Getting Started with EDR APIs

The Qualys Endpoint Detection and Response (EDR) API user guide is intended for application developers who use the EDR API. EDR is an evolved superset of the IOC application.

EDR expands the capabilities of the Qualys Enterprise TruRisk™  Platform to deliver threat hunting and remediation response. EDR detects suspicious activity, confirms the presence of known and unknown malware, and provides remediation responses for your assets.

We recommend you Join our Community and subscribe to our API Notifications RSS Feeds for announcements and discussions.

Qualys User Account

Authentication with valid Qualys user account credentials is required for making Qualys API requests to the Qualys API servers. These servers are hosted at the Qualys platform, also called the Security Operations Center (SOC), where your account is located. You can contact your Qualys account representative if you need assistance obtaining a Qualys account.

Users with a Qualys user account may access the API functions. When a subscription has multiple users, all users with any user role (except Contract) can use the Qualys API. Each user’s permissions correspond to their assigned user role.

Qualys user accounts enabled with VIP two-factor authentication can be used with the Qualys API; however, two-factor authentication will not be used when making API requests. Two-factor authentication is only supported when logging into the Qualys GUI.