Custom Assessment and Remediation Release 2.5.1 API
May 12, 2025
Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.
Tag-based User Scoping in CAR APIs
With the Tag-based User Scoping feature, the response of the CAR APIs is filtered based on the tags assigned to the scope of the user calling the API. There is no change in the existing request body of the CAR APIs.
For more information on the feature, refer to the Tag-based User Scoping in CAR.
The Tag-based User Scoping feature is enabled based on customer request. Contact Qualys Technical Support to get it enabled.
Support for Control ID Remediation through APIs
With the introduction of the Control ID Remediation, you can now create and update the Control ID Remediation script through the following mentioned scripts APIs.
You must include the following new input parameters in the above mentioned APIs to create or update the control ID remediation:
| Parameter | Mandatory/ Optional |
Data Type | Description |
|---|---|---|---|
| autorScriptsMetadata | Optional
(mandatory only when you want to create control ID remediation script) |
Object | Contains the control ID details. |
| cid | Mandatory | String | Provide the control ID number. |
| tech | Mandatory | List of strings | Provide the technologies associated with controls. |
| policies | Optional | List of strings | Provide policies associated with controls. |
| displayName | Optional | String | Provide the name of the script. |
| subType | Optional | String | Provide the sub-type of the script.
Accepted values: |
Create Scripts API: Create control ID remediation script
| New or Updated API | Updated |
| API Endpoint | /sm/v5/script |
| Method | POST |
| DTD or XSD changes | Not Applicable |
Sample: Create control ID remediation scriptSample: Create control ID remediation script
API Request
curl -X POST
'<qualys_base_url>/sm/v5/script'
--header 'Accept: application/vnd.qualys.car.api.v5.0+json'
--header 'Authorization: Bearer <authToken>'
--header 'Content-Type: application/json'
--data-raw {
"title": "Sample title",
"content": "bHMgLWxhOyBleGl0IDI7",
"description": "Sample control ID description",
"platform": "WINDOWS",
"severity": "3",
"threshold": 300,
"thresholdTimeUnit": "SECOND",
"typeId": 6,
"languageId": 4,
"scriptApprovalUserConsent": true,
"hasParameters": false,
"autorScriptsMetadata": {
"cid": "994911",
"tech": [
"Ubuntu 20.x",
"Ubuntu 18.x",
"Ubuntu 16.x",
"Debian GNU/Linux 10.x",
"Debian GNU/Linux 11.x",
"Debian GNU/Linux 9.x"
],
"policies": ["linux"],
"displayName": "Install the audit package",
"subType": "Response"
}
}
Response
{
"errorCode": "0",
"message": "Script created successfully",
"body": {
"id": 100504
}
}
Update Scripts API: Update control ID remediation script
| New or Updated API | Updated |
| API Endpoint | /sm/v4/script/{Scriptid} |
| Method | PATCH |
| DTD or XSD changes | Not Applicable |
Sample: Update control ID remediation scriptSample: Update control ID remediation script
API Request
curl -X PATCH
'<qualys_base_url>/sm/v4/script/{Scriptid}'
--header 'Accept: application/vnd.qualys.car.api.v4.0+json'
--header 'Authorization: Bearer <authToken>'
--header 'Content-Type: application/json'
--data-raw {
"title": "Sample Title",
"content": "ZGF0ZTsgZXhpdCAyOw==",
"description": "Update control ID script",
"platform": "WINDOWS",
"severity": "3",
"threshold": 300,
"thresholdTimeUnit": "SECOND",
"typeId": 6,
"languageId": 4,
"scriptApprovalUserConsent": true,
"hasParameters": false,
"comment": "Update",
"autorScriptsMetadata": {
"cid": "9949",
"tech": [
"Ubuntu 20.x",
"Ubuntu 18.x",
"Ubuntu 16.x",
"Debian GNU/Linux 10.x",
"Debian GNU/Linux 11.x",
"Debian GNU/Linux 9.x",
"linux"
],
"policies": ["linux"],
"displayName": "Install the audit package",
"subType": "Response"
}
}
API Request
{
"id": 100010,
"message": "Updated Successfully."
}