Create, update, list and delete PostgreSQL records for authenticated scans of PostgreSQL 9.x, PostgreSQL 10.x, PostgreSQL 11.x and PostgreSQL 12.x instances running on Windows or Unix. Compliance scans are supported (using PC).
Requirement - You must configure login credentials on target hosts before scanning.
Qualys User Guide - PostreSQL Authentication (.zip)
Tip - We strongly recommend you create one or more dedicated user accounts to be used solely by the Qualys Cloud Platform to authenticate to PostgreSQL database instances.
|
Parameter |
Required/Optional |
Data Type |
Description |
|---|---|---|---|
|
action={action} |
Required | String |
Specify create, update, delete (using POST) or list (using GET or POST). See List Auth Records for type |
|
echo_request={0|1} |
Optional | Integer |
Specify 1 to view (echo) input parameters in the XML output. By default these are not included. |
|
ids={value} |
Required to update or delete record | Integer |
Record IDs to update/delete. Specify record IDs and/or ID ranges (for example, 1359-1407). Multiple entries are comma separated. |
|
title={value} |
Required to create record | String |
A title for the record. The title must be unique. Maximum 255 characters (ascii). |
|
comments={value} |
Optional to create or update record | String |
User defined comments. Maximum of 1999 characters. |
|
PostgreSQL |
|||
| resource_id | Optional | Integer | Specify resource id for a Hitachi ID PAM authentication record. |
| pgsql_win_conf_path= {value} | Optional | Path | The full path to the PostgreSQL configuration file on your Windows assets (IP addresses). The file must be in the same location on all assets for this record. |
|
pgsql_unix_conf_path={value} |
Optional | Path |
The full path to the PostgreSQL configuration file on your Unix assets (IP addresses). The file must be in the same location on all assets for this record. |
|
pgsql_db_name={value} |
Required to create record | String |
The database instance you want to authenticate. |
|
port={value} |
Optional | Integer |
The port where the database instance is running. Default is 5432. |
|
ssl_verify={0|1} |
Optional | Integer |
SSL verification is skipped by default. Set to 1 if you want to verify the server’s certificate is valid and trusted. |
|
hosts={value} |
Required if ssl_verify=1 | Integer |
A list of FQDNs for all host IP addresses on which a custom SSL certificate signed by a trusted root CA is installed. |
|
Login Credentials |
|||
|
username={value} |
Required to create record, optional to update record | String |
The username of the account to be used for authentication. If password is specified this is the username of a PostgreSQL account. If login_type=vault is specified, this is the username of a vault account. Maximum 255 characters (ascii). |
|
password={value} |
To create record password or login_type=vault is required | String |
The password of the PostgreSQL account to be used for authentication. Maximum 100 characters (ascii). |
|
login_type=vault |
To create record password or login_type=vault is required | String |
Set to vault if a third party vault will be used to retrieve password. Vault parameters need to be provided in the record. |
| use_ad_hashicorp{0|1} | Optional | Boolean | Use to manage the utilization of Database Secrets Engine in HashiCorp authentication records. Specify 1 to use Database Secrets Engine in the authentication records. |
|
Keys, Passphrase |
|||
|
client_key_type={value} |
Optional | String |
Client key type basic (default) or vault. |
|
client_key={value} |
Optional if client_key_type=basic | String |
Client key content, if private key not in vault. |
|
client_key_vault_type={value} |
Required if client_key_type=vault | String |
The third party vault to be used to retrieve the private key. Certain vaults support this capability. |
|
client_key_vault_id={value} |
Required if client_key_type=vault | Integer |
The ID of the vault to get the private key from. Vault parameters: client_key_folder={value} and client_key_file={value} are required vault settings. |
|
passphrase_type={value} |
Optional | String |
Passphrase type can be basic (default) or vault. |
|
passphrase={value} |
Optional if passphrase_type=basic | Integer |
The passphrase value. |
|
client_cert={value} |
Optional if passphrase_type=basic | Integer |
The passphrase certificate content. |
|
passphrase_vault_type={value} |
Required if passphrase_type=vault | String |
The vault where the private key passphrase is stored. For example CA Access Control, CyberArk AIM, Thycotic Secret Server. |
|
passphrase_vault_id={value} |
Required if passphrase_type=vault | Integer |
The ID of the vault to get the passphrase from. |
|
Target Hosts |
|||
|
ips={value} |
Required to create record
Optional to update record |
Integer |
The IP address(es) the server will log into using the record’s credentials. Multiple entries are comma separated. IPs specified will overwrite existing IPs in the record, and existing IPs will be removed. This parameter and the add_ips parameter or the remove_ips parameter cannot be specified in the same request. |
|
add_ips={value} |
Optional to update record | Integer |
Add IPs and/or ranges to the IPs list for this record. Multiple IPs/ranges are comma separated. This parameter and the ips parameter cannot be specified in the same request. |
|
remove_ips={value} |
Optional to update record | Integer |
IPs to be removed from your record. You may enter a combination of IPs and ranges. Multiple entries are comma separated. This parameter and the ips parameter cannot be specified in the same request. |
|
network_id={value} |
Optional to create or update record, and valid when the networks feature is enabled | Integer |
The network ID for the record. |
API Request
curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl sample" -d "action=create&title=API_POSTGRE_2&username=root&password=abc123&pgsql_db_name=presql&ips=10.10.10.35&pgsql_unix_conf_path=/etc&network_id=4002"
XML Output
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE BATCH_RETURN SYSTEM "https://<qualys_base_url>/api/2.0/batch_return.dtd"> <BATCH_RETURN> <RESPONSE> <DATETIME>2018-03-27T20:17:42Z</DATETIME> <BATCH_LIST> <BATCH> <TEXT>Successfully Created</TEXT> <ID_SET> <ID>84307</ID> </ID_SET> </BATCH> </BATCH_LIST> </RESPONSE> </BATCH_RETURN>
API Request
curl -u "USERNAME:PASSWORD" -H 'X-Requested-With: curl' -d"action=create&title=api-windows-postgres&pgsql_win_conf_path=C:\ProgramFiles\PostgreSQL\11\data\postgresql.conf&pgsql_db_name=postgres&username=qualys_scan&password=password&ips=10.10.10.35""https://<qualys_base_url>/api/2.0/fo/auth/postgresql"
XML Output
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE BATCH_RETURN SYSTEM "https://<qualys_base_url>/api/2.0/batch_return.dtd"> <BATCH_RETURN> <RESPONSE> <DATETIME>2020-01-28T10:55:39Z</DATETIME> <BATCH_LIST> <BATCH> <TEXT>Successfully Created</TEXT> <ID_SET> <ID>72178</ID> </ID_SET> </BATCH> </BATCH_LIST> </RESPONSE> </BATCH_RETURN>
API Request
curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl Sample" -d "action=update&ids=84307&add_ips=10.10.10.40-10.10.10.42" "https://<qualys_base_url>/api/2.0/fo/auth/postgresql/" > file.xml
XML Output
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE BATCH_RETURN SYSTEM "https://<qualys_base_url>/api/2.0/batch_return.dtd"> <BATCH_RETURN> <RESPONSE> <DATETIME>2018-04-10T21:01:57Z</DATETIME> <BATCH_LIST> <BATCH> <TEXT>Successfully Updated</TEXT> <ID_SET> <ID>78782</ID> </ID_SET> </BATCH> </BATCH_LIST> </RESPONSE> </BATCH_RETURN>
API Request
curl -u "USERNAME:PASSWORD" -H 'X-Requested-With: curl' -d"action=update&ids=72178&pgsql_win_conf_path=C:\Program Files\PostgreSQL\11\data\postgresql11.conf""https://<qualys_base_url>/api/2.0/fo/auth/postgresql"
XML Output
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE BATCH_RETURN SYSTEM "https://<qualys_base_url>/api/2.0/batch_return.dtd"> <BATCH_RETURN> <RESPONSE> <DATETIME>2020-01-28T11:06:36Z</DATETIME> <BATCH_LIST> <BATCH> <TEXT>Successfully Updated</TEXT> <ID_SET> <ID>72178</ID> </ID_SET> </BATCH> </BATCH_LIST> </RESPONSE> </BATCH_RETURN>
API Request
curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl Sample" -d "action=list&details=All" "https://<qualys_base_url>/api/2.0/fo/auth/postgresql/" > file.xml
XML Output
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE AUTH_POSTGRESQL_LIST_OUTPUT SYSTEM "https://<qualys_base_url>/api/2.0/fo/auth/postgresql/auth_post gresql_list_output.dtd"> <AUTH_POSTGRESQL_LIST_OUTPUT> <RESPONSE> <DATETIME>2018-04-24T22:01:50Z</DATETIME> <AUTH_POSTGRESQL_LIST> <AUTH_POSTGRESQL> <ID>79518</ID> <TITLE><![CDATA[PostgesSQL1]]></TITLE> <USERNAME><![CDATA[acme_as1]]></USERNAME> <DATABASE><![CDATA[mydb1]]></DATABASE> <PORT>5432</PORT> <SSL_VERIFY><![CDATA[0]]></SSL_VERIFY> <IP_SET> <IP>10.10.10.45</IP> </IP_SET> <WIN_CONF_FILE><![CDATA[C:\Program Files\pgsql\data\postgresql.conf]]></WIN_CONF_FILE> <UNIX_CONF_FILE><![CDATA[/var/lib/pgsql/9.3/data/postgresql.conf]] ></UNIX_CONF_FILE> <NETWORK_ID>0</NETWORK_ID> <CREATED> <DATETIME>2018-04-13T23:42:50Z</DATETIME> <BY>acme_as1</BY> </CREATED> <LAST_MODIFIED> <DATETIME>2018-04-20T23:35:42Z</DATETIME> </LAST_MODIFIED> <COMMENTS><![CDATA[my comments]]></COMMENTS> </AUTH_POSTGRESQL> <AUTH_POSTGRESQL> <ID>82110</ID> <TITLE><![CDATA[POstgreSQL2]]></TITLE> <USERNAME><![CDATA[acme_as1]]></USERNAME> <DATABASE><![CDATA[mydb2]]></DATABASE> <PORT>5432</PORT> <SSL_VERIFY><![CDATA[1]]></SSL_VERIFY> <HOSTS> <HOST><![CDATA[cent-31-107.ml2k8.qualys.com]]></HOST> </HOSTS> <IP_SET> <IP>10.20.31.107</IP> </IP_SET> <WIN_CONF_FILE><![CDATA[C:\Program Files\pgsql\data\postgresql.conf]]></WIN_CONF_FILE> <UNIX_CONF_FILE><![CDATA[/var/lib/pgsql/9.3/data/postgresql.conf]] ></UNIX_CONF_FILE> <NETWORK_ID>0</NETWORK_ID> <CREATED> <DATETIME>2018-04-20T20:12:48Z</DATETIME> <BY>acme_as1</BY> </CREATED> ... </AUTH_POSTGRESQL_LIST> </RESPONSE> </AUTH_POSTGRESQL_LIST_OUTPUT>
API Request
curl -H 'X-Requested-With:curl demo2' -u "xxx:xxxx" -d"action=create&title=postgre_API_vault&login_type=vault&username=test&vault_type=Hitachi IDPAM&vault_id=1358790&resource_id=test&ips=1.1.1.1&port=333&pgsql_db_name=db""<qualys_base_url>/api/2.0/fo/auth/postgresql/" XML Output
"<?xml version=""1.0"" encoding=""UTF-8"" ?>
<!DOCTYPE BATCH_RETURN SYSTEM
""<qualys_base_url>/api/2.0/batch_return.dtd"">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2023-11-30T05:27:34Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>3797532</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>"
API Request
curl -H 'X-Requested-With:curl demo2' -u "xx:xxxx" -d"action=update&title=postgre_API_vault_update&login_type=vault&vault_type=Hitachi ID PAM&vault_id=1358790&resource_id=test12345&ids=3797532""<qualys_base_url>/api/2.0/fo/auth/postgresql/" XML Output
"<?xml version=""1.0"" encoding=""UTF-8"" ?> <!DOCTYPE BATCH_RETURN SYSTEM ""<qualys_base_url>/api/2.0/batch_return.dtd""> <BATCH_RETURN> <RESPONSE> <DATETIME>2023-11-30T05:35:47Z</DATETIME> <BATCH_LIST> <BATCH> <TEXT>Successfully Updated</TEXT> <ID_SET> <ID>3797532</ID> </ID_SET> </BATCH> </BATCH_LIST> </RESPONSE> </BATCH_RETURN>"
API Request
curl -H 'X-Requested-With:curl demo2' -u "xx:xxxx" -d"action=list&ids=3797532""<qualys_base_url>/api/2.0/fo/auth/postgresql/"XML Output
"<?xml version=""1.0"" encoding=""UTF-8"" ?> <!DOCTYPE AUTH_POSTGRESQL_LIST_OUTPUT SYSTEM ""<qualys_base_url>/api/2.0/fo/auth/postgresql/auth_postgresql_list_outpu t.dtd""> <AUTH_POSTGRESQL_LIST_OUTPUT> <RESPONSE> <DATETIME>2023-11-30T05:38:41Z</DATETIME> <AUTH_POSTGRESQL_LIST> <AUTH_POSTGRESQL> <ID>3797532</ID> <TITLE><![CDATA[postgre_API_vault_update]]></TITLE> <USERNAME><![CDATA[test]]></USERNAME> <DATABASE><![CDATA[db]]></DATABASE> <PORT>333</PORT> <SSL_VERIFY><![CDATA[0]]></SSL_VERIFY> <IP_SET> <IP>1.1.1.1</IP> </IP_SET> <LOGIN_TYPE><![CDATA[vault]]></LOGIN_TYPE> <DIGITAL_VAULT> <DIGITAL_VAULT_ID><![CDATA[1358790]]></DIGITAL_VAULT_ID> <DIGITAL_VAULT_TYPE><![CDATA[Hitachi ID PAM]]></DIGITAL_VAULT_TYPE> <DIGITAL_VAULT_TITLE><![CDATA[Hitachi ID PAM vault]]></DIGITAL_VAULT_TITLE> <VAULT_RESOURCE_ID><![CDATA[test12345]]></VAULT_RESOURCE_ID> </DIGITAL_VAULT> <WIN_CONF_FILE><![CDATA[]]></WIN_CONF_FILE> <UNIX_CONF_FILE><![CDATA[]]></UNIX_CONF_FILE> <CREATED> <DATETIME>2023-11-30T05:27:34Z</DATETIME> <BY>vsh_sm</BY> </CREATED> <LAST_MODIFIED> <DATETIME>2023-11-30T05:35:47Z</DATETIME> </LAST_MODIFIED> </AUTH_POSTGRESQL> </AUTH_POSTGRESQL_LIST> </RESPONSE> </AUTH_POSTGRESQL_LIST_OUTPUT>
<platform API server>/api/2.0/batch_return.dtd
<platform API server>/api/2.0/fo/auth/postgresql/auth_postgresql_list_output.dtd