Jeff Leggett

Qualys Cloud Platform 8.15 (VM/PC) API notification 2

Blog Post created by Jeff Leggett Employee on Aug 7, 2018

A new release of Qualys Cloud Suite, Version 8.15, includes an updated API which is targeted for release in September 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

 

What’s New
Posture Profile API - DTD Change for show_remediation_info /api/2.0/fo/compliance/posture/info/
In the Posture Profile Information DTD the V value in element <!ELEMENT TP (LABEL, V+)> replaced with <!ELEMENT TP (LABEL, V*)> to ensure that the validation does not fail. This is an optional value.

 

Posture Profile API - New Parameter to Show Cause of Failure /api/2.0/fo/compliance/posture/info/
We added a new parameter to the Posture Profile API to show the cause of failure for CIDs.

 

New EC2 Information in the Host Based Report /api/2.0/fo/report
You will now see three new fields: Account ID, Region Code and Subnet ID in host based reports when you create your report using the Scan or PCI Scan template with the EC2 Related Information option checked.

 

New MariaDB Authentication API /api/2.0/fo/auth/ /api/2.0/fo/auth/mariadb/
MariaDB authentication is now supported for compliance scans. The new MariaDB Authentication API (<baseurl>/api/2.0/fo/auth/mariadb/) lets you list, create, update and delete MariaDB authentication records. User permissions for this API are the same as other authentication record APIs.

 

New JBOSS Server Authentication Record /api/2.0/fo/auth/jboss
We have now added a new API to support JBoss Server Authentication. Using the JBoss Server API (.../api/2.0/fo/auth/jboss) you can perform these actions: create, update, list, delete

 

MySQL DB Authentication API - Support for Vaults /api/2.0/fo/auth/mysql/
Now API users can configure MySQL authentication records to use vaults to access credentials used for authentication. Vaults are already supported for MySQL authentication in the UI.

 

List Tomcat Records - DTD Change /api/2.0/fo/auth/tomcat/?action=list
The Auth Tomcat List Output DTD is used when you list Tomcat authentication records in your account. In this DTD, we changed the element SERVICE_NAME to SERVICE_NAME_WINDOWS.

 

Scanner Appliance: IPv6 Support for VLANs and Static Routes /api/2.0/fo/appliance/*/
We now support IPv6 addresses when defining VLANs and static routes for virtual and physical scanner appliances. Appliances can have a mix of IPv4 configurations and IPv6 configurations.

 

NOTE: We are making our formerly Limited Customer Release Subscription API Generally Available (GA) for all customers. Do note this is only of use if you have and manage multiple subscriptions on the Qualys Cloud Platform. For the majority of customers, this is of no use.


Option Profile API - Export System Profiles /api/2.0/fo/subscription/option_profile/

More Option Profile functions for VM, PCI, PC /api/2.0/fo/subscription/option_profile/*/
You can now create, update, list and delete option profiles for VM, PCI, and PC.

(UPDATE: prior release notes only included partial information on this new API)

Outcomes