Tim White

Qualys 8.2 API Release Notification 2

Blog Post created by Tim White Employee on Oct 1, 2014

A new release of Qualys, Version 8.2, includes an API update which is targeted for release in October 2014.

 

This API notification provides an early preview into the coming API changes in Qualys 8.2, allowing you to proactively identify new opportunities to automate your Qualys service or to integrate with other applications.  Qualys 8.2 includes some modifications to existing APIs that required 30 day notification that can be viewed at Qualys 8.2 API Release Notification.

 

Please review the attached document below for more details about the 8.2 API Features.

 

Full release notes will be available to customers on the day of the release.

 

API Enhancements

Manage Excluded Hosts via API: You can now manage IP's in the global exclusion list via the API.  This will allow you to sync data with external systems such as CMDB's to identify hosts to exclude from scans.

 

Update Asset Groups Assigned to Compliance via API: You can now manage asset groups assigned to Qualys Policy Compliance (PC) policies via the API.  This allows customers to sync Qualys policy assignments to align with internal systems such as risk management systems.

 

Access Audit Scan Times and Live Hosts per Scan Level via API: The scan list v2 output now tells you the duration for each scan, the time it took for the scan to complete, in the new DURATION elements. This helps you to audit scan times. You’ll see scan duration for vulnerability scans (using/api/2.0/fo/scan/?action=list) and compliance scans (using /api/2.0/fo/scan/?action=list). Any scan that is not finished (for example in the queued or running state) will have its duration set to “Pending”.

 

Network ID Attribute Added: We've added the attribute "network_id" to network elements in the scheduled scans v1 output returned by the Scheduled Scans v1 API.

 

Max Capacity Units available via API: We've added the MAX_CAPACITY_UNITS element in the Scanner Appliance List v2 API allowing you to determine percentage of capacity available programmatically.

 

Manage VLANs and Static Routes for Virtual Appliances: You can now manage your VLANs and static routes for virtual scanner appliances via the Scanner Appliance v2 API.

 

Show Asset Group ID's in CSV:  Now you can easily find the IDs for your asset groups in the CSV report output.

 

Include "Vulnerability Severity" in detection API Output: We’ve added the vulnerability severity level to the XML output returned by the Host Detection API v2.

 

Policy Compliance - Support for EC2 Scanning:  Now we support launching EC2 compliance scans on your Amazon EC2 hosts (in your Amazon Web Services account) using the PC Scan API v2.

 

 

What is the <baseurl>?

This is the API server URL where your Qualys account is located. For an account on US Platform 1, this is <qualysapi.qualys.com>; on US Platform 2, this is <qualysapi.qg2.apps.qualys.com>; on EU Platform, this is <qualysapi.qualys.eu>.

Outcomes