Specify the connector details such as arn, externalId, and so on and create a new connector in the Connectors application.
Permissions required - Managers with full scope.
|
Parameter |
Mandatory /Optional |
Data Type |
Description |
|---|---|---|---|
|
name |
Optional |
integer |
The ID of the connector that you want to update. |
|
description |
Optional |
text |
Name of the connector you want to update. |
|
defaultTags |
Optional |
text |
(TagSimpleQList) Tags applied to any asset discovered by the connector. |
|
activation |
Optional |
text |
(List<ActivationModule>) Assets discovered by the connector is activated for the modules specified. |
|
allRegions |
Optional |
integer |
(boolean) If true, the end point’s collection is ignored and all the AWS regions scanned. |
|
disabled |
Optional |
date |
(boolean) Whether execution of the connector is disabled. (YES). If disabled, the connector does not synchronize assets. The disabled (boolean) parameter is used to disable a connector. This parameter when set to “true” the connector is disabled and will not run. - If a single connector is run and it is disabled an error is returned. - If multiple connectors are run and all are disabled an error is returned. - If multiple connectors are run and some are disabled, only connectors that are enabled will run. |
|
arn |
Optional |
date |
Generated by AWS. Ensure that you provide the same ARN that is generated by AWS. |
|
externalId |
Optional |
boolean |
Random string which is unique for each user. |
|
runFrequency |
Optional |
boolean |
runFrequency for a connector decides the rate at which the connector should poll the cloud provider and fetch the data. Specified in minutes. |
|
isRemediationEnabled |
Optional |
keyword |
A flag to enable or disable remediation for the connector. |
|
connectorAppInfos.set. ConnectorAppInfoQList |
Optional |
date |
A mandatory parent parameter when you need to provide the below parameter, set.ConnectorAppInfo. |
|
set.ConnectorAppInfo |
It holds the list of list of ConnectorAppInfo which includes App Name, identifiers and tag details. Connector can one or more apps from list [AI, CI, CSA]. AI-Asset Inventory, CI- Cloud Inventory, CSA- Cloud Security Assessment |
You can secure publicly exposed cloud assets by enabling cloud perimeter scans for your connectors. Cloud perimeter scans use Qualys External Scanners (Internet Remote Scanners), located at the Qualys Cloud Platform.
You can automate asset discovery of Connectors and with the Cloud Perimeter Scan. This ensures all publicly-exposed assets have perimeter scans performed, based on configurations provided at Connector.
|
Parameter |
Mandatory /Optional |
Data Type |
Description |
|---|---|---|---|
|
isCPSEnabled |
Optional |
boolean |
Set this flag to enable or disable cloud perimeter scan for the AWS connector. (Note: If isCPSEnabled flag is enabled, you need to provide the following parameters for the Cloud Perimeter Scan). |
|
connectorScanSetting |
Tag to include cloud perimeter scan settings. |
||
|
isCustomScanConfig Enabled |
Use this flag to indicate the scan configuration to be used for cloud perimeters scan. By default, this flag is disabled and the global scan configuration is applied to the cloud perimeter scan. To use custom scan configuration, you need to enable this flag. |
||
|
optionProfileId |
Specify the Option Profile Id. This Id is unique for every user. You can fetch the option profile Id using the List VM Option Profile API (/api/2.0/fo/subscription/option_profile/vm/?action=list). For more information on the how to fetch the option profile Id, refer to Qualys API (VM, PC) User Guide. |
||
|
recurrence |
Specify if the scan should be scheduled on DAILY or WEEKLY basis. |
||
|
daysOfWeek |
Specify the days when the scan should be scheduled. For example, SUN, MON, TUE, WED, THU, FRI, SAT.Note: This field is applicable only if the recurrence field is set to WEEKLY. |
||
|
scanPrefix |
Specify a prefix to be appended to the scan name. Once the cloud perimeter scan is triggered from the Vulnerability Management application, the prefix is appended to the scan name. The scan name is in following format: <prefix>-<connectorId>-<timestamp> |
||
|
startDate |
Specify the start date of scan in mm/dd/yyyy format. |
||
|
startTime |
Specify the start time of scan in HH:MM (24 hrs) format. |
||
|
timezone |
Specify the time zone for the cloud perimeter scan to be initiated. |
API request
curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" --data-binary @- "<qualys_base_url>/qps/rest/3.0/create/am/awsassetdataconnector"
Request POST data
<?xml version="1.0" encoding="UTF-8" ?>
<ServiceRequest>
<data>
<AwsAssetDataConnector>
<name>Test AWSConnector API</name>
<description>Connector created through API automation</description>
<defaultTags>
<set>
<TagSimple>
<id>42458382</id>
</TagSimple>
</set>
</defaultTags>
<activation>
<set>
<ActivationModule>VM</ActivationModule>
<ActivationModule>CERTVIEW</ActivationModule>
</set>
</activation>
<disabled>false</disabled>
<arn>arn:aws:iam:::12345678911/role:testrole</arn>
<externalId>POD-999999-11213331</externalId>
<isGovCloudConfigured>false</isGovCloudConfigured>
<isDeleted>true</isDeleted >
<allRegions>true</allRegions>
<runFrequency>300</runFrequency>
<isRemediationEnabled>true</isRemediationEnabled>
<connectorAppInfos>
<set>
<ConnectorAppInfoQList>
<set>
<ConnectorAppInfo>
<name>AI</name>
<identifier>arn:aws:iam:::12345678911/role:testrole</identifier>
<tagId>42458382</tagId>
</ConnectorAppInfo>
</set>
</ConnectorAppInfoQList>
<ConnectorAppInfoQList>
<set>
<ConnectorAppInfo>
<name>CI</name>
<identifier>arn:aws:iam:::12345678911/role:testrole</identifier>
<tagId>42458382</tagId>
</ConnectorAppInfo>
</set>
</ConnectorAppInfoQList>
<ConnectorAppInfoQList>
<set>
<ConnectorAppInfo>
<name>CSA</name>
<identifier>arn:aws:iam:::12345678911/role:testrole</identifier>
<tagId>42458382</tagId>
</ConnectorAppInfo>
</set>
</ConnectorAppInfoQList>
</set>
</connectorAppInfos>
</AwsAssetDataConnector>
</data>
</ServiceRequest>
Response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/am/awsassetdataconnector.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<AwsAssetDataConnector>
<id>xxxx</id>
<name>Test AWSConnector API</name>
<awsAccountId>xxxxxxxxx</awsAccountId>
<description>Connector created through API automation</description>
<connectorState>QUEUED</connectorState>
<type>AWS</type>
<defaultTags>
<list>
<TagSimple>
<id>xxxxxx</id>
<name>CV_Automation_Tag</name>
</TagSimple>
</list>
</defaultTags>
<activation>
<list>
<ActivationModule>CLOUDVIEW</ActivationModule>
<ActivationModule>CERTVIEW</ActivationModule>
<ActivationModule>VM</ActivationModule>
</list>
</activation>
<disabled>false</disabled>
<isGovCloudConfigured>false</isGovCloudConfigured>
<isChinaConfigured>false</isChinaConfigured>
<runFrequency>300</runFrequency>
<isRemediationEnabled>true</isRemediationEnabled>
<connectorAppInfos>
<list>
<ConnectorAppInfoQList>
<list>
<ConnectorAppInfo>
<name>CSA</name>
<identifier>arn:aws:iam::xxxxxxxxxxx:role/CV_UI_TestPod</identifier>
<tagId>20485923</tagId>
<tagMetadata>
<id>xxxxxxxxxxx</id>
</tagMetadata>
</ConnectorAppInfo>
</list>
</ConnectorAppInfoQList>
<ConnectorAppInfoQList>
<list>
<ConnectorAppInfo>
<name>AI</name>
<identifier>arn:aws:iam::xxxxxxxxxxx:role/CV_UI_TestPod</identifier>
<tagId>20485923</tagId>
<tagMetadata>
<id>xxxxxxxxxxx</id>
</tagMetadata>
</ConnectorAppInfo>
</list>
</ConnectorAppInfoQList>
<ConnectorAppInfoQList>
<list>
<ConnectorAppInfo>
<name>CI</name>
<identifier>arn:aws:iam::xxxxxxxxxxx:role/CV_UI_TestPod</identifier>
<tagId>xxxxxxxxxxx</tagId>
<tagMetadata>
<id>xxxxxxxxxxx</id>
</tagMetadata>
</ConnectorAppInfo>
</list>
</ConnectorAppInfoQList>
</list>
</connectorAppInfos>
<arn>arn:aws:iam::xxxxxxxx:role/CV_UI_TestPod</arn>
<externalId>POD-999999-11213331</externalId>
<qualysAwsAccountId>xxxxxxxxxxx</qualysAwsAccountId>
<allRegions>true</allRegions>
</AwsAssetDataConnector>
</data>
</ServiceResponse>
API Request (JSON)
curl -u "USERNAME:PASSWORD" -X "POST" --data-binary @- "<qualys_base_url>/qps/rest/3.0/create/am/awsassetdataconnector"
--header 'Accept: application/json'
Request POST Data (JSON)
{
"ServiceRequest": {
"data": {
"AwsAssetDataConnector": {
"name": "AWS Connector Via API",
"description": "Connector created through API",
"defaultTags": {
"set": {
"TagSimple": [
{
"id": 21423674
},
{
"id": 21423675
}
]
}
},
"activation": {
"set": {
"ActivationModule": [
"VM","SCA"
]
}
},
"disabled": false,
"arn": "arn:aws:iam:::12345678911/role:testrole",
"externalId": "POD-999999-11213331",
"allRegions": true,
"runFrequency": 240,
"isRemediationEnabled": true,
"connectorAppInfos": {
"set": {
"ConnectorAppInfoQList": [
{
"set": {
"ConnectorAppInfo": {
"name": "AI",
"identifier": "arn:aws:iam:::12345678911/role:testrole",
"tagId": 21423674
}
}
},
{
"set": {
"ConnectorAppInfo": {
"name": "CI",
"identifier": "arn:aws:iam:::12345678911/role:testrole",
"tagId": 21423674
}
}
},
{
"set": {
"ConnectorAppInfo": {
"name": "CSA",
"identifier": "arn:aws:iam:::12345678911/role:testrole",
"tagId": 21423674
}
}
}
]
}
}
}
}
}
}
Response (JSON)
{ "ServiceResponse": { "data": [ { "AwsAssetDataConnector": { "allRegions": "true", "isDeleted": "false", "isGovCloudConfigured": "false", "connectorState": "QUEUED", "runFrequency": 60, "lastSync": "2024-03-19T07:48:31Z", "isInstantAssessmentEnabled": "false", "nextSync": "2024-03-19T08:48:31Z", "defaultTags": { "list": [ { "TagSimple": { "name": "Tag1", "id":21423674} }, { "TagSimple": { "name": "Tag2", "id":21423674} } ] }, "id": 2719783, "arn": "arn:aws:iam::951386378876:role/CloudView_INT_Sanity_POD1_User2", "disabled": "false", "description": "Connector created through API automation", "name": "V3 Connector Multiple Tags", "externalId": "1655453577753", "authRecord": {}, "isChinaConfigured": "false", "awsAccountId": "951386378876", "qualysAwsAccountId": "205767712438", "type": "AWS", "connectorAppInfos": { "list": [ { "ConnectorAppInfoQList": { "list": [ { "ConnectorAppInfo": { "name": "CI", "identifier": "arn:aws:iam::951386378876:role/CloudView_INT_Sanity_POD13_User2" } } ] } }, { "ConnectorAppInfoQList": { "list": [ { "ConnectorAppInfo": { "name": "AI", "identifier": "arn:aws:iam::951386378876:role/CloudView_INT_Sanity_POD13_User2" } } ] } }, { "ConnectorAppInfoQList": { "list": [ { "ConnectorAppInfo": { "name": "CSA", "identifier": "arn:aws:iam::951386378876:role/CloudView_INT_Sanity_POD13_User2" } } ] } } ] }, "activation": { "ActivationModule": [ "CLOUDVIEW", "VM" ] }, "isSnapshotAssessmentEnabled": "false" } } ], "count": 1, "responseCode": "SUCCESS" } }
API Request
curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" --data-binary @- "<qualys_base_url>/qps/rest/3.0/create/am/awsassetdataconnector"
--header 'Accept: application/json'
Request POST data
<?xml version="1.0" encoding="UTF-8" ?>
<ServiceRequest>
<data>
...
<id>12345</id>
<name>Sample Connector</name>
<lastSync />
<lastError />
<connectorState>PENDING</connectorState>
<type>AWS</type>
<defaultTags>
<list>
<TagSimple>
<id>1</id>
<name>EC2</name>
</TagSimple>
</list>
</defaultTags>
<activation>
<ActivationModule>VM</ActivationModule>
</activation>
<disabled>false</disabled>
<isGovCloudConfigured>false</isGovCloudConfigured>
<arn>arn:aws:iam:::12345678911/role:testrole</arn>
<externalId>POD-999999-11213331</externalId>
<endpoints>
<list/>
</endpoints>
<allRegions>true</allRegions>
</AwsAssetDataConnector>
</data>undefined</ServiceRequest>
Response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/am/aws_asset_data-connector.xsd">
<responseCode>SUCCESS</responseCode>
...
<isCPSEnabled>true</isCPSEnabled>
<connectorScanSetting>
<isCustomScanConfigEnabled>true</isCustomScanConfigEnabled>
</connectorScanSetting>
<connectorScanConfig>
<set>
<ConnectorScanConfiguration>
<daysOfWeek>
<set>
<Day>SUN</Day>
<Day>MON</Day>
<Day>TUE</Day>
</set>
</daysOfWeek>
<optionProfileId>2</optionProfileId>
<recurrence>WEEKLY</recurrence>
<scanPrefix>Scan aws 02</scanPrefix>
<startDate>31/05/2022</startDate>
<startTime>15:45</startTime>
<timezone>Africa/Cairo</timezone>
</ConnectorScanConfiguration>
</set>
</connectorScanConfig>
...
</data>undefined</ServiceResponse>
API Request
curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" --
data-binary @- "<qualys_base_url>/qps/rest/3.0/create/am/awsassetdataconnector"
Request POST data
Response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse
xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance"
xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/
3.0/am/awsassetdataconnector.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<AwsAssetDataConnector>
<id>xxxx</id>
<name>Test AWSConnector API</name>
<awsAccountId>xxxxxxxxx</awsAccountId>
<description>Connector created through API automation</description>
<connectorState>SUCCESS</connectorState>
<type>AWS</type>
<defaultTags>
<list>
<TagSimple>
<id>xxxxxx</id>
<name>CV_Automation_Tag</name>
</TagSimple>
</list>
</defaultTags>
<activation>
<list>
<ActivationModule>CLOUDVIEW</ActivationModule>
<ActivationModule>CERTVIEW</ActivationModule>
<ActivationModule>VM</ActivationModule>
</list>
</activation>
<disabled>false</disabled>
<isGovCloudConfigured>false</isGovCloudConfigured>
<isChinaConfigured>false</isChinaConfigured>
<runFrequency>300</runFrequency>
<isRemediationEnabled>true</isRemediationEnabled>
<connectorAppInfos>
<list>
<ConnectorAppInfoQList>
<list>
<ConnectorAppInfo>
<name>CSA</name>
<identifier>arn:aws:iam::xxxxxxxxxxx:role/CV_UI_TestPod</identifier>
<tagId>20485923</tagId>
<tagMetadata>
<id>xxxxxxxxxxx</id>
</tagMetadata>
</ConnectorAppInfo>
</list>
</ConnectorAppInfoQList>
<ConnectorAppInfoQList>
<list>
<ConnectorAppInfo>
<name>AI</name>
<identifier>arn:aws:iam::xxxxxxxxxxx:role/CV_UI_TestPod</identifier>
<tagId>20485923</tagId>
<tagMetadata>
<id>xxxxxxxxxxx</id>
</tagMetadata>
</ConnectorAppInfo>
</list>
</ConnectorAppInfoQList>
<ConnectorAppInfoQList>
<list>
<ConnectorAppInfo>
<name>CI</name>
<identifier>arn:aws:iam::xxxxxxxxxxx:role/CV_UI_TestPod</identifier>
<tagId>xxxxxxxxxxx</tagId>
<tagMetadata>
<id>xxxxxxxxxxx</id>
</tagMetadata>
</ConnectorAppInfo>
</list>
</ConnectorAppInfoQList>
</list>
</connectorAppInfos>
<arn>arn:aws:iam::xxxxxxxx:role/CV_UI_TestPod</arn>
<externalId>POD-999999-11213331</externalId>
<qualysAwsAccountId>xxxxxxxxxxx</qualysAwsAccountId>
<allRegions>false</allRegions>
</AwsAssetDataConnector>
</ServiceResponse>
API Request
curl -u "USERNAME:PASSWORD" -X "POST" --data-binary @-
"<qualys_base_url>/qps/rest/3.0/create/am/awsassetdataconnector"
--header 'Accept: application/json'
Request POST data
<{
"ServiceRequest": {
"data": {
"AwsAssetDataConnector": {
"name": "Test AWSConnector API",
"description": "Connector created through API automation",
"defaultTags": {
"set": {
"TagSimple": {
"id": 42458382
}
}
},
"activation": {
"set": {
"ActivationModule": [
"VM","SCA"
]
}
},
"disabled": false,
"arn": "arn:aws:iam::XXXXXXXXXXXX:role/ARN_UPGRADE",
"externalId": "US1-1368984-11213331",
"allRegions": false,
"endpoints": {
"add": {
"AwsEndpointSimple": [
{
"regionCode": "af-south-1"
},
{
"regionCode": "eu-south-1"
}
]
}
},
"runFrequency": 240,
"isRemediationEnabled": true,
"connectorAppInfos": {
"set": {
"ConnectorAppInfoQList": [
{
"set": {
"ConnectorAppInfo": {
"name": "AI",
"identifier": "arn:aws:iam:::12345678911/role:testrole"
}
},
"set": {
"ConnectorAppInfo": {
"name": "CI",
"identifier": "arn:aws:iam:::12345678911/role:testrole"
}
},
"set": {
"ConnectorAppInfo": {
"name": "CSA",
"identifier": "arn:aws:iam:::12345678911/role:testrole"
}
}
}
]
}
}
}
}
}
}
Response
{
"ServiceResponse": {
"count": 1,
"responseCode": "SUCCESS",
"data": [
{
"AwsAssetDataConnector": {
"qualysAwsAccountId": "205767712438",
"isChinaConfigured": "false",
"runFrequency": 240,
"arn": "arn:aws:iam::XXXXXXXXXXXX:role/ARN_UPGRADE",
"externalId": "US1-1368984-11213331",
"id": 1998546,
"name": "Test AWSConnector API",
"description": "Connector created through API automation",
"connectorState": "QUEUED",
"disabled": "false",
"isInstantAssessmentEnabled": "false",
"awsAccountId": "",
"isGovCloudConfigured": "false",
"isCPSEnabled": "false",
"isRemediationEnabled": "true",
"allRegions": "false",
"activation": {
"ActivationModule": [
"SCA",
"VM",
"CLOUDVIEW"
]
},
"connectorAppInfos": {
"list": [
{
"ConnectorAppInfoQList": {
"list": [
{
"ConnectorAppInfo": {
"identifier": "arn:aws:iam:::12345678911/role:testrole",
"name": "CI"
}
}
]
}
},
{
"ConnectorAppInfoQList": {
"list": [
{
"ConnectorAppInfo": {
"identifier": "arn:aws:iam:::12345678911/role:testrole",
"name": "AI"
}
}
]
}
},
{
"ConnectorAppInfoQList": {
"list": [
{
"ConnectorAppInfo": {
"identifier": "arn:aws:iam:::12345678911/role:testrole",
"name": "CSA"
}
}
]
}
}
]
},
"type": "AWS",
"defaultTags": {
"list": [
{
"TagSimple": {
"id": 42458382,
"name": "CV_Automation_Tag"
}
}
]
}
}
}
]
}
}