Jeff Leggett

Qualys Cloud Platform 2.34 (AM/WAS/WAF/CM) API notification 2

Blog Post created by Jeff Leggett Employee on Aug 13, 2018

A new release of Qualys Cloud Suite, Version 2.34, includes an updated API which is targeted for release in September 2018. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.  Release notes are attached to this post.

 

What’s New
Fetch Docker information through Asset Management API
/qps/rest/2.0/get/am/hostasset
/qps/rest/2.0/search/am/hostasset
The Asset Management API now returns docker (container) information for host assets
matching the provided criteria.

 

Continuous Monitoring (CM) Licensing
/qps/rest/1.0/search/cm/alert/
/qps/rest/1.0/get/cm/alert/<id>
/qps/rest/1.0/download/cm/alert/?format=<format>
/qps/rest/1.0/search/cm/profile/
/qps/rest/1.0/get/cm/profile/<id>
With this release asset licensing is implemented in the Continuous Monitoring (CM) app,
for internal and external assets. This applies to non trial CM customers only. After login to
the CM UI, the customer can add asset tags to be used for licensing under the
Configuration tab called Licensing Details. This allows the customer to select the asset
tags to enforce the licensing.

 

New XSS Power Mode Option Profile in WAS
/qps/rest/3.0/get/was/optionprofile/<id>
/qps/rest/3.0/create/was/optionprofile
/qps/rest/3.0/update/was/optionprofile/<id>
You can now execute specialized scan that performs comprehensive tests for cross-site
scripting vulnerabilities using the new option profile with XSS Power Mode detection scope
that we have introduced. The detection scope performs tests using the standard XSS
payloads, which detect the most common instances of XSS, but also with additional
payloads that can identify XSS in certain, less-common situations. Running a scan with
option profile that has XSS Power Mode detection scope will provide the best assurance
that your web application is free from XSS vulnerabilities.

 

New Security Filters in WAF for Cipher Selection in Web Applications
/qps/rest/2.0/get/waf/webapp/<id>
/qps/rest/2.0/search/waf/webapp/
/qps/rest/2.0/create/waf/webapp
/qps/rest/2.0/update/waf/webapp/<id>
We have made cipher selection for your web applications simple with new security filters.
You can choose one or more one security filters based on your security requirements.
Available security filters are Strong, Good, Weak and Unsafe.

 

Separate VULNSIGS information in Asset Management API for split manifest
/qps/rest/2.0/get/am/hostasset
/qps/rest/2.0/search/am/hostasset
The Asset Management API now returns separate VULNSIGS information for host asset
when using a split manifest for VM, PC, or SCA.

 

WAF APIs for version 1.0 deprecated
WAF APIs for version 1.0 are now deprecated and no longer available. You can use
equivalent version 2.0 APIs to perform WAF operations.

Outcomes