EDR Release 3.6.0 API

November 29, 2024 (Updated May 29, 2025)

Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.

Correction – Asset Alert API

The 'Asset Alert' API was mistakenly included in this release. It is an internal API not intended for external use and has been removed from public documentation as of EDR Release 3.7.1 API.

API Deprecation - Advance Intimation

We are deprecating the following API. This API will no longer be supported or accessible after 29 December 2024.

API Affected

New or Updated API	Existing
API Endpoint	/ioc/remediation-actions/{remediationId}
Method	GET
DTD or XSD changes	Not Applicable

Impact on Customers

Customers using the old API endpoint will no longer receive data or responses. Continuing to use the old API may cause integrations, scripts, or automation to fail.

Customers must switch to the new API endpoint to access remediation details. They must update their code or integrations to align with the latest API structure. For more information on the new API, see Release 3.5.1 API.

Perform Quarantine/UnQuarantine Host Action on Asset

New or Updated API	Updated
API Endpoint (Deprecation Timeline-January 2025)	<qualys_base_url>/ioc/remediation-actions/performQuarantineHostAction
API Endpoint (New Version)	<qualys_base_url>/ioc/remediation-actions/quarantineHost
Method	POST
DTD or XSD changes	No

API Sample Request and ResponseAPI Sample Request and Response

API request

curl -X POST "<qualys_base_url>/ioc/remediation-actions/performQuarantineHostAction?<user=username&userId=XXc42aXX-03XX-XXdd-aXX8-42fXXXd7cXXX>" --header "accept: */*" --header "Authorization: Bearer <token>"-H "Content-Type: application/json" -d "<JSON payload>"

Sample JSON Payload

{
  "remediationSource": "EDR",
  "user": "John Doe",
  "userId": "qaedr_jd",
  "comment": "QH",
  "requestTime": "2024-12-12T04:52:39.711Z",
  "assetActionParameter": {
    "assetActions": [
      {
        "eventId": "9589ad4e-670a-460a-8d69-43184b3df1a7",
        "action": "QUARANTINE_HOST",
        "agentId": "9589ad4e-670a-460a-8d69-43184b3df1a7",
        "eventType": "AGENT",
        "overrideConfig": true,
        "agentVersion": "5.5.25.0"
      }
    ],
    "hostConfig": {
      "excludedWhitelistingConfig": {
        "excludedApplicationsConfigs": [
          {
            "applicationPath": "asdfasf",
            "platform": 1
          },
          {
            "applicationPath": "asdfasf",
            "platform": 1
          }
        ],
        "excludedIpConfigs": [
          {
            "ipAddress": "1.1.1.1",
            "subnetMask": "11.11.11.11",
            "platform": 1,
            "type": "V4"
          }
        ],
        "excludedDomainConfigs": [
          {
            "domain": "tradingview.com",
            "platform": 1
          }
        ]
      },
      "quarantineAssetNotifications": {
        "title": "QH",
        "description": "quarantined",
        "platform": 1,
        "emailIdList": "abc@qualys.com",
        "phoneNo": "1234567890"
      }
    }
  },
  "moduleMetadata": "cfsdfsfdgfdsg"
}

Response

{
"HttpStatus": "OK" 
}