Home >
Release 3.5.1 API

Release 3.5.1 API

December 05, 2024

Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.

What's New?

New API

New or Updated API	New
API Endpoint	/ioc/remediation-actions/{requestType}/{remediationId}
Method	GET
DTD or XSD changes	Not Applicable

We are introducing a new API that enhances performance by retrieving remediation details directly from Oracle instead of Elasticsearch. This modification guarantees faster and more reliable data access, improving user experience.

Input ParametersInput Parameters

Parameter	Mandatory/Optional	Data Type	Description
Authorization	Mandatory	String	Use this token to authenticate with the Qualys Cloud Platform. Prefix the token with "Bearer" followed by a space. For example: Bearer <authToken>.
remediationId	Mandatory	String	Use this token as the Remediation ID. For example - RTF_5XX96XXe-XX6b-4XX4-90XX-349XXXfcXbcX_10-2023_XX22e6XX-5XXd-XX61-9X6X-c8XX8eXXc26X
requestType	Mandatory	String	Use this token as a request type, either "quarantinedItem" or "activityLog." For example - activityLog

Sample RequestSample Request

API Request

curl -L -X GET '<qualys_base_url>/ioc/remediation-actions/activityLog/RTP_6XXbc7XX-4XX5-4XXa-aXX5-a8XXa6XX03XX_10-2024_fXX08XX0-XX5f-XX01-XX7d-XX8c1XX35dXX' \ -H 'Authorization: Bearer <token>'

API Response

   {
  "action": "Kill Process",
  "eventSource": "EDR",
  "status": "queued",
  "requestTime": "2024-10-07T06:35:49.000+00:00",
  "requestTimestamp": 1728282949490,
  "executionTime": "2024-10-07T06:45:09.000+00:00",
  "remediationEventId": "RTP_6XXbc7XX-4XX5-4XXa-aXX5-a8XXa6XX03XX_-8181879557052405037_14996###RTP_19XX33d4-5bXX-3bXX-bXX7-XX9afXXa1eXX_7-10-2024_7",
  "requestId": "6XX5e3XX-61XX-XXf2-8XXe-cXXfbXX1cXX0",
  "manifestId": "3XX8XX1X-XX6a-42XX-aXX2-a2XX5dXX98XX",
  "uniqueId": "fXX08XX0-XX5f-XX01-XX7d-XX8c1XX35dXX",
  "processPid": 14996,
  "processName": "rundll32.exe",
  "processFullPath": "C:\\Windows\\XYZ\\rundll32.exe",
  "userId": "XXXX",
  "agentId": "6XXbc7XX-4XX5-4XXa-aXX5-a8XXa6XX03XX",
  "hostName": "Win11-XXX-GVXX.truXXX",
  "platform": "WINDOWS",
  "interfaces": [
    {
      "ipAddress": "10.XXX.10.XXX"
    }
  ],
  "comments": "test",
  "statusMessage": "Agent response timed out",
  "allowResponseAction": 0,
  "remediationPayload": "{\"id\":\"RTP_6XXbc7XX-4XX5-4XXa-aXX5-a8XXa6XX03XX_10-2024_fXX08XX0-XX5f-XX01-XX7d-XX8c1XX35dXX\",\"requestTime\":\"Oct 7, 2024, 6:35:49 AM\",\"eventType\":\"PROCESS\",\"eventSource\":\"EDR\",\"action\":\"Kill Process\",\"remediationEventId\":\"RTP_6XXbc7XX-4XX5-4XXa-aXX5-a8XXa6XX03XX_-8181879557052405037_14996###RTP_19XX33d4-5bXX-3bXX-bXX7-XX9afXXa1eXX_7-10-2024_7\",\"status\":\"queued\",\"user\":\"XXXX\",\"userId\":\"XXXX\",\"comments\":\"test\",\"userActivityAssetESEntity\":{\"agentId\":\"6XXbc7XX-4XX5-4XXa-aXX5-a8XXa6XX03XX\",\"hostName\":\"Win11-XXX-GVXX.truXXX\",\"platform\":\"WINDOWS\",\"interfaces\":[{\"address\":\"10.XXX.10.XXX\"}]},\"userActivityProcessESEntity\":{\"pid\":14996,\"processName\":\"rundll32.exe\",\"fullPath\":\"C:\\\\Windows\\\\XYZ\\\\rundll32.exe\"}}",
  "rulesMatchedPayload": {},
  "id": "RTP_6XXbc7XX-4XX5-4XXa-aXX5-a8XXa6XX03XX_10-2024_fXX08XX0-XX5f-XX01-XX7d-XX8c1XX35dXX",
  "type": "PROCESS",
  "user": "XXXX"
}

Support for OAuth 2.0 and OpenID Connect Authentication Standards

With this release, we have upgraded our API security by incorporating OAuth 2.0 and OpenID Connect for authentication and authorization processes.
A standardized authentication and authorization procedure for client access to APIs is now available. Our system now ensures a smooth integration with previously established authentication infrastructures.

Key Updates

Support for OAuth 2.0 and OpenID Connect has been integrated to enhance authentication and authorization measures.
Our implementation is in strict adherence to prevailing industry security standards and best practices.
The platform now accommodates a variety of OAuth 2.0 grant types, including authorization code and client credentials, among others.
Compatibility with current identity providers and authentication systems has been ensured, facilitating a seamless integration experience.

Benefits

The updated process offers significant benefits to users. Firstly, it eliminates the need for users to provide a username and password, as well as the system-generated JWT tokens. This streamlines access by allowing users to use their own tokens, thereby bypassing the hassle associated with usernames, passwords, and system-generated tokens. As a result, users can access the API gateway more efficiently and with greater ease.

Action Required

To activate this feature, contact your Technical Account Manager (TAM) or Qualys Technical Support.

To onboard with SAML for authentication or OAuth/OIDC for authorization and authentication, users need to provide the following specific information and configurations to ensure smooth integration.

Field	Description	Example
IdP Name	The name of the Identity Provider (IdP) being configured. This can either be a custom name chosen by you or a name provided by the customer.	TestNameforIDP Qualys Internal
Entity ID	The unique identifier for the customer’s IdP. Typically, this is a URN or URL that serves as the IdP’s primary identifier during SAML or OAuth/OIDC communications.	https://example.com/idp
Single Sign-On (SSO) URL	The URL where authentication requests will be sent. This is the endpoint where users are redirected to authenticate with the customer's identity provider (IdP).	https://example.com/login
Single Logout (SLO) URL (if applicable)	The URL for handling logout requests. If the customer supports Single Logout, this endpoint will handle session termination at both the IdP and Qualys.	https://example.com/logout
SSO Exit URL (optional)	The URL where users are redirected after successful authentication. This is optional and can be customized based on the customer’s needs.
Certificates	Customers are required to provide their public signing certificates to verify the authenticity of SAML responses or to support OAuth/OIDC flows. The certificates must be in X.509 format (usually as .pem or .cer files). Up to three certificates can be provided. When creating an IDP, up to three certificates can be added. The certificateCustomerId is the Key Identifier (kid) of the IDP certificate. This is only required when creating an IDP for OAuth/OIDC. It is not needed for SAML.