Jeff Leggett

Qualys Cloud Platform Suite 8.11 (VM/PC) API Notification 2

Blog Post created by Jeff Leggett Employee on Oct 10, 2017

A new release of Qualys Cloud Suite, Version 8.11 (this version # applies to Qualys Vulnerability Management (VM) and Policy Compliance (PC)), includes an updated API which is targeted for release in October 2017. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API. The release notes are attached at the end of this notice.

 

What's new

Tomcat Server Auth - Extended Support to Windows /api/2.0/fo/auth/tomcat/

We now support vulnerability and compliance scans for tomcat servers running on Windows hosts. Simply create a Tomcat Server record with details about your Apache Tomcat installation and instance. Your Tomcat Server records may include details for both Windows and Unix installations (previously supported). 


New MongoDB Authentication API /api/2.0/fo/auth/mongodb/

With this release MongoDB authentication is supported for vulnerability scans and compliance scans using Qualys apps VM, PC, SCA. The MongoDB Record API (<baseurl>/api/2.0/fo/auth/mongodb/) allows you manage MongoDB records for performing authenticated scans of MongoDB instances running on Unix.


New Palo Alto Firewall Authentication API /api/2.0/fo/auth/palo_alto_firewall

We now have added a new API to support Palo Alto Firewall. Using the Palo Alto Firewall API (.../api/2.0/fo/auth/palo_alto_firewall) you can perform these actions: create, update, list, delete.

 

Thycotic Secret Server vault supports private key retrieval
Thycotic Secret Server vault now supports the retrieval of the private key for authenticated scanning. Users can enable the private key retrieval option for these authentication records: MongoDB, PostgresSQL, Unix


Scheduled Scan API Improvements /api/2.0/fo/schedule/scan/

You now have the ability to update scheduled scans using the Scan Schedule V2 API (/api/2.0/fo/schedule/scan/). We also added new input parameters for more granular time selections for defining when to end, pause and resume a scan.


Scanner API - New parameter for Scanner Type  /api/2.0/fo/appliance/

We now added a new parameter to Scanner appliance API (... /api/2.0/fo/appliance/) for you to identify the type of scanner appliance. However, the type of scanner appliance is reflected in the output only if the output mode is set to full.

 

Option Profile API - Enable Auto Update /api/2.0/fo/subscription/option_profile/

We now added a new element to compliance option profile API (.../api/2.0/fo/subscription/option_profile/) when you export/import an option profile we'll now show you whether the Auto Update expected value is enabled or not.

 

Option Profile API - Disable overriding OS value in subsequent scans /api/2.0/fo/subscription/option_profile/

You can configure an option profile to not override the OS detected by a previous scan. This is especially useful if you’re running a light or custom scan and you don’t want to overwrite the OS detected by a Full scan.

 

Excluded Hosts List API - New tag filters /api/2.0/fo/asset/excluded_ip/

We now added new filters to Excluded Hosts API (...api/2.0/fo/asset/excluded_ip/) for you to list excluded hosts that user has access to.


VM - Get additional information for detection type INFO /api/2.0/fo/asset/host/vm/detection/

The Host List Detection (.../api/2.0/fo/asset/host/vm/detection/) API now provides following additional information for the detection type “Info”:

- severity level

- date and time when first detected

- date and time when last detected

- number of times detected 

 

VM - Show QG Host ID for assets scanned with Agentless Tracking /api/2.0/fo/asset/host/vm/detection/ & /api/2.0/fo/asset/host/

You’ll now see the QG Host ID (Qualys Host ID) for assets scanned with Agentless Tracking enabled (an option that allows you to track hosts by host ID). Previously the QG Host ID only appeared for assets with cloud agents installed.

 

VM - Show QID Changes in KnowledgeBase API /api/2.0/fo/knowledge_base/vuln/

You’ll now be able to view a list of changes made by Qualys to any QID in the Vulnerability KnowledgeBase including changes to detection logic, severity level and vulnerability type (confirmed, potential, information gathered). For each change you’ll see the date of the change and comments provided by the Qualys Vulnerability Signatures team.


PC - View Asset Groups and Tag Information in XML Report Updated DTD Only for /api/2.0/fo/compliance

The Compliance Policy Report DTD is now updated so that the policy report (xml) provides information about Asset Groups, IPs, Host Instances and Tags.


PC - New UDC for Windows and Unix

We have now updated Control (.../api/2.0/fo/compliance/control) and Compliance Policy Report (.../api/2.0/fo/report/) APIs to support integrity content check of Unix and Windows directory and files.


New way to track API usage Update to Header only

 API usage can be tracked using the X-Powered-By HTTP header which includes a unique ID generated for each subscription. Once enabled, the X-Powered-By HTTP header is returned for each API request made by a user. This will enable you to track API requests across users without providing the user credentials.

Outcomes