Enterprise TruRisk Management Release 1.3.2 API
July 07, 2025
Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.
Enhanced Reporting Columns in Download Report API with Patch, Finding, and Asset Details
With this update, we have enhanced reporting columns. The output response of the Download report using the resource name API now includes information for patches, findings from Qualys apps and third-party sources, additional asset information, along with other existing details.
|
New or Updated API |
Updated |
|
API Endpoints |
/etm/api/rest/v1/reports/{report-id}/resources/{resource-name} |
|
Method |
GET |
|
DTD or XSD changes |
Not Applicable |
Introduced Information for Patches
The API response now includes patch information to provide detailed information:
- isPatchAvailable
- isQualysPatchable
- patches[]
- datePublished
- downloadMethod
- patchId
- platform
- publishedDate
- kb
- isSuperseded
- rebootRequired
- title
- osIdentifier
- qualysPatchable
- advisoryLink
- architecture[]
Enhanced Information on Assets
The API response now includes additional asset attributes to provide richer context and improve asset visibility. These attributes enable better tracking, categorization, and reporting of assets through the API.
The following fields have been added:
- assetPublish
- operatingSystemAttribute[]
- operatingSystem
- category1
- category2
- version
- attributeAction
- architecture
Sample: Response consists of patch informationSample: Response consists of patch information
API Request
curl -X GET '<qualys_base_url>/etm/api/rest/v1/reports/20ce9e32-fe6e-4172-b5ee-ef770591c56b/resources/part_15097524224131306.json' --header 'Content-Type: application/json' --header 'Authorization: Bearer <JWT Token>'
Response
[
{
"cveId": "CVE-2001-0775",
"findingId": "f1699796-88fc-4206-b6f9-7d8f1f782693",
"exploitMaturity": [
"poc"
],
"cvss": {
"cvss2Base": "7.5",
"cvss2Temporal": "6.8",
"vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
},
"vendorName": "CrowdStrike",
"vendorProductName": "Spotlight",
"impact": "NA",
"assetType": "HOST",
"assetSerialNumber": "6924-0881-6345-0277",
"references": [],
"asset": {
"externalAssetId": "fh0uKErjEgZic5iYAEhsAiQlaqbYSDtKZXO6CzUMrX"
},
"product": {
"name": "3945e_integrated_services_router",
"vendor": "cisco",
"category": "Hardware",
"cpeName": "cpe:2.3:h:cisco:3945e_integrated_services_router:-:*:*:*:*:*:*:*"
},
"typeDetected": "Confirmed",
"mitreAttacks": [
{
"tactics": {},
"techniques": {},
"subtechniques": {}
}
],
"lastFound": 1751630410000,
"subCategory": "Confirmed",
"description": "High risk vulnerability with potential exploit.",
"assetName": "UK1533VD",
"category": "VULNERABILITY",
"severity": 5,
"dnsName": "UK1544VD1",
"wascIds": [],
"qds": 42,
"isQualysPatchable": true,
"title": "CVE-2001-0775",
"rti": [
"Easy_Exploit",
"Exploit_Public",
"Predicted_High_Risk"
],
"firstFound": 1751628311000,
"exploitedByList": [],
"status": "ACTIVE",
"isPatchAvailable": true,
"sources": [
{
"lastDetected": 1751628311000,
"externalFindingId": "cfe6aa1a-3030-4e99-af5e-ae57878c3aa12",
"qds": 80,
"sourceName": "CrowdStrike",
"firstDetected": 1751628311000,
"title": "CVE-2001-0775",
"status": "ACTIVE",
"severity": 5,
"subCategory": "Confirmed",
"connectorId": "381fde68-9f2a-4b11-a357-40eab649c829",
"connectorName": "ETM-ASSIGNMENTS",
"sourceAssetId": 1121089,
"typeDetected": "Confirmed",
"vendorSource": "Spotlight"
},
{
"lastDetected": 1751630410000,
"externalFindingId": "1fe6aa1a-3030-4e99-af5e-ae57878c3aa12",
"qds": 80,
"sourceName": "CrowdStrike",
"firstDetected": 1751630410000,
"title": "CVE-2001-0775",
"status": "ACTIVE",
"severity": 5,
"subCategory": "Confirmed",
"connectorId": "381fde68-9f2a-4b11-a357-40eab649c829",
"connectorName": "ETM-ASSIGNMENTS",
"sourceAssetId": 1121089,
"typeDetected": "Confirmed",
"vendorSource": "Spotlight"
}
],
"lastUpdated": 1751630410000,
"remediations": [],
"customNumber2": 80,
"customNumber1": 10,
"cvePublishedDate": "2001-10-18T04:00:00.000Z",
"ttd": 207847.42,
"datePublished": "2001-10-18T04:00:00.000Z",
"assetCreatedOn": 1751269805000,
"operatingSystemAttribute": {
"operatingSystem": "RHEL",
"category1": "Linux",
"category2": "Server"
},
"patches": [
{
"datePublished": "2024-08-01T00:00:00.000Z",
"downloadMethod": "Default download",
"patchId": "dc13885e-c089-3adb-b893-59a6f2efa7f3",
"platform": "Linux",
"publishedDate": 1722470400000,
"rebootRequired": false,
"title": "Debian Security Update for xli (CVE-2001-0775)",
"osIdentifier": "DEBIAN12",
"qualysPatchable": false,
"advisoryLink": "https://security-tracker.debian.org/tracker/CVE-2001-0775",
"architecture": [
"noarch"
]
},
{
"datePublished": "2024-08-01T00:00:00.000Z",
"downloadMethod": "Default download",
"patchId": "42b377f9-18a6-396b-ac2e-3650b865d890",
"platform": "Linux",
"publishedDate": 1722470400000,
"rebootRequired": false,
"title": "Debian Security Update for xli (CVE-2001-0775)",
"osIdentifier": "DEBIAN11",
"qualysPatchable": false,
"advisoryLink": "https://security-tracker.debian.org/tracker/CVE-2001-0775",
"architecture": [
"noarch"
]
}
],
"acs": 2,
"truRiskScore": 265,
"tagNames": [
"TestJ000000",
"Unmanaged",
"CAUintManager_BU",
"CrowdStrike Spotlight"
],
"disabled": false,
"ignored": false,
"detectionAge": 3,
"solution": "NA",
"cve": {
"cveId": "CVE-2001-0775",
"qvs": 42,
"cisaKnownExploits": false,
"rti": [
"Easy_Exploit",
"Exploit_Public",
"Predicted_High_Risk"
],
"exploitMaturity": [
"poc"
],
"epssScore": 0.25562,
"updated": 1751544435,
"cvss2Info": {
"basescore": 7.5,
"temporalScore": 6.8,
"accessVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
},
"cvss3Info": {}
}
}
]
Enriched Details for Findings from Qualys Apps and Third-Party Sources
The API response for findings now includes additional fields for better tracking and context of externally sourced vulnerabilities. These enriched details help to understand and track externally sourced findings. Adding the product category helps organize the information better and improves the identification of vulnerabilities. The following attributes have been added:
Sample: Response consists of VMDR findingsSample: Response consists of VMDR findings
API Request
curl -X GET '<qualys_base_url>/etm/api/rest/v1/reports/20ce9e32-fe6e-4172-b5ee-ef770591c56b/resources/part_15097524224131306.json' --header 'Content-Type: application/json' --header 'Authorization: Bearer <JWT Token>'
Response
[
{
"cveId": "CVE-2015-2808",
"findingId": "654a94f8-c13e-4f43-a5a0-c71eaa5f1e7b",
"cvss": {
"cvss2Base": "5.0",
"cvss2Temporal": "4.3",
"vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
},
"vendorName": "Qualys",
"vendorProductName": "VMDR",
"impact": "NA",
"vendorId": "38601",
"assetType": "HOST",
"references": [],
"asset": {
"internalAssetId": 126166,
"assetName": "mgmtpatch6"
},
"product": {
"category": "General remote services"
},
"typeDetected": "Confirmed",
"mitreAttacks": [
{
"tactics": {},
"techniques": {},
"subtechniques": {}
}
],
"lastFound": 1737098071000,
"subCategory": "Confirmed",
"description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.",
"assetName": "mgmtpatch6",
"category": "VULNERABILITY",
"severity": 2,
"dnsName": "mgmtpatch6",
"wascIds": [],
"qds": 30,
"isQualysPatchable": false,
"title": "Secure Sockets Layer/Transport Layer Security (SSL/TLS) Use of Weak Cipher Rivest Cipher 4 (RC4/ARC4/ARCFOUR)",
"rti": [
"Easy_Exploit"
],
"firstFound": 1718893396000,
"exploitedByList": [],
"protocol": "TCP",
"status": "ACTIVE",
"isPatchAvailable": false,
"port": 3389,
"sources": [
{
"lastDetected": 1737098071000,
"vendorId": "38601",
"externalFindingId": "129408",
"qds": 30,
"sourceName": "Qualys",
"firstDetected": 1718893396000,
"title": "Secure Sockets Layer/Transport Layer Security (SSL/TLS) Use of Weak Cipher Rivest Cipher 4 (RC4/ARC4/ARCFOUR)",
"status": "ACTIVE",
"severity": 2,
"subCategory": "Confirmed",
"port": 3389,
"protocol": "TCP",
"sourceAssetId": 126166,
"typeDetected": "Confirmed",
"vendorSource": "VMDR"
}
],
"lastUpdated": 1737098071000,
"customNumber2": 80,
"cvePublishedDate": "2015-04-01T02:00:35.000Z",
"ttd": 80844.38,
"datePublished": "2015-04-01T02:00:35.000Z",
"assetCreatedOn": 1718893411000,
"operatingSystemAttribute": {
"operatingSystem": "Windows 2012 R2 Standard"
},
"patches": [],
"assetPublish": 1737098083000,
"acs": 5,
"truRiskScore": 301,
"tagNames": [
"TestJ000000",
"Internet Facing Assets",
"Midhila Dynamic Tag",
"AG1",
"mithomas-Dynamic Tag",
"Operating System",
"CAUintManager_BU",
"OS Windows00"
],
"disabled": false,
"ignored": false,
"detectionAge": 384,
"solution": "NA",
"cve": {
"cveId": "CVE-2015-2808",
"qvs": 30,
"cisaKnownExploits": false,
"rti": [
"Easy_Exploit"
],
"epssScore": 0.4884,
"updated": 1751982681,
"cvss2Info": {
"basescore": 5.0,
"temporalScore": 4.3,
"accessVector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
},
"cvss3Info": {}
}
}
]
Sample: Response consists of vendor name, product name, category, and other detailsSample: Response consists of vendor name, product name, category, and other details
API Request
curl -X GET '<qualys_base_url>/etm/api/rest/v1/reports/20ce9e32-fe6e-4172-b5ee-ef770591c56b/resources/part_15097524224131306.json' --header 'Content-Type: application/json' --header 'Authorization: Bearer <JWT Token>'
Response
[
{
"cveId": "CVE-2024-7264",
"findingId": "8e09d704-bdee-4477-8327-d9e69cd9555d",
"exploitMaturity": [
"poc"
],
"cvss": {
"cvss2Temporal": "6.1",
"cvss3Base": "6.5",
"cvss3Temporal": "6.1",
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"vendorName": "CrowdStrike",
"vendorProductName": "Spotlight",
"impact": "NA",
"assetType": "HOST",
"references": [],
"asset": {
"externalAssetId": "garpjdEYhY4LHjnFvvXbnSlrrbpa3jkxJRq0MGtvBbnF4"
},
"product": {
"name": "ios",
"vendor": "cisco",
"category": "Operating System",
"version": "Libcurl",
"cpeName": "cpe:2.3:o:cisco:ios:15.6\\(4\\)sn:*:*:*:*:*:*:*"
},
"typeDetected": "Confirmed",
"mitreAttacks": [
{
"tactics": {},
"techniques": {},
"subtechniques": {}
}
],
"lastFound": 1751901905000,
"subCategory": "Confirmed",
"description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.\n",
"assetName": "XB6WO460",
"category": "VULNERABILITY",
"severity": 4,
"dnsName": "XB6WO460",
"wascIds": [],
"qds": 37,
"isQualysPatchable": false,
"title": "CVE-2024-7264",
"rti": [
"Exploit_Public"
],
"firstFound": 1751499543000,
"exploitedByList": [],
"status": "ACTIVE",
"isPatchAvailable": false,
"sources": [
{
"lastDetected": 1751901905000,
"externalFindingId": "b39710a56aea4b6b8a5b8785daa260f7-407b19c7e6d3499eb7eac4b9372edc25_08a227cc93c039a396b92f5813b71f98",
"qds": 60,
"sourceName": "CrowdStrike",
"firstDetected": 1751901905000,
"title": "CVE-2024-7264",
"status": "ACTIVE",
"severity": 4,
"subCategory": "Confirmed",
"connectorId": "381fde68-9f2a-4b11-a357-40eab649c829",
"connectorName": "ETM-ASSIGNMENTS",
"sourceAssetId": 1054054,
"typeDetected": "Confirmed",
"vendorSource": "Spotlight"
}
],
"lastUpdated": 1751901905000,
"remediations": [],
"customNumber2": 80,
"customNumber1": 10,
"cvePublishedDate": "2024-07-31T08:15:02.000Z",
"ttd": 8079.4,
"datePublished": "2024-07-31T08:15:02.000Z",
"assetCreatedOn": 1750768369000,
"operatingSystemAttribute": {
"category1": "Unidentified",
"category2": "Unidentified"
},
"patches": [],
"acs": 4,
"truRiskScore": 149,
"tagNames": [
"TestJ000000",
"Unmanaged",
"CAUintManager_BU",
"CrowdStrike Spotlight"
],
"disabled": false,
"ignored": false,
"detectionAge": 7,
"solution": "NA",
"cve": {
"cveId": "CVE-2024-7264",
"qvs": 37,
"cisaKnownExploits": false,
"rti": [
"Exploit_Public"
],
"exploitMaturity": [
"poc"
],
"epssScore": 0.02201,
"updated": 1751982681,
"cvss2Info": {
"temporalScore": 6.1
},
"cvss3Info": {
"basescore": 6.5,
"temporalScore": 6.1,
"accessVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
}
}
}
]
To learn more about input parameters and other details, refer to the ETM API User guide.