Release 1.27 API
Improved Vulnerability Reports
With this release, you can add the following new columns to image and container vulnerability reports to show details about Qualys tags and Real-time Threat Indicators (RTIs) associated with the image or container:
Parameter | Newly Supported Values | Column Name in the Report |
---|---|---|
displayColumns | tags | Tags |
easyExploit | Easy Exploit | |
noPatch | No Patch | |
activeAttacks | Active Attacks | |
highLateralMovement | High Lateral Movement | |
highDataLoss | High Data Loss | |
denialOfService | Denial of Service |
For information about these RTIs, see in the Knowledgebase: Real-time Threat Indicators.
The following APIs are impacted:
Create a Report Request
API affected | /csapi/v1.3/reports |
---|---|
Operator |
|
New or Updated APIs | Updated |
You can now show the new columns for tags and RTIs in the report.
Input Parameters
Parameter | New Values | Data Type | Description |
---|---|---|---|
displayColumns |
tags easyExploit noPatch activeAttacks highLateralMovement highDataLoss denialOfService |
string | Include columns for Qualys tags and RTIs associated with the image or container. |
Sample: Create a Report with RTI Information
API Request
"<qualys_base_url>/csapi/v1.3/reports"
-d "{"description":"Demo Report",
"name":"My Container Report",
"templateName":"CS_CONTAINER_VULNERABILITY",
"filter":"status:running",
"displayColumns":"[
"containerid",
"uuid",
"qid",
"tags",
"easyExploit",
"noPatch",
"activeAttacks",
"highLateralMovement",
"highDataLoss",
"denialOfService"
]"
}"
--header "Authorization: Bearer "<token">"
Response
{
"reportUuId": "037570f0-0193-11ea-9327-8fbbd2104c9c"
}
Fetch a List of Reports
API affected | /csapi/v1.3/reports |
---|---|
Operator |
|
New or Updated APIs | Updated |
You can now see the new columns for tags and RTIs in the "displayColumns" output parameter.
Sample: Fetch a List of Reports
API Request
curl -X "GET" "<qulays_base_url>/csapi/v1.3/list?pageNumber=1&pageSize=10&sort=status%3Adsaudga8ya8yacucg8yds dsdfdss
-H "accept: application/json"
-H "Authorization: Bearer <token>"
{ "data": [ { "listId": "64b2b343-6d3c-43ba-8912-97e45de0b460", "name": "Test02_okay", "created": "1687518584185", "createdBy": "rq30", "updated": "1687518584185", "updatedBy": "rq30", "scope": "VULNERABILITY", "listType": "STATIC", "qidCount": 52 }, { "listId": "7788d038-521f-4cc8-9927-eb9b2a87ece4", "name": "rails_exc", "created": "1687513890947", "createdBy": "rq30", "updated": "1687513890947", "updatedBy": "rq30", "scope": "VULNERABILITY", "listType": "STATIC", "qidCount": 1 }, { "listId": "43bcefbf-74cd-4d67-9b87-f3f4284d8cce", "name": "test002_list", "created": "1687752546527", "createdBy": "rq30", "updated": "1687752546527", "updatedBy": "rq30", "scope": "VULNERABILITY", "listType": "STATIC", "qidCount": 0 }, ], "count": 3"count": 3 }
Response
{
"data": [
{
"reportUuid": "42699db0-9eb1-11eb-bbb6-833197dc0c5b",
"createdAt": "2021-04-16T12:42:52.000Z",
"reportName": "sample-container-report",
"description": null,
"fileFormat": "csv",
"templateName": "CS_CONTAINER_VULNERABILITY",
"status": "COMPLETED",
"reportType": "ON_DEMAND",
"filter": "",
"displayColumns": [
"name",
"containerId",
"imageId",
"qid",
"cveids"
"tags"
"easyExploit"
"noPatch"
"activeAttacks"
"highLateralMovement"
"highDataLoss"
"denialOfService"
]
}
{
"reportUuid": "4738d060-5b02-11eb-a819-9b3f1886eb36",
"createdAt": "2021-01-20T09:31:27.000Z",
"reportName": "sample-image-report",
"description": null,
"fileFormat": "csv",
"templateName": "CS_IMAGE_VULNERABILITY",
"status": "FAILED",
"reportType": "ON_DEMAND",
"filter": null,
"displayColumns": [
"ALL"
]
},
],
"count": 2
}
Create a Report Schedule
API affected | /csapi/v1.3/reports/schedule |
---|---|
Operator |
|
New or Updated APIs | Updated |
You can now show the new columns for tags and RTIs in the report.
Sample: Create a Scheduled Report
API Request
curl -X POST
"<qualys_base_url>/csapi/v1.3/reports/schedule/"
-H "accept: application/*"
-H "Authorization: Bearer <token>"
Request Body
{
"name": "CRS-TEST-15",
"description": "",
"templateName": "CS_IMAGE_VULNERABILITY",
"format": "csv",
"reportScheduleDetails": {
"recurrenceType": "DAILY",
"selectedDayOfWeeks": null,
"monthlyType": null,
"ordinalDayOfMonth": null,
"dayOfWeek": null,
"ordinalDayOfWeek": null
},
"displayColumns": [
"name",
"containerId",
"imageId",
"qid",
"cveids"
"tags"
"easyExploit"
"noPatch"
"activeAttacks"
"highLateralMovement"
"highDataLoss"
"denialOfService"
]
"eventEndTime": "2023-03-25T22:30:00Z",
"action": "CREATE",
"eventTime": "2023-02-16T19:30:00Z"
}
Response
{ "reportUuid": "620a2490-c3cc-11ed-bf38-5563a478dc98" }
Vulnerability Exception Management
Vulnerability exceptions refer to specific vulnerabilities that have been identified within a containerized environment but are intentionally exempted from remediation measures.
With this release, you can flag the required vulnerabilities as exceptions for specific images. This means that despite their identification, they are intentionally left unreported and unaddressed.
Here are a few possible reasons for granting exceptions:
- False Positives: Some vulnerabilities reported may be false positives.
- Third-Party Dependencies: Certain vulnerabilities may exist in third-party libraries or components that are beyond your immediate control.
- Compatibility Issues: Applying a fix for a vulnerability might have other impacts.
The following new APIs have been introduced for vulnerability exception management:
Create a List
API affected | /csapi/v1.3/list |
---|---|
Operator |
|
New or Updated APIs | New |
Creates a static list of QIDs to use for creating exceptions.
Parameter | Mandatory | Data Type | Description |
---|---|---|---|
name | Yes | string | Specify a name for the list. |
listType | Yes | string | Specify the type of list. Currently, the only valid value is STATIC. |
scope | Yes | string | Specify the scope of the list. Currently, the only valid value is VULNERABILITY. |
qidsToBeAdded | Yes | string | Specify the QIDs to be added to the list. If the QIDs are specified, the "qidsAdditionFilter" parameter is ignored. |
qidsAdditionFilter | Yes | string | Specify a filter query to select QIDs. |
Sample: Create a New List of QIDs
API Request
curl -X "POST"
"<qualys_base_url>/csapi/v1.3/list"
-H "accept: application/json"
-H "Authorization: Bearer <token>"
-H "Content-Type: application/json"
-d "{
"name": "test002_list",
"listType": "STATIC",
"scope": "VULNERABILITY",
"qidsToBeAdded": [
993395,
754102,
92012
],
"qidsAdditionFilter": null;
}"
Response
{
"listUuid": "43bcefbf-74cd-4d67-9b87-f3f4284d8cce"
}
Show Lists in Your Account
API affected | /csapi/v1.3/list |
---|---|
Operator |
|
New or Updated APIs | New |
Fetches the QID lists available in your account.
Parameter | Mandatory | Data Type | Description |
---|---|---|---|
filter | Optional | string |
Filter the lists by providing a query using Qualys syntax. Refer to the “How to Search” topic in the online help for assistance with creating your query. |
pageNumber | Optional | integer |
Specify the page to be returned. Page numbers start with 1. The default value is 1. |
pageSize | Optional | integer |
The number of records per page to be included in the response. The default value is 50. |
sort | Optional | string |
Sort the results using a Qualys token. The default value is status:desc. Refer to the “Sortable tokens” topic in the online help for more information. |
Sample: Fetch the Lists from Your Account
API Request
curl -X "GET" "<qulays_base_url>/csapi/v1.3/list?pageNumber=1&pageSize=10&sort=status%3Adesc"
-H "accept: application/json"
-H "Authorization: Bearer <token>"
Response
{
"data": [
{
"listId": "64b2b343-6d3c-43ba-8912-97e45de0b460",
"name": "Test02_okay",
"created": "1687518584185",
"createdBy": "rq30",
"updated": "1687518584185",
"updatedBy": "rq30",
"scope": "VULNERABILITY",
"listType": "STATIC",
"qidCount": 52
},
{
"listId": "7788d038-521f-4cc8-9927-eb9b2a87ece4",
"name": "rails_exc",
"created": "1687513890947",
"createdBy": "rq30",
"updated": "1687513890947",
"updatedBy": "rq30",
"scope": "VULNERABILITY",
"listType": "STATIC",
"qidCount": 1
},
{
"listId": "43bcefbf-74cd-4d67-9b87-f3f4284d8cce",
"name": "test002_list",
"created": "1687752546527",
"createdBy": "rq30",
"updated": "1687752546527",
"updatedBy": "rq30",
"scope": "VULNERABILITY",
"listType": "STATIC",
"qidCount": 0
},
],
"count": 3
}