Create Configuration Profile
This API creates a new configuration profile record.
The create configuration API uses field-level validation for a JSON object. For example, if you want to set parameters for scan delay for Vulnerability Management(VM), you have to provide a VM section under the scanConfiguration
object and specify a field for Scan Delay. As the API response contains information only for specified fields, it allows you to control the API response.
We have updated the default value for thirdPartyRemovalEnabled
parameter to true, meaning this feature will be available by default for the new configuration profiles. Also, you can use the spfEnabled
parameter to enable or disable the Cloud Agent self protection feature.
Permissions required - Managers with full scope. Other users must have these permissions: Access Permission API Access and create, view, and edit configuration profile permissions.
Input ParametersInput Parameters
Following are the input parameters for Create Configuration Profile API.
Parameter | Optional /Mandatory | Data Type | Description |
---|---|---|---|
profileName | Mandatory | String | Specify the configuration profile name. |
qgsGroupName | Mandatory | String | Defines the Qualys Guard Service group name. It is mandatory if you set enableQgs=true. |
defaultProfSubscription | Optional | Boolean |
Set this flag to define whether the configuration profile is set as the default configuration profile for the subscription.
The default value is false. |
suspendDataCollection | Optional | Boolean |
Set this flag to define whether data collection is suspended.
The default value is false. |
inMemorySQLite | Optional | Boolean |
Set the flag to enable the In-Memory SQL Lite database.
The default value is false. |
enableQgs | Optional | Boolean |
Set this flag to enable Qualys Guard Service (QGS) for a configuration profile.
The default value is false. |
preventAutoUpdate | Optional | Boolean |
Set this flag to prevent auto update for Cloud Agent.
The default value is false. |
spf: { "spfEnabled": } |
Optional | Boolean | Set this parameter to enable or disbale the self protection feature for your Cloud Agent. Default value for this parameter is false, meaning this feature is diabled. |
dataCollectionInterval | Optional | Integer |
The time laps between the completion of the previous scan and the start of the next scan. Range- For VM and PC: 240-43200 minutes. For SCA: 1440-10080 minutes. The default value is- For VM: 240 minutes. For PC: 720 minutes. For SCA: 2160 minutes. |
scanDelay | Optional | Integer |
The time added at the start of the scanning for newly installed agents. Range: 0-1440 minutes. The default value is 0 minutes. These values are applicable for both VM and PC. |
scanRandomize | Optional | Integer |
The range of randomization added to the scan delay. Range: 0-1440 minutes. The default value is 0 minutes. These values are applicable for both VM and PC. |
scanOnStartup | Optional | Boolean |
Set this flag to define whether the agent runs the vulnerability scans automatically when the agent service starts.
The default value is false. Note: This feature is available only for Qualys Cloud Agent version 5.1 and above. |
enableRemoteDetections | Optional | Boolean |
Set this flag to enable remote detection for your assets. The remote detection feature enables Cloud Agent to check for banner-based vulnerabilites.
The default value is false. |
cacheSize | Optional | Integer |
Defines the application's cache size. The range is 512-10240 MB. The default value is 2048 MB. |
pmEnabled | Optional | Boolean |
Set this flag to enable the Patch Management application for a configuration profile.
The default value is true. |
isCacheSizeUnlimited | Optional | Boolean |
Set this flag to allocate unlimited cache size for a configuration profile.
The default value is false. |
maxEventLogSize | Optional | Integer |
Defines the maximum payload size for data to be transmitted to the Qualys Cloud Platform. Range for EDR: 1024 - 10240 KB. Default:2048 KB. Range for FIM: 10 - 10240 KB. Default:1024 KB. |
payloadThresholdTime | Optional | Integer |
Defines the maximum time after which the payload is uploaded to the Qualys server. Range for EDR: 180-1800 sec. Default:300 sec. Range for FIM: 30-1800 sec. Default:300 sec. |
maxDiskUsage | Optional | Integer |
Defines the maximum disk usage for application data. Range for EDR: 500 - 5120 MB. Default: 1024 MB. Range for FIM: 100 - 2048 MB. Default: 300 MB. |
fimEnabled | Optional | Boolean |
Set this flag to enable File Integrity Monitoring (FIM) application for a configuration profile.
The default value is true. |
eppEnabled | Optional | Boolean |
Set this flag to enable Qualys Anti-Malware Protection for a configuration profile.
The default value is false. |
thirdPartyRemovalEnabled | Optional | Boolean |
Set this flag to remove the competitor applications installed on your assets.
The default value is true. Note: Qualys Anti-Malware protection must be enabled for a configuration profile to enable this feature. |
thirdPartyExclusionList | Optional | String |
Define the list of third-party applications to be excluded from the third party removal list. Note: Qualys Anti-Malware protection must be enabled for a configuration profile to enable this feature. |
edrEnabled | Optional | Boolean |
Set this flag to enable the Endpoint Detection and Response application for a configuration profile.
The default value is true. |
sacEnabled | Optional | Boolean |
Set this flag to enable the Qualys Security Configuretion Assessment (SCA) application.
The default value is false. |
xdrEnabled | Optional | Boolean |
Set this flag to enable the Extended Detection and Response (XDR) application.
The default value is false. |
enableAgentScanMerge | Optional | Boolean |
Set this flag to enable the Agent Scan Merge Feature. If enabled, it merge the unauthenticated and authenticated vulnerability scan results.
The default value is false. |
bindAll | Optional | Boolean |
Set this flag to allow Cloud Agent bind scan merge data.
The default value is false. |
ports | Optional | String | Provides the list of customized ports for scanner to capture correlation ID. |
subnetMask | Optional | String | Defines the subnet mask of your assets. |
ipAddress | Optional | String | Defines the IP address of your assets. |
gateway | Optional | String | Defines the gateway for your network. |
dnsSuffixRegex | Optional | String | Defines the DNS suffix of your asset. |
isCustomized | Optional | Boolean |
Set this flag to select performance configuration.
The default value is false. |
performanceBasedOn | Optional | String |
Use this parameter to set the performance level for a Cloud Agent. Available input values: LOW, NORMAL, HIGH. |
agentStatusInterval | Optional | Integer |
Consolidated interval an Range:900-7200 seconds. |
deltaUploadInterval | Optional | Integer |
The interval at which a cloud agent attempts to upload detected changes to Qualys Cloud Platform. Range: 1-1800 seconds. |
chunkSizeForFile | Optional | Integer |
Chunk Sizes for File Fragment Uploads - The upload block size, and combined with Delta Upload Interval, determines network utilization. Range: 64-10240 KB. |
upgradeReattemptInterval | Optional | Interval |
Interval (in seconds) Cloud Agent checks the Qualys Cloud Platform for a new upgrade, if configured to do so. Range: 32400 seconds or more. |
loggingLevelForAgent | Optional | String |
Defines the amount and detail of log messages generated by a Cloud Agent. The value can be VERBOSE, INFO(i.e., informational), WARNING, ERROR, or NONE. Verbose is recommended for all performance levels. |
priorityStatusUploadInterval | Optional | Integer |
Defines the time lapse between the previous priority status upload and the start of next priority status upload. Range: 30-300. |
cpuLimit | Optional | Integer |
Defines the percentage limit of the processor core(s) used by the Cloud Agent. Lower percentages reduces CPU utilization at the expense of longer execution times. Range: 2-100%. Recommended: 80 for High performance, 20 for Normal performance, 5 for Low performance. |
cpuThrottle | Optional | Integer |
Tune the amount of processing used by the CPU by introducing delays between Cloud Agent executions. The higher the value, the less CPU is utilized at the expense of longer execution times. Range: 0- 1000 milliseconds. Recommended: 0 for High performance, 10 for Normal performance, 20 for Low performance |
vmScanMode | Optional | String |
Following are the valid values for this parameter - AGENTUSER to run VM scan with the same privileges that you have configured for running the Cloud Agent. - SAFE to run VM scan with lower privileges. In this case, Cloud Agent does not run any commands or binary files that require elevated privileges. - DPE is used to run VM scans with lower privileges by default. However, the Cloud Agent will dynamically elevate the privileges to root permissions only for the commands that failed due to permissions with lower privileges. |
rapWindowName | Mandatory | String | Defines the name for your Reduced Activity Period profile. The name should not be null and must have less than 30 charectars. |
startTime | Mandatory | String | Defines the start time for your Reduced Activity Period profile. |
endTime | Mandatory | String | Defines the end time for your reduced activity period profile. |
selectedDays | Mandatory | String |
Select days for reduced activity period. At least one day must be selected. Possible values: "Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday". |
networkRAPModules | Optional | String |
This parameter enables or disables scan-based application activity or network transmission. Possible values: "VM" "PC" "CSAM" "SWCA" "PM" "CAR". |
activityRAPModules | Optional | String |
This parameter enables or disables scan-based application activity or network transmission. Possible values: "VM" "PC" "CSAM" "SWCA" "PM" "CAR". |
includeMatchType | Mandatory | String |
Tag-based evaluation criteria for config profile. Possible values: "ANY", "ALL". |
tagId | Mandatory | String | Defines the list of Tag IDs in the include or exclude a section of a configuration profile. |
excludeMatchType | Mandatory | String | Tag-based evaluation criteria for config profile. Possible values: "ANY", "ALL". |
Sample - Create Configuration ProfileSample - Create Configuration Profile
API Request
curl --location --request POST '<qualys_base_url>/caui/v1/config-profiles' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <JWT Token>' \
--data ''
Request Body
{
"basicDetails": {
"profileName": "Config Profile creation12",
"defaultProfSubscription": true,
"suspendDataCollection": false,
"inMemorySQLite": false,
"enableQgs": false,
"qgsGroupName": "TESTING",
"preventAutoUpdate": false,
"spf": {
"spfEnabled":false
}
},
"scanConfiguration": {
"vm": {
"dataCollectionInterval": 1234,
"scanDelay": 555,
"scanRandomize": 240,
"scanOnStartup": true,
"enableRemoteDetections": true
},
"pc": {
"dataCollectionInterval": 2333,
"scanDelay": 111,
"scanRandomize": 77
},
"sca": {
"dataCollectionInterval": 2160
}
},
"moduleConfiguration": {
"pm": {
"cacheSize": 1234,
"pmEnabled": 10,
"isCacheSizeUnlimited": false
},
"fim": {
"maxEventLogSize": 110,
"payloadThresholdTime": 1300,
"maxDiskUsage": 2048,
"dataCollectionInterval": 2222,
"fimEnabled": false
},
"edr": {
"maxEventLogSize": 10240,
"payloadThresholdTime": 1800,
"maxDiskUsage": 2048,
"edrEnabled": true
},
"epp": {
"eppEnabled":true,
"thirdPartyRemovalEnabled":true,
"thirdPartyExclusionList":"Update"
},
"sac": {
"sacEnabled": true
},
"xdr": {
"xdrEnabled": true
}
},
"performance": {
"isCustomized": false,
"performanceBasedOn": "HIGH",
"customizedSettings": {
"agentStatusInterval": 7200,
"deltaUploadInterval": 1800,
"chunkSizeForFile": 10240,
"upgradeReattemptInterval": 323400,
"loggingLevelForAgent": "WARNING",
"priorityStatusUploadInterval": 300,
"cpuLimit": 100,
"cpuThrottle": 1000
},
"securitySettings": {
"vmScanMode": "SAFE"
}
},
"reducedActivityPeriodWindows": [
{ "rapWindowName": "RAP Profile",
"startTime": "04:00 AM",
"endTime": "06:00 AM",
"selectedDays": [
"Sunday",
"Monday",
"Thursday",
"Wednesday",
"Tuesday",
"Friday",
"Saturday"
],
"networkRAPModules": [
"VM",
"PC",
"CSAM",
"SWCA",
"PM",
"CAR"
],
"activityRAPModules": [
"VM",
"PC",
"CSAM",
"SWCA",
"PM",
"CAR"
]
}
],
"agentScanMerge": {
"enableAgentScanMerge": true,
"bindAll": true,
"ports": "10001,10002,10003,10004",
"subnetMask": "21.111.123.123",
"ipAddress": "123.123.123.123/12",
"gateway": "111.222.12.55",
"dnsSuffixRegex": "String value"
}
}
API Response
{
"id": 1234567,
"customerId": 1122334,
"name": "Config Profile creation",
"isDefault": 1,
"createdDate": "2024-06-06 14:50:43.0",
"updatedDate": "2024-06-06 14:50:44.0",
"priority": 783,
"createdByUsername": "qualys_ab12",
"createdByFirstName": "Patrick",
"createdByLastName": "Slimmer",
"updatedByUsername": "qualys_ab12",
"updatedByFirstName": "Patrick",
"updatedByLastName": "Slimmer"
}
Sample - Create Configuration Profile with TagsSample - Create Configuration Profile with Tags
To create the configuration profile with tags provide the profile name and assignCloudAgent JSON object. The same applies to all other JSON objects.
API Request
curl --location --request POST '<qualys_base_url>/caui/v1/config-profiles' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <JWT Token>' \
--data ''
Request Body
{
"basicDetails": {
"profileName": "Configuration profile with tag55"
},
"assignCloudAgent": {
"tagSet": {
"includeMatchType": "ANY",
"includedTags": [
{
"tagId": 24877622
}
],
"excludeMatchType": "ANY",
"excludedTags": []
}
}
}
API Response
{
"id": 1234567,
"customerId": 1122334,
"name": "CAMSP-1234_1234abb",
"isDefault": 1,
"createdDate": "2024-06-06 14:50:43.0",
"updatedDate": "2024-06-06 14:50:44.0",
"priority": 482,
"createdByUsername": "qualys_ab12",
"createdByFirstName": "Patrick",
"createdByLastName": "Slimmer",
"updatedByUsername": "qualys_ab12",
"updatedByFirstName": "Patrick",
"updatedByLastName": "Slimmer"
}