A new release of Qualys Cloud Suite, Version 8.11 (this version # applies to Qualys Vulnerability Management (VM) and Policy Compliance (PC)), includes an updated API which is targeted for release in October 2017. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API. The release notes are attached at the end of this notice.
Tomcat Server Auth - Extended Support to Windows /api/2.0/fo/auth/tomcat/
We now support vulnerability and compliance scans for tomcat servers running on Windows hosts. Simply create a Tomcat Server record with details about your Apache Tomcat installation and instance. Your Tomcat Server records may include details for both Windows and Unix installations (previously supported).
New MongoDB Authentication API /api/2.0/fo/auth/mongodb/
With this release MongoDB authentication is supported for vulnerability scans and compliance scans using Qualys apps VM, PC, SCA. The MongoDB Record API (<baseurl>/api/2.0/fo/auth/mongodb/) allows you manage MongoDB records for performing authenticated scans of MongoDB instances running on Unix.
New Palo Alto Firewall Authentication API /api/2.0/fo/auth/palo_alto_firewall
We now have added a new API to support Palo Alto Firewall. Using the Palo Alto Firewall API (.../api/2.0/fo/auth/palo_alto_firewall) you can perform these actions: create, update, list, delete.
Scheduled Scan API Improvements /api/2.0/fo/schedule/scan/
You now have the ability to update scheduled scans using the Scan Schedule V2 API (/api/2.0/fo/schedule/scan/). We also added new input parameters for more granular time selections for defining when to end, pause and resume a scan.
Scanner API - New parameter for Scanner Type /api/2.0/fo/appliance/
We now added a new parameter to Scanner appliance API (... /api/2.0/fo/appliance/) for you to identify the type of scanner appliance. However, the type of scanner appliance is reflected in the output only if the output mode is set to full.
VM - Get additional information for detection type INFO /api/2.0/fo/asset/host/vm/detection/
The Host List Detection (.../api/2.0/fo/asset/host/vm/detection/) API now provides following additional information for the detection type “Info”:
- severity level
- date and time when first detected
- date and time when last detected
- number of times detected
PC - View Asset Groups and Tag Information in XML Report Updated DTD Only for /api/2.0/fo/compliance
The Compliance Policy Report DTD is now updated so that the policy report (xml) provides information about Asset Groups, IPs, Host Instances and Tags.
PC - New UDC for Windows and Unix
We have now updated Control (.../api/2.0/fo/compliance/control) and Compliance Policy Report (.../api/2.0/fo/report/) APIs to support integrity content check of Unix and Windows directory and files.
New way to track API usage Update to Header only
API usage can be tracked using the X-Powered-By HTTP header which includes a unique ID generated for each subscription. Once enabled, the X-Powered-By HTTP header is returned for each API request made by a user. This will enable you to track API requests across users without providing the user credentials.