Skip navigation
1 2 3 Previous Next

API Notifications

134 posts

A new release of Qualys Cloud Platform v8.20 (VM,PC) includes an updated API which is targeted for release in June 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.


What’s New
New Database UDCs for Oracle and MSSQL
With this release you can now create custom controls for Oracle database and MSSQL database. To support database controls, we’ve added new elements to the XML output and DTDs for Control List Output, Policy Export Output, Posture Info List Output, and the ImportableControl.xsd schema.

 

Subscription API: Import/Export Email Notification Settings for Password Expiry
We have updated the Export Subscription Configurations API output to include configuration settings for password expiry notification emails in the “USERS” element. New settings indicate whether users in the subscription will be notified by email before their password expires, how often password expiration emails will be sent and when to switch to daily emails

A new release of Qualys Cloud Platform v8.19 (VM,PC) includes an updated API which is targeted for release in May 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.


What’s New
Sybase Authentication - Password Encryption and Auto Discover Databases
/api/2.0/fo/auth/sybase/
This release introduces 2 new options for Sybase authentication - Password Encryption and Auto Discover Databases.

Password Encryption - Enable this option when your Sybase database instance requires an encrypted password for successful login. If password encryption is required and you do not enable this option then authentication will fail.

Auto Discover Databases - Enable this option and we'll find all Sybase database names on each host for you. This means you no longer have to create a separate Sybase record for each database name. Create one record with Auto Discover Databases enabled to authenticate to multiple databases on the same host.

 

PC - New MS Exchange Server Authentication API
/api/2.0/fo/auth/
Microsoft Exchange Server authentication is now supported for compliance scans. The new MS Exchange Server Authentication API (api/2.0/fo/auth/ms_exchange/) lets you list, create, update and delete MS Exchange Server authentication records. User permissions for this API are the same as other authentication record APIs. Note that the API supports authentication record creation only for MS Exchange Server installed on Windows.

 

New Support for Microsoft Azure Key Vault
/api/2.0/fo/auth/windows/
/api/2.0/fo/auth/unix/
/api/2.0/fo/auth/ms_sql/
/api/2.0/fo/auth/mysql/
/api/2.0/fo/auth/mariadb/
/api/2.0/fo/auth/mongodb/
/api/2.0/fo/auth/oracle/
/api/2.0/fo/auth/postgresql/
This new vault type can be used to retrieve authentication credentials from an Azure key vault. We updated the authentication vault API (create, update, list, view) and the authentication record API (create, update, list) to support the new vault type.

A new release of Qualys Cloud Platform v8.19 (VM,PC) includes an updated API which is targeted for release in April 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.


What’s New
Sybase Authentication - Password Encryption and Auto Discover Databases
/api/2.0/fo/auth/sybase/
This release introduces 2 new options for Sybase authentication - Password Encryption and Auto Discover Databases.

Password Encryption - Enable this option when your Sybase database instance requires an encrypted password for successful login. If password encryption is required and you do not enable this option then authentication will fail.

Auto Discover Databases - Enable this option and we'll find all Sybase database names on each host for you. This means you no longer have to create a separate Sybase record for each database name. Create one record with Auto Discover Databases enabled to authenticate to multiple databases on the same host.

 

PC - New MS Exchange Server Authentication API
/api/2.0/fo/auth/
Microsoft Exchange Server authentication is now supported for compliance scans. The new MS Exchange Server Authentication API (api/2.0/fo/auth/ms_exchange/) lets you list, create, update and delete MS Exchange Server authentication records. User permissions for this API are the same as other authentication record APIs. Note that the API supports authentication record creation only for MS Exchange Server installed on Windows.

A new release of Qualys Cloud Platform v2.38 (WAS) includes an updated API which is targeted for release in April 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.


What’s New
WAS API: Enhancements to Finding API response

/qps/rest/3.0/get/was/finding/<id>/

/qps/rest/3.0/search/was/finding
We have now improved the response for Finding API to include following details:
-the tags associated with the web application on which the finding was detected.
-details related to ignored finding

A new release of Qualys Cloud Platform v1.8 (Cloudview) includes an updated API which is targeted for release in April 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.


What’s New
CloudView API URLs updated
With the CloudView 1.8, the URLs for all the CLoudView REST APIs are updated. The API URLs that currently use 1.5 will be replaced with v1 across all the CloudView API URLs. Additionally, we have also updated the "lastsynch" to "lastSyncedOn" in the response.

 

AWS API Updates
We have now added a new element named isPortalConnector. The new element is a boolean flag to indicate whether the AWS connector is also created in Portal module or not (Asset View). If not, you can set this element to true and automatically create the same connector in AssetView module. However, if the connector is created in AssetView as well, then the authentication information associated with the connector is linked to CloudView as well. If you update the authentication information for the connector in AssetView, it will automatically reflect in CloudView as well.

 

Azure APIs (New)
We have now introduced APIs for your Azure Connectors. We support the following operations and evaluations for your Azure Connector:
Get list of connectors
Get the details of Azure connector
Create a new Azure connector
Run the specified Azure connector
Update the existing Azure connector
Delete the Azure connectors
Azure Evaluations

 

GCP APIs (New)
We support the following operations for GCP Connector:
Get list of GCP connectors
Get the details of a specified GCP connector
Create a new GCP connector
Run the specified GCP connector
Update the existing GCP connector
Delete the specified GCP connectors
GCP Evaluations

 

Reports API (New)
We support the following operations for Reports API:
Get list of report configurations
Get list of all supported mandates
Get list of all supported policies
Get the complete data of the specified report
Get the details of specified report configuration
Create a new report configuration
Update the existing report configurations
Delete the provided report configurations

A new release of Qualys Cloud Suite QWEB 8.18.1 (VM/PC) includes an updated API which is targeted for release in April 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What’s New
New Support for HashiCorp Vault
/api/2.0/fo/vault
/api/2.0/fo/auth/windows/
/api/2.0/fo/auth/unix/
This new vault type can be used to retrieve authentication credentials from a HashiCorp vault. We updated the authentication vault API (create, update, list, view) and the authentication record API (create, update, list) to support the new vault type. We updated the DTDs for listing Windows and Unix record.

 

Option Profile API - DTD/XSD Change
We added VAULT_SECRET_KV_PATH?, VAULT_SECRET_KV_NAME?, VAULT_SECRET_KV_KEY to the Windows and Unix Authentication List Output DTDs. The Cisco authentication record uses Unix Authentication List Output DTD.

A new release of Qualys Cloud Suite v2.37.1 (AM) includes an updated API which is targeted for release in April 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What’s New
Asset Management and Tagging API: Enable connector for CloudView
/qps/rest/2.0/create/am/awsassetdataconnector/
/qps/rest/2.0/update/am/awsassetdataconnector/
/qps/rest/2.0/get/am/awsassetdataconnector/
/qps/rest/2.0/search/am/awsassetdataconnector/

The Asset Management and Tagging API has been updated to provide a new parameter for enabling an AWS connector for CloudView. While creating a new connector or editing an existing connector, you can enable that AWS connector to make it available in the CloudView App as well.

A new release of Qualys Cloud Suite 8.18 (VM/PC) includes an updated API which is targeted for release in March 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What's new
New InformixDB Auth records /api/2.0/fo/auth/informixdb/
InformixDB authentication is now supported for compliance scans. The new InformixDB Authentication API (api/2.0/fo/auth/informixdb/) lets you list, create, update and delete InformixDB authentication records. User permissions for this API are the same as other authentication record APIs. Note that the API supports authentication record creation only for InformixDB installed on Unix.

 

Scan EC2 Assets for Certificate Information
/api/2.0/fo/schedule/scan/
/api/2.0/fo/scan/
You can now collect certificate information from EC2 assets using EC2 CertView scans. We added a new input parameter (scan_type=ec2certview) to scheduled/scan and /scan APIs.

A new release of Qualys Cloud Suite v2.37 (AM/WAS) includes an updated API which is targeted for release in March 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What's new
Asset Management and Tagging API: Fetch AWS Account ID
/qps/rest/2.0/get/am/assetdataconnector/<id>
/qps/rest/2.0/search/am/assetdataconnector
/qps/rest/2.0/get/am/awsassetdataconnector/<id>
The Asset Management and Tagging API has been updated to fetch the AWS Account ID for Asset Data Connectors. You can fetch the AWS Account ID while getting the connector information and search for connectors using a particular AWS Account ID.

 

Asset Management and Tagging API: Activate EC2 Assets in CertView Module
/qps/rest/2.0/get/am/assetdataconnector/<id>
/qps/rest/2.0/update/am/assetdataconnector
/qps/rest/2.0/get/am/awsassetdataconnector/<id>
/qps/rest/2.0/update/am/awsassetdataconnector
/qps/rest/2.0/create/am/awsassetdataconnector
The Asset Management and Tagging API has been updated to add a new connector for the CertView module for AWS Asset Data Connectors.

 

Web Application Scanning API: Send Email only on completion of Multi-Scan
/qps/rest/3.0/get/was/wasscan/<id>
/qps/rest/3.0/launch/was/wasscan
/qps/rest/3.0/get/was/wasscanschedule/<id>
/qps/rest/3.0/create/was/wasscanschedule/
/qps/rest/3.0/update/was/wasscanschedule/<id>
We have now added a new parameter for a multi-scan to configure when the email should be sent: completion of multi-scan or completion of individual scan in a multi-scan.

A new release of Qualys Cloud Suite v8.18 (VM/PC) includes an updated API which is targeted for release in March 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What's new
New InformixDB Auth records /api/2.0/fo/auth/informixdb/
InformixDB authentication is now supported for compliance scans. The new InformixDB Authentication API (api/2.0/fo/auth/informixdb/) lets you list, create, update and delete InformixDB authentication records. User permissions for this API are the same as other authentication record APIs. Note that the API supports authentication record creation only for InformixDB installed on Unix.

A new release of Qualys Cloud Suite - Cloudview App, Version 1 includes an updated API which is targeted for release in March 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What's new
Cloudview APIs URL updated
With CloudView 1.8, the URLs for all the CloudView REST APIs are updated. The API URLs that currently use 1.5 will be replaced with v1 across all the CloudView API URLs.

A new release of Qualys Cloud Suite, Version 8.17, includes an updated API which is targeted for release in February 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What's new

 

Set Scheduled Scan Duration to Less than an Hour /api/2.0/fo/schedule/scan/
Now you can have your scheduled vulnerability scan canceled or paused after running only 15-59 minutes. A value of 0 is now accepted for end_after and pause_after_hours parameters when creating or updating a scheduled scan. When end_after is set to 0 the minimum value for end_after_mins is 15. When pause_after_hours is set to 0 the minimum value for pause_after_mins is 15.

A new release of Qualys Cloud Suite, Version 2.36, includes an updated API which is targeted for release in February 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What's new

Host Asset API: Search using EC2 attributes  /qps/rest/2.0/search/am/hostasset

The Asset Management and Tagging API has been updated to allow searching host assets using EC2 attributes.

A new release of Qualys Cloud Suite, Version 2.35 (AM/WAF/WAS), includes an updated API which is targeted for release in December 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API. Release notes are attached to this post.

 

What's new

New Application Security Categories added in Security Policies
/qps/rest/2.0/get/waf/securitypolicy/<id>
/qps/rest/2.0/search/waf/securitypolicy
/qps/rest/2.0/create/waf/securitypolicy
/qps/rest/2.0/update/waf/securitypolicy
We have added support for four new application security categories. Add the new categories as elements under the applicationSecurity parameter and set confidence values for them.

 

New Conditions Added to Custom Rule
/qps/rest/2.0/get/waf/customrule/<id>
/qps/rest/2.0/search/waf/customrule
/qps/rest/2.0/create/waf/customrule
/qps/rest/2.0/update/waf/customrule
Custom Rule API now supports new conditions and operators for custom rules.

 

Added Support for Response Headers to Custom Rule
/qps/rest/2.0/get/waf/customrule/<id>
/qps/rest/2.0/search/waf/customrule
/qps/rest/2.0/create/waf/customrule
/qps/rest/2.0/update/waf/customrule
We have added three new actions: insertHeader, rewriteHeader and stripHeader to the Custom Rule API. You can configure these actions to insert, modify or remove HTTP headers in responses when the conditions for the actions are met.

 

Schedule Reactivation for Ignored Finding /qps/rest/3.0/ignore/was/finding
You can now schedule a date or the number of days to reactivate an ignored finding. With two new parameters: reactivateDate and reactivateIn, you can let us know when an ignored finding should be reactivated again.

 

Dynamic tagging for AWS, AZURE, GCP 
The Asset Management and Tagging API has been updated to allow dynamic tagging for AWS (EC2), AZURE, and GCP assets. You can now group your cloud assets according to the cloud provider they belong to. Tags are applied to assets found by cloud agents (AWS, AZURE, GCP) and EC2 connectors (AWS).

A new release of Qualys Cloud Suite, Version 8.16 (VM/PC), includes an updated API which is targeted for release in December 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API. Release notes are attached to this post.

 

What's New

New CVSS v3.0 Metrics Added to KnowledgeBase API /api/2.0/fo/knowledge_base/vuln/
We updated the CVSS v2 and CVSS v3 sections of the KnowledgeBase API output. For both CVSS v2 and CVSS v3 we added the vector string. For CVSS v3 we renamed, added and removed metrics to match the CVSS v3 standard.

 

Support for Scanning ESXi Hosts on vCenter /api/2.0/fo/auth/vmware/
You can now specify login_type=vcenter in the API request when creating and updating VMware authentication records.

 

SCAP Last Scanned Date for Asset Search /api/2.0/fo/asset/host/?action=list
We have now introduced two new parameters to filter SCAP last scanned date when you download a list of hosts, based on the scan data available in the user’s account.

 

Host List Detection API - New Filters for Last Detection Tested Date /api/2.0/fo/asset/host/vm/detection
The Host List Detection API includes 4 new filters based on when detections were last tested on a host (as part of a full scan or partial scan). You can filter the list to show detections tested since or before a particular date or number of days. The XML output already includes the LAST TEST DATETIME.

 

OS Authentication Instance-based Technology Discovery /api/2.0/fo/scan/compliance
We can now collect technology data using the underlying OS technology without creating authentication records.

 

New Instance column in STIG Report CSV
A host can have multiple instances and you can now include the host instance in the STIG report. Simply choose “Instance” in the STIG report template from the UI to show this information in the CSV report output.

 

New Search Filter Added to Scanner Appliance API /api/2.0/fo/appliance/
You can now search scanner appliances by platform where scanners are deployed. You'll see the platform provider in the XML output when you also specify “include_cloud_info=1” and “output_mode=full” in the request.

 

New API: List Superseding Patches for an Asset /api/2.0/fo/asset/patch/
We have now introduced a new API: Patch Supersede API that lets you view the list of all superseding patches that will fix detections on a specific host.

 

New API: Scanner Details /api/2.0/fo/scan/scanner
The new Scanner Details API helps you identify the scanner used to scan a particular IP address at a given time. This is supported for vulnerability scans only. This new API is especially useful when you’re scanning a large number of IPs using a pool of scanners and you’re not sure which scanner was used to scan a particular host.

 

Agent UDC Support (coming soon!)
/api/2.0/fo/compliance/control/?action=list
/api/2.0/fo/compliance/policy/?action=export
New Agent UDC Support will be announced soon via the Qualys Technology blog once remaining components are released.

Filter Blog

By date: By tag: