Update Integration

PUT /partner-integration/aws/s3/{id}/vm

Updates the integration details such as bucket name, bucket region, Severity, Category, name, resultSectionNeeded, sendVulnInfo, compressData, and roleArn of the AWS S3 bucket with Qualys.

 You can also regenerate the externalID using this API if needed. If you regenerate the externalID using this API, you must re edit the trust relationship. For more information, see  Appendix : Editing Trust Relationship after Regenerating External ID.

Input ParametersInput Parameters

Parameter

Optional

/Mandatory

Data Type

Description

id

  Optional  Integer

It is IntegrationID provided by Qualys.

bucketName={value}

  Optional  Text

Provide the name of the AWS S3 bucket being used for integration.

bucketRegion={value}

  Optional  Text

Provide the region where the AWS S3 bucket is located.

roleArn={value}

 Mandatory  Text

Specify the ARN of the cross-account role that you created in your AWS account.

name={value}

 Mandatory  Text

Provide a unique name for the integration in the API request. The maximum length allowed for the name is 50 characters.

minSeverity={value}

  Optional  Text

The minimum severity level of the vulnerabilities fetched from Qualys (VM/VMDR app) to be posted on the AWS S3 bucket.

filterQuery

 Optional

string

Filter vulnerabilities and assets using the supported tokens listed below.

The default values for severity is 3 category is "Confirmed".

sendVulnInfo={true|false}

  Optional  Boolean

Set this to true if you need the vulnerability information. Set this parameter to false if you want to exclude the vulnerability information.

By default, the sendVulnInfo parameter isconfigured to false.

compressData={true|false}

 Optional  Boolean

Set this to true to compress the data in the response. It saves on disk and network IO. If you want to exclude the compression, set this parameter to false.

By default, the compressData parameter is configured to be true.

regenerateExternalId

 Optional  Boolean

Set this to true if you want to regenerate the external ID. The default value is set to false.

sendAlerts

 Optional Boolean

Set to true to receive ProActive alert notifications.

errorEmails

 Optional  text

When sendAlerts is set to true, provide the email list for ProActive Alert notifications. Add up to list of maximum of 5 email addresses as comma-separated values.

Filter Query Tokens

The Qualys Query Language is used to build search queries and fetch information from the Qualys database. You can pick the tokens from our repository and build your own query to find the relevant information.
For example, the below query fetches assessments of a specified qid, discovers ignored vulnerabilities and searches from the specified range of dates.

"vuln" : "qId: 11547 ignored: true AND lastUpdate: [2023-07-06 .. 2023-07-07]"

The below query fetches information of a specified asset id within the provided IP range.

"asset" : "assetUuid: `151334c4-3811-40b5-ba92-cfd0064eb9f4` AND ip: (1.1.1.1 .. 5.5.5.5)"

Learn more about building search queries using the Qualys Query Language (QQL) here.

The “Now” keyword is not supported for QQL currently. Building search queries with it will not produce any results.

The tokens listed below can be used to create the filterQuery for vulnerabilities and assets.

Vulnerbility Filter Tokens:

Token Data Type
qid LONG
port LONG
ignored BOOLEAN
Disabled BOOLEAN
filterQuery Optional
ssl BOOLEAN
protocol STRING
timesFound LONG
status STRING
firstFound STRING
lastUpdate STRING
lastProcessed STRING
lastReopened STRING
lastFixed STRING
lastFound STRING
lastTest STRING

category

Supported values are
{IG|Potential|Confirmed}

 

 STRING
severity
Supported values are
{1|2|3|4|5}		 LONG

The category token lets you specify the vulnerabilities fetched from Qualys (VM/VMDR app) to be posted on the AWS S3. The valid values are IG, Confirmed, and Potential.

By default, it is configured to Confirmed. In this case, only confirmed vulnerabilities are included.          

The severity token lets you specify the minimum severity level of the vulnerabilities fetched from Qualys (VM/VMDR app) to be posted on the AWS S3 bucket.        

Asset Filter Tokens:

Token Data Type
assetId LONG
assetUuid STRING
hostId LONG
netBios STRING
dns STRING
ip STRING
os STRING
trackingMethod STRING

When updating filterQuery values, previously used tokens will not be retained automatically. To keep any of them, you must reinclude them in the updated vulnerability or asset queries. Filter updates replace the entire query—they do not append to it. For example, to retain your Category and Severity values specified in the S3 registration, you have to give the following -
category: [`Confirmed`] AND severity >= 3 and superseded: true and runningKernel: true and runningService: true and isPatchable: true

Sample 1: Update AWS S3 Integration Details Using Integration IDSample 1: Update AWS S3 Integration Details Using Integration ID

This example is for updating the configuration details of the AWS S3 bucket integration by providing the integration ID in the request.

API Request

"curl -X PUT
--header""Content-Type:application/json""<qualys_gateway_url>/partner-integration/aws/s3/{id}/vm""--data""@integration.json""-H""Authorization: Bearer <token>"

'integration.json' contains the request PUT data.

Request PUT Data (integration.json)

{
  "name": "string",
  "bucketName": "string",
  "bucketRegion": "string",
  "roleArn": "string",
  "resultSectionNeeded": true,
  "sendVulnInfo": true,
  "compressData": true,
  "sendAlerts": true,
  "errorEmails": [
    "string"
  ],
  "filterQuery": {
    "vuln": "category: [`Potential`] AND severity >= 4 and superseded: true and runningKernel: true and runningService: true and isPatchable: true",
    "asset": "string"
  }
}

Output

{
   "messsage":"AWS S3 VM integration successfully updated."
}

Sample 2: Update AWS S3 Integration with 'Regenerate External IDSample 2: Update AWS S3 Integration with 'Regenerate External ID

This sample is for updating the configuration details of the AWS S3 bucket integration by setting regenerateExternalId to true.

API Request

"curl -X PUT
--header""Content-Type:application/json""<qualys_gateway_url>/partner-integration/aws/s3/{id}/vm""--data""@integration.json""-H""Authorization: Bearer <token>"

Note: “integration.json” contains the request PUT data.

Request PUT Data (integration.json)

{
  "name": "string",
  "bucketName": "string",
  "bucketRegion": "string",
  "roleArn": "string",
  "resultSectionNeeded": true,
  "sendVulnInfo": true,
  "compressData": true,
  "regenerateExternalId": true,
  "sendAlerts": true,
  "errorEmails": [
    "string"
  ],
  "filterQuery": {
    "vuln": "string",
    "asset": "string"
  }
}

Output

{
   "message":"AWS S3 VM Integration successfully updated.",
   "externalId":"US_POD_1-1- xxxxxxxx-xxxx-xxxx-xxxxxx-xxxxxxxxxxxxx"
}

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.