EDR Release 3.6.0 API
November 29, 2024 (Updated May 29, 2025)
Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.
Correction – Asset Alert API
The 'Asset Alert' API was mistakenly included in this release. It is an internal API not intended for external use and has been removed from public documentation as of EDR Release 3.7.1 API.
API Deprecation - Advance Intimation
We are deprecating the following API. This API will no longer be supported or accessible after 29 December 2024.
API Affected
New or Updated API | Existing |
API Endpoint | /ioc/remediation-actions/{remediationId} |
Method | GET |
DTD or XSD changes | Not Applicable |
Impact on Customers
Customers using the old API endpoint will no longer receive data or responses. Continuing to use the old API may cause integrations, scripts, or automation to fail.
Customers must switch to the new API endpoint to access remediation details. They must update their code or integrations to align with the latest API structure. For more information on the new API, see Release 3.5.1 API.
Perform Quarantine/UnQuarantine Host Action on Asset
New or Updated API | Updated |
API Endpoint (Deprecation Timeline-January 2025) |
<qualys_base_url>/ioc/remediation-actions/performQuarantineHostAction |
API Endpoint (New Version) |
<qualys_base_url>/ioc/remediation-actions/quarantineHost |
Method | POST |
DTD or XSD changes | No |
API Sample Request and ResponseAPI Sample Request and Response
API request
curl -X POST "<qualys_base_url>/ioc/remediation-actions/performQuarantineHostAction?<user=username&userId=XXc42aXX-03XX-XXdd-aXX8-42fXXXd7cXXX>" --header "accept: */*" --header "Authorization: Bearer <token>"-H "Content-Type: application/json" -d "<JSON payload>"
Sample JSON Payload
{
"remediationSource": "EDR",
"user": "John Doe",
"userId": "qaedr_jd",
"comment": "QH",
"requestTime": "2024-12-12T04:52:39.711Z",
"assetActionParameter": {
"assetActions": [
{
"eventId": "9589ad4e-670a-460a-8d69-43184b3df1a7",
"action": "QUARANTINE_HOST",
"agentId": "9589ad4e-670a-460a-8d69-43184b3df1a7",
"eventType": "AGENT",
"overrideConfig": true,
"agentVersion": "5.5.25.0"
}
],
"hostConfig": {
"excludedWhitelistingConfig": {
"excludedApplicationsConfigs": [
{
"applicationPath": "asdfasf",
"platform": 1
},
{
"applicationPath": "asdfasf",
"platform": 1
}
],
"excludedIpConfigs": [
{
"ipAddress": "1.1.1.1",
"subnetMask": "11.11.11.11",
"platform": 1,
"type": "V4"
}
],
"excludedDomainConfigs": [
{
"domain": "tradingview.com",
"platform": 1
}
]
},
"quarantineAssetNotifications": {
"title": "QH",
"description": "quarantined",
"platform": 1,
"emailIdList": "abc@qualys.com",
"phoneNo": "1234567890"
}
}
},
"moduleMetadata": "cfsdfsfdgfdsg"
}
Response
{
"HttpStatus": "OK"
}