Eric Perraudeau

QualysGuard 7.9 API Notification

Blog Post created by Eric Perraudeau Employee on Mar 19, 2013

A new release of QualysGuard, Version 7.9, will be available in production by the end of April 2013. The final date has not been determined yet, but this release contains changes to the APIs and DTDs that requires a 30-day notification. More information specific to this release, including the date of global availability, will be communicating 2 weeks before the release date via the Release Notification pages here:

 

This API notification provides an early preview into the coming API changes in QualysGuard 7.9, allowing you to proactively figure out any changes that might be required for your automated scripts or programs.

 

With this release users can view the Oracle DB instance a vulnerability was detected on. This information appears in scan reports when an Oracle authentication record was used for scanning. Multiple scan report DTDs have been updated to show vulnerability instance information:

 

  • scan results DTD "scan-1.dtd" used by:
    • Ouput of API "/msp/scan.php"
    • Ouput of API "/msp/scan_report.php"
    • XML scan results downloaded using the User Interface


  • scan report DTD "asset_data_report.dtd" used by:
    • Output of API "/msp/asset_data_report.php"
    • XML vulnerability reports downloaded using the User Interface


  • vulnerability detection DTD "host_list_vm_detection_output.dtd" used by:
    • Output of API "/api/2.0/fo/asset/host/vm/detection/?action=list"


  • host information DTD "get_host_info.dtd" used by:
    • Output of API "/msp/get_host_info.php"

 

  • ticket list output DTD "ticket_list_output.dtd" used by:
    • Output of API "/msp/ticket_list.php"

 

The Oracle DB instance includes the technology name, SID and port number like this: "Oracle9:ora9206p:1521"

 

Full release notes will be available to customers from within the Resources section of your QualysGuard account.


Changes to scan-1.dtd

A new optional XML child element <INSTANCE> has been added to the following XML parent elements <INFO>, <SERVICE>, <VULN>, <PRACTICE> as show below in this DTD update:

 

<!ELEMENT INFO (TITLE, LAST_UPDATE?, PCI_FLAG, INSTANCE?,
                VENDOR_REFERENCE_LIST?, CVE_ID_LIST?, BUGTRAQ_ID_LIST?,
                DIAGNOSIS?, DIAGNOSIS_COMMENT?, CONSEQUENCE?,
                CONSEQUENCE_COMMENT?, SOLUTION?, SOLUTION_COMMENT?,
                COMPLIANCE?, CORRELATION?, RESULT?)>

<!ELEMENT SERVICE (TITLE, LAST_UPDATE?, PCI_FLAG, INSTANCE?,
                   VENDOR_REFERENCE_LIST?, CVE_ID_LIST?,
                   BUGTRAQ_ID_LIST?, DIAGNOSIS?, DIAGNOSIS_COMMENT?,
                   CONSEQUENCE?, CONSEQUENCE_COMMENT?, SOLUTION?,
                   SOLUTION_COMMENT?, COMPLIANCE?, CORRELATION?, RESULT?)>

<!ELEMENT VULN (TITLE, LAST_UPDATE?, CVSS_BASE?, CVSS_TEMPORAL?, PCI_FLAG, INSTANCE?,
                VENDOR_REFERENCE_LIST?, CVE_ID_LIST?, BUGTRAQ_ID_LIST?, DIAGNOSIS?,
                DIAGNOSIS_COMMENT?, CONSEQUENCE?, CONSEQUENCE_COMMENT?, SOLUTION?,
                SOLUTION_COMMENT?, COMPLIANCE?, CORRELATION?, RESULT?)>

<!ELEMENT PRACTICE (TITLE, LAST_UPDATE?, CVSS_BASE?, CVSS_TEMPORAL?,
                    PCI_FLAG, INSTANCE?, VENDOR_REFERENCE_LIST?,
                    CVE_ID_LIST?, BUGTRAQ_ID_LIST?, DIAGNOSIS?,
                    DIAGNOSIS_COMMENT?, CONSEQUENCE?,
                    CONSEQUENCE_COMMENT?, SOLUTION?, SOLUTION_COMMENT?,
                    COMPLIANCE?, CORRELATION?, RESULT?)>

<!ELEMENT INSTANCE (#PCDATA)>

 

Example:

 

 <INFO number="19129" severity="1">
     <TITLE><![CDATA[Oracle Authentication Method]]></TITLE>
     <LAST_UPDATE><![CDATA[2008-05-13T00:11:25Z]]></LAST_UPDATE>
     <PCI_FLAG>0</PCI_FLAG>
     <INSTANCE><![CDATA[Oracle9:ora9206p:1527]]></INSTANCE>
     <DIAGNOSIS><![CDATA[...]]></DIAGNOSIS>
     <CONSEQUENCE><![CDATA[N/A]]></CONSEQUENCE>
     <SOLUTION><![CDATA[N/A]]></SOLUTION>
     <RESULT><![CDATA[...]]></RESULT>
</INFO>

 

Changes to asset_data_report.dtd

A new optional XML child element <INSTANCE> has been added to the following XML parent element <VULN_INFO> as show below in this DTD update:

 

<!ELEMENT VULN_INFO (QID, TYPE, PORT?, SERVICE?, FQDN?, PROTOCOL?, SSL?,
                     INSTANCE?, RESULT?, FIRST_FOUND?, LAST_FOUND?,
                     TIMES_FOUND?, VULN_STATUS?, CVSS_FINAL?,
                     TICKET_NUMBER?, TICKET_STATE?)>
<!ELEMENT INSTANCE (#PCDATA)>

 

Example:

 

<VULN_INFO>
     <QID id="qid_19134">19134</QID>
     <TYPE>Vuln</TYPE>
     <PORT>1521</PORT>
     <SERVICE>oracle</SERVICE>
     <PROTOCOL>tcp</PROTOCOL>
     <SSL>false</SSL>
     <INSTANCE><![CDATA[Oracle9:ora9206p:1521]]></INSTANCE>
     <RESULT><![CDATA[...]]></RESULT>
     <FIRST_FOUND>2013-03-13T04:00:49Z</FIRST_FOUND>
     <LAST_FOUND>2013-03-18T21:46:33Z</LAST_FOUND>
     <TIMES_FOUND>5</TIMES_FOUND>
     <VULN_STATUS>Active</VULN_STATUS>
</VULN_INFO>

 

Changes to host_list_vm_detection_output.dtd

A new optional XML child element <INSTANCE> has been added to the following XML parent element <DETECTION> as show below in this DTD update:

 

<!ELEMENT DETECTION (QID, TYPE, PORT?, PROTOCOL?, FQDN?, SSL?, INSTANCE?,
                     RESULTS?, STATUS?, FIRST_FOUND_DATETIME?,
                     LAST_FOUND_DATETIME?, LAST_TEST_DATETIME?,
                     LAST_UPDATE_DATETIME?)>
<!ELEMENT INSTANCE (#PCDATA)>

 

Example:

 

<DETECTION>
          <QID>19134</QID>
          <TYPE>Confirmed</TYPE>
          <PORT>1521</PORT>
          <PROTOCOL>tcp</PROTOCOL>
          <SSL>0</SSL>
          <INSTANCE><![CDATA[Oracle9:ora9206p:1521]]></INSTANCE>
          <RESULTS><![CDATA[...]]></RESULTS>
          <STATUS>Active</STATUS>
          <FIRST_FOUND_DATETIME>2013-03-13T04:00:49Z</FIRST_FOUND_DATETIME>
          <LAST_FOUND_DATETIME>2013-03-15T20:00:35Z</LAST_FOUND_DATETIME>
          <LAST_TEST_DATETIME>2013-03-15T20:00:35Z</LAST_TEST_DATETIME>
          <LAST_UPDATE_DATETIME>2013-03-15T21:13:15Z</LAST_UPDATE_DATETIME>
</DETECTION>

Changes to get_host_info.dtd

A new optional XML child element <INSTANCE> has been added to the following XML parent element <VULNINFO> as show below in this DTD update:

 

<!ELEMENT VULNINFO (QID, SEVERITY_LEVEL, TITLE, VULN_STATUS?, CATEGORY?,
                    PORT?, SERVICE?, PROTOCOL?, INSTANCE?,
                    CVSS_SCORE?, FIRST_FOUND?, LAST_FOUND?,
                    TIMES_FOUND?, VENDOR_REFERENCE_LIST?, CVE_ID_LIST?,
                    BUGTRAQ_ID_LIST?, LAST_UPDATE?, DIAGNOSIS?,
                    DIAGNOSIS_COMMENT?, CONSEQUENCE?,
                    CONSEQUENCE_COMMENT?, SOLUTION?, SOLUTION_COMMENT?,
                    COMPLIANCE?, CORRELATION?, RESULT?)>
<!ELEMENT INSTANCE (#PCDATA)>

 

Example:

 

<VULNINFO>
          <QID><![CDATA[19134]]></QID>
          <SEVERITY_LEVEL><![CDATA[2]]></SEVERITY_LEVEL>
          <TITLE><![CDATA[Oracle Server Accounts With Passwords That Do Not Expire]]></TITLE>
          <VULN_STATUS><![CDATA[Active]]></VULN_STATUS>
          <CATEGORY><![CDATA[Database]]></CATEGORY>
          <PORT><![CDATA[1521]]></PORT>
          <SERVICE><![CDATA[oracle]]></SERVICE>
          <INSTANCE><![CDATA[Oracle9:ora9206p:1521]]></INSTANCE>
          <CVSS_SCORE>
                    <CVSS_BASE source="service"><![CDATA[6.8]]></CVSS_BASE>
                    <CVSS_TEMPORAL><![CDATA[5.8]]></CVSS_TEMPORAL>
          </CVSS_SCORE>
          <FIRST_FOUND><![CDATA[2013-03-13T04:00:49Z]]></FIRST_FOUND>
          <LAST_FOUND><![CDATA[2013-03-14T22:25:51Z]]></LAST_FOUND>
          <TIMES_FOUND><![CDATA[2]]></TIMES_FOUND>
          <LAST_UPDATE><![CDATA[2005-06-21T01:22:01Z]]></LAST_UPDATE>
          <DIAGNOSIS><![CDATA[...]]></DIAGNOSIS>
</VULNINFO>

Changes to ticket_list_output.dtd

A new optional XML child element <INSTANCE> has been added to the following XML parent element <DETECTION> as show below in this DTD update:

 

<!ELEMENT DETECTION (IP, DNSNAME?, NBHNAME?, PORT?, SERVICE?, PROTOCOL?,
                     FQDN?, SSL?, INSTANCE?)>
<!ELEMENT INSTANCE (#PCDATA)>

 

Example:

 

<DETECTION>
        <IP>10.10.25.232</IP>
        <DNSNAME><![CDATA[ora9206-25-232]]></DNSNAME>
        <NBHNAME><![CDATA[ORA9206-25-232]]></NBHNAME>
        <PORT>1527</PORT>
        <SERVICE>Database</SERVICE>
        <PROTOCOL>tcp</PROTOCOL>
        <INSTANCE><![CDATA[Oracle9:ora9206p:1527]]></INSTANCE>
</DETECTION>

Outcomes