TotalCloud Release 2.16 API

May 02, 2025

Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.

What's New?

AWS Resource Details with Secrets

New or Updated API Updated
API Endpoint /cloudview-api/rest/v1/resource/EC2_INSTANCE/AWS
Method GET
DTD or XSD changes Not Applicable

With this release, the API to list AWS EC2 instances and now includes secretStats and hasSecrets fields. These additions help identify instances with exposed secrets and their severity distribution.

Input ParametersInput Parameters

Parameter Name Mandatory/Optional Data Type Description
pageNo Optional Integer Page number for pagination (default is 0)
pageSize Optional Integer Number of results per page (default is 100)
updated Optional String Filter instances updated within a specific time range
filter Optional String Filter based on specific instance attributes like resource.id

SampleSample

API Request

curl --location 'https://qualysguard.qualys.com/cloudview-api/rest/v1/resource/EC2_INSTANCE/AWS?filter=resource.id%3Ai-xxxxxxxxxxxxxxxxx&pageNo=0&pageSize=10&updated=%5Bnow-30d..now%5D' \
  -H 'accept: */*' \
  -H 'Authorization: Basic  '

API Response

     {
  "content": [
    {
      "resourceId": "i-xxxxxxxxxxxxxxxxx",
      "name": "test-secrets",
      "hasSecrets": true,
      "secretStats": {
        "severity": {
          "CRITICAL": 6,
          "HIGH": 7,
          "MEDIUM": 21,
          "LOW": 16
        },
        "totalSecrets": 50
      },
      ...
    }
  ],
  ...
}

Instance Details with Secrets

New or Updated API Updated
API Endpoint /cloudview-api/rest/v1/resource/EC2_INSTANCE/uuid/<uuid>/AWS
Method GET
DTD or XSD changes Not Applicable

With this release, The API to retrieve detailed information about an AWS EC2 instance is now enhanced to include a secrets array containing the list of detected secrets with associated metadata.

Input ParametersInput Parameters

Parameter Name Mandatory/Optional Data Type Description
uuid Mandatory String Unique identifier of the EC2 instance

SampleSample

API Request

curl --location 'https://qualysguard.qualys.com/cloudview-api/rest/v1/resource/EC2_INSTANCE/uuid/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/AWS' \
  -H 'accept: */*' \
  -H 'Authorization: Basic <auth token>'

API Response

    {
    "content": [
        {
            "subnetId": "subnet-0xxxxxxxxxxxxxxxx",
            "resourceId": "i-0xxxxxxxxxxxxxxxx",
            "arsScore": 165,
            "uuid": "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
            "availabilityZone": "us-east-1b",
            "remediationEnabled": null,
            "lastUpdated": "2025-04-20T07:56:44+0000",
            "instanceState": "running",
            "networkInterfaceAddresses": [
                {
                    "networkInterfaceId": "eni-xxxxxxxxxxxxxxxxxx",
                    "subnetId": "subnet-0xxxxxxxxxxxxxxxx",
                    "ipv6Ip": [],
                    "secondaryPrivateIp": [],
                    "description": "",
                    "groups": [
                        {
                            "groupName": "launch-wizard-3",
                            "groupId": "sg-0xxxxxxxxxxxxxxxx"
                        }
                    ],
                    "privateDnsName": "ip-xxx-xx-xx-xxx.ec2.internal",
                    "publicIp": "xx.xx.xx.xx",
                    "privateIpAddress": "xxx-xx-xx-xxx"
                }
            ],
            "cloudType": "AWS",
            "isSnapshotScanEnabled": true,
            "events": null,
            "iamInstanceProfileRoleDetails": null,
            "connectorUuids": [
                "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
            ],
            "imageId": "ami-0xxxxxxxxxxxxxxxx",
            "created": "2025-03-26T06:58:03.219+00:00",
            "cloudAccountId": "xxxxxxxxxxx",
            "ipAddress": null,
            "publicDnsName": "ec2-50-17-16-28.compute-1.amazonaws.com",
            "secrets": null,
            "privateIpAddress": "xxx-xx-xx-xxx",
            "tags": [
                {
                    "value": "instancenew",
                    "key": "Name"
                },
                {
                    "value": "true",
                    "key": "QUALYS_SNAPSHOT_ENABLED"
                }
            ],
            "launchTime": "2025-03-19T09:52:17+0000",
            "classifications": null,
            "name": "instancenew",
            "secondaryPrivateIpAddress": null,
            "region": "us-east-1",
            "accountAlias": null,
            "controlsFailed": 4,
            "createdOn": "2025-03-26T06:58:03+0000",
            "secretStats": {
                "severity": {
                    "HIGH": 86,
                    "MEDIUM": 37,
                    "LOW": 22,
                    "CRITICAL": 23
                },
                "totalSecrets": 168
            },
            "instanceId": "i-xxxxxxxxxxxxxxxx",
            "vulnerabilityStats": {
                "severity": {
                    "3": 1,
                    "4": 9
                },
                "typeDetected": {
                    "Confirmed": 10,
                    "Information": 5
                },
                "totalVulnerability": 15
            },
            "vpcId": "vpc-xxxxxxxxxxxxxxxx",
            "hasSecrets": true,
            "publicIpAddress": "50.17.16.28",
            "instanceType": "t2.micro",
            "additionalDetails": null,
            "connectorUuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
            "instanceStatus": null,
            "iamInstanceProfile": null,
            "spotInstanceRequestId": null,
            "elasticIpAddress": null,
            "sev3Sev4Sev5VulnCount": 0,
            "qualysTags": [],
            "vulnerabilities": null,
            "securityGroups": [
                {
                    "groupName": "launch-wizard-3",
                    "groupId": "sg-06c97140dd933163b"
                }
            ],
            "privateDnsName": "ip-xxx-xx-xx-xxx.ec2.internal",
            "criticalityScore": 0,
            "resourceType": "EC2_INSTANCE"
        }

Get Cloud Resources with Vulnerability Statistics

New or Updated API Updated
API Endpoint /cloudview-ap/rest/v1/resource/{resourceType}/AWS
Method POST
DTD or XSD changes Not Applicable

With this release, this API is updated to include a new response parameter:vulnerabilityStats. This parameter summarizes vulnerability data for each listed resource enabling quick prioritization and risk assessment at scale.

SampleSample

API Request

curl --location 'https://qualysguard.qualys.com/cloudview-ap/rest/v1/resource/{resourceType}/AWS' \
  -H 'accept: */*' \
  -H 'Authorization: Basic <auth token>'

API Response

     "vulnerabilityStats": {
  "severity": {
    "1": 4,
    "2": 1,
    "3": 3,
    "4": 1
  },
  "typeDetected": {
    "Confirmed": 3,
    "Information": 4,
    "Potential": 2
  },
  "totalVulnerability": 9
}

Get Resource Details by UUID

New or Updated API Updated
API Endpoint /cloudview-api/rest/v1/resource/{resourceType}/uuid/{resourceUuid}/AWS
Method POST
DTD or XSD changes Not Applicable

With this release, this API now includes a vulnerability array in the response parameters that provides a detailed list of vulnerabilities associated with the specified resource, which can be used to perform targeted investigation and remediation.

SampleSample

API Request

curl --location 'https://qualysguard.qualys.com/cloudview-api/rest/v1/resource/{resourceType}/uuid/{resourceUuid}/AWS' \
  -H 'accept: */*' \
  -H 'Authorization: Basic <auth token>'

API Response

  "vulnerability": [
  {
    "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "resourceId": "ami-0xxxxxxxxxxxxxxxx",
    "name": "Amazon Linux Security Advisory for python-urllib3 : ALAS2023-2024-747",
    "qid": 358188,
    "typeDetected": "Confirmed",
    "severity": 2,
    "protocol": "",
    "hostOS": "Amazon Linux 2023.6.20241010",
    "category": "Amazon Linux",
    "lastFound": "2025-03-12T09:44:31.509+00:00",
    "firstFound": "2025-03-12T09:44:31.509+00:00",
    "port": 0
  },
  {
    "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "resourceId": "ami-0xxxxxxxxxxxxxxxx",
    "name": "Amazon Linux Security Advisory for kernel : ALAS2023-2025-823",
    "qid": 358510,
    "typeDetected": "Confirmed",
    "severity": 4,
    "protocol": "",
    "hostOS": "Amazon Linux 2023.6.20241010",
    "category": "Amazon Linux",
    "lastFound": "2025-03-12T09:44:31.509+00:00",
    "firstFound": "2025-03-12T09:44:31.509+00:00",
    "port": 0
  }
]

JWT Token Generation using Client ID and Secret Key

You can generate the JWT access token by providing the client ID and client secret key in the following API request headers.

For more information on client ID and client secret key, refer to Support for Auth ID Client Management from UI.

JWT Access Token RequestJWT Access Token Request

API Request

curl -X POST
'<qualys_base_url>/auth/oidc'
--header 'clientSecret: wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
--header 'clientId: 123e4567-xxxx-xxxx-xxxx-426614174000'
--data-raw ''

API Response (contains JWT access token)

eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.
eyJzdWIiOiJjbGllbnQxMjM0NTYiLCJzYwZXM
iOlsiYXBpLnJlxxxxxxxxxxxxxxxxxxUiXSwia
XNzIjoiaHR0cHxxxxxxxxxxxxxxxxxxLmNvbSI
sImV4cCI6MTcwMDAwMDAwMH0.SdXn3I6yTb-
JNk9LPjR8W9xAtH7dN3Mqf3HdJ5WnRfE

Once the JWT access token is successfully generated, you can use it to authenticate your API requests. Include the token in the Authorization header of API requests. 

The system validates the JWT token and authorizes the request based on the user's permissions. See the below example, where a user with API access calls an API to retrieve the Assessment Reports.

Example API: Get Assessment ReportsExample API: Get Assessment Reports

API Request

curl --location '<qualys_base_url>/cloudview-api/rest/v2/report/assessment/create'
--header 'Authorization: Bearer <Above bearer token> '
--header 'Content-Type: application/json'

Response

{
    "reportName": "AWS Assessment Report",
    "description": "",
    "cloudType": "AWS",
    "query": "",
    "startDate": "2025-05-03T00:12:53Z",
    "endDate": "2025-05-10T18:53:s53Z",
    "executionType": "RUN_TIME",
    "policyIds": [
        "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"
    ],
    "tagIds": [  
    ],
    "connectorIds": ["xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"
        
    ],
    "format": "csv",
    "iacResourceResults": [  ]
}