EDR Release 3.6.0 API

November 29, 2024 (Updated May 29, 2025)

Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.

Correction – Asset Alert API

The 'Asset Alert' API was mistakenly included in this release. It is an internal API not intended for external use and has been removed from public documentation as of EDR Release 3.7.1 API.

API Deprecation - Advance Intimation 

We are deprecating the following API. This API will no longer be supported or accessible after 29 December 2024.

API Affected 

New or Updated API Existing
API Endpoint /ioc/remediation-actions/{remediationId}
Method GET
DTD or XSD changes Not Applicable

Impact on Customers

Customers using the old API endpoint will no longer receive data or responses. Continuing to use the old API may cause integrations, scripts, or automation to fail.

Customers must switch to the new API endpoint to access remediation details. They must update their code or integrations to align with the latest API structure. For more information on the new API, see Release 3.5.1 API.

Perform Quarantine/UnQuarantine Host Action on Asset

New or Updated API Updated
API Endpoint
(Deprecation Timeline-January 2025)
<qualys_base_url>/ioc/remediation-actions/performQuarantineHostAction

API Endpoint (New Version)

<qualys_base_url>/ioc/remediation-actions/quarantineHost
Method POST
DTD or XSD changes No

API Sample Request and ResponseAPI Sample Request and Response

API request

curl -X POST "<qualys_base_url>/ioc/remediation-actions/performQuarantineHostAction?<user=username&userId=XXc42aXX-03XX-XXdd-aXX8-42fXXXd7cXXX>" --header "accept: */*" --header "Authorization: Bearer <token>"-H "Content-Type: application/json" -d "<JSON payload>"  

Sample JSON Payload

{
  "remediationSource": "EDR",
  "user": "John Doe",
  "userId": "qaedr_jd",
  "comment": "QH",
  "requestTime": "2024-12-12T04:52:39.711Z",
  "assetActionParameter": {
    "assetActions": [
      {
        "eventId": "9589ad4e-670a-460a-8d69-43184b3df1a7",
        "action": "QUARANTINE_HOST",
        "agentId": "9589ad4e-670a-460a-8d69-43184b3df1a7",
        "eventType": "AGENT",
        "overrideConfig": true,
        "agentVersion": "5.5.25.0"
      }
    ],
    "hostConfig": {
      "excludedWhitelistingConfig": {
        "excludedApplicationsConfigs": [
          {
            "applicationPath": "asdfasf",
            "platform": 1
          },
          {
            "applicationPath": "asdfasf",
            "platform": 1
          }
        ],
        "excludedIpConfigs": [
          {
            "ipAddress": "1.1.1.1",
            "subnetMask": "11.11.11.11",
            "platform": 1,
            "type": "V4"
          }
        ],
        "excludedDomainConfigs": [
          {
            "domain": "tradingview.com",
            "platform": 1
          }
        ]
      },
      "quarantineAssetNotifications": {
        "title": "QH",
        "description": "quarantined",
        "platform": 1,
        "emailIdList": "abc@qualys.com",
        "phoneNo": "1234567890"
      }
    }
  },
  "moduleMetadata": "cfsdfsfdgfdsg"
} 

Response

{
"HttpStatus": "OK" 
}