Release 3.6.0 API

November 29, 2024 (Updated February 18, 2025)

Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.

What's New?

This release introduces a new API that allows you to retrieve EDR alerts at any time.

New API: Asset Alert API

New or Updated API	New
API Endpoint	edr-async-data/asset/v1/alert/trigger
Method	POST
DTD or XSD changes	Not Applicable

This API is used to retrieve EDR alerts at any time. Upon executing the API, an alert is sent to the email addresses configured in the Alerts section of your EDR subscription.

Input ParametersInput Parameters

This API does not require any input parameters.

Sample: Retrieve EDR AlertsSample: Retrieve EDR Alerts

API Request

curl -X 'POST' \
  '<qualys_base_url>/edr-async-data/asset/v1/alert/trigger' \
  -H 'accept: */*' \
  -d ''

Response

{   "result": "triggered alert job" }

API Deprecation - Advance Intimation

We are deprecating the following API. This API will no longer be supported or accessible after 29 December 2024.

API Affected

New or Updated API	Existing
API Endpoint	/ioc/remediation-actions/{remediationId}
Method	GET
DTD or XSD changes	Not Applicable

Impact on Customers

Customers using the old API endpoint will no longer receive data or responses. Continuing to use the old API may cause integrations, scripts, or automation to fail.

Customers must switch to the new API endpoint to access remediation details. They must update their code or integrations to align with the latest API structure. For more information on the new API, see Release 3.5.1 API.

Perform Quarantine/UnQuarantine Host Action on Asset

New or Updated API	Updated
API Endpoint (Deprecation Timeline-January 2025)	<qualys_base_url>/ioc/remediation-actions/performQuarantineHostAction
API Endpoint (New Version)	<qualys_base_url>/ioc/remediation-actions/quarantineHost
Method	POST
DTD or XSD changes	No

API Sample Request and ResponseAPI Sample Request and Response

API request

curl -X POST "<qualys_base_url>/ioc/remediation-actions/performQuarantineHostAction?<user=username&userId=XXc42aXX-03XX-XXdd-aXX8-42fXXXd7cXXX>" --header "accept: */*" --header "Authorization: Bearer <token>"-H "Content-Type: application/json" -d "<JSON payload>"

Sample JSON Payload

{
  "remediationSource": "EDR",
  "user": "John Doe",
  "userId": "qaedr_jd",
  "comment": "QH",
  "requestTime": "2024-12-12T04:52:39.711Z",
  "assetActionParameter": {
    "assetActions": [
      {
        "eventId": "9589ad4e-670a-460a-8d69-43184b3df1a7",
        "action": "QUARANTINE_HOST",
        "agentId": "9589ad4e-670a-460a-8d69-43184b3df1a7",
        "eventType": "AGENT",
        "overrideConfig": true,
        "agentVersion": "5.5.25.0"
      }
    ],
    "hostConfig": {
      "excludedWhitelistingConfig": {
        "excludedApplicationsConfigs": [
          {
            "applicationPath": "asdfasf",
            "platform": 1
          },
          {
            "applicationPath": "asdfasf",
            "platform": 1
          }
        ],
        "excludedIpConfigs": [
          {
            "ipAddress": "1.1.1.1",
            "subnetMask": "11.11.11.11",
            "platform": 1,
            "type": "V4"
          }
        ],
        "excludedDomainConfigs": [
          {
            "domain": "tradingview.com",
            "platform": 1
          }
        ]
      },
      "quarantineAssetNotifications": {
        "title": "QH",
        "description": "quarantined",
        "platform": 1,
        "emailIdList": "abc@qualys.com",
        "phoneNo": "1234567890"
      }
    }
  },
  "moduleMetadata": "cfsdfsfdgfdsg"
}

Response

{
"HttpStatus": "OK" 
}