Release 3.5.0 API
September 11, 2024
Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.
What's New?
New API: ioc/asset/searchAfter
| New or Updated API | New |
| API Endpoint | ioc/asset/searchAfter |
| Method | GET |
| DTD or XSD changes | Not Applicable |
Introducing a new API that provides comprehensive asset details without limitations. Filter data by date range for greater flexibility in managing and accessing asset information according to your requirements.
Input ParametersInput Parameters
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|
Authorization |
Mandatory |
String |
Use this token to authenticate with the Qualys Cloud Platform. Prefix the token with "Bearer" followed by a space. For example: Bearer authToken. |
| searchAfterValues |
Mandatory for Follow-up request |
Array |
Enter a value for pagination to start fetching the next set of results. For example: 1722538573707,b2xxx2c4-xxx9-352f-8xx6-axxce3xx37ax Note: This is the value from the searchAfterValue header returned in the previous response. If not provided, the API will return the first page of results. |
| filter |
Optional |
String |
To filter the asset list, create a query using the Qualys syntax. See "How to Search" in the online help to create your query. For example: asset.timestamp: ["2024-07-08T12:01:12.012+0000" .. "2024-08-09T12:01:12.012+0000"] and asset.platform: 'Windows' Assets can be filtered by their timestamps (asset.timestamp) or by their last reported time (asset.lastreported time). When retrieving incidents by date AND time, it is recommended to use the "asset.timestamp" or "asset.lastreportedtime" parameters. |
| pageNumber | Optional | String |
Specify the page number to retrieve in a paginated response; with 0 being the first page. If not provided, the default value is typically the first page. For example: 10 |
| pageSize | Optional | String |
Specify the number of items to return per page in a paginated response. The default is 10. For example, if you choose 50, each page will show up to 50 items. |
| include_attributes | Optional | String |
Provide a comma-separated list of additional attributes to include in search results. Only the included attributes will be fetched in the API response. For example: state |
| exclude_attributes | Optional | String |
Provide a comma-separated list of additional attributes to exclude from search results. For example: lastquarantinetime,asset.platform Note: You do not need to exclude specific attributes if you have included specific attributes using the include_attributes parameter. By default, not-included attributes are excluded. |
Sample - Initial RequestSample - Initial Request
API Request
curl -L -X GET '<qualys_base_url>/ioc/asset/searchAfter' \ -H 'Authorization: Bearer <token>'API Response
[
{
"timeStamp": "2024-01-16T11:40:16.147+0000",
"hostName": "winXXqXX",
"edrActivatedOnDate": "2024-01-16T09:25:14.000+0000",
"edrFunctionalStatus": "Disabled",
"id": "05XXfeXX-4XXb-4XX3-bXXe-XXd4X7fa2aXX",
"operatingSystem": "Windows Microsoft Windows 10 Pro 10.0.1XX44 Build XX044",
"platform": "Windows"
},
....
{
"timeStamp": "2024-04-04T11:49:12.160+0000",
"hostName": "DESKTOP-XX27GIXX",
"isEDREnabled": false,
"edrActivatedOnDate": "2024-04-04T11:49:10.000+0000",
"edrFunctionalStatus": "Disabled",
"id": "36XXbf9d-XX9a-4XX3-a0XX-3dXXe83XXd9X",
"operatingSystem": "Windows Microsoft Windows 10 Pro 10.0.XX393 Build XX393",
"platform": "Windows"
}
]Sample - Follow-up RequestSample - Follow-up Request
API Request
To retrieve the next set of results, you must use the searchAfter value from the previous response header.
curl -L -X GET '<qualys_base_url>/ioc/asset/searchAfter?searchAfterValues=1712231352160,b2xxx2c4-xxx9-352f-8xx6-axxce3xx37ax' \ -H 'Authorization: Bearer <token>'
API Response
[
{
"hostName": "LvitXX00DREPP",
"lastReportedTime": "2024-04-12T06:37:25.434+0000",
"isEDREnabled": true,
"edrFunctionalStatus": "Inactive",
"operatingSystem": "Microsoft Windows Server 2019 Standard 10.0.1XX63 64-bit N/A Build 1XX63 UBR XX46",
"platform": "Windows",
"timeStamp": "2024-04-04T11:49:29.042+0000",
"edrActivatedOnDate": "2024-04-03T10:32:11.000+0000",
"lastLoggedOnUser": "Administrator",
"id": "7XX5832a-XXc4-49XX-XXd5-6dXXa7c2XX43"
},
....
{
"hostName": "EDRAuto-WIXXx86",
"avWorkflow": "UNINSTALLATION",
"lastReportedTime": "2024-05-14T09:17:28.082+0000",
"edrFunctionalStatus": "Inactive",
"productUpdateErrorCode": "-1012",
"downloadPercent": 100.0,
"operatingSystem": "Microsoft Windows 7 Ultimate 6.1.XXXX 32-bit Service Pack 1 Build 7601 UBR 2XX46",
"platform": "Windows",
"isAVUpToDate": false,
"isPendingRestart": false,
"lastLoggedOnUser": "Administrator",
"infections": 0,
"id": XXXXa13fe-a161-XXXX-a2e9-6cXXXX5806XX",
"isEDREnabled": true,
"avStatus": true,
"assetType": "HOST",
"avErrorCode": "ERROR_SUCCESS",
"timeStamp": "2024-05-14T10:08:36.464+0000",
"lastEPPReportedTime": "2024-05-03T06:01:14.859+0000",
"edrActivatedOnDate": "2024-01-10T07:22:09.000+0000"
}
]API Deprecation - Advance Intimation
We are deprecating the following input parameters. These parameters will no longer be supported or accessible after 25 September 2024.
| Parameter | Mandatory/Optional | Description |
| fromDate (String) | Optional |
Show events logged after a specific date. Supports epoch time / unix timestamp. See, https://en.wikipedia.org/wiki/Unix_time. For example - 1483228800 Note: This parameter is used with the "toDate" parameter to fetch events for a specific date. Time value is not considered in this parameter. Use the filter parameter to drill down further by applying the time value. |
| toDate (String) | Optional |
Show events that are logged until a specific date. Supports epoch time / unix timestamp. See, https://en.wikipedia.org/wiki/Unix_time. For example - 1514764799 Note: This parameter is used with the "fromDate" parameter to fetch events for a specific date. Time value is not considered in this parameter. Use the filter parameter to drill down further by applying the time value. |
APIs Affected
| New or Updated API | Existing |
| API Endpoint | GET /ioc/events/searchAfter GET /ioc/incidents/events/searchAfter GET /ioc/incidents/searchAfter |
| Method | GET |
| DTD or XSD changes | Not Applicable |
Impact on Customers
Since these are optional input parameters, customers will have no direct impact. Continuing to pass these parameters after deprecation will not result in an error. However, the API will not return data for a specific date range when using "to date" and "from date"; instead, the API will return all available data.