When a WAS 1.0 subscription has been migrated over to the new WAS 2.0 module, the user interface does not provide a way to manually download the scan results in XML format yet, although users may need to get these reports.
This document describes how the API can be used in order to download WAS scan results in XML. It is recommended to use the new XML format; but for backward compatibility, users can use still download the WAS scan results in the former XML structure.
Note: the examples provided below are using qualysapi.qualys.com; please replace it by qualysapi.qualys.eu if your account is hosted on the EU platform.
Solution using the API
The new WAS 2.0 XML API provide a way to download any WAS scan results into an XML file.
Here are the API requests that needs to be performed in order to get these XML files using the command line tool "curl":
1. Get the list of the scan results:
curl -u "USER:PASS" -H "content-type: text/xml" -X "POST" "https://qualysapi.qualys.com/qps/rest/3.0/search/was/wasscan/"
2. download the scan results in XML format:
curl -u "USER:PASS" -X "GET" "https://qualysapi.qualys.com/qps/rest/3.0/download/was/wasscan/1941156"
For more information about the WAS 2.0 API, please read the user guide available for download here: http://www.qualys.com/docs/WAS_API_User_Guide.pdf
Use the UI to retrieve the scan ID
To make the process easier to retrieve the scan ID, the UI can be used as shown in the screenshot below:
Tips to get WAS 1.0 XML format used for vintage WAF integrations
Note that the XML results can also be downloaded using the former WAS 1.0 XML format as they used to be available in the UI. In this case, the request is almost identical, except the version of the API framework identified with ".../rest/2.0/..." as shown below:
curl -u "USER:PASS" -X "GET" "https://qualysapi.qualys.com/qps/rest/2.0/download/was/wasscan/1941156"