Jeff Leggett

Qualys Cloud Suite 8.9 API notification 1 (republish)

Blog Post created by Jeff Leggett Employee on Oct 11, 2016

NOTE: This is an updated version of the API notifications originally published on 9/22.  Additional features were added to the release late.  Qualys apologies for any confusion that may result.  All PRIOR notifications are still valid, this just includes a few more.

 

A new release of Qualys Cloud Suite, Version 8.9 includes an API update which is targeted for release in November 2016.   The specific day will differ depending on the platform.  See platform release dates for more information. This API notification provides an early preview into the coming API changes, allowing you to proactively identify any changes that might be required for your automated scripts or programs that utilize the API methods.

 

This release includes features with changes to XML, CSV output, and/or DTD which could impact existing API implementations.  Notification about other new API features along with additional details and examples will be posted prior to the release.

 

For details about the changes, please see the attached detailed release notification below.

 

What’s New

Appliance List Output shows start date/time for CMD Only mode

 

* The Appliance List Output now includes the date/time an appliance enters into CMD Only (command only) mode. This mode may be entered for various reasons, such as

when a session expires.

 

Scan API v1 Does Not Support Scanning Custom Networks

 

* Using the Scan API v1 (/msp/scan.php) you will now get an error if you try to scan a custom network (i.e. asset groups belonging to a custom network). It’s still possible to

scan the Global Default Network.

 

New Support for Cyber-Ark AIM Vaults

 

* This new vault type can be used to retrieve authentication credentials from CyberArk's Central Credential Provider (CCP) solution

 

User List Output - User ID added

 

* The User List v1 API (/msp/user_list.php) lets you view the users in the subscription. The user list output now includes the user ID assigned to each user.

 

Appliance API - Add tags to your scanner appliances

 

* You can now add tags to your scanner appliances using the Appliance API v2 (/api/2.0/fo/appliance). The new parameters let you add, remove and reset tags for

appliances.

 

Launch Scan using All Scanners in Network

 

* You can now launch and schedule scans using the All Scanners in Network option, which will launch scans using all the scanner appliances in your network

 

SSH2 Authentication Enhancements

 

* We're excited to tell you about the many enhancements we’ve made to support SSH2 authentication in this release, and continuijng in upcoming releases.  Please see the release notes for details.

 

Appliance List Output - Start date/time for CMD Only mode added

 

* The Appliance List Output now includes the date/time an appliance enters into CMD Only (command only) mode. This mode may be entered for various reasons, such as when a session expires.

 

User List Output - User ID added

 

* The User List v1 API (/msp/user_list.php) lets you view the users in the subscription. The user list output now includes the user ID assigned to each user.

 

MS SQL Authentication Record API - Domain supported

 

Now you can easily create domain based MS SQL authentication records. Just add the member domain to your MS SQL record and we'll auto discover MS SQL instances for authentication.

 

IP Update - Fix to Command List Output and DTD

 

The Command List Output DTD is used when you perform an IP update that results in a warning about duplicate hosts. We made a fix in the XML output to add the opening tag for COMMAND_LIST_OUTPUT, and we updated the COMMAND_LIST_OUTPUT DTD to include missing elements CODE and WARNING (plus sub-elements).

 

VM - Choose a Priority Level for each scan

 

Now you can tell us which of your vulnerability scans has the highest priority and should be processed first. You’ll do this at the time you launch/schedule your scan. By default, no priority is set. You can choose from nine priority levels with the highest priority being 1 - Emergency and the lowest priority being 9 - Low.

 

VM - Removed Version element of CVSS v3

 

* We've updated XML output returned from the KnowledgeBase API (v2)

(/api/2.0/fo/knowledge_base/vuln/?action=list) to remove the VERSION sub-element for CVSS_V3 as it is not applicable.

 

VM - Improvements to Reporting Host Scan Time

 

* We’ve changed the way we report the host scan time when updating vulnerabilities and tickets. The host scan time will now be based on when the scan finished, not when the scan started. We’ll get this date from QID 45038 “Host Scan Time”. If this QID was not included in your vulnerability scan then we’ll use the scan start date/time.

 

VM - More Detection Info Returned from Vulnerability Detection API

 

* The output for the Host List VM Detection API (/api/2.0/fo/asset/host/vm/detection) includes more detection information: IS_DISABLED< IS_IGNORED, TIMES_FOUND, SERVICE

 

VM - Easily Identify Disabled Vulnerabilities in KnowledgeBase APIs

 

* We’ve added a new flag to the XML output of KnowledgeBase APIs to identify vulnerabilities that have been disabled. Managers can disable vulnerabilities in the

KnowledgeBase in order to globally filter them from all host

 

VM - Display Last Fixed Date in Scan Reports

 

When you download a scan report (with host based findings) from your account you’ll now see the last fixed date/time for each vulnerability in the report. Download scan reports using any of these methods: download from the UI, use the Report API v2 (/api/2.0/fo/report/?action=fetch), or use the Asset Data Report API v1 (/msp/asset_data_report.php). The Asset Data Report DTD (asset_data_report.dtd) was updated.

 

VM - CVSS3 Final Score in Scan Reports

 

We’ve added the CVSS3 final score in scan reports with host based findings (also known as asset data reports). Both XML and CSV formats were updated.

 

VM - Updates to Vulnerability Scorecard Report

 

We’ve made these updates to the Vulnerability Scorecard Report and the Asset Group

Scorecard Report DTD (asset_group_scorecard.dtd).

 

VM - Vulnerability Counts by Severity Added to Scan Report CSV

 

This update applies to a scan report with host based findings. Now when you sort your scan report by vulnerability you’ll see a section in the CSV output that shows the total number of vulnerabilities detected at each severity level.

 

PC - Expose Human Readable Looks-ups for Control Descriptions via API

 

* The Compliance Policy Export API (/api/2.0/fo/compliance/policy/?action=export) now includes a new appendix with human readable look-ups for control descriptions

 

PC - Compliance Control List Output - added UDC settings

 

* The control list may include service-defined controls and user-defined controls (UDCs). The XML output has been updated to include settings defined for each UDC, including

scan parameter settings, ignore options, datapoint, etc.

 

PC - Changes to STATISTICS element in Policy Report

 

* We will now report statistics information for UDCs in a consistent way using <STATS> under <STATISTICS>.

 

PC - Last Evaluated Date added to Policy Reports

 

* Your compliance reports (policy report and interactive reports) will now show the date the policy was last evaluated.

 

PC - Uniquely Identify Data Points using Name and ID

 

* You can now use the new input parameter "include_dp_name=1" in the Compliance Posture Information API (/api/2.0/fo/compliance/posture/info) to show the name and ID for each data point in the XML output. This is useful for uniquely identifying data points.

 

PC - Support Asset Tags in Compliance Policies

 

PC - Include UDCs in Policy Export/Import

 

* You can now include user-defined controls (UDCs) when you export a policy from your account to CSV or XML, and when you import a policy to your account from XML.

 

PC - Policy List Output - added Locked indicator

 

With this release Managers and Unit Managers have the ability to lock compliance policies. When locked, the policy settings cannot be edited by other users. The output for the Compliance Policy List API (/api/2.0/fo/compliance/policy/ with action=list) has been updated to indicate when a policy is locked.

 

PC - Control List output - added USC settings

The control list may include service-defined controls and user-defined controls (UDCs). The XML output has been updated to include settings defined for each UDC, including scan parameter settings, ignore options, datapoint, etc.

Outcomes