Can any one just list down the uses of the "QualysGuard XML API" present in WAS ?
Thanks & stay secure,
The QualysGuard APIs are used for automation of bulk data or automation of tasks. Basically, if you would like to setup a scan, start the scan and extract data from the scan, using your own tools, it will be done via the API. Additionally many of our integration partners use the API services to automate configuration steps.
The XML output from our scans can be read into a database, processed by any sort of tool you would like to use, or used to feed virtual patching tools such as a WAF.
To add to Jason's response - WAS 1.0 APIs are described in the user guide at:
WAS 2.2 will include APIs as well and is currently planned for release later in Feb. A notice and user guide will be available for that release later in Feb 2012.
I guess you alomost know everything about the API now, but is there a specific reason why you asked ?
I want to make sure that we don't miss an opportunity to help you with a project that might involve the API.
One of our customer owns licenses for Qualys WAS as well as WebInspect. Now both being proprietary tools we cannot make any changes the way they work. So one option is to develop your own tool to fetch the reports from qualys using the APIs & then customise it to a format that WebInspect can import as Qualys do not have import feature...
This could help in a direct comparison of the scan reports for a single application with results from two diff tools.
So at the end of the day the customer gets a comprehensive high quality report. Because Qualys may have identified issues which WebInspect may have missed or vice versa...
Just a thought not sure if its actually feasible or at all make sense...
Also we are looking for an automated way to map it with mod security WAF. In case Qualys already has an API that generates mod sec compatible conf/rul file then please let know...
I guess it makes sense. I have to say that I have no expertise with WebInspect and wheter or not you can upload data, so you might have to create custom report to do the consolidation of the results.
Before thinking at creating an automatic process, I would suggest to do some manual manipulation of the reports to see if you can extract meaningful information.
On top of my head, I can think at two things you would have to do:
1. identify a unique web app to make sure your consolidate the results for the same target.
2. find the overlap between Qualys WAS results and Webinspect to indentify the same vulnerabilities
The API can help, but you can also start with the UI and download the scan results in XML. It is only available in WAS 1.0 for the time being but it is going to be availabe in WAS 2.0 real soon.
Concering WAF, we don't have an API for that yet. But we have an integration with Imperva available today (maybe other in the future). So they is a way to do waht you need.
I hope it helps,
We don't have that kind of "WAS -> mod_security" automation. However, I'd encourage you to keep an eye on IronBee, a new open source WAF engine sponsored by Qualys and designed by the author of mod_security (Ivan Ristic).
You can find an example on creating a web application through the API XML on a blog post of mine: http://blog.qnimbus.co/2012/03/add-web-application-via-qualysguard-was.html
Retrieving data ...