Update Configuration Profile
This API updates the configuration profile in the user's account. It allows you to update the configuration profile as per the input parameters provided in the request body. You can use this API to update a specific field in an object, an entire object, or an entire configuration profile.
We have updated the default value for thirdPartyRemovalEnabled
parameter to true, meaning this feature will be available by default for the new configuration profiles. Also, you can use the spfEnabled
parameter to enable or disable the Cloud Agent self protection feature.
Permissions required - Managers with full scope. Other users must have these permissions: Access Permission API Access and create, view, and edit configuration profile permissions.
Input ParametersInput Parameters
The following are the input parameters for the Update Configuration Profile API.
Parameter | Optional /Mandatory | Data Type | Description |
---|---|---|---|
profileName | Optional | String | Specify the configuration profile name. The profileName is mandatory if you provide JSON object for it. |
qgsGroupName | Mandatory | String | Defines the Qualys Guard Service group name. It is mandatory if you set enableQgs=true. |
defaultProfSubscription | Optional | Boolean |
Set this flag to define whether the configuration profile is set as the default configuration profile for the subscription.
The default value is false. |
suspendDataCollection | Optional | Boolean |
Set this flag to define whether data collection is suspended.
The default value is false. |
inMemorySQLite | Optional | Boolean |
Set the flag to enable the In-Memory SQL Lite database.
The default value is false. |
enableQgs | Optional | Boolean |
Set this flag to enable Qualys Guard Service (QGS) for a configuration profile.
The default value is false. |
preventAutoUpdate | Optional | Boolean |
Set this flag to prevent auto update for Cloud Agent.
The default value is false. |
spf: { "spfEnabled": } |
Optional | Boolean |
Set this parameter to enable or disbale the self protection feature for your Cloud Agent. Default value for this parameter is false, meaning this feature is diabled. |
dataCollectionInterval | Optional | Integer |
The time laps between the completion of the previous scan and the start of the next scan. Range- For VM and PC: 240-43200 minutes. For SCA: 1440-10080 minutes. The default value is- For VM: 240 minutes. For PC: 720 minutes. For SCA: 2160 minutes. |
scanDelay | Optional | Integer |
The time added at the start of the scanning for newly installed agents. Range: 0-1440 minutes. The default value is 0 minutes. These values are applicable for both VM and PC. |
scanRandomize | Optional | Integer |
The range of randomization added to the scan delay. Range: 0-1440 minutes. The default value is 0 minutes. These values are applicable for both VM and PC. |
scanOnStartup | Optional | Boolean |
Set this flag to define whether the agent runs the vulnerability scans automatically when the agent service starts.
The default value is false. Note: This feature is available only for Qualys Cloud Agent version 5.1 and above. |
enableRemoteDetections | Optional | Boolean |
Set this flag to enable remote detection for your assets. The remote detection feature enables Cloud Agent to check for banner-based vulnerabilites.
The default value is false. |
cacheSize | Optional | Integer |
Defines the application's cache size. The range is 512-10240 MB. The default value is 2048 MB. |
pmEnabled | Optional | Boolean |
Set this flag to enable the Patch Management application for a configuration profile.
The default value is true. |
isCacheSizeUnlimited | Optional | Boolean |
Set this flag to allocate unlimited cache size for a configuration profile.
The default value is false. |
maxEventLogSize | Optional | Integer |
Defines the maximum payload size for data to be transmitted to the Qualys Cloud Platform. Range for EDR: 1024 - 10240 KB. Default:2048 KB. Range for FIM: 10 - 10240 KB. Default:1024 KB. |
payloadThresholdTime | Optional | Integer |
Defines the maximum time after which the payload is uploaded to the Qualys server. Range for EDR: 180-1800 sec. Default:300 sec. Range for FIM: 30-1800 sec. Default:300 sec. |
maxDiskUsage | Optional | Integer |
Defines the maximum disk usage for application data. Range for EDR: 500 - 5120 MB. Default: 1024 MB. Range for FIM: 100 - 2048 MB. Default: 300 MB. |
fimEnabled | Optional | Boolean |
Set this flag to enable File Integrity Monitoring (FIM) application for a configuration profile.
The default value is true. |
eppEnabled | Optional | Boolean |
Set this flag to enable Qualys Anti-Malware Protection for a configuration profile.
The default value is false. |
thirdPartyRemovalEnabled | Optional | Boolean |
Set this flag to remove the third party applications installed on your assets.
The default value is true. Note: Qualys Anti-Malware protection must be enabled for a configuration profile to enable this feature. |
thirdPartyExclusionList | Optional | String |
Define the list of Qualys third party applications to be excluded from the competitor removal list. Note: Qualys Anti-Malware protection must be enabled for a configuration profile to enable this feature. |
edrEnabled | Optional | Boolean |
Set this flag to enable the Endpoint Detection and Response application for a configuration profile.
The default value is true. |
sacEnabled | Optional | Boolean |
Set this flag to enable the Qualys Security Configuretion Assessment (SCA) application.
The default value is false. |
xdrEnabled | Optional | Boolean |
Set this flag to enable the Extended Detection and Response (XDR) application.
The default value is false. |
enableAgentScanMerge | Optional | Boolean |
Set this flag to enable the Agent Scan Merge Feature. If enabled, it merge the unauthenticated and authenticated vulnerability scan results.
The default value is false. |
bindAll | Optional | Boolean |
Set this flag to allow Cloud Agent bind scan merge data.
The default value is false. |
ports | Optional | String | Provides the list of customized ports for scanner to capture correlation ID. |
subnetMask | Optional | String | Defines the subnet mask of your assets. |
ipAddress | Optional | String | Defines the IP address of your assets. |
gateway | Optional | String | Defines the gateway for your network. |
dnsSuffixRegex | Optional | String | Defines the DNS suffix of your asset. |
isCustomized | Optional | Boolean |
Set this flag to select performance configuration.
The default value is false. |
performanceBasedOn | Optional | String |
Use this parameter to set the performance level for a Cloud Agent. Available input values: LOW, NORMAL, HIGH. |
agentStatusInterval | Optional | Integer |
Consolidated interval an Range:900-7200 seconds. |
deltaUploadInterval | Optional | Integer |
The interval at which a cloud agent attempts to upload detected changes to Qualys Cloud Platform. Range: 1-1800 seconds. |
chunkSizeForFile | Optional | Integer |
Chunk Sizes for File Fragment Uploads - The upload block size, combined with Delta Upload Interval, determines network utilization. Range: 64-10240 KB. |
upgradeReattemptInterval | Optional | Interval |
Interval (in seconds) Cloud Agent checks the Qualys Cloud Platform for a new upgrade, if configured to do so. Range: 32400 seconds or more. |
loggingLevelForAgent | Optional | String |
Defines the amount and detail of log messages generated by a Cloud Agent. The value can be VERBOSE, INFO (i.e., informational), WARNING, ERROR, or NONE. Verbose is recommended for all performance levels. |
priorityStatusUploadInterval | Optional | Integer |
Defines the time lapse between the previous priority status upload and the start of next priority status upload. Range: 30-300. |
cpuLimit | Optional | Integer |
Defines the percentage limit of the processor core(s) used by the Cloud Agent. Lower percentages reduces CPU utilization at the expense of longer execution times. Range: 2-100%. Recommended: 80 for High performance, 20 for Normal performance, 5 for Low performance. |
cpuThrottle | Optional | Integer |
Tune the amount of processing used by the CPU by introducing delays between Cloud Agent executions. The higher the value, the less CPU is utilized at the expense of longer execution times. Range: 0- 1000 milliseconds. Recommended: 0 for High performance, 10 for Normal performance, 20 for Low performance |
vmScanMode | Optional | String |
Following are the valid values for this parameter - AGENTUSER to run VM scan with the same privileges that you have configured for running the Cloud Agent. - SAFE to run VM scan with lower privileges. In this case, Cloud Agent does not run any commands or binary files that require elevated privileges. - DPE is used to run VM scans with lower privileges by default. However, the Cloud Agent will dynamically elevate the privileges to root permissions only for the commands that failed due to permissions with lower privileges. |
rapWindowName | Mandatory | String | Defines the name for your Reduced Activity Period profile. The name should not be null and must be less than 30 charectars. |
startTime | Mandatory | String | Defines the start time for your Reduced Activity Period profile. |
endTime | Mandatory | String | Defines the end time for your reduced activity period profile. |
selectedDays | Mandatory | String |
Select days for reduced activity period. At least one day must be selected. Possible values: "Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday". |
networkRAPModules | Optional | String |
This parameter enables or disables scan-based application activity or network transmission. Possible values: "VM" "PC" "CSAM" "SWCA" "PM" "CAR". |
activityRAPModules | Optional | String |
This parameter enables or disables scan-based application activity or network transmission. Possible values: "VM" "PC" "CSAM" "SWCA" "PM" "CAR". |
includeMatchType | Mandatory | String |
Tag-based evaluation criteria for config profile. Possible values: "ANY", "ALL". |
tagId | Mandatory | String | Defines the list of Tag IDs in the include or exclude a section of a configuration profile. |
excludeMatchType | Mandatory | String | Tag-based evaluation criteria for config profile. Possible values: "ANY", "ALL". |
id | Mandatory | String | This parameter defines the ID of a configuration profile. |
Sample - Update the existing Configuration ProfileSample - Update the existing Configuration Profile
API Request
curl --location --request PATCH '
<qualys_base_url>/caui/v1/config-profiles' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <JWT_TOKEN>' \
--data ''
Request Body
{
"id": 1234567,
"basicDetails": {
"profileName": "Update API",
"defaultProfSubscription": false,
"suspendDataCollection": false,
"inMemorySQLite": false,
"enableQgs": false,
"qgsGroupName": "TESTING",
"preventAutoUpdate": false,
"spf": {
"spfEnabled": false
}
},
"scanConfiguration": {
"vm": {
"dataCollectionInterval": 1234,
"scanDelay": 555,
"scanRandomize": 240,
"scanOnStartup": true,
"enableRemoteDetections": true
},
"pc": {
"dataCollectionInterval": 2333,
"scanDelay": 111,
"scanRandomize": 77
},
"sca": {
"dataCollectionInterval": 2160
}
},
"moduleConfiguration": {
"pm": {
"cacheSize": 1234,
"pmEnabled": 10,
"isCacheSizeUnlimited": false
},
"fim": {
"maxEventLogSize": 110,
"payloadThresholdTime": 1300,
"maxDiskUsage": 2048,
"dataCollectionInterval": 2222,
"fimEnabled": false
},
"edr": {
"maxEventLogSize": 10240,
"payloadThresholdTime": 1800,
"maxDiskUsage": 2048,
"edrEnabled": true
},
"epp": {
"eppEnabled":true,
"thirdPartyRemovalEnabled":true,
"thirdPartyExclusionList":"Update"
},
"sac": {
"sacEnabled": true
},
"xdr": {
"xdrEnabled": true
}
},
"performance": {
"isCustomized": false,
"performanceBasedOn": "HIGH",
"customizedSettings": {
"agentStatusInterval": 7200,
"deltaUploadInterval": 1800,
"chunkSizeForFile": 10240,
"upgradeReattemptInterval": 323400,
"loggingLevelForAgent": "WARNING",
"priorityStatusUploadInterval": 300,
"cpuLimit": 100,
"cpuThrottle": 1000
},
"securitySettings": {
"vmScanMode": "SAFE"
}
},
"reducedActivityPeriodWindows": [
{
"rapWindowName": "RAP Profile",
"startTime": "04:00 AM",
"endTime": "06:00 AM",
"selectedDays": [
"Sunday",
"Monday",
"Thursday",
"Wednesday",
"Tuesday",
"Friday",
"Saturday"
],
"networkRAPModules": [
"VM",
"PC",
"CSAM",
"SWCA",
"PM",
"CAR"
],
"activityRAPModules": [
"VM",
"PC",
"CSAM",
"SWCA",
"PM",
"CAR"
]
}
],
"agentScanMerge": {
"enableAgentScanMerge": true,
"bindAll": true,
"ports": "10001,10002,10003,10004",
"subnetMask": "11.111.123.123",
"ipAddress": "111.222.123.123/2",
"gateway": "1.11.22.33",
"dnsSuffixRegex": "String Value"
}
}
API Response
{
"code": 200,
"message": "Configuration Profile updated successfully with Name : Update API",
"timestamp": 1717429960235
}
Sample - Update the tags of the Configuration ProfileSample - Update the tags of the Configuration Profile
You can update the tags of the configuration profile using the tag ID and assignCloudAgent JSON object. To update FIM values, provide the configuration profile ID in the FIM section under of moduleConfiguration JSON object.
API Request
curl --location --request PATCH '
<qualys_base_url>/caui/v1/config-profiles' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <JWT_TOKEN>' \
--data ''
Request Body
{
"id": 1234567,
"assignCloudAgent": {
"tagSet": {
"includeMatchType": "ANY",
"includedTags": [
{
"tagId": 9876543
}
],
"excludeMatchType": "ANY",
"excludedTags": []
}
}
}
API Response
{
"code": 200,
"message": "Configuration Profile updated successfully with Name : Update API",
"timestamp": 1717429960235
}