Release 3.6.0 API
November 29, 2024 (Updated January 08, 2025)
Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.
What's New?
This release introduces a new API that allows you to retrieve EDR alerts at any time.
New API: Asset Alert API
| New or Updated API | New |
| API Endpoint | edr-async-data/asset/v1/alert/trigger |
| Method | POST |
| DTD or XSD changes | Not Applicable |
This API is used to retrieve EDR alerts at any time. Upon executing the API, an alert is sent to the email addresses configured in the Alerts section of your EDR subscription.
Input ParametersInput Parameters
This API does not require any input parameters.
Sample: Retrieve EDR AlertsSample: Retrieve EDR Alerts
API Request
curl -X 'POST' \
'https://kubeingress.<qualys_base_url>.qualys.com/edr-async-data/asset/v1/alert/trigger' \
-H 'accept: /' \
-d ''Response
{ "result": "triggered alert job" }
API Deprecation - Advance Intimation
We are deprecating the following API. This API will no longer be supported or accessible after 29 December 2024.
API Affected
| New or Updated API | Existing |
| API Endpoint | /ioc/remediation-actions/{remediationId} |
| Method | GET |
| DTD or XSD changes | Not Applicable |
Impact on Customers
Customers using the old API endpoint will no longer receive data or responses. Continuing to use the old API may cause integrations, scripts, or automation to fail.
Customers must switch to the new API endpoint to access remediation details. They must update their code or integrations to align with the latest API structure. For more information on the new API, see Release 3.5.1 API.
Perform Quarantine/UnQuarantine Host Action on Asset
| New or Updated API | Updated |
| API Endpoint (Deprecation Timeline-January 2025) |
<qualys_base_url>/ioc/remediation-actions/performQuarantineHostAction |
|
API Endpoint (New Version) |
<qualys_base_url>/ioc/remediation-actions/quarantineHost |
| Method | POST |
| DTD or XSD changes | No |
API Sample Request and ResponseAPI Sample Request and Response
API request
curl -X POST "<qualys_base_url>/ioc/remediation-actions/performQuarantineHostAction?<user=username&userId=XXc42aXX-03XX-XXdd-aXX8-42fXXXd7cXXX>" --header "accept: */*" --header "Authorization: Bearer <token>"-H "Content-Type: application/json" -d "<JSON payload>" Sample JSON Payload
{
"remediationSource": "EDR",
"user": "John Doe",
"userId": "qaedr_jd",
"comment": "QH",
"requestTime": "2024-12-12T04:52:39.711Z",
"assetActionParameter": {
"assetActions": [
{
"eventId": "9589ad4e-670a-460a-8d69-43184b3df1a7",
"action": "QUARANTINE_HOST",
"agentId": "9589ad4e-670a-460a-8d69-43184b3df1a7",
"eventType": "AGENT",
"overrideConfig": true,
"agentVersion": "5.5.25.0"
}
],
"hostConfig": {
"excludedWhitelistingConfig": {
"excludedApplicationsConfigs": [
{
"applicationPath": "asdfasf",
"platform": 1
},
{
"applicationPath": "asdfasf",
"platform": 1
}
],
"excludedIpConfigs": [
{
"ipAddress": "1.1.1.1",
"subnetMask": "11.11.11.11",
"platform": 1,
"type": "V4"
}
],
"excludedDomainConfigs": [
{
"domain": "tradingview.com",
"platform": 1
}
]
},
"quarantineAssetNotifications": {
"title": "QH",
"description": "quarantined",
"platform": 1,
"emailIdList": "abc@qualys.com",
"phoneNo": "1234567890"
}
}
},
"moduleMetadata": "cfsdfsfdgfdsg"
}
Response
{
"HttpStatus": "OK"
}