Create Configuration Profile

POST/caui/v1/config-profiles

This API creates a new configuration profile record. 

The create configuration API uses field-level validation for a JSON object. For example, if you want to set parameters for scan delay for Vulnerability Management(VM), you have to provide a VM section under the scanConfiguration object and specify a field for Scan Delay. As the API response contains information only for specified fields, it allows you to control the API response.

We have updated the default value for thirdPartyRemovalEnabled parameter to true, meaning this feature will be available by default for the new configuration profiles. Also, you can use the spfEnabled parameter to enable or disable the Cloud Agent self protection feature.

Permissions required - Managers with full scope. Other users must have these permissions: Access Permission API Access and create, view, and edit configuration profile permissions.

Input ParametersInput Parameters

Following are the input parameters for Create Configuration Profile API.

Parameter Optional /Mandatory Data Type Description
profileName Mandatory String Specify the configuration profile name.
qgsGroupName Mandatory String Defines the Qualys Guard Service group name. It is mandatory if you set enableQgs=true.
defaultProfSubscription Optional Boolean

Set this flag to define whether the configuration profile is set as the default configuration profile for the subscription. 

  • If set to true, the configuration profile is set as default for the subscription.
  • If set to false, the configuration profile is not set as the default profile.

The default value is false.
suspendDataCollection Optional Boolean

Set this flag to define whether data collection is suspended.

  • If set to true, the data collection for configuration profile is suspended.
  • If set to false, data collection for configuration profile is allowed.

The default value is false.
inMemorySQLite Optional Boolean

Set the flag to enable the In-Memory SQL Lite database.

  • If set to true, the In-Memory SQL Lite database feature is enabled.
  • If set to false, the In-Memory SQL Lite database feature is not enabled.

The default value is false.
enableQgs Optional Boolean

Set this flag to enable Qualys Guard Service (QGS) for a configuration profile.

  • If set to true, it enables QGS.
  • If set to false, it does not enable QGS.

The default value is false.
preventAutoUpdate Optional Boolean

Set this flag to prevent auto update for Cloud Agent.

  • If set to true, auto update is disabled.
  • If set to false, auto update is allowed.

The default value is false.
spf: {
            "spfEnabled":
        }		 Optional Boolean Set this parameter to enable or disbale the self protection feature for your Cloud Agent.

Default value for this parameter is false, meaning this feature is diabled.
 dataCollectionInterval  Optional Integer

The time laps between the completion of the previous scan and the start of the next scan.

Range-

For VM and PC: 240-43200 minutes.

For SCA: 1440-10080 minutes.

The default value is-

For VM: 240 minutes.

For PC: 720 minutes.

For SCA: 2160 minutes.
 scanDelay  Optional Integer

The time added at the start of the scanning for newly installed agents.

Range: 0-1440 minutes.

The default value is 0 minutes.

These values are applicable for both VM and PC.
 scanRandomize  Optional Integer

The range of randomization added to the scan delay.

Range: 0-1440 minutes.

The default value is 0 minutes.

These values are applicable for both VM and PC.
 scanOnStartup  Optional Boolean

Set this flag to define whether the agent runs the vulnerability scans automatically when the agent service starts. 

  • If set to true, the agent starts the vulnerability scan automatically when the agent service starts. 
  • If set to false, the agent does not start vulnerability scan automatically when the agent service starts.

The default value is false.

Note: This feature is available only for Qualys Cloud Agent version 5.1 and above.
enableRemoteDetections  Optional  Boolean

Set this flag to enable remote detection for your assets. The remote detection feature enables Cloud Agent to check for banner-based vulnerabilites.

  • If set to true, remote detection is enabled.
  • If set to false, remote detection is not enabled.

The default value is false.
 cacheSize  Optional Integer 

Defines the application's cache size.

The range is 512-10240 MB.

The default value is 2048 MB.
 pmEnabled  Optional Boolean

Set this flag to enable the Patch Management application for a configuration profile.

  • If set to true, Patch Management is enabled.
  • If set to true, Patch Management is enabled.

The default value is true.
 isCacheSizeUnlimited  Optional Boolean

Set this flag to allocate unlimited cache size for a configuration profile.

  • If set to true, unlimited cache size is allocated.
  • If set to false, a limited cache size is allocated.

The default value is false.
 maxEventLogSize  Optional Integer

Defines the maximum payload size for data to be transmitted to the Qualys Cloud Platform.

Range for EDR: 1024 - 10240 KB. Default:2048 KB.

Range for FIM: 10 - 10240 KB. Default:1024 KB.
 payloadThresholdTime  Optional Integer

Defines the maximum time after which the payload is uploaded to the Qualys server.

Range for EDR: 180-1800 sec. Default:300 sec.

Range for FIM: 30-1800 sec. Default:300 sec.
 maxDiskUsage  Optional Integer

Defines the maximum disk usage for application data.

Range for EDR: 500 - 5120 MB. Default: 1024 MB.

Range for FIM: 100 - 2048 MB. Default: 300 MB.
 fimEnabled  Optional Boolean

Set this flag to enable File Integrity Monitoring (FIM) application for a configuration profile.

  • If set to true, FIM is enabled. 
  • If set to false, FIM is not enabled.

The default value is true.
 eppEnabled  Optional Boolean

Set this flag to enable Qualys Anti-Malware Protection for a configuration profile.

  • If set to true, Qualys Anti-Malware Protection is enabled.
  • If set to false, Qualys Anti-Malware Protection is not enabled.

The default value is false.
 thirdPartyRemovalEnabled  Optional  Boolean

Set this flag to remove the competitor applications installed on your assets.

  • If set to true, competitor applications are removed.
  • If set to false, competitor applications are not removed.

The default value is true.

Note: Qualys Anti-Malware protection must be enabled for a configuration profile to enable this feature.
 thirdPartyExclusionList  Optional String

Define the list of third-party applications to be excluded from the third party removal list. 

Note: Qualys Anti-Malware protection must be enabled for a configuration profile to enable this feature.
 edrEnabled  Optional Boolean

Set this flag to enable the Endpoint Detection and Response application for a configuration profile.

  • If set to true, EDR is enabled.
  • If set to false, EDR is not enabled.

The default value is true.
 sacEnabled  Optional Boolean

Set this flag to enable the Qualys Security Configuretion Assessment (SCA) application.

  • If set to true, SCA is enabled.
  • If set to false, SCA is not enabled.

The default value is false.
xdrEnabled Optional Boolean

Set this flag to enable the Extended Detection and Response (XDR) application.

  • If set to true, XDR is enabled.
  • If set to false, XDR is not enabled.

The default value is false.
enableAgentScanMerge Optional Boolean

Set this flag to enable the Agent Scan Merge Feature. If enabled, it merge the unauthenticated and authenticated vulnerability scan results. 

  • If set to true, Agent Scan Merge is enabled.
  • If set to false, Agent Scan Merge is not enabled.

The default value is false.
bindAll Optional Boolean

Set this flag to allow Cloud Agent bind scan merge data.

  • If set to true, Cloud Agent binds scan merge data.
  • If set to false, Cloud Agent does not bind scan merge data.

The default value is false.
ports Optional String Provides the list of customized ports for scanner to capture correlation ID.
subnetMask Optional String Defines the subnet mask of your assets.
ipAddress Optional String Defines the IP address of your assets.
gateway Optional String Defines the gateway for your network.
dnsSuffixRegex Optional String Defines the DNS suffix of your asset.
isCustomized Optional Boolean

Set this flag to select performance configuration.

  • If set to true, you can use a customized performance profile.
  • If set to true, you can use a predifned performance profile.

The default value is false.
performanceBasedOn Optional String

Use this parameter to set the performance level for a Cloud Agent.

Available input values: LOW, NORMAL, HIGH.
agentStatusInterval Optional Integer

Consolidated interval an 
agent requests information 
from the platform.

Range:900-7200 seconds. 
deltaUploadInterval Optional Integer

The interval at which a cloud agent attempts to upload detected changes to Qualys Cloud Platform.

Range: 1-1800 seconds.
chunkSizeForFile Optional Integer

Chunk Sizes for File Fragment Uploads - The upload block size, and combined with Delta Upload Interval, determines network utilization.

Range: 64-10240 KB.
upgradeReattemptInterval          Optional Interval

Interval (in seconds) Cloud Agent checks the Qualys Cloud Platform for a new upgrade, if configured to do so.

Range: 32400 seconds or more.
 

loggingLevelForAgent  Optional String

Defines the amount and detail of log messages generated by a Cloud Agent. The value can be VERBOSE, INFO(i.e., informational), WARNING, ERROR, or NONE.

Verbose is recommended for all performance levels.  
priorityStatusUploadInterval    Optional Integer

Defines the time lapse between the previous priority status upload and the start of next priority status upload.

Range: 30-300.
cpuLimit    Optional Integer

Defines the percentage limit of the processor core(s) used by the Cloud Agent. Lower percentages reduces CPU utilization at the expense of longer execution times.

Range: 2-100%.

Recommended: 80 for High performance, 20 for Normal performance, 5 for Low performance. 
cpuThrottle    Optional Integer

Tune the amount of processing used by the CPU by introducing delays between Cloud Agent executions. The higher the value, the less CPU is utilized at the expense of longer execution times.

Range: 0- 1000 milliseconds.

Recommended: 0 for High performance, 10 for Normal performance, 20 for Low performance
vmScanMode    Optional String

Following are the valid values for this parameter

- AGENTUSER to run VM scan with the same privileges that you have configured for running the Cloud Agent.

 - SAFE to run VM scan with lower privileges. In this case, Cloud Agent does not run any commands or binary files that require elevated privileges.

 - DPE is used to run VM scans with lower privileges by default. However, the Cloud Agent will dynamically elevate the privileges to root permissions only for the commands that failed due to permissions with lower privileges. 
rapWindowName     Mandatory String   Defines the name for your Reduced Activity Period profile. The name should not be null and must have less than 30 charectars.
startTime    Mandatory String  Defines the start time for your Reduced Activity Period profile. 
endTime    Mandatory String Defines the end time for your reduced activity period profile.
selectedDays Mandatory String

Select days for reduced activity period. At least one day must be selected.

Possible values:

"Sunday",

"Monday",

"Tuesday",

"Wednesday",

"Thursday",

"Friday",

"Saturday".
networkRAPModules Optional String

This parameter enables or disables scan-based application activity or network transmission.

Possible values:

"VM"

"PC"

"CSAM"

"SWCA"

"PM"

"CAR".
activityRAPModules Optional String

This parameter enables or disables scan-based application activity or network transmission.

Possible values: 

"VM"

 "PC"

 "CSAM"

 "SWCA"

"PM"

"CAR".
includeMatchType Mandatory String

Tag-based evaluation criteria for config profile. Possible values: "ANY", "ALL".
tagId Mandatory String Defines the list of Tag IDs in the include or exclude a section of a configuration profile.
excludeMatchType Mandatory String Tag-based evaluation criteria for config profile. Possible values: "ANY", "ALL".

Sample - Create Configuration ProfileSample - Create Configuration Profile

API Request


      curl --location --request POST '<qualys_base_url>/caui/v1/config-profiles' \
      --header 'Content-Type: application/json' \
      --header 'Authorization: Bearer <JWT Token>' \
      --data ''

Request Body

{
    
    "basicDetails": {
        "profileName": "Config Profile creation12",
        "defaultProfSubscription": true,
        "suspendDataCollection": false,
        "inMemorySQLite": false,
        "enableQgs": false,
         "qgsGroupName": "TESTING",
        "preventAutoUpdate": false,
        "spf": {
             "spfEnabled":false
        }
    },
   
    "scanConfiguration": {
        "vm": {
            "dataCollectionInterval": 1234,
            "scanDelay": 555,
            "scanRandomize": 240,
            "scanOnStartup": true,
            "enableRemoteDetections": true
        },
        "pc": {
            "dataCollectionInterval": 2333,
            "scanDelay": 111,
            "scanRandomize": 77
        },
        "sca": {
            "dataCollectionInterval": 2160
        }
    },
    "moduleConfiguration": {
        "pm": {
            "cacheSize": 1234,
            "pmEnabled": 10,
            "isCacheSizeUnlimited": false
        },
        "fim": {
            "maxEventLogSize": 110,
            "payloadThresholdTime": 1300,
            "maxDiskUsage": 2048,
            "dataCollectionInterval": 2222,
            "fimEnabled": false
        },     
        "edr": {
            "maxEventLogSize": 10240,
            "payloadThresholdTime": 1800,
            "maxDiskUsage": 2048,
            "edrEnabled": true
        },
        "epp": {
            "eppEnabled":true,
            "thirdPartyRemovalEnabled":true,
            "thirdPartyExclusionList":"Update"
        },
        "sac": {
            "sacEnabled": true
        },
        "xdr": {
            "xdrEnabled": true
        }
    },
    "performance": {
        "isCustomized": false,
        "performanceBasedOn": "HIGH",
        "customizedSettings": {
            "agentStatusInterval": 7200,
            "deltaUploadInterval": 1800,
            "chunkSizeForFile": 10240,
            "upgradeReattemptInterval": 323400,
            "loggingLevelForAgent": "WARNING",
            "priorityStatusUploadInterval": 300,
            "cpuLimit": 100,
            "cpuThrottle": 1000
        },
        "securitySettings": {
            "vmScanMode": "SAFE"
        }
    },
    "reducedActivityPeriodWindows": [
        {   "rapWindowName": "RAP Profile",
            "startTime": "04:00 AM",
            "endTime": "06:00 AM",
            "selectedDays": [
                "Sunday",
                "Monday",
                "Thursday",
                "Wednesday",
                "Tuesday",
                "Friday",
                "Saturday"
            ],
            "networkRAPModules": [
                "VM",
                "PC",
                "CSAM",
                "SWCA",
                "PM",
                "CAR"
            ],
            "activityRAPModules": [
                "VM",
                "PC",
                "CSAM",
                "SWCA",
                "PM",
                "CAR"
            ]
        }
       
    ],
    "agentScanMerge": {
        "enableAgentScanMerge": true,
        "bindAll": true,
        "ports": "10001,10002,10003,10004",
        "subnetMask": "21.111.123.123",
        "ipAddress": "123.123.123.123/12",
        "gateway": "111.222.12.55",
        "dnsSuffixRegex": "String value"
    }
}

 API Response

{
    "id": 1234567,
    "customerId": 1122334,
    "name": "Config Profile creation",
    "isDefault": 1,
    "createdDate": "2024-06-06 14:50:43.0",
    "updatedDate": "2024-06-06 14:50:44.0",
    "priority": 783,
    "createdByUsername": "qualys_ab12",
    "createdByFirstName": "Patrick",
    "createdByLastName": "Slimmer",
    "updatedByUsername": "qualys_ab12",
    "updatedByFirstName": "Patrick",
    "updatedByLastName": "Slimmer"
}

Sample - Create Configuration Profile with TagsSample - Create Configuration Profile with Tags

To create the configuration profile with tags provide the profile name and assignCloudAgent JSON object. The same applies to all other JSON objects.

API Request


      curl --location --request POST '<qualys_base_url>/caui/v1/config-profiles' \
      --header 'Content-Type: application/json' \
      --header 'Authorization: Bearer <JWT Token>' \
      --data ''

Request Body

{
    "basicDetails": {
        "profileName": "Configuration profile with tag55"
    },
    "assignCloudAgent": {
        "tagSet": {
            "includeMatchType": "ANY",
            "includedTags": [
                {
                    "tagId": 24877622
                }
            ],
            "excludeMatchType": "ANY",
            "excludedTags": []
        }
    }
}

API Response

      	   {
    "id": 1234567,
    "customerId": 1122334,
    "name": "CAMSP-1234_1234abb",
    "isDefault": 1,
    "createdDate": "2024-06-06 14:50:43.0",
    "updatedDate": "2024-06-06 14:50:44.0",
    "priority": 482,
    "createdByUsername": "qualys_ab12",
    "createdByFirstName": "Patrick",
    "createdByLastName": "Slimmer",
    "updatedByUsername": "qualys_ab12",
    "updatedByFirstName": "Patrick",
    "updatedByLastName": "Slimmer"
}

© Qualys, Inc. All rights reserved. Privacy Policy.