Release 2.3 API

October 15, 2024

Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.

What's New?

Updated Input Parameter 'threshold' for Script-based APIs

In our latest update, we have made an important change to how we handle time-based threshold values. Specifically, we have removed the 'thresholdTimeUnit' field. From now on, you need to provide values for the 'threshold' field in SECONDS. This adjustment is aimed at simplifying the configuration process and ensuring a more standardized approach across our platform. Update your settings accordingly to ensure seamless operation.

Parameter	Mandatory/Optional	Data Type	Description
threshold	Optional	Integer	Use it to provide the specific time that defines how long the script must run. You need to specify the time in seconds.

The following APIs are impacted due to changes in the threshold parameter.

Create Custom QID API
Update Custom QID API
Create Custom Scripts with GitHub URL and Parameter API
Update Custom Scripts with GitHub URL and Parameter API

Create Custom QID API

New or Updated API	Updated
API Endpoint (Deprecation timeline - Feb 2025)	/sm/v3/script
API Endpoint (New Version)	/sm/v4/script
Method	POST
DTD or XSD changes	Not Applicable

Sample: Create Request with base64 ContentsSample: Create Request with base64 Contents

API Request

curl -X POST '<qualys_base_url>/sm/v4/script'
--header 'Accept: application/vnd.qualys.car.api.v4.0+json' 
--header 'Authorization: Bearer <authToken>' 
--header 'Content-Type: application/json' 
--data-raw 
'{
    "categoryId":605,
    "content":"bHMgLWx0cg==",
    "description":"Microsoft Internet Explorer Information Disclosure 
Vulnerability description",
    "platform":"WINDOWS",
    "severity":"3",
    "threshold":300,
    "title":"Microsoft Internet Explorer Information Disclosure 
Vulnerability",
    "typeId":2,
    "languageId":204,
    "scriptApprovalUserConsent":true,
    "customQid":{
        "type":"Detection QID",
        "qds":"75",
        "vulnerabilityType":"Information_Gathered",
        "cveIds":"CVE-2023-3452",
        "detectionLogic":"Use Script",
        "returnCodeStatusMap":[
            {
                "returnCode":"1",
                "status":"Not-Detected"
            },
            {
                "returnCode":"5",
                "status":"Detected"
            }
        ]
    }
}'

Response

{
     "errorCode":"0",
     "message":" Custom QID script created successfully",
     "body":{
         "id":100502
     }
}

Update Custom QID API

New or Updated API	Updated
API Endpoint (Deprecation timeline - Feb 2025)	/sm/v3/script{id}
API Endpoint (New Version)	/sm/v4/script{id}
Method	PATCH
DTD or XSD changes	Not Applicable

Sample to update the scriptSample to update the script

API Request

curl -X PATCH'<qualys_base_url>/sm/v4/script/{scriptID}'
--header'Accept: application/vnd.qualys.car.api.v4.0+json'  
--header'Authorization: Bearer <authToken>'  
--header'Content-Type: application/json'
--data-raw'{
    "description":"scirpt to be executed on Linux platform",
    "severity":"1",
    "threshold":5,
    "categoryId":6
}'

Response

{
     "id":100007,
     "message":"Updated Successfully."
}

Create Custom Scripts with GitHub URL and Parameter API

New or Updated API	Updated
API Endpoint (Deprecation timeline - Feb 2025)	/sm/v2/script
API Endpoint (New Version)	/sm/v4/script
Method	POST
DTD or XSD changes	Not Applicable

Sample: Create Scripts with GitHub ParametersSample: Create Scripts with GitHub Parameters

API Request

curl -X POST '<qualys_base_url>/sm/v4/script'  
--header 'Authorization: Bearer <authToken>' 
--header 'Content-Type: application json' 
--data-raw '
{
     "title":"{{scriptTitle}}",
     "description":"Sample Description",
     "categoryId":2,
     "platform":"WINDOWS",
     "severity":3,
     "threshold":300,
     "thresholdTimeUnit":"SECOND",
     "languageId":201,
     "gitHubUser":"Qualys",
     "gitHubRepo":"community",
     "gitHubBranch":"",
     "gitHubFilePath":"assetcount/README.md"
}'

Response

{
     "errorCode":"0",
     "message":"Script created successfully",
     "body":{
         "id":61180
     }
}

Update Custom Scripts with GitHub URL and Parameter API

New or Updated API	Updated
API Endpoint (Deprecation timeline - Feb 2025)	/sm/v2/script
API Endpoint (New Version)	/sm/v4/script
Method	PATCH
DTD or XSD changes	Not Applicable

Sample: Update Script with GiHub ParametersSample: Update Script with GiHub Parameters

API Request

curl --location --request PATCH '<qualys_base_url>/sm/v4/script/61180' 
--header 'Authorization: Bearer <authToken>'
--header 'Content-Type: application json' 
--data-raw '
{
    "title":"{{scriptTitle}}",
    "description":"Sample Description updated",
    "categoryId":6,
    "severity":3,
    "threshold":300,
    "gitHubUser":"Qualys",
    "gitHubRepo":"community",
    "gitHubBranch":"",
    "gitHubFilePath":"assetcount/README.md"
}'

Response

{
     "id":61180,
     "message":"Updated Successfully."
}