For API version information, refer to the API Version History section.
This API lets you update the script with the type Custom QID.
| Parameter | Optional/Mandatory | Data Type | Description |
|---|---|---|---|
| categoryId | Optional | Long | Provide the category of script based on categories like general automation, data collection, and backup. |
| content | Optional | String |
Parameter to pass the script content. Note: Script Content should be passed with base64 encoding. If not passed in the request, script content will be pulled from github params in the request. If github parameters are also not passed then error message is shown |
| comment | Optional | String |
Provide consent comment for updating the script contents and passed in this key. Note: It is if the content of the script is changed from existing. |
| githubInputURL | Optional | String |
Provide a complete github file path for which we want to create script content. If the content is not provided it is mandatory. Note: If the script repo is private then 'gitHubToken' also needs to be passed in the request. |
| gitHubUser | Optional | String | Provide a github user that has a github account. If the content is not provided, it is mandatory. |
| gitHubRepo | Optional | String | Provide the name of the github repository. If the content is not provided, it is mandatory. |
| gitHubFilePath | Optional | String | Provide a relative github file path for which we want to create as script content. If the content is not provided, it is mandatory. |
| gitHubBranch | Optional | String | Provide the github branch name. If the content is not provided, it is mandatory. |
| gitHubToken | Optional | String | Provide a github token to access a private github repository. For private repository, it is mandatory |
| gitHubSyncEnabled | Optional | Boolean | Enable the GitHub script to sync with the created script. |
| gitHubAutoSync | Optional | Boolean | Enable GitHub autosync with the created script. |
| scriptApprovalUser Consent | Optional | Boolean | Create a script in an approval state or not. Deafult Value - False |
| customQid.title | Optional | String | Provide the qid title. Default script title is applied if not passed. |
| customQid.type | Optional | String | Provide the type of QID. Currently its supported type is only - "Detection QID". |
| customQid.qds | Optional | String | Provide TruRisk QDS score. |
| customQid.cveIds | Optional | String | Provide a CVE ID that is associated with a specific QID. |
| customQid.impact | Optional | String | Provide the details of the possible outcome if the vulnerability is exploited. |
| customQid.solution | Optional | String | Provide a verified solution for the impact. |
| customQid.bugTrac kIds | Optional | String | Provide a URL or an ID as an additional reference. |
| customQid.returnCodeStatusMap | Optional | List of returnCode and Status |
Get return code and the status based on the script you provide. Note: If returnCode not passed, default 0 will be considered. |
| threshold | Optional | Long | Provide the specific time that defines how long the script must run. You can specify the time in seconds, hours and minutes. |
| thresholdTimeUnit | Optional | Long | Provide the time to specify in SECONDS, HOURS, MINUTES. |
API Request
curl -X PATCH '<qualys_base_url>/sm/v3/script/{scriptID}'
--header 'Accept: application/vnd.qualys.car.api.v3.0+json'
--header 'Authorization: Bearer <authToken>'
--header 'Content-Type: application/json' \
--data-raw '{
"description":"scirpt to be executed on Linux platform",
"severity": "1",
"threshold":5,
"thresholdTimeUnit": "MINUTE",
"categoryId": 6
}'
Response
{
"id": 100007,
"message": "Updated Successfully."
}
| Parameter | Optional /Mandatory |
Data Type | Description |
|---|---|---|---|
| categoryId | Optional | Long | Provide the category of script based on categories like general automation, data collection, and backup. |
| content | Optional | String |
Parameter to pass the script content. Note: Script Content should be passed with base64 encoding. If not passed in the request, script content will be pulled from github params in the request. If github parameters are also not passed then error message is shown |
| comment | Optional | String |
Provide consent comment for updating the script contents and passed in this key. Note: It is if the content of the script is changed from existing. |
| githubInputURL | Optional | String |
Provide a complete github file path for which we want to create script content. If the content is not provided it is mandatory. Note: If the script repo is private then 'gitHubToken' also needs to be passed in the request. |
| gitHubUser | Optional | String | Provide a github user that has a github account. If the content is not provided, it is mandatory. |
| gitHubRepo | Optional | String | Provide the name of the github repository. If the content is not provided, it is mandatory. |
| gitHubFilePath | Optional | String | Provide a relative github file path for which we want to create as script content. If the content is not provided, it is mandatory. |
| gitHubBranch | Optional | String | Provide the github branch name. If the content is not provided, it is mandatory. |
| gitHubToken | Optional | String | Provide a github token to access a private github repository. For private repository, it is mandatory |
| gitHubSyncEnabled | Optional | Boolean | Enable the GitHub script to sync with the created script. |
| gitHubAutoSync | Optional | Boolean | Enable GitHub autosync with the created script. |
| scriptApprovalUser Consent |
Optional | Boolean | Create a script in an approval state or not. Deafult Value - False |
| customQid.title | Optional | String | Provide the qid title. Default script title is applied if not passed. |
| customQid.type | Optional | String | Provide the type of QID. Currently its supported type is only - "Detection QID". |
| customQid.qds | Optional | String | Provide TruRisk QDS score. |
| customQid.cveIds | Optional | String | Provide a CVE ID that is associated with a specific QID. |
| customQid.impact | Optional | String | Provide the details of the possible outcome if the vulnerability is exploited. |
| customQid.solution | Optional | String | Provide a verified solution for the impact. |
| customQid.bugTrac kIds | Optional | String | Provide a URL or an ID as an additional reference. |
| customQid.return CodeStatusMap |
Optional | List of returnCode and Status |
Get return code and the status based on the script you provide. Note: If returnCode not passed, default 0 will be considered. |
| threshold | Optional | Long | Provide the specific time that defines how long the script must run. You can specify the time in seconds. |
|
hasParameters |
Optional (This is mandatory only if you want to define the |
Boolean |
Provide this value as Default value is Note: This parameter is only applicable when you want to create a parameterized script. |
|
params.key |
Mandatory (This is mandatory when the |
String |
Provide the Base64 encoded string value. |
|
params.value |
Mandatory (This is mandatory when the |
String |
Provide the Base64 encoded string value. |
API Request
curl -X PATCH
'<qualys_base_url>/sm/v4/script/{Scriptid}'
--header 'Accept: application/vnd.qualys.car.api.v4.0+json'
--header 'Authorization: Bearer <authToken>'
--header 'Content-Type: application/json'
--data-raw
{
"categoryId": 103,
"content": "bHMgLWx0cg==",
"description": "Sample description",
"platform": "WINDOWS",
"severity": "3",
"threshold":300,
"title": "Sample title",
"typeId": 2,
"languageId": 1,
"scriptApprovalUserConsent": true,
"hasParameters": true,
"customQid": {
"qid": "12345",
"type": "Detection QID",
"severity": "4",
"qds": "75",
"vulnerabilityType": "Potential",
"cveIds": "CVE-2023-3452",
"detectionLogic": "Use Script",
"returnCodeStatusMap": [
{
"returnCode": "1",
"status": "Not-Detected"
},
{
"returnCode": "5",
"status": "Detected"
}
]
},
"params": [
{
"key": "string",
"value": "string"
}
]
}
Response:
{
"id": 100010,
"message": "Updated Successfully."
}
The following table depicts the information about the different versions of this API along with the status:
| API Version | API Status | Release Date |
|---|---|---|
| /sm/v4/script/{id} | Active | Oct 2024 |
| /sm/v3/script/{id} | To be deprecated | Feb 2025 |