Jeff Leggett

Qualys Cloud Platform 8.12 (QWEB VM/PC) API Notification 2

Blog Post created by Jeff Leggett Employee on Jan 23, 2018

A new release of Qualys Cloud Suite, Version 8.12, this version # applies to Qualys Vulnerability Management (VM) and Policy Compliance (PC), includes an updated API which is targeted for release in February 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.  Please refer to the detailed release notes attached to this notification for more information.

 

What's new

Enhanced Asset Group API v2 /api/2.0/fo/asset/group/

The Asset Group API v2 (/api/2.0/fo/asset/group/) contains the following new updates:

- Download the API results in a CSV format

- Fetch comments for an asset group

 

Asset Group List Output - DTD Change 
The Asset Group List Output DTD is used when you list the asset groups in your account. We’ve made several changes to this DTD.

 

Compliance Authentication Report - DTD Change /api/2.0/fo/report with action=fetch
The Compliance Authentication Report DTD is used when you download a saved authentication report from your account. We’ve made updates to this DTD to add missing elements that resulted in validation errors.


Dynamic Search List API - Support for CPE Type /api/2.0/fo/qid/search_list/dynamic/
The Dynamic Search List API lets you create/update dynamic search lists and get information about them. We’ve added API support for CPE “part” values (Operating System, Application, Hardware) in dynamic search lists, allowing you to target specific vulnerabilities for sending to the appropriate remediation teams.

 

New VM Scan Statistics API /api/2.0/fo/scan/stats/
The new VM Scan Statistics API allows customers to get details about vulnerability scans and assets that are waiting to be processed. You’ll see these sections in the XML output:
UNPROCESSED SCANS - The total number of scans that are not processed, including scans that are queued, running, loading, finished, etc.
VM RECRYPT BACKLOGS - The total number of assets across your finished scans that are waiting to be processed.
VM RECRYPT BACKLOGS BY SCAN - Scan details for vulnerability scans that are waiting to be processed. For each scan, you’ll see the scan ID, scan title, scan status, processing priority and number of hosts that the scan finished but not processed.
VM RECRYPT BACKLOGS BY TASK - Processing task details for vulnerability scans that are waiting to be processed. For each task, you’ll see the same scan details as VM RECRYPT BACKLOGS BY SCAN plus additional information like the total hosts alive for the scan, the number of hosts from the scan that have been processed, the number of hosts waiting to be processed, the scan start date, the task type and task status.

 

Host List Detection API - New ARF Filters for Kernel, Service and Configuration /api/2.0/fo/asset/host/vm/detection/
You can now filter your host detection list based on Acceptable Risk Factors (ARF) related to kernel, service and host configuration. The risk factor or exploitability of a detected vulnerability is based on an ARF rule, which is pre-defined by Qualys. NOTE: active_kernels_only is now deprecated and will be removed in a future release. Please use arf_kernel_filter instead.

 

Scan Schedule API - Enhanced EC2 Details /api/2.0/fo/schedule/scan/

The Scan Schedule API v2 supports defining schedules for vulnerability scans. We now provide you more details about your EC2 connector. Using the list action, you can now view details such as the provider (Amazon Web Services-AWS), connector name, the unique UUID assigned to it, the region, type of scan, and so on.

 

New element in Authentication Records List DTD /api/2.0/fo/auth/
We’ve made DTD changes to add new elements to the authentication record list output. This is pre-release functionality scheduled for a future release related to VMware vCenter authentication support.

 

Vault Support for VMware Authentication /api/2.0/fo/auth/vmware/
Now users can configure VMware authentication records to use vaults to access credentials used for authentication.

 

Support for CertView scans (coming soon!)

We’ve made updates to the Scan API to support CertView scans when CertView GA is released (keep in mind CertView scans are not supported at this time).

Scan List API /api/2.0/fo/scan/?action=list
Launch Scan API /api/2.0/fo/schedule/scan/?action=launch
Schedule Scan API /api/2.0/fo/schedule/scan/?action=create
Add Asset API /api/2.0/fo/asset/ip/?action=add

Outcomes