Christophe Delaure

QualysGuard 7.13 API Notification - 30-day

Blog Post created by Christophe Delaure on Jan 10, 2014

A new release of QualysGuard, Version 7.13, will be available in production in February, 2014. The final date has not been determined, but this release contains changes to the APIs and DTDs that require 30-day notification. More information specific to this release, including the date of global availability, will be communicating 2 weeks before the release date via the Release Notification pages here:

 

 

This API notification provides an early preview into the coming API changes in QualysGuard 7.13, allowing you to proactively figure out any changes that might be required for your automated scripts or programs that make call to the API function describe provided below.

 

 

PC Policy Report XML - Control References Added

 

The QualysGuard Policy Compliance (PC) application allows you to add references to each control by using the new policy editor or by editing control details. With this release you can choose to create policy reports with your custom control references in XML format - just follow the steps below. The policy report XML output now lists the control references defined for each control. We’ve updated the policy report DTD (compliance_policy_report.dtd) to add a new element <CONTROL_REFERENCES>.

 

Step 1 - Configure the template settings

Configure your policy report template using the user interface (under PC > Reports > Templates). Be sure to choose the Group by Controls option and under Sections choose Control References.

 

Step 2 - Launch a PC policy report

API request:

 

       curl -k -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d

       "action=launch&template_id=55469&output_format=xml"

       "https://qualysapi.qualys.com/api/2.0/fo/report/"

 

 

XML output:

 

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE GENERIC SYSTEM "https://qualysapi.qualys.com/api/2.0/simple_return.dtd">
<SIMPLE_RETURN>
  <RESPONSE>
    <DATETIME>2013-12-11T21:45:23Z</DATETIME>
    <TEXT>New report launched</TEXT>
      <ITEM_LIST>
        <ITEM>
          <KEY>ID</KEY>
          <VALUE>1665</VALUE>
        </ITEM>
      </ITEM_LIST>
     </RESPONSE>
</SIMPLE_RETURN>

 

 

Step 3 - Download report XML

 

API request:

 

curl -k -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d "action=fetch&id=1665" "https://qualysapi.qualys.com/api/2.0/fo/report/"

 

XML output:

 

...<CONTROL_LIST>
  <CONTROL>
    <CID>1376</CID>
    <STATEMENT><![CDATA[Status of the 'Interactive Logon: Do not require CTRL+ALT+DEL' setting]]></STATEMENT>
    <CONTROL_REFERENCES>ABC123,4.6.88</CONTROL_REFERENCES> 
    <RATIONALE><![CDATA[The Windows OS behaves differently when the 'CTRL+ALT+Delete' is invoked before login--this guarantees that the authentication process for the system is engaged. Otherwise, when only the two-line login screen is presented, it is possible that a Trojan program is displaying a phony userid/password login screen, which will collect the credentials and exit, leaving the user believing that he/she simply mistyped one or both of the required values. NOTE: As this is one of the reverse-logic controls, it is important to remember that this should be DISABLED to actually be enabled.]]></RATIONALE>
  <STATUS><![CDATA[Passed]]></STATUS>
  <EVIDENCE><![CDATA[CHECK1]]></EVIDENCE>
</CONTROL>

 

 

Updated DTD (updates in bold):

 

...
<!ELEMENT CONTROL_LIST (CONTROL*)>
<!ELEMENT CONTROL (CID, STATEMENT, CONTROL_REFERENCES?, DEPRECATED?,
                   RATIONALE?, INSTANCE?, STATUS, EVIDENCE?, EXCEPTION?)>
<!ELEMENT CID (#PCDATA)>
<!ELEMENT STATEMENT (#PCDATA)>
<!ELEMENT CONTROL_REFERENCES (#PCDATA)>
<!ELEMENT RATIONALE (#PCDATA)>
<!ELEMENT STATUS (#PCDATA)>
<!ELEMENT INSTANCE (#PCDATA)>
<!ELEMENT EVIDENCE (#PCDATA)>
<!ELEMENT EXCEPTION (ASSIGNEE, STATUS, END_DATE, CREATED_BY, CREATED_DATE,
...
MODIFIED_BY, MODIFIED_DATE, COMMENT_LIST?)>

Outcomes