Use this API to create a profile from XML inputs.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
|
name |
Optional |
String |
The name of the profile. |
|
type |
Optional |
String |
Type of profile. Example: WINDOWS or LINUX. |
|
category.id |
Optional |
String |
The ID of the category. |
|
category.name |
Optional |
String |
Name of the Category |
|
description |
Optional |
String |
Description of the profile. |
|
rules.name |
Optional |
String |
Name of the rule. |
|
rules.description |
Optional |
String |
Description of the rule |
|
rules.type |
Optional |
String |
Type of the Rule. Example: file/directory/key/value |
|
rules.imagePath |
Optional |
String |
Path which needs to be monitored. |
|
rules.recursiveDepth |
Optional |
String |
In case of directory rule, depth of directory we want to monitor. Allowed values: 1,2,3,4,5,6,7,8,9,None,All |
|
rules.severity |
Optional |
String |
Severity of Rule. Allowed values 1,2,3,4,5 |
|
rules.valueName |
Optional |
String |
If Type of the Rule is Value. Allowed Registry key value name |
|
rules.notify.directory |
Optional |
String |
List of directory attributes that needs to be monitored. Allowed values: create, delete, rename, modifyMetadata, modifySecuritySettings. |
|
rules.notify.file |
Optional |
String |
List of file attributes that needs to be monitored. Allowed values: create, delete, rename, modifyContent, modifyMetadata,modifySecuritySettings. |
|
rules.notify.key |
Optional |
String |
List of value attributes which needs to be monitored. Allowed values: delete,modifyContent |
|
rules.notify.value |
Optional |
String |
List of key attributes which needs to be monitored. Allowed values: create, delete, rename, modifySecuritySettings |
|
rules.inclusionFilter.objectType |
Optional |
String |
Type of the object which needs to be in inclusion Filter of the rule. file/directory/key/value |
|
rules.inclusionFilter.patterns |
Optional |
String |
List of paths to be added as inclusion filters For example: C:\System32\*.txt |
|
rules.exclusionFilter.objectType |
Optional |
String |
Type of the object which needs to be in exclusion filter of the rule. file/directory/key/value |
|
rules.exclusionFilter.patterns |
Optional |
String |
List of paths to be added as exclusion filters. For example:C:\System32\*.log |
API Request
curl -X POST
<qualys_base_url>/fim/v3/profiles/importxml
-H 'authorization: Bearer <token>'
-H 'content-type: application/json'
-d @request.json
Contents of request.json:
<?xml version=""1.0"" encoding=""UTF-8""?>
<profile>
<id>20x213xx-xx2x-44x0-xxx3-x95940x49x62</id>
<name>FIM-2998 windows</name>
<version>1.0</version>
<description />
<type>WINDOWS</type>
<category>
<id>9xx0154x-70x8-4807-90xx-xxxxx6xx59xx</id>
<name>PCI</name>
</category>
<rules>
<rule>
<type>directory</type>
<imagePath>C:\\Windows\\System32\\</imagePath>
<description>Rule Description</description>
<recursiveDepth>2</recursiveDepth>
<notifyFor>
<directory>
<notify>rename</notify>
<notify>modifyMetadata</notify>
<notify>delete</notify>
<notify>modifySecuritySettings</notify>
<notify>create</notify>
</directory>
<file>
<notify>rename</notify>
<notify>modifyContent</notify>
<notify>delete</notify>
<notify>modifyMetadata</notify>
<notify>create</notify>
<notify>modifySecuritySettings</notify>
</file>
</notifyFor>
<inclusions>
<inclusion>
<objectType>file</objectType>
<patterns>
<pattern>C:\Windows\*.txt</pattern>
</patterns>
</inclusion>
</inclusions>
<exclusions>
<exclusion>
<objectType>file</objectType>
<patterns>
<pattern>C:\Windows\*.log</pattern>
</patterns>
</exclusion>
</exclusions>
<severity>3</severity>
<name>Rule Name 2</name>
</rule>
<rule>
<id>32xxx356-xx8x-4334-x972-33x6x428xx78</id>
<type>key</type>
<imagePath>HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run</imagePath>
<description>Rule Description</description>
<recursiveDepth>2</recursiveDepth>
<notifyFor>
<directory/>
<file/>
<key>
<notify>rename</notify>
<notify>delete</notify>
<notify>create</notify>
<notify>modifySecuritySettings</notify>
</key>
<value>
<notify>delete</notify>
<notify>modifyContent</notify>
</value>
</notifyFor>
<inclusions>
<inclusion>
<objectType>key</objectType>
<patterns>
<pattern>childkey</pattern>
</patterns>
</inclusion>
<inclusion>
<objectType>value</objectType>
<patterns>
<pattern>childvalue</pattern>
</patterns>
</inclusion>
</inclusions>
<exclusions/>
<severity>3</severity>
<name>Registry Rule</name>
</rule>
<rule>
<id>32xxx356-xx8x-4334-x972-33x6x428xx87</id>
<type>value</type>
<imagePath>HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run</imagePath>
<description></description>
<notifyFor>
<directory/>
<file/>
<key/>
<value>
<notify>delete</notify>
<notify>modifyContent</notify>
</value>
</notifyFor>
<inclusions/>
<exclusions/>
<severity>3</severity>
<name>Registry Rule 2</name>
<valueName>TeamsMachineInstaller</valueName>
</rule>
</rules>
</profile>