Release 1.6.0 API
December 23, 2024
Qualys API Server URL
Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.
What's New?
Compliance Summary API: Generate Compliance Summary Report with Compliance Status
| New or Updated API | New |
| API Endpoint | /pci/compliance/summary |
| API Version | LATEST - V1 |
| Method | GET |
| DTD or XSD changes | No |
The Compliance Summary API lists all the assets with their IP addresses, DNS hostnames, and PCI compliance status. Earlier, the compliance status for the assets was included in executive reports under the compliance summary section. Now with the help of this API, you can generate the asset-level compliance summary report.
Use the PCI Merchant Authentication to access this API.
You can not access the PCI Merchant APIs if you have enabled Security Assertion Markup Language - Single-Sing-On (SAML-SSO) for your account. To access these APIs, disable SAML-SSO and use basic PCI Merchant Authentication. This constraint is applicable for all the PCI Merchant APIs, as they use basic PCI Merchant Authentication.
Input ParameterInput Parameter
You can use the following input parameters for Compliance Summary API.
| Parameter | Data Type | Optional/ Mandatory | Description |
|---|---|---|---|
|
sortBy
|
Alphanumeric
|
Optional
|
Use this parameter to sort the assets based on IP address, DNS hostname, or compliance status. By default IP address is used for sorting. |
|
sortOrder
|
String
|
Optional
|
Use this parameter to sort the results in ascending (ASC) or descending (DESC) order. Valid values - |
| offset | Integer | Optional | Use this parameter to offset the assets displayed in the API response. You can use any integer number, starting from 1. |
| limit | Integer | Optional | Use this parameter to set the number of assets displayed on a page. Range: 1-1000 |
| IP | Double | Optional | Use this parameter to include assets based on the IP address or IP Range. |
| DNS | String | Optional | Use this parameter to include assets based on DNS hostname. You can provide only one DNS hostname as an input parameter. |
| ComplianceStatus | Boolean | Optional | Use this parameter to include assets based on their compliance status. Values: Pass/Fail |
Sample - Generate the Compliance Summary ReportSample - Generate the Compliance Summary Report
API Request
curl -X GET '<qualys_base_url>/pci/reporting/complianceSummary?limit=10&offset=0'
-H 'Content-Type: application/json apiVersion: V1'API Response
{
"responseApiVersion": "LATEST - V1",
"data": {
"totalCount": 4264,
"fetchRange": "1-10",
"complianceSummaryList": [
{
"ip": "123.123.123.141",
"dns": "123.123.123.130.bc.googleusercontent.com",
"complianceStatus": "Pass"
},
{
"ip": "123.123.123.129",
"dns": "docker-registry.ab2.us-abcdefg-1.oracleiaas.com",
"complianceStatus": "Pass"
},
{
"ip": "12.123.123.250",
"dns": "ec2-12-123-12-250.sa-east-1.compute.amazonaws.com",
"complianceStatus": "Pass"
},
{
"ip": "1.1.1.5",
"dns": "abc.com",
"complianceStatus": "Pass"
},
{
"ip": "12.12.12.14",
"dns": "telemetry-api.ad1.ap-mumbai-1.oracleiaas.com",
"complianceStatus": "Pass"
},
{
"ip": "123.123.0.145",
"dns": "telemetry-api.ad1.ca-toronto-1.oracleiaas.com",
"complianceStatus": "Pass"
},
{
"ip": "123.123.1.146",
"dns": "telemetry-api.ad3.us-ashburn-1.oracleiaas.com",
"complianceStatus": "Pass"
},
{
"ip": "1.1.1.3",
"dns": "xyz.com",
"complianceStatus": "Fail"
},
{
"ip": "123.12.123.34",
"dns": null,
"complianceStatus": "Pass"
},
{
"ip": "123.12.12.7",
"dns": null,
"complianceStatus": "Pass"
}
]
}
}Compliance Report Generation API: Fetch the Special Notes and Non-Complaint IPs for Your Assets
| New or Updated API | New |
| API Endpoint | /pci/reporting/reportGeneration/fetch |
| API Version | LATEST - V1 |
| Method | GET |
| DTD or XSD changes | No |
The Compliance Report Generation API fetches the asset details, special note details, QIDs detected for these assets, and non-compliant IP addresses.
Use the PCI Merchant Authentication to access this API.
Sample: Fetch the Special Notes and Non-compliant IP Addresses for your AssetsSample: Fetch the Special Notes and Non-compliant IP Addresses for your Assets
The following example illustartes fetching Compliance Report for your assets using Compliamce Report Generation and Attestation API.
API Request
curl -X GET '<qualys_base_url>pci/reporting/reportGeneration/fetch' -H 'Content-Type: application/json apiVersion: V1'
API Response
{
"responseApiVersion": "LATEST - V1",
"data": {
"specialNotes": [
{
"id": "1231234",
"ip": "12.34.56.5",
"dns": "12.34.56.5.com",
"specialNote": "Remote Access",
"qid": "42428",
"title": "OpenSSH \"child_set_env()\" Security Bypass Issue",
"port": null,
"protocol": null,
"securelyImplemented": "false",
"comment": "Sample comment"
},
{
"id": "1232345",
"ip": "12.34.56.6",
"dns": "12.34.56.6.com",
"specialNote": "Unknown services",
"qid": "82023",
"title": "Open TCP Services List",
"port": null,
"protocol": null,
"securelyImplemented": "false",
"comment": "Sample comment"
},
{
"id": "1233456",
"ip": "12.34.56.7",
"dns": "12.34.56.7.com",
"specialNote": "Unknown services",
"qid": "82004",
"title": "Open UDP Services List",
"port": null,
"protocol": null,
"securelyImplemented": "false",
"comment": "Sample comment"
}
],
"nonCompliantAssets": [
{
"ip": "12.34.56.5",
"dns": "12.34.56.5.com",
"vulnHigh": 0,
"vulnMed": 0,
"vulnLow": 58,
"asvComment": "Please update OpenSSH to the latest versions.
Change built-in or default accounts and passwords. Fix SSL certificate related issues.",
"sslComment": "",
"patches": [
{
"urlText": "Apache Hive",
"url": null
}
],
"merchantComment": "Sample comment"
},
{
"ip": "12.34.56.6",
"dns": "12.34.56.6.com",
"vulnHigh": 0,
"vulnMed": 0,
"vulnLow": 58,
"asvComment": "Please update OpenSSH to the latest versions.
Change built-in or default accounts and passwords. Fix SSL certificate related issues.",
"sslComment": "",
"patches": [],
"merchantComment": "Sample comment"
},
{
"ip": "12.34.56.7",
"dns": "12.34.56.7.com",
"vulnHigh": 0,
"vulnMed": 0,
"vulnLow": 58,
"asvComment": "Please update OpenSSH to the latest versions.
Change built-in or default accounts and passwords. Fix SSL certificate related issues.",
"sslComment": "",
"patches": [],
"merchantComment": "Sample comment"
}
]
}
}
Report Generation Request API: Submit the Compliance Report Generation Request
| New or Updated API | New |
| API Endpoint | /pci/reporting/reportGeneration/submit |
| API Version | LATEST - V1 |
| Method | POST |
| DTD or XSD changes | No |
Use the Report Generation Request API to submit the compliance report generation request. You need to add special notes and non-compliant IP details while submitting the request. You can fetch this data using the compliance report generation API.
Along with the details from the fetch request, add the following information in the API request body:
- Justification comments for special notes.
- Justification comments for non-compliant IP addresses.
- Other required data such as name and title of the person submitting the report, inactive IP addresses/range, and submission title for the report.
Use the PCI Merchant Authentication to access this API.
Input ParametersInput Parameters
Use the following input parameter in the API Request Body.
| Input Parameter | Optional/Mandatory | Data Type | Description |
|---|---|---|---|
| specialNotesSecurelyImplemented | Optional | Boolean | Specify if the special notes are securely implemented or not. Values: true, false, 0, 1. |
| specialNotesSingleComment | Optional | String | Add the justification comment for special notes. Note: This parameter is mandatory if you set specialNotesSecurelyImplemented=true, false, 0, or 1.
|
| nonCompliantSingleComment | Optional | String | Add the justification comment for non-compliant IP addresses. |
| yourName | Mandatory | String | Enter your name. |
| yourTitle | Mandatory | String | Enter a title for your name, such as Mr., Ms., Mrs. |
| notActiveIps | Optional | String | Enter the inactive IP addresses or IP range. For example, 123.234.0.100 or 123.234.0.100-123.234.0.111 |
| submissionTitle | Optional | String | Specify the unique name for the compliance report you want to submit. |
Sample: Submit the Compliance Report Generation RequestSample: Submit the Compliance Report Generation Request
The following example illustrates attesting a compliance report downloaded using Compliance Report Generation API and submitting it to the Qualys API Server. (Confirm where to submit the report.)
API Repquest
curl -X POST '<qualys_base_url>/pci/reporting/reportGeneration/submit'
-H 'Content-Type: application/json apiVersion: V1'
API Request Body
{
"specialNotes": [
{
"id": "1231234",
"ip": "12.34.56.5",
"dns": "12.34.56.5.com",
"specialNote": "Remote Access",
"qid": "42428",
"title": "OpenSSH \"child_set_env()\" Security Bypass Issue",
"port": null,
"protocol": null,
"securelyImplemented": "false",
"comment": "This is a sample comment for the justification."
},
{
"id": "1232345",
"ip": "12.34.56.6",
"dns": "11.23.45.6.com",
"specialNote": "Unknown services",
"qid": "82023",
"title": "Open TCP Services List",
"port": null,
"protocol": null,
"securelyImplemented": "false",
"comment": "This is a sample comment for the justification."
},
{
"id": "1233456",
"ip": "12.34.56.7",
"dns": "12.34.56.7.com",
"specialNote": "Unknown services",
"qid": "82004",
"title": "Open UDP Services List",
"port": null,
"protocol": null,
"securelyImplemented": "false",
"comment": "This is a sample comment for the justification."
}
],
"nonCompliantAssets": [
{
"ip": "12.34.56.5",
"dns": "12.34.56.5.com",
"vulnHigh": 0,
"vulnMed": 0,
"vulnLow": 58,
"asvComment": "Please update OpenSSH to the latest versions.Change built-in or default accounts and passwords.
Fix SSL certificate related issues.",
"sslComment": "",
"patches": [
{
"urlText": "Apache Hive",
"url": null
}
],
"merchantComment": "This is a sample comment for the justification for the Non compliant IP"
},
{
"ip": "12.34.56.6",
"dns": "12.34.56.6.com",
"vulnHigh": 0,
"vulnMed": 0,
"vulnLow": 58,
"asvComment": "Please update OpenSSH to the latest versions.Change built-in or default accounts and passwords.
Fix SSL certificate related issues.",
"sslComment": "",
"patches": [],
"merchantComment": "This is a sample comment for the justification for the Non compliant IP"
},
{
"ip": "12.34.56.7",
"dns": "12.34.56.7.com",
"vulnHigh": 0,
"vulnMed": 0,
"vulnLow": 58,
"asvComment": "Please update OpenSSH to the latest versions.Change built-in or default accounts and passwords.
Fix SSL certificate related issues.",
"sslComment": "",
"patches": [],
"merchantComment": "This is a sample comment for the justification for the Non compliant IP"
}
]
}
API Response
{
"responseApiVersion": "LATEST - V1",
"data": {
"id": 7713,
"status": "Successfully submitted Report Generation request"
}
}
Compliance Report Status API: Fetch the Compliance Report Status
| New or Updated API | New |
| API Endpoint | /pci/reporting/<reportId>/status |
| API Version | LATEST - V1 |
| Method | GET |
| DTD or XSD changes | No |
You can check the compliance report status using the Compliance Report Status API. Provide the compliance report ID in the API request to see the report status. The following table shows the different report status and their description.
| Report Status | Description |
|---|---|
| Launched | The report generation request has been successfully launched. |
| Report Generating | The report generation is in progress. |
| Generated | The report is successfully generated. |
| Pending Review | The report review is pending from the admin user. |
| Attested | The review is complete and the report is approved by the admin user. |
| Rejected | The review is complete and the report is rejected by the admin user. |
| Submitted | The report is successfully submitted to the bank user. |
Input ParameterInput Parameter
Use the following query parameter to fetch the report generation status.
| Input Parameter | Optional/Mandatory | Data Type | Description |
|---|---|---|---|
| reportId | Mandatory | Integer | Provide the compliance report ID to fetch its status. |
Sample: Fetch the Compliance Report StatusSample: Fetch the Compliance Report Status
The following sample illustrates fetching the compliance report generation status using the report ID as a query parameter.
API Request
curl -X GET '<qualys_base_url>/pci/reporting/<report_id>/status'
-H 'Content-Type: application/json apiVersion: V1'
API Response
{
"responseApiVersion": "LATEST - V1",
"data": {
"id": 1234,
"status": "Generated"
}
}
Compliance Report Download API: Download Executive and Technical Compliance Report
| New or Updated API | New |
| API Endpoint | /pci/reporting/download |
| API Version | LATEST - V1 |
| Method | GET |
| DTD or XSD changes | No |
You can download the executive or technical compliance report using the Compliance Report Download API. To download, specify the report ID and report type (Executive or Technical) as the query parameter. You can download only the executive or technical report in a single request.
When the report download request is successfully processed, either the technical report or executive report is downloaded in PDF format as specified in the API request with a success code in the API response.
To access this API, use the PCI Merchant Authentication.
Input ParameterInput Parameter
Use the following query parameters to download the compliance report.
| Input Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| reportId | Mandatory | Integer | Provide the report ID to download a compliance report. |
| reportType | Mandatory | String | Specify the report type you want to download. Acceptable values: Executive, Technical |
Sample: Download an Executive Compliance ReportSample: Download an Executive Compliance Report
This sample illustrates downloading an executive compliance report using its report ID.
API Request
curl -X GET --location '<qualys_base_url>/pci/reporting/download?reportId=1234&reportType=Executive'
--header 'Content-Type: application/zip'
--header 'X-Requested-With: test'
-u 'patrickslimmer@pci:aB12cdEfGh'
API Response
200 OK.
Compliance Report Review API: Request Review for Compliance Report
| New or Updated API | New |
| API Endpoint | /pci/reporting/{reportId}/requestReview |
| API Version | LATEST - V1 |
| Method | PUT |
| DTD or XSD changes | No |
Use the Compliance Report Review API to request a review of a compliance report using its report ID. Provide the report ID as a query parameter to send the review request for the generated report. The report is sent to the admin user for review.
Use the PCI Merchant Authentication to access this API.
Input ParametersInput Parameters
Use the following query parameter in API request to review the attested compliance report.
| Input Parameter | Mandatory/Optional | Data Type | Description |
|---|---|---|---|
| reportId | Mandatory | Integer | Provide the report ID of an attested compliance report to request its review. |
Sample: Request Review of Generated Compliance Report using Report IDSample: Request Review of Generated Compliance Report using Report ID
The following sample illustrates requesting a review of the generated compliance report.
API Request
curl -X PUT '<qualys_base_url>/pci/reporting/1234/requestReview'
-H 'Content-Type: application/json apiVersion: V1'
API Response
{
"responseApiVersion": "LATEST - V1",
"data": {
"id": 1234,
"status": "Attestation request successful for reportId 1234"
}
}