Update Scripts API
This API enables you to update the script.
API Version History
The following table depicts the information about the different versions of this API along with the status:
| API Version | API Status | Release Date |
|---|---|---|
| v4.0 | Active | N/A |
| v3.0 | Deprecated | Feb 2025 |
v4.0
Input ParametersInput Parameters
| Parameter | Optional /Mandatory |
Data Type | Description |
|---|---|---|---|
| categoryId | Optional | Long | Provide the category of script based on categories like general automation, data collection, and backup. |
| content | Optional | String |
Parameter to pass the script content. Note: Script Content should be passed with base64 encoding. If not passed in the request, script content will be pulled from github params in the request. If github parameters are also not passed then error message is shown |
| comment | Optional | String |
Provide consent comment for updating the script contents and passed in this key. Note: It is if the content of the script is changed from existing. |
| githubInputURL | Optional | String |
Provide a complete github file path for which we want to create script content. If the content is not provided it is mandatory. Note: If the script repo is private then 'gitHubToken' also needs to be passed in the request. |
| gitHubUser | Optional | String | Provide a github user that has a github account. If the content is not provided, it is mandatory. |
| gitHubRepo | Optional | String | Provide the name of the github repository. If the content is not provided, it is mandatory. |
| gitHubFilePath | Optional | String | Provide a relative github file path for which we want to create as script content. If the content is not provided, it is mandatory. |
| gitHubBranch | Optional | String | Provide the github branch name. If the content is not provided, it is mandatory. |
| gitHubToken | Optional | String | Provide a github token to access a private github repository. For private repository, it is mandatory |
| gitHubSyncEnabled | Optional | Boolean | Enable the GitHub script to sync with the created script. |
| gitHubAutoSync | Optional | Boolean | Enable GitHub autosync with the created script. |
| scriptApprovalUser Consent |
Optional | Boolean | Create a script in an approval state or not. Deafult Value - False |
| customQid.title | Optional | String | Provide the qid title. Default script title is applied if not passed. |
| customQid.type | Optional | String | Provide the type of QID. Currently its supported type is only - "Detection QID". |
| customQid.qds | Optional | String | Provide TruRisk QDS score. |
| customQid.cveIds | Optional | String | Provide a CVE ID that is associated with a specific QID. |
| customQid.impact | Optional | String | Provide the details of the possible outcome if the vulnerability is exploited. |
| customQid.solution | Optional | String | Provide a verified solution for the impact. |
| customQid. bugTrackIds |
Optional | String | Provide a URL or an ID as an additional reference. |
| customQid.return CodeStatusMap |
Optional | List of returnCode and Status |
Get return code and the status based on the script you provide. Note: If returnCode not passed, default 0 will be considered. |
| threshold | Optional | Long | Provide the specific time that defines how long the script must run. You can specify the time in seconds. |
|
hasParameters |
Optional (This is mandatory only |
Boolean |
Provide this value as true if you want to define the script parameters. Default value is false. Note: This parameter is only applicable when you want to create a parameterized script. |
|
params.key |
Mandatory (This is mandatory |
String |
Provide the Base64 encoded string value. |
|
params.value |
Mandatory (This is mandatory |
String |
Provide the Base64 encoded string value. |
| detectionRegex | Optional | List | Contains the cardinality and regular expression values. |
| cardinality | Optional | String | Provide a cardinality value.
The values are:
|
| regex | Optional | List of string | Provide regular expression values.
These values are evaluated on script output to mark a Custom QID Detected or Not-Detected. |
| status | Optional | String | Provide the custom QID detection status values.
The supported values are:
|
Sample: Update Script with Base64 ContentSample: Update Script with Base64 Content
API Request
curl -X PATCH
'<qualys_base_url>/sm/v4/script/{Scriptid}'
--header 'Accept: application/vnd.qualys.car.api.v4.0+json'
--header 'Authorization: Bearer <authToken>'
--header 'Content-Type: application/json'
--data-raw
{
"categoryId": 103,
"content": "bHMgLWx0cg==",
"description": "Sample description",
"platform": "WINDOWS",
"severity": "3",
"threshold":300,
"title": "Sample title",
"typeId": 2,
"languageId": 1,
"scriptApprovalUserConsent": true,
"hasParameters": true,
"customQid": {
"qid": "12345",
"type": "Detection QID",
"severity": "4",
"qds": "75",
"vulnerabilityType": "Potential",
"cveIds": "CVE-2023-3452",
"detectionLogic": "Use Script",
"returnCodeStatusMap": [
{
"returnCode": "1",
"status": "Not-Detected"
},
{
"returnCode": "5",
"status": "Detected"
}
]
},
"params": [
{
"key": "string",
"value": "string"
}
]
}Response
{
"id": 100010,
"message": "Updated Successfully."
}Sample: Update Script with GitHub ParametersSample: Update Script with GitHub Parameters
API Request
curl -X PATCH
'<qualys_base_url>/sm/v4/script/{Scriptid}'
--header 'Accept: application/vnd.qualys.car.api.v4.0+json'
--header 'Authorization: Bearer <authToken>'
--header 'Content-Type: application/json'
--data-raw
{
"categoryId": 605,
"githubInputUrl": "<sample github url>",
"gitHubToken": "<sample github token of private repo>",
"gitHubUser": "<sample username>",
"gitHubRepo": "<sample repo name>",
"gitHubBranch": "<sample branch name>",
"gitHubFilePath": "<sample github file path>",
"description": "sample description",
"platform": "WINDOWS",
"severity": "3",
"threshold":300,
"title": "Sample title",
"typeId": 2,
"languageId": 1,
"scriptApprovalUserConsent": true,
"hasParameters": true,
"customQid": {
"qid": "12345",
"type": "Detection QID",
"severity": "4",
"qds": "75",
"vulnerabilityType": "Potential",
"cveIds": "CVE-2023-3452",
"detectionLogic": "Use Script",
"returnCodeStatusMap": [
{
"returnCode": "1",
"status": "Not-Detected"
},
{
"returnCode": "5",
"status": "Detected"
}
]
},
"params": [
{
"key": "string",
"value": "string"
}
]
}Response
{
"id": 100010,
"message": "Updated Successfully."
}API Request
curl -X PATCH
'<qualys_base_url>/sm/v4/script/{Scriptid}'
--header 'Accept: application/vnd.qualys.car.api.v4.0+json'
--header 'Authorization: Bearer <authToken>'
--header 'Content-Type: application/json'
--data-raw
'{
"categoryId": 605,
"content": "bHMgLWx0cg==",
"description": "sample description",
"platform": "WINDOWS",
"severity": "3",
"threshold":300,
"thresholdTimeUnit": "SECOND",
"title": "Sample title",
"typeId": 2,
"languageId": 204,
"scriptApprovalUserConsent": true,
"hasParameters": true,
"customQid": {
"type": "Detection QID",
"severity": "4",
"qds": "75",
"vulnerabilityType": "Information_Gathered",
"cveIds": "CVE-2023-3452",
"detectionLogic": "Use Script",
"detectionRegex": {
"cardinality": "CONTAINS",
"regex": [
"3.6.9"
],
"status": "detected"
},
"params": [
{
"key": "string",
"value": "string"
}
]
}'Response
{
"id": 213673,
"message": "Updated Successfully."
}API Request
curl -X PATCH
'<qualys_base_url>/sm/v4/script/{Scriptid}'
--header 'Accept: application/vnd.qualys.car.api.v4.0+json'
--header 'Authorization: Bearer <authToken>'
--header 'Content-Type: application/json
--data-raw {
"title": "Sample title",
"content": "bHMgLWxhOyBleGl0IDI7",
"description": "Sample control ID description",
"platform": "WINDOWS",
"severity": "3",
"threshold": 300,
"thresholdTimeUnit": "SECOND",
"typeId": 6,
"languageId": 4,
"scriptApprovalUserConsent": true,
"hasParameters": false,
"autorScriptsMetadata": {
"cid": "994911",
"tech": [
"Ubuntu 20.x",
"Ubuntu 18.x",
"Ubuntu 16.x",
"Debian GNU/Linux 10.x",
"Debian GNU/Linux 11.x",
"Debian GNU/Linux 9.x"
],
"policies": ["linux"],
"displayName": "Install the audit package",
"subType": "Response"
}
}API Response
{
"id": 100010,
"message": "Updated Successfully."
}
v3.0
Input ParametersInput Parameters
| Parameter | Mandatory/ Optional |
Data Type | Description |
|---|---|---|---|
| categoryId | Optional | Long | Provide the category of script based on categories like general automation, data collection, and backup. |
| content | Optional | String |
Parameter to pass the script content. Note: Script Content should be passed with base64 encoding. If not passed in the request, script content will be pulled from github params in the request. If github parameters are also not passed then error message is shown |
| comment | Optional | String |
Provide consent comment for updating the script contents and passed in this key. Note: It is if the content of the script is changed from existing. |
| githubInputURL | Optional | String |
Provide a complete github file path for which we want to create script content. If the content is not provided it is mandatory. Note: If the script repo is private then 'gitHubToken' also needs to be passed in the request. |
| gitHubUser | Optional | String | Provide a github user that has a github account. If the content is not provided, it is mandatory. |
| gitHubRepo | Optional | String | Provide the name of the github repository. If the content is not provided, it is mandatory. |
| gitHubFilePath | Optional | String | Provide a relative github file path for which we want to create as script content. If the content is not provided, it is mandatory. |
| gitHubBranch | Optional | String | Provide the github branch name. If the content is not provided, it is mandatory. |
| gitHubToken | Optional | String | Provide a github token to access a private github repository. For private repository, it is mandatory |
| gitHubSyncEnabled | Optional | Boolean | Enable the GitHub script to sync with the created script. |
| gitHubAutoSync | Optional | Boolean | Enable GitHub autosync with the created script. |
| scriptApprovalUser Consent | Optional | Boolean | Create a script in an approval state or not. Deafult Value - False |
| customQid.title | Optional | String | Provide the qid title. Default script title is applied if not passed. |
| customQid.type | Optional | String | Provide the type of QID. Currently its supported type is only - "Detection QID". |
| customQid.qds | Optional | String | Provide TruRisk QDS score. |
| customQid.cveIds | Optional | String | Provide a CVE ID that is associated with a specific QID. |
| customQid.impact | Optional | String | Provide the details of the possible outcome if the vulnerability is exploited. |
| customQid.solution | Optional | String | Provide a verified solution for the impact. |
| customQid. bugTrackIds |
Optional | String | Provide a URL or an ID as an additional reference. |
| customQid. returnCodeStatusMap |
Optional | List of returnCode and Status |
Get return code and the status based on the script you provide. Note: If returnCode not passed, default 0 will be considered. |
| threshold | Optional | Long | Provide the specific time that defines how long the script must run. You can specify the time in seconds, hours and minutes. |
| thresholdTimeUnit | Optional | Long | Provide the time to specify in SECONDS, HOURS, MINUTES. |
Sample: Create Script with Base64 ContentSample: Create Script with Base64 Content
API Request
curl -X PATCH
'<qualys_base_url>/sm/v3/script/{scriptID}'
--header 'Accept: application/vnd.qualys.car.api.v3.0+json'
--header 'Authorization: Bearer <authToken>'
--header 'Content-Type: application/json'
--data-raw '{
"description":"scirpt to be executed on Linux platform",
"severity": "1",
"threshold":5,
"thresholdTimeUnit": "MINUTE",
"categoryId": 6
}'Response
{
"id": 100007,
"message": "Updated Successfully."
}v2.0
Input Parameters Input Parameters
| Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| title | Optional | String | Use it to provide the name of the script. |
| categoryID | Optional | String | Use it to provide the category of script based on categories like general automation, data collection, and backup. |
| severity | Optional | Short | Use it to provide the severity level that defines the criticality of the script. Select a value from 1 to 5. |
| threshold | Optional | Integer | Use it to provide the specific time that defines how long the script must run. You can specify the time in seconds, hours, and minutes |
| gitHubUser | Optional | String | Use it to provide a github user that has a github account. |
| gitHubRepo | Optional | String | Use it to provide the name of the github repository |
| gitHubBranch | Optional | String | Use it to provide the github branch name. |
| gitHubFilepath | Optional | String | Use it to provide a relative github file path for which we want to create as script content |
| gitHubToken | Optional | String | Use it to provide a github token to access a private github repository. |
| scriptApproval UserConsent |
Optional | Boolean | Use it to create a script in an approval state or not. |
| githubInputUrl | Optional | String | Use it to provide a complete github file path for which we want to create script content. |
Sample: Update Script by Providing File in URLSample: Update Script by Providing File in URL
API Request
curl -X PATCH "<qualys_base_url>/sm/v2/script/61179" --header "Authorization: Bearer <JWT Token>" --header "Content-Type: application/json" --data-raw '{ "title": "giturl_api_284216", "description": "Sample Description updated", "categoryId": 6, "severity": 3, "threshold": 300, "thresholdTimeUnit": "SECOND", "githubInputUrl": "<github_url>" }'
Response
{
"id":61179,
"message":"Updated Successfully."
}Sample: Update Script with Github ParametersSample: Update Script with Github Parameters
API Request
curl -X PATCH
'<qualys_base_url>/sm/v2/script/61180'
--header "Authorization: Bearer <JWT Token>"
--header "Content-Type: application/json"
--data-raw '{
"title": "Sample title",
"description": "Sample Description updated",
"categoryId": 6,
"severity": 3,
"threshold": 300,
"thresholdTimeUnit": "SECOND",
"gitHubUser": "Qualys",
"gitHubRepo": "community",
"gitHubBranch": "<gitHubBranch>",
"gitHubFilePath": "<gitHubFilePath>"
}'Response
{
"id":61180,
"message":"Updated Successfully."
}API Request
curl -X PATCH
'<qualys_base_url>/sm/v2/script/61186'
--header "Authorization: Bearer <JWT Token>"
--header "Content-Type: application/json"
--data-raw '{
"title": "Sample title",
"description": "Sample Description updated",
"categoryId": 6,
"severity": 3,
"threshold": 300,
"thresholdTimeUnit": "SECOND",
"gitHubUser": "<gitHubUser>",
"gitHubRepo": "<gitHubRepo>",
"gitHubBranch": "<gitHubBranch>",
"gitHubFilePath": "<gitHubFilePath>",
"gitHubToken": "<gitHubToken>"
}'Response
{
"id":61186,
"message":"Updated Successfully."
}API Request
curl -X PATCH
'<qualys_base_url>/sm/v2/script/61403'
--header "Authorization: Bearer <JWT Token>"
--header "Content-Type: application/json"
--data-raw '{
"title": "Sample title",
"description": "Sample private url Description updated",
"categoryId": 6,
"severity": 3,
"threshold": 300,
"thresholdTimeUnit": "SECOND",
"gitHubToken" : "<gitHubToken>",
"githubInputUrl": "<githubInputUrl>"
}'Response
{
"id": 61403,
"message": "Updated Successfully."
}