Release 3.3.0.0 API

November 26, 2024 (Updated December 19, 2024)

Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.

What's New?

New API - Download Reports

New or Updated API New
API Endpoint /rest/2.0/am/report/download
Method GET
DTD or XSD changes Not Applicable

Before this release, you could download the required report only using the CSAM UI.
With this release, we introduced a new API to download the specified report.


- You can download the reports only with the COMPLETED status.
The report download fails for the reports with the rest of the statuses.
- If you provide the report name that matches a single or multiple existing reports
with the COMPLETED status, the latest report with the COMPLETED status is downloaded.

Input ParametersInput Parameters

Parameter

Mandatory/Optional

Data Type

Description
reportName Mandatory String Provide the name of the report that you want to download.

Sample - Download Report Sample - Download Report 

API Request

curl --location --request GET
'<qualys_base_url/rest/2.0/am/report/download?reportName=Open Ports_1' \
--header 'accept: */*' \
--header 'Content-Type: application/json' \
--header 'Authorization: <JWT_Token>' \
--data ''

API Response: Provided an Incorrect Report Name 

{
"responseMessage": "The report download failed because the report name you provided is not available. 
Provide the correct value and download it.",
"responseCode": "BAD_REQUEST"
}

API Response: Downloading the Report from GAV

{
"responseMessage": "Report API access forbidden 
for Asset Inventory Free Subscription",
"responseCode": "FORBIDDEN"
}

API Response: Provided the Report Name with Statuses Other than COMPLETED

{
"responseMessage": "Current report status is GENERATED.
You can download the report only with the COMPLETED status.",
"responseCode": "BAD_REQUEST"
}

Enhanced APIs - EASM APIs

With this release, we added new optional input parameters to the following APIs:
Create an EASM ProfileUpdate an EASM Profile Data | Patch an EASM Profile Data

Also, the excludeCDNAssets, defaultPurgeRuleFrequency, excludeDefamatoryDomain, and enableTyposquattedDomainGeneration new fields are added to the Get EASM Profile Data API.

Enhanced API - Create an EASM Profile

New or Updated API Updated
API Endpoint /easm/v2/profile
Method POST
DTD or XSD changes Not Applicable

With this release, the following new optional input parameters are added to the Create, Update, and Patch an EASM Profile Data APIs. You can provide them as part of the API request payload based on your requirements. See the following Input Parameter Details table: 

Input Parameters

The following new input parameters are applicable to the Create, Update, and Patch an EASM Profile Data APIs.

Parameter and Data Type

Description

excludeCDNAssets

(String)

Provide the value as 'true' if you want to view the CDN assets for EASM LighweightScan. Otherwise, provide the value 'false'. The default value is 'true'. 

The excludeCDNAssets parameter is supported only if the enableEASMSCAN parameter is set to true.

defaultPurgeRule
Frequency

(Numerical)

Provide the value within the 0-10 range. The default value is 3.

Example: If you provide the value 3, and the asset is not discovered through 3 EASM discoveries, it will be deleted from the CSAM account.

excludeDefamatory
Domain

(String)

Provide the value as 'false' if you want to view the defamatory domains.  The default value is 'true'.

 The excludeDefamatoryDomain parameter is supported only if the enableTyposquattedDomainGeneration parameter is set to 'true'.

enableTyposquatted
DomainGeneration

(String)

Provide the value as 'true' if you want to generate and view the typosquatted domains for the respective domain and organization seed values. The default value is 'false'.

Sample - Create EASM Profile Data APISample - Create EASM Profile Data API

API Request 

curl --location '<qualys_base_url>/easm/v2/profile' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <JWT_Token>' \
--data '     {
   "name": "newProfile",
   "includeSeeds": [
     {
       "seedType": "DOMAIN",
       "seedValue": "qualyss.com",
       "enumerateSubsidiary": false,
       "horizontalEnumeration": false,
       "seedFilters": [],
       "verticalEnumeration": false,
       "seedFileName": null
              }
            ],
       "excludeSeeds": [],
       "enableIFAScan": false,
       "active": true,
       "enableEASMScan": false,
       "includeVMAssets": false,
       "excludeCDNAssets": true,
       "defaultPurgeRuleFrequency": 3,
       "excludeDefamatoryDomain": true,
       "enableTyposquattedDomainGeneration": false
           }'

Enhanced API - Update an EASM Profile Data

New or Updated API Updated
API Endpoint /easm/v2/profile/{profileName}
Method PUT
DTD or XSD changes Not Applicable

Refer to the Input Parameters table for detailed information about the newly added input parameters.

Sample - Update EASM Profile Data APISample - Update EASM Profile Data API

API Request 

curl --location --request PUT 
'<qualys_base_url>/easm/v2/profile/newProfile' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <JWT_Token>' \
--data ' {
          "name": "newProfile",
          "includeSeeds": [
            {
              "seedType": "DOMAIN",
              "seedValue": "qualysss.com",
              "enumerateSubsidiary": false,
              "horizontalEnumeration": false,
              "seedFilters": [],
              "verticalEnumeration": false,
              "seedFileName": null
            }
            ],
            "excludeSeeds": [],
            "enableIFAScan": false,
            "active": true,
            "enableEASMScan": false,
            "includeVMAssets": false,
            "excludeCDNAssets": true,
            "defaultPurgeRuleFrequency": 3,
            "excludeDefamatoryDomain": true,
            "enableTyposquattedDomainGeneration": true
        }'

Enhanced API - Patch an EASM Profile Data

New or Updated API Updated
API Endpoint /easm/v2/profile/{profileName}
Method PATCH
DTD or XSD changes Not Applicable

Refer to the Input Parameters table for detailed information about the newly added input parameters.

Sample - Patch EASM Profile Data APISample - Patch EASM Profile Data API

API Request 

curl --location --request PATCH '<qualys_base_url>/easm/v2/profile/11' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <JWT_Token>' \
--data '{
            "name": "11",
            "includeSeeds": [
                {
                    "seedType": "DOMAIN",
                    "seedValue": "qualyss4.com",
                    "seedHeading": null,
                    "enumerateSubsidiary": false,
                    "horizontalEnumeration": false,
                    "seedFilters": [],
                    "verticalEnumeration": false,
                    "seedFileName": null
                }
            ],
            "excludeSeeds": [],
            "enableIFAScan": false,
            "active": false,
            "profileTagName": "11",
            "enableEASMScan": false,
            "includeVMAssets": false,
            "excludeCDNAssets": true,
            "defaultPurgeRuleFrequency": 5,
            "excludeDefamatoryDomain": false,
            "enableTyposquattedDomainGeneration": true
        }'

Enhanced API - Get an EASM Profile Data

New or Updated API Updated
API Endpoint /easm/v2/profile
Method GET
DTD or XSD changes Not Applicable

With this release, you can learn the following details from the new fields that are added to the response:

  • excludeCDNAssets: The CDN assets are included in the EASM LighweightScan or not.
  • defaultPurgeRuleFrequency: The purge rule frequency of the assets. If the assets are not discovered through the EASM discoveries according to the stated count, they are deleted from the CSAM account.
  • excludeDefamatoryDomain: Whether viewing the defamatory domains is enabled or not.
  • enableTyposquattedDomainGeneration: Whether generation and viewing of the typosquatted domains for the respective domain and organization seed values is enabled of not. 

Sample - Get EASM Profile DataSample - Get EASM Profile Data

API Request 

curl --location --request GET 
'<qualys_base_url>/easm/v2/profile' \
--header 'Authorization: Bearer <JWT_Token>' \
--data ''

API Response 

{
"hasNextPage": false,
"profile": [
{
"name": "qualys123",
"includeSeeds": [
   {
     "seedType": "ORGANIZATION",
     "seedValue": "Qualys, Inc",
     "seedHeading": null,
     "enumerateSubsidiary": true,
     "horizontalEnumeration": true,
     "seedFilters": [],
     "verticalEnumeration": false,
     "seedFileName": null
   },
   {
     "seedType": "DOMAIN",
     "seedValue": "qualys.com",
     "seedHeading": null,
     "enumerateSubsidiary": true,
     "horizontalEnumeration": true,
     "seedFilters": [],
     "verticalEnumeration": true,
     "seedFileName": null
   }
],
"excludeSeeds": [
   {
     "seedType": "COUNTRY",
     "seedValue": "IN"
   }
],
"enableIFAScan": false,
"active": false,
"profileTagName": "qualys123",
"enableEASMScan": false,
"includeVMAssets": false,
"excludeCDNAssets": true,
"defaultPurgeRuleFrequency": 3,
"excludeDefamatoryDomain": false,
"enableTyposquattedDomainGeneration": false
},
{
"name": "MultipleIPS",
"includeSeeds": [
   {
     "seedType": "NETBLOCK",
     "seedValue": "184.27.107.6;104.75.45.207;99.83.253.77",
     "seedHeading": null,
     "enumerateSubsidiary": false,
     "horizontalEnumeration": false,
     "seedFilters": [],
     "verticalEnumeration": false,
     "seedFileName": null
   }
],
"excludeSeeds": [],
"enableIFAScan": false,
"active": true,
"profileTagName": "MultipleIPS",
"enableEASMScan": false,
"includeVMAssets": false,
 "excludeCDNAssets": true,
 "defaultPurgeRuleFrequency": 2,
"excludeDefamatoryDomain": false,
 "enableTyposquattedDomainGeneration": false
}
]
}

Enhanced API - Third Party Assets API with Webhook Findings

New or Updated API Updated
API Endpoint /rest/2.0/am/connector/asset/data/sync
Method POST
DTD or XSD changes Not Applicable

With this release, you can provide the 'Webhook Findings' information in the sample payload of this API. This section is introduced explicitly for ETM customers. We support the Vulnerability and Misconfiguration categories for the payload.

Using this API with the 'Webhook Findings' information, you get the details, such as Vulnerabilities, QDS, and Risk-Contributing findings. Also, if any misconfiguration finding in the form of EOL EOS Software exists, then Open Port detects it and calculates the Risk Score.

Important to Know!

  • When the category is VULNERABILITY:
    • subCategory must be either Confirmed, Information, or Potential.
    • findingStatus must be either New, Active, Fixed, or null.
    • severity must be in the range of 1-5.
  • When the category is MISCONFIGURATION:
    • findingStatus must be either PASS, FAIL, or null.
    • severity must be in the range of 1-5.

Sample - Import Third-Party Assets to CSAMSample - Import Third-Party Assets to CSAM

API Request 

curl --location --request POST 
'<qualys_base_url>/rest/2.0/am/connector/asset/data/sync' \
--header 'Authorization: Bearer <JWT_Token>' \
--header 'Content-Type: application/json' \
--data-raw '<JSON payload>'

Sample JSON for category Misconfiguration (without values)

{
"connectorMetaData": {
 "requestId": "string",
 "assetCount": "integer",
 "source": "string",
 "connectorUuid": "string"
},
"assetData": [
 {
  "identityAttributes": {
  "qualysAssetId": "integer",
  "sourceNativeKey": "string",
  "instanceUuid": "String",
  "instanceUuidSource": "String",
  "hostName": "String",
  "netBiosName": "string",
  "fqdn": "String",
  "macAddress": [
  "string"
  ],
  "ipAddress": [
  "ip address format string"
  ],
  "serialNumber": "String",
  "hardwareUuid": "string"
  },
  "coreAttributes": {
  "lastLoggedOnUser": "String",
  "operatingSystem": "String",
  "hostName": "String",
  "address": "ip address format string",
  "dnsName": "String",
  "biosInfo": {
  "biosDescription": "String",
  "lastBoot": "date",
  "manufacturer": "String",
  "totalMemory": "integer",
  "timeZone": "String",
  "model": "String",
  "serialNumber": "String",
  "biosAssetTag": "String",
  "hardwareUuid": "String"
  },
  "netBiosName": "String",
  "isContainer": "boolean",
  "fqdn": "String",
  "domain": "String",
  "osVersion": "String",
  "osArchitecture": "String",
  "domainRole": "String",
  "processor": {
  "description": "String",
  "speed": "float",
  "numberOfCpu": "integer"
  },
  "ports": [
  {
   "port": "Integer",
   "protocol": "String",
   "detectedService": "String",
   "description": "String",
   "firstFound": "Date",
   "lastUpdated": "Date"
  }
  ],
  "networkInterfaces": [
  {
   "interfaceName": "String",
   "macAddress": "String",
   "address": "ip address format string",
   "gatewayAddress": [
   "ip address format string"
   ],
   "dnsAddress": [
   "ip address format string"
   ],
   "hostName": "String",
   "ipv4Address": [
   "ip address format string"
   ],
   "ipv6Address": [
   "ip address format string"
   ],
   "type": "String",
   "networkUuid": "String in UUID format"
  }
  ],
  "softwares": [
  {
   "name": "String",
   "version": "String",
   "installedDate": "date",
   "lastUpdated": "date",
   "identifier": "String",
   "isSystemApp": "boolean",
   "isEnterpriseApp": "boolean",
   "publisher": "String",
   "language": "String",
   "type": "String",
   "installPath": "String",
   "lastUsedDate": "date",
   "firstFoundDate": "date"
  }
  ],
  "services": [
  {
   "name": "String",
   "description": "String",
   "status": "String"
  }
  ],
  "volumes": [
  {
   "name": "String",
   "size": "Integer",
   "free": "Integer"
  }
  ],
  "accounts": [
  {
   "username": "String"
  }
  ],
  "businessMetaData": {
  "status": "String",
  "environment": "String",
  "company": "String",
  "department": "String",
  "ownedBy": "String",
  "managedBy": "String",
  "supportedBy": "String",
  "supportGroup": "String"
  },
  "assignedLocation": {
  "name": "String",
  "street": "String",
  "city": "String",
  "state": "String",
  "zip": "String",
  "country": "String",
  "latitude": "String",
  "longitude": "String"
  },
  "businessApps": [
  {
   "businessAppId": "String"
  }
  ],
  "containers": [
  {
   "version": "String",
   "numberOfContainers": "Integer",
   "numberOfImages": "Integer",
   "type": "String"
  }
  ],
  "customConnectorAttributes": {
  "key": "value"
  },
  "findings": [
  {
   "id": "String",
   "name": "String",
   "description": "String",
   "riskScore": "Integer",
   "category": "MISCONFIGURATION",
   "subCategory": "String ",
   "vendorName": "String",
   "vendorProductName": "String",
   "externalFindingId": "String",
   "findingURL": "String",
   "severity": "Integer",
   "findingStatus": "String ",
   "detectionResult": "String",
   "impact": "String",
   "solutionRecommendation": "String",
   "detectionRationale": "String",
   "references": [
   "String"
   ],
   "firstFoundOn": "Date",
   "lastFoundOn": "Date",
   "reopenedOn": "Date",
   "lastFixedOn": "Date",
   "port": "Integer",
   "protocol": "String",
   "findingDetectionURL": "String",
   "profileId": "String",
   "mitreAttacks": [
   {
    "tactics": {
    "id": "String",
    "name": "String",
    "isPrimary": "Boolean",
    "desc": "String"
    }
   },
   {
    "techniques": {
    "id": "String",
    "name": "String",
    "isPrimary": "Boolean",
    "desc": "String"
    }
   },
   {
    "subtechniques": {
    "id": "String",
    "name": "String",
    "desc": "String"
    }
   }
   ],
   "product": {
   "name": "String",
   "vendor": "String",
   "category": "String",
   "version": "String"
   },
   "exceptionDetail": {
   "isFindingToBeIgnored": "boolean"
   },
   "remediation": {
   "remediationStrategy": "String",
   "recurringRemediationSchedule": "String",
   "remediationBy": "String"
   },
   "mitigation": {
   "mitigationStrategy": "String",
   "recurringMitigationSchedule": "String",
   "mitigationBy": "String"
   },
   "findingType": {
   "misconfiguration": {
    "policy": {
   "id": "Integer",
   "type": "String",
   "title": "String",
   "techName": "String",
   "control": {
     "id": "Integer",
     "isRansomware": "Boolean",
     "evidenceURL": "String",
     "referenceID": "String",
     "benchmarkTypes": [
     "String"
     ],
     "benchmarkTitle": "String",
     "controlSubCategory": "String"
     },
     "description": "String",
     "policyFindingUrl": "String"
    },
    "rule": {
    "ruleName": "String",
    "ruleDescription": "String"
    }
}
},
"attributes": {
"key": "value"
}
}
]
}
}
]
}

Sample JSON for category Vulnerability (without values)

{
"connectorMetaData": {
"requestId": "string",
"assetCount": "integer",
"source": "string",
"connectorUuid": "string"
},
"assetData": [
{
"identityAttributes": {
 "qualysAssetId": "integer",
 "sourceNativeKey": "string",
 "instanceUuid": "String",
 "instanceUuidSource": "String",
 "hostName": "String",
 "netBiosName": "string",
 "fqdn": "String",
 "macAddress": [
"string"
 ],
 "ipAddress": [
 "ip address format string"
 ],
 "serialNumber": "String",
 "hardwareUuid": "string"
},
"coreAttributes": {
 "lastLoggedOnUser": "String",
 "operatingSystem": "String",
 "hostName": "String",
 "address": "ip address format string",
 "dnsName": "String",
 "biosInfo": {
 "biosDescription": "String",
 "lastBoot": "date",
 "manufacturer": "String",
 "totalMemory": "integer",
 "timeZone": "String",
 "model": "String",
 "serialNumber": "String",
 "biosAssetTag": "String",
 "hardwareUuid": "String"
 },
 "netBiosName": "String",
 "isContainer": "boolean",
 "fqdn": "String",
 "domain": "String",
 "osVersion": "String",
 "osArchitecture": "String",
 "domainRole": "String",
 "processor": {
 "description": "String",
 "speed": "float",
 "numberOfCpu": "integer"
 },
 "ports": [
 {
  "port": "Integer",
  "protocol": "String",
  "detectedService": "String",
  "description": "String",
  "firstFound": "Date",
  "lastUpdated": "Date"
 }
 ],
 "networkInterfaces": [
 {
  "interfaceName": "String",
  "macAddress": "String",
  "address": "ip address format string",
  "gatewayAddress": [
  "ip address format string"
  ],
  "dnsAddress": [
  "ip address format string"
  ],
  "hostName": "String",
  "ipv4Address": [
  "ip address format string"
  ],
  "ipv6Address": [
  "ip address format string"
  ],
  "type": "String",
  "networkUuid": "String in UUID format"
 }
 ],
 "softwares": [
 {
  "name": "String",
  "version": "String",
  "installedDate": "date",
  "lastUpdated": "date",
  "identifier": "String",
  "isSystemApp": "boolean",
  "isEnterpriseApp": "boolean",
  "publisher": "String",
  "language": "String",
  "type": "String",
  "installPath": "String",
  "lastUsedDate": "date",
  "firstFoundDate": "date"
 }
 ],
 "services": [
 {
  "name": "String",
  "description": "String",
  "status": "String"
 }
 ],
 "volumes": [
 {
  "name": "String",
  "size": "Integer",
  "free": "Integer"
 }
 ],
 "accounts": [
 {
  "username": "String"
 }
 ],
 "businessMetaData": {
 "status": "String",
 "environment": "String",
 "company": "String",
 "department": "String",
 "ownedBy": "String",
 "managedBy": "String",
 "supportedBy": "String",
 "supportGroup": "String"
 },
 "assignedLocation": {
 "name": "String",
 "street": "String",
 "city": "String",
 "state": "String",
 "zip": "String",
 "country": "String",
 "latitude": "String",
 "longitude": "String"
 },
 "businessApps": [
 {
  "businessAppId": "String"
 }
 ],
 "containers": [
 {
  "version": "String",
  "numberOfContainers": "Integer",
  "numberOfImages": "Integer",
  "type": "String"
 }
 ],
 "customConnectorAttributes": {
 "key": "value"
 },
 "findings": [
 {
  "id": "String",
  "name": "String",
  "description": "String",
  "riskScore": "Integer",
  "category": " VULNERABILITY ",
  "subCategory": "String",
  "vendorName": "String",
  "vendorProductName": "String",
  "externalFindingId": "String",
  "findingURL": "String",
  "severity": "Integer ",
  "findingStatus": "String ",
  "detectionResult": "String",
  "impact": "String",
  "solutionRecommendation": "String",
  "detectionRationale": "String",
  "references": [
  "String"
  ],
  "firstFoundOn": "Date",
  "lastFoundOn": "Date",
  "reopenedOn": "Date",
  "lastFixedOn": "Date",
  "port": "Integer",
  "protocol": "String",
  "findingDetectionURL": "String",
  "profileId": "String",
  "mitreAttacks": [
  {
  "tactics": {
  "id": "String",
  "name": "String",
  "isPrimary": "Boolean",
  "desc": "String"
  }
  },
  {
  "techniques": {
  "id": "String",
  "name": "String",
  "isPrimary": "Boolean",
  "desc": "String"
  }
  },
  {
  "subtechniques": {
  "id": "String",
  "name": "String",
  "desc": "String"
  }
  }
  ],
  "product": {
  "name": "String",
  "vendor": "String",
  "category": "String",
  "version": "String"
  },
  "exceptionDetail": {
  "isFindingToBeIgnored": "boolean"
  },
  "remediation": {
  "remediationStrategy": "String",
  "recurringRemediationSchedule": "String",
  "remediationBy": "String"
  },
  "mitigation": {
"mitigationStrategy": "String",
"recurringMitigationSchedule": "String",
"mitigationBy": "String"
},
"findingType": {
"vulnerability": {
  "vendorId": "String",
  "cveId": "String",
  "qvs": "Integer",
  "cweId": [
"String"
  ],
  "cvss": {
"cvss2Base": "String",
"cvss2Temporal": "String",
"cvss3Base": "String",
"cvss3Temporal": "String",
"vector": "String"
  },
  "isPatchAvailable": "Boolean",
  "isQualysPatchable": "Boolean",
  "isExploitAvailable": "Boolean",
  "exploitCodeMaturity": "String",
  "exploitedByList": [
"String"
  ],
  "owaspTop10Ids": [
{
"name": "String",
"url": "String"
}
  ],
  "wascIds": [
{
"name": "String",
"url": "String"
}
  ]
}
},
"attributes": {
  "key": "value"
}
}
]
}
}
]
}

Sample JSON for category Misconfiguration (with values)

{
"connectorMetaData": {
"requestId": 111114,
"connectorUuid": "10c3017f-f219-44e9-87e1-9c82f302490e",
"source": "WEBHOOK"
},
"assetData": [
{
"identityAttributes": {
 "qualysAssetId": null,
 "sourceNativeKey": null,
 "instanceUuid": null,
 "instanceUuidSource": null,
 "hostName": null,
 "netBiosName": "FindingTestMisCon",
 "fqdn": null,
 "macAddress": null,
 "ipAddress": [
"101.70.255.250"
 ],
 "serialNumber": null,
 "hardwareUuid": "86712A42-18D8-2A16-D0FC-1E3DABD"
},
"coreAttributes": {
 "lastLoggedOnUser": "Rxxxxxh",
 "operatingSystem": "Windows 7",
 "hostName": null,
 "address": "101.70.255.250",
 "dnsName": "DnsName",
 "biosInfo": {
 "biosDescription": "BioDescriptiontest",
 "lastBoot": null,
 "manufacturer": "Dell_Inc.",
 "totalMemory": "8192",
 "timeZone": "+5:30",
 "model": "Latitude_7490",
 "serialNumber": null,
 "biosAssetTag": "NoAssetTag",
 "hardwareUuid": "86712A42-18D8-2A16-D0FC-1E3DABD"
 },
 "netBiosName": "FindingTestMisCon",
 "isContainer": true,
 "fqdn": null,
 "domain": "com.co.in",
 "osVersion": "7",
 "osArchitecture": "64-Bits",
 "domainRole": "test",
 "processor": {
 "description": "intel",
 "speed": 34.2,
 "numberOfCpu": 1
 },
 "ports": [
 {
 "port": "22",
 "protocol": "TCP",
 "detectedService": "ssh",
 "description": "Test",
 "firstFound": null,
 "lastUpdated": null
 },
 {
 "port": "22",
 "protocol": "UDP",
 "detectedService": "ssh update",
 "description": "Test",
 "firstFound": null,
 "lastUpdated": null
 }
 ],
 "networkInterfaces": [
 {
 "interfaceName": "TestInterfaceName",
 "macAddress": null,
 "address": "101.70.255.250",
 "gatewayAddress": [
 "10.10.10.11"
 ],
 "dnsAddress": [
 "10.10.10.12"
 ],
 "hostName": null,
 "ipv4Address": [
 "101.70.255.250"
 ],
 "ipv6Address": null,
 "type": "PUBLIC",
 "networkUuid": null
 }
 ],
 "softwares": [
 {
 "name": "Python",
 "version": "3",
 "installedDate": 1233321123,
 "lastUpdated": 1233321123,
 "identifier": null,
 "isSystemApp": false,
 "isEnterpriseApp": false,
 "publisher": null,
 "language": null,
 "type": null,
 "installPath": null,
 "lastUsedDate": 1233321123,
 "firstFoundDate": 1233321123
 },
 {
 "name": "docker.io",
 "version": "18.09.1+dfsg1-7.1+deb10u2",
 "installedDate": 1233321123,
 "lastUpdated": 1233321123,
 "identifier": null,
 "isSystemApp": false,
 "isEnterpriseApp": false,
 "publisher": null,
 "language": null,
 "type": null,
 "installPath": null,
 "lastUsedDate": 1233321123,
 "firstFoundDate": 1233321123
 },
 {
 "name": "oracle 12",
 "version": "12.1.0.2.0",
 "installedDate": 1233321123,
 "lastUpdated": 1233321123,
 "identifier": null,
 "isSystemApp": false,
 "isEnterpriseApp": false,
 "publisher": null,
 "language": null,
 "type": null,
 "installPath": null,
 "lastUsedDate": 1233321123,
 "firstFoundDate": 1233321123
 },
 {
 "name": "Apache 2.2",
 "version": "2.2.19",
 "installedDate": 1233321123,
 "lastUpdated": 1233321123,
 "identifier": null,
 "isSystemApp": false,
 "isEnterpriseApp": false,
 "publisher": null,
 "language": null,
 "type": null,
 "installPath": null,
 "lastUsedDate": 1233321123,
 "firstFoundDate": 1233321123
 }
 ],
 "services": [
 {
 "name": "remote test",
 "description": "Test Service is running",
 "status": "Running"
 }
 ],
 "volumes": [
 {
 "name": "C",
 "size": 123,
 "free": 123
 }
 ],
 "accounts": [
 {
 "username": "rijain"
 }
 ],
 "businessMetaData": {
 "status": "Operational",
 "environment": "Production",
 "company": "ACME US",
 "department": "Hostel",
 "ownedBy": "Joey Bolick",
 "managedBy": "Byron Fortuna",
 "supportedBy": "JohnDoe",
 "supportGroup": "testgroup"
 },
 "assignedLocation": {
 "name": "eela",
 "street": "punawale",
 "city": "pune",
 "state": "maharastra",
 "zip": "411033",
 "country": "india",
 "latitude": "18.6298° N",
 "longitude": "73.7997° E"
 },
 "businessApps": [
 {
 "businessAppId": null
 }
 ],
 "containers": [
 {
 "version": "34",
 "numberOfContainers": 1,
 "numberOfImages": 1,
 "type": "Test"
 }
 ],
 "customConnectorAttributes": {
 "TestKey": "testvalue"
 },
 "findings": [
 {
 "id": "123456",
 "name": "SSH Server CBC Mode Ciphers Enabled",
 "description": "SSH Server CBC Mode Ciphers Enabled Description",
 "riskScore": 50,
 "category": "MISCONFIGURATION",
 "subCategory": "EOL/EOS",
 "vendorName": "Qualys",
 "vendorProductName": "IBM",
 "externalFindingId": "123-3445-67",
 "findingURL": "https://miller-hansen.com/",
 "severity": 5,
 "findingStatus": "PASS",
 "detectionMethod": "External",
 "detectionResult": "Severe",
 "impact": "HIGH",
 "solutionRecommendation": "SR test",
 "detectionRationale": "DetectionRation Test",
 "references": [
 "TestURL1",
 "TestURL2"
 ],
 "firstFoundOn": 1725602066000,
 "lastFoundOn": 1725602066000,
 "reopenedOn": 1725602066000,
 "lastFixedOn": 1725602066000,
 "port": 22,
 "protocol": "TCP",
 "findingDetectionURL": "https://miller-hansen.com/testworks",
 "profileId": "123456",
 "mitreAttacks": [
 {
  "tactics": {
  "id": "2312",
  "name": "TestName",
  "isPrimary": true,
  "desc": "testDesc"
  }
 },
 {
  "techniques": {
  "id": "1122",
  "name": "testtechniquesName",
  "isPrimary": true,
  "desc": "testtechniquesName"
  }
 },
 {
  "subtechniques": {
  "id": "1234",
  "name": "testSubtechniquesName",
  "desc": "testSubtechniquesDesc"
  }
 }
 ],
 "product": {
 "name": "Open SSH",
 "vendor": "Qualys",
 "category": "Policy Compliance",
 "version": "3.2"
 },
 "exceptionDetail": {
 "isFindingToBeIgnored": true
 },
 "remediation": {
 "remediationStrategy": "False",
 "recurringRemediationSchedule": "NO",
 "remediationBy": "Rxxxabh xxxn"
 },
 "mitigation": {
 "mitigationStrategy": "Kindway",
 "recurringMitigationSchedule": "Daily",
 "mitigationBy": "Ashu Jain"
 },
 "findingType": {
 "misconfiguration": {
  "policy": {
  "id": 1231,
  "type": "MISSING REQUIRED SOFTWARE",
  "title": "MISSING REQUIRED SOFTWARE",
  "techName": "MRS",
  "control": {
  "id": "1212",
  "isRansomware": true,
  "evidenceURL": "www.testurl.com/",
  "referenceID": "121",
  "benchmarkTypes": [
  "Yes"
  ],
  "benchmarkTitle": "This is for testing purpose",
  "controlSubCategory": "No"
},
"description": "Description for testing",
"policyFindingUrl": "www.asset12311.com/"
  },
  "rule": {
"ruleName": "Missing required software test",
"ruleDescription": "MRS test for software"
  }
}
},
"attributes": {
"key": "Test"
}
}
 ]
}
}
]
}

Sample JSON for category Vulnerability (with values)

{
"connectorMetaData": {
"requestId": "123445677",
"assetCount": 1,
"source": "WEBHOOK",
"connectorUuid": "da4b8361-2327-4bf1-af7d-2ce775bc9882"
},
"assetData": [
    {
     "identityAttributes": {
     "qualysAssetId": null,
     "sourceNativeKey": null,
     "instanceUuid": null,
     "instanceUuidSource": null,
     "hostName": null,
     "netBiosName": "AssetNameTest",
     "fqdn": null,
     "macAddress": null,
     "ipAddress": [
     "100.63.255.250"
      ],
       "serialNumber": null,
       "hardwareUuid": "86712A42-18D8-2A16-D0FC-1E3DABD"
       },
     "coreAttributes": {
     "lastLoggedOnUser": "Rxxxxh",
     "operatingSystem": "Windows 7",
     "hostName": null,
     "address": "100.63.255.250",
     "dnsName": "DnsName",
     "biosInfo": {
        "biosDescription": "BioDescriptiontest",
        "lastBoot": null,
        "manufacturer": "Dell_Inc.",
        "totalMemory": "8192",
        "timeZone": "+5:30",
        "model": "Latitude_7490",
        "serialNumber": null,
        "biosAssetTag": "NoAssetTag",
        "hardwareUuid": "86712A42-18D8-2A16-D0FC-1E3DABD"
        },
        "netBiosName": "AssetNameTest",
        "isContainer": true,
        "fqdn": null,
        "domain": "com.co.in",
        "osVersion": "7",
        "osArchitecture": "64-Bits",
        "domainRole": "test",
        "processor": {
            "description": "intel",
            "speed": 34.2,
            "numberOfCpu": 1
            },
        "ports": [
           {
        "port": "22",
        "protocol": "TCP",
        "detectedService": "ssh",
        "description": "Test",
"firstFound": null,
"lastUpdated": null
  {
   "port": "22",
   "protocol": "UDP",
   "detectedService": "ssh update",
   "description": "Test",
   "firstFound": null,
   "lastUpdated": null
  }
],
"networkInterfaces": [
  {
   "interfaceName": "TestInterfaceName",
   "macAddress": null,
   "address": "100.63.255.250",
   "gatewayAddress": [
   "10.10.10.11"
  ],
"dnsAddress": [
"10.10.10.12"
],
"hostName": null,
"ipv4Address": [
"100.63.255.250"
],
"ipv6Address": null,
"type": "PUBLIC",
"networkUuid": null
}
],
"softwares": [
{
"name": "Python",
"version": "3",
 "installedDate": 1233321123,
 "lastUpdated": 1233321123,
 "identifier": null,
 "isSystemApp": false,
 "isEnterpriseApp": false,
 "publisher": null,
 "language": null,
 "type": null,
 "installPath": null,
 "lastUsedDate": 1233321123,
 "firstFoundDate": 1233321123
 },
 {
 "name": "docker.io",
 "version": "18.09.1+dfsg1-7.1+deb10u2",
 "installedDate": 1233321123,
 "lastUpdated": 1233321123,
 "identifier": null,
 "isSystemApp": false,
 "isEnterpriseApp": false,
 "publisher": null,
 "language": null,
 "type": null,
 "installPath": null,
 "lastUsedDate": 1233321123,
 "firstFoundDate": 1233321123
 }, {
 "name": "oracle 12",
 "version": "12.1.0.2.0",
 "installedDate": 1233321123,
 "lastUpdated": 1233321123,
 "identifier": null,
 "isSystemApp": false,
 "isEnterpriseApp": false,
 "publisher": null,
 "language": null,
 "type": null,
 "installPath": null,
 "lastUsedDate": 1233321123,
 "firstFoundDate": 1233321123
 },
 {
 "name": "Apache 2.2",
 "version": "2.2.19",
 "installedDate": 1233321123,
 "lastUpdated": 1233321123,
 "identifier": null,
 "isSystemApp": false,
 "isEnterpriseApp": false,
 "publisher": null,
 "language": null,
 "type": null,
 "installPath": null,
 "lastUsedDate": 1233321123,
 "firstFoundDate": 1233321123
 }
],
"services": [
 {
 "name": "remote test",
 "description": "Test Service is running",
 "status": "Running"
 }
],
"volumes": [
 {
 "name": "C",
 "size": 123,
 "free": 123
 }
],
"accounts": [
 {
 "username": "rijain"
 }
],
"businessMetaData": {
"status": "Operational",
"environment": "Production",
"company": "ACME US",
"department": "Hostel",
"ownedBy": "Joey Bolick",
"managedBy": "Byron Fortuna",
"supportedBy": "JohnDoe",
"supportGroup": "testgroup"
},
"assignedLocation": {
"name": "eela",
"street": "punawale",
"city": "pune",
"state": "maharastra",
"zip": "411033",
"country": "india",
"latitude": "18.6298° N",
"longitude": "73.7997° E"
},
 "businessApps": [
 {
 "businessAppId": null
 }
],
"containers": [
 {
 "version": "34",
 "numberOfContainers": 1,
 "numberOfImages": 1,
 "type": "Test"
 }
],
"customConnectorAttributes": {
"TestKey": "testvalue"
},
"findings": [
 {
 "id": "123456",
 "name": "SSH Server CBC Mode Ciphers Enabled",
 "description": "SSH Server CBC Mode Ciphers Enabled Description",
 "riskScore": 50,
 "category": "VULNERABILITY",
 "subCategory": "Confirmed",
 "vendorName": "Qualys",
 "vendorProductName": "IBM",
 "externalFindingId": "123-3445-67",
 "findingURL": "https://miller-hansen.com/",
 "severity": 2,
 "findingStatus": "ACTIVE",
 "detectionMethod": "External",
 "detectionResult": "Severe",
 "impact": "HIGH",
 "solutionRecommendation": "SR test",
 "detectionRationale": "DetectionRation Test",
 "references": [
 "TestURL1",
 "TestURL2"
],
 "firstFoundOn": 1725602066000,
 "lastFoundOn": 1725602066000,
 "reopenedOn": 1725602066000,
 "lastFixedOn": 1725602066000,
 "port": 22,
 "protocol": "TCP",
 "findingDetectionURL": "https://miller-hansen.com/testworks",
 "profileId": "123456",
 "mitreAttacks": [
{
"tactics": {
"id": "2312",
"name": "TestName",
"isPrimary": true,
"desc": "testDesc"
}
},
{
"techniques": {
"id": "1122",
"name": "testtechniquesName",
"isPrimary": true,
"desc": "testtechniquesName"
}
},
{
"subtechniques": {
"id": "1234",
"name": "testSubtechniquesName",
"desc": "testSubtechniquesDesc"
}
}
],
 "product": {
"name": "Open SSH",
"vendor": "Qualys",
"category": "Policy Compliance",
"version": "3.2"
},
 "exceptionDetail": {
"isFindingToBeIgnored": true
},
 "remediation": {
"remediationStrategy": "False",
"recurringRemediationSchedule": "NO",
"remediationBy": "Rxxxxh xxxn"
},
 "mitigation": {
"mitigationStrategy": "Kindway",
"recurringMitigationSchedule": "Daily",
"mitigationBy": "Ashu Jain"
},
 "findingType": {
"vulnerability": {
"vendorId": "12343",
"cveId": "CVE-2008-5161",
"qvs": 2,
"cweId": [
"123"
],
"cvss": {
"cvss2Base": "0",
"cvss2Temporal": "0",
"cvss3Base": "0",
"cvss3Temporal": "E:U/RL:OF/RC:C",
"vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"
},
"isPatchAvailable": false,
"isQualysPatchable": true,
"isExploitAvailable": true,
"exploitCodeMaturity": "No",
"exploitedByList": [
"yes"
],
"owaspTop10Ids": [
{
 "name": "owaspTop10Idsname",
 "url": "www.test.owaspTop10IdsURL/"
}
],
 "wascIds": [
{
 "name": "wascIdsName",
 "url": "www.cash/wascIdsURL/Test"
}
]
}
},
"attributes": {
"key": "Test"
}
}
]
}
}
]
}

Enhanced APIs to Get the Scanner Assets from the CSAM Application

With this release, the following APIs are enhanced to get the Scanner Assets from the CSAM Application:

Get Host Details of All Assets | Get Host Details of Specific Asset | Get Count of Assets  

Enhanced API - Get Host Details of All Assets

New or Updated API Updated
API Endpoint /rest/2.0/search/am/asset
Method POST
DTD or XSD changes Not Applicable

Before this release, you could get the scanner assets only from the AssetView application.
With this release, we updated this API so that you can also get the scanner assets from the CSAM application.

Sample - Get Host Details of All Scanner AssetsSample - Get Host Details of All Scanner Assets

API Request 

curl --location --request POST  
'<qualys_base_url>/rest/2.0/search/am/asset?=null' \
--header 'Content-Type: application/xml' \
--header 'Authorization: Bearer <JWT_Token>' \
--data '<FilterRequest>
<filters>
<Criteria field="asset.type" operator="EQUALS"><value>SCANNER</value></Criteria>
</filters>
</FilterRequest>'

 

API Response 

{
"responseMessage": "Valid API Access",
"count": 7,
"responseCode": "SUCCESS",
"lastSeenAssetId": 32377802,
"hasMore": 0,
"assetListData": {
"asset": [
{
 "assetId": 16587699,
 "assetUUID": "b516ea66-6921-9451-e053-2a4f2c0a1522",
 "hostId": null,
 "lastModifiedDate": "2024-09-17T05:27:06.000Z",
 "agentId": null,
 "createdDate": "2020-11-27T12:36:55.000Z",
 "sensorLastUpdatedDate": "2024-09-17T05:27:06.000Z",
 "assetType": "SCANNER",
 "address": null,
 "dnsName": null,
 "assetName": "POD04-Scanner",
 "netbiosName": null,
 "timeZone": null,
 "biosDescription": null,
 "lastBoot": null,
 "totalMemory": null,
 "cpuCount": null,
 "lastLoggedOnUser": null,
 "domainRole": null,
 "hwUUID": null,
 "biosSerialNumber": null,
 "biosAssetTag": null,
 "isContainerHost": null,
 "operatingSystem": null,
 "hardware": null,
 "userAccountListData": null,
 "openPortListData": null,
 "volumeListData": null,
 "networkInterfaceListData": null,
 "softwareListData": null,
 "softwareComponent": null,
 "provider": null,
 "cloudProvider": null,
 "agent": null,
 "sensor": null,
 "container": null,
 "inventory": null,
 "activity": null,
 "tagList": {
 "tag": [
 {
 "tagId": 134046247,
 "tagName": "BU-specAG11",
 "foregroundColor": 0,
 "backgroundColor": 0,
 "businessImpact": null,
 "criticalityScore": null
},
{
 "tagId": 142628002,
 "tagName": "testscan1",
 "foregroundColor": 0,
 "backgroundColor": 0,
 "businessImpact": null,
 "criticalityScore": null
},
]
 },
 "serviceList": null,
 "lastLocation": null,
 "criticality": null,
 "businessInformation": null,
 "assignedLocation": null,
 "businessAppListData": null,
 "riskScore": null,
 "passiveSensor": null,
 "domain": null,
 "subdomain": null,
 "missingSoftware": null,
 "whois": null,
 "organizationName": null,
 "isp": null,
 "asn": null,
 "easmTags": null,
 "hostingCategory1": null,
 "customAttributes": null,
 "processor": null
},
]
}
}

Enhanced API - Get Host Details of Specific Asset

New or Updated API Updated
API Endpoint /rest/2.0/get/am/asset
Method GET
DTD or XSD changes Not Applicable

With this release, we have enhanced the host details API to get the details of a specific scanner asset using its assetid.

Sample - Get Host Details of Specific Scanner Asset by AssetIdSample - Get Host Details of Specific Scanner Asset by AssetId

API Request 

curl --location 
'<qualys_base_url>/rest/2.0/get/am/asset?assetId=16587699' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <JWT_Token>'

 

API Response 

 { 
    "responseMessage": "Valid API Access",
    "count": 1,
    "responseCode": "SUCCESS",
    "lastSeenAssetId": null,
    "hasMore": 0,
    "assetListData": {
    "asset": [
    {
    "assetId": 16587699,
    "assetUUID": "b516ea66-6921-9451-e053-2a4f2c0a1522",
    "hostId": null,
    "lastModifiedDate": "2024-09-17T05:27:06.000Z",
    "agentId": null,
    "createdDate": "2020-11-27T12:36:55.000Z",
    "sensorLastUpdatedDate": "2024-09-17T05:27:06.000Z",
    "assetType": "SCANNER",
    "address": null,
    "dnsName": null,
    "assetName": "POD04-Scanner",
    "netbiosName": null,
    "timeZone": null,
    "biosDescription": null,
    "lastBoot": null,
    "totalMemory": null,
    "cpuCount": null,
    "lastLoggedOnUser": null,
    "domainRole": null,
    "hwUUID": null,
    "biosSerialNumber": null,
    "biosAssetTag": null,
    "isContainerHost": null,
    "operatingSystem": null,
    "hardware": null,
    "userAccountListData": null,
    "openPortListData": null,
    "volumeListData": null,
    "networkInterfaceListData": null,
    "softwareListData": null,
    "softwareComponent": null,
    "provider": null,
    "cloudProvider": null,
    "agent": null,
    "sensor": null,
    "container": null,
    "inventory": null,
    "activity": null,
    "tagList": {
    "tag": [
    {
    "tagId": 134046247,
    "tagName": "BU-specAG11",
    "foregroundColor": 0,
    "backgroundColor": 0,
    "businessImpact": null,
    "criticalityScore": null
    },
    {
    "tagId": 142628002,
    "tagName": "testscan1",
    "foregroundColor": 0,
    "backgroundColor": 0,
    "businessImpact": null,
    "criticalityScore": null
    },
    ]
    },
    "serviceList": null,
    "lastLocation": null,
    "criticality": null,
    "businessInformation": null,
    "assignedLocation": null,
    "businessAppListData": null,
    "riskScore": null,
    "passiveSensor": null,
    "domain": null,
    "subdomain": null,
    "missingSoftware": null,
    "whois": null,
    "organizationName": null,
    "isp": null,
    "asn": null,
    "easmTags": null,
    "hostingCategory1": null,
    "customAttributes": null,
    "processor": null
    }
    ]
    }
  }

Enhanced API - Get Count of Assets

New or Updated API Updated
API Endpoint /rest/2.0/count/am/asset
Method POST
DTD or XSD changes Not Applicable

With this release, we have enhanced the get count of assets API to provide the count of scanner assets.

Sample - Get the Count of Scanner AssetsSample - Get the Count of Scanner Assets

API Request 

curl --location 
'<qualys_base_url>/rest/2.0/count/am/asset?=null' \
--header 'Content-Type: application/xml' \
--header 'Authorization: Bearer <JWT_Token>' \
--data '<FilterRequest>
<filters>
<Criteria field="asset.type" operator="EQUALS"><value>SCANNER</value></Criteria>
</filters>
</FilterRequest>'

 

API Response 

{
    "count": 7,
    "responseCode": "SUCCESS",
    "responseMessage": "Valid API Access"
}

Enhanced APIs to Get the List of typosquatted and defamatory Domains

With this release, we enhanced the following APIs: Get List of Unresolved Domains | Get Count of Unresolved Domains

As a result, you can get the list of typosquatted (look-alike) and defamatory domains for the domain and organization seed values configured in the respective EASM profile.

Enhanced API - Get List of Unresolved Domains

New or Updated API Updated
API Endpoint /rest/2.0/am/domain/list
Method POST
DTD or XSD changes Not Applicable

With this release, we enhanced this API so that you can get the list of typosquatted (look alike) and defamatory domains for the domain and organization seed values configured in the respective EASM profile.

Input ParametersInput Parameters

Parameter

Mandatory
/Optional

Data Type

Description

domainType

Mandatory

String

Provide the value TYPOSQUATTED_DOMAINS. If this value is not provided, you get the list of unresolved domains.

 Provide the value only in the capital case.

domainFilterType

Optional

String

If this parameter is not provided by default, the API fetches ALL Typosquatted Domains. Provide any one of the following two values to filter the data:

  • ALL
  • DOMAIN

 Provide the value only in a capital case.

Important to Know

To filter data, the filters that must be used in the API body are:
asset.domain, permutation.name, permutation.category, permutation.types, 
whoIs.creationDate,  whoIs.expirationDate, whoIs.registrantCountry, 
whoIs.registrantOrg, whoIs.registrantEmailId, whoIs.registrar, and tags.name.

Sample - List of Typosquatted Domains (with filter)Sample - List of Typosquatted Domains (with filter)

API Request 

curl --location --request POST 
'<qualys_base_url>/rest/2.0/am/domain/list?domainType=TYPOSQUATTED_DOMAINS' \
--header 'Content-Type: application/xml' \
--header 'Authorization: <JWT Token>
--data '<FilterRequest>
<filters>
<Criteria field="permutation.name" operator="EQUALS"><value>seamanage.com</value></Criteria>
</filters>
</FilterRequest>'

API Response 

{
"responseMessage": "Valid API Access",
"responseCode": "SUCCESS",
"hasMore": 0,
"count": 1,
"lastFetchDomainId": -2143264294,
"domainListData": {
"domains": [
{
"domain": "secmanage.com",
"whoIs": {
"registrar": "TurnCommerce, Inc. DBA NameBright.com",
"registrantOrg": "HugeDomains.com",
"registrantEmailId": "domains@hugedomains.com",
"creationDate": "2020-04-03",
"registrantCountry": "UNITED STATES",
"expirationDate": "2025-04-03"
},
"ips": [],
"permutation": {
"name": "seamanage.com",
"category": "Bitsquatting",
"types": [
"Defamatory"
]
}
}
]
}
}

Sample - List of Typosquatted Domains (without filter)Sample - List of Typosquatted Domains (without filter)

API Request 

curl --location --request POST 
'<qualys_base_url/rest/2.0/am/domain/list?domainType=TYPOSQUATTED_DOMAINS' \
--header 'Authorization: <JWT Token>
--data ''

API Response 

{
"responseMessage": "Valid API Access",
"responseCode": "SUCCESS",
"hasMore": 0,
"count": 1,
"lastFetchDomainId": -2143264294,
"domainListData": {
"domains": [
{
"domain": "secmanage.com",
"whoIs": {
"registrar": "TurnCommerce, Inc. DBA NameBright.com",
"registrantOrg": "HugeDomains.com",
"registrantEmailId": "domains@hugedomains.com",
"creationDate": "2020-04-03",
"registrantCountry": "UNITED STATES",
"expirationDate": "2025-04-03"
},
"ips": [],
"permutation": {
"name": "seamanage.com",
"category": "Bitsquatting",
"types": [
"Defamatory"
]
}
}
]
}
}

Enhanced API - Get Count of Unresolved Domains

New or Updated API Updated
API Endpoint /rest/2.0/am/domain/count
Method POST
DTD or XSD changes Not Applicable

With this release, you can get the count of the typosquatted (look alike) and defamatory domains for the domain and organization seed values configured  in the respective EASM profile.

Input ParametersInput Parameters

Parameter

Mandatory
/Optional

Data Type

Description

domainType

Mandatory

String

Provide the value TYPOSQUATTED_DOMAINS. If this value is not provided, you get the count of unresolved domains.

 Provide the value only in a capital case.

domainFilterType

Optional

String

If this parameter is not provided, you get the count of all Typosquatted Domains. Provide any one of the following two values to filter the data:

  • ALL
  • DOMAIN

Provide the value only in a capital case.

Sample - Get Count of Typosquatted Domains (with filter)Sample - Get Count of Typosquatted Domains (with filter)

API Request 

curl --location 
'<qualys_base_url>/rest/2.0/am/domain/count?domainType=TYPOSQUATTED_DOMAINS' \
--header 'Content-Type: application/xml' \
--header 'Authorization: <JWT Token>
--data '<FilterRequest>
<filters>
<Criteria field="permutation.name" operator="EQUALS"><value>qualgs.com</value></Criteria>
</filters>
</FilterRequest>'

API Response 

{
"count": 1,
"responseCode": "SUCCESS",
"responseMessage": "Valid API Access"
}

Sample- Get Count of Typosquatted Domains (without filter)Sample- Get Count of Typosquatted Domains (without filter)

API Request 

curl --location --request POST 
'<qualys_base_url/rest/2.0/am/domain/count?domainType=TYPOSQUATTED_DOMAINS' \
--header 'Content-Type: application/xml' \
--header 'Authorization: <JWT Token>
--data ''

API Response 

{
"count": 1656, 
Enhanced API - Get List of Vulnerabilities Discovered by EASM Scan

  

    
      
      
    
    
      

        New or Updated API
        Updated
      

      

        API Endpoint
        /rest/2.0/search/am/easm/scan/vulns
      

      

        Method
        POST
      

      

        DTD or XSD changes
        Not Applicable
      

    
  

  

  
With this release, new parameters are added to the Get List of Vulnerabilities discovered by the EASM Scan API that filters the list of vulnerabilities with specific criteria. 

  
Additionally, for all dates, you can provide datetime filter along with date filter in the API. For example, "lastFoundDate": "2024-10-18T12:04:19.000Z".

  
Input ParametersInput Parameters

  

    

      
        
      
      
        

          
            
Parameter

          		
          
            
Mandatory/Optional

          		
          
            
Data Type

             
          		
          
            
Description

          		
        

        

          vulnerabilities.status
          Optional
          String
          Provides the current status of the vulnerability. The input values are ACTIVE, NEW, FIXED, REOPENED. 

          		
        

        

          vulnerabilities.severity
          Optional
          Integer
          Provides the severity value of the vulnerability. The value ranges from 1 to 5. 
        

        

          vulnerabilities.solution
          Optional
          String
          Provides the solution value of the vulnerability. 
        

        

          vulnerabilities.title
          Optional
          String
          Provides the title of the vulnerability.
        

        

          vulnerabilities.rti
          Optional
          String
          Provides the Real-Time Threat Indicator (RTI) value.

            

            The possible values are Easy_Exploit, No_Patch, Exploit_Public, Active_Attacks, High_Lateral_Movement, High_Data_loss, Denial_of_Service, Malware, Predicted_Hig_Risk, Remote-Code_execution.
          		
        

        

          vulnerabilities.patchReleaseDate
          Optional
          Date
          Provides the patch release date of the vulnerability on the format yyyy-mon-ddThh:mm:ss.000Z

            For example, "patchReleaseDate": "2019-02-26T00:00:00.000Z"		
        

        

        

      
    

  

  
Sample - Get List of Vulnerabilities discovered by EASM Scan (without filter)Sample - Get List of Vulnerabilities discovered by EASM Scan (without filter)

  

    
API Request

    
 curl --location --request POST 
'<qualys_base_url>/rest/2.0/search/am/easm/scan/vulns' \ 
--header 'Authorization: Bearer <JWT_Token>' \
--data-raw ''

    
API Response

    
{
"responseMessage": "Valid API Access",
"count": 1,
"responseCode": "SUCCESS",
"lastSeenId": 4664,
"hasMore": 0,
"easmVulnerabilityListData": {
"vulnerabilities": [
{
"id": 4664,
"assetID": 55503403,
"qid": 38170,
"port": 443,
"ssl": true,
"found": true,
"ignored": false,
"disabled": false,
"protocol": "TCP",
"lastFoundDate": "2024-10-18T12:04:19.000Z",
"firstFoundDate": "2024-06-12T13:12:04.000Z",
"lastScanned": "2024-10-18T12:04:19.000Z",
"created": "2024-06-12T13:12:04.000Z",
"updated": "2024-10-18T12:04:19.000Z", 
"patchReleaseDate": "2019-02-26T00:00:00.000Z",
"rti": [
"No_Patch"
],
"solution": "Please install a server certificate whose Subject commonName
 or subjectAltName matches the server FQDN.",
"title": "SSL Certificate - Subject Common Name Does Not Match Server FQDN",
"vulnStatus": "ACTIVE",
"severity": 2
}
]
}


  

  
Important to Know

  
The following are the filters and their corresponding operators supported for this API:

  
    
    
  • vulnerabilities.status: IN, EQUALS, NOT_EQUALS
    • 
    
  • vulnerabilities.severity: EQUALS, LESSER, GREATER, GREATER_THAN_EQUAL, LESS_THAN_EQUAL
    • 
    
  • vulnerabilities.solution: CONTAINS
    • 
    
  • vulnerabilities.title: CONTAINS
    • 
    
  • vulnerabilities.rti: EQUALS, NOT_EQUALS
    • 
  

  
Sample - Get List of Vulnerabilities discovered by EASM Scan (with filter in XML format)Sample - Get List of Vulnerabilities discovered by EASM Scan (with filter in XML format)

  

    
API Request

    
curl --location --request POST '<qualys_base_url>/rest/2.0/search/am/easm/scan/vulns' \
--header 'Authorization: Bearer <JWT_Token>' \
--header 'Content-Type: application/xml' \
--data '<?xml version="1.0" encoding="UTF-8"?>
<FilterRequest>
<filters>
<criteria>
<field>vulnerabilities.severity</field>
<operator>EQUALS</operator>
<value>2</value>
</criteria>
</filters>
</FilterRequest>'

    
API Response

    
{
"responseMessage": "Valid API Access",
"count": 736,
"responseCode": "SUCCESS",
"lastSeenId": 102100,
"hasMore": 0,
"easmVulnerabilityListData": {
"vulnerabilities": [
{
"id": 4662,
"assetID": 55503403,
"qid": 38173,
"port": 443,
"ssl": true,
"found": true,
"ignored": false,
"disabled": false,
"protocol": "TCP",
"lastFoundDate": "2024-10-18T12:04:19.000Z",
"firstFoundDate": "2024-06-12T13:12:04.000Z",
"lastScanned": "2024-10-18T12:04:19.000Z",
"created": "2024-06-12T13:12:04.000Z",
"updated": "2024-10-18T12:04:19.000Z", "patchReleaseDate": "2019-02-26T00:00:00.000Z",
"rti": [
"Easy_Exploit",
"No_Patch"
],
"solution": "Please install a server certificate signed by a trusted third-party Certificate
 Authority.",
"title": "SSL Certificate - Signature Verification Failed Vulnerability",
"vulnStatus": "ACTIVE",
"severity": 2
}
]
}
}


  

  
Sample - Get List of Vulnerabilities discovered by EASM Scan (with filter in JSON format)Sample - Get List of Vulnerabilities discovered by EASM Scan (with filter in JSON format)

  

    
API Request

    
curl --location --request POST 
'<qualys_base_url>/rest/2.0/search/am/easm/scan/vulns' \
--header 'Authorization: Bearer <JWT_Token>' \
--header 'Content-Type: application/json' \
--data '{
"filters": [
{
"field": "vulnerabilities.severity",
"operator": "EQUALS",
"value": "2"
}
]
}'

    
API Response

    
{
"responseMessage": "Valid API Access",
"count": 736,
"responseCode": "SUCCESS",
"lastSeenId": 102100,
"hasMore": 0,
"easmVulnerabilityListData": {
"vulnerabilities": [
{
"id": 4662,
"assetID": 55503403,
"qid": 38173,
"port": 443,
"ssl": true,
"found": true,
"ignored": false,
"disabled": false,
"protocol": "TCP",
"lastFoundDate": "2024-10-18T12:04:19.000Z",
"firstFoundDate": "2024-06-12T13:12:04.000Z",
"lastScanned": "2024-10-18T12:04:19.000Z",
"created": "2024-06-12T13:12:04.000Z",
"updated": "2024-10-18T12:04:19.000Z",
rti": [
"Easy_Exploit",
"No_Patch"
],
"solution": "Please install a server certificate signed by a trusted third-party Certificate Authority.",
"title": "SSL Certificate - Signature Verification Failed Vulnerability",
"vulnStatus": "ACTIVE",
"severity": 2
}
]
}


  

  "responseCode": "SUCCESS",
  "responseMessage": "Valid API Access"
  }

Enhanced API - Get List of Vulnerabilities Discovered by EASM Scan

New or Updated API Updated
API Endpoint /rest/2.0/search/am/easm/scan/vulns
Method POST
DTD or XSD changes Not Applicable

With this release, new parameters are added to the Get List of Vulnerabilities discovered by the EASM Scan API that filters the list of vulnerabilities with specific criteria. 

Additionally, for all dates, you can provide datetime filter along with date filter in the API. For example, "lastFoundDate": "2024-10-18T12:04:19.000Z".

Input ParametersInput Parameters

Parameter

Mandatory/Optional

Data Type

Description
vulnerabilities.status Optional String Provides the current status of the vulnerability. The input values are ACTIVE, NEW, FIXED, REOPENED. 
vulnerabilities.severity Optional Integer Provides the severity value of the vulnerability. The value ranges from 1 to 5. 
vulnerabilities.solution Optional String Provides the solution value of the vulnerability. 
vulnerabilities.title Optional String Provides the title of the vulnerability.
vulnerabilities.rti Optional String Provides the Real-Time Threat Indicator (RTI) value.

The possible values are Easy_Exploit, No_Patch, Exploit_Public, Active_Attacks, High_Lateral_Movement, High_Data_loss, Denial_of_Service, Malware, Predicted_Hig_Risk, Remote-Code_execution.
vulnerabilities.patchReleaseDate Optional Date Provides the patch release date of the vulnerability on the format yyyy-mon-ddThh:mm:ss.000Z
For example, "patchReleaseDate": "2019-02-26T00:00:00.000Z"

Sample - Get List of Vulnerabilities discovered by EASM Scan (without filter)Sample - Get List of Vulnerabilities discovered by EASM Scan (without filter)

API Request

 curl --location --request POST 
'<qualys_base_url>/rest/2.0/search/am/easm/scan/vulns' \ 
--header 'Authorization: Bearer <JWT_Token>' \
--data-raw ''

API Response

{
"responseMessage": "Valid API Access",
"count": 1,
"responseCode": "SUCCESS",
"lastSeenId": 4664,
"hasMore": 0,
"easmVulnerabilityListData": {
"vulnerabilities": [
{
"id": 4664,
"assetID": 55503403,
"qid": 38170,
"port": 443,
"ssl": true,
"found": true,
"ignored": false,
"disabled": false,
"protocol": "TCP",
"lastFoundDate": "2024-10-18T12:04:19.000Z",
"firstFoundDate": "2024-06-12T13:12:04.000Z",
"lastScanned": "2024-10-18T12:04:19.000Z",
"created": "2024-06-12T13:12:04.000Z",
"updated": "2024-10-18T12:04:19.000Z", 
"patchReleaseDate": "2019-02-26T00:00:00.000Z",
"rti": [
"No_Patch"
],
"solution": "Please install a server certificate whose Subject commonName
 or subjectAltName matches the server FQDN.",
"title": "SSL Certificate - Subject Common Name Does Not Match Server FQDN",
"vulnStatus": "ACTIVE",
"severity": 2
}
]
}

Important to Know

The following are the filters and their corresponding operators supported for this API:

  • vulnerabilities.status: IN, EQUALS, NOT_EQUALS
  • vulnerabilities.severity: EQUALS, LESSER, GREATER, GREATER_THAN_EQUAL, LESS_THAN_EQUAL
  • vulnerabilities.solution: CONTAINS
  • vulnerabilities.title: CONTAINS
  • vulnerabilities.rti: EQUALS, NOT_EQUALS

Sample - Get List of Vulnerabilities discovered by EASM Scan (with filter in XML format)Sample - Get List of Vulnerabilities discovered by EASM Scan (with filter in XML format)

API Request

curl --location --request POST '<qualys_base_url>/rest/2.0/search/am/easm/scan/vulns' \
--header 'Authorization: Bearer <JWT_Token>' \
--header 'Content-Type: application/xml' \
--data '<?xml version="1.0" encoding="UTF-8"?>
<FilterRequest>
<filters>
<criteria>
<field>vulnerabilities.severity</field>
<operator>EQUALS</operator>
<value>2</value>
</criteria>
</filters>
</FilterRequest>'

API Response

{
"responseMessage": "Valid API Access",
"count": 736,
"responseCode": "SUCCESS",
"lastSeenId": 102100,
"hasMore": 0,
"easmVulnerabilityListData": {
"vulnerabilities": [
{
"id": 4662,
"assetID": 55503403,
"qid": 38173,
"port": 443,
"ssl": true,
"found": true,
"ignored": false,
"disabled": false,
"protocol": "TCP",
"lastFoundDate": "2024-10-18T12:04:19.000Z",
"firstFoundDate": "2024-06-12T13:12:04.000Z",
"lastScanned": "2024-10-18T12:04:19.000Z",
"created": "2024-06-12T13:12:04.000Z",
"updated": "2024-10-18T12:04:19.000Z", "patchReleaseDate": "2019-02-26T00:00:00.000Z",
"rti": [
"Easy_Exploit",
"No_Patch"
],
"solution": "Please install a server certificate signed by a trusted third-party Certificate
 Authority.",
"title": "SSL Certificate - Signature Verification Failed Vulnerability",
"vulnStatus": "ACTIVE",
"severity": 2
}
]
}
}

Sample - Get List of Vulnerabilities discovered by EASM Scan (with filter in JSON format)Sample - Get List of Vulnerabilities discovered by EASM Scan (with filter in JSON format)

API Request

curl --location --request POST 
'<qualys_base_url>/rest/2.0/search/am/easm/scan/vulns' \
--header 'Authorization: Bearer <JWT_Token>' \
--header 'Content-Type: application/json' \
--data '{
"filters": [
{
"field": "vulnerabilities.severity",
"operator": "EQUALS",
"value": "2"
}
]
}'

API Response

{
"responseMessage": "Valid API Access",
"count": 736,
"responseCode": "SUCCESS",
"lastSeenId": 102100,
"hasMore": 0,
"easmVulnerabilityListData": {
"vulnerabilities": [
{
"id": 4662,
"assetID": 55503403,
"qid": 38173,
"port": 443,
"ssl": true,
"found": true,
"ignored": false,
"disabled": false,
"protocol": "TCP",
"lastFoundDate": "2024-10-18T12:04:19.000Z",
"firstFoundDate": "2024-06-12T13:12:04.000Z",
"lastScanned": "2024-10-18T12:04:19.000Z",
"created": "2024-06-12T13:12:04.000Z",
"updated": "2024-10-18T12:04:19.000Z",
rti": [
"Easy_Exploit",
"No_Patch"
],
"solution": "Please install a server certificate signed by a trusted third-party Certificate Authority.",
"title": "SSL Certificate - Signature Verification Failed Vulnerability",
"vulnStatus": "ACTIVE",
"severity": 2
}
]
}

 

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.