Release 1.27 API

Improved Vulnerability Reports

With this release, you can add the following new columns to image and container vulnerability reports to show details about Qualys tags and Real-time Threat Indicators (RTIs) associated with the image or container:

Parameter Newly Supported Values  Column Name in the Report
displayColumns tags Tags
easyExploit Easy Exploit
noPatch No Patch
activeAttacks Active Attacks
highLateralMovement High Lateral Movement
highDataLoss High Data Loss
denialOfService Denial of Service

For information about these RTIs, see in the Knowledgebase: Real-time Threat Indicators.

The following APIs are impacted:

Create a Report Request

API affected /csapi/v1.3/reports
Operator POST
New or Updated APIs Updated

You can now show the new columns for tags and RTIs in the report.

Input Parameters

Parameter New Values Data Type Description
displayColumns

tags

easyExploit

noPatch

activeAttacks

highLateralMovement

highDataLoss

denialOfService

string Include columns for Qualys tags and RTIs associated with the image or container.

Sample: Create a Report with RTI Information

API Request

"<qualys_base_url>/csapi/v1.3/reports"
-d "{"description":"Demo Report",
    "name":"My Container Report",
    "templateName":"CS_CONTAINER_VULNERABILITY", 
    "filter":"status:running",
    "displayColumns":"[
        "containerid",
        "uuid",
        "qid",
        "tags",
        "easyExploit",
        "noPatch",
        "activeAttacks",
        "highLateralMovement",
        "highDataLoss",
        "denialOfService"
        ]"
    }" 
--header "Authorization: Bearer "<token">" 

Response

{
    "reportUuId": "037570f0-0193-11ea-9327-8fbbd2104c9c"
} 

Fetch a List of Reports

API affected /csapi/v1.3/reports
Operator GET
New or Updated APIs Updated

You can now see the new columns for tags and RTIs in the "displayColumns" output parameter.

Sample: Fetch a List of Reports

API Request

curl -X "GET" "<qulays_base_url>/csapi/v1.3/list?pageNumber=1&pageSize=10&sort=status%3Adsaudga8ya8yacucg8yds dsdfdss
-H "accept: application/json"
-H "Authorization: Bearer <token>"

{   "data": [         {       "listId": "64b2b343-6d3c-43ba-8912-97e45de0b460",       "name": "Test02_okay",       "created": "1687518584185",       "createdBy": "rq30",       "updated": "1687518584185",       "updatedBy": "rq30",       "scope": "VULNERABILITY",       "listType": "STATIC",       "qidCount": 52     },     {       "listId": "7788d038-521f-4cc8-9927-eb9b2a87ece4",       "name": "rails_exc",       "created": "1687513890947",       "createdBy": "rq30",       "updated": "1687513890947",       "updatedBy": "rq30",       "scope": "VULNERABILITY",       "listType": "STATIC",       "qidCount": 1     },     {       "listId": "43bcefbf-74cd-4d67-9b87-f3f4284d8cce",       "name": "test002_list",       "created": "1687752546527",       "createdBy": "rq30",       "updated": "1687752546527",       "updatedBy": "rq30",       "scope": "VULNERABILITY",       "listType": "STATIC",       "qidCount": 0     },   ],   "count": 3"count": 3 }

Response

{
    "data": [
        {
            "reportUuid": "42699db0-9eb1-11eb-bbb6-833197dc0c5b",
            "createdAt": "2021-04-16T12:42:52.000Z",
            "reportName": "sample-container-report",
            "description": null,
            "fileFormat": "csv",
            "templateName": "CS_CONTAINER_VULNERABILITY",
            "status": "COMPLETED",
            "reportType": "ON_DEMAND",
            "filter": "",
            "displayColumns": [
                "name",
                "containerId",
                "imageId",
                "qid",
                "cveids"
                "tags"
                "easyExploit"
                "noPatch"
                "activeAttacks"
                "highLateralMovement"
                "highDataLoss"
                "denialOfService"
            ]
        }
        {
            "reportUuid": "4738d060-5b02-11eb-a819-9b3f1886eb36",
            "createdAt": "2021-01-20T09:31:27.000Z",
            "reportName": "sample-image-report",
            "description": null,
            "fileFormat": "csv",
            "templateName": "CS_IMAGE_VULNERABILITY",
            "status": "FAILED",
            "reportType": "ON_DEMAND",
            "filter": null,
            "displayColumns": [
                "ALL"
            ]
        },
    ],
    "count": 2
}

Create a Report Schedule

API affected /csapi/v1.3/reports/schedule
Operator POST
New or Updated APIs Updated

You can now show the new columns for tags and RTIs in the report.

Sample: Create a Scheduled Report

API Request

curl -X POST
"<qualys_base_url>/csapi/v1.3/reports/schedule/"
-H "accept: application/*"
-H "Authorization: Bearer <token>"

Request Body

{
  "name": "CRS-TEST-15",
  "description": "",
  "templateName": "CS_IMAGE_VULNERABILITY",
  "format": "csv",
  "reportScheduleDetails": {
    "recurrenceType": "DAILY",
    "selectedDayOfWeeks": null,
    "monthlyType": null,
    "ordinalDayOfMonth": null,
    "dayOfWeek": null,
    "ordinalDayOfWeek": null
  },
  "displayColumns": [
    "name",
    "containerId",
    "imageId",
    "qid",
    "cveids"
    "tags"
    "easyExploit"
    "noPatch"
    "activeAttacks"
    "highLateralMovement"
    "highDataLoss"
    "denialOfService"
            ]
  "eventEndTime": "2023-03-25T22:30:00Z",
  "action": "CREATE",
  "eventTime": "2023-02-16T19:30:00Z"
}

Response

{
  "reportUuid": "620a2490-c3cc-11ed-bf38-5563a478dc98"
}

Vulnerability Exception Management

Vulnerability exceptions refer to specific vulnerabilities that have been identified within a containerized environment but are intentionally exempted from remediation measures.

With this release, you can flag the required vulnerabilities as exceptions for specific images. This means that despite their identification, they are intentionally left unreported and unaddressed. 

Here are a few possible reasons for granting exceptions:

  • False Positives: Some vulnerabilities reported may be false positives.
  • Third-Party Dependencies: Certain vulnerabilities may exist in third-party libraries or components that are beyond your immediate control.
  • Compatibility Issues: Applying a fix for a vulnerability might have other impacts.

The following new APIs have been introduced for vulnerability exception management:

Create a List

API affected /csapi/v1.3/list
Operator POST
New or Updated APIs New

Creates a static list of QIDs to use for creating exceptions.

Parameter Mandatory Data Type Description
name Yes string Specify a name for the list.
listType Yes string Specify the type of list. Currently, the only valid value is STATIC.
scope Yes string Specify the scope of the list. Currently, the only valid value is VULNERABILITY.
qidsToBeAdded Yes string Specify the QIDs to be added to the list. If the QIDs are specified, the "qidsAdditionFilter" parameter is ignored.
qidsAdditionFilter Yes string Specify a filter query to select QIDs. 

Sample: Create a New List of QIDs

API Request

curl -X "POST"
  "<qualys_base_url>/csapi/v1.3/list"
  -H "accept: application/json" 
  -H "Authorization: Bearer <token>"
  -H "Content-Type: application/json"
  -d "{
  "name": "test002_list",
  "listType": "STATIC",
  "scope": "VULNERABILITY",
  "qidsToBeAdded": [
    993395,
    754102,
    92012
  ],
  "qidsAdditionFilter": null;
}"

Response

{
  "listUuid": "43bcefbf-74cd-4d67-9b87-f3f4284d8cce"
}

Show Lists in Your Account

API affected /csapi/v1.3/list 
Operator GET
New or Updated APIs New

Fetches the QID lists available in your account.

Parameter Mandatory Data Type Description
filter Optional string

Filter the lists by providing a query using Qualys syntax.

Refer to the “How to Search” topic in the online help for assistance with creating your query.

pageNumber Optional integer

Specify the page to be returned. Page numbers start with 1.

The default value is 1.

pageSize Optional integer

The number of records per page to be included in the response.

The default value is 50.

sort Optional string

Sort the results using a Qualys token.

The default value is status:desc.

Refer to the “Sortable tokens” topic in the online help for more information.

Sample: Fetch the Lists from Your Account

API Request

curl -X "GET" "<qulays_base_url>/csapi/v1.3/list?pageNumber=1&pageSize=10&sort=status%3Adesc"
-H "accept: application/json"
-H "Authorization: Bearer <token>"

Response

{
  "data": [
        {
      "listId": "64b2b343-6d3c-43ba-8912-97e45de0b460",
      "name": "Test02_okay",
      "created": "1687518584185",
      "createdBy": "rq30",
      "updated": "1687518584185",
      "updatedBy": "rq30",
      "scope": "VULNERABILITY",
      "listType": "STATIC",
      "qidCount": 52
    },
    {
      "listId": "7788d038-521f-4cc8-9927-eb9b2a87ece4",
      "name": "rails_exc",
      "created": "1687513890947",
      "createdBy": "rq30",
      "updated": "1687513890947",
      "updatedBy": "rq30",
      "scope": "VULNERABILITY",
      "listType": "STATIC",
      "qidCount": 1
    },
    {
      "listId": "43bcefbf-74cd-4d67-9b87-f3f4284d8cce",
      "name": "test002_list",
      "created": "1687752546527",
      "createdBy": "rq30",
      "updated": "1687752546527",
      "updatedBy": "rq30",
      "scope": "VULNERABILITY",
      "listType": "STATIC",
      "qidCount": 0
    },
  ],
  "count": 3
}