)

We’ve made updates to the Scan API to support CertView scans when CertView GA is released (keep in mind CertView scans are not supported at this time).

Scan List API /api/2.0/fo/scan/?action=list
Launch Scan API /api/2.0/fo/schedule/scan/?action=launch
Schedule Scan API /api/2.0/fo/schedule/scan/?action=create
Add Asset API /api/2.0/fo/asset/ip/?action=add

Filter Blog

By date: By tag: