Skip navigation
3835 Views 7 Replies Latest reply: Mar 12, 2012 9:33 AM by Parag Baxi RSS
SOMEN DAS Level 1 27 posts since
Jan 25, 2012
Currently Being Moderated

Feb 5, 2012 9:54 AM

What the QualysGuard XML APIs are used for ?

Dear All,

 

Can any one just list down the uses of the "QualysGuard XML API" present in WAS ?

 

Thanks & stay secure,

Somen

  • jkent@qualys.com Level 4 435 posts since
    Jul 24, 2010
    Currently Being Moderated
    Feb 6, 2012 6:42 AM (in response to SOMEN DAS)
    What the QualysGuard XML APIs are used for ?

    Somen,

     

    The QualysGuard APIs are used for automation of bulk data or automation of tasks.  Basically, if you would like to setup a scan, start the scan and extract data from the scan, using your own tools, it will be done via the API.  Additionally many of our integration partners use the API services to automate configuration steps. 

     

    The XML output from our scans can be read into a database, processed by any sort of tool you would like to use, or used to feed virtual patching tools such as a WAF.

     

    Thanks,

     

    J

  • WillB Level 4 286 posts since
    May 2, 2011
    Currently Being Moderated
    Feb 6, 2012 8:16 AM (in response to SOMEN DAS)
    What the QualysGuard XML APIs are used for ?

    To add to Jason's response - WAS 1.0 APIs are described in the user guide at:

    http://www.qualys.com/docs/QualysGuard_API_v2_User_Guide.pdf

     

    WAS 2.2 will include APIs as well and is currently planned for release later in Feb.  A notice and user guide will be available for that release later in Feb 2012.

  • Eric Perraudeau Level 4 273 posts since
    Jul 15, 2010
    Currently Being Moderated
    Feb 6, 2012 5:11 PM (in response to SOMEN DAS)
    What the QualysGuard XML APIs are used for ?

    Hi Somen,

     

    I guess you alomost know everything about the API now, but is there a specific reason why you asked ?

    I want to make sure that we don't miss an opportunity to help you with a project that might involve the API.

      • Eric Perraudeau Level 4 273 posts since
        Jul 15, 2010
        Currently Being Moderated
        Feb 7, 2012 11:57 AM (in response to SOMEN DAS)
        Re: What the QualysGuard XML APIs are used for ?

        Hi Somen,

         

        I guess it makes sense. I have to say that I have no expertise with WebInspect and wheter or not you can upload data, so you might have to create custom report to do the consolidation of the results.

        Before thinking at creating an automatic process, I would suggest to do some manual manipulation of the reports to see if you can extract meaningful information.

        On top of my head, I can think at two things you would have to do:

        1. identify a unique web app to make sure your consolidate the results for the same target.

        2. find the overlap between Qualys WAS results and Webinspect to indentify the same vulnerabilities

         

        The API can help, but you can also start with the UI and download the scan results in XML. It is only available in WAS 1.0 for the time being but it is going to be availabe in WAS 2.0 real soon.

         

        Concering WAF, we don't have an API for that yet. But we have an integration with Imperva available today (maybe other in the future). So they is a way to do waht you need.

         

        I hope it helps,

        Eric

      • Mike Pomraning Level 1 29 posts since
        Oct 12, 2010
        Currently Being Moderated
        Feb 8, 2012 9:22 AM (in response to SOMEN DAS)
        Re: What the QualysGuard XML APIs are used for ?

        Somen,

         

        You write:

        Also we are looking for an automated way to map it with mod security WAF. In case Qualys already has an API that generates mod sec compatible conf/rul file then please let know...

        We don't have that kind of "WAS -> mod_security" automation.  However, I'd encourage you to keep an eye on IronBee, a new open source WAF engine sponsored by Qualys and designed by the author of mod_security (Ivan Ristic).

         

        Regards,

        Mike

  • Currently Being Moderated
    Mar 12, 2012 9:33 AM (in response to SOMEN DAS)
    What the QualysGuard XML APIs are used for ?

    You can find an example on creating a web application through the API XML on a blog post of mine: http://blog.qnimbus.co/2012/03/add-web-application-via-qualysguard-was.html

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 6 points