Skip navigation
1 2 3 4 5 6 Previous Next

API Notifications

139 posts

A new release of Qualys Cloud Suite, Version 8.11 (this version # applies to Qualys Vulnerability Management (VM) and Policy Compliance (PC)), includes an updated API which is targeted for release in October 2017. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.  The release notes are attached at the end of this notice.

 

What's new

Tomcat Server Auth - Extended Support to Windows /api/2.0/fo/auth/tomcat/

We now support vulnerability and compliance scans for tomcat servers running on Windows hosts. Simply create a Tomcat Server record with details about your Apache Tomcat installation and instance. Your Tomcat Server records may include details for both Windows and Unix installations (previously supported). 


New MongoDB Authentication API /api/2.0/fo/auth/mongodb/

With this release MongoDB authentication is supported for vulnerability scans and compliance scans using Qualys apps VM, PC, SCA. The MongoDB Record API (<baseurl>/api/2.0/fo/auth/mongodb/) allows you manage MongoDB records for performing authenticated scans of MongoDB instances running on Unix.


New Palo Alto Firewall Authentication API /api/2.0/fo/auth/palo_alto_firewall

We now have added a new API to support Palo Alto Firewall. Using the Palo Alto Firewall API (.../api/2.0/fo/auth/palo_alto_firewall) you can perform these actions: create, update, list, delete.


Scheduled Scan API Improvements /api/2.0/fo/schedule/scan/

You now have the ability to update scheduled scans using the Scan Schedule V2 API (/api/2.0/fo/schedule/scan/). We also added new input parameters for more granular time selections for defining when to end, pause and resume a scan.


Scanner API - New parameter for Scanner Type  /api/2.0/fo/appliance/

We now added a new parameter to Scanner appliance API (... /api/2.0/fo/appliance/) for you to identify the type of scanner appliance. However, the type of scanner appliance is reflected in the output only if the output mode is set to full.


VM - Get additional information for detection type INFO /api/2.0/fo/asset/host/vm/detection/

The Host List Detection (.../api/2.0/fo/asset/host/vm/detection/) API now provides following additional information for the detection type “Info”:

- severity level

- date and time when first detected

- date and time when last detected

- number of times detected 


PC - View Asset Groups and Tag Information in XML Report Updated DTD Only for /api/2.0/fo/compliance

The Compliance Policy Report DTD is now updated so that the policy report (xml) provides information about Asset Groups, IPs, Host Instances and Tags.


PC - New UDC for Windows and Unix

We have now updated Control (.../api/2.0/fo/compliance/control) and Compliance Policy Report (.../api/2.0/fo/report/) APIs to support integrity content check of Unix and Windows directory and files.


New way to track API usage Update to Header only

 API usage can be tracked using the X-Powered-By HTTP header which includes a unique ID generated for each subscription. Once enabled, the X-Powered-By HTTP header is returned for each API request made by a user. This will enable you to track API requests across users without providing the user credentials.

A new release of Qualys Cloud Suite, Version 2.30 includes an updated API which is targeted for release in September 2017. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API and make changes to any scripts that utilize this specific API.

 

What's New

Change to the API is the addition of a new TagRuleType value, "CLOUD_ASSET". This corresponds to the new EC2 dynamic tag rule type as added in the UI for this feature.  More details will be in the release notes when they get released.

 

We are also removing the operator value NOT_EQUALS from the delete API's to curtail inadvertent deletions of large values outside of the scope. 

 

Admin - User API
We have introduced a new API (https://<baseurl>/qps/rest/1.0/{action}/admin/user) that will give the list of users along with their tags to the authorized user. Currently, we support three actions for the users: search, count, and get details of a user.

 

In Addition please see previously released API notifications:

Qualys Cloud Suite 2.30 API Notification 1 

Qualys Cloud Suite 2.30 (WAF v2.5) API Notification 1 

A new release of Qualys Cloud Suite, Version 8.10.2 (this version # applies to Qualys Vulnerability Management (VM) and Policy Compliance (PC)), includes an updated API which is targeted for release in August 2017. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API. The release notes are attached at the end of this notice.

 

Whats new
Introducing New User Administrator Role
Manager users can now create a new user role: User administrator. Users with this role will only have access to users, assets groups, business units and distribution groups.

 

VM - Host List Detection API - Processed Timestamp
The Host List Detection API v2 (../api/2.0/fo/asset/host/vm/detection/) now supports processed timestamp for each detection. You can now filter detections that were processed before/after a specific date using dectection_processed_before and dectection_processed_after parameters.

 

VM - Scan Results DTD - Optional elements added

We’ve added 2 optional elements to Scan Results DTD (scan-1.dtd) for internal use. Users will not see these elements in scan results XML output, unless the QRDI VulnerabilitiesBeta feature is enabled for the subscription.

 

A new release of Qualys Cloud Suite, Version 2.30 (this is specifically for WAF v2) includes an brand new API, which implements all of the functionality of our new WAF v2 product released last February, which is targeted for release in September 2017. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API and begin planning appropriately. This will get a brand new API Guide to support when we go live.


Cluster API

GET/qps/rest/2.0/get/waf/cluster/:id Get a cluster
GET/qps/rest/2.0/count/waf/cluster Count clusters in scope
POST/qps/rest/2.0/search/waf/cluster Search clusters in scope from criterias
POST/qps/rest/2.0/create/waf/cluster Create a cluster
POST/qps/rest/2.0/update/waf/cluster/:id Update a cluster
POST/qps/rest/2.0/update/waf/cluster Update clusters (bulk change)
POST/qps/rest/2.0/delete/waf/cluster/:id Delete a cluster
POST/qps/rest/2.0/delete/waf/cluster Delete clusters (bulk change)

 

Appliance API
GET/qps/rest/2.0/get/waf/appliance/:id Get an appliance
GET/qps/rest/1.0/count/waf/appliance Count appliances in scope
POST/qps/rest/1.0/search/waf/appliance Search user's appliances from criterias
POST/qps/rest/1.0/delete/waf/appliance/:id Delete an appliance

 

Certificate API
GET/qps/rest/2.0/get/waf/certificate/:id Get a certificate
GET/qps/rest/2.0/count/waf/certificate Count certificates in scope
POST/qps/rest/2.0/search/waf/certificate Search certificates in scope from criterias
POST/qps/rest/2.0/create/waf/certificate Create a certificate profile
POST/qps/rest/2.0/update/waf/certificate/:id Update a certificate profile
POST/qps/rest/2.0/update/waf/certificate Update certificates (bulk change)
POST/qps/rest/2.0/delete/waf/certificate/:id Delete a certificate profile
POST/qps/rest/2.0/delete/waf/certificate Delete certificates (bulk change)

 

Healthcheck API
GET/qps/rest/2.0/get/waf/healthcheck/:id Get an healthcheck profile
GET/qps/rest/2.0/count/waf/healthcheck Count Healthcheck Profiles in scope
POST/qps/rest/2.0/search/waf/healthcheck Search Healthcheck Profiles in scope from criterias
POST/qps/rest/2.0/create/waf/healthcheck Create an healthcheck Profile
POST/qps/rest/2.0/update/waf/healthcheck/:id Update an Healthcheck Profile
POST/qps/rest/2.0/update/waf/healthcheck Update Healthcheck Profiles (bulk change)
POST/qps/rest/2.0/delete/waf/healthcheck/:id Delete an Healthcheck Profile
POST/qps/rest/2.0/delete/waf/healthcheck Delete Healthcheck Profiles (bulk change)

 

Web Server API
GET/qps/rest/2.0/get/waf/webserver/:id Get a webserver profile
GET/qps/rest/2.0/count/waf/webserver Count Web Servers Profiles in scope
POST/qps/rest/2.0/search/waf/webserver Search Web Server Profiles in scope from criterias
POST/qps/rest/2.0/create/waf/webserver Create a Web Server Profile
POST/qps/rest/2.0/update/waf/webserver/:id Update a WebServer Profile
POST/qps/rest/2.0/update/waf/webserver Update Web Server Profiles (bulk change)
POST/qps/rest/2.0/delete/waf/webserver/:id Delete a Web Server Profile
POST/qps/rest/2.0/delete/waf/webserver Delete Web Server Profiles (bulk change)

 

HTTP Profile API
GET/qps/rest/2.0/get/waf/httpprofile/:id Get an HTTP profile
GET/qps/rest/2.0/count/waf/httpprofile Count HTTP Profiles in scope
POST/qps/rest/2.0/search/waf/httpprofile Search HTTP Profiles in scope from criterias
POST/qps/rest/2.0/create/waf/httpprofile Create a HTTP Profile
POST/qps/rest/2.0/update/waf/httpprofile/:id Update an HTTP Profile
POST/qps/rest/2.0/update/waf/httpprofile Update HTTP Profiles (bulk change)
POST/qps/rest/2.0/delete/waf/httpprofile/:id Delete an HTTP Profile
POST/qps/rest/2.0/delete/waf/httpprofile Delete HTTP Profiles (bulk change)

 

Security Policy API
GET/qps/rest/2.0/get/waf/securitypolicy/:id Get a Security Policy profile
GET/qps/rest/2.0/count/waf/securitypolicy Count Security Policies in scope
POST/qps/rest/2.0/search/waf/securitypolicy Security Policy Profiles in scope from criterias
POST/qps/rest/2.0/create/waf/securitypolicy Create a Custom Security Policy
POST/qps/rest/2.0/update/waf/securitypolicy/:id Update a Custom Security Policy
POST/qps/rest/2.0/update/waf/securitypolicy Update Custom Security Policies (bulk change)
POST/qps/rest/2.0/delete/waf/securitypolicy/:id Delete a Custom Security Policy
POST/qps/rest/2.0/delete/waf/securitypolicy Delete Custom Security Policies (bulk change)

 

Custom Page API
GET/qps/rest/2.0/get/waf/custompage/:id Get a custom page profile
GET/qps/rest/2.0/count/waf/custompage Count Custom Page Profiles in scope
POST/qps/rest/2.0/search/waf/custompage Search Custom Page Profiles in scope from criterias
POST/qps/rest/2.0/create/waf/custompage Create a Custom Page Profile
POST/qps/rest/2.0/update/waf/custompage/:id Update a Custom Page Profile
POST/qps/rest/2.0/update/waf/custompage Update Custom Page Profiles (bulk change)
POST/qps/rest/2.0/delete/waf/custompage/:id Delete a Custom Page Profile
POST/qps/rest/2.0/delete/waf/custompage Delete Custom Page Profiles (bulk change)

 

Custom Rule API
GET/qps/rest/2.0/get/waf/customrule/:id Get a Custom Rule
GET/qps/rest/2.0/count/waf/customrule Count Custom Rules in scope
POST/qps/rest/2.0/search/waf/customrule Custom Rules in scope from criterias
POST/qps/rest/2.0/create/waf/customrule Create a Custom Rule
POST/qps/rest/2.0/update/waf/customrule/:id Update a Custom Rule
POST/qps/rest/2.0/update/waf/customrule Update Custom Rule (bulk change)
POST/qps/rest/2.0/delete/waf/customrule/:id Delete a Custom Rule
POST/qps/rest/2.0/delete/waf/customrule Delete Custom Rules (bulk change)

 

Web application API

GET/qps/rest/2.0/get/waf/webapp/:id Get a web application
GET/qps/rest/2.0/count/waf/webapp Count web applications in scope
POST/qps/rest/2.0/search/waf/webapp Search web applications in scope from criterias
POST/qps/rest/2.0/create/waf/webapp Create a web application
POST/qps/rest/2.0/update/waf/webapp/:id Update a web application
POST/qps/rest/2.0/update/waf/webapp Update web applications (bulk change)
POST/qps/rest/2.0/delete/waf/webapp/:id Delete a web application
POST/qps/rest/2.0/delete/waf/webapp Delete web applications (bulk change)

A new release of Qualys Cloud Suite, Version 2.30 includes an updated API which is targeted for release in September 2017. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API and make changes to any scripts that utilize this specific API.

 

Host Asset Management API adds additional Amazon EC2 Instance Metadata

 

The Host Asset Management API now adds additional metadata of Amazon EC2 hosts when inventoried using the Qualys EC2 Connector.  The API output schema is changed to add new tags for additional EC2 metadata, populated with respective values for EC2 assets and empty for non-EC2 assets.

 

The new EC2 tags in the <Ec2AssetSourceSimple> element include:

 

<ec2InstanceTags>

<EC2Tags>

<createdDate>

<instanceState>

<groupId>

<groupName>

<spotInstance>

<ownerId>

<subnetId>

<vpcId>

<region>

<zone>

<publicIpAddress>

<accountId>

 

The example below is of the full output with the new and existing tags:

 

<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://v-qps1.dev.qualys.com:8080/portal-api/xsd/2.0/am/hostasset.xsd">
   <responseCode>SUCCESS</responseCode>
   <count>1</count>
   <data>
       <HostAsset>
           <id>52331</id>
           <name>wenlin_scanner_sjc</name>
           <created>2017-06-15T02:34:25Z</created>
           <modified>2017-06-15T04:34:02Z</modified>
           <type>HOST</type>
           <tags>
               <list>
                   <TagSimple>
                       <id>7515612</id>
                       <name>AWS-Connector#2</name>
                   </TagSimple>
               </list>
           </tags>
           <sourceInfo>
               <list>
                   <Ec2AssetSourceSimple>
                       <firstDiscovered>2017-06-15T02:34:27Z</firstDiscovered>
                       <lastUpdated>2017-06-21T01:37:04Z</lastUpdated>
                       <assetId>52331</assetId>
                       <ec2InstanceTags>
                           <tags>
                               <list>
                                   <EC2Tags>
                                       <key>Name</key>
                                       <value>wn_scanner_sjc</value>
                                   </EC2Tags>
                                   <EC2Tags>
                                       <key>wn_scanner_sjc</key>
                                   </EC2Tags>
                               </list>
                           </tags>
                       </ec2InstanceTags>
                       <availabilityZone>us-west-1c</availabilityZone>
                       <instanceId>i-07d6f50d34s2e22a2ac69</instanceId>
                       <instanceType>t2.medium</instanceType>
                       <createdDate>2017-06-20T18:52:38Z</createdDate>
                       <instanceState>RUNNING</instanceState>
                       <groupId>sg-5547324f32</groupId>
                       <groupName>sg-5547324f32</groupName>
                       <spotInstance>true</spotInstance>
                       <ownerId>2057623237712438</ownerId>
                       <subnetId>subnet-b7dc77adbde</subnetId>
                       <vpcId>vpc-a334bdc7bca</vpcId>
                       <region>us-west-1</region>
                       <zone>VPC</zone>
                       <imageId>ami-169bc676</imageId>
                       <publicIpAddress>127.0.0.1</publicIpAddress>
                       <privateIpAddress>10.91.76.239</privateIpAddress>

<accountId>18943245667116622211526272</accountId>
            <monitoringEnabled>false</monitoringEnabled>
                   </Ec2AssetSourceSimple>
               </list>
           </sourceInfo>
           <os>Linux</os>
           <address>10.91.76.239</address>
           <trackingMethod>INSTANCE_ID</trackingMethod>
           <openPort>
               <list/>
           </openPort>
           <software>
               <list/>
           </software>
           <vuln>
               <list/>
           </vuln>
           <processor>
               <list/>
           </processor>
           <volume>
               <list/>
           </volume>
           <account>
               <list/>
           </account>
           <networkInterface>
               <list>
                   <HostAssetInterface>
                       <interfaceId>eni-50851450</interfaceId>
                       <interfaceName>Primary network interface</interfaceName>
                       <type>PRIVATE</type>
                       <address>10.91.76.239</address>
                   </HostAssetInterface>
               </list>
           </networkInterface>
       </HostAsset>
   </data>
</ServiceResponse>

A new release of Qualys Cloud Suite, Version 8.10.1 (this version # applies to Qualys Vulnerability Management (VM) and Policy Compliance (PC) modules), includes an updated API which is targeted for release in July 2017. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API as well as updated API's that may have changes affecting current code environments, allowing you to identify use cases that can leverage this updated API. The release notes are attached at the end of this notice.

 

What’s New
New Scanner Role Extended Permissions

Your subscription may now be configured to allow users with a Scanner user role to be granted these extended permissions:

   - Manage virtual scanner appliances. When granted, this allows the user to create, edit and delete virtual scanner appliances from the UI and API.

   - Create/edit authentication records/vaults. When granted, this allows the user to create and edit authentication records and vaults from the UI and API.

 

New Input Parameter for Create Virtual Scanner

When users with the Unit Manager or Scanner role create a virtual scanner appliance, they must add the virtual scanner to an asset group in their account. Simply provide the asset group ID as part of the API request. 


VM - Detection API - New Value for Active Kernels Only input parameter

The existing parameter “active_kernels_only” helps you identify detections related to running and non-running Linux kernels. You can now specify active_kernels_only=3 in your request to only include vulnerabilities found on running Linux kernels.


PC - Enhancement to File Integrity Checks

With this release you’re no longer required to manually set the default expected value when defining File Integrity checks. Now you can pick the “Use scan data as expected value” option in the UDC and we’ll set the expected value for you based on the actual value returned by the scan. Note that you’ll also need to select the “Auto Update expected value” option in your compliance profile.

A new release of Qualys Cloud Suite, Version 2.28 (this version # is equivalent to Web Application Scanner v5.6), includes an updated API which is targeted for release in July 2017. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API. The release notes are attached at the end of this notice.

 

Whats New in WAS 5.6

WAS - Generating Reports using templates

With our new Reporttemplate API, you can search for existing templates as well as get the details of an existing template. You can also use templates to generate reports through API, such as web application report, scan report, catalog report, and scorecard report.

 

WAS - Retest findings
You can now easily retest the findings for individual vulnerabilities using Finding API to test the selected finding. Only potential vulnerabilities, confirmed vulnerabilities and sensitive contents are available for retest.

 

WAS - Launch multiscan
We've enhanced the ability to support large web application scanning programs by adding the ability to scan any number of web applications as a Multi-Scan through API. This feature enables you to scan hundreds or even thousands of web applications you may have in your organization with granular insight into what scans are running and which ones are complete.

 

WAS - Schedule a multiscan
You can now schedule a Multi-Scan through API to run automatically, on a regular basis. This way you always have the most up-to-date security information in your account.

 

A Multi-Scan allows you to scan any number of web applications. This feature enables you to scan hundreds or even thousands of web applications you may have in your organization with granular insight into what scans are running and which ones are complete.

 

WAS - Enhanced tag selection
We have now enhanced our support for selection of assets linked to the tags when you launch a scan, create or edit a schedule, generate or schedule a Scorecard report or Web application report. You can now tell us the tag id in the request and specify if any or all the assets associated with the tag should be included or excluded in the scan result or report.

Qualys 8.10.0.1 Release Notes


A new release of Qualys Cloud Suite, Version 8.10.0.1 (this version # applies to Qualys Vulnerability Management (VM) and Policy Compliance (PC)) includes the following fixes.  This hotfix will roll out today (June 9th, 2017) across all shared platforms. 

 

Issues Addressed


For the VM Detection API we reverted the behavior for the active_kernels_only=1 parameter and updated the documentation. Now it excludes vulnerabilities found on non-running Linux kernels. The 8.10 API Release Notes and API User Guides have been updated to reflect this change.


Scan Reports in CSV format – Now the EC2 Instance ID column will only appear when your subscription has EC2 Scanning enabled and only when the “EC2 Related Information” option isselected in the scan report template. Columns for EC2 Instance ID and EC2 metadata information now appear at the end. We also moved the columns in the CSV output for the VM Detection API. The 8.10 API Release Notes and API User Guides have been updated to reflect this change.


We fixed an issue where users were getting an error when using the show_pci_flag parameter with the KnowledgeBase Download API (/msp/knowledgebase_download.php). Also, the AUTOMATIC_PCI_FAIL tag previously described in the 8.10 API Release Notes will not appear in the XML output. This element is in the DTD but for internal use only.

 

We fixed an issue in the Qualys UI where the Scan List was not loading for Non-Manager users.

 

We fixed a link in the online help for the Cloud Agent Mac Install Guide.

A new release of Qualys Cloud Suite, Version 8.10 (this version # applies to Qualys Vulnerability Management (VM) and Policy Compliance (PC) modules), includes an updated API which is targeted for release in end of May 2017. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API as well as updated API's that may have changes affecting current code environments, allowing you to identify use cases that can leverage this updated API. The release notes are attached at the end of this notice.

 

What’s New

Change API Rate Limit to 300 per hour

- This is a huge positive change, effectively acting as a 24 times multiplier versus our old rate limits!

New Support for BeyondTrust PBPS Vaults

New API Support for Option Profiles

- Import and export of Option Profiles

Scanner Appliance List - added Cloud Information

EC2 Assets - Improved Reporting of private DNS host name and Instance ID

Manage assets using EC2 metadata

IP Update - New DTD for Duplicate Hosts Error

Export user activity log for a subscription

Action Log API V1 - added User Details in Output

Asset Search APIs - Search by EC2 Instance Status, ID

VM - New API Support for Report Templates

VM - Show Reopened Info in Scan Reports

VM - Show Reopened Info in Vulnerability Detection API

VM - Detection API - Identify vulnerabilities related to running and non-running kernels

VM - Filter Detections Updated Before a Specific Date and Time

VM - Editing vulnerabilities

VM - EC2 asset information in scan report

VM - Scan Report in XML Format - Ability to Exclude Glossary data

VM - Hide target information from scan list

VM - New tag added to KnowledgeBase API

- A new tag, <AUTOMATIC_PCI_FAIL>, is now added to the Knowledge Base API

PC - Remediation Information Displayed in PC Reports

PC - New API Support for Docker Authentication

PC - New API Support for PostgreSQL Authentication

PC - New API Support for Sybase Authentication

PC - Introducing Qualys Custom Controls in Library Policies

PC - Remediation Information Displayed in Reports

A new release of Qualys Cloud Suite, Version 2.26 (this version # is equivalent to Web Application Scanner v5.5), includes an updated API which is targeted for release in May 2017. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.  The release notes are attached at the end of this notice.

 

What’s New in WAS 5.5
WebApp API - Editing URL and Scanner Appliance
Scan API - Enhanced Scan Status

 

What's New in Portal 2.26

Host Asset Management API – Multiple Cloud Agent Module Activation/Deactivation

A new release of Qualys Cloud Suite, Version 2.27 (this version # applies to Cloud Agent and Asset Management API's), includes an updated API which is targeted for release in May 2017. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API. The release notes are attached at the end of this notice.

 

What’s New

Host Asset Management API – New Cloud Agent Filter Parameters

The Cloud Agent API adds five new filter parameters to make it simpler to request agent details

for specific agents that meet filter criteria.


Host Asset Management API – Added Cloud Agent Attributes

The Asset Management API has been updated to add additional Cloud Agent attributes. The

new attribute fields are not optional and are added to the existing response schema. For

assets that do not have a Cloud Agent, the new fields are not returned in the response.

A new release of Qualys Cloud Suite, Version 8.10 (this version # applies to Qualys Vulnerability Management (VM) and Policy Compliance (PC)), includes an updated API which is targeted for release in May 2017. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.  The release notes are attached at the end of this notice.

 

What’s New

New Support for BeyondTrust PBPS Vaults
New API Support for Docker Authentication
Scanner Appliance List - added Cloud Information
EC2 Assets - Improved Reporting of private DNS host name and Instance ID
IP Update - New DTD for Duplicate Hosts Error
Change API Rate Limit to 300 per hour
VM - Show Reopened Info in Scan Reports
VM - Show Reopened Info in Vulnerability Detection API
VM - Detection API - Identify vulnerabilities related to running and non-running kernels
VM - Manage assets using EC2 metadata
VM - Editing vulnerabilities
VM - EC2 asset information in scan report
VM - Scan Report in XML Format - Ability to Exclude Glossary data
PC - Remediation Information Displayed in PC Reports
PC - New Sybase Authentication Record API
PC - Introducing Qualys Custom Controls in Library Policies

 

About the New API Rate Limit

We're excited to move from daily rate limits to hourly.  This means every QWEB API (VM/PC) goes from an approximately once every 5 minute call to about once every 12 seconds IF NEEDED.  Enabling use cases like checking the scan list API or enabling Continuous Integration pipelines will be a lot easier from now on.  

A new release of Qualys Cloud Suite, Version 2.25 / WAS 5.4 includes an updated API which is targeted for release in April 2017. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

For Asset Management APIs, NOT EQUALS Operator can cause unwanted effects.

When the user uses NOT EQUALS operator in Delete or Update API it deletes or updates all the Assets or Tags which are fulfilling NOT EQUALS criteria. In this case, a user may end up in deleting or updating all Tags or Assets unknowingly or accidently without any warning hence its support should be removed.
Modules Affected:
Tag API
Host Asset API
Asset API
Asset Data Connector API
AWS Asset Data Connector API
AWS Authentication Record API

 

We will remove support for this operator from an upcoming version.

 

WAS - Scan API - Scan Status Discrepancy Resolved

The Scan API request now displays correct status for the scan to be in sync with the status

displayed on the UI. XSD Changes: scan.xsd  Please see attached release notes for more details.

A new release of Qualys Cloud Suite, Version 2.25 includes an updated API which is targeted for release in April 2017. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

For Asset Management APIs, NOT EQUALS Operator can cause unwanted effects.

When the user uses NOT EQUALS operator in Delete or Update API it deletes or updates all the Assets or Tags which are fulfilling NOT EQUALS criteria. In this case, a user may end up in deleting or updating all Tags or Assets unknowingly or accidently without any warning hence its support should be removed.
Modules Affected:
Tag API
Host Asset API
Asset API
Asset Data Connector API
AWS Asset Data Connector API
AWS Authentication Record API

 

We will remove support for this operator from an upcoming version.

A new release of Qualys Cloud Suite, Version 2.23 includes an updated API which is targeted for release in March 2017. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

Cloud Platform - EC2 Scanning Support for AWS GovCloud
We’re excited to announce support for AWS GovCloud (US). Once enabled for your subscription, you can create/update EC2 connectors to pull instance info from the GovCloud (US) region. Instances found can then be activated for VM and/or PC and scanned using our existing EC2 scan workflow.

 

Cloud Agent - Changes, Organization and Description of Performance Interface
You’ll notice the performance profile UI has new sections with new and changed values introduced for Windows Agent 1.5 and Linux/Mac Agent 1.6. Also we’ve added OS specific parameters and legacy parameters. The configuration parameters for the Cloud Agent Configuration Profile API have been updated as well.

Filter Blog

By date: By tag: