Release 3.3.0.0 API

November 26, 2024 (Updated on December 19, 2024)

Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.

What's New?

New API - Download Reports

New or Updated API	New
API Endpoint	/rest/2.0/am/report/download
Method	GET
DTD or XSD changes	Not Applicable

Before this release, you could download the required report only using the CSAM UI.
With this release, we introduced a new API to download the specified report.

- You can download the reports only with the COMPLETED status.
The report download fails for the reports with the rest of the statuses.
- If you provide the report name that matches a single or multiple existing reports
with the COMPLETED status, the latest report with the COMPLETED status is downloaded.

Input Parameters

Sample - Download Report

API Request

curl --location --request GET
'<qualys_base_url/rest/2.0/am/report/download?reportName=Open Ports_1' \
--header 'accept: */*' \
--header 'Content-Type: application/json' \
--header 'Authorization: <JWT_Token>' \
--data ''

API Response: Provided an Incorrect Report Name

{
"responseMessage": "The report download failed because the report name you provided is not available. 
Provide the correct value and download it.",
"responseCode": "BAD_REQUEST"
}

API Response: Downloading the Report from GAV

{
"responseMessage": "Report API access forbidden 
for Asset Inventory Free Subscription",
"responseCode": "FORBIDDEN"
}

API Response: Provided the Report Name with Statuses Other than COMPLETED

{
"responseMessage": "Current report status is GENERATED.
You can download the report only with the COMPLETED status.",
"responseCode": "BAD_REQUEST"
}

Enhanced APIs - EASM APIs

With this release, we added new optional input parameters to the following APIs:
Create an EASM Profile | Update an EASM Profile Data

Patch an EASM Profile Data | Get the EASM Profile Data

Also, the excludeCDNAssets, defaultPurgeRuleFrequency, excludeDefamatoryDomain, and enableTyposquattedDomainGeneration new fields are added to the Get EASM Profile Data API.

Enhanced API - Create an EASM Profile

New or Updated API	Updated
API Endpoint	/easm/v2/profile
Method	POST
DTD or XSD changes	Not Applicable

With this release, the following new optional input parameters are added to the Create, Update, and Patch an EASM Profile Data APIs. You can provide them as part of the API request payload based on your requirements. See the following Input Parameter Details table:

Input Parameters

The following new input parameters are applicable to the Create, Update, and Patch an EASM Profile Data APIs.

Parameter and Data Type

Description

excludeCDNAssets

(String)

Provide the value as 'true' if you want to view the CDN assets for EASM LighweightScan. Otherwise, provide the value 'false'. The default value is 'true'.

The excludeCDNAssets parameter is supported only if the enableEASMSCAN parameter is set to true.

defaultPurgeRule
Frequency

(Numerical)

Provide the value within the 0-10 range. The default value is 3.

Example: If you provide the value 3, and the asset is not discovered through 3 EASM discoveries, it will be deleted from the CSAM account.

excludeDefamatory
Domain

(String)

Provide the value as 'false' if you want to view the defamatory domains. The default value is 'true'.

The excludeDefamatoryDomain parameter is supported only if the enableTyposquattedDomainGeneration parameter is set to 'true'.

enableTyposquatted
DomainGeneration

(String)

Provide the value as 'true' if you want to generate and view the typosquatted domains for the respective domain and organization seed values. The default value is 'false'.

Sample - Create EASM Profile Data API

API Request

curl --location '<qualys_base_url>/easm/v2/profile' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <JWT_Token>' \
--data '     {
   "name": "newProfile",
   "includeSeeds": [
     {
       "seedType": "DOMAIN",
       "seedValue": "qualyss.com",
       "enumerateSubsidiary": false,
       "horizontalEnumeration": false,
       "seedFilters": [],
       "verticalEnumeration": false,
       "seedFileName": null
              }
            ],
       "excludeSeeds": [],
       "enableIFAScan": false,
       "active": true,
       "enableEASMScan": false,
       "includeVMAssets": false,
       "excludeCDNAssets": true,
       "defaultPurgeRuleFrequency": 3,
       "excludeDefamatoryDomain": true,
       "enableTyposquattedDomainGeneration": false
           }'

Enhanced API - Update an EASM Profile Data

New or Updated API	Updated
API Endpoint	/easm/v2/profile/{profileName}
Method	PUT
DTD or XSD changes	Not Applicable

Refer to the Input Parameters table for detailed information about the newly added input parameters.

Sample - Update EASM Profile Data API

API Request

curl --location --request PUT 
'<qualys_base_url>/easm/v2/profile/newProfile' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <JWT_Token>' \
--data ' {
          "name": "newProfile",
          "includeSeeds": [
            {
              "seedType": "DOMAIN",
              "seedValue": "qualysss.com",
              "enumerateSubsidiary": false,
              "horizontalEnumeration": false,
              "seedFilters": [],
              "verticalEnumeration": false,
              "seedFileName": null
            }
            ],
            "excludeSeeds": [],
            "enableIFAScan": false,
            "active": true,
            "enableEASMScan": false,
            "includeVMAssets": false,
            "excludeCDNAssets": true,
            "defaultPurgeRuleFrequency": 3,
            "excludeDefamatoryDomain": true,
            "enableTyposquattedDomainGeneration": true
        }'

Enhanced API - Patch an EASM Profile Data

New or Updated API	Updated
API Endpoint	/easm/v2/profile/{profileName}
Method	PATCH
DTD or XSD changes	Not Applicable

Refer to the Input Parameters table for detailed information about the newly added input parameters.

Sample - Patch EASM Profile Data API

API Request

curl --location --request PATCH '<qualys_base_url>/easm/v2/profile/11' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <JWT_Token>' \
--data '{
            "name": "11",
            "includeSeeds": [
                {
                    "seedType": "DOMAIN",
                    "seedValue": "qualyss4.com",
                    "seedHeading": null,
                    "enumerateSubsidiary": false,
                    "horizontalEnumeration": false,
                    "seedFilters": [],
                    "verticalEnumeration": false,
                    "seedFileName": null
                }
            ],
            "excludeSeeds": [],
            "enableIFAScan": false,
            "active": false,
            "profileTagName": "11",
            "enableEASMScan": false,
            "includeVMAssets": false,
            "excludeCDNAssets": true,
            "defaultPurgeRuleFrequency": 5,
            "excludeDefamatoryDomain": false,
            "enableTyposquattedDomainGeneration": true
        }'

Enhanced API - Get an EASM Profile Data

New or Updated API	Updated
API Endpoint	/easm/v2/profile
Method	GET
DTD or XSD changes	Not Applicable

With this release, you can learn the following details from the new fields that are added to the response:

excludeCDNAssets: The CDN assets are included in the EASM LighweightScan or not.
defaultPurgeRuleFrequency: The purge rule frequency of the assets. If the assets are not discovered through the EASM discoveries according to the stated count, they are deleted from the CSAM account.
excludeDefamatoryDomain: Whether viewing the defamatory domains is enabled or not.
enableTyposquattedDomainGeneration: Whether generation and viewing of the typosquatted domains for the respective domain and organization seed values is enabled of not.

Sample - Get EASM Profile Data

API Request

curl --location --request GET 
'<qualys_base_url>/easm/v2/profile' \
--header 'Authorization: Bearer <JWT_Token>' \
--data ''

API Response

{
"hasNextPage": false,
"profile": [
{
"name": "qualys123",
"includeSeeds": [
   {
     "seedType": "ORGANIZATION",
     "seedValue": "Qualys, Inc",
     "seedHeading": null,
     "enumerateSubsidiary": true,
     "horizontalEnumeration": true,
     "seedFilters": [],
     "verticalEnumeration": false,
     "seedFileName": null
   },
   {
     "seedType": "DOMAIN",
     "seedValue": "qualys.com",
     "seedHeading": null,
     "enumerateSubsidiary": true,
     "horizontalEnumeration": true,
     "seedFilters": [],
     "verticalEnumeration": true,
     "seedFileName": null
   }
],
"excludeSeeds": [
   {
     "seedType": "COUNTRY",
     "seedValue": "IN"
   }
],
"enableIFAScan": false,
"active": false,
"profileTagName": "qualys123",
"enableEASMScan": false,
"includeVMAssets": false,
"excludeCDNAssets": true,
"defaultPurgeRuleFrequency": 3,
"excludeDefamatoryDomain": false,
"enableTyposquattedDomainGeneration": false
},
{
"name": "MultipleIPS",
"includeSeeds": [
   {
     "seedType": "NETBLOCK",
     "seedValue": "184.27.107.6;104.75.45.207;99.83.253.77",
     "seedHeading": null,
     "enumerateSubsidiary": false,
     "horizontalEnumeration": false,
     "seedFilters": [],
     "verticalEnumeration": false,
     "seedFileName": null
   }
],
"excludeSeeds": [],
"enableIFAScan": false,
"active": true,
"profileTagName": "MultipleIPS",
"enableEASMScan": false,
"includeVMAssets": false,
 "excludeCDNAssets": true,
 "defaultPurgeRuleFrequency": 2,
"excludeDefamatoryDomain": false,
 "enableTyposquattedDomainGeneration": false
}
]
}

Enhanced API - Third Party Assets API with Webhook Findings

New or Updated API	Updated
API Endpoint	/rest/2.0/am/connector/asset/data/sync
Method	POST
DTD or XSD changes	Not Applicable

With this release, you can provide the 'Webhook Findings' information in the sample payload of this API. This section is introduced explicitly for ETM customers. We support the Vulnerability and Misconfiguration categories for the payload.

Using this API with the 'Webhook Findings' information, you get the details, such as Vulnerabilities, QDS, and Risk-Contributing findings. Also, if any misconfiguration finding in the form of EOL EOS Software exists, then Open Port detects it and calculates the Risk Score.

Important to Know!

When the category is VULNERABILITY:
- subCategory must be either Confirmed, Information, or Potential.
- findingStatus must be either New, Active, Fixed, or null.
- severity must be in the range of 1-5.
When the category is MISCONFIGURATION:
- findingStatus must be either PASS, FAIL, or null.
- severity must be in the range of 1-5.

Sample - Import Third-Party Assets to CSAM

API Request

curl --location --request POST 
'<qualys_base_url>/rest/2.0/am/connector/asset/data/sync' \
--header 'Authorization: Bearer <JWT_Token>' \
--header 'Content-Type: application/json' \
--data-raw '<JSON payload>'

Sample JSON for category Misconfiguration (without values)

{
"connectorMetaData": {
 "requestId": "string",
 "assetCount": "integer",
 "source": "string",
 "connectorUuid": "string"
},
"assetData": [
 {
  "identityAttributes": {
  "qualysAssetId": "integer",
  "sourceNativeKey": "string",
  "instanceUuid": "String",
  "instanceUuidSource": "String",
  "hostName": "String",
  "netBiosName": "string",
  "fqdn": "String",
  "macAddress": [
  "string"
  ],
  "ipAddress": [
  "ip address format string"
  ],
  "serialNumber": "String",
  "hardwareUuid": "string"
  },
  "coreAttributes": {
  "lastLoggedOnUser": "String",
  "operatingSystem": "String",
  "hostName": "String",
  "address": "ip address format string",
  "dnsName": "String",
  "biosInfo": {
  "biosDescription": "String",
  "lastBoot": "date",
  "manufacturer": "String",
  "totalMemory": "integer",
  "timeZone": "String",
  "model": "String",
  "serialNumber": "String",
  "biosAssetTag": "String",
  "hardwareUuid": "String"
  },
  "netBiosName": "String",
  "isContainer": "boolean",
  "fqdn": "String",
  "domain": "String",
  "osVersion": "String",
  "osArchitecture": "String",
  "domainRole": "String",
  "processor": {
  "description": "String",
  "speed": "float",
  "numberOfCpu": "integer"
  },
  "ports": [
  {
   "port": "Integer",
   "protocol": "String",
   "detectedService": "String",
   "description": "String",
   "firstFound": "Date",
   "lastUpdated": "Date"
  }
  ],
  "networkInterfaces": [
  {
   "interfaceName": "String",
   "macAddress": "String",
   "address": "ip address format string",
   "gatewayAddress": [
   "ip address format string"
   ],
   "dnsAddress": [
   "ip address format string"
   ],
   "hostName": "String",
   "ipv4Address": [
   "ip address format string"
   ],
   "ipv6Address": [
   "ip address format string"
   ],
   "type": "String",
   "networkUuid": "String in UUID format"
  }
  ],
  "softwares": [
  {
   "name": "String",
   "version": "String",
   "installedDate": "date",
   "lastUpdated": "date",
   "identifier": "String",
   "isSystemApp": "boolean",
   "isEnterpriseApp": "boolean",
   "publisher": "String",
   "language": "String",
   "type": "String",
   "installPath": "String",
   "lastUsedDate": "date",
   "firstFoundDate": "date"
  }
  ],
  "services": [
  {
   "name": "String",
   "description": "String",
   "status": "String"
  }
  ],
  "volumes": [
  {
   "name": "String",
   "size": "Integer",
   "free": "Integer"
  }
  ],
  "accounts": [
  {
   "username": "String"
  }
  ],
  "businessMetaData": {
  "status": "String",
  "environment": "String",
  "company": "String",
  "department": "String",
  "ownedBy": "String",
  "managedBy": "String",
  "supportedBy": "String",
  "supportGroup": "String"
  },
  "assignedLocation": {
  "name": "String",
  "street": "String",
  "city": "String",
  "state": "String",
  "zip": "String",
  "country": "String",
  "latitude": "String",
  "longitude": "String"
  },
  "businessApps": [
  {
   "businessAppId": "String"
  }
  ],
  "containers": [
  {
   "version": "String",
   "numberOfContainers": "Integer",
   "numberOfImages": "Integer",
   "type": "String"
  }
  ],
  "customConnectorAttributes": {
  "key": "value"
  },
  "findings": [
  {
   "id": "String",
   "name": "String",
   "description": "String",
   "riskScore": "Integer",
   "category": "MISCONFIGURATION",
   "subCategory": "String ",
   "vendorName": "String",
   "vendorProductName": "String",
   "externalFindingId": "String",
   "findingURL": "String",
   "severity": "Integer",
   "findingStatus": "String ",
   "detectionResult": "String",
   "impact": "String",
   "solutionRecommendation": "String",
   "detectionRationale": "String",
   "references": [
   "String"
   ],
   "firstFoundOn": "Date",
   "lastFoundOn": "Date",
   "reopenedOn": "Date",
   "lastFixedOn": "Date",
   "port": "Integer",
   "protocol": "String",
   "findingDetectionURL": "String",
   "profileId": "String",
   "mitreAttacks": [
   {
    "tactics": {
    "id": "String",
    "name": "String",
    "isPrimary": "Boolean",
    "desc": "String"
    }
   },
   {
    "techniques": {
    "id": "String",
    "name": "String",
    "isPrimary": "Boolean",
    "desc": "String"
    }
   },
   {
    "subtechniques": {
    "id": "String",
    "name": "String",
    "desc": "String"
    }
   }
   ],
   "product": {
   "name": "String",
   "vendor": "String",
   "category": "String",
   "version": "String"
   },
   "exceptionDetail": {
   "isFindingToBeIgnored": "boolean"
   },
   "remediation": {
   "remediationStrategy": "String",
   "recurringRemediationSchedule": "String",
   "remediationBy": "String"
   },
   "mitigation": {
   "mitigationStrategy": "String",
   "recurringMitigationSchedule": "String",
   "mitigationBy": "String"
   },
   "findingType": {
   "misconfiguration": {
    "policy": {
   "id": "Integer",
   "type": "String",
   "title": "String",
   "techName": "String",
   "control": {
     "id": "Integer",
     "isRansomware": "Boolean",
     "evidenceURL": "String",
     "referenceID": "String",
     "benchmarkTypes": [
     "String"
     ],
     "benchmarkTitle": "String",
     "controlSubCategory": "String"
     },
     "description": "String",
     "policyFindingUrl": "String"
    },
    "rule": {
    "ruleName": "String",
    "ruleDescription": "String"
    }
}
},
"attributes": {
"key": "value"
}
}
]
}
}
]
}

Sample JSON for category Vulnerability (without values)

{
"connectorMetaData": {
"requestId": "string",
"assetCount": "integer",
"source": "string",
"connectorUuid": "string"
},
"assetData": [
{
"identityAttributes": {
 "qualysAssetId": "integer",
 "sourceNativeKey": "string",
 "instanceUuid": "String",
 "instanceUuidSource": "String",
 "hostName": "String",
 "netBiosName": "string",
 "fqdn": "String",
 "macAddress": [
"string"
 ],
 "ipAddress": [
 "ip address format string"
 ],
 "serialNumber": "String",
 "hardwareUuid": "string"
},
"coreAttributes": {
 "lastLoggedOnUser": "String",
 "operatingSystem": "String",
 "hostName": "String",
 "address": "ip address format string",
 "dnsName": "String",
 "biosInfo": {
 "biosDescription": "String",
 "lastBoot": "date",
 "manufacturer": "String",
 "totalMemory": "integer",
 "timeZone": "String",
 "model": "String",
 "serialNumber": "String",
 "biosAssetTag": "String",
 "hardwareUuid": "String"
 },
 "netBiosName": "String",
 "isContainer": "boolean",
 "fqdn": "String",
 "domain": "String",
 "osVersion": "String",
 "osArchitecture": "String",
 "domainRole": "String",
 "processor": {
 "description": "String",
 "speed": "float",
 "numberOfCpu": "integer"
 },
 "ports": [
 {
  "port": "Integer",
  "protocol": "String",
  "detectedService": "String",
  "description": "String",
  "firstFound": "Date",
  "lastUpdated": "Date"
 }
 ],
 "networkInterfaces": [
 {
  "interfaceName": "String",
  "macAddress": "String",
  "address": "ip address format string",
  "gatewayAddress": [
  "ip address format string"
  ],
  "dnsAddress": [
  "ip address format string"
  ],
  "hostName": "String",
  "ipv4Address": [
  "ip address format string"
  ],
  "ipv6Address": [
  "ip address format string"
  ],
  "type": "String",
  "networkUuid": "String in UUID format"
 }
 ],
 "softwares": [
 {
  "name": "String",
  "version": "String",
  "installedDate": "date",
  "lastUpdated": "date",
  "identifier": "String",
  "isSystemApp": "boolean",
  "isEnterpriseApp": "boolean",
  "publisher": "String",
  "language": "String",
  "type": "String",
  "installPath": "String",
  "lastUsedDate": "date",
  "firstFoundDate": "date"
 }
 ],
 "services": [
 {
  "name": "String",
  "description": "String",
  "status": "String"
 }
 ],
 "volumes": [
 {
  "name": "String",
  "size": "Integer",
  "free": "Integer"
 }
 ],
 "accounts": [
 {
  "username": "String"
 }
 ],
 "businessMetaData": {
 "status": "String",
 "environment": "String",
 "company": "String",
 "department": "String",
 "ownedBy": "String",
 "managedBy": "String",
 "supportedBy": "String",
 "supportGroup": "String"
 },
 "assignedLocation": {
 "name": "String",
 "street": "String",
 "city": "String",
 "state": "String",
 "zip": "String",
 "country": "String",
 "latitude": "String",
 "longitude": "String"
 },
 "businessApps": [
 {
  "businessAppId": "String"
 }
 ],
 "containers": [
 {
  "version": "String",
  "numberOfContainers": "Integer",
  "numberOfImages": "Integer",
  "type": "String"
 }
 ],
 "customConnectorAttributes": {
 "key": "value"
 },
 "findings": [
 {
  "id": "String",
  "name": "String",
  "description": "String",
  "riskScore": "Integer",
  "category": " VULNERABILITY ",
  "subCategory": "String",
  "vendorName": "String",
  "vendorProductName": "String",
  "externalFindingId": "String",
  "findingURL": "String",
  "severity": "Integer ",
  "findingStatus": "String ",
  "detectionResult": "String",
  "impact": "String",
  "solutionRecommendation": "String",
  "detectionRationale": "String",
  "references": [
  "String"
  ],
  "firstFoundOn": "Date",
  "lastFoundOn": "Date",
  "reopenedOn": "Date",
  "lastFixedOn": "Date",
  "port": "Integer",
  "protocol": "String",
  "findingDetectionURL": "String",
  "profileId": "String",
  "mitreAttacks": [
  {
  "tactics": {
  "id": "String",
  "name": "String",
  "isPrimary": "Boolean",
  "desc": "String"
  }
  },
  {
  "techniques": {
  "id": "String",
  "name": "String",
  "isPrimary": "Boolean",
  "desc": "String"
  }
  },
  {
  "subtechniques": {
  "id": "String",
  "name": "String",
  "desc": "String"
  }
  }
  ],
  "product": {
  "name": "String",
  "vendor": "String",
  "category": "String",
  "version": "String"
  },
  "exceptionDetail": {
  "isFindingToBeIgnored": "boolean"
  },
  "remediation": {
  "remediationStrategy": "String",
  "recurringRemediationSchedule": "String",
  "remediationBy": "String"
  },
  "mitigation": {
"mitigationStrategy": "String",
"recurringMitigationSchedule": "String",
"mitigationBy": "String"
},
"findingType": {
"vulnerability": {
  "vendorId": "String",
  "cveId": "String",
  "qvs": "Integer",
  "cweId": [
"String"
  ],
  "cvss": {
"cvss2Base": "String",
"cvss2Temporal": "String",
"cvss3Base": "String",
"cvss3Temporal": "String",
"vector": "String"
  },
  "isPatchAvailable": "Boolean",
  "isQualysPatchable": "Boolean",
  "isExploitAvailable": "Boolean",
  "exploitCodeMaturity": "String",
  "exploitedByList": [
"String"
  ],
  "owaspTop10Ids": [
{
"name": "String",
"url": "String"
}
  ],
  "wascIds": [
{
"name": "String",
"url": "String"
}
  ]
}
},
"attributes": {
  "key": "value"
}
}
]
}
}
]
}

Sample JSON for category Misconfiguration (with values)

{
"connectorMetaData": {
"requestId": 111114,
"connectorUuid": "10c3017f-f219-44e9-87e1-9c82f302490e",
"source": "WEBHOOK"
},
"assetData": [
{
"identityAttributes": {
 "qualysAssetId": null,
 "sourceNativeKey": null,
 "instanceUuid": null,
 "instanceUuidSource": null,
 "hostName": null,
 "netBiosName": "FindingTestMisCon",
 "fqdn": null,
 "macAddress": null,
 "ipAddress": [
"101.70.255.250"
 ],
 "serialNumber": null,
 "hardwareUuid": "86712A42-18D8-2A16-D0FC-1E3DABD"
},
"coreAttributes": {
 "lastLoggedOnUser": "Rxxxxxh",
 "operatingSystem": "Windows 7",
 "hostName": null,
 "address": "101.70.255.250",
 "dnsName": "DnsName",
 "biosInfo": {
 "biosDescription": "BioDescriptiontest",
 "lastBoot": null,
 "manufacturer": "Dell_Inc.",
 "totalMemory": "8192",
 "timeZone": "+5:30",
 "model": "Latitude_7490",
 "serialNumber": null,
 "biosAssetTag": "NoAssetTag",
 "hardwareUuid": "86712A42-18D8-2A16-D0FC-1E3DABD"
 },
 "netBiosName": "FindingTestMisCon",
 "isContainer": true,
 "fqdn": null,
 "domain": "com.co.in",
 "osVersion": "7",
 "osArchitecture": "64-Bits",
 "domainRole": "test",
 "processor": {
 "description": "intel",
 "speed": 34.2,
 "numberOfCpu": 1
 },
 "ports": [
 {
 "port": "22",
 "protocol": "TCP",
 "detectedService": "ssh",
 "description": "Test",
 "firstFound": null,
 "lastUpdated": null
 },
 {
 "port": "22",
 "protocol": "UDP",
 "detectedService": "ssh update",
 "description": "Test",
 "firstFound": null,
 "lastUpdated": null
 }
 ],
 "networkInterfaces": [
 {
 "interfaceName": "TestInterfaceName",
 "macAddress": null,
 "address": "101.70.255.250",
 "gatewayAddress": [
 "10.10.10.11"
 ],
 "dnsAddress": [
 "10.10.10.12"
 ],
 "hostName": null,
 "ipv4Address": [
 "101.70.255.250"
 ],
 "ipv6Address": null,
 "type": "PUBLIC",
 "networkUuid": null
 }
 ],
 "softwares": [
 {
 "name": "Python",
 "version": "3",
 "installedDate": 1233321123,
 "lastUpdated": 1233321123,
 "identifier": null,
 "isSystemApp": false,
 "isEnterpriseApp": false,
 "publisher": null,
 "language": null,
 "type": null,
 "installPath": null,
 "lastUsedDate": 1233321123,
 "firstFoundDate": 1233321123
 },
 {
 "name": "docker.io",
 "version": "18.09.1+dfsg1-7.1+deb10u2",
 "installedDate": 1233321123,
 "lastUpdated": 1233321123,
 "identifier": null,
 "isSystemApp": false,
 "isEnterpriseApp": false,
 "publisher": null,
 "language": null,
 "type": null,
 "installPath": null,
 "lastUsedDate": 1233321123,
 "firstFoundDate": 1233321123
 },
 {
 "name": "oracle 12",
 "version": "12.1.0.2.0",
 "installedDate": 1233321123,
 "lastUpdated": 1233321123,
 "identifier": null,
 "isSystemApp": false,
 "isEnterpriseApp": false,
 "publisher": null,
 "language": null,
 "type": null,
 "installPath": null,
 "lastUsedDate": 1233321123,
 "firstFoundDate": 1233321123
 },
 {
 "name": "Apache 2.2",
 "version": "2.2.19",
 "installedDate": 1233321123,
 "lastUpdated": 1233321123,
 "identifier": null,
 "isSystemApp": false,
 "isEnterpriseApp": false,
 "publisher": null,
 "language": null,
 "type": null,
 "installPath": null,
 "lastUsedDate": 1233321123,
 "firstFoundDate": 1233321123
 }
 ],
 "services": [
 {
 "name": "remote test",
 "description": "Test Service is running",
 "status": "Running"
 }
 ],
 "volumes": [
 {
 "name": "C",
 "size": 123,
 "free": 123
 }
 ],
 "accounts": [
 {
 "username": "rijain"
 }
 ],
 "businessMetaData": {
 "status": "Operational",
 "environment": "Production",
 "company": "ACME US",
 "department": "Hostel",
 "ownedBy": "Joey Bolick",
 "managedBy": "Byron Fortuna",
 "supportedBy": "JohnDoe",
 "supportGroup": "testgroup"
 },
 "assignedLocation": {
 "name": "eela",
 "street": "punawale",
 "city": "pune",
 "state": "maharastra",
 "zip": "411033",
 "country": "india",
 "latitude": "18.6298° N",
 "longitude": "73.7997° E"
 },
 "businessApps": [
 {
 "businessAppId": null
 }
 ],
 "containers": [
 {
 "version": "34",
 "numberOfContainers": 1,
 "numberOfImages": 1,
 "type": "Test"
 }
 ],
 "customConnectorAttributes": {
 "TestKey": "testvalue"
 },
 "findings": [
 {
 "id": "123456",
 "name": "SSH Server CBC Mode Ciphers Enabled",
 "description": "SSH Server CBC Mode Ciphers Enabled Description",
 "riskScore": 50,
 "category": "MISCONFIGURATION",
 "subCategory": "EOL/EOS",
 "vendorName": "Qualys",
 "vendorProductName": "IBM",
 "externalFindingId": "123-3445-67",
 "findingURL": "https://miller-hansen.com/",
 "severity": 5,
 "findingStatus": "PASS",
 "detectionMethod": "External",
 "detectionResult": "Severe",
 "impact": "HIGH",
 "solutionRecommendation": "SR test",
 "detectionRationale": "DetectionRation Test",
 "references": [
 "TestURL1",
 "TestURL2"
 ],
 "firstFoundOn": 1725602066000,
 "lastFoundOn": 1725602066000,
 "reopenedOn": 1725602066000,
 "lastFixedOn": 1725602066000,
 "port": 22,
 "protocol": "TCP",
 "findingDetectionURL": "https://miller-hansen.com/testworks",
 "profileId": "123456",
 "mitreAttacks": [
 {
  "tactics": {
  "id": "2312",
  "name": "TestName",
  "isPrimary": true,
  "desc": "testDesc"
  }
 },
 {
  "techniques": {
  "id": "1122",
  "name": "testtechniquesName",
  "isPrimary": true,
  "desc": "testtechniquesName"
  }
 },
 {
  "subtechniques": {
  "id": "1234",
  "name": "testSubtechniquesName",
  "desc": "testSubtechniquesDesc"
  }
 }
 ],
 "product": {
 "name": "Open SSH",
 "vendor": "Qualys",
 "category": "Policy Compliance",
 "version": "3.2"
 },
 "exceptionDetail": {
 "isFindingToBeIgnored": true
 },
 "remediation": {
 "remediationStrategy": "False",
 "recurringRemediationSchedule": "NO",
 "remediationBy": "Rxxxabh xxxn"
 },
 "mitigation": {
 "mitigationStrategy": "Kindway",
 "recurringMitigationSchedule": "Daily",
 "mitigationBy": "Ashu Jain"
 },
 "findingType": {
 "misconfiguration": {
  "policy": {
  "id": 1231,
  "type": "MISSING REQUIRED SOFTWARE",
  "title": "MISSING REQUIRED SOFTWARE",
  "techName": "MRS",
  "control": {
  "id": "1212",
  "isRansomware": true,
  "evidenceURL": "www.testurl.com/",
  "referenceID": "121",
  "benchmarkTypes": [
  "Yes"
  ],
  "benchmarkTitle": "This is for testing purpose",
  "controlSubCategory": "No"
},
"description": "Description for testing",
"policyFindingUrl": "www.asset12311.com/"
  },
  "rule": {
"ruleName": "Missing required software test",
"ruleDescription": "MRS test for software"
  }
}
},
"attributes": {
"key": "Test"
}
}
 ]
}
}
]
}

Sample JSON for category Vulnerability (with values)

{
"connectorMetaData": {
"requestId": "123445677",
"assetCount": 1,
"source": "WEBHOOK",
"connectorUuid": "da4b8361-2327-4bf1-af7d-2ce775bc9882"
},
"assetData": [
    {
     "identityAttributes": {
     "qualysAssetId": null,
     "sourceNativeKey": null,
     "instanceUuid": null,
     "instanceUuidSource": null,
     "hostName": null,
     "netBiosName": "AssetNameTest",
     "fqdn": null,
     "macAddress": null,
     "ipAddress": [
     "100.63.255.250"
      ],
       "serialNumber": null,
       "hardwareUuid": "86712A42-18D8-2A16-D0FC-1E3DABD"
       },
     "coreAttributes": {
     "lastLoggedOnUser": "Rxxxxh",
     "operatingSystem": "Windows 7",
     "hostName": null,
     "address": "100.63.255.250",
     "dnsName": "DnsName",
     "biosInfo": {
        "biosDescription": "BioDescriptiontest",
        "lastBoot": null,
        "manufacturer": "Dell_Inc.",
        "totalMemory": "8192",
        "timeZone": "+5:30",
        "model": "Latitude_7490",
        "serialNumber": null,
        "biosAssetTag": "NoAssetTag",
        "hardwareUuid": "86712A42-18D8-2A16-D0FC-1E3DABD"
        },
        "netBiosName": "AssetNameTest",
        "isContainer": true,
        "fqdn": null,
        "domain": "com.co.in",
        "osVersion": "7",
        "osArchitecture": "64-Bits",
        "domainRole": "test",
        "processor": {
            "description": "intel",
            "speed": 34.2,
            "numberOfCpu": 1
            },
        "ports": [
           {
        "port": "22",
        "protocol": "TCP",
        "detectedService": "ssh",
        "description": "Test",
"firstFound": null,
"lastUpdated": null
  {
   "port": "22",
   "protocol": "UDP",
   "detectedService": "ssh update",
   "description": "Test",
   "firstFound": null,
   "lastUpdated": null
  }
],
"networkInterfaces": [
  {
   "interfaceName": "TestInterfaceName",
   "macAddress": null,
   "address": "100.63.255.250",
   "gatewayAddress": [
   "10.10.10.11"
  ],
"dnsAddress": [
"10.10.10.12"
],
"hostName": null,
"ipv4Address": [
"100.63.255.250"
],
"ipv6Address": null,
"type": "PUBLIC",
"networkUuid": null
}
],
"softwares": [
{
"name": "Python",
"version": "3",
 "installedDate": 1233321123,
 "lastUpdated": 1233321123,
 "identifier": null,
 "isSystemApp": false,
 "isEnterpriseApp": false,
 "publisher": null,
 "language": null,
 "type": null,
 "installPath": null,
 "lastUsedDate": 1233321123,
 "firstFoundDate": 1233321123
 },
 {
 "name": "docker.io",
 "version": "18.09.1+dfsg1-7.1+deb10u2",
 "installedDate": 1233321123,
 "lastUpdated": 1233321123,
 "identifier": null,
 "isSystemApp": false,
 "isEnterpriseApp": false,
 "publisher": null,
 "language": null,
 "type": null,
 "installPath": null,
 "lastUsedDate": 1233321123,
 "firstFoundDate": 1233321123
 }, {
 "name": "oracle 12",
 "version": "12.1.0.2.0",
 "installedDate": 1233321123,
 "lastUpdated": 1233321123,
 "identifier": null,
 "isSystemApp": false,
 "isEnterpriseApp": false,
 "publisher": null,
 "language": null,
 "type": null,
 "installPath": null,
 "lastUsedDate": 1233321123,
 "firstFoundDate": 1233321123
 },
 {
 "name": "Apache 2.2",
 "version": "2.2.19",
 "installedDate": 1233321123,
 "lastUpdated": 1233321123,
 "identifier": null,
 "isSystemApp": false,
 "isEnterpriseApp": false,
 "publisher": null,
 "language": null,
 "type": null,
 "installPath": null,
 "lastUsedDate": 1233321123,
 "firstFoundDate": 1233321123
 }
],
"services": [
 {
 "name": "remote test",
 "description": "Test Service is running",
 "status": "Running"
 }
],
"volumes": [
 {
 "name": "C",
 "size": 123,
 "free": 123
 }
],
"accounts": [
 {
 "username": "rijain"
 }
],
"businessMetaData": {
"status": "Operational",
"environment": "Production",
"company": "ACME US",
"department": "Hostel",
"ownedBy": "Joey Bolick",
"managedBy": "Byron Fortuna",
"supportedBy": "JohnDoe",
"supportGroup": "testgroup"
},
"assignedLocation": {
"name": "eela",
"street": "punawale",
"city": "pune",
"state": "maharastra",
"zip": "411033",
"country": "india",
"latitude": "18.6298° N",
"longitude": "73.7997° E"
},
 "businessApps": [
 {
 "businessAppId": null
 }
],
"containers": [
 {
 "version": "34",
 "numberOfContainers": 1,
 "numberOfImages": 1,
 "type": "Test"
 }
],
"customConnectorAttributes": {
"TestKey": "testvalue"
},
"findings": [
 {
 "id": "123456",
 "name": "SSH Server CBC Mode Ciphers Enabled",
 "description": "SSH Server CBC Mode Ciphers Enabled Description",
 "riskScore": 50,
 "category": "VULNERABILITY",
 "subCategory": "Confirmed",
 "vendorName": "Qualys",
 "vendorProductName": "IBM",
 "externalFindingId": "123-3445-67",
 "findingURL": "https://miller-hansen.com/",
 "severity": 2,
 "findingStatus": "ACTIVE",
 "detectionMethod": "External",
 "detectionResult": "Severe",
 "impact": "HIGH",
 "solutionRecommendation": "SR test",
 "detectionRationale": "DetectionRation Test",
 "references": [
 "TestURL1",
 "TestURL2"
],
 "firstFoundOn": 1725602066000,
 "lastFoundOn": 1725602066000,
 "reopenedOn": 1725602066000,
 "lastFixedOn": 1725602066000,
 "port": 22,
 "protocol": "TCP",
 "findingDetectionURL": "https://miller-hansen.com/testworks",
 "profileId": "123456",
 "mitreAttacks": [
{
"tactics": {
"id": "2312",
"name": "TestName",
"isPrimary": true,
"desc": "testDesc"
}
},
{
"techniques": {
"id": "1122",
"name": "testtechniquesName",
"isPrimary": true,
"desc": "testtechniquesName"
}
},
{
"subtechniques": {
"id": "1234",
"name": "testSubtechniquesName",
"desc": "testSubtechniquesDesc"
}
}
],
 "product": {
"name": "Open SSH",
"vendor": "Qualys",
"category": "Policy Compliance",
"version": "3.2"
},
 "exceptionDetail": {
"isFindingToBeIgnored": true
},
 "remediation": {
"remediationStrategy": "False",
"recurringRemediationSchedule": "NO",
"remediationBy": "Rxxxxh xxxn"
},
 "mitigation": {
"mitigationStrategy": "Kindway",
"recurringMitigationSchedule": "Daily",
"mitigationBy": "Ashu Jain"
},
 "findingType": {
"vulnerability": {
"vendorId": "12343",
"cveId": "CVE-2008-5161",
"qvs": 2,
"cweId": [
"123"
],
"cvss": {
"cvss2Base": "0",
"cvss2Temporal": "0",
"cvss3Base": "0",
"cvss3Temporal": "E:U/RL:OF/RC:C",
"vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"
},
"isPatchAvailable": false,
"isQualysPatchable": true,
"isExploitAvailable": true,
"exploitCodeMaturity": "No",
"exploitedByList": [
"yes"
],
"owaspTop10Ids": [
{
 "name": "owaspTop10Idsname",
 "url": "www.test.owaspTop10IdsURL/"
}
],
 "wascIds": [
{
 "name": "wascIdsName",
 "url": "www.cash/wascIdsURL/Test"
}
]
}
},
"attributes": {
"key": "Test"
}
}
]
}
}
]
}

Enhanced APIs to Get the Scanner Assets from the CSAM Application

With this release, the following APIs are enhanced to get the Scanner Assets from the CSAM Application:

Get Host Details of All Assets | Get Host Details of Specific Asset | Get Count of Assets

Enhanced API - Get Host Details of All Assets

New or Updated API	Updated
API Endpoint	/rest/2.0/search/am/asset
Method	POST
DTD or XSD changes	Not Applicable

Before this release, you could get the scanner assets only from the AssetView application.
With this release, we updated this API so that you can also get the scanner assets from the CSAM application.

Sample - Get Host Details of All Scanner Assets

API Request

curl --location --request POST  
'<qualys_base_url>/rest/2.0/search/am/asset?=null' \
--header 'Content-Type: application/xml' \
--header 'Authorization: Bearer <JWT_Token>' \
--data '<FilterRequest>
<filters>
<Criteria field="asset.type" operator="EQUALS"><value>SCANNER</value></Criteria>
</filters>
</FilterRequest>'

API Response

{
"responseMessage": "Valid API Access",
"count": 7,
"responseCode": "SUCCESS",
"lastSeenAssetId": 32377802,
"hasMore": 0,
"assetListData": {
"asset": [
{
 "assetId": 16587699,
 "assetUUID": "b516ea66-6921-9451-e053-2a4f2c0a1522",
 "hostId": null,
 "lastModifiedDate": "2024-09-17T05:27:06.000Z",
 "agentId": null,
 "createdDate": "2020-11-27T12:36:55.000Z",
 "sensorLastUpdatedDate": "2024-09-17T05:27:06.000Z",
 "assetType": "SCANNER",
 "address": null,
 "dnsName": null,
 "assetName": "POD04-Scanner",
 "netbiosName": null,
 "timeZone": null,
 "biosDescription": null,
 "lastBoot": null,
 "totalMemory": null,
 "cpuCount": null,
 "lastLoggedOnUser": null,
 "domainRole": null,
 "hwUUID": null,
 "biosSerialNumber": null,
 "biosAssetTag": null,
 "isContainerHost": null,
 "operatingSystem": null,
 "hardware": null,
 "userAccountListData": null,
 "openPortListData": null,
 "volumeListData": null,
 "networkInterfaceListData": null,
 "softwareListData": null,
 "softwareComponent": null,
 "provider": null,
 "cloudProvider": null,
 "agent": null,
 "sensor": null,
 "container": null,
 "inventory": null,
 "activity": null,
 "tagList": {
 "tag": [
 {
 "tagId": 134046247,
 "tagName": "BU-specAG11",
 "foregroundColor": 0,
 "backgroundColor": 0,
 "businessImpact": null,
 "criticalityScore": null
},
{
 "tagId": 142628002,
 "tagName": "testscan1",
 "foregroundColor": 0,
 "backgroundColor": 0,
 "businessImpact": null,
 "criticalityScore": null
},
]
 },
 "serviceList": null,
 "lastLocation": null,
 "criticality": null,
 "businessInformation": null,
 "assignedLocation": null,
 "businessAppListData": null,
 "riskScore": null,
 "passiveSensor": null,
 "domain": null,
 "subdomain": null,
 "missingSoftware": null,
 "whois": null,
 "organizationName": null,
 "isp": null,
 "asn": null,
 "easmTags": null,
 "hostingCategory1": null,
 "customAttributes": null,
 "processor": null
},
]
}
}

Enhanced API - Get Host Details of Specific Asset

New or Updated API	Updated
API Endpoint	/rest/2.0/get/am/asset
Method	GET
DTD or XSD changes	Not Applicable

With this release, we have enhanced the host details API to get the details of a specific scanner asset using its assetid.

Sample - Get Host Details of Specific Scanner Asset by AssetId

API Request

curl --location 
'<qualys_base_url>/rest/2.0/get/am/asset?assetId=16587699' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <JWT_Token>'

API Response

 { 
    "responseMessage": "Valid API Access",
    "count": 1,
    "responseCode": "SUCCESS",
    "lastSeenAssetId": null,
    "hasMore": 0,
    "assetListData": {
    "asset": [
    {
    "assetId": 16587699,
    "assetUUID": "b516ea66-6921-9451-e053-2a4f2c0a1522",
    "hostId": null,
    "lastModifiedDate": "2024-09-17T05:27:06.000Z",
    "agentId": null,
    "createdDate": "2020-11-27T12:36:55.000Z",
    "sensorLastUpdatedDate": "2024-09-17T05:27:06.000Z",
    "assetType": "SCANNER",
    "address": null,
    "dnsName": null,
    "assetName": "POD04-Scanner",
    "netbiosName": null,
    "timeZone": null,
    "biosDescription": null,
    "lastBoot": null,
    "totalMemory": null,
    "cpuCount": null,
    "lastLoggedOnUser": null,
    "domainRole": null,
    "hwUUID": null,
    "biosSerialNumber": null,
    "biosAssetTag": null,
    "isContainerHost": null,
    "operatingSystem": null,
    "hardware": null,
    "userAccountListData": null,
    "openPortListData": null,
    "volumeListData": null,
    "networkInterfaceListData": null,
    "softwareListData": null,
    "softwareComponent": null,
    "provider": null,
    "cloudProvider": null,
    "agent": null,
    "sensor": null,
    "container": null,
    "inventory": null,
    "activity": null,
    "tagList": {
    "tag": [
    {
    "tagId": 134046247,
    "tagName": "BU-specAG11",
    "foregroundColor": 0,
    "backgroundColor": 0,
    "businessImpact": null,
    "criticalityScore": null
    },
    {
    "tagId": 142628002,
    "tagName": "testscan1",
    "foregroundColor": 0,
    "backgroundColor": 0,
    "businessImpact": null,
    "criticalityScore": null
    },
    ]
    },
    "serviceList": null,
    "lastLocation": null,
    "criticality": null,
    "businessInformation": null,
    "assignedLocation": null,
    "businessAppListData": null,
    "riskScore": null,
    "passiveSensor": null,
    "domain": null,
    "subdomain": null,
    "missingSoftware": null,
    "whois": null,
    "organizationName": null,
    "isp": null,
    "asn": null,
    "easmTags": null,
    "hostingCategory1": null,
    "customAttributes": null,
    "processor": null
    }
    ]
    }
  }

Enhanced API - Get Count of Assets

New or Updated API	Updated
API Endpoint	/rest/2.0/count/am/asset
Method	POST
DTD or XSD changes	Not Applicable

With this release, we have enhanced the get count of assets API to provide the count of scanner assets.

Sample - Get the Count of Scanner Assets

API Request

curl --location 
'<qualys_base_url>/rest/2.0/count/am/asset?=null' \
--header 'Content-Type: application/xml' \
--header 'Authorization: Bearer <JWT_Token>' \
--data '<FilterRequest>
<filters>
<Criteria field="asset.type" operator="EQUALS"><value>SCANNER</value></Criteria>
</filters>
</FilterRequest>'

API Response

{
    "count": 7,
    "responseCode": "SUCCESS",
    "responseMessage": "Valid API Access"
}

Enhanced APIs to Get the List of typosquatted and defamatory Domains

With this release, we enhanced the following APIs: Get List of Unresolved Domains | Get Count of Unresolved Domains

As a result, you can get the list of typosquatted (look-alike) and defamatory domains for the domain and organization seed values configured in the respective EASM profile.

Enhanced API - Get List of Unresolved Domains

New or Updated API	Updated
API Endpoint	/rest/2.0/am/domain/list
Method	POST
DTD or XSD changes	Not Applicable

With this release, we enhanced this API so that you can get the list of typosquatted (look alike) and defamatory domains for the domain and organization seed values configured in the respective EASM profile.

Input Parameters

Important to Know

To filter data, the filters that must be used in the API body are:
asset.domain, permutation.name, permutation.category, permutation.types,
whoIs.creationDate, whoIs.expirationDate, whoIs.registrantCountry,
whoIs.registrantOrg, whoIs.registrantEmailId, whoIs.registrar, and tags.name.

Sample - List of Typosquatted Domains (with filter)

API Request

curl --location --request POST 
'<qualys_base_url>/rest/2.0/am/domain/list?domainType=TYPOSQUATTED_DOMAINS' \
--header 'Content-Type: application/xml' \
--header 'Authorization: <JWT Token>
--data '<FilterRequest>
<filters>
<Criteria field="permutation.name" operator="EQUALS"><value>seamanage.com</value></Criteria>
</filters>
</FilterRequest>'

API Response

{
"responseMessage": "Valid API Access",
"responseCode": "SUCCESS",
"hasMore": 0,
"count": 1,
"lastFetchDomainId": -2143264294,
"domainListData": {
"domains": [
{
"domain": "secmanage.com",
"whoIs": {
"registrar": "TurnCommerce, Inc. DBA NameBright.com",
"registrantOrg": "HugeDomains.com",
"registrantEmailId": "domains@hugedomains.com",
"creationDate": "2020-04-03",
"registrantCountry": "UNITED STATES",
"expirationDate": "2025-04-03"
},
"ips": [],
"permutation": {
"name": "seamanage.com",
"category": "Bitsquatting",
"types": [
"Defamatory"
]
}
}
]
}
}

Sample - List of Typosquatted Domains (without filter)

API Request

curl --location --request POST 
'<qualys_base_url/rest/2.0/am/domain/list?domainType=TYPOSQUATTED_DOMAINS' \
--header 'Authorization: <JWT Token>
--data ''

API Response

{
"responseMessage": "Valid API Access",
"responseCode": "SUCCESS",
"hasMore": 0,
"count": 1,
"lastFetchDomainId": -2143264294,
"domainListData": {
"domains": [
{
"domain": "secmanage.com",
"whoIs": {
"registrar": "TurnCommerce, Inc. DBA NameBright.com",
"registrantOrg": "HugeDomains.com",
"registrantEmailId": "domains@hugedomains.com",
"creationDate": "2020-04-03",
"registrantCountry": "UNITED STATES",
"expirationDate": "2025-04-03"
},
"ips": [],
"permutation": {
"name": "seamanage.com",
"category": "Bitsquatting",
"types": [
"Defamatory"
]
}
}
]
}
}

Enhanced API - Get Count of Unresolved Domains

New or Updated API	Updated
API Endpoint	/rest/2.0/am/domain/count
Method	POST
DTD or XSD changes	Not Applicable

With this release, you can get the count of the typosquatted (look alike) and defamatory domains for the domain and organization seed values configured in the respective EASM profile.

Input Parameters

Sample - Get Count of Typosquatted Domains (with filter)

API Request

curl --location 
'<qualys_base_url>/rest/2.0/am/domain/count?domainType=TYPOSQUATTED_DOMAINS' \
--header 'Content-Type: application/xml' \
--header 'Authorization: <JWT Token>
--data '<FilterRequest>
<filters>
<Criteria field="permutation.name" operator="EQUALS"><value>qualgs.com</value></Criteria>
</filters>
</FilterRequest>'

API Response

{
"count": 1,
"responseCode": "SUCCESS",
"responseMessage": "Valid API Access"
}

Sample - Get Count of Typosquatted Domains (without filter)

API Request

curl --location --request POST 
'<qualys_base_url/rest/2.0/am/domain/count?domainType=TYPOSQUATTED_DOMAINS' \
--header 'Content-Type: application/xml' \
--header 'Authorization: <JWT Token>
--data ''

API Response

{
    "count": 1656,
    "responseCode": "SUCCESS",
    "responseMessage": "Valid API Access"
}

Enhanced API - Get List of Vulnerabilities Discovered by EASM Scan

New or Updated API	Updated
API Endpoint	/rest/2.0/search/am/easm/scan/vulns
Method	POST
DTD or XSD changes	Not Applicable

With this release, new parameters are added to the Get List of Vulnerabilities discovered by the EASM Scan API that filters the list of vulnerabilities with specific criteria.

Additionally, for all dates, you can provide datetime filter along with date filter in the API. For example, "lastFoundDate": "2024-10-18T12:04:19.000Z".

Input Parameters

Parameter	Mandatory/ Optional	Data Type	Description
vulnerabilities.status	Optional	String	Provides the current status of the vulnerability. The input values are ACTIVE, NEW, FIXED, REOPENED.
vulnerabilities.severity	Optional	Integer	Provides the severity value of the vulnerability. The value ranges from 1 to 5.
vulnerabilities.solution	Optional	String	Provides the solution value of the vulnerability.
vulnerabilities.title	Optional	String	Provides the title of the vulnerability.
vulnerabilities.rti	Optional	String	Provides the Real-Time Threat Indicator (RTI) value. The possible values are Easy_Exploit, No_Patch, Exploit_Public, Active_Attacks, High_Lateral_Movement, High_Data_loss, Denial_of_Service, Malware, Predicted_Hig_Risk, Remote-Code_execution.
vulnerabilities.patchReleaseDate	Optional	Date	Provides the patch release date of the vulnerability on the format `yyyy-mon-ddThh:mm:ss.000Z` For example, "patchReleaseDate": "2019-02-26T00:00:00.000Z"

Sample - Get List of Vulnerabilities discovered by EASM Scan (without filter)

API Request

 curl --location --request POST 
'<qualys_base_url>/rest/2.0/search/am/easm/scan/vulns' \ 
--header 'Authorization: Bearer <JWT_Token>' \
--data-raw ''

API Response

{
"responseMessage": "Valid API Access",
"count": 1,
"responseCode": "SUCCESS",
"lastSeenId": 4664,
"hasMore": 0,
"easmVulnerabilityListData": {
"vulnerabilities": [
{
"id": 4664,
"assetID": 55503403,
"qid": 38170,
"port": 443,
"ssl": true,
"found": true,
"ignored": false,
"disabled": false,
"protocol": "TCP",
"lastFoundDate": "2024-10-18T12:04:19.000Z",
"firstFoundDate": "2024-06-12T13:12:04.000Z",
"lastScanned": "2024-10-18T12:04:19.000Z",
"created": "2024-06-12T13:12:04.000Z",
"updated": "2024-10-18T12:04:19.000Z", 
"patchReleaseDate": "2019-02-26T00:00:00.000Z",
"rti": [
"No_Patch"
],
"solution": "Please install a server certificate whose Subject commonName
 or subjectAltName matches the server FQDN.",
"title": "SSL Certificate - Subject Common Name Does Not Match Server FQDN",
"vulnStatus": "ACTIVE",
"severity": 2
}
]
}

Important to Know

The following are the filters and their corresponding operators supported for this API:

vulnerabilities.status: IN, EQUALS, NOT_EQUALS
vulnerabilities.severity: EQUALS, LESSER, GREATER, GREATER_THAN_EQUAL, LESS_THAN_EQUAL
vulnerabilities.solution: CONTAINS
vulnerabilities.title: CONTAINS
vulnerabilities.rti: EQUALS, NOT_EQUALS

Sample - Get List of Vulnerabilities discovered by EASM Scan (with filter in XML format)

API Request

curl --location --request POST 
'<qualys_base_url>/rest/2.0/search/am/easm/scan/vulns' \
--header 'Authorization: Bearer <JWT_Token>' \
--header 'Content-Type: application/xml' \
--data '<?xml version="1.0" encoding="UTF-8"?>
<FilterRequest>
<filters>
<criteria>
<field>vulnerabilities.severity</field>
<operator>EQUALS</operator>
<value>2</value>
</criteria>
</filters>
</FilterRequest>'

API Response

{
"responseMessage": "Valid API Access",
"count": 736,
"responseCode": "SUCCESS",
"lastSeenId": 102100,
"hasMore": 0,
"easmVulnerabilityListData": {
"vulnerabilities": [
{
"id": 4662,
"assetID": 55503403,
"qid": 38173,
"port": 443,
"ssl": true,
"found": true,
"ignored": false,
"disabled": false,
"protocol": "TCP",
"lastFoundDate": "2024-10-18T12:04:19.000Z",
"firstFoundDate": "2024-06-12T13:12:04.000Z",
"lastScanned": "2024-10-18T12:04:19.000Z",
"created": "2024-06-12T13:12:04.000Z",
"updated": "2024-10-18T12:04:19.000Z", "patchReleaseDate": "2019-02-26T00:00:00.000Z",
"rti": [
"Easy_Exploit",
"No_Patch"
],
"solution": "Please install a server certificate signed by a trusted third-party Certificate
 Authority.",
"title": "SSL Certificate - Signature Verification Failed Vulnerability",
"vulnStatus": "ACTIVE",
"severity": 2
}
]
}
}

Sample - Get List of Vulnerabilities discovered by EASM Scan (with filter in JSON format)

API Request

curl --location --request POST 
'<qualys_base_url>/rest/2.0/search/am/easm/scan/vulns' \
--header 'Authorization: Bearer <JWT_Token>' \
--header 'Content-Type: application/json' \
--data '{
"filters": [
{
"field": "vulnerabilities.severity",
"operator": "EQUALS",
"value": "2"
}
]
}'

API Response

{
"responseMessage": "Valid API Access",
"count": 736,
"responseCode": "SUCCESS",
"lastSeenId": 102100,
"hasMore": 0,
"easmVulnerabilityListData": {
"vulnerabilities": [
{
"id": 4662,
"assetID": 55503403,
"qid": 38173,
"port": 443,
"ssl": true,
"found": true,
"ignored": false,
"disabled": false,
"protocol": "TCP",
"lastFoundDate": "2024-10-18T12:04:19.000Z",
"firstFoundDate": "2024-06-12T13:12:04.000Z",
"lastScanned": "2024-10-18T12:04:19.000Z",
"created": "2024-06-12T13:12:04.000Z",
"updated": "2024-10-18T12:04:19.000Z",
rti": [
"Easy_Exploit",
"No_Patch"
],
"solution": "Please install a server certificate signed by a trusted third-party Certificate Authority.",
"title": "SSL Certificate - Signature Verification Failed Vulnerability",
"vulnStatus": "ACTIVE",
"severity": 2
}
]
}

Parameter	Mandatory/Optional	Data Type	Description
reportName	Mandatory	String	Provide the name of the report that you want to download.