WillB

QualysGuard WAS 3.0 API Notification

Blog Post created by WillB on Apr 25, 2013

A major release of QualysGuard WAS, Version 3.0, will be available as follows:

  • US Production 2 - May 7, 2013
  • US Production 1 - May 14, 2013
  • EU Production - May 21, 2013

 

This update includes enhancements to the web application API to add the new Malware Monitoring capability introduced in WAS 3.0. This release is completely transparent to users and will require no scheduled downtime. The release will occur between 12 PM PDT (19:00 GMT) and 8 PM PDT (03:00 AM GMT next day).

 

This API notification provides an early preview into the coming API changes, allowing you to proactively identify any changes that might be required for your automated scripts or programs that use the following functions or XML outputs All changes for WAS 3.0 should not impact existing API implementations as they are additive.

 

 

PlatformAPI Location
US Production 1qualysapi.qualys.com
US Production 2qualysapi.qg2.apps.qualys.com
EU Production 1qualysapi.qualys.eu

 

Introducing Malware Monitoring for Web Applications

We're pleased to announce that we've integrated malware detection capability into WAS to make it easy for you to perform scans that detect not only web application vulnerabilities, but also malware that may infect the same web properties. Now there's an easy way to combine web application scanning and malware detection to ensure that your Internet-facing web sites are free from web application vulnerabilities and malware. Web site malware is typically found only on Internet-facing web applications. To learn more about these scan types, refer to the WAS 3.0 feature announcement on Qualys Community.

 

 

WebApp Create and Update API

The new “malwareMonitoring” element is used to enable Malware Monitoring when creating or updating a web application using the WebApplication API. You can choose to start it sometime in the future using  the “malwareScheduleTime” and“malwareScheduleTimeZone” elements. The site owner will receive an email notification if any malware is detect when “malwareNotification=true” is used.

 

Example - Create a web application and enable Malware Monitoring

 

Request:
 
curl -u "USERNAME:PASSWORD" -H"Content-type: text/xml" -X "POST" --data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/create/was/webapp/"< file.xml

Note: “file.xml”contains the request POST data.

Request POST Data:

<ServiceRequest>
 <data>
   <WebApp>
     <name>My Web Application</name>
     <url>http://mywebapp.com</url>
     <malwareMonitoring>true</malwareMonitoring>
      <malwareNotification>true</malwareNotification>
      <malwareScheduleTime>23:59</malwareScheduleTime>
      <malwareScheduleTimeZone>
         <code>America/Vancouver</code>
      </malwareScheduleTimeZone>
   </WebApp>
 </data>
</ServiceRequest>

 


Response:

<?xml version="1.0"encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/webapp.xsd">
 <responseCode>SUCCESS</responseCode>
 <count>1</count>
 <data>
   <WebApp>
     <id>119</id>
     <name><![CDATA[My Web Application]]></name>
     <url><![CDATA[http://mywebapp.com]]></url>
     <owner>
       <id>123</id>
       <username>username</username>
       <firstName><![CDATA[John]]></firstName>
       <lastName><![CDATA[Smith]]></lastName>
     </owner>
     <scope>ALL</scope>
     <attributes>
       <count>0</count>
       <list/>
     </attributes>
     <defaultScanner>
       <type>EXTERNAL</type>
     </defaultScanner>
      <urlBlacklist>
       <count>0</count>
       <list/>
     </urlBlacklist>
     <urlWhitelist>
       <count>0</count>
       <list/>
     </urlWhitelist>
     <postDataBlacklist>
       <count>0</count>
       <list/>
     </postDataBlacklist>
     <authRecords>
       <count>0</count>
     </authRecords>
     <useRobots>IGNORE</useRobots>
     <useSitemap>false</useSitemap>
     <malwareMonitoring>true</malwareMonitoring>
     <malwareNotification>true</malwareNotification>
     <malwareScheduleTime>23:59</malwareScheduleTime>
     <malwareScheduleTimeZone>
       <code>America/Vancouver</code>
       <offset>-07:00</offset>
     </malwareScheduleTimeZone>
     <tags>
       <count>0</count>
     </tags>
     <comments>
        <count>0</count>
     </comments>
     <isScheduled>false</isScheduled>
     <createdBy>
       <id>123</id>
       <username>username</username>
       <firstName><![CDATA[John]]></firstName>
       <lastName><![CDATA[Smith]]></lastName>
      </createdBy>
     <createdDate>2013-03-21T20:16:06Z</createdDate>
     <updatedBy>
       <id>123</id>
       <username>username</username>
       <firstName><![CDATA[John]]></firstName>
       <lastName><![CDATA[Smith]]></lastName>
     </updatedBy>
      <updatedDate>2013-03-21T20:16:07Z</updatedDate>
   </WebApp>
 </data>
</ServiceResponse>

 

WebApp Get API

A new XML “malwareMonitoring” element will be added to theWebApp element to let user know if the malware monitoring is enabled. The value for this new element is a boolean so will be true or false. If true, you’ll also see the “malwareScheduleTime”, “malwareScheduleTimeZone” and“malwareNotification” elements.

 

Example - Get Web Application Details

Get webapplication details for a web application ID 16833.

 

Request:

curl -n -u “USERNAME:PASSWORD”"https://qualysapi.qualys.com/qps/rest/3.0/get/was/webapp/16833"
 
Response:

<?xmlversion="1.0" encoding="UTF-8"?>
<ServiceResponsexmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/wasscan.xsd">
 <responseCode>SUCCESS</responseCode>
  <count>1</count>
  <data>
    <WasScan>
      <id>16833</id>
…
    <malwareMonitoring>true</malwareMonitoring>
    <malwareNotification>true</malwareNotification>
    <malwareScheduleTime>23:59</malwareScheduleTime>
    <malwareScheduleTimeZone>
       <code>America/Vancouver</code>
    </malwareScheduleTimeZone>

 

WebApp Delete API

When a web application monitored for Malware is deleted, thecorresponding domain for malware scanning (in the MDS module) will be deleted.

 

Release Notes

Full release notes will be available to customers from within the Resources section of your QualysGuard account with the WAS 3.0 release.

Outcomes