Get WAS scan results in XML format with a WAS 2.0 account

Document created by Eric Perraudeau Employee on Mar 13, 2012Last modified by Eric Perraudeau Employee on Mar 4, 2013
Version 8Show Document
  • View in full screen mode


Problem

When a WAS 1.0 subscription has been migrated over to the new WAS 2.0 module, the user interface does not provide a way to manually download the scan results in XML format yet, although users may need to get these reports.

 

This document describes how the API can be used in order to download WAS scan results in XML. It is recommended to use the new XML format; but for backward compatibility, users can use still download the WAS scan results in the former XML structure.

 

Note: the examples provided below are using qualysapi.qualys.com; please replace it by qualysapi.qualys.eu if your account is hosted on the EU platform.

 

Solution using the API

The new WAS 2.0 XML API provide a way to download any WAS scan results into an XML file.

Here are the API requests that needs to be performed in order to get these XML files using the command line tool "curl":

 

1. Get the list of the scan results:

 

curl -u "USER:PASS" -H "content-type: text/xml" -X "POST" "https://qualysapi.qualys.com/qps/rest/3.0/search/was/wasscan/"

 

You will get a list of <WasScan> and need to extract the <id> like in the excerpt below:

 

[...]

 

<WasScan>

      <id>1941156</id>

 

[...]

 

2. download the  scan results in XML format:

 

curl -u "USER:PASS" -X "GET" "https://qualysapi.qualys.com/qps/rest/3.0/download/was/wasscan/1941156"

 

 

 

For more information about the WAS 2.0 API, please read the user guide available for download here: http://www.qualys.com/docs/WAS_API_User_Guide.pdf

 

 

Use the UI to retrieve the scan ID

To make the process easier to retrieve the scan ID, the UI can be used as shown in the screenshot below:

 

 

 

Screen Shot 2012-03-19 at 11.53.30 .png

 

Tips to get WAS 1.0 XML format used for vintage WAF integrations

Note that the XML results can also be downloaded using the former WAS 1.0 XML format as they used to be available in the UI. In this case, the request is almost identical, except the version of the API framework identified with ".../rest/2.0/..." as shown below:

 

curl -u "USER:PASS" -X "GET" "https://qualysapi.qualys.com/qps/rest/2.0/download/was/wasscan/1941156"

 


Attachments

    Outcomes