Ive checked through the API docs but i cant find a way to initiate a compliance scan from the API. Is it possible? It appears i can manage a scan but not start one.
Yes, it is possible since QG 7.5. You need to use the API "/api/2.0/fo/scan/compliance/?action=launch&other_param"
This is documented in page 37 of the API v2 user here: http://www.qualys.com/docs/QualysGuard_API_v2_User_Guide.pdf
great! hadnt pulled the 7.5 yet.
Hey Michael, I'm glad Eric was able to help you out. I am curious, how do you plan on implementing this?
Was planning on a perl script to fire off a vm scan and pc scan when a new host is created from our server build process. Beyond that, haven't gotten there. I looked at using the perl module QualyGuard::Request and associated Response but it appears that is only for v1 API and not v2. So long story short, I'm poking around at writing a hybrid module for 'automatically' determining if the call I need is v1 or v2 and the acting appropriately.
Doesn't seem to work for us. We have been able to use the compliance API prior to 7.5 to view policies and controls (which continues to work) but when we try the action=launch options, we get the
"Your subscription service settings do not allow you to use the compliance scan API"
error. The account has API access, and the API access is also enabled for the user under PC. Not sure if this is something with the account we're using or potentially something with the API?
Access to this API module requires "New Scan Services"
You can check your account by going to Help > Account Info
The last line should indicate if "New Scan Services" is enabled or disabled for your subscription.
If it is disabled, you can request that it be enabled by contacting your Technical Account Manager or sending an email to email@example.com
Before "New Scan Services" can be enabled please ensure that all scanner appliances are online and contacting our SOC.
For more details about "New Scanner Services":https://community.qualys.com/docs/DOC-3695
To further help with others (we just ran into that error) the Error code is 2010 .
<TEXT>Your subscription service settings do not allow you to use the complia
nce scan API</TEXT>
Retrieving data ...