We want to exclude accepted Vulnerabilities from qualys via API call. I am trying scan template call but its not working. Can you please help?
If you ignore in the KB; that does it everywhere. What you want is to ignore an instance of the vulnerability. Basically a combination of the Asset+(service/port)+and the QID. The remediation ticket is the way to go but as I stated I think it is being deprecated.
I may have some scripts dealing with the API but your best bet it is reach out to your TAM on this. I would not want to give you a script or point you in a direction that will be deprecated shortly.
Get with your TAM.
Depends on which API end point you are using. If it is "detentions", then you have to first set up a search list and include that as a parameter for either "include" or "exclude". If you're using the "asset_data_report" in conjunction with a specific template ID, need to ensure the template is properly configured with the correct boxes checked on the Filter tab.
I concur with Scott and we also need more information. are you accepting the vulnerabilities on one asset or you don't want to see the vulnerability anymore either in a scan or a report.
You can accept/ignore a vulnerability detected on a host.
If you wanted to not scan/report you can build a search list for that.
But in order for us to help more we need more information on what you are trying to do.
Thanks. Can you please help me with the API call which is used to ignore a vulnerability detected on a host?
I don't recall an API to ACCEPT a vulnerability on a host; if they do I would imagine it would be under the ticketing which I think is being deprecated.
Right now you would use the UI. Maybe someone @Qualys can comment further.
Right now you just may need to do it via the UI. If you are DOING a lot of them you could try other methods to try and accomplish what you need.
It depends on which API you are using. If it is the "detections", then you need to first create a search list that will contain the expected results. If you're using "asset_data_report" then you modify the filter section to check the Ignored box.
If we add the QID in the static search list then the vulnerability is excluded from all the host. I want it to be excluded/ignored from specific host. I am not a Qualys user, I have to do it via API call.
I was going through some of the community post and links, and found out that there are 2 ways :
1. Ignore the vulnerability at Knowledge Base
2. Create Remediation ticket
I am not sure which one should I use. Can you please help?
Is there any option to exclude the vulnerability at individual host? I need the API details.
Retrieving data ...