Skip navigation
3 4 5 6 7 Previous Next

API Notifications

139 posts

A new release of Qualys Cloud Suite, Version 2.22 (WAS 5.10) includes an updated API which is targeted for release in March 2017. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

WebApp API - Selenium Crawl Scripts Supported
The WAS Web Application API now lets you add, update or remove selenium crawl scripts through API. If you have added a selenium crawl script to a web application, you could also view the selenium crawl script or download the script file.

 

 

A new release of Qualys Cloud Suite, Version 2.21 includes an updated API which is targeted for release in February 2017. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

Cloud Agent API
Change minimum Delta Upload Interval

Now you can set the Delta Upload Interval value in the performance profile to something smaller than the minimum 60 seconds (in previous releases) to 1 second minimum. This lets you speed up the rate your agents upload changes to the Qualys Cloud Platform. Also we’ve added the upper limit of 1800 seconds (30 minutes).


Agent Config Performance: CPU Throttle - increase upper limit

 Now you can set the Delta Upload Interval value in the performance profile to something smaller than the minimum 60 seconds (in previous releases) to 1 second minimum. This lets you speed up the rate your agents upload changes to the Qualys Cloud Platform.

Web Appl Scanning API
Endpoint for importing Burp results

With our new Burp API, you can now import Burp scan reports and store the findings discovered by the Burp Suite scanner with those discovered by WAS. Import Burp
reports to manage your Burp findings with WAS.


Scanner appliance pooling
With our new release, we now allow you to group scanners into 'pools' that can be assigned to a web application or during the scan configuration, so that during scan run time, a scanner available in the pool is picked, making more efficient use of the scanner resources.


Portal API
Version API for all Qualys Cloud Platform subsystems

Now you can find out what is the version of Portal and its sub-modules (in your subscription). Our new version API provides the version of all the portal sub-modules that are available in your subscription.

A new release of Qualys Cloud Suite, Version 2.19 includes an updated API which is targeted for release in December 2016. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

WAF: Web Application API - sslStatus updates

We’ve made these updates to sslStatus in web application API requests.

  • Fixed an issue where sslStatus element incorrectly returned <sslStatus>OK</sslStatus> instead of the correct status in the output from these API requests: GET, SEARCH, CREATE, UPDATE. Now the correct status is returned in all cases.
  • Fixed an issue where sslStatus not updated correctly in web application settings. Now an UPDATE request will update sslStatus to appropriate status value. Note we don’t support certificate expiration date using WAF API, yet this is supported using WAF UI.

 

Status values for sslStatus have not changed, and we’ve described below.

 

See the attached release notes for more detail.

 

WAS: Option Profile API - New form uniqueness option

Forms considered unique are reported separately in your account. We’ll always use form
field names to calculate form uniqueness. When you set the new "includeActionUriInFormID" parameter to true in your option profile, we’ll use form action URI and form field name for determining the uniqueness of a form.

 

Updated XSD: was_v3.0.xsd. See attached release notes for details.

A new release of Qualys Cloud Suite, version 8.9, includes an API update which is targeted for release in November 2016. The specific day will differ depending on the platform.  See platform release dates for more information. This API notification provides an early preview into the coming API changes, allowing you to proactively identify any changes that might be required for your automated scripts or programs that utilize the API methods.

 

This release includes features with changes to XML, CSV output, and/or DTD which could impact existing API implementations.  Notification about other new API features along with additional details and examples will be posted prior to the release.

 

For details about the changes, please see the attached detailed release notification below.

 

What's New

Unix Authentication Improvements
New Support for Cyber-Ark AIM Vaults
Launch Scan using All Scanners in Network
Appliance API - Add tags to your scanner appliances
Physical Scanner Appliance API to update VLAN and Static Routes
Appliance List Output - Start date/time for CMD Only mode added
User List Output - User ID added
MS SQL Authentication Record API - Domain supported
IP Update - Fix to Command List Output and DTD
VM - Choose a Priority Level For Each Scan
VM - Improvements to Reporting Host Scan Time
VM - More Detection Info Returned from Vulnerability Detection API
VM - Easily Identify Disabled Vulnerabilities in KnowledgeBase APIs
VM - Removed Version element of CVSS v3 VM - CVSS3 Final Score in Scan Reports
VM - Vulnerability Counts by Severity Added to Scan Report CSV
VM - Display Last Fixed Date in Scan Reports
VM - Updates to Vulnerability Scorecard Report
VM - Scan API v1 Does Not Support Scanning Custom Networks
VM - Removed PROTOCOL from VULN_INFO for QIDs 38175 and 38228
VM - Created Date Added to Remediation Reports in CSV Format
PC - Support Asset Tags in Compliance Policies
PC - Include UDCs in Policy Export/Import
PC - Expose Human Readable Look-ups for Control Descriptions via API
PC - Policy List Output - added Locked indicator
PC - Control List Output - added UDC settings
PC - Changes to STATISTICS element in Policy Report
PC - Last Evaluated Date added to Policy Reports
PC - Uniquely Identify Data Points using Name and ID

As the Qualys Cloud Platform grows and expands to include more modules with APIs, the need for a consolidated quick reference across all API's has grown.  Today, we're announcing just such a guide, replacing the prior VM/PC v1 and v2 Quick References with the Qualys API Quick Reference that covers ALL Qualys API's going forward.  

 

All other Qualys Resource Guides are available at Qualys Documentation.

NOTE: This is an updated version of the API notifications originally published on 9/22.  Additional features were added to the release late.  Qualys apologies for any confusion that may result.  All PRIOR notifications are still valid, this just includes a few more.

 

A new release of Qualys Cloud Suite, Version 8.9 includes an API update which is targeted for release in November 2016.   The specific day will differ depending on the platform.  See platform release dates for more information. This API notification provides an early preview into the coming API changes, allowing you to proactively identify any changes that might be required for your automated scripts or programs that utilize the API methods.

 

This release includes features with changes to XML, CSV output, and/or DTD which could impact existing API implementations.  Notification about other new API features along with additional details and examples will be posted prior to the release.

 

For details about the changes, please see the attached detailed release notification below.

 

What’s New

Appliance List Output shows start date/time for CMD Only mode

 

* The Appliance List Output now includes the date/time an appliance enters into CMD Only (command only) mode. This mode may be entered for various reasons, such as

when a session expires.

 

Scan API v1 Does Not Support Scanning Custom Networks

 

* Using the Scan API v1 (/msp/scan.php) you will now get an error if you try to scan a custom network (i.e. asset groups belonging to a custom network). It’s still possible to

scan the Global Default Network.

 

New Support for Cyber-Ark AIM Vaults

 

* This new vault type can be used to retrieve authentication credentials from CyberArk's Central Credential Provider (CCP) solution

 

User List Output - User ID added

 

* The User List v1 API (/msp/user_list.php) lets you view the users in the subscription. The user list output now includes the user ID assigned to each user.

 

Appliance API - Add tags to your scanner appliances

 

* You can now add tags to your scanner appliances using the Appliance API v2 (/api/2.0/fo/appliance). The new parameters let you add, remove and reset tags for

appliances.

 

Launch Scan using All Scanners in Network

 

* You can now launch and schedule scans using the All Scanners in Network option, which will launch scans using all the scanner appliances in your network

 

SSH2 Authentication Enhancements

 

* We're excited to tell you about the many enhancements we’ve made to support SSH2 authentication in this release, and continuijng in upcoming releases.  Please see the release notes for details.

 

Appliance List Output - Start date/time for CMD Only mode added

 

* The Appliance List Output now includes the date/time an appliance enters into CMD Only (command only) mode. This mode may be entered for various reasons, such as when a session expires.

 

User List Output - User ID added

 

* The User List v1 API (/msp/user_list.php) lets you view the users in the subscription. The user list output now includes the user ID assigned to each user.

 

MS SQL Authentication Record API - Domain supported

 

Now you can easily create domain based MS SQL authentication records. Just add the member domain to your MS SQL record and we'll auto discover MS SQL instances for authentication.

 

IP Update - Fix to Command List Output and DTD

 

The Command List Output DTD is used when you perform an IP update that results in a warning about duplicate hosts. We made a fix in the XML output to add the opening tag for COMMAND_LIST_OUTPUT, and we updated the COMMAND_LIST_OUTPUT DTD to include missing elements CODE and WARNING (plus sub-elements).

 

VM - Choose a Priority Level for each scan

 

Now you can tell us which of your vulnerability scans has the highest priority and should be processed first. You’ll do this at the time you launch/schedule your scan. By default, no priority is set. You can choose from nine priority levels with the highest priority being 1 - Emergency and the lowest priority being 9 - Low.

 

VM - Removed Version element of CVSS v3

 

* We've updated XML output returned from the KnowledgeBase API (v2)

(/api/2.0/fo/knowledge_base/vuln/?action=list) to remove the VERSION sub-element for CVSS_V3 as it is not applicable.

 

VM - Improvements to Reporting Host Scan Time

 

* We’ve changed the way we report the host scan time when updating vulnerabilities and tickets. The host scan time will now be based on when the scan finished, not when the scan started. We’ll get this date from QID 45038 “Host Scan Time”. If this QID was not included in your vulnerability scan then we’ll use the scan start date/time.

 

VM - More Detection Info Returned from Vulnerability Detection API

 

* The output for the Host List VM Detection API (/api/2.0/fo/asset/host/vm/detection) includes more detection information: IS_DISABLED< IS_IGNORED, TIMES_FOUND, SERVICE

 

VM - Easily Identify Disabled Vulnerabilities in KnowledgeBase APIs

 

* We’ve added a new flag to the XML output of KnowledgeBase APIs to identify vulnerabilities that have been disabled. Managers can disable vulnerabilities in the

KnowledgeBase in order to globally filter them from all host

 

VM - Display Last Fixed Date in Scan Reports

 

When you download a scan report (with host based findings) from your account you’ll now see the last fixed date/time for each vulnerability in the report. Download scan reports using any of these methods: download from the UI, use the Report API v2 (/api/2.0/fo/report/?action=fetch), or use the Asset Data Report API v1 (/msp/asset_data_report.php). The Asset Data Report DTD (asset_data_report.dtd) was updated.

 

VM - CVSS3 Final Score in Scan Reports

 

We’ve added the CVSS3 final score in scan reports with host based findings (also known as asset data reports). Both XML and CSV formats were updated.

 

VM - Updates to Vulnerability Scorecard Report

 

We’ve made these updates to the Vulnerability Scorecard Report and the Asset Group

Scorecard Report DTD (asset_group_scorecard.dtd).

 

VM - Vulnerability Counts by Severity Added to Scan Report CSV

 

This update applies to a scan report with host based findings. Now when you sort your scan report by vulnerability you’ll see a section in the CSV output that shows the total number of vulnerabilities detected at each severity level.

 

PC - Expose Human Readable Looks-ups for Control Descriptions via API

 

* The Compliance Policy Export API (/api/2.0/fo/compliance/policy/?action=export) now includes a new appendix with human readable look-ups for control descriptions

 

PC - Compliance Control List Output - added UDC settings

 

* The control list may include service-defined controls and user-defined controls (UDCs). The XML output has been updated to include settings defined for each UDC, including

scan parameter settings, ignore options, datapoint, etc.

 

PC - Changes to STATISTICS element in Policy Report

 

* We will now report statistics information for UDCs in a consistent way using <STATS> under <STATISTICS>.

 

PC - Last Evaluated Date added to Policy Reports

 

* Your compliance reports (policy report and interactive reports) will now show the date the policy was last evaluated.

 

PC - Uniquely Identify Data Points using Name and ID

 

* You can now use the new input parameter "include_dp_name=1" in the Compliance Posture Information API (/api/2.0/fo/compliance/posture/info) to show the name and ID for each data point in the XML output. This is useful for uniquely identifying data points.

 

PC - Support Asset Tags in Compliance Policies

 

PC - Include UDCs in Policy Export/Import

 

* You can now include user-defined controls (UDCs) when you export a policy from your account to CSV or XML, and when you import a policy to your account from XML.

 

PC - Policy List Output - added Locked indicator

 

With this release Managers and Unit Managers have the ability to lock compliance policies. When locked, the policy settings cannot be edited by other users. The output for the Compliance Policy List API (/api/2.0/fo/compliance/policy/ with action=list) has been updated to indicate when a policy is locked.

 

PC - Control List output - added USC settings

The control list may include service-defined controls and user-defined controls (UDCs). The XML output has been updated to include settings defined for each UDC, including scan parameter settings, ignore options, datapoint, etc.

A new release of Qualys Cloud Suite,Version 2.17 includes a completely new API which is targeted for release in October 2016. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this new API set.

This is a completely new set of API's we are proud to announce that will let you completely orchestrate your Cloud Agents without having to access the UI whatsoever.

For details about the new API, please see the User Guide.

 

What’s New


Agent Management API's

API's for getting agent counts, listing agents, activating, deactivating and uninstalling agents singly and in bulk

 

Activation Key API

Get, Create, Delete and Update Activation keys

 

Configuration Profiles API

Get, Create, Delete and Update configuration profiles

 

Use Cases

We give you example Use Cases for using these API's

A new release of Qualys Cloud Suite includes an API update which is targeted for release in August 2016. The specific day will differ depending on the platform, and release dates will be published on the Qualys Status page when available. This API notification provides an early preview into the coming API changes, allowing you to proactively identify any changes that might be required for your automated scripts or programs that utilize the API methods.

 

For details about the changes, please see the attached detailed release notification below.

 

What’s New in Web Application Scanner 4.9

WAS - Add ability to set default authentication on web app via API

WAS - Allow user to specify regular expressions to detect logout links

WAS - API for Increase/decrease severity level per finding

WAS - Display the scheduled multiscans in the API call

 

What's new in Web Application Firewall 1.18

WAF - Fix discrepancies of orders between XSD and response XML

A new release of Qualys Cloud Suite includes API updates which are targeted soon for release. The specific day will differ depending on the platform.  See platform release dates for more information. This API notification provides an early preview into the coming API changes, allowing you to proactively identify any changes that might be required for your automated scripts or programs that utilize the API methods.

 

This notification describes new API features that do not impact existing API implementations.

 

What's New

 

Choose Kerberos, NTLM protocols for Windows and MS SQL Authentication

Require SMB Signing for Windows Authentication

VM - Display CVSS v3 scores in reports

VM - Dynamic Search List API v2

VM - Authentication API - Assign Vault Info to Records

VM - Scan API - Fetch Host Data from Scan Results

VM - KnowledgeBase Download returns Remote Discovery, Patch and Exploit Available in CSV, XML

VM - Vulnerability Notification shows more QID attributes in CSV

VM - Map Report Output shows network ID for IPs

VM - New Asset Search Report

PC - New Oracle WebLogic Server Authentication API

PC - Unix Authentication Supports CheckPoint Firewall Sub-Type

PC - Exception API - Support for Truncation Limit

PC - Support Agent IPs in Compliance Policy

A new release of Qualys Cloud Suite, Version 8.8 includes an API update which is targeted for release in June 2016.   The specific day will differ depending on the platform.  See platform release dates for more information. This API notification provides an early preview into the coming API changes, allowing you to proactively identify any changes that might be required for your automated scripts or programs that utilize the API methods.

 

This release includes features with changes to XML, CSV output, and/or DTD which could impact existing API implementations.  Notification about other new API features along with additional details and examples will be posted prior to the release.

 

For details about the changes, please see the attached detailed release notification below.

 

 

What’s New

  • Choose Kerberos, NTLM protocols for Windows and MS SQL Authentication

  • Require SMB Signing for Windows Authentication

  • VM - Display CVSS v3 scores in reports

  • VM - KnowledgeBase Download returns Remote Discovery, Patch and Exploit Available in CSV, XML

  • VM - Vulnerability Notification shows more QID attributes in CSV

  • VM - Dynamic Search List API v2

  • VM - Authentication API - Assign Vault Info to Records

  • VM - Scan API - Fetch Host Data from Scan Results

  • VM - Map Report Output shows network ID for IPs

  • PC - New Oracle WebLogic Server Authentication API

  • PC - Unix Authentication Supports CheckPoint Firewall Sub-Type

  • PC - Support Agent IPs in Compliance Policy

  • PC - Exception API - Support for Truncation Limit

A new release of Qualys Cloud Suite includes API updates which are targeted soon for release. The specific day will differ depending on the platform, and release dates will be published on the Qualys Status page when available. This API notification provides an early preview into the coming API changes, allowing you to proactively identify any changes that might be required for your automated scripts or programs that utilize the API methods.

 

This 15-day notification describes new API features that do not impact existing API implementations.

 

What's new in Web Application Scanner API 4.8

  • Finding API now returns function information

 

What's new in Web Application Firewall API

  • The is is the initial release of the WAF API, the attached PDF just partially outlines the new API's coming with our new product release of Web Application Firewall.  Look for the full User Guide release this month

A new release of Qualys Cloud Suite includes API updates which are targeted soon for release. The specific day will differ depending on the platform.  See platform release dates for more information. This API notification provides an early preview into the coming API changes, allowing you to proactively identify any changes that might be required for your automated scripts or programs that utilize the API methods.

 

This 15-day notification describes new API features that do not impact existing API implementations.

 

What's new in Web Application Scanner API 4.6

Web Application API - Scheduling Malware Monitoring Scan

Finding API - Updated XSD

Scan API - Updated XSD

Option Profile API - SmartScan Support

 

What's new in Malware Detection API 2.12

Search malware detections

View details of a malware detection

Current malware detection count

 

What's new in Asset Management API 2.12

Create Asset API Supports Bulk Creation

A new release of Qualys WAS, Version 4.6 which includes API updates, is targeted for release in April. The specific day will differ depending on the platform.  Platform release dates will be published on the Qualys Status page when available.

 

The updated APIs for WAS 4.6 give you more ways to integrate your programs and API calls with Web Application Scanning (WAS).

 

This API notification provides an early preview into the coming API changes, allowing you to proactively identify any changes that might be required for your automated scripts or programs that utilize the API methods. This release includes features with changes to XML, CSV output, and/or DTD which could impact existing API implementations.  Notification about other new API features along with additional details and examples will be posted prior to the release.

 

What’s New

 

Web Application API - Scheduling Malware Monitoring Scan

 

Web Application API - Scheduling Malware Monitoring Scan

 

We now support malware monitoring schedule with options such as Single, Daily, Hourly, Weekly, and Monthly through the WAS API.

 

Affected APIs:

/qps/rest/3.0/get/was/webapp

/qps/rest/3.0/create/was/webapp

/qps/rest/3.0/update/was/webapp

 

Updated XSD:

webapp.xsd

 

Looking for our API user guides? Just log in to your account and go to Help > Resources.

 

Please see the attached PDF for all API details and changes including examples and API base URLs.

A new release of Qualys Cloud Suite, Version 8.7 includes an API update which is targeted soon for release. The specific day will differ depending on the platform.  See platform release dates for more information. This API notification provides an early preview into the coming API changes, allowing you to proactively identify any changes that might be required for your automated scripts or programs that utilize the API methods.

 

This 15-day notification describes new API features that do not impact existing API implementations. API changes in this release that may impact existing API implementations were already announced in the 30-day notification: Qualys Cloud Suite 8.7 API Release Notification

 

What’s New

  1. Scan Report List - New Target Element
  2. New Schedule Report API
  3. VM - Easily Identify Vulnerabilities Supported by Module
  4. VM - First Found Date Added to Asset Search Report CSV, XML
  5. VM - Show Detections Updated Since Certain Time
  6. PC - New Exception Management API

 

For more details about the above features – please review the attached release notes.

 

Platform release dates will be published on the Qualys Status page when available.

A minor update of Qualys Cloud Suite includes an API update which is targeted for release in February 2016.   The specific day will differ depending on the platform.   This API notification provides an early preview into the coming API changes, allowing you to proactively identify any changes that might be required for your automated scripts or programs that utilize the API methods.

 

This release includes features with changes to XML, CSV output, and/or DTD which could impact existing API implementations.

 

For details about the changes, please see the attached detailed XML schema attached.

 

 

What's New

  • Asset Management v2 API

 

Asset Management v2 API

https://<baseurl>/qps/rest/2.0/search/am/hostasset/<id>

https://<baseurl>/qps/rest/2.0/get/am/hostasset/<id>

 

 

These two API's will now return the additional fields outlined in the attached XML file.

Filter Blog

By date: By tag: