For API version information, refer to the API Version History section.
The V3 API is designed to fetch only PC Asset data. To retrieve both PC and SCA Asset data, continue using API Versions V1 or V2.
Get continuous posture information for all the specified hosts for each policy ID included in the API.
To get posture information, you must use the host IDs retrieved in the Resolve Host IDs API request.
|
Parameter |
Required/Optional |
Data Type |
Description |
|---|---|---|---|
|
evidenceRequired={0|1} |
Optional |
Integer |
Default value is 0, which indicates that evidence data will not be retrieved for the host posture. If you want evidence data to be retrieved, change the value to 1. Note: Changing the value to 1 will increase the time required to fetch posture data |
|
compressionRequired={0|1} |
Optional |
Integer |
Default value is 1, which indicates that the output will be compressed. If you do not want the data to be compressed, change the value to 0. Note: Not compressing the data will increase the time required to fetch posture data. |
|
Request Body |
Required |
String |
Output of the Resolve Host ID and the JWT . |
|
Request header: Authorization |
Required |
String |
JWT encrypted . Note: The received from the Authorization API and the used in the second API need to be the input here. |
|
lastEvaluationDate={value} |
Optional |
Integer |
Compliance posture information records when the posture is equal to or greater than the specified date. You may also specify the time. The format for date and time is: YYYY-MM-DD or, YYYY-MM-DDTHH:MM:SSZ (UTC/GMT). |
|
lastScanDate={value} |
Optional |
Integer |
Compliance posture information on the date on which an asset was last scanned. The formats for date are: lastScanDate=2021-12-17 lastScanDate=2021-12-17T18:48:16Z |
|
lastScanDateFrom, lastScanDateTo={value} |
Optional |
Integer |
Compliance posture information of the assets scanned between these two dates, both dates included. The format for dates is: lastScanDateFrom=2022-09-30 or 2022-09-30T18:48:16Z lastScanDateTo=2022-12-27 or 2022-12-27T20:48:16Z Notes: - You must specify both dates. - You must not use these parameters with lastScanDate |
|
statusChangedSince={value} |
Optional |
Integer |
Compliance posture information records when the posture is changed in policy since the specified date. You may also specify the time. The format for date and time is: YYYY-MM-DD or YYYY-MM-DDTHH:MM:SSZ (UTC/GMT) |
Get Posture Info With lastEvaluationDate, Without Evidence, Without Compression, Without lastScanDate
API Request
curl -X POST "https://<qualys_base_url>/pcrs/1.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0&lastEvaluationDate=2021-12-23"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"POLICY ID\",\"subscriptionId\":\"SUBSCRIPTION ID\",\"hostIds\":[\"HOST ID1\",\"HOST ID2\"]}]"JSON Output
[
{
"id": xxx,
"instance": "os",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"controlStatement": "Status of the 'banner motd' configuration command on the device",
"rationale": "The 'Message of the Day (banner motd)' command is used to provide a warning banner displayed when a
connection to the device is made BEFORE a user successfully authenticates to the device. The Message of the Day banner can be used to provide an acceptable use policy or warning prior to login notifying that all user activity may be monitored and potential legal consequences may result from unauthorized use. Run this check periodically to ensure content of the banner displayed is in compliance with the requirements and expectations driven by internal standards and/or policies.",
"remediation": "Execute following commands to set desired
banner message:\n1. configure terminal\n2. banner motd
'delimiting-character' 'message' 'delimiting-character'\n3.
exit\n\nc",
"controlReference": null,
"technologyId": xxx,
"status": "Error",
"previousStatus": "Error",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-12-21T11:28:21Z",
"lastPassDate": "2021-12-21T11:29:22Z",
"postureModifiedDate": "2021-12-22T12:56:41Z",
"lastEvaluatedDate": "2021-12-23T05:32:40Z",
"created": "2022-02-21T13:10:13Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xxx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:cisco::7.0%283%29i2%282%29:::",
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-12-22T12:49:59Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xxx,
"name": "Cisco NX-OS"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": null,
"causeOfFailure": null,
"currentBatch": 1,
"totalBatches": 1
}Get Posture Info Without lastEvaluationDate, Without Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=0 and compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/1.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"subscriptionId\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output
[
{
"id": xxx,
"instance": "os",
"policyId": <POLICY ID>,
"controlId": <CONTROL ID>,
"technologyId": xx,
"status": "Failed",
"previousStatus": "Failed",
"firstFailDate": "2021-10-25T07:21:13Z",
"lastFailDate": "2021-10-29T07:52:41Z",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:54:26Z",
"hostId": <HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:57:58Z",
"customerUuid": "xxx",
"customerId": "xxx",
"assetId": "xxx",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": null,
"causeOfFailure": {
"missing": {
"logic": null,
"value": [
"1",
"Attribute not found",
"Unable to retrieve password policy"
]
},
"unexpected": {
"value": [
"0"
]
}
}
},
{
"id": xxx,
"instance": "os",
"policyId": <POLICY ID>,
"controlId": <CONTROL ID>,
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-25T07:21:13Z",
"lastPassDate": "2021-10-29T07:52:41Z",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:54:26Z",
"hostId": <HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:57:58Z",
"customerUuid": "xxxx",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "URGENT",
"value": 5
},
"evidence": null,
"causeOfFailure": null
}
]Get Posture Info Without lastEvaluationDate, Without Evidence, With Compression, Without lastScanDate
User input: evidenceRequired=0 & compressionRequired=1
API Request
curl -X POST "https://<qualys_base_url>/pcrs/1.0/posture/postureInfo?evidenceRequired=0&compressionRequired=1"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"subscriptionId\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output (Compressed)
‹ íÝ]sÚHÅñ¯ââ:Îê!Áݬí?uUoeIì8©š©©)
²C?D2S©|÷•p2Ž_ÖôÁý€ÿ»d?…~é´8:ýÛçÆ ßè„í(ÈÒfð¬1OË
7:?bÚxÖ¸,†ƒÞ߇Õ6Í(ŠÓ${Öè-ãrR
ëÇÂ0Kž5ʼ÷~\
‹‹ùviõHμ?r6-öñª;?æýz?“üã ˜MOî<s>˜LËÿtÃýnY¿lõа{û‘ùFõ?|}(
¢p7
v£äM?v¢° Æ¿~ýÁû¶j×[%Q§þ:ÿ?¦ål’-ýÁù
ïÿß]†ßvyð±;oeU[ÝÙôæ~{“¼Þèî--N Ô?¼¯^¸>DY«?´ÚÍêh_V?‡Áó0|ž-Ï›QμM9éö>
ÆGyù¾¨÷uøªz´ú,:ãÙpXÿiï²~½Ë¼ó¯¢3ô&Å´8/;Ÿ-ã~ñiúÇ4Ÿ|Ì'?DAu&Q§óW«Ù©
öÐ×G½WOEúùÇéŸÃêéVõèŸÿ-ÞS}
\í}oe—
ŸŠÉ‡úM6‚Æ???ÙÕ¯ùó°8ëwöóóîlXî¼¼z²þÍ‹ÑåpPŸ7/ªÃuÒëŽo©ìMØêÄíN’Ì?ÔlZ
£|r:?Ì_©?giž-»ÙYÔÚM³óóÝ,l&»A˜žeaë¼?¦çßýÔüÝEIPí»z´>?Ê«‡Â´?diý¾¯OÉFç
ê ¯OËñÕ¯ñîêHíoeÌ?ÔN}¤vŽ£Æ—
ú ?”ƒ^w8(ç?7ìžåÃêöŽß?îýô¢Úq}&TûhV?W't?ŸS¹:v½îlšÿr^Ÿ¸ÕÙuõè—
g7€…*°(lE ÀÜ€Eò´C€ìvrp|øËéÉμ¯x9_±î+ž~t_Gû‡§G×¼¢åx5—
àõðÿëW»Ÿ×?ÏÜæõ€oeû¶ºy†ßfx—
?¼àμ’áësc4˜N«Or¾§âbÐû¶å×?üÖ¨ßþOe9oeÍÊ|g\”;çÅl\£8wφùNYìLòêùüc¾sYý¢
Õáîï\‘lü^½‡Ù8ÿë2ïÍOºÏ×û
ª'¿Ü²?,ñ_Sæ~ØþÑmŸÿ|ðòÍ5íd¹¡³uƒ×ÑÉÉëõ‹·:Õ¹ÖOEãÎü‘êß‘·Ç?W{ûoû»çâf5
Þ €Oàü¼ü*ðèÛAÛ©
\;l-âLê?á}—@aC>À0óÏ°•Á †0T¶-Æ0„!
Ý&?Ãvð0C.¼Âp›.¾úª]?MBÄw¾›d,1ˆK#†Ì,aC…aìŸa0 †
æÃ&
aC?abÁpÁ—ÿ\à?á63tˆ×Õo÷mý—éwÙº.û„÷\öñŸë©h·a¡
ma„5Èõ¤-æ›0„¡ÂРד’ë?áv0ôtdb ëI‰õ …‚–Aª'‹PˆBUser input: evidenceRequired=1 & compressionRequired=1
API Request
curl -X POST "https://<qualys_base_url>/pcrs/1.0/posture/postureInfo?evidenceRequired=1&compressionRequired=1"-H "accept: */*" -H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"subscriptionId\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output (Compressed)
‹ í?[sÛFš@ÿ
JμöΈ ¼€|“%yâÄr SvR“ÌNQ$LaC4 ÚÖÌä¿o7HJ¼
ša‹"qR•*YÂμÑ}ú‚ßùõß'^ÿ¤mμª¦Ó¬™?=ñü(îú=÷¤} D'?=C¯wÿFlS«VífÝùëI/ð
ã0ÊßY–SÿëIìöîü`
’íšâ7âñ$ ǸîF‘Û—ÇÝ/^0‰:k?ùä…Qüºë
/º±<-øÕ°»ú›d#¹ËìWU³j?Zæiμ~c6ÛU«mÙ?Ÿí˜¶UKnU¯¶kÖß“{ŠâIè^}ï“çö3iÍyù¥
;oeˆ-Ö6]>n/tåFë?ÔÚõ†ÜàNoeX‘ÓhÕ?-š(í±ØØ2+–
Uiš•ZUl ‡ÝÞïž?¸rã»@ëÍμø-xm?2?ÊŸÎÇòzc·ý?A{äõÂ
>Åí¯žß¾FÿOEÜð‹?þ³jZÕvXm·¿5jmq„¾/K½OEúî—
èóPü¹!~ûyð?¸&Y¦G÷Ýøk þ./òÄ<yø÷»îHžóoÃà¶;4.ÜOÝÉ06ÞMÿ(ï<?‡ž¬7oEqu
z]?μ¤oe?«Ñ®‹²p’’šDq0rà /9S×všnÓ<un«?Ó¦óéÓ©cÕꧦռu¬Æ§®Õü´°WruÕº)
Ž-~+ëQ<ý•ÕlÕ?¦¼îÇ*yÒžVqY-ýémü<-)£“””!KÊx_=ùC>A/özÝ¡'û
»·îPìpþþÍÍ›ó³·âÀ²&ˆcÔÄÆ¢B÷ݤ©üûÄý6v{âÙ?”?–
ý›?áEÝÛ¡Û7^˜/?óOþ3~|o,þû7ÿÒŸmjånúÞt&·?¸÷†ÄƧ`â÷óvYÚ8)Ç0týx~-¿ž,^
êÉ?D‘öâIw8ÿû´fô½PÜa Þ¿öFú½é¯e‘u'‘ûã'Ù\E›šÿz+–*VªV£
VÀGet Posture Info Without lastEvaluationDate, With Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=1, compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/1.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0"-H "accept: */*" -H "Authorization: Bearer Token"-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"xxx\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output
[
{
"id": xxx,
"instance": "os",
"policyId": <POLICY ID>,
"controlId": <CONTROL ID>,
"technologyId": <TECHNOLOGY ID>,
"status": "Failed",
"previousStatus": "Failed",
"firstFailDate": "2021-10-25T07:21:13Z",
"lastFailDate": "2021-10-29T07:52:41Z",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:55:26Z",
"hostId": <HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:39:55Z",
"customerUuid": "0a387e70-8b26-78ff-8145-017b816fa17f",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nAttribute not found\n---------
--- OR ------------\nUnable to retrieve password policy\n------
------ OR ------------\nequal to\n1",
"currentValues": [
"0"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": {
"missing": {
"logic": null,
"value": [
"1",
"Attribute not found",
"Unable to retrieve password policy"
]
},
"unexpected": {
"value": [
"0"
]
}
}
},
{
"id": xx,
"instance": "MSSQL 2016:1:1433:MSSQLSERVER:PCDEV",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-25T07:21:13Z",
"lastPassDate": "2021-10-29T07:52:41Z",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:55:27Z",
"hostId": <HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:39:55Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Microsoft SQL Server 2016"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nGrantees not found\n----------
-- OR ------------\nmatches regular expression list\n.*",
"currentValues": [
"Grantees not found"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": null
}
]Get Posture Info (Multiple Policy IDs) With lastEvaluationDate, With Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=1 & compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/1.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0&lastEvaluationDate=2021-12-27T15:35:22Z"-H "accept: /"-H "Authorization: Bearer Token "-H "Content-Type:application/json"-d "[{\"policyId\":\"Policy_ID\",\"subscriptionId\":\"Subscription_ID\",\"hostIds\":[\"Host_ID1\"]},{\"policyId\":\"policyId1\",\"subscriptionId\":\"Subscription_ID\",\"hostIds\":[\"HOST_ID1\"]}]"JSON Output
[
{
"id": xx,
"instance": "os",
"policyId": <POLICY_ID>,
"controlId": <CONTROL_ID,
"controlStatement": "Status of the 'Minimum Password Length' setting",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.", "remediation": "To establish the recommended configuration via GP, set the following UI path to 14 or more character(s):\n\n\tComputer Configuration\\Policies\\Windows
Settings\\Security Settings\\Account Policies\\Password
Policy\\Minimum password length",
"controlReference": null,
"technologyId": xx,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-12T13:12:26Z",
"lastPassDate": "2021-12-27T15:35:22Z",
"postureModifiedDate": "2021-10-12T13:12:26Z",
"lastEvaluatedDate": "2021-12-27T15:35:22Z",
"created": "2022-02-24T14:21:06Z",
"hostId": xx,
"ip": "xx.xx.xx.xx",
"trackingMethod": "DNS Hostname",
"os": xx,
"osCpe": "cpe:/o:microsoft:windows_2003_server::sp2::",
"dns": "client5-25-244.root.vuln.qa.qualys.com",
"qgHostid": xx,
"networkId": xx,
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-12-27T15:31:18Z",
"customerUuid": "xx",
"customerId": "xx",
"assetId": xx,
"technology": {
"id": xx,
"name": "Windows 2003 Server"
},
"criticality": {
"label": "CRITICAL",
"value": xx
},
"evidence": {
"expectedValues": "\ngreater than or equal to\n0",
"currentValues": [
"1"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": null,
"currentBatch": xx,
"totalBatches": xx
},
{
"id": xx,
"instance": "os",
"policyId": <POLICY_ID>,
"controlId": <CONTROL_ID>,
"controlStatement": "Status of the
'net.ipv4.conf.all.send_redirects' setting within the
'/etc/sysctl.conf' file",
"rationale": "The 'net.ipv4.conf.all.send_redirects' network parameter (/etc/sysctl.conf) allows ICMP routing redirection. If the system is not going to be used as a firewall or gateway to pass network traffic, and this parameter is not disabled, malicious users may attempt to spoof source addresses or redirect traffic to a host with a network sniffer, so this value should be set according to the needs of the business.",
"remediation": "Set the following parameters in the /etc/sysctl.conf file:\n\n# net.ipv4.conf.all.send_redirects = 0\n\nOR \nRun the following commands to set the active kernel parameters:
\n# sysctl -w net.ipv4.conf.all.send_redirects=0\n#
sysctl -w net.ipv4.route.flush=1",
"controlReference": null,
"technologyId": 80,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2022-02-11T12:54:23Z",
"lastPassDate": "2022-02-11T12:54:23Z",
"postureModifiedDate": "2022-02-11T12:54:23Z",
"lastEvaluatedDate": "2022-02-11T12:54:23Z",
"created": "2022-02-24T14:21:06Z",
"hostId": xx,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:centos:centos_linux:7.6.1810:::",
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2022-02-11T12:47:29Z",
"customerUuid": "xx",
"customerId": "xx",
"assetId": xx,
"technology": {
"id": xx,
"name": "CentOS 7.x"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": {
"expectedValues": "\nSetting not found\n------------ OR
------------\nFile not found\n------------ OR ------------
\nmatches regular expression list\n.*",
"currentValues": [
"Setting not found"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": null,
"currentBatch": 1,
"totalBatches": 1
}
]Get Posture Info Without lastEvaluationDate, Without Evidence, Without Compression, Without lastScanDate
User Input: evidenceRequired=0 & compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/1.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d"[{\"policyId\":\"xx\",\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]},{\"policyId\":\"policyId1\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]}]"JSON Output
[
{
"id": xx,
"instance": "os",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-14T11:19:31Z",
"lastPassDate": "2021-10-18T06:17:29Z",
"postureModifiedDate": "2021-10-14T11:19:30Z",
"lastEvaluatedDate": "2021-10-18T06:17:29Z",
"created": "2021-10-29T08:38:14Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:cisco:asa:9.2%284%29:::",
"dns": null,
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-14T09:37:38Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Cisco ASA 9.x"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": null,
"causeOfFailure": null
},
{
"id": xx,
"instance": "os",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-25T07:21:13Z",
"lastPassDate": "2021-10-29T08:38:10Z",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T08:38:10Z",
"created": "2021-10-29T08:38:14Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:53:14Z",
"customerUuid": "0a387e70-8b26-78ff-8145-017b816fa17f",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": null,
"causeOfFailure": null
},
{
"id": 19235413,
"instance": "MSSQL 2016:1:1433:MSSQLSERVER:DB",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-28T16:53:06Z",
"lastPassDate": "2021-10-29T08:38:10Z",
"postureModifiedDate": "2021-10-28T16:53:06Z",
"lastEvaluatedDate": "2021-10-29T08:38:10Z",
"created": "2021-10-29T08:38:15Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:53:14Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Microsoft SQL Server 2016"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": null,
"causeOfFailure": null
}
]Get Posture Info Without lastEvaluationDate, With Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=1 & compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/1.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xx\",\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]},{\"policyId\":\"policyId1\",\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]}]"JSON Output
[
{
"id": xx,
"instance": "os",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-14T11:19:31Z",
"lastPassDate": "2021-10-18T06:17:29Z",
"postureModifiedDate": "2021-10-14T11:19:30Z",
"lastEvaluatedDate": "2021-10-18T06:17:29Z",
"created": "2021-10-29T08:40:38Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:cisco:asa:9.2%284%29:::",
"dns": null,
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-14T09:37:38Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Cisco ASA 9.x"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": {
"expectedValues": "\nFilter 2 not found:
^[\\*\\.\\d]\n------------ OR ------------\nFilter 1 not found:
show clock detail\n------------ OR ------------\nmatches
regular expression list\n.*",
"currentValues": [
"show clock detail:08:26:29.074 pdt Thu Oct 14
2021"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": null
},
{
"id": xx,
"instance": "MSSQL 2016:1:1433:MSSQLSERVER:DB",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": xx,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-28T16:53:06Z",
"lastPassDate": "2021-10-29T08:39:07Z",
"postureModifiedDate": "2021-10-28T16:53:06Z",
"lastEvaluatedDate": "2021-10-29T08:39:07Z",
"created": "2021-10-29T08:40:46Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:57:58Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Microsoft SQL Server 2016"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": {
"expectedValues": "\nSet status to PASS if no data
found\n------------ OR ------------\nmatches regular expression
list\n.*",
"currentValues": [
"Error Code 35:Failed to execute database query"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": null
}
]Get Posture Info Without lastEvaluationDate, Without Evidence, With Compression, With lastScanDate
User input: evidenceRequired=0 & compressionRequired=1 & lastScanDateRequired=1
API Request
Curl-X POST"https://<qualys_base_url>/pcrs/1.0/posture/postureInfo?evidenceRequired=0&compressionRequired=1&lastEvaluationDate=2021-12-17T18:48:16Z&lastScanDate=2021-12-17T18:48:16Z"-H "accept: */*"-H "Content-Type: application/json"-d "[{\"policyId\":\"POLICY ID\",\"subscriptionId\":\"SUBCRIPTION ID\",\"hostIds\":[\"HOST ID\"]}]"JSON Output
[
{
"id": <HOST INSTANCE ID>,
"instance": "os",
"policyId": <POLICY ID>,
"controlId": <CONTROL ID>,
"controlStatement": "Status of the 'Minimum Password Length' setting", "rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly
considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.", "remediation": "To specify password length requirements for new accounts, edit the file \"/etc/login.defs\" and add or correct the
following lines: \n\nPASS_MIN_LEN <required value>\n\nexample:\n\nPASS_MIN_LEN 14\n\n\nNote:\nThe DoD requirement is
\"14\". If a program consults \"/etc/login.defs\" and also another PAM module (such as \"pam_cracklib\") during a password change operation, then the most restrictive must be satisfied.",
"controlReference": null,
"technologyId": <TECHNOLOGY ID>,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-12-23T08:20:23Z",
"lastPassDate": "2022-02-02T11:54:20Z",
"postureModifiedDate": "2021-12-23T08:20:22Z",
"lastEvaluatedDate": "2022-02-02T11:54:20Z",
"created": "2022-07-11T11:53:46Z",
"hostId": <HOST ID>,
"CLOUD_RESOURCE_ID": "<CLOUD RESOURCE ID>",
"ip": "xx.xx.xx.xxx",
"trackingMethod": "EC2",
"os": "Red Hat Enterprise Linux 8.3",
"osCpe": null,
"dns": "ip-xx-xx-xx-xxx.af-south-1.compute.internal",
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-12-23T12:59:04Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": <ASSET ID>,
"technology": {
"id": 217,
"name": "Red Hat Enterprise Linux 8.x"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": null,
"causeOfFailure": null,
"currentBatch": 8,
"totalBatches": 12
},
]Get Posture Info Without Evidence, Without Compression, With statusChangedSince=2021-12-23
API Request
curl -X POST"https://<qualys_base_url>/pcrs/1.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0&statusChangedSince=2021-12-23" -H "accept: */*" -H"Authorization: Bearer Token " -H "Content-Type:application/json" -d"[{\"policyId\":\"POLICYID\",\"subscriptionId\":\"SUBSCRIPTIONID\",\"hostIds\":[\"HOST ID1\",\"HOST ID2\"]}]"JSON Output
[
{
"id": 24705485,
"instance": "os",
"policyId": <POLICY ID>,
"policyTitle": "pcas_win16_redhat7 tech",
"netBios": "<NETBIOS>",
"controlId": 1071,
"controlStatement": "Status of the 'Minimum Password Length' setting",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.",
"remediation": "To establish the recommended configuration via GP, set the following UI path to 14 or more character(s):\n\n\tComputer Configuration\\Policies\\Windows Settings\\Security Settings\\Account Policies\\Password Policy\\Minimum password length",
"controlReference": null,
"technologyId": 106,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2022-11-09T12:50:12Z",
"lastPassDate": "2022-12-06T06:42:21Z",
"postureModifiedDate": "2022-11-09T12:50:12Z",
"lastEvaluatedDate": "2022-12-06T06:42:21Z",
"created": "2022-12-07T07:35:56Z",
"hostId": <HOST ID>,
"CLOUD_RESOURCE_ID": null,
"ip": "xx.xx.xx.xxx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:microsoft:windows_server_2016:1607::x64:",
"domainName": "<DOMAIN NAME>",
"dns": "<DNS>",
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2022-08-23T04:57:05Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": <ASSET ID>,
"technology": {
"id": 106,
"name": "Windows 2016 Server"
},
"criticality": {
"label": "high updated",
"value": 5
},
"evidence": {
"expectedValues": "\nAttribute not found\n------------ OR ------------\ngreater than or equal to\n0",
"currentValues": [
"6"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": null,
"currentDataSizeKB": "2.41",
"totalDataSizeKB": "2.41",
"currentBatch": 1,
"totalBatches": 1
},
]
|
Parameter |
Required/Optional |
Data Type |
Description |
|---|---|---|---|
|
Authentication Token (Bearer Token) |
Required | String | Specify the authentication that is returned by the authentication request. |
|
evidenceRequired={0|1} |
Optional |
Integer |
Default value is 0, which indicates that evidence data will not be retrieved for the host posture. If you want evidence data to be retrieved, change the value to 1. Note: Changing the value to 1 will increase the time required to fetch posture data |
|
compressionRequired={0|1} |
Required |
Integer |
Default value is 1, which indicates that the output will be compressed. If you do not want the data to be compressed, change the value to 0. Note: Not compressing the data will increase the time required to fetch posture data. |
|
Request Body |
Required |
String |
Output of the Resolve Host ID and the JWT . |
|
Request header: Authorization |
Required |
String |
JWT encrypted . Note: The received from the Authorization API and the used in the second API need to be the input here. |
|
lastEvaluationDate={value} |
Optional |
Integer |
Compliance posture information records when the posture is equal to or greater than the specified date. You may also specify the time. The format for date and time is: YYYY-MM-DD or, YYYY-MM-DDTHH:MM:SSZ (UTC/GMT). |
|
lastScanDate={value} |
Optional |
Integer |
Compliance posture information on the date on which an asset was last scanned. The formats for date are: lastScanDate=2021-12-17 lastScanDate=2021-12-17T18:48:16Z |
|
lastScanDateFrom, lastScanDateTo={value} |
Optional |
Integer |
Compliance posture information of the assets scanned between these two dates, both dates included. The format for dates is: lastScanDateFrom=2022-09-30 or 2022-09-30T18:48:16Z lastScanDateTo=2022-12-27 or 2022-12-27T20:48:16Z Notes: - You must specify both dates. - You must not use these parameters with lastScanDate |
|
statusChangedSince={value} |
Optional |
Integer |
Compliance posture information records when the posture is changed in policy since the specified date. You may also specify the time. The format for date and time is: YYYY-MM-DD or YYYY-MM-DDTHH:MM:SSZ (UTC/GMT) |
| excludeInactiveControl={0|1} | Optional | Integer | Default value is 0, which indicates that inactive controls data is retrieved for the host posture. If you want to exclude inactive control data then, change the value to 1. |
Using this V2 API URL you can retrieve extended evidence and last updated date information for the hosts. The evidence for a control includes the expected and actual values for the control on the host. The extended evidence includes any additional findings/information collected during the control evaluation on the host to support the actual result. To retrieve the extended information in the API response, specify the following input parameters.
API Request
https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?compressionRequired=0&evidenceRequired=1
JSON Output
{
"id": 13603803,
"instance": "os",
"policyId": 725886,
"policyTitle": "AllTech_policy",
"netBios": null,
"controlId": 1071,
"controlStatement": "Status of the 'Minimum Password
Length' setting",
"rationale":
"Among the several characteristics that make'user identification' via password a secure and workable solution
is setting a 'minimum password length' requirement. Each
character that is added to the password length squares the
difficulty of breaking the password via 'brute force,' which
attempts using every combination possible within the password
symbol set-space, in order to discover a user's password. While no
'minimum length' can be guaranteed secure, eight (8) is commonly
considered to be the minimum for most application access, along
with requiring other password security factors, such as increasing
the size of the symbol set-space by requiring mixed-cases, along
with other forms of password variability creation, increases the
difficulty of breaking any password by brute-force attack.",
"remediation": "To specify password length requirements for
new accounts, edit the file \"/etc/login.defs\" and add or correct
the following lines: \n\nPASS_MIN_LEN <required
value>\n\nexample:\n\nPASS_MIN_LEN 14\n\n\nNote:\nThe DoD
requirement is \"14\". If a program consults \"/etc/login.defs\"
and also another PAM module (such as \"pam_cracklib\") during a
password change operation, then the most restrictive must be
satisfied.",
"controlReference": null,
"technologyId": 80,
"status": "Failed",
"previousStatus": "Failed",
"firstFailDate": "2023-07-04T13:58:08Z",
"lastFailDate": "2024-01-23T12:56:18Z",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2023-07-04T13:58:08Z",
"lastEvaluatedDate": "2024-01-23T12:56:18Z",
"created": "2024-02-02T13:02:57Z",
"hostId": 1756436,
"ip": "10.11.70.116",
"trackingMethod": "IP",
"os": null,
"osCpe": null,
"domainName": null,
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2023-07-04T13:59:25Z",
"customerUuid": "6009e710-108b-f57b-83d0-1768010d577f",
"customerId": "1033824",
"assetId": 9228010,
"technology": {
"id": 80,"name": "CentOS 7.x"
},
"criticality": {
"label": "URGENT",
"value": 5
},
"evidence": {
"expectedValues": "\ngreater than or equal to\n9",
"currentValues": [
"5"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "2023-07-04T13:59:25Z",
"extendedEvidence": "Row 1:File name,Setting,Value\nRow
2:/etc/login.defs,PASS_MIN_LEN,5\n"
},
You can include/exclude inactive controls (SDC, UDC) from the host compliance posture information in the API response. Inactive controls are the controls removed or deactivated from a policy.
API Request
https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?evidenceRequired=1&compres sionRequired=0&excludeInactiveControl=1
JSON Output
"id": 26081552, "instance": "oracle19cdb:1:1527:ora19csu", "policyId": 5561690, "policyTitle": "Oracle_DB_UDC", "netBios": null, "controlId": 100432, "controlStatement": "Oracle_DB_UDC_3", "rationale": "rationle", "remediation": "Remediation", "controlReference": null, "technologyId": 312, "status": "Failed", "previousStatus": "Failed", "firstFailDate": "2023-06-08T09:52:13Z", "lastFailDate": "2023-08-24T10:00:05Z", "firstPassDate": "", "lastPassDate": "", "postureModifiedDate": "2023-06-08T09:52:13Z", "lastEvaluatedDate": "2023-08-24T10:00:05Z", "created": "2024-01-30T06:54:04Z", "hostId": 11587415, "ip": "10.14.70.18", "trackingMethod": "IP", "os": null, "osCpe": null, "domainName": null, "dns": null, "qgHostid": null, "networkId": 0, "networkName": "Global Default Network", "complianceLastScanDate": "2024-01-05T10:24:32Z", "customerUuid": "3b3573f9-dd5e-eb05-8140-8a19a01c5980", "customerId": "1981058", "assetId": 37640401, "technology": { "id": 312, "name": "Oracle 19c Multitenant" }, "criticality": { "label": "SERIOUS", "value": 3 }, "evidence": { "expectedValues": "\nSet status to PASS if no data found", "currentValues": [ "GRANTEE|:|GRANTED_ROLE", "APPQOSSYS|:|DBA", "UDC_SENSITIVE_SCAN|:|DBA", "QUALYS_SCAN|:|DBA" ], "actualValues": null, "directoryFimUdc": null }, "causeOfFailure": { "missing": { "logic": null, "value": [ "------------ OR ------------", "Set status to PASS if no data found" ] }, "unexpected": { "value": [ "DBA,DBA,DBA", "APPQOSSYS,UDC_SENSITIVE_SCAN,QUALYS_SCAN" ] } }, "currentDataSizeKB": "1.47", "totalDataSizeKB": "4.59", "currentBatch": 1, "totalBatches": 1, "CLOUD_RESOURCE_ID": null }
API response now displays the status of the controls on a host as passed when an exception has been created and approved. The controls on which the exception has been approved are displayed as Passed*. Exception is a way to temporarily change the status of a control on a host from Failed to PassedE (passed with an exception). To learn about what is exceptions refer to Exceptions- The Basics.
API Request
https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?compressionRequired=0' \ --header 'accept: */*' \ --header 'Authorization: Bearer Token' \ --header 'Content-Type: application/json' \ --data '[ { "policyId": "5657103", "subscriptionId": "4417720", "hostIds": [ "13372203" ] } ]'
JSON Response
{
"id": 29483648,
"instance": "os",
"policyId": 5657103,
"policyTitle": "LinuxAllAssetScan_withAssetTag",
"netBios": null,
"controlId": 100000,
"controlStatement": "File_content_check_udc-2",
"rationale": "rationale",
"remediation": null,
"category": "Access Control Requirements",
"subCategory": "Authentication/Passwords",
"controlReference": null,
"technologyId": 43,
"status": "Passed*",
"previousStatus": "Error",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2024-07-10T15:10:32Z",
"lastEvaluatedDate": "2024-08-25T17:36:31Z",
"created": "2024-08-29T10:58:49Z",
"hostId": 13372203,
"ip": "10.20.31.36",
"trackingMethod": "IP",
"os": null,
"osCpe": null,
"domainName": null,
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-06-10T17:08:52Z",
"customerUuid": "872f6779-71cc-c748-8045-7dfa12015834",
"customerId": "2727621",
"assetId": 54149619,
"technology":
{ "id": 43, "name": "CentOS 6.x" }
,
"criticality":
{ "label": "MEDIUM", "value": 2 }
,
"evidence": null,
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "1.14",
"totalDataSizeKB": "1.14",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": null
}
Two new fields in the API response to display control category and sub-category.
API Request
https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?compressionRequired=0' \ --header 'accept: */*' \ --header 'Authorization: Bearer Token' \ --header 'Content-Type: application/json' \ --data '[ { "policyId": "5657103", "subscriptionId": "4417720", "hostIds": [ "13372203" ] } ]'
JSON Response
{
"id": 29483648,
"instance": "os",
"policyId": 5657103,
"policyTitle": "LinuxAllAssetScan_withAssetTag",
"netBios": null,
"controlId": 100000,
"controlStatement": "File_content_check_udc-2",
"rationale": "rationale",
"remediation": null,
"category": "Access Control Requirements",
"subCategory": "Authentication/Passwords",
"controlReference": null,
"technologyId": 43,
"status": "Passed*",
"previousStatus": "Error",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2024-07-10T15:10:32Z",
"lastEvaluatedDate": "2024-08-25T17:36:31Z",
"created": "2024-08-29T10:58:49Z",
"hostId": 13372203,
"ip": "10.20.31.36",
"trackingMethod": "IP",
"os": null,
"osCpe": null,
"domainName": null,
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-06-10T17:08:52Z",
"customerUuid": "872f6779-71cc-c748-8045-7dfa12015834",
"customerId": "2727621",
"assetId": 54149619,
"technology": {
"id": 43,
"name": "CentOS 6.x"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": null,
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "1.14",
"totalDataSizeKB": "1.14",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": null
}
Get Posture Info With lastEvaluationDate, Without Evidence, Without Compression, Without lastScanDate
API Request
curl -X POST "https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0&lastEvaluationDate=2021-12-23"-H "accept: */*"-H "Authorization: Bearer Token"-H "Content-Type: application/json"-d "[{\"policyId\":\"POLICY ID\",\"subscriptionId\":\"SUBSCRIPTION ID\",\"hostIds\":[\"HOST ID1\",\"HOST ID2\"]}]"JSON Output
[
{
"id": xxx,
"instance": "os",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"controlStatement": "Status of the 'banner motd' configuration command on the device",
"rationale": "The 'Message of the Day (banner motd)' command is used to provide a warning banner displayed when a
connection to the device is made BEFORE a user successfully authenticates to the device. The Message of the Day banner can be used to provide an acceptable use policy or warning prior to login notifying that all user activity may be monitored and potential legal consequences may result from unauthorized use. Run this check periodically to ensure content of the banner displayed is in compliance with the requirements and expectations driven by internal standards and/or policies.",
"remediation": "Execute following commands to set desired
banner message:\n1. configure terminal\n2. banner motd
'delimiting-character' 'message' 'delimiting-character'\n3.
exit\n\nc",
"controlReference": null,
"technologyId": xxx,
"status": "Error",
"previousStatus": "Error",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-12-21T11:28:21Z",
"lastPassDate": "2021-12-21T11:29:22Z",
"postureModifiedDate": "2021-12-22T12:56:41Z",
"lastEvaluatedDate": "2021-12-23T05:32:40Z",
"created": "2022-02-21T13:10:13Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xxx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:cisco::7.0%283%29i2%282%29:::",
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-12-22T12:49:59Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xxx,
"name": "Cisco NX-OS"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": null,
"causeOfFailure": null,
"currentBatch": 1,
"totalBatches": 1
}Get Posture Info Without lastEvaluationDate, Without Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=0 and compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"subscriptionId\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output
[
{
"id": xxx,
"instance": "os",
"policyId": <POLICY ID>,
"controlId": <CONTROL ID>,
"technologyId": xx,
"status": "Failed",
"previousStatus": "Failed",
"firstFailDate": "2021-10-25T07:21:13Z",
"lastFailDate": "2021-10-29T07:52:41Z",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:54:26Z",
"hostId": <HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:57:58Z",
"customerUuid": "xxx",
"customerId": "xxx",
"assetId": "xxx",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": null,
"causeOfFailure": {
"missing": {
"logic": null,
"value": [
"1",
"Attribute not found",
"Unable to retrieve password policy"
]
},
"unexpected": {
"value": [
"0"
]
}
}
},
{
"id": xxx,
"instance": "os",
"policyId": <POLICY ID>,
"controlId": <CONTROL ID>,
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-25T07:21:13Z",
"lastPassDate": "2021-10-29T07:52:41Z",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:54:26Z",
"hostId": <HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:57:58Z",
"customerUuid": "xxxx",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "URGENT",
"value": 5
},
"evidence": null,
"causeOfFailure": null
}
]Get Posture Info Without lastEvaluationDate, Without Evidence, With Compression, Without lastScanDate
User input: evidenceRequired=0 & compressionRequired=1
API Request
curl -X POST "https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?evidenceRequired=0&compressionRequired=1"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"subscriptionId\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output (Compressed)
‹ íÝ]sÚHÅñ¯ââ:Îê!Áݬí?uUoeIì8©š©©)
²C?D2S©|÷•p2Ž_ÖôÁý€ÿ»d?…~é´8:ýÛçÆ ßè„í(ÈÒfð¬1OË
7:?bÚxÖ¸,†ƒÞ߇Õ6Í(ŠÓ${Öè-ãrR
ëÇÂ0Kž5ʼ÷~\
‹‹ùviõHμ?r6-öñª;?æýz?“üã ˜MOî<s>˜LËÿtÃýnY¿lõа{û‘ùFõ?|}(
¢p7
v£äM?v¢° Æ¿~ýÁû¶j×[%Q§þ:ÿ?¦ål’-ýÁù
ïÿß]†ßvyð±;oeU[ÝÙôæ~{“¼Þèî--N Ô?¼¯^¸>DY«?´ÚÍêh_V?‡Áó0|ž-Ï›QμM9éö>
ÆGyù¾¨÷uøªz´ú,:ãÙpXÿiï²~½Ë¼ó¯¢3ô&Å´8/;Ÿ-ã~ñiúÇ4Ÿ|Ì'?DAu&Q§óW«Ù©
öÐ×G½WOEúùÇéŸÃêéVõèŸÿ-ÞS}
\í}oe—
ŸŠÉ‡úM6‚Æ???ÙÕ¯ùó°8ëwöóóîlXî¼¼z²þÍ‹ÑåpPŸ7/ªÃuÒëŽo©ìMØêÄíN’Ì?ÔlZ
£|r:?Ì_©?giž-»ÙYÔÚM³óóÝ,l&»A˜žeaë¼?¦çßýÔüÝEIPí»z´>?Ê«‡Â´?diý¾¯OÉFç
ê ¯OËñÕ¯ñîêHíoeÌ?ÔN}¤vŽ£Æ—
ú ?”ƒ^w8(ç?7ìžåÃêöŽß?îýô¢Úq}&TûhV?W't?ŸS¹:v½îlšÿr^Ÿ¸ÕÙuõè—
g7€…*°(lE ÀÜ€Eò´C€ìvrp|øËéÉμ¯x9_±î+ž~t_Gû‡§G×¼¢åx5—
àõðÿëW»Ÿ×?ÏÜæõ€oeû¶ºy†ßfx—
?¼àμ’áësc4˜N«Or¾§âbÐû¶å×?üÖ¨ßþOe9oeÍÊ|g\”;çÅl\£8wφùNYìLòêùüc¾sYý¢
Õáîï\‘lü^½‡Ù8ÿë2ïÍOºÏ×û
ª'¿Ü²?,ñ_Sæ~ØþÑmŸÿ|ðòÍ5íd¹¡³uƒ×ÑÉÉëõ‹·:Õ¹ÖOEãÎü‘êß‘·Ç?W{ûoû»çâf5
Þ €Oàü¼ü*ðèÛAÛ©
\;l-âLê?á}—@aC>À0óÏ°•Á †0T¶-Æ0„!
Ý&?Ãvð0C.¼Âp›.¾úª]?MBÄw¾›d,1ˆK#†Ì,aC…aìŸa0 †
æÃ&
aC?abÁpÁ—ÿ\à?á63tˆ×Õo÷mý—éwÙº.û„÷\öñŸë©h·a¡
ma„5Èõ¤-æ›0„¡ÂРד’ë?áv0ôtdb ëI‰õ …‚–Aª'‹PˆBUser input: evidenceRequired=1 & compressionRequired=1
API Request
curl -X POST "https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?evidenceRequired=1&compressionRequired=1"-H "accept: */*" -H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"subscriptionId\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output (Compressed)
‹ í?[sÛFš@ÿ
JμöΈ ¼€|“%yâÄr SvR“ÌNQ$LaC4 ÚÖÌä¿o7HJ¼
ša‹"qR•*YÂμÑ}ú‚ßùõß'^ÿ¤mμª¦Ó¬™?=ñü(îú=÷¤} D'?=C¯wÿFlS«VífÝùëI/ð
ã0ÊßY–SÿëIìöîü`
’íšâ7âñ$ ǸîF‘Û—ÇÝ/^0‰:k?ùä…Qüºë
/º±<-øÕ°»ú›d#¹ËìWU³j?Zæiμ~c6ÛU«mÙ?Ÿí˜¶UKnU¯¶kÖß“{ŠâIè^}ï“çö3iÍyù¥
;oeˆ-Ö6]>n/tåFë?ÔÚõ†ÜàNoeX‘ÓhÕ?-š(í±ØØ2+–
Uiš•ZUl ‡ÝÞïž?¸rã»@ëÍμø-xm?2?ÊŸÎÇòzc·ý?A{äõÂ
>Åí¯žß¾FÿOEÜð‹?þ³jZÕvXm·¿5jmq„¾/K½OEúî—
èóPü¹!~ûyð?¸&Y¦G÷Ýøk þ./òÄ<yø÷»îHžóoÃà¶;4.ÜOÝÉ06ÞMÿ(ï<?‡ž¬7oEqu
z]?μ¤oe?«Ñ®‹²p’’šDq0rà /9S×všnÓ<un«?Ó¦óéÓ©cÕꧦռu¬Æ§®Õü´°WruÕº)
Ž-~+ëQ<ý•ÕlÕ?¦¼îÇ*yÒžVqY-ýémü<-)£“””!KÊx_=ùC>A/özÝ¡'û
»·îPìpþþÍÍ›ó³·âÀ²&ˆcÔÄÆ¢B÷ݤ©üûÄý6v{âÙ?”?–
ý›?áEÝÛ¡Û7^˜/?óOþ3~|o,þû7ÿÒŸmjånúÞt&·?¸÷†ÄƧ`â÷óvYÚ8)Ç0týx~-¿ž,^
êÉ?D‘öâIw8ÿû´fô½PÜa Þ¿öFú½é¯e‘u'‘ûã'Ù\E›šÿz+–*VªV£
VÀGet Posture Info Without lastEvaluationDate, With Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=1, compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0"-H "accept: */*" -H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"xxx\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output
[
{
"id": xxx,
"instance": "os",
"policyId": <POLICY ID>,
"controlId": <CONTROL ID>,
"technologyId": <TECHNOLOGY ID>,
"status": "Failed",
"previousStatus": "Failed",
"firstFailDate": "2021-10-25T07:21:13Z",
"lastFailDate": "2021-10-29T07:52:41Z",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:55:26Z",
"hostId": <HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:39:55Z",
"customerUuid": "0a387e70-8b26-78ff-8145-017b816fa17f",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nAttribute not found\n---------
--- OR ------------\nUnable to retrieve password policy\n------
------ OR ------------\nequal to\n1",
"currentValues": [
"0"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": {
"missing": {
"logic": null,
"value": [
"1",
"Attribute not found",
"Unable to retrieve password policy"
]
},
"unexpected": {
"value": [
"0"
]
}
}
},
{
"id": xx,
"instance": "MSSQL 2016:1:1433:MSSQLSERVER:PCDEV",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-25T07:21:13Z",
"lastPassDate": "2021-10-29T07:52:41Z",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:55:27Z",
"hostId": <HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:39:55Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Microsoft SQL Server 2016"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nGrantees not found\n----------
-- OR ------------\nmatches regular expression list\n.*",
"currentValues": [
"Grantees not found"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": null
}
]Get Posture Info (Multiple Policy IDs) With lastEvaluationDate, With Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=1 & compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0&lastEvaluationDate=2021-12-27T15:35:22Z"-H "accept: /"-H "Authorization: Bearer Token "-H "Content-Type:application/json"-d "[{\"policyId\":\"Policy_ID\",\"subscriptionId\":\"Subscription_ID\",\"hostIds\":[\"Host_ID1\"]},{\"policyId\":\"policyId1\",\"subscriptionId\":\"Subscription_ID\",\"hostIds\":[\"HOST_ID1\"]}]"JSON Output
[
{
"id": xx,
"instance": "os",
"policyId": <POLICY_ID>,
"controlId": <CONTROL_ID,
"controlStatement": "Status of the 'Minimum Password Length' setting",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.", "remediation": "To establish the recommended configuration via GP, set the following UI path to 14 or more character(s):\n\n\tComputer Configuration\\Policies\\Windows
Settings\\Security Settings\\Account Policies\\Password
Policy\\Minimum password length",
"controlReference": null,
"technologyId": xx,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-12T13:12:26Z",
"lastPassDate": "2021-12-27T15:35:22Z",
"postureModifiedDate": "2021-10-12T13:12:26Z",
"lastEvaluatedDate": "2021-12-27T15:35:22Z",
"created": "2022-02-24T14:21:06Z",
"hostId": xx,
"ip": "xx.xx.xx.xx",
"trackingMethod": "DNS Hostname",
"os": xx,
"osCpe": "cpe:/o:microsoft:windows_2003_server::sp2::",
"dns": "client5-25-244.root.vuln.qa.qualys.com",
"qgHostid": xx,
"networkId": xx,
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-12-27T15:31:18Z",
"customerUuid": "xx",
"customerId": "xx",
"assetId": xx,
"technology": {
"id": xx,
"name": "Windows 2003 Server"
},
"criticality": {
"label": "CRITICAL",
"value": xx
},
"evidence": {
"expectedValues": "\ngreater than or equal to\n0",
"currentValues": [
"1"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": null,
"currentBatch": xx,
"totalBatches": xx
},
{
"id": xx,
"instance": "os",
"policyId": <POLICY_ID>,
"controlId": <CONTROL_ID>,
"controlStatement": "Status of the
'net.ipv4.conf.all.send_redirects' setting within the
'/etc/sysctl.conf' file",
"rationale": "The 'net.ipv4.conf.all.send_redirects' network parameter (/etc/sysctl.conf) allows ICMP routing redirection. If the system is not going to be used as a firewall or gateway to pass network traffic, and this parameter is not disabled, malicious users may attempt to spoof source addresses or redirect traffic to a host with a network sniffer, so this value should be set according to the needs of the business.",
"remediation": "Set the following parameters in the /etc/sysctl.conf file:\n\n# net.ipv4.conf.all.send_redirects = 0\n\nOR \nRun the following commands to set the active kernel parameters:
\n# sysctl -w net.ipv4.conf.all.send_redirects=0\n#
sysctl -w net.ipv4.route.flush=1",
"controlReference": null,
"technologyId": 80,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2022-02-11T12:54:23Z",
"lastPassDate": "2022-02-11T12:54:23Z",
"postureModifiedDate": "2022-02-11T12:54:23Z",
"lastEvaluatedDate": "2022-02-11T12:54:23Z",
"created": "2022-02-24T14:21:06Z",
"hostId": xx,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:centos:centos_linux:7.6.1810:::",
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2022-02-11T12:47:29Z",
"customerUuid": "xx",
"customerId": "xx",
"assetId": xx,
"technology": {
"id": xx,
"name": "CentOS 7.x"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": {
"expectedValues": "\nSetting not found\n------------ OR
------------\nFile not found\n------------ OR ------------
\nmatches regular expression list\n.*",
"currentValues": [
"Setting not found"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": null,
"currentBatch": 1,
"totalBatches": 1
}
]Get Posture Info Without lastEvaluationDate, Without Evidence, Without Compression, Without lastScanDate
User Input: evidenceRequired=0 & compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d"[{\"policyId\":\"xx\",\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]},{\"policyId\":\"policyId1\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]}]"JSON Output
[
{
"id": xx,
"instance": "os",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-14T11:19:31Z",
"lastPassDate": "2021-10-18T06:17:29Z",
"postureModifiedDate": "2021-10-14T11:19:30Z",
"lastEvaluatedDate": "2021-10-18T06:17:29Z",
"created": "2021-10-29T08:38:14Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:cisco:asa:9.2%284%29:::",
"dns": null,
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-14T09:37:38Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Cisco ASA 9.x"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": null,
"causeOfFailure": null
},
{
"id": xx,
"instance": "os",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-25T07:21:13Z",
"lastPassDate": "2021-10-29T08:38:10Z",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T08:38:10Z",
"created": "2021-10-29T08:38:14Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:53:14Z",
"customerUuid": "0a387e70-8b26-78ff-8145-017b816fa17f",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": null,
"causeOfFailure": null
},
{
"id": 19235413,
"instance": "MSSQL 2016:1:1433:MSSQLSERVER:DB",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-28T16:53:06Z",
"lastPassDate": "2021-10-29T08:38:10Z",
"postureModifiedDate": "2021-10-28T16:53:06Z",
"lastEvaluatedDate": "2021-10-29T08:38:10Z",
"created": "2021-10-29T08:38:15Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:53:14Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Microsoft SQL Server 2016"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": null,
"causeOfFailure": null
}
]Get Posture Info Without lastEvaluationDate, With Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=1 & compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xx\",\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]},{\"policyId\":\"policyId1\",\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]}]"JSON Output
[
{
"id": xx,
"instance": "os",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-14T11:19:31Z",
"lastPassDate": "2021-10-18T06:17:29Z",
"postureModifiedDate": "2021-10-14T11:19:30Z",
"lastEvaluatedDate": "2021-10-18T06:17:29Z",
"created": "2021-10-29T08:40:38Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:cisco:asa:9.2%284%29:::",
"dns": null,
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-14T09:37:38Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Cisco ASA 9.x"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": {
"expectedValues": "\nFilter 2 not found:
^[\\*\\.\\d]\n------------ OR ------------\nFilter 1 not found:
show clock detail\n------------ OR ------------\nmatches
regular expression list\n.*",
"currentValues": [
"show clock detail:08:26:29.074 pdt Thu Oct 14
2021"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": null
},
{
"id": xx,
"instance": "MSSQL 2016:1:1433:MSSQLSERVER:DB",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": xx,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-28T16:53:06Z",
"lastPassDate": "2021-10-29T08:39:07Z",
"postureModifiedDate": "2021-10-28T16:53:06Z",
"lastEvaluatedDate": "2021-10-29T08:39:07Z",
"created": "2021-10-29T08:40:46Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:57:58Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Microsoft SQL Server 2016"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": {
"expectedValues": "\nSet status to PASS if no data
found\n------------ OR ------------\nmatches regular expression
list\n.*",
"currentValues": [
"Error Code 35:Failed to execute database query"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": null
}
]Get Posture Info Without lastEvaluationDate, Without Evidence, With Compression, With lastScanDate
User input: evidenceRequired=0 & compressionRequired=1 & lastScanDateRequired=1
API Request
Curl-X POST"https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?evidenceRequired=0&compressionRequired=1&lastEvaluationDate=2021-12-17T18:48:16Z&lastScanDate=2021-12-17T18:48:16Z"-H "accept: */*"-H "Content-Type: application/json"-d "[{\"policyId\":\"POLICY ID\",\"subscriptionId\":\"SUBCRIPTION ID\",\"hostIds\":[\"HOST ID\"]}]"JSON Output
[
{
"id": <HOST INSTANCE ID>,
"instance": "os",
"policyId": <POLICY ID>,
"controlId": <CONTROL ID>,
"controlStatement": "Status of the 'Minimum Password Length' setting", "rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly
considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.", "remediation": "To specify password length requirements for new accounts, edit the file \"/etc/login.defs\" and add or correct the
following lines: \n\nPASS_MIN_LEN <required value>\n\nexample:\n\nPASS_MIN_LEN 14\n\n\nNote:\nThe DoD requirement is
\"14\". If a program consults \"/etc/login.defs\" and also another PAM module (such as \"pam_cracklib\") during a password change operation, then the most restrictive must be satisfied.",
"controlReference": null,
"technologyId": <TECHNOLOGY ID>,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-12-23T08:20:23Z",
"lastPassDate": "2022-02-02T11:54:20Z",
"postureModifiedDate": "2021-12-23T08:20:22Z",
"lastEvaluatedDate": "2022-02-02T11:54:20Z",
"created": "2022-07-11T11:53:46Z",
"hostId": <HOST ID>,
"CLOUD_RESOURCE_ID": "<CLOUD RESOURCE ID>",
"ip": "xx.xx.xx.xxx",
"trackingMethod": "EC2",
"os": "Red Hat Enterprise Linux 8.3",
"osCpe": null,
"dns": "ip-xx-xx-xx-xxx.af-south-1.compute.internal",
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-12-23T12:59:04Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": <ASSET ID>,
"technology": {
"id": 217,
"name": "Red Hat Enterprise Linux 8.x"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": null,
"causeOfFailure": null,
"currentBatch": 8,
"totalBatches": 12
},
]Get Posture Info Without Evidence, Without Compression, With statusChangedSince=2021-12-23
API Request
curl -X POST"https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0&statusChangedSince=2021-12-23" -H "accept: */*" -H"Authorization: Bearer Token " -H "Content-Type:application/json" -d"[{\"policyId\":\"POLICYID\",\"subscriptionId\":\"SUBSCRIPTIONID\",\"hostIds\":[\"HOST ID1\",\"HOST ID2\"]}]"JSON Output
[
{
"id": 24705485,
"instance": "os",
"policyId": <POLICY ID>,
"policyTitle": "pcas_win16_redhat7 tech",
"netBios": "<NETBIOS>",
"controlId": 1071,
"controlStatement": "Status of the 'Minimum Password Length' setting",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.",
"remediation": "To establish the recommended configuration via GP, set the following UI path to 14 or more character(s):\n\n\tComputer Configuration\\Policies\\Windows Settings\\Security Settings\\Account Policies\\Password Policy\\Minimum password length",
"controlReference": null,
"technologyId": 106,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2022-11-09T12:50:12Z",
"lastPassDate": "2022-12-06T06:42:21Z",
"postureModifiedDate": "2022-11-09T12:50:12Z",
"lastEvaluatedDate": "2022-12-06T06:42:21Z",
"created": "2022-12-07T07:35:56Z",
"hostId": <HOST ID>,
"CLOUD_RESOURCE_ID": null,
"ip": "xx.xx.xx.xxx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:microsoft:windows_server_2016:1607::x64:",
"domainName": "<DOMAIN NAME>",
"dns": "<DNS>",
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2022-08-23T04:57:05Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": <ASSET ID>,
"technology": {
"id": 106,
"name": "Windows 2016 Server"
},
"criticality": {
"label": "high updated",
"value": 5
},
"evidence": {
"expectedValues": "\nAttribute not found\n------------ OR ------------\ngreater than or equal to\n0",
"currentValues": [
"6"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": null,
"currentDataSizeKB": "2.41",
"totalDataSizeKB": "2.41",
"currentBatch": 1,
"totalBatches": 1
},
]
The V3 API is designed to fetch only PC Asset data. To retrieve both PC and SCA Asset data, continue using API Versions v1 or v2.
This version (/pcrs/3.0/posture/postureInfo) of the API enables you to:
|
Parameter |
Required/Optional |
Data Type |
Description |
|---|---|---|---|
|
Authentication Token (Bearer Token) |
Required | String | Specify the authentication that is returned by the authentication request. |
|
evidenceRequired={0|1} |
Optional |
Integer |
Default value is 0, which indicates that evidence data will not be retrieved for the host posture. If you want evidence data to be retrieved, change the value to 1. Changing the value to 1 will increase the time required to fetch posture data |
|
compressionRequired={0|1} |
Required |
Integer |
Default value is 1, which indicates that the output will be compressed. If you do not want the data to be compressed, change the value to 0. Not compressing the data will increase the time required to fetch posture data. |
|
Request Body |
Required |
String |
Output of the Resolve Host ID and the JWT . |
|
Request header: Authorization |
Required |
String |
JWT encrypted . The received from the Authorization API and the used in the second API need to be the input here. |
|
lastEvaluationDate={value} |
Optional |
Integer |
Compliance posture information records when the posture is equal to or greater than the specified date. You may also specify the time. The format for date and time is: YYYY-MM-DD or, YYYY-MM-DDTHH:MM:SSZ (UTC/GMT). |
|
lastScanDate={value} |
Optional |
Integer |
Compliance posture information on the date on which an asset was last scanned. The formats for date are: lastScanDate=2021-12-17 lastScanDate=2021-12-17T18:48:16Z |
|
lastScanDateFrom, lastScanDateTo={value} |
Optional |
Integer |
Compliance posture information of the assets scanned between these two dates, both dates included. The format for dates is: lastScanDateFrom=2022-09-30 or 2022-09-30T18:48:16Z lastScanDateTo=2022-12-27 or 2022-12-27T20:48:16Z Notes: - You must specify both dates. - You must not use these parameters with lastScanDate |
|
statusChangedSince={value} |
Optional |
Integer |
Compliance posture information records when the posture is changed in policy since the specified date. You may also specify the time. The format for date and time is: YYYY-MM-DD or YYYY-MM-DDTHH:MM:SSZ (UTC/GMT) |
| excludeInactiveControl={0|1} | Optional | Integer | Default value is 0, which indicates that inactive controls data is retrieved for the host posture. If you want to exclude inactive control data then, change the value to 1. |
| cloudMetaDataRequired={0|1} | Optional | Integer |
This parameter allows you to retrieve cloud metadata. Specify "1" to retrieve cloud metadata information in the API response. Specify "0" to not retrieve cloud metadata information in the API response. Cloud metadata is returned as null in the response for the postures that do not have cloud metadata. |
| status={value} | Optional | String | This parameter lets you retrieve posture information based on the current posture status. Possible values are Passed, Failed, and Error. You can provide multiple comma-separated values. |
| previousStatus={value} | Optional | String | This parameter lets you retrieve posture information based on the previous posture status. Possible values are Passed, Failed, and Error. You can provide a single value at a time. |
| criticalityValues={0|1|2|3|4|5} | Optional | String |
This parameter lets you retrieve posture information based on the criticality levels. You can provide multiple comma-separated values. When set to 0, posture information with criticality level UNDEFINED is retrieved. When set to 1, posture information with criticality level MINIMAL is retrieved. When set to 2, posture information with criticality level MEDIUM is retrieved. When set to 3, posture information with criticality level SERIOUS is retrieved. When set to 4, posture information with criticality level CRITICAL is retrieved. When set to 5, posture information with criticality level URGENT is retrieved. When executing this API, you can use either the criticalityLabels parameter or criticalityValues parameter, but not both parameters simultaneously. |
| criticalityLabels={value} | Optional | String |
This parameter lets you retrieve posture information based on the criticality levels. You can provide multiple comma-separated crticality labels. Possible values are:
When executing this API, you can use either the criticalityLabels parameter or criticalityValues parameter, but not both parameters simultaneously. |
You can retrieve extended evidence and last updated date information for the hosts. The evidence for a control includes the expected and actual values for the control on the host. The extended evidence includes any additional findings/information collected during the control evaluation on the host to support the actual result. You can also view a control description under the evidence section for the particular host posture.To retrieve the extended information in the API response, specify the following input parameters.
API Request
curl -X POST "https://<qualys_base_url>/pcrs/4.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0"
-H "accept: */*"
-H "Authorization: Bearer Token"
-H "Content-Type: application/json"-d "[{\"policyId\":\"POLICY ID\",\"subscriptionId\":\"SUBSCRIPTION ID\",\"hostIds\":[\"HOST ID1\",\"HOST ID2\"]}]"
JSON Output
{
"id": 20245394,
"instance": "os",
"policyId": 1455112,
"policyTitle": "Linux_IP_TRACKED_IPV4_POLICY_AG",
"netBios": null,
"controlId": 1071,
"controlStatement": "Status of the 'Minimum Password Length' setting",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.",
"remediation": "To specify password length requirements for new accounts, edit the file \"/etc/login.defs\" and add or correct the following lines: \n\nPASS_MIN_LEN
<required value>\n\nexample:\n\nPASS_MIN_LEN 14\n\n\nNote:\nThe DoD requirement is \"14\". If a program consults \"/etc/login.defs\" and also another PAM module (such as \"pam_cracklib\") during a password change operation, then the most restrictive must be satisfied.",
"category": "Access Control Requirements",
"subCategory": "Authentication/Passwords",
"controlReference": null,
"technologyId": 43,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2024-11-06T10:40:30Z",
"lastPassDate": "2024-11-15T01:22:58Z",
"postureModifiedDate": "2024-11-06T10:40:30Z",
"lastEvaluatedDate": "2024-11-15T01:22:58Z",
"created": "2025-02-05T06:01:09Z",
"hostId": 6396397,
"ip": "10.11.70.111",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:centos:centos:6.6:::",
"domainName": null,
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-11-06T10:42:29Z",
"customerUuid": "e57ba830-15e4-714c-8243-6d1740d3577e",
"customerId": "2309240",
"assetId": 50568616,
"technology": {
"id": 43,
"name": "CentOS 6.x"
},
"criticality": {
"label": "urg_updated",
"value": 5
},
"evidence": {
"expectedValues": "\nSetting not found\n------------ OR ------------\nFile not found\n------------ OR ------------\ngreater than or equal to\n0",
"currentValues": [
"5"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "2024-11-06T10:42:29Z",
"extendedEvidence": "Row 1:File name,Setting,Value\nRow 2:/etc/login.defs,PASS_MIN_LEN,5\n",
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "2.88",
"totalDataSizeKB": "2.88",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": null
}
You can include/exclude inactive controls (SDC, UDC) from the host compliance posture information in the API response. Inactive controls are the controls removed or deactivated from a policy.
API Request
https://<qualys_base_url>/pcrs/4.0/posture/postureInfo?evidenceRequired=1&compres sionRequired=0&excludeInactiveControl=1
JSON Output
"id": 26081552,
"instance": "oracle19cdb:1:1527:ora19csu",
"policyId": 5561690,
"policyTitle": "Oracle_DB_UDC",
"netBios": null,
"controlId": 100432,
"controlStatement": "Oracle_DB_UDC_3",
"rationale": "rationle",
"remediation": "Remediation",
"controlReference": null,
"technologyId": 312,
"status": "Failed",
"previousStatus": "Failed",
"firstFailDate": "2023-06-08T09:52:13Z",
"lastFailDate": "2023-08-24T10:00:05Z",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2023-06-08T09:52:13Z",
"lastEvaluatedDate": "2023-08-24T10:00:05Z",
"created": "2024-01-30T06:54:04Z",
"hostId": 11587415,
"ip": "10.14.70.18",
"trackingMethod": "IP",
"os": null,
"osCpe": null,
"domainName": null,
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-01-05T10:24:32Z",
"customerUuid": "3b3573f9-dd5e-eb05-8140-8a19a01c5980",
"customerId": "1981058",
"assetId": 37640401,
"technology": {
"id": 312,
"name": "Oracle 19c Multitenant"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nSet status to PASS if no data found",
"currentValues": [
"GRANTEE|:|GRANTED_ROLE",
"APPQOSSYS|:|DBA",
"UDC_SENSITIVE_SCAN|:|DBA",
"QUALYS_SCAN|:|DBA"
],
"actualValues": null,
"directoryFimUdc": null
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": {
"missing": {
"logic": null,
"value": [
"------------ OR ------------",
"Set status to PASS if no data found"
]
},
"unexpected": {
"value": [
"DBA,DBA,DBA",
"APPQOSSYS,UDC_SENSITIVE_SCAN,QUALYS_SCAN"
]
}
},
"currentDataSizeKB": "1.47",
"totalDataSizeKB": "4.59",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": null
}
API response now displays the status of the controls on a host as passed when an exception has been created and approved. The controls on which the exception has been approved are displayed as Passed*. Exception is a way to temporarily change the status of a control on a host from Failed to PassedE (passed with an exception). To learn about what is exceptions refer to Exceptions- The Basics.
API Request
https://<qualys_base_url>/pcrs/4.0/posture/postureInfo?compressionRequired=0' \ --header 'accept: */*' \ --header 'Authorization: Bearer Token' \ --header 'Content-Type: application/json' \ --data '[ { "policyId": "5657103", "subscriptionId": "4417720", "hostIds": [ "13372203" ] } ]'
JSON Response
{
"id": 29483648,
"instance": "os",
"policyId": 5657103,
"policyTitle": "LinuxAllAssetScan_withAssetTag",
"netBios": null,
"controlId": 100000,
"controlStatement": "File_content_check_udc-2",
"rationale": "rationale",
"remediation": null,
"category": "Access Control Requirements",
"subCategory": "Authentication/Passwords",
"controlReference": null,
"technologyId": 43,
"status": "Passed*",
"previousStatus": "Error",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2024-07-10T15:10:32Z",
"lastEvaluatedDate": "2024-08-25T17:36:31Z",
"created": "2024-08-29T10:58:49Z",
"hostId": 13372203,
"ip": "10.20.31.36",
"trackingMethod": "IP",
"os": null,
"osCpe": null,
"domainName": null,
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-06-10T17:08:52Z",
"customerUuid": "872f6779-71cc-c748-8045-7dfa12015834",
"customerId": "2727621",
"assetId": 54149619,
"technology":
{ "id": 43, "name": "CentOS 6.x" }
,
"criticality":
{ "label": "MEDIUM", "value": 2 }
,
"evidence": null,
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "1.14",
"totalDataSizeKB": "1.14",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": null
}
Two new fields in the API response to display control category and sub-category.
API Request
https://<qualys_base_url>/pcrs/4.0/posture/postureInfo?compressionRequired=0' \ --header 'accept: */*' \ --header 'Authorization: Bearer Token' \ --header 'Content-Type: application/json' \ --data '[ { "policyId": "5657103", "subscriptionId": "4417720", "hostIds": [ "13372203" ] } ]'
JSON Response
{
"id": 29483648,
"instance": "os",
"policyId": 5657103,
"policyTitle": "LinuxAllAssetScan_withAssetTag",
"netBios": null,
"controlId": 100000,
"controlStatement": "File_content_check_udc-2",
"rationale": "rationale",
"remediation": null,
"category": "Access Control Requirements",
"subCategory": "Authentication/Passwords",
"controlReference": null,
"technologyId": 43,
"status": "Passed*",
"previousStatus": "Error",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2024-07-10T15:10:32Z",
"lastEvaluatedDate": "2024-08-25T17:36:31Z",
"created": "2024-08-29T10:58:49Z",
"hostId": 13372203,
"ip": "10.20.31.36",
"trackingMethod": "IP",
"os": null,
"osCpe": null,
"domainName": null,
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-06-10T17:08:52Z",
"customerUuid": "872f6779-71cc-c748-8045-7dfa12015834",
"customerId": "2727621",
"assetId": 54149619,
"technology": {
"id": 43,
"name": "CentOS 6.x"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": null,
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "1.14",
"totalDataSizeKB": "1.14",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": null
}
Get Posture Info With lastEvaluationDate, Without Evidence, Without Compression, Without lastScanDate
API Request
curl -X POST "https://<qualys_base_url>/pcrs/4.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0&lastEvaluationDate=2021-12-23"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"POLICY ID\",\"subscriptionId\":\"SUBSCRIPTION ID\",\"hostIds\":[\"HOST ID1\",\"HOST ID2\"]}]"JSON Output
[
{
"id": xxx,
"instance": "os",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"controlStatement": "Status of the 'banner motd' configuration command on the device",
"rationale": "The 'Message of the Day (banner motd)' command is used to provide a warning banner displayed when a
connection to the device is made BEFORE a user successfully authenticates to the device. The Message of the Day banner can be used to provide an acceptable use policy or warning prior to login notifying that all user activity may be monitored and potential legal consequences may result from unauthorized use. Run this check periodically to ensure content of the banner displayed is in compliance with the requirements and expectations driven by internal standards and/or policies.",
"remediation": "Execute following commands to set desired
banner message:\n1. configure terminal\n2. banner motd
'delimiting-character' 'message' 'delimiting-character'\n3.
exit\n\nc",
"controlReference": null,
"technologyId": xxx,
"status": "Error",
"previousStatus": "Error",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-12-21T11:28:21Z",
"lastPassDate": "2021-12-21T11:29:22Z",
"postureModifiedDate": "2021-12-22T12:56:41Z",
"lastEvaluatedDate": "2021-12-23T05:32:40Z",
"created": "2022-02-21T13:10:13Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xxx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:cisco::7.0%283%29i2%282%29:::",
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-12-22T12:49:59Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xxx,
"name": "Cisco NX-OS"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": null,
"causeOfFailure": null,
"currentBatch": 1,
"totalBatches": 1
}Get Posture Info Without lastEvaluationDate, Without Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=0 and compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/1.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"subscriptionId\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output
[
{
"id": xxx,
"instance": "os",
"policyId": <POLICY ID>,
"controlId": <CONTROL ID>,
"technologyId": xx,
"status": "Failed",
"previousStatus": "Failed",
"firstFailDate": "2021-10-25T07:21:13Z",
"lastFailDate": "2021-10-29T07:52:41Z",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:54:26Z",
"hostId": <HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:57:58Z",
"customerUuid": "xxx",
"customerId": "xxx",
"assetId": "xxx",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": null,
"causeOfFailure": {
"missing": {
"logic": null,
"value": [
"1",
"Attribute not found",
"Unable to retrieve password policy"
]
},
"unexpected": {
"value": [
"0"
]
}
}
},
{
"id": xxx,
"instance": "os",
"policyId": <POLICY ID>,
"controlId": <CONTROL ID>,
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-25T07:21:13Z",
"lastPassDate": "2021-10-29T07:52:41Z",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:54:26Z",
"hostId": <HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:57:58Z",
"customerUuid": "xxxx",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "URGENT",
"value": 5
},
"evidence": null,
"causeOfFailure": null
}
]Get Posture Info Without lastEvaluationDate, Without Evidence, With Compression, Without lastScanDate
User input: evidenceRequired=0 & compressionRequired=1
API Request
curl -X POST "https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=0&compressionRequired=1"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"subscriptionId\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output (Compressed)
‹ íÝ]sÚHÅñ¯ââ:Îê!Áݬí?uUoeIì8©š©©)
²C?D2S©|÷•p2Ž_ÖôÁý€ÿ»d?…~é´8:ýÛçÆ ßè„í(ÈÒfð¬1OË
7:?bÚxÖ¸,†ƒÞ߇Õ6Í(ŠÓ${Öè-ãrR
ëÇÂ0Kž5ʼ÷~\
‹‹ùviõHμ?r6-öñª;?æýz?“üã ˜MOî<s>˜LËÿtÃýnY¿lõа{û‘ùFõ?|}(
¢p7
v£äM?v¢° Æ¿~ýÁû¶j×[%Q§þ:ÿ?¦ål’-ýÁù
ïÿß]†ßvyð±;oeU[ÝÙôæ~{“¼Þèî--N Ô?¼¯^¸>DY«?´ÚÍêh_V?‡Áó0|ž-Ï›QμM9éö>
ÆGyù¾¨÷uøªz´ú,:ãÙpXÿiï²~½Ë¼ó¯¢3ô&Å´8/;Ÿ-ã~ñiúÇ4Ÿ|Ì'?DAu&Q§óW«Ù©
öÐ×G½WOEúùÇéŸÃêéVõèŸÿ-ÞS}
\í}oe—
ŸŠÉ‡úM6‚Æ???ÙÕ¯ùó°8ëwöóóîlXî¼¼z²þÍ‹ÑåpPŸ7/ªÃuÒëŽo©ìMØêÄíN’Ì?ÔlZ
£|r:?Ì_©?giž-»ÙYÔÚM³óóÝ,l&»A˜žeaë¼?¦çßýÔüÝEIPí»z´>?Ê«‡Â´?diý¾¯OÉFç
ê ¯OËñÕ¯ñîêHíoeÌ?ÔN}¤vŽ£Æ—
ú ?”ƒ^w8(ç?7ìžåÃêöŽß?îýô¢Úq}&TûhV?W't?ŸS¹:v½îlšÿr^Ÿ¸ÕÙuõè—
g7€…*°(lE ÀÜ€Eò´C€ìvrp|øËéÉμ¯x9_±î+ž~t_Gû‡§G×¼¢åx5—
àõðÿëW»Ÿ×?ÏÜæõ€oeû¶ºy†ßfx—
?¼àμ’áësc4˜N«Or¾§âbÐû¶å×?üÖ¨ßþOe9oeÍÊ|g\”;çÅl\£8wφùNYìLòêùüc¾sYý¢
Õáîï\‘lü^½‡Ù8ÿë2ïÍOºÏ×û
ª'¿Ü²?,ñ_Sæ~ØþÑmŸÿ|ðòÍ5íd¹¡³uƒ×ÑÉÉëõ‹·:Õ¹ÖOEãÎü‘êß‘·Ç?W{ûoû»çâf5
Þ €Oàü¼ü*ðèÛAÛ©
\;l-âLê?á}—@aC>À0óÏ°•Á †0T¶-Æ0„!
Ý&?Ãvð0C.¼Âp›.¾úª]?MBÄw¾›d,1ˆK#†Ì,aC…aìŸa0 †
æÃ&
aC?abÁpÁ—ÿ\à?á63tˆ×Õo÷mý—éwÙº.û„÷\öñŸë©h·a¡
ma„5Èõ¤-æ›0„¡ÂРד’ë?áv0ôtdb ëI‰õ …‚–Aª'‹PˆBUser input: evidenceRequired=1 & compressionRequired=1
API Request
curl -X POST "https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=1&compressionRequired=1"-H "accept: */*" -H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"subscriptionId\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output (Compressed)
‹ í?[sÛFš@ÿ
JμöΈ ¼€|“%yâÄr SvR“ÌNQ$LaC4 ÚÖÌä¿o7HJ¼
ša‹"qR•*YÂμÑ}ú‚ßùõß'^ÿ¤mμª¦Ó¬™?=ñü(îú=÷¤} D'?=C¯wÿFlS«VífÝùëI/ð
ã0ÊßY–SÿëIìöîü`
’íšâ7âñ$ ǸîF‘Û—ÇÝ/^0‰:k?ùä…Qüºë
/º±<-øÕ°»ú›d#¹ËìWU³j?Zæiμ~c6ÛU«mÙ?Ÿí˜¶UKnU¯¶kÖß“{ŠâIè^}ï“çö3iÍyù¥
;oeˆ-Ö6]>n/tåFë?ÔÚõ†ÜàNoeX‘ÓhÕ?-š(í±ØØ2+–
Uiš•ZUl ‡ÝÞïž?¸rã»@ëÍμø-xm?2?ÊŸÎÇòzc·ý?A{äõÂ
>Åí¯žß¾FÿOEÜð‹?þ³jZÕvXm·¿5jmq„¾/K½OEúî—
èóPü¹!~ûyð?¸&Y¦G÷Ýøk þ./òÄ<yø÷»îHžóoÃà¶;4.ÜOÝÉ06ÞMÿ(ï<?‡ž¬7oEqu
z]?μ¤oe?«Ñ®‹²p’’šDq0rà /9S×všnÓ<un«?Ó¦óéÓ©cÕꧦռu¬Æ§®Õü´°WruÕº)
Ž-~+ëQ<ý•ÕlÕ?¦¼îÇ*yÒžVqY-ýémü<-)£“””!KÊx_=ùC>A/özÝ¡'û
»·îPìpþþÍÍ›ó³·âÀ²&ˆcÔÄÆ¢B÷ݤ©üûÄý6v{âÙ?”?–
ý›?áEÝÛ¡Û7^˜/?óOþ3~|o,þû7ÿÒŸmjånúÞt&·?¸÷†ÄƧ`â÷óvYÚ8)Ç0týx~-¿ž,^
êÉ?D‘öâIw8ÿû´fô½PÜa Þ¿öFú½é¯e‘u'‘ûã'Ù\E›šÿz+–*VªV£
VÀGet Posture Info Without lastEvaluationDate, With Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=1, compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0"-H "accept: */*" -H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"xxx\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output
{
"id": xxx,
"instance": "os",
"policyId":
<POLICY ID>,
"controlId":
<CONTROL ID>,
"technologyId":
<TECHNOLOGY ID>,
"status": "Failed",
"previousStatus": "Failed",
"firstFailDate": "2021-10-25T07:21:13Z",
"lastFailDate": "2021-10-29T07:52:41Z",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:55:26Z",
"hostId":
<HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:39:55Z",
"customerUuid": "0a387e70-8b26-78ff-8145-017b816fa17f",
"customerId": "
<CUSTOMER ID>",
"assetId": "
<ASSET ID>",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nAttribute not found\n---------
--- OR ------------\nUnable to retrieve password policy\n------
------ OR ------------\nequal to\n1",
"currentValues": [
"0"
],
"actualValues": null,
"directoryFimUdc": null
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": {
"missing": {
"logic": null,
"value": [
"1",
"Attribute not found",
"Unable to retrieve password policy"
]
},
"unexpected": {
"value": [
"0"
]
}
}
},
{
"id": xx,
"instance": "MSSQL 2016:1:1433:MSSQLSERVER:PCDEV",
"policyId": "
<POLICY ID>",
"controlId": "
<CONTROL ID>",
"technologyId": "
<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-25T07:21:13Z",
"lastPassDate": "2021-10-29T07:52:41Z",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:55:27Z",
"hostId":
<HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:39:55Z",
"customerUuid": "
<CUSTOMER UUID>",
"customerId": "
<CUSTOMER ID>",
"assetId": "
<ASSET ID>",
"technology": {
"id": xx,
"name": "Microsoft SQL Server 2016"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nGrantees not found\n----------
-- OR ------------\nmatches regular expression list\n.*",
"currentValues": [
"Grantees not found"
],
"actualValues": null,
"directoryFimUdc": null
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null
}
]
Get Posture Info (Multiple Policy IDs) With lastEvaluationDate, With Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=1 & compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0&lastEvaluationDate=2021-12-27T15:35:22Z"-H "accept: /"-H "Authorization: Bearer Token "-H "Content-Type:application/json"-d "[{\"policyId\":\"Policy_ID\",\"subscriptionId\":\"Subscription_ID\",\"hostIds\":[\"Host_ID1\"]},{\"policyId\":\"policyId1\",\"subscriptionId\":\"Subscription_ID\",\"hostIds\":[\"HOST_ID1\"]}]"JSON Output
[
{
"id": xx,
"instance": "os",
"policyId":
<POLICY_ID>,
"controlId":
<CONTROL_ID,
"controlStatement": "Status of the 'Minimum Password Length' setting",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.", "remediation": "To establish the recommended configuration via GP, set the following UI path to 14 or more character(s):\n\n\tComputer Configuration\\Policies\\Windows
Settings\\Security Settings\\Account Policies\\Password
Policy\\Minimum password length",
"controlReference": null,
"technologyId": xx,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-12T13:12:26Z",
"lastPassDate": "2021-12-27T15:35:22Z",
"postureModifiedDate": "2021-10-12T13:12:26Z",
"lastEvaluatedDate": "2021-12-27T15:35:22Z",
"created": "2022-02-24T14:21:06Z",
"hostId": xx,
"ip": "xx.xx.xx.xx",
"trackingMethod": "DNS Hostname",
"os": xx,
"osCpe": "cpe:/o:microsoft:windows_2003_server::sp2::",
"dns": "client5-25-244.root.vuln.qa.qualys.com",
"qgHostid": xx,
"networkId": xx,
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-12-27T15:31:18Z",
"customerUuid": "xx",
"customerId": "xx",
"assetId": xx,
"technology": {
"id": xx,
"name": "Windows 2003 Server"
},
"criticality": {
"label": "CRITICAL",
"value": xx
},
"evidence": {
"expectedValues": "\ngreater than or equal to\n0",
"currentValues": [
"1"
],
"actualValues": null,
"directoryFimUdc": null
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"currentBatch": xx,
"totalBatches": xx
},
{
"id": xx,
"instance": "os",
"policyId":
<POLICY_ID>,
"controlId":
<CONTROL_ID>,
"controlStatement": "Status of the
'net.ipv4.conf.all.send_redirects' setting within the
'/etc/sysctl.conf' file",
"rationale": "The 'net.ipv4.conf.all.send_redirects' network parameter (/etc/sysctl.conf) allows ICMP routing redirection. If the system is not going to be used as a firewall or gateway to pass network traffic, and this parameter is not disabled, malicious users may attempt to spoof source addresses or redirect traffic to a host with a network sniffer, so this value should be set according to the needs of the business.",
"remediation": "Set the following parameters in the /etc/sysctl.conf file:\n\n# net.ipv4.conf.all.send_redirects = 0\n\nOR \nRun the following commands to set the active kernel parameters:
\n# sysctl -w net.ipv4.conf.all.send_redirects=0\n#
sysctl -w net.ipv4.route.flush=1",
"controlReference": null,
"technologyId": 80,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2022-02-11T12:54:23Z",
"lastPassDate": "2022-02-11T12:54:23Z",
"postureModifiedDate": "2022-02-11T12:54:23Z",
"lastEvaluatedDate": "2022-02-11T12:54:23Z",
"created": "2022-02-24T14:21:06Z",
"hostId": xx,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:centos:centos_linux:7.6.1810:::",
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2022-02-11T12:47:29Z",
"customerUuid": "xx",
"customerId": "xx",
"assetId": xx,
"technology": {
"id": xx,
"name": "CentOS 7.x"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": {
"expectedValues": "\nSetting not found\n------------ OR
------------\nFile not found\n------------ OR ------------
\nmatches regular expression list\n.*",
"currentValues": [
"Setting not found"
],
"actualValues": null,
"directoryFimUdc": null
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"currentBatch": 1,
"totalBatches": 1
}
]
Get Posture Info Without lastEvaluationDate, Without Evidence, Without Compression, Without lastScanDate
User Input: evidenceRequired=0 & compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d"[{\"policyId\":\"xx\",\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]},{\"policyId\":\"policyId1\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]}]"JSON Output
[
{
"id": xx,
"instance": "os",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-14T11:19:31Z",
"lastPassDate": "2021-10-18T06:17:29Z",
"postureModifiedDate": "2021-10-14T11:19:30Z",
"lastEvaluatedDate": "2021-10-18T06:17:29Z",
"created": "2021-10-29T08:38:14Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:cisco:asa:9.2%284%29:::",
"dns": null,
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-14T09:37:38Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Cisco ASA 9.x"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": null,
"causeOfFailure": null
},
{
"id": xx,
"instance": "os",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-25T07:21:13Z",
"lastPassDate": "2021-10-29T08:38:10Z",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T08:38:10Z",
"created": "2021-10-29T08:38:14Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:53:14Z",
"customerUuid": "0a387e70-8b26-78ff-8145-017b816fa17f",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": null,
"causeOfFailure": null
},
{
"id": 19235413,
"instance": "MSSQL 2016:1:1433:MSSQLSERVER:DB",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-28T16:53:06Z",
"lastPassDate": "2021-10-29T08:38:10Z",
"postureModifiedDate": "2021-10-28T16:53:06Z",
"lastEvaluatedDate": "2021-10-29T08:38:10Z",
"created": "2021-10-29T08:38:15Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:53:14Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Microsoft SQL Server 2016"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": null,
"causeOfFailure": null
}
]Get Posture Info Without lastEvaluationDate, With Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=1 & compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0"-H "accept: */*"-H "Authorization: Bearer Token"-H "Content-Type: application/json"-d "[{\"policyId\":\"xx\",\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]},{\"policyId\":\"policyId1\",\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]}]"JSON Output
[
{
"id": xx,
"instance": "os",
"policyId": "
<POLICY ID>",
"controlId": "
<CONTROL ID>",
"technologyId": "
<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-14T11:19:31Z",
"lastPassDate": "2021-10-18T06:17:29Z",
"postureModifiedDate": "2021-10-14T11:19:30Z",
"lastEvaluatedDate": "2021-10-18T06:17:29Z",
"created": "2021-10-29T08:40:38Z",
"hostId": "
<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:cisco:asa:9.2%284%29:::",
"dns": null,
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-14T09:37:38Z",
"customerUuid": "
<CUSTOMER UUID>",
"customerId": "
<CUSTOMER ID>",
"assetId": "
<ASSET ID>",
"technology": {
"id": xx,
"name": "Cisco ASA 9.x"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": {
"expectedValues": "\nFilter 2 not found:
^[\\*\\.\\d]\n------------ OR ------------\nFilter 1 not found:
show clock detail\n------------ OR ------------\nmatches
regular expression list\n.*",
"currentValues": [
"show clock detail:08:26:29.074 pdt Thu Oct 14
2021"
],
"actualValues": null,
"directoryFimUdc": null
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null
},
{
"id": xx,
"instance": "MSSQL 2016:1:1433:MSSQLSERVER:DB",
"policyId": "
<POLICY ID>",
"controlId": "
<CONTROL ID>",
"technologyId": xx,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-28T16:53:06Z",
"lastPassDate": "2021-10-29T08:39:07Z",
"postureModifiedDate": "2021-10-28T16:53:06Z",
"lastEvaluatedDate": "2021-10-29T08:39:07Z",
"created": "2021-10-29T08:40:46Z",
"hostId": "
<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:57:58Z",
"customerUuid": "
<CUSTOMER UUID>",
"customerId": "
<CUSTOMER ID>",
"assetId": "
<ASSET ID>",
"technology": {
"id": xx,
"name": "Microsoft SQL Server 2016"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": {
"expectedValues": "\nSet status to PASS if no data
found\n------------ OR ------------\nmatches regular expression
list\n.*",
"currentValues": [
"Error Code 35:Failed to execute database query"
],
"actualValues": null,
"directoryFimUdc": null
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null
}
]
Get Posture Info Without lastEvaluationDate, Without Evidence, With Compression, With lastScanDate
User input: evidenceRequired=0 & compressionRequired=1 & lastScanDateRequired=1
API Request
Curl-X POST"https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=0&compressionRequired=1&lastEvaluationDate=2021-12-17T18:48:16Z&lastScanDate=2021-12-17T18:48:16Z"-H "accept: */*"-H "Content-Type: application/json"-d "[{\"policyId\":\"POLICY ID\",\"subscriptionId\":\"SUBCRIPTION ID\",\"hostIds\":[\"HOST ID\"]}]"JSON Output
[
{
"id": <HOST INSTANCE ID>,
"instance": "os",
"policyId": <POLICY ID>,
"controlId": <CONTROL ID>,
"controlStatement": "Status of the 'Minimum Password Length' setting", "rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly
considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.", "remediation": "To specify password length requirements for new accounts, edit the file \"/etc/login.defs\" and add or correct the
following lines: \n\nPASS_MIN_LEN <required value>\n\nexample:\n\nPASS_MIN_LEN 14\n\n\nNote:\nThe DoD requirement is
\"14\". If a program consults \"/etc/login.defs\" and also another PAM module (such as \"pam_cracklib\") during a password change operation, then the most restrictive must be satisfied.",
"controlReference": null,
"technologyId": <TECHNOLOGY ID>,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-12-23T08:20:23Z",
"lastPassDate": "2022-02-02T11:54:20Z",
"postureModifiedDate": "2021-12-23T08:20:22Z",
"lastEvaluatedDate": "2022-02-02T11:54:20Z",
"created": "2022-07-11T11:53:46Z",
"hostId": <HOST ID>,
"CLOUD_RESOURCE_ID": "<CLOUD RESOURCE ID>",
"ip": "xx.xx.xx.xxx",
"trackingMethod": "EC2",
"os": "Red Hat Enterprise Linux 8.3",
"osCpe": null,
"dns": "ip-xx-xx-xx-xxx.af-south-1.compute.internal",
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-12-23T12:59:04Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": <ASSET ID>,
"technology": {
"id": 217,
"name": "Red Hat Enterprise Linux 8.x"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": null,
"causeOfFailure": null,
"currentBatch": 8,
"totalBatches": 12
},
]Get Posture Info Without Evidence, Without Compression, With statusChangedSince=2021-12-23
API Request
curl -X POST"https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0&statusChangedSince=2021-12-23" -H "accept: */*" -H"Authorization: Bearer Token " -H "Content-Type:application/json" -d"[{\"policyId\":\"POLICYID\",\"subscriptionId\":\"SUBSCRIPTIONID\",\"hostIds\":[\"HOST ID1\",\"HOST ID2\"]}]"JSON Output
[
{
"id": 24705485,
"instance": "os",
"policyId": <POLICY ID>,
"policyTitle": "pcas_win16_redhat7 tech",
"netBios": "<NETBIOS>",
"controlId": 1071,
"controlStatement": "Status of the 'Minimum Password Length' setting",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.",
"remediation": "To establish the recommended configuration via GP, set the following UI path to 14 or more character(s):\n\n\tComputer Configuration\\Policies\\Windows Settings\\Security Settings\\Account Policies\\Password Policy\\Minimum password length",
"controlReference": null,
"technologyId": 106,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2022-11-09T12:50:12Z",
"lastPassDate": "2022-12-06T06:42:21Z",
"postureModifiedDate": "2022-11-09T12:50:12Z",
"lastEvaluatedDate": "2022-12-06T06:42:21Z",
"created": "2022-12-07T07:35:56Z",
"hostId": <HOST ID>,
"CLOUD_RESOURCE_ID": null,
"ip": "xx.xx.xx.xxx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:microsoft:windows_server_2016:1607::x64:",
"domainName": "<DOMAIN NAME>",
"dns": "<DNS>",
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2022-08-23T04:57:05Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": <ASSET ID>,
"technology": {
"id": 106,
"name": "Windows 2016 Server"
},
"criticality": {
"label": "high updated",
"value": 5
},
"evidence": {
"expectedValues": "\nAttribute not found\n------------ OR ------------\ngreater than or equal to\n0",
"currentValues": [
"6"
],
"actualValues": null,
"directoryFimUdc": null
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"currentDataSizeKB": "2.41",
"totalDataSizeKB": "2.41",
"currentBatch": 1,
"totalBatches": 1
},
]
API Request
curl -X POST "https://<qualys_base_url>/pcrs/4.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0&cloudMetaDataRequired=1" -H "accept: */*" -H "Authorization: Bearer Token" -H "Content-Type:application/json" -d "[{\"policyId\":\"<POLICY ID>\",\"subscriptionId\":\"<SUBSCRIPTION_ID>\",\"hostIds\":[\"<HOST ID1>\",\"<HOST ID2>\"]}]"
JSON Response
[ {
"id": 19029070,
"instance": "os",
"policyId": 1438626,
"policyTitle": "CPS -Test",
"netBios": "INSTANCE-20240223-173020",
"controlId": 1131,
"controlStatement": "Status of the 'Trivial File Transfer Protocol (TFTP)' service",
"rationale": "The 'TFTP' service is both a command and TCP protocol that is normally used only for booting diskless workstations, getting or saving network component configuration files, or as a 'kickstart' type host configuration from a network-based template. The connection initiation and data transfer is all done in clear text without requiring credentials of any kind. As a malicious user with a 'sniffer' running on the network, could easily capture the data and/or reproduce the same operation, simply by knowing the name of the file(s) and the source address(es), this process should be disabled/restricted according to the needs of the business.",
"remediation": "Review \"/etc/inetd.conf\" file to check whether tftp service's configuration in line with business needs and organization's security policies.\n\nExample: To disable the tftp service,\n\nRemove or comment out any tftp lines in /etc/inetd.conf: \n# tftp stream tcp nowait root internal",
"category": "Services",
"subCategory": "Guidelines/Procedures (Services)",
"controlReference": null,
"technologyId": 346,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2024-10-04T09:47:33Z",
"lastPassDate": "2024-10-04T09:47:33Z",
"postureModifiedDate": "2024-10-04T09:47:33Z",
"lastEvaluatedDate": "2024-10-04T09:47:33Z",
"created": "2024-11-12T06:20:49Z",
"hostId": 4980343,
"ip": "34.133.253.84",
"trackingMethod": "AGENT",
"os": "Debian Linux 11.1",
"osCpe": null,
"domainName": "179.87.224.35.bc.googleusercontent.com",
"dns": "17grayscale(100%);">9.87.224.35.bc.googleusercontent.com",
"qgHostid": "4bd9e81e-12f8-4d8f-a51d-c475131a55b8",
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-10-04T09:39:21Z",
"customerUuid": "93f7ad53-1590-e3ac-83cd-322b91180e13",
"customerId": "1337821",
"assetId": 42078290,
"technology": {
"id": 346,
"name": "Debian GNU/Linux 11.x"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nDisabled (0)\n------------ OR ------------\nEnabled (1)\n------------ OR ------------\nSetting not found\n------------ OR ------------\nFile not found",
"currentValues": [
"File not found"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "2024-10-04T09:39:21Z",
"extendedEvidence": "Row 1:\n"
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "2.98",
"totalDataSizeKB": "27.09",
"currentBatch": 1,
"totalBatches": 1,
"cloudMetaData": {
"cloudProvider": "GCP",
"cloudService": "Compute Engine",
"cloudResourceId": "2182777093928348127",
"cloudResourceType": "Instance",
"cloudAccountId": "175127636344",
"cloudImageId": null,
"cloudResourceMetadata": "{'Public IP Address':'35.224.87.179', 'Private IP Address':'10.128.0.27', 'Machine Type':'e2-medium', 'Zone':'null', 'ProjectId':'qlys-devqa-qweb', 'State':'RUNNING', 'Network':'N/A', 'MAC Address':'null'}"
},
"CLOUD_RESOURCE_ID": "2182777093928348127"
}
]
API Request
curl -X POST "https://<qualys_base_url>/pcrs/4.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0&status=Passed" -H "accept: */*" -H "Authorization: Bearer Token" -H "Content-Type:application/json" -d "[{\"policyId\":\"<POLICY ID>\",\"subscriptionId\":\"<SUBSCRIPTION_ID>\",\"hostIds\":[\"<HOST ID1>\",\"<HOST ID2>\"]}]"
JSON Response
[ {
"id": 19029069,
"instance": "os",
"policyId": 1438626,
"policyTitle": "CPS -Test",
"netBios": "INSTANCE-20240223-173020",
"controlId": 1130,
"controlStatement": "Status of the 'telnet' service (Unix/Linux)",
"rationale": "'Telnet' is both a user command and a TCP/IP protocol, most commonly used for accessing remote computers via a command line interface (CLI) on tcp port 23. Telnet streams are transmitted in clear text including any uid/password input, so if a telnet session is used for privileged communication(s)/host configuration purposes, the entire session is susceptible to interception by eavesdroppers on the network. As this can lead to the session being hijacked or replayed by malicious users, this process should be disabled/restricted according to the needs of the business.",
"remediation": "Edit the file '/etc/inetd.conf' and add or comment the 'telnet' entry according to the business needs or organization's security policies.",
"category": "OS Security Settings",
"subCategory": "Performance Monitoring (All OSI Layers)",
"controlReference": null,
"technologyId": 346,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2024-10-04T09:47:33Z",
"lastPassDate": "2024-10-04T09:47:33Z",
"postureModifiedDate": "2024-10-04T09:47:33Z",
"lastEvaluatedDate": "2024-10-04T09:47:33Z",
"created": "2024-11-12T06:32:08Z",
"hostId": 4980343,
"ip": "34.133.253.84",
"trackingMethod": "AGENT",
"os": "Debian Linux 11.1",
"osCpe": null,
"domainName": "179.87.224.35.bc.googleusercontent.com",
"dns": "179.87.224.35.bc.googleusercontent.com",
"qgHostid": "4bd9e81e-12f8-4d8f-a51d-c475131a55b8",
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-10-04T09:39:21Z",
"customerUuid": "93f7ad53-1590-e3ac-83cd-322b91180e13",
"customerId": "1337821",
"assetId": 42078290,
"technology": {
"id": 346,
"name": "Debian GNU/Linux 11.x"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nDisabled (0)\n------------ OR ------------\nEnabled (1)\n------------ OR ------------\nSetting not found\n------------ OR ------------\nFile not found",
"currentValues": [
"File not found"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "2024-10-04T09:39:21Z",
"extendedEvidence": "Row 1:\n"
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "2.35",
"totalDataSizeKB": "20.78",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": "2182777093928348127"
}
]
API Request
curl -X POST "https://<qualys_base_url>/pcrs/4.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0&previousStatus=Passed" -H "accept: */*" -H "Authorization: Bearer Token" -H "Content-Type:application/json" -d "[{\"policyId\":\"<POLICY ID>\",\"subscriptionId\":\"<SUBSCRIPTION_ID>\",\"hostIds\":[\"<HOST ID1>\",\"<HOST ID2>\"]}]"
JSON Response
[ {
"id": 19029069,
"instance": "os",
"policyId": 1438626,
"policyTitle": "CPS -Test",
"netBios": "INSTANCE-20240223-173020",
"controlId": 1130,
"controlStatement": "Status of the 'telnet' service (Unix/Linux)",
"rationale": "'Telnet' is both a user command and a TCP/IP protocol, most commonly used for accessing remote computers via a command line interface (CLI) on tcp port 23. Telnet streams are transmitted in clear text including any uid/password input, so if a telnet session is used for privileged communication(s)/host configuration purposes, the entire session is susceptible to interception by eavesdroppers on the network. As this can lead to the session being hijacked or replayed by malicious users, this process should be disabled/restricted according to the needs of the business.",
"remediation": "Edit the file '/etc/inetd.conf' and add or comment the 'telnet' entry according to the business needs or organization's security policies.",
"category": "OS Security Settings",
"subCategory": "Performance Monitoring (All OSI Layers)",
"controlReference": null,
"technologyId": 346,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2024-10-04T09:47:33Z",
"lastPassDate": "2024-10-04T09:47:33Z",
"postureModifiedDate": "2024-10-04T09:47:33Z",
"lastEvaluatedDate": "2024-10-04T09:47:33Z",
"created": "2024-11-12T06:32:08Z",
"hostId": 4980343,
"ip": "34.133.253.84",
"trackingMethod": "AGENT",
"os": "Debian Linux 11.1",
"osCpe": null,
"domainName": "179.87.224.35.bc.googleusercontent.com",
"dns": "179.87.224.35.bc.googleusercontent.com",
"qgHostid": "4bd9e81e-12f8-4d8f-a51d-c475131a55b8",
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-10-04T09:39:21Z",
"customerUuid": "93f7ad53-1590-e3ac-83cd-322b91180e13",
"customerId": "1337821",
"assetId": 42078290,
"technology": {
"id": 346,
"name": "Debian GNU/Linux 11.x"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nDisabled (0)\n------------ OR ------------\nEnabled (1)\n------------ OR ------------\nSetting not found\n------------ OR ------------\nFile not found",
"currentValues": [
"File not found"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "2024-10-04T09:39:21Z",
"extendedEvidence": "Row 1:\n"
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "2.35",
"totalDataSizeKB": "20.78",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": "2182777093928348127"
}
]
API Request
curl -X POST "https://<qualys_base_url>/pcrs/4.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0& criticalityValues=2" -H "accept: */*" -H "Authorization: Bearer Token" -H "Content-Type:application/json" -d "[{\"policyId\":\"<POLICY ID>\",\"subscriptionId\":\"<SUBSCRIPTION_ID>\",\"hostIds\":[\"<HOST ID1>\",\"<HOST ID2>\"]}]"
JSON Response
[
{
"id": 20244862,
"instance": "os",
"policyId": 1455059,
"policyTitle": "WINDOWS_IP_TRACKED_IPV4_POLICY_AG",
"netBios": "SYS_25_25_25_25",
"controlId": 1161,
"controlStatement": "Status of the 'Fax' service",
"rationale": "The Microsoft 'Fax' service provides a software-based facsimile service that can take system documents and send these out to a fax-recipient via a hardware modem and analog phone line. (One reported public exploit uses the Windows Picture and Fax Viewer (SHIMGVW.DLL) to execute code arbitrarily.) As this transfer capability can potentially compromise sensitive system documents, by transmitting information to unauthorized recipients and can be activated remotely, this capability should be restricted/set according to the needs of the business.",
"remediation": "Remove or disable the Fax (fax) service.",
"category": "OS Security Settings",
"subCategory": "Performance Monitoring (All OSI Layers)",
"controlReference": null,
"technologyId": 21,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2024-11-06T09:17:38Z",
"lastPassDate": "2024-11-06T09:20:57Z",
"postureModifiedDate": "2024-11-06T09:17:38Z",
"lastEvaluatedDate": "2024-11-06T09:20:57Z",
"created": "2024-11-12T07:38:05Z",
"hostId": 6396343,
"ip": "25.25.25.25",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:microsoft:windows_server_2008:r2::enterprise_x64:",
"domainName": "25-25-25-25.bogus.tld",
"dns": "25-25-25-25.bogus.tld",
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-11-06T09:12:22Z",
"customerUuid": "e57ba830-15e4-714c-8243-6d1740d3577e",
"customerId": "2309240",
"assetId": 50622236,
"technology": {
"id": 21,
"name": "Windows 2008 Server"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": {
"expectedValues": "\nAutomatic (2)\n------------ OR ------------\nAutomatic (Delayed Start) (21)\n------------ OR ------------\nManual (3)\n------------ OR ------------\nKey not found\n------------ OR ------------\nDisabled (4)",
"currentValues": [
"Key not found"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "2024-11-06T09:12:22Z",
"extendedEvidence": "Row 1:Service Name,Registry Key,Start Value,Delayed Start\nRow 2:Fax,HKLM\\SYSTEM\\CurrentControlSet\\Services\\Fax,,\n"
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "2.34",
"totalDataSizeKB": "7.61",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": null
}
]
API Request
curl -X POST "https://<qualys_base_url>/pcrs/4.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0& criticalityLabels= MEDIUM" -H "accept: */*" -H "Authorization: Bearer Token" -H "Content-Type:application/json" -d "[{\"policyId\":\"<POLICY ID>\",\"subscriptionId\":\"<SUBSCRIPTION_ID>\",\"hostIds\":[\"<HOST ID1>\",\"<HOST ID2>\"]}]"
JSON Response
[
{
"id": 20244862,
"instance": "os",
"policyId": 1455059,
"policyTitle": "WINDOWS_IP_TRACKED_IPV4_POLICY_AG",
"netBios": "SYS_25_25_25_25",
"controlId": 1161,
"controlStatement": "Status of the 'Fax' service",
"rationale": "The Microsoft 'Fax' service provides a software-based facsimile service that can take system documents and send these out to a fax-recipient via a hardware modem and analog phone line. (One reported public exploit uses the Windows Picture and Fax Viewer (SHIMGVW.DLL) to execute code arbitrarily.) As this transfer capability can potentially compromise sensitive system documents, by transmitting information to unauthorized recipients and can be activated remotely, this capability should be restricted/set according to the needs of the business.",
"remediation": "Remove or disable the Fax (fax) service.",
"category": "OS Security Settings",
"subCategory": "Performance Monitoring (All OSI Layers)",
"controlReference": null,
"technologyId": 21,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2024-11-06T09:17:38Z",
"lastPassDate": "2024-11-06T09:20:57Z",
"postureModifiedDate": "2024-11-06T09:17:38Z",
"lastEvaluatedDate": "2024-11-06T09:20:57Z",
"created": "2024-11-12T07:38:05Z",
"hostId": 6396343,
"ip": "25.25.25.25",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:microsoft:windows_server_2008:r2::enterprise_x64:",
"domainName": "25-25-25-25.bogus.tld",
"dns": "25-25-25-25.bogus.tld",
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-11-06T09:12:22Z",
"customerUuid": "e57ba830-15e4-714c-8243-6d1740d3577e",
"customerId": "2309240",
"assetId": 50622236,
"technology": {
"id": 21,
"name": "Windows 2008 Server"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": {
"expectedValues": "\nAutomatic (2)\n------------ OR ------------\nAutomatic (Delayed Start) (21)\n------------ OR ------------\nManual (3)\n------------ OR ------------\nKey not found\n------------ OR ------------\nDisabled (4)",
"currentValues": [
"Key not found"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "2024-11-06T09:12:22Z",
"extendedEvidence": "Row 1:Service Name,Registry Key,Start Value,Delayed Start\nRow 2:Fax,HKLM\\SYSTEM\\CurrentControlSet\\Services\\Fax,,\n"
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "2.34",
"totalDataSizeKB": "7.61",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": null
}
]
The V4.0 API is designed to fetch only PC Asset data. To retrieve both PC and SCA Asset data, continue using API Versions v1.0 or v2.0.
This version (/pcrs/4.0/posture/postureInfo) of the API enables you to:
API Request
curl --location
'<qualys_base_url>/pcrs/4.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0&clou
dMetaDataRequired=1' \
--header 'accept: */*' \
--header 'Authorization: Bearer <JWT TOKEN>' \
--header 'Content-Type: application/json' \ --data '[
{
"policyId": "1438442",
"subscriptionId": "822838",
"hostIds": [
"4783735",
"4980343"
]
}
]'
JSON Response
[
{
"id": <id>,
"instance": "os",
"policyId": <policy_id>,
"policyTitle": "GCP policy-Neha",
"netBios": "NEW-SPIN123",
"controlId": <control_id>,
"controlStatement": "Status of the 'Minimum Password Length' setting",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.",
"remediation": "To specify password length requirements for new accounts, edit the file
\"/etc/login.defs\" and add or correct the following lines: \n\nPASS_MIN_LEN <required
value>\n\nexample:\n\nPASS_MIN_LEN 14\n\n\nNote:\nThe DoD requirement is \"14\". If a program
consults \"/etc/login.defs\" and also another PAM module (such as \"pam_cracklib\") during a
password change operation, then the most restrictive must be satisfied.",
"category": "Access Control Requirements",
"subCategory": "Authentication/Passwords",
"controlReference": null,
"technologyId": 81,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2025-03-23T07:10:02Z",
"lastPassDate": "2025-03-23T07:10:02Z",
"postureModifiedDate": "2025-03-23T07:10:02Z",
"lastEvaluatedDate": "2025-03-23T07:10:02Z",
"created": "2025-04-16T12:24:23Z",
"hostId": 4783735,
"ip": "10.xxx.x.19",
"trackingMethod": "AGENT",
"os": null,
"osCpe": null,
"domainName": "121.xxx.xxx.34.bc.googleusercontent.com",
"dns": "121.xxx.xxx.xx.bc.googleusercontent.com",
"qgHostid": "c4b0cde6-9017-4340-933e-afbbc71556b4",
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-10-04T09:39:21Z",
"customerUuid": "93f7ad53-1590-e3ac-83cd-322b91180e13",
"customerId": "1337821",
"assetId": 41157957,
"technology": {
"id": 81,
"name": "Red Hat Enterprise Linux 7.x"
},
"criticality": {
"label": "URGENT",
"value": 5
},
"evidence": {
"expectedValues": "\nSetting not found\n------------ OR ------------\nFile not found\n------------
OR ------------\ngreater than or equal to\n0",
"currentValues": [
"5"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "2025-04-20T08:52:58Z",
"extendedEvidence": "Row 1:File name,Setting,Value\nRow
2:/etc/login.defs,PASS_MIN_LEN,5\n",
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN
setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "3.39",
"totalDataSizeKB": "3.39",
"currentBatch": 1,
"totalBatches": 1,
"cloudMetaData": {
"cloudProvider": "GCP",
"cloudService": "Compute Engine",
"cloudResourceId": "3654664005469669138",
"cloudResourceType": "Instance",
"cloudAccountId": "175127636344",
"cloudImageId": null,
"cloudResourceMetadata": {
"publicIpAddress": "34.136.202.121",
"privateIpAddress": "10.128.0.19",
"machineType": "custom-1-1024",
"zone": null,
"projectId": "qlys-devqa-qweb",
"state": "STOPPED",
"network": "N/A",
"macAddress": null
}
},
"CLOUD_RESOURCE_ID": "3654664005469669138"
},
.......
{
"id": 19029079,
"instance": "os",
"policyId": 1438442,
"policyTitle": "GCP policy-Neha",
"netBios": "INSTANCE-20250423-173020",
"controlId": 1131,
"controlStatement": "Status of the 'Trivial File Transfer Protocol (TFTP)' service",
"rationale": "The 'TFTP' service is both a command and TCP protocol that is normally used only
for booting diskless workstations, getting or saving network component configuration files, or as a
'kickstart' type host configuration from a network-based template. The connection initiation and
data transfer is all done in clear text without requiring credentials of any kind. As a malicious user
with a 'sniffer' running on the network, could easily capture the data and/or reproduce the same
operation, simply by knowing the name of the file(s) and the source address(es), this process should
be disabled/restricted according to the needs of the business.",
"remediation": "Review \"/etc/inetd.conf\" file to check whether tftp service's configuration in line
with business needs and organization's security policies.\n\nExample: To disable the tftp
service,\n\nRemove or comment out any tftp lines in /etc/inetd.conf: \n# tftp stream tcp nowait root
internal",
"category": "Services",
"subCategory": "Guidelines/Procedures (Services)",
"controlReference": null,
"technologyId": 346,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2025-04-06T09:48:19Z",
"lastPassDate": "2025-04-06T09:48:19Z",
"postureModifiedDate": "2025-04-06T09:48:19Z",
"lastEvaluatedDate": "2025-04-06T09:48:19Z",
"created": "2025-04-16T12:24:26Z",
"hostId": 4980343,
"ip": "34.xxx.xxx.84",
"trackingMethod": "AGENT",
"os": "Debian Linux 11.1",
"osCpe": null,
"domainName": "179.xx.xxx.35.bc.googleusercontent.com",
"dns": "179.xx.xxx.35.bc.googleusercontent.com",
"qgHostid": "4bd9e81e-12f8-4d8f-a51d-c475131a55b8",
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2025-04-06T09:39:21Z",
"customerUuid": "93f7ad53-1590-e3ac-83cd-322b91180e13",
"customerId": "1337821",
"assetId": 42078290,
"technology": {
"id": 346,
"name": "Debian GNU/Linux 11.x"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nDisabled (0)\n------------ OR ------------\nEnabled (1)\n------------ OR ------------\nSetting not found\n------------ OR ------------\nFile not found",
"currentValues": [
"File not found"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "2025-04-04T09:39:21Z",
"extendedEvidence": "Row 1:\n",
"description": "The following List String value of X indicates the status of the tftp service
configured within the /etc/xinetd.conf, /etc/xinetd.d/*, /etc/inetd.conf and /etc/inetd.d/* files on the
host. A value of 0 indicates the service is disabled; and a value of 1 indicates the service is enabled on
the host."
},
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "3.27",
"totalDataSizeKB": "97.52",
"currentBatch": 1,
"totalBatches": 1,
"cloudMetaData": {
"cloudProvider": "GCP",
"cloudService": "Compute Engine",
"cloudResourceId": "2182777093928348127",
"cloudResourceType": "Instance",
"cloudAccountId": "175127636344",
"cloudImageId": null,
"cloudResourceMetadata": {
"publicIpAddress": "35.xxx.xx.179",
"privateIpAddress": "10.xxx.x.27",
"machineType": "e2-medium",
"zone": null,
"projectId": "qlys-devqa-qweb",
"state": "RUNNING",
"network": "N/A",
"macAddress": null
}
},
"CLOUD_RESOURCE_ID": "2182777093928348127"
}
]
The V5.0 API is designed to fetch only PA Asset data. To retrieve both PA and SCA Asset data, continue using API Versions v1 or v2.
This version (/pcrs/5.0/posture/postureInfo) of the API enables you to:
|
Parameter |
Required/Optional |
Data Type |
Description |
|---|---|---|---|
|
Authentication Token (Bearer Token) |
Required | String | Specify the authentication that is returned by the authentication request. |
|
evidenceRequired={0|1} |
Optional |
Integer |
Default value is 0, which indicates that evidence data will not be retrieved for the host posture. If you want evidence data to be retrieved, change the value to 1. Changing the value to 1 will increase the time required to fetch posture data |
|
compressionRequired={0|1} |
Required |
Integer |
Default value is 1, which indicates that the output will be compressed. If you do not want the data to be compressed, change the value to 0. Not compressing the data will increase the time required to fetch posture data. |
|
Request header: Authorization |
Required |
String |
JWT encrypted . The received from the Authorization API and the used in the second API need to be the input here. |
|
lastEvaluationDate={value} |
Optional |
Integer |
Compliance posture information records when the posture is equal to or greater than the specified date. You may also specify the time. The format for date and time is: YYYY-MM-DD or, YYYY-MM-DDTHH:MM:SSZ (UTC/GMT). |
|
lastScanDate={value} |
Optional |
Integer |
Compliance posture information on the date on which an asset was last scanned. The formats for date are: lastScanDate=2021-12-17 lastScanDate=2021-12-17T18:48:16Z |
|
lastScanDateFrom, lastScanDateTo={value} |
Optional |
Integer |
Compliance posture information of the assets scanned between these two dates, both dates included. The format for dates is: lastScanDateFrom=2022-09-30 or 2022-09-30T18:48:16Z lastScanDateTo=2022-12-27 or 2022-12-27T20:48:16Z Notes: - You must specify both dates. - You must not use these parameters with lastScanDate |
|
statusChangedSince={value} |
Optional |
Integer |
Compliance posture information records when the posture is changed in policy since the specified date. You may also specify the time. The format for date and time is: YYYY-MM-DD or YYYY-MM-DDTHH:MM:SSZ (UTC/GMT) |
| excludeInactiveControl={0|1} | Optional | Integer | Default value is 0, which indicates that inactive controls data is retrieved for the host posture. If you want to exclude inactive control data then, change the value to 1. |
| cloudMetaDataRequired={0|1} | Optional | Integer |
This parameter allows you to retrieve cloud metadata. Specify "1" to retrieve cloud metadata information in the API response. Specify "0" to not retrieve cloud metadata information in the API response. Cloud metadata is returned as null in the response for the postures that do not have cloud metadata. |
| status={value} | Optional | String | This parameter lets you retrieve posture information based on the current posture status. Possible values are Passed, Failed, and Error. You can provide multiple comma-separated values. |
| previousStatus={value} | Optional | String | This parameter lets you retrieve posture information based on the previous posture status. Possible values are Passed, Failed, and Error. You can provide a single value at a time. |
| criticalityValues={0|1|2|3|4|5} | Optional | String |
This parameter lets you retrieve posture information based on the criticality levels. You can provide multiple comma-separated values. When set to 0, posture information with criticality level UNDEFINED is retrieved. When set to 1, posture information with criticality level MINIMAL is retrieved. When set to 2, posture information with criticality level MEDIUM is retrieved. When set to 3, posture information with criticality level SERIOUS is retrieved. When set to 4, posture information with criticality level CRITICAL is retrieved. When set to 5, posture information with criticality level URGENT is retrieved. When executing this API, you can use either the criticalityLabels parameter or criticalityValues parameter, but not both parameters simultaneously. |
| criticalityLabels={value} | Optional | String |
This parameter lets you retrieve posture information based on the criticality levels. You can provide multiple comma-separated crticality labels. Possible values are:
When executing this API, you can use either the criticalityLabels parameter or criticalityValues parameter, but not both parameters simultaneously. |
| evidenceRequired={0|1} | Optional | Integer | Set as 1 to retrieve evidence data for posture info or else set 0. By default, the value is set as 0. |
| extendedEvidenceRequired={0|1} | Optional | Integer | Set as 1 to retrieve extended evidence data or else set to 0. For using this field, set evidenceRequired=1. |
| qdScoreRequired={0|1} |
Optional | Integer | Set as 1 to retrieve QDS in API response or else set 0. By default, the value is set as 0. |
| Request Body |
Optional | String |
Enter the policy ID, subscription ID, host ID, and the JWT token. Use this parameter to retrieve posture information with Posture ID. |
If you are entering multiple comma-separated posture IDs, you can enter a maximum of 400 thousand posture IDs at one time. Otherwise, the size of the entire JSON body (in the curl request) must not exceed 4 megabytes (MB).
You can retrieve extended evidence and last updated date information for the hosts. The evidence for a control includes the expected and actual values for the control on the host. The extended evidence includes any additional findings/information collected during the control evaluation on the host to support the actual result. You can also view a control description under the evidence section for the particular host posture.To retrieve the extended information in the API response, specify the following input parameters.
API Request
curl -X POST "https://<qualys_base_url>/pcrs/5.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0"
-H "accept: */*"
-H "Authorization: Bearer Token"
-H "Content-Type: application/json"-d "[{\"policyId\":\"POLICY ID\",\"subscriptionId\":\"SUBSCRIPTION ID\",\"hostIds\":[\"HOST ID1\",\"HOST ID2\"]}]"
JSON Output
{
"id": 20245394,
"instance": "os",
"policyId": 1455112,
"policyTitle": "Linux_IP_TRACKED_IPV4_POLICY_AG",
"netBios": null,
"controlId": 1071,
"controlStatement": "Status of the 'Minimum Password Length' setting",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.",
"remediation": "To specify password length requirements for new accounts, edit the file \"/etc/login.defs\" and add or correct the following lines: \n\nPASS_MIN_LEN
<required value>\n\nexample:\n\nPASS_MIN_LEN 14\n\n\nNote:\nThe DoD requirement is \"14\". If a program consults \"/etc/login.defs\" and also another PAM module (such as \"pam_cracklib\") during a password change operation, then the most restrictive must be satisfied.",
"category": "Access Control Requirements",
"subCategory": "Authentication/Passwords",
"controlReference": null,
"technologyId": 43,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2024-11-06T10:40:30Z",
"lastPassDate": "2024-11-15T01:22:58Z",
"postureModifiedDate": "2024-11-06T10:40:30Z",
"lastEvaluatedDate": "2024-11-15T01:22:58Z",
"created": "2025-02-05T06:01:09Z",
"hostId": 6396397,
"ip": "10.11.70.111",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:centos:centos:6.6:::",
"domainName": null,
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-11-06T10:42:29Z",
"customerUuid": "e57ba830-15e4-714c-8243-6d1740d3577e",
"customerId": "2309240",
"assetId": 50568616,
"technology": {
"id": 43,
"name": "CentOS 6.x"
},
"criticality": {
"label": "urg_updated",
"value": 5
},
"evidence": {
"expectedValues": "\nSetting not found\n------------ OR ------------\nFile not found\n------------ OR ------------\ngreater than or equal to\n0",
"currentValues": [
"5"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "2024-11-06T10:42:29Z",
"extendedEvidence": "Row 1:File name,Setting,Value\nRow 2:/etc/login.defs,PASS_MIN_LEN,5\n",
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "2.88",
"totalDataSizeKB": "2.88",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": null
}
You can include/exclude inactive controls (SDC, UDC) from the host compliance posture information in the API response. Inactive controls are the controls removed or deactivated from a policy.
API Request
https://<qualys_base_url>/pcrs/5.0/posture/postureInfo?evidenceRequired=1&compres sionRequired=0&excludeInactiveControl=1
JSON Output
"id": 26081552,
"instance": "oracle19cdb:1:1527:ora19csu",
"policyId": 5561690,
"policyTitle": "Oracle_DB_UDC",
"netBios": null,
"controlId": 100432,
"controlStatement": "Oracle_DB_UDC_3",
"rationale": "rationle",
"remediation": "Remediation",
"controlReference": null,
"technologyId": 312,
"status": "Failed",
"previousStatus": "Failed",
"firstFailDate": "2023-06-08T09:52:13Z",
"lastFailDate": "2023-08-24T10:00:05Z",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2023-06-08T09:52:13Z",
"lastEvaluatedDate": "2023-08-24T10:00:05Z",
"created": "2024-01-30T06:54:04Z",
"hostId": 11587415,
"ip": "10.14.70.18",
"trackingMethod": "IP",
"os": null,
"osCpe": null,
"domainName": null,
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-01-05T10:24:32Z",
"customerUuid": "3b3573f9-dd5e-eb05-8140-8a19a01c5980",
"customerId": "1981058",
"assetId": 37640401,
"technology": {
"id": 312,
"name": "Oracle 19c Multitenant"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nSet status to PASS if no data found",
"currentValues": [
"GRANTEE|:|GRANTED_ROLE",
"APPQOSSYS|:|DBA",
"UDC_SENSITIVE_SCAN|:|DBA",
"QUALYS_SCAN|:|DBA"
],
"actualValues": null,
"directoryFimUdc": null
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": {
"missing": {
"logic": null,
"value": [
"------------ OR ------------",
"Set status to PASS if no data found"
]
},
"unexpected": {
"value": [
"DBA,DBA,DBA",
"APPQOSSYS,UDC_SENSITIVE_SCAN,QUALYS_SCAN"
]
}
},
"currentDataSizeKB": "1.47",
"totalDataSizeKB": "4.59",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": null
}
API response now displays the status of the controls on a host as passed when an exception has been created and approved. The controls on which the exception has been approved are displayed as Passed*. Exception is a way to temporarily change the status of a control on a host from Failed to PassedE (passed with an exception). To learn about what is exceptions refer to Exceptions- The Basics.
API Request
https://<qualys_base_url>/pcrs/5.0/posture/postureInfo?compressionRequired=0' \ --header 'accept: */*' \ --header 'Authorization: Bearer Token' \ --header 'Content-Type: application/json' \ --data '[ { "policyId": "5657103", "subscriptionId": "4417720", "hostIds": [ "13372203" ] } ]'
JSON Response
{
"id": 29483648,
"instance": "os",
"policyId": 5657103,
"policyTitle": "LinuxAllAssetScan_withAssetTag",
"netBios": null,
"controlId": 100000,
"controlStatement": "File_content_check_udc-2",
"rationale": "rationale",
"remediation": null,
"category": "Access Control Requirements",
"subCategory": "Authentication/Passwords",
"controlReference": null,
"technologyId": 43,
"status": "Passed*",
"previousStatus": "Error",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2024-07-10T15:10:32Z",
"lastEvaluatedDate": "2024-08-25T17:36:31Z",
"created": "2024-08-29T10:58:49Z",
"hostId": 13372203,
"ip": "10.20.31.36",
"trackingMethod": "IP",
"os": null,
"osCpe": null,
"domainName": null,
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-06-10T17:08:52Z",
"customerUuid": "872f6779-71cc-c748-8045-7dfa12015834",
"customerId": "2727621",
"assetId": 54149619,
"technology":
{ "id": 43, "name": "CentOS 6.x" }
,
"criticality":
{ "label": "MEDIUM", "value": 2 }
,
"evidence": null,
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "1.14",
"totalDataSizeKB": "1.14",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": null
}
Two new fields in the API response to display control category and sub-category.
API Request
https://<qualys_base_url>/pcrs/5.0/posture/postureInfo?compressionRequired=0' \ --header 'accept: */*' \ --header 'Authorization: Bearer Token' \ --header 'Content-Type: application/json' \ --data '[ { "policyId": "5657103", "subscriptionId": "4417720", "hostIds": [ "13372203" ] } ]'
JSON Response
{
"id": 29483648,
"instance": "os",
"policyId": 5657103,
"policyTitle": "LinuxAllAssetScan_withAssetTag",
"netBios": null,
"controlId": 100000,
"controlStatement": "File_content_check_udc-2",
"rationale": "rationale",
"remediation": null,
"category": "Access Control Requirements",
"subCategory": "Authentication/Passwords",
"controlReference": null,
"technologyId": 43,
"status": "Passed*",
"previousStatus": "Error",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2024-07-10T15:10:32Z",
"lastEvaluatedDate": "2024-08-25T17:36:31Z",
"created": "2024-08-29T10:58:49Z",
"hostId": 13372203,
"ip": "10.20.31.36",
"trackingMethod": "IP",
"os": null,
"osCpe": null,
"domainName": null,
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-06-10T17:08:52Z",
"customerUuid": "872f6779-71cc-c748-8045-7dfa12015834",
"customerId": "2727621",
"assetId": 54149619,
"technology": {
"id": 43,
"name": "CentOS 6.x"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": null,
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "1.14",
"totalDataSizeKB": "1.14",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": null
}
Get Posture Info With lastEvaluationDate, Without Evidence, Without Compression, Without lastScanDate
API Request
curl -X POST "https://<qualys_base_url>/pcrs/5.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0&lastEvaluationDate=2021-12-23"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"POLICY ID\",\"subscriptionId\":\"SUBSCRIPTION ID\",\"hostIds\":[\"HOST ID1\",\"HOST ID2\"]}]"JSON Output
[
{
"id": xxx,
"instance": "os",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"controlStatement": "Status of the 'banner motd' configuration command on the device",
"rationale": "The 'Message of the Day (banner motd)' command is used to provide a warning banner displayed when a
connection to the device is made BEFORE a user successfully authenticates to the device. The Message of the Day banner can be used to provide an acceptable use policy or warning prior to login notifying that all user activity may be monitored and potential legal consequences may result from unauthorized use. Run this check periodically to ensure content of the banner displayed is in compliance with the requirements and expectations driven by internal standards and/or policies.",
"remediation": "Execute following commands to set desired
banner message:\n1. configure terminal\n2. banner motd
'delimiting-character' 'message' 'delimiting-character'\n3.
exit\n\nc",
"controlReference": null,
"technologyId": xxx,
"status": "Error",
"previousStatus": "Error",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-12-21T11:28:21Z",
"lastPassDate": "2021-12-21T11:29:22Z",
"postureModifiedDate": "2021-12-22T12:56:41Z",
"lastEvaluatedDate": "2021-12-23T05:32:40Z",
"created": "2022-02-21T13:10:13Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xxx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:cisco::7.0%283%29i2%282%29:::",
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-12-22T12:49:59Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xxx,
"name": "Cisco NX-OS"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": null,
"causeOfFailure": null,
"currentBatch": 1,
"totalBatches": 1
}Get Posture Info Without lastEvaluationDate, Without Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=0 and compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/1.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"subscriptionId\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output
[
{
"id": xxx,
"instance": "os",
"policyId": <POLICY ID>,
"controlId": <CONTROL ID>,
"technologyId": xx,
"status": "Failed",
"previousStatus": "Failed",
"firstFailDate": "2021-10-25T07:21:13Z",
"lastFailDate": "2021-10-29T07:52:41Z",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:54:26Z",
"hostId": <HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:57:58Z",
"customerUuid": "xxx",
"customerId": "xxx",
"assetId": "xxx",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": null,
"causeOfFailure": {
"missing": {
"logic": null,
"value": [
"1",
"Attribute not found",
"Unable to retrieve password policy"
]
},
"unexpected": {
"value": [
"0"
]
}
}
},
{
"id": xxx,
"instance": "os",
"policyId": <POLICY ID>,
"controlId": <CONTROL ID>,
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-25T07:21:13Z",
"lastPassDate": "2021-10-29T07:52:41Z",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:54:26Z",
"hostId": <HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:57:58Z",
"customerUuid": "xxxx",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "URGENT",
"value": 5
},
"evidence": null,
"causeOfFailure": null
}
]Get Posture Info Without lastEvaluationDate, Without Evidence, With Compression, Without lastScanDate
User input: evidenceRequired=0 & compressionRequired=1
API Request
curl -X POST "https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=0&compressionRequired=1"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"subscriptionId\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output (Compressed)
‹ íÝ]sÚHÅñ¯ââ:Îê!Áݬí?uUoeIì8©š©©)
²C?D2S©|÷•p2Ž_ÖôÁý€ÿ»d?…~é´8:ýÛçÆ ßè„í(ÈÒfð¬1OË
7:?bÚxÖ¸,†ƒÞ߇Õ6Í(ŠÓ${Öè-ãrR
ëÇÂ0Kž5ʼ÷~\
‹‹ùviõHμ?r6-öñª;?æýz?“üã ˜MOî<s>˜LËÿtÃýnY¿lõа{û‘ùFõ?|}(
¢p7
v£äM?v¢° Æ¿~ýÁû¶j×[%Q§þ:ÿ?¦ål’-ýÁù
ïÿß]†ßvyð±;oeU[ÝÙôæ~{“¼Þèî--N Ô?¼¯^¸>DY«?´ÚÍêh_V?‡Áó0|ž-Ï›QμM9éö>
ÆGyù¾¨÷uøªz´ú,:ãÙpXÿiï²~½Ë¼ó¯¢3ô&Å´8/;Ÿ-ã~ñiúÇ4Ÿ|Ì'?DAu&Q§óW«Ù©
öÐ×G½WOEúùÇéŸÃêéVõèŸÿ-ÞS}
\í}oe—
ŸŠÉ‡úM6‚Æ???ÙÕ¯ùó°8ëwöóóîlXî¼¼z²þÍ‹ÑåpPŸ7/ªÃuÒëŽo©ìMØêÄíN’Ì?ÔlZ
£|r:?Ì_©?giž-»ÙYÔÚM³óóÝ,l&»A˜žeaë¼?¦çßýÔüÝEIPí»z´>?Ê«‡Â´?diý¾¯OÉFç
ê ¯OËñÕ¯ñîêHíoeÌ?ÔN}¤vŽ£Æ—
ú ?”ƒ^w8(ç?7ìžåÃêöŽß?îýô¢Úq}&TûhV?W't?ŸS¹:v½îlšÿr^Ÿ¸ÕÙuõè—
g7€…*°(lE ÀÜ€Eò´C€ìvrp|øËéÉμ¯x9_±î+ž~t_Gû‡§G×¼¢åx5—
àõðÿëW»Ÿ×?ÏÜæõ€oeû¶ºy†ßfx—
?¼àμ’áësc4˜N«Or¾§âbÐû¶å×?üÖ¨ßþOe9oeÍÊ|g\”;çÅl\£8wφùNYìLòêùüc¾sYý¢
Õáîï\‘lü^½‡Ù8ÿë2ïÍOºÏ×û
ª'¿Ü²?,ñ_Sæ~ØþÑmŸÿ|ðòÍ5íd¹¡³uƒ×ÑÉÉëõ‹·:Õ¹ÖOEãÎü‘êß‘·Ç?W{ûoû»çâf5
Þ €Oàü¼ü*ðèÛAÛ©
\;l-âLê?á}—@aC>À0óÏ°•Á †0T¶-Æ0„!
Ý&?Ãvð0C.¼Âp›.¾úª]?MBÄw¾›d,1ˆK#†Ì,aC…aìŸa0 †
æÃ&
aC?abÁpÁ—ÿ\à?á63tˆ×Õo÷mý—éwÙº.û„÷\öñŸë©h·a¡
ma„5Èõ¤-æ›0„¡ÂРד’ë?áv0ôtdb ëI‰õ …‚–Aª'‹PˆBUser input: evidenceRequired=1 & compressionRequired=1
API Request
curl -X POST "https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=1&compressionRequired=1"-H "accept: */*" -H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"subscriptionId\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output (Compressed)
‹ í?[sÛFš@ÿ
JμöΈ ¼€|“%yâÄr SvR“ÌNQ$LaC4 ÚÖÌä¿o7HJ¼
ša‹"qR•*YÂμÑ}ú‚ßùõß'^ÿ¤mμª¦Ó¬™?=ñü(îú=÷¤} D'?=C¯wÿFlS«VífÝùëI/ð
ã0ÊßY–SÿëIìöîü`
’íšâ7âñ$ ǸîF‘Û—ÇÝ/^0‰:k?ùä…Qüºë
/º±<-øÕ°»ú›d#¹ËìWU³j?Zæiμ~c6ÛU«mÙ?Ÿí˜¶UKnU¯¶kÖß“{ŠâIè^}ï“çö3iÍyù¥
;oeˆ-Ö6]>n/tåFë?ÔÚõ†ÜàNoeX‘ÓhÕ?-š(í±ØØ2+–
Uiš•ZUl ‡ÝÞïž?¸rã»@ëÍμø-xm?2?ÊŸÎÇòzc·ý?A{äõÂ
>Åí¯žß¾FÿOEÜð‹?þ³jZÕvXm·¿5jmq„¾/K½OEúî—
èóPü¹!~ûyð?¸&Y¦G÷Ýøk þ./òÄ<yø÷»îHžóoÃà¶;4.ÜOÝÉ06ÞMÿ(ï<?‡ž¬7oEqu
z]?μ¤oe?«Ñ®‹²p’’šDq0rà /9S×všnÓ<un«?Ó¦óéÓ©cÕꧦռu¬Æ§®Õü´°WruÕº)
Ž-~+ëQ<ý•ÕlÕ?¦¼îÇ*yÒžVqY-ýémü<-)£“””!KÊx_=ùC>A/özÝ¡'û
»·îPìpþþÍÍ›ó³·âÀ²&ˆcÔÄÆ¢B÷ݤ©üûÄý6v{âÙ?”?–
ý›?áEÝÛ¡Û7^˜/?óOþ3~|o,þû7ÿÒŸmjånúÞt&·?¸÷†ÄƧ`â÷óvYÚ8)Ç0týx~-¿ž,^
êÉ?D‘öâIw8ÿû´fô½PÜa Þ¿öFú½é¯e‘u'‘ûã'Ù\E›šÿz+–*VªV£
VÀGet Posture Info Without lastEvaluationDate, With Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=1, compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0"-H "accept: */*" -H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"xxx\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output
{
"id": xxx,
"instance": "os",
"policyId":
<POLICY ID>,
"controlId":
<CONTROL ID>,
"technologyId":
<TECHNOLOGY ID>,
"status": "Failed",
"previousStatus": "Failed",
"firstFailDate": "2021-10-25T07:21:13Z",
"lastFailDate": "2021-10-29T07:52:41Z",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:55:26Z",
"hostId":
<HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:39:55Z",
"customerUuid": "0a387e70-8b26-78ff-8145-017b816fa17f",
"customerId": "
<CUSTOMER ID>",
"assetId": "
<ASSET ID>",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nAttribute not found\n---------
--- OR ------------\nUnable to retrieve password policy\n------
------ OR ------------\nequal to\n1",
"currentValues": [
"0"
],
"actualValues": null,
"directoryFimUdc": null
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": {
"missing": {
"logic": null,
"value": [
"1",
"Attribute not found",
"Unable to retrieve password policy"
]
},
"unexpected": {
"value": [
"0"
]
}
}
},
{
"id": xx,
"instance": "MSSQL 2016:1:1433:MSSQLSERVER:PCDEV",
"policyId": "
<POLICY ID>",
"controlId": "
<CONTROL ID>",
"technologyId": "
<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-25T07:21:13Z",
"lastPassDate": "2021-10-29T07:52:41Z",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:55:27Z",
"hostId":
<HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:39:55Z",
"customerUuid": "
<CUSTOMER UUID>",
"customerId": "
<CUSTOMER ID>",
"assetId": "
<ASSET ID>",
"technology": {
"id": xx,
"name": "Microsoft SQL Server 2016"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nGrantees not found\n----------
-- OR ------------\nmatches regular expression list\n.*",
"currentValues": [
"Grantees not found"
],
"actualValues": null,
"directoryFimUdc": null
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null
}
]
Get Posture Info (Multiple Policy IDs) With lastEvaluationDate, With Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=1 & compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0&lastEvaluationDate=2021-12-27T15:35:22Z"-H "accept: /"-H "Authorization: Bearer Token "-H "Content-Type:application/json"-d "[{\"policyId\":\"Policy_ID\",\"subscriptionId\":\"Subscription_ID\",\"hostIds\":[\"Host_ID1\"]},{\"policyId\":\"policyId1\",\"subscriptionId\":\"Subscription_ID\",\"hostIds\":[\"HOST_ID1\"]}]"JSON Output
[
{
"id": xx,
"instance": "os",
"policyId":
<POLICY_ID>,
"controlId":
<CONTROL_ID,
"controlStatement": "Status of the 'Minimum Password Length' setting",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.", "remediation": "To establish the recommended configuration via GP, set the following UI path to 14 or more character(s):\n\n\tComputer Configuration\\Policies\\Windows
Settings\\Security Settings\\Account Policies\\Password
Policy\\Minimum password length",
"controlReference": null,
"technologyId": xx,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-12T13:12:26Z",
"lastPassDate": "2021-12-27T15:35:22Z",
"postureModifiedDate": "2021-10-12T13:12:26Z",
"lastEvaluatedDate": "2021-12-27T15:35:22Z",
"created": "2022-02-24T14:21:06Z",
"hostId": xx,
"ip": "xx.xx.xx.xx",
"trackingMethod": "DNS Hostname",
"os": xx,
"osCpe": "cpe:/o:microsoft:windows_2003_server::sp2::",
"dns": "client5-25-244.root.vuln.qa.qualys.com",
"qgHostid": xx,
"networkId": xx,
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-12-27T15:31:18Z",
"customerUuid": "xx",
"customerId": "xx",
"assetId": xx,
"technology": {
"id": xx,
"name": "Windows 2003 Server"
},
"criticality": {
"label": "CRITICAL",
"value": xx
},
"evidence": {
"expectedValues": "\ngreater than or equal to\n0",
"currentValues": [
"1"
],
"actualValues": null,
"directoryFimUdc": null
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"currentBatch": xx,
"totalBatches": xx
},
{
"id": xx,
"instance": "os",
"policyId":
<POLICY_ID>,
"controlId":
<CONTROL_ID>,
"controlStatement": "Status of the
'net.ipv4.conf.all.send_redirects' setting within the
'/etc/sysctl.conf' file",
"rationale": "The 'net.ipv4.conf.all.send_redirects' network parameter (/etc/sysctl.conf) allows ICMP routing redirection. If the system is not going to be used as a firewall or gateway to pass network traffic, and this parameter is not disabled, malicious users may attempt to spoof source addresses or redirect traffic to a host with a network sniffer, so this value should be set according to the needs of the business.",
"remediation": "Set the following parameters in the /etc/sysctl.conf file:\n\n# net.ipv4.conf.all.send_redirects = 0\n\nOR \nRun the following commands to set the active kernel parameters:
\n# sysctl -w net.ipv4.conf.all.send_redirects=0\n#
sysctl -w net.ipv4.route.flush=1",
"controlReference": null,
"technologyId": 80,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2022-02-11T12:54:23Z",
"lastPassDate": "2022-02-11T12:54:23Z",
"postureModifiedDate": "2022-02-11T12:54:23Z",
"lastEvaluatedDate": "2022-02-11T12:54:23Z",
"created": "2022-02-24T14:21:06Z",
"hostId": xx,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:centos:centos_linux:7.6.1810:::",
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2022-02-11T12:47:29Z",
"customerUuid": "xx",
"customerId": "xx",
"assetId": xx,
"technology": {
"id": xx,
"name": "CentOS 7.x"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": {
"expectedValues": "\nSetting not found\n------------ OR
------------\nFile not found\n------------ OR ------------
\nmatches regular expression list\n.*",
"currentValues": [
"Setting not found"
],
"actualValues": null,
"directoryFimUdc": null
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"currentBatch": 1,
"totalBatches": 1
}
]
Get Posture Info Without lastEvaluationDate, Without Evidence, Without Compression, Without lastScanDate
User Input: evidenceRequired=0 & compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d"[{\"policyId\":\"xx\",\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]},{\"policyId\":\"policyId1\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]}]"JSON Output
[
{
"id": xx,
"instance": "os",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-14T11:19:31Z",
"lastPassDate": "2021-10-18T06:17:29Z",
"postureModifiedDate": "2021-10-14T11:19:30Z",
"lastEvaluatedDate": "2021-10-18T06:17:29Z",
"created": "2021-10-29T08:38:14Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:cisco:asa:9.2%284%29:::",
"dns": null,
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-14T09:37:38Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Cisco ASA 9.x"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": null,
"causeOfFailure": null
},
{
"id": xx,
"instance": "os",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-25T07:21:13Z",
"lastPassDate": "2021-10-29T08:38:10Z",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T08:38:10Z",
"created": "2021-10-29T08:38:14Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:53:14Z",
"customerUuid": "0a387e70-8b26-78ff-8145-017b816fa17f",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": null,
"causeOfFailure": null
},
{
"id": 19235413,
"instance": "MSSQL 2016:1:1433:MSSQLSERVER:DB",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-28T16:53:06Z",
"lastPassDate": "2021-10-29T08:38:10Z",
"postureModifiedDate": "2021-10-28T16:53:06Z",
"lastEvaluatedDate": "2021-10-29T08:38:10Z",
"created": "2021-10-29T08:38:15Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:53:14Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Microsoft SQL Server 2016"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": null,
"causeOfFailure": null
}
]Get Posture Info Without lastEvaluationDate, With Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=1 & compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0"-H "accept: */*"-H "Authorization: Bearer Token"-H "Content-Type: application/json"-d "[{\"policyId\":\"xx\",\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]},{\"policyId\":\"policyId1\",\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]}]"JSON Output
[
{
"id": xx,
"instance": "os",
"policyId": "
<POLICY ID>",
"controlId": "
<CONTROL ID>",
"technologyId": "
<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-14T11:19:31Z",
"lastPassDate": "2021-10-18T06:17:29Z",
"postureModifiedDate": "2021-10-14T11:19:30Z",
"lastEvaluatedDate": "2021-10-18T06:17:29Z",
"created": "2021-10-29T08:40:38Z",
"hostId": "
<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:cisco:asa:9.2%284%29:::",
"dns": null,
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-14T09:37:38Z",
"customerUuid": "
<CUSTOMER UUID>",
"customerId": "
<CUSTOMER ID>",
"assetId": "
<ASSET ID>",
"technology": {
"id": xx,
"name": "Cisco ASA 9.x"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": {
"expectedValues": "\nFilter 2 not found:
^[\\*\\.\\d]\n------------ OR ------------\nFilter 1 not found:
show clock detail\n------------ OR ------------\nmatches
regular expression list\n.*",
"currentValues": [
"show clock detail:08:26:29.074 pdt Thu Oct 14
2021"
],
"actualValues": null,
"directoryFimUdc": null
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null
},
{
"id": xx,
"instance": "MSSQL 2016:1:1433:MSSQLSERVER:DB",
"policyId": "
<POLICY ID>",
"controlId": "
<CONTROL ID>",
"technologyId": xx,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-28T16:53:06Z",
"lastPassDate": "2021-10-29T08:39:07Z",
"postureModifiedDate": "2021-10-28T16:53:06Z",
"lastEvaluatedDate": "2021-10-29T08:39:07Z",
"created": "2021-10-29T08:40:46Z",
"hostId": "
<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:57:58Z",
"customerUuid": "
<CUSTOMER UUID>",
"customerId": "
<CUSTOMER ID>",
"assetId": "
<ASSET ID>",
"technology": {
"id": xx,
"name": "Microsoft SQL Server 2016"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": {
"expectedValues": "\nSet status to PASS if no data
found\n------------ OR ------------\nmatches regular expression
list\n.*",
"currentValues": [
"Error Code 35:Failed to execute database query"
],
"actualValues": null,
"directoryFimUdc": null
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null
}
]
Get Posture Info Without lastEvaluationDate, Without Evidence, With Compression, With lastScanDate
User input: evidenceRequired=0 & compressionRequired=1 & lastScanDateRequired=1
API Request
Curl-X POST"https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=0&compressionRequired=1&lastEvaluationDate=2021-12-17T18:48:16Z&lastScanDate=2021-12-17T18:48:16Z"-H "accept: */*"-H "Content-Type: application/json"-d "[{\"policyId\":\"POLICY ID\",\"subscriptionId\":\"SUBCRIPTION ID\",\"hostIds\":[\"HOST ID\"]}]"JSON Output
[
{
"id": <HOST INSTANCE ID>,
"instance": "os",
"policyId": <POLICY ID>,
"controlId": <CONTROL ID>,
"controlStatement": "Status of the 'Minimum Password Length' setting", "rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly
considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.", "remediation": "To specify password length requirements for new accounts, edit the file \"/etc/login.defs\" and add or correct the
following lines: \n\nPASS_MIN_LEN <required value>\n\nexample:\n\nPASS_MIN_LEN 14\n\n\nNote:\nThe DoD requirement is
\"14\". If a program consults \"/etc/login.defs\" and also another PAM module (such as \"pam_cracklib\") during a password change operation, then the most restrictive must be satisfied.",
"controlReference": null,
"technologyId": <TECHNOLOGY ID>,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-12-23T08:20:23Z",
"lastPassDate": "2022-02-02T11:54:20Z",
"postureModifiedDate": "2021-12-23T08:20:22Z",
"lastEvaluatedDate": "2022-02-02T11:54:20Z",
"created": "2022-07-11T11:53:46Z",
"hostId": <HOST ID>,
"CLOUD_RESOURCE_ID": "<CLOUD RESOURCE ID>",
"ip": "xx.xx.xx.xxx",
"trackingMethod": "EC2",
"os": "Red Hat Enterprise Linux 8.3",
"osCpe": null,
"dns": "ip-xx-xx-xx-xxx.af-south-1.compute.internal",
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-12-23T12:59:04Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": <ASSET ID>,
"technology": {
"id": 217,
"name": "Red Hat Enterprise Linux 8.x"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": null,
"causeOfFailure": null,
"currentBatch": 8,
"totalBatches": 12
},
]Get Posture Info Without Evidence, Without Compression, With statusChangedSince=2021-12-23
API Request
curl -X POST"https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0&statusChangedSince=2021-12-23" -H "accept: */*" -H"Authorization: Bearer Token " -H "Content-Type:application/json" -d"[{\"policyId\":\"POLICYID\",\"subscriptionId\":\"SUBSCRIPTIONID\",\"hostIds\":[\"HOST ID1\",\"HOST ID2\"]}]"JSON Output
[
{
"id": 24705485,
"instance": "os",
"policyId": <POLICY ID>,
"policyTitle": "pcas_win16_redhat7 tech",
"netBios": "<NETBIOS>",
"controlId": 1071,
"controlStatement": "Status of the 'Minimum Password Length' setting",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.",
"remediation": "To establish the recommended configuration via GP, set the following UI path to 14 or more character(s):\n\n\tComputer Configuration\\Policies\\Windows Settings\\Security Settings\\Account Policies\\Password Policy\\Minimum password length",
"controlReference": null,
"technologyId": 106,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2022-11-09T12:50:12Z",
"lastPassDate": "2022-12-06T06:42:21Z",
"postureModifiedDate": "2022-11-09T12:50:12Z",
"lastEvaluatedDate": "2022-12-06T06:42:21Z",
"created": "2022-12-07T07:35:56Z",
"hostId": <HOST ID>,
"CLOUD_RESOURCE_ID": null,
"ip": "xx.xx.xx.xxx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:microsoft:windows_server_2016:1607::x64:",
"domainName": "<DOMAIN NAME>",
"dns": "<DNS>",
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2022-08-23T04:57:05Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": <ASSET ID>,
"technology": {
"id": 106,
"name": "Windows 2016 Server"
},
"criticality": {
"label": "high updated",
"value": 5
},
"evidence": {
"expectedValues": "\nAttribute not found\n------------ OR ------------\ngreater than or equal to\n0",
"currentValues": [
"6"
],
"actualValues": null,
"directoryFimUdc": null
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"currentDataSizeKB": "2.41",
"totalDataSizeKB": "2.41",
"currentBatch": 1,
"totalBatches": 1
},
]
API Request
curl -X POST "https://<qualys_base_url>/pcrs/5.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0&cloudMetaDataRequired=1" -H "accept: */*" -H "Authorization: Bearer Token" -H "Content-Type:application/json" -d "[{\"policyId\":\"<POLICY ID>\",\"subscriptionId\":\"<SUBSCRIPTION_ID>\",\"hostIds\":[\"<HOST ID1>\",\"<HOST ID2>\"]}]"
JSON Response
[ {
"id": 19029070,
"instance": "os",
"policyId": 1438626,
"policyTitle": "CPS -Test",
"netBios": "INSTANCE-20240223-173020",
"controlId": 1131,
"controlStatement": "Status of the 'Trivial File Transfer Protocol (TFTP)' service",
"rationale": "The 'TFTP' service is both a command and TCP protocol that is normally used only for booting diskless workstations, getting or saving network component configuration files, or as a 'kickstart' type host configuration from a network-based template. The connection initiation and data transfer is all done in clear text without requiring credentials of any kind. As a malicious user with a 'sniffer' running on the network, could easily capture the data and/or reproduce the same operation, simply by knowing the name of the file(s) and the source address(es), this process should be disabled/restricted according to the needs of the business.",
"remediation": "Review \"/etc/inetd.conf\" file to check whether tftp service's configuration in line with business needs and organization's security policies.\n\nExample: To disable the tftp service,\n\nRemove or comment out any tftp lines in /etc/inetd.conf: \n# tftp stream tcp nowait root internal",
"category": "Services",
"subCategory": "Guidelines/Procedures (Services)",
"controlReference": null,
"technologyId": 346,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2024-10-04T09:47:33Z",
"lastPassDate": "2024-10-04T09:47:33Z",
"postureModifiedDate": "2024-10-04T09:47:33Z",
"lastEvaluatedDate": "2024-10-04T09:47:33Z",
"created": "2024-11-12T06:20:49Z",
"hostId": 4980343,
"ip": "34.133.253.84",
"trackingMethod": "AGENT",
"os": "Debian Linux 11.1",
"osCpe": null,
"domainName": "179.87.224.35.bc.googleusercontent.com",
"dns": "17grayscale(100%);">9.87.224.35.bc.googleusercontent.com",
"qgHostid": "4bd9e81e-12f8-4d8f-a51d-c475131a55b8",
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-10-04T09:39:21Z",
"customerUuid": "93f7ad53-1590-e3ac-83cd-322b91180e13",
"customerId": "1337821",
"assetId": 42078290,
"technology": {
"id": 346,
"name": "Debian GNU/Linux 11.x"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nDisabled (0)\n------------ OR ------------\nEnabled (1)\n------------ OR ------------\nSetting not found\n------------ OR ------------\nFile not found",
"currentValues": [
"File not found"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "2024-10-04T09:39:21Z",
"extendedEvidence": "Row 1:\n"
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "2.98",
"totalDataSizeKB": "27.09",
"currentBatch": 1,
"totalBatches": 1,
"cloudMetaData": {
"cloudProvider": "GCP",
"cloudService": "Compute Engine",
"cloudResourceId": "2182777093928348127",
"cloudResourceType": "Instance",
"cloudAccountId": "175127636344",
"cloudImageId": null,
"cloudResourceMetadata": "{'Public IP Address':'35.224.87.179', 'Private IP Address':'10.128.0.27', 'Machine Type':'e2-medium', 'Zone':'null', 'ProjectId':'qlys-devqa-qweb', 'State':'RUNNING', 'Network':'N/A', 'MAC Address':'null'}"
},
"CLOUD_RESOURCE_ID": "2182777093928348127"
}
]API Request
curl -X POST "https://<qualys_base_url>/pcrs/5.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0&status=Passed" -H "accept: */*" -H "Authorization: Bearer Token" -H "Content-Type:application/json" -d "[{\"policyId\":\"<POLICY ID>\",\"subscriptionId\":\"<SUBSCRIPTION_ID>\",\"hostIds\":[\"<HOST ID1>\",\"<HOST ID2>\"]}]"
JSON Response
[ {
"id": 19029069,
"instance": "os",
"policyId": 1438626,
"policyTitle": "CPS -Test",
"netBios": "INSTANCE-20240223-173020",
"controlId": 1130,
"controlStatement": "Status of the 'telnet' service (Unix/Linux)",
"rationale": "'Telnet' is both a user command and a TCP/IP protocol, most commonly used for accessing remote computers via a command line interface (CLI) on tcp port 23. Telnet streams are transmitted in clear text including any uid/password input, so if a telnet session is used for privileged communication(s)/host configuration purposes, the entire session is susceptible to interception by eavesdroppers on the network. As this can lead to the session being hijacked or replayed by malicious users, this process should be disabled/restricted according to the needs of the business.",
"remediation": "Edit the file '/etc/inetd.conf' and add or comment the 'telnet' entry according to the business needs or organization's security policies.",
"category": "OS Security Settings",
"subCategory": "Performance Monitoring (All OSI Layers)",
"controlReference": null,
"technologyId": 346,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2024-10-04T09:47:33Z",
"lastPassDate": "2024-10-04T09:47:33Z",
"postureModifiedDate": "2024-10-04T09:47:33Z",
"lastEvaluatedDate": "2024-10-04T09:47:33Z",
"created": "2024-11-12T06:32:08Z",
"hostId": 4980343,
"ip": "34.133.253.84",
"trackingMethod": "AGENT",
"os": "Debian Linux 11.1",
"osCpe": null,
"domainName": "179.87.224.35.bc.googleusercontent.com",
"dns": "179.87.224.35.bc.googleusercontent.com",
"qgHostid": "4bd9e81e-12f8-4d8f-a51d-c475131a55b8",
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-10-04T09:39:21Z",
"customerUuid": "93f7ad53-1590-e3ac-83cd-322b91180e13",
"customerId": "1337821",
"assetId": 42078290,
"technology": {
"id": 346,
"name": "Debian GNU/Linux 11.x"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nDisabled (0)\n------------ OR ------------\nEnabled (1)\n------------ OR ------------\nSetting not found\n------------ OR ------------\nFile not found",
"currentValues": [
"File not found"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "2024-10-04T09:39:21Z",
"extendedEvidence": "Row 1:\n"
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "2.35",
"totalDataSizeKB": "20.78",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": "2182777093928348127"
}
]
API Request
curl -X POST "https://<qualys_base_url>/pcrs/5.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0&previousStatus=Passed" -H "accept: */*" -H "Authorization: Bearer Token" -H "Content-Type:application/json" -d "[{\"policyId\":\"<POLICY ID>\",\"subscriptionId\":\"<SUBSCRIPTION_ID>\",\"hostIds\":[\"<HOST ID1>\",\"<HOST ID2>\"]}]"
JSON Response
[ {
"id": 19029069,
"instance": "os",
"policyId": 1438626,
"policyTitle": "CPS -Test",
"netBios": "INSTANCE-20240223-173020",
"controlId": 1130,
"controlStatement": "Status of the 'telnet' service (Unix/Linux)",
"rationale": "'Telnet' is both a user command and a TCP/IP protocol, most commonly used for accessing remote computers via a command line interface (CLI) on tcp port 23. Telnet streams are transmitted in clear text including any uid/password input, so if a telnet session is used for privileged communication(s)/host configuration purposes, the entire session is susceptible to interception by eavesdroppers on the network. As this can lead to the session being hijacked or replayed by malicious users, this process should be disabled/restricted according to the needs of the business.",
"remediation": "Edit the file '/etc/inetd.conf' and add or comment the 'telnet' entry according to the business needs or organization's security policies.",
"category": "OS Security Settings",
"subCategory": "Performance Monitoring (All OSI Layers)",
"controlReference": null,
"technologyId": 346,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2024-10-04T09:47:33Z",
"lastPassDate": "2024-10-04T09:47:33Z",
"postureModifiedDate": "2024-10-04T09:47:33Z",
"lastEvaluatedDate": "2024-10-04T09:47:33Z",
"created": "2024-11-12T06:32:08Z",
"hostId": 4980343,
"ip": "34.133.253.84",
"trackingMethod": "AGENT",
"os": "Debian Linux 11.1",
"osCpe": null,
"domainName": "179.87.224.35.bc.googleusercontent.com",
"dns": "179.87.224.35.bc.googleusercontent.com",
"qgHostid": "4bd9e81e-12f8-4d8f-a51d-c475131a55b8",
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-10-04T09:39:21Z",
"customerUuid": "93f7ad53-1590-e3ac-83cd-322b91180e13",
"customerId": "1337821",
"assetId": 42078290,
"technology": {
"id": 346,
"name": "Debian GNU/Linux 11.x"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nDisabled (0)\n------------ OR ------------\nEnabled (1)\n------------ OR ------------\nSetting not found\n------------ OR ------------\nFile not found",
"currentValues": [
"File not found"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "2024-10-04T09:39:21Z",
"extendedEvidence": "Row 1:\n"
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "2.35",
"totalDataSizeKB": "20.78",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": "2182777093928348127"
}
]API Request
curl -X POST "https://<qualys_base_url>/pcrs/5.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0& criticalityValues=2" -H "accept: */*" -H "Authorization: Bearer Token" -H "Content-Type:application/json" -d "[{\"policyId\":\"<POLICY ID>\",\"subscriptionId\":\"<SUBSCRIPTION_ID>\",\"hostIds\":[\"<HOST ID1>\",\"<HOST ID2>\"]}]"
JSON Response
[
{
"id": 20244862,
"instance": "os",
"policyId": 1455059,
"policyTitle": "WINDOWS_IP_TRACKED_IPV4_POLICY_AG",
"netBios": "SYS_25_25_25_25",
"controlId": 1161,
"controlStatement": "Status of the 'Fax' service",
"rationale": "The Microsoft 'Fax' service provides a software-based facsimile service that can take system documents and send these out to a fax-recipient via a hardware modem and analog phone line. (One reported public exploit uses the Windows Picture and Fax Viewer (SHIMGVW.DLL) to execute code arbitrarily.) As this transfer capability can potentially compromise sensitive system documents, by transmitting information to unauthorized recipients and can be activated remotely, this capability should be restricted/set according to the needs of the business.",
"remediation": "Remove or disable the Fax (fax) service.",
"category": "OS Security Settings",
"subCategory": "Performance Monitoring (All OSI Layers)",
"controlReference": null,
"technologyId": 21,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2024-11-06T09:17:38Z",
"lastPassDate": "2024-11-06T09:20:57Z",
"postureModifiedDate": "2024-11-06T09:17:38Z",
"lastEvaluatedDate": "2024-11-06T09:20:57Z",
"created": "2024-11-12T07:38:05Z",
"hostId": 6396343,
"ip": "25.25.25.25",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:microsoft:windows_server_2008:r2::enterprise_x64:",
"domainName": "25-25-25-25.bogus.tld",
"dns": "25-25-25-25.bogus.tld",
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-11-06T09:12:22Z",
"customerUuid": "e57ba830-15e4-714c-8243-6d1740d3577e",
"customerId": "2309240",
"assetId": 50622236,
"technology": {
"id": 21,
"name": "Windows 2008 Server"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": {
"expectedValues": "\nAutomatic (2)\n------------ OR ------------\nAutomatic (Delayed Start) (21)\n------------ OR ------------\nManual (3)\n------------ OR ------------\nKey not found\n------------ OR ------------\nDisabled (4)",
"currentValues": [
"Key not found"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "2024-11-06T09:12:22Z",
"extendedEvidence": "Row 1:Service Name,Registry Key,Start Value,Delayed Start\nRow 2:Fax,HKLM\\SYSTEM\\CurrentControlSet\\Services\\Fax,,\n"
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "2.34",
"totalDataSizeKB": "7.61",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": null
}
]
API Request
curl -X POST "https://<qualys_base_url>/pcrs/5.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0& criticalityLabels= MEDIUM" -H "accept: */*" -H "Authorization: Bearer Token" -H "Content-Type:application/json" -d "[{\"policyId\":\"<POLICY ID>\",\"subscriptionId\":\"<SUBSCRIPTION_ID>\",\"hostIds\":[\"<HOST ID1>\",\"<HOST ID2>\"]}]"
JSON Response
[
{
"id": 20244862,
"instance": "os",
"policyId": 1455059,
"policyTitle": "WINDOWS_IP_TRACKED_IPV4_POLICY_AG",
"netBios": "SYS_25_25_25_25",
"controlId": 1161,
"controlStatement": "Status of the 'Fax' service",
"rationale": "The Microsoft 'Fax' service provides a software-based facsimile service that can take system documents and send these out to a fax-recipient via a hardware modem and analog phone line. (One reported public exploit uses the Windows Picture and Fax Viewer (SHIMGVW.DLL) to execute code arbitrarily.) As this transfer capability can potentially compromise sensitive system documents, by transmitting information to unauthorized recipients and can be activated remotely, this capability should be restricted/set according to the needs of the business.",
"remediation": "Remove or disable the Fax (fax) service.",
"category": "OS Security Settings",
"subCategory": "Performance Monitoring (All OSI Layers)",
"controlReference": null,
"technologyId": 21,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2024-11-06T09:17:38Z",
"lastPassDate": "2024-11-06T09:20:57Z",
"postureModifiedDate": "2024-11-06T09:17:38Z",
"lastEvaluatedDate": "2024-11-06T09:20:57Z",
"created": "2024-11-12T07:38:05Z",
"hostId": 6396343,
"ip": "25.25.25.25",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:microsoft:windows_server_2008:r2::enterprise_x64:",
"domainName": "25-25-25-25.bogus.tld",
"dns": "25-25-25-25.bogus.tld",
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-11-06T09:12:22Z",
"customerUuid": "e57ba830-15e4-714c-8243-6d1740d3577e",
"customerId": "2309240",
"assetId": 50622236,
"technology": {
"id": 21,
"name": "Windows 2008 Server"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": {
"expectedValues": "\nAutomatic (2)\n------------ OR ------------\nAutomatic (Delayed Start) (21)\n------------ OR ------------\nManual (3)\n------------ OR ------------\nKey not found\n------------ OR ------------\nDisabled (4)",
"currentValues": [
"Key not found"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "2024-11-06T09:12:22Z",
"extendedEvidence": "Row 1:Service Name,Registry Key,Start Value,Delayed Start\nRow 2:Fax,HKLM\\SYSTEM\\CurrentControlSet\\Services\\Fax,,\n"
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "2.34",
"totalDataSizeKB": "7.61",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": null
}
]API Request
curl --location
'<qualys_base_url>/pcrs/5.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0&clou
dMetaDataRequired=1' \
--header 'accept: */*' \
--header 'Authorization: Bearer <JWT TOKEN>' \
--header 'Content-Type: application/json' \ --data '[
{
"policyId": "1438442",
"subscriptionId": "822838",
"hostIds": [
"4783735",
"4980343"
]
}
]'
JSON Response
[
{
"id": <id>,
"instance": "os",
"policyId": <policy_id>,
"policyTitle": "GCP policy-Neha",
"netBios": "NEW-SPIN123",
"controlId": <control_id>,
"controlStatement": "Status of the 'Minimum Password Length' setting",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.",
"remediation": "To specify password length requirements for new accounts, edit the file
\"/etc/login.defs\" and add or correct the following lines: \n\nPASS_MIN_LEN <required
value>\n\nexample:\n\nPASS_MIN_LEN 14\n\n\nNote:\nThe DoD requirement is \"14\". If a program
consults \"/etc/login.defs\" and also another PAM module (such as \"pam_cracklib\") during a
password change operation, then the most restrictive must be satisfied.",
"category": "Access Control Requirements",
"subCategory": "Authentication/Passwords",
"controlReference": null,
"technologyId": 81,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2025-03-23T07:10:02Z",
"lastPassDate": "2025-03-23T07:10:02Z",
"postureModifiedDate": "2025-03-23T07:10:02Z",
"lastEvaluatedDate": "2025-03-23T07:10:02Z",
"created": "2025-04-16T12:24:23Z",
"hostId": 4783735,
"ip": "10.xxx.x.19",
"trackingMethod": "AGENT",
"os": null,
"osCpe": null,
"domainName": "121.xxx.xxx.34.bc.googleusercontent.com",
"dns": "121.xxx.xxx.xx.bc.googleusercontent.com",
"qgHostid": "c4b0cde6-9017-4340-933e-afbbc71556b4",
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-10-04T09:39:21Z",
"customerUuid": "93f7ad53-1590-e3ac-83cd-322b91180e13",
"customerId": "1337821",
"assetId": 41157957,
"technology": {
"id": 81,
"name": "Red Hat Enterprise Linux 7.x"
},
"criticality": {
"label": "URGENT",
"value": 5
},
"evidence": {
"expectedValues": "\nSetting not found\n------------ OR ------------\nFile not found\n------------
OR ------------\ngreater than or equal to\n0",
"currentValues": [
"5"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "2025-04-20T08:52:58Z",
"extendedEvidence": "Row 1:File name,Setting,Value\nRow
2:/etc/login.defs,PASS_MIN_LEN,5\n",
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN
setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "3.39",
"totalDataSizeKB": "3.39",
"currentBatch": 1,
"totalBatches": 1,
"cloudMetaData": {
"cloudProvider": "GCP",
"cloudService": "Compute Engine",
"cloudResourceId": "3654664005469669138",
"cloudResourceType": "Instance",
"cloudAccountId": "175127636344",
"cloudImageId": null,
"cloudResourceMetadata": {
"publicIpAddress": "34.136.202.121",
"privateIpAddress": "10.128.0.19",
"machineType": "custom-1-1024",
"zone": null,
"projectId": "qlys-devqa-qweb",
"state": "STOPPED",
"network": "N/A",
"macAddress": null
}
},
"CLOUD_RESOURCE_ID": "3654664005469669138"
},
.......
{
"id": 19029079,
"instance": "os",
"policyId": 1438442,
"policyTitle": "GCP policy-Neha",
"netBios": "INSTANCE-20250423-173020",
"controlId": 1131,
"controlStatement": "Status of the 'Trivial File Transfer Protocol (TFTP)' service",
"rationale": "The 'TFTP' service is both a command and TCP protocol that is normally used only
for booting diskless workstations, getting or saving network component configuration files, or as a
'kickstart' type host configuration from a network-based template. The connection initiation and
data transfer is all done in clear text without requiring credentials of any kind. As a malicious user
with a 'sniffer' running on the network, could easily capture the data and/or reproduce the same
operation, simply by knowing the name of the file(s) and the source address(es), this process should
be disabled/restricted according to the needs of the business.",
"remediation": "Review \"/etc/inetd.conf\" file to check whether tftp service's configuration in line
with business needs and organization's security policies.\n\nExample: To disable the tftp
service,\n\nRemove or comment out any tftp lines in /etc/inetd.conf: \n# tftp stream tcp nowait root
internal",
"category": "Services",
"subCategory": "Guidelines/Procedures (Services)",
"controlReference": null,
"technologyId": 346,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2025-04-06T09:48:19Z",
"lastPassDate": "2025-04-06T09:48:19Z",
"postureModifiedDate": "2025-04-06T09:48:19Z",
"lastEvaluatedDate": "2025-04-06T09:48:19Z",
"created": "2025-04-16T12:24:26Z",
"hostId": 4980343,
"ip": "34.xxx.xxx.84",
"trackingMethod": "AGENT",
"os": "Debian Linux 11.1",
"osCpe": null,
"domainName": "179.xx.xxx.35.bc.googleusercontent.com",
"dns": "179.xx.xxx.35.bc.googleusercontent.com",
"qgHostid": "4bd9e81e-12f8-4d8f-a51d-c475131a55b8",
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2025-04-06T09:39:21Z",
"customerUuid": "93f7ad53-1590-e3ac-83cd-322b91180e13",
"customerId": "1337821",
"assetId": 42078290,
"technology": {
"id": 346,
"name": "Debian GNU/Linux 11.x"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nDisabled (0)\n------------ OR ------------\nEnabled (1)\n------------ OR ------------\nSetting not found\n------------ OR ------------\nFile not found",
"currentValues": [
"File not found"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "2025-04-04T09:39:21Z",
"extendedEvidence": "Row 1:\n",
"description": "The following List String value of X indicates the status of the tftp service
configured within the /etc/xinetd.conf, /etc/xinetd.d/*, /etc/inetd.conf and /etc/inetd.d/* files on the
host. A value of 0 indicates the service is disabled; and a value of 1 indicates the service is enabled on
the host."
},
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "3.27",
"totalDataSizeKB": "97.52",
"currentBatch": 1,
"totalBatches": 1,
"cloudMetaData": {
"cloudProvider": "GCP",
"cloudService": "Compute Engine",
"cloudResourceId": "2182777093928348127",
"cloudResourceType": "Instance",
"cloudAccountId": "175127636344",
"cloudImageId": null,
"cloudResourceMetadata": {
"publicIpAddress": "35.xxx.xx.179",
"privateIpAddress": "10.xxx.x.27",
"machineType": "e2-medium",
"zone": null,
"projectId": "qlys-devqa-qweb",
"state": "RUNNING",
"network": "N/A",
"macAddress": null
}
},
"CLOUD_RESOURCE_ID": "2182777093928348127"
}
]
API Request
curl --location '<qualys_base_url>/pcrs/5.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0&extendedEvidenceRequired=0%27 \
header 'Content-Type: application/json' \
header 'Authorization: Bearer <JWT TOKEN>' \
data '[
{
"policyId": "1627436",
"subscriptionId": "583816",
"hostIds": [
"5400713"
]
}
]'
JSON Response
{
"id": 25598740,
"instance": "os",
"policyId": 1627436,
"policyTitle": "OCA Policy",
"netBios": null,
"controlId": 4358,
"controlStatement": "Status of the 'aaa authentication login' configuration command on the device",
"rationale": "Requiring an AAA Authentication method(s) to be employed for local user logins provides a source for managing and monitoring access into the device. Setting the AAA Authentication for local user logins enforces a username and password combination be used when logging into the device locally. If a named AAA Authentication list is used in place of the default setting, authentication is required to be configured for each IOS line for each interface.",
"remediation": "Before you configure default login authentication methods, configure RADIUS or TACACS+ server groups as needed\nExecute the following commands to set the default authentication method\n1. configure terminal\n2. aaa authentication login default { group 'group-list' [ none ]| local | none }\n3. exit",
"category": "OS Security Settings",
"subCategory": "Network Settings (OSI Layers 2-5)",
"controlReference": null,
"technologyId": 200,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2025-08-20T06:54:10Z",
"lastPassDate": "2025-08-20T06:59:21Z",
"postureModifiedDate": "2025-08-20T06:54:10Z",
"lastEvaluatedDate": "2025-08-20T06:59:21Z",
"created": "2025-10-22T08:19:41Z",
"hostId": 5400713,
"ip": "123.231.42.198",
"trackingMethod": "OCA",
"os": "Arista EOS 4",
"osCpe": null,
"domainName": null,
"dns": null,
"qgHostid": "003e160a-7b12-442f-a67c-7c7a08badb5d",
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-06-07T00:00:00Z",
"customerUuid": "bb662c39-f363-d58f-825d-abbcf4f035c2",
"customerId": "1334625",
"assetId": 44524164,
"technology": {
"id": 200,
"name": "Arista EOS 4.x"
},
"criticality": {
"label": "MEDIUM",
"value": 4
},
"evidence": {
"expectedValues": "\nFilter not found\n OR \nCommand not found\n OR \nmatches regular expression list\n.*",
"currentValues": [
"Filter not found"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "",
"extendedEvidence": null
},
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "2.47",
"totalDataSizeKB": "2.47",
"currentBatch": 2,
"totalBatches": 16,
"CLOUD_RESOURCE_ID": null
}
API Request
curl --location '<qualys_base_url>/pcrs/5.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0&extendedEvidenceRequired=1%27 \
header 'Content-Type: application/json' \
header 'Authorization: Bearer <JWT TOKEN>' \
data '[
{
"policyId": "1627436",
"subscriptionId": "583816",
"hostIds": [
"5400713"
]
}
]'
JSON Response
{
"id": 25598740,
"instance": "os",
"policyId": 1627436,
"policyTitle": "OCA Policy",
"netBios": null,
"controlId": 4358,
"controlStatement": "Status of the 'aaa authentication login' configuration command on the device",
"rationale": "Requiring an AAA Authentication method(s) to be employed for local user logins provides a source for managing and monitoring access into the device. Setting the AAA Authentication for local user logins enforces a username and password combination be used when logging into the device locally. If a named AAA Authentication list is used in place of the default setting, authentication is required to be configured for each IOS line for each interface.",
"remediation": "Before you configure default login authentication methods, configure RADIUS or TACACS+ server groups as needed\nExecute the following commands to set the default authentication method\n1. configure terminal\n2. aaa authentication login default { group 'group-list' [ none ]| local | none }\n3. exit",
"category": "OS Security Settings",
"subCategory": "Network Settings (OSI Layers 2-5)",
"controlReference": null,
"technologyId": 200,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2025-08-20T06:54:10Z",
"lastPassDate": "2025-08-20T06:59:21Z",
"postureModifiedDate": "2025-08-20T06:54:10Z",
"lastEvaluatedDate": "2025-08-20T06:59:21Z",
"created": "2025-10-22T08:19:41Z",
"hostId": 5400713,
"ip": "123.231.42.198",
"trackingMethod": "OCA",
"os": "Arista EOS 4",
"osCpe": null,
"domainName": null,
"dns": null,
"qgHostid": "003e160a-7b12-442f-a67c-7c7a08badb5d",
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-06-07T00:00:00Z",
"customerUuid": "bb662c39-f363-d58f-825d-abbcf4f035c2",
"customerId": "1334625",
"assetId": 44524164,
"technology": {
"id": 200,
"name": "Arista EOS 4.x"
},
"criticality": {
"label": "MEDIUM",
"value": 4
},
"evidence": {
"expectedValues": "\nFilter not found\n OR \nCommand not found\n OR \nmatches regular expression list\n.*",
"currentValues": [
"Filter not found"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "",
"extendedEvidence": "Row 1:Command,Filter 1: ^aaa authentication login\nRow 2:show running-config all,\n",
"description": "The following List String value(s) X indicates the status of the aaa authentication login configuration command on the host."
},
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "2.47",
"totalDataSizeKB": "2.47",
"currentBatch": 2,
"totalBatches": 16,
"CLOUD_RESOURCE_ID": null
}
API Request
curl -X POST "<qualys_base_url>/pcrs/5.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0?qdScoreRequired=1"
-H "accept: */*"
-H "Authorization: Bearer Token"
-H "Content-Type: application/json"-d "[{\"policyId\":\"POLICY ID\",\"subscriptionId\":\"SUBSCRIPTION ID\",\"hostIds\":[\"HOST ID1\",\"HOST ID2\"]}]"
API Response
{
"id": 33529705,
"instance": "os",
"policyId": 5772988,
"policyTitle": "Centos policy",
"netBios": null,
"controlId": 2641,
"controlStatement": "Current list of 'inactive user accounts' and their 'last login Information' value(s)",
"rationale": "Periodic account reviews showing the 'inactive user accounts and their last login information' can be performed to support security and compliance policies. This check can be run against all accounts or only those you specify to quickly determine if unused accounts need to be disabled. This check can also be used in support of incident response activities and act as evidence to show timeliness associated with when specific accounts were last used to support legal investigations. As inactive accounts can provide access for unauthorized activities, this check should be run regularly according to the security and compliance policies of the business.",
"remediation": "Review and Verify Periodically the user accounts and their last login information to determine if inactive accounts need to be disabled as per business needs and the organization's security policy.",
"category": "Access Control Requirements",
"subCategory": "Account Creation/User Management",
"controlReference": null,
"technologyId": 80,
"status": "Failed",
"previousStatus": "Failed",
"firstFailDate": "2025-10-20T19:25:43Z",
"lastFailDate": "2025-12-08T20:37:38Z",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2025-10-20T19:25:34Z",
"lastEvaluatedDate": "2025-12-08T20:37:38Z",
"created": "2025-12-11T10:48:01Z",
"hostId": 13440667,
"ip": "10.11.70.161",
"trackingMethod": "IP",
"os": null,
"osCpe": null,
"domainName": null,
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2025-09-25T08:44:47Z",
"customerUuid": "8db3e9cd-8e85-494b-817b-098c0cd67934",
"customerId": "2591847",
"assetId": 54537016,
"technology": {
"id": 80,
"name": "CentOS 7.x"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": {
"expectedValues": "\nLast login info not found\n------------ OR ------------\n/var/log/lastlog not found\n------------ OR ------------\nmatch all regular expression match\n.*:([0-9]$|[0-9][0-9]$|100$)",
"currentValues": [
"root:0",
"rdlab:1758",
"qtestos:1758"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "2025-09-25T08:44:47Z",
"extendedEvidence": null,
"description": "This List String value of X returns the information of the Inactive User's last login on the host. NOTE : It returns list of all active user name and the inactive days."
},
"causeOfFailure": {
"missing": {
"logic": null,
"value": [
"------------ OR ------------",
"Last login info not found",
"------------ OR ------------",
"/var/log/lastlog not found"
]
},
"unexpected": {
"value": [
"rdlab:1758",
"qtestos:1758"
]
}
},
"userDefinedAttributesList": null,
"currentDataSizeKB": "2.79",
"totalDataSizeKB": "233.56",
"currentBatch": 1,
"totalBatches": 1,
"qds": 56,
"CLOUD_RESOURCE_ID": null
}
API Request
curl -X POST "<qualys_base_url>/5.0/posture/postureInfo?evidenceRequired=1" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '[
{
"subscriptionId": "583816",
"postureId": "256743"
}
]'
API Response
[
{
"postureId": 256743,
"hostId": 56433,
"policyId": 1614425,
"controlId": "CID-001",
"status": "passed",
"currentBatch": 1,
"totalBatches": 1,
"evidence": "...",
...
}
]
API Request
curl -X POST "<qualys_base_url>/5.0/posture/postureInfo?evidenceRequired=0" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '[
{
"subscriptionId": "583816",
"postureId": "25678328,25678329,25678330"
}
]'
JSON Response
[
{
"id": 25678328,
"instance": "os",
"policyId": 734560,
"policyTitle": "AllTech_policy- Exception",
"netBios": null,
"controlId": 1091,
"controlStatement": "Status of the number of days before a [Prompt user] password expiration warning prompt is displayed at login",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting the 'expiration warning date' requirement. This establishes the number of days before the host will begin to display 'password expiration warning' messages upon login. Without having a pre-expiration warning message, it is more likely that users will not prepare for this event, which may contribute to the selection of hard-to-remember or easily broken password sequences, which circumvents the intent of having rules for password complexity enforced. This may cause some users to forget or write down their new password, which can lead either to a system compromise or increased calls to Help Desk resources.",
},
{
"id": 25678329,
"instance": "os",
"policyId": 725886,
"policyTitle": "AllTech_policy",
"netBios": null,
"controlId": 1071,
"controlStatement": "Status of the 'Minimum Password Length' setting",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.",
},
{
"id": 25678330,
"instance": "os",
"policyId": 725886,
"policyTitle": "AllTech_policy",
"netBios": null,
"controlId": 1072,
"controlStatement": "Status of the 'Minimum Password Age' setting",
"rationale": "Among the characteristics that make 'user identification' via password a workable security solution is setting a 'minimum password age.' Without this minimum age requirement, any user(s) who wish to re-use the same password can merely cycle through a number of previously used passwords until returning to the preferred one (this is determined by the 'Password History' setting). While no specific 'minimum password age' can guarantee password security, one (1) day is generally considered to be the shortest length of time permissible, along with requiring other password security factors, such as increasing the variability of the symbol set-space by requiring mixed-cases, special characters, further increases the difficulty of breaking any password using brute-force methods. Consider implementing this control for all account passwords in conjunction with CID 1318 (Password History) and CID 1071 (Minimum Password Length) and CID 1073 (Maximum Password Age).",
}
]
API Request
curl -X POST "<qualys_base_url>/5.0/posture/postureInfo?evidenceRequired=1&extendedEvidenceRequired=1" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '[
{
"subscriptionId": "583816",
"postureId": "25678328-25678330"
}
]'
JSON Response
[
{
"id": 25678328,
"instance": "os",
"policyId": 734560,
"policyTitle": "AllTech_policy- Exception",
"netBios": null,
"controlId": 1091,
"controlStatement": "Status of the number of days before a [Prompt user] password expiration warning prompt is displayed at login",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting the 'expiration warning date' requirement. This establishes the number of days before the host will begin to display 'password expiration warning' messages upon login. Without having a pre-expiration warning message, it is more likely that users will not prepare for this event, which may contribute to the selection of hard-to-remember or easily broken password sequences, which circumvents the intent of having rules for password complexity enforced. This may cause some users to forget or write down their new password, which can lead either to a system compromise or increased calls to Help Desk resources.",
},
{
"id": 25678329,
"instance": "os",
"policyId": 725886,
"policyTitle": "AllTech_policy",
"netBios": null,
"controlId": 1071,
"controlStatement": "Status of the 'Minimum Password Length' setting",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.",
},
{
"id": 25678330,
"instance": "os",
"policyId": 725886,
"policyTitle": "AllTech_policy",
"netBios": null,
"controlId": 1072,
"controlStatement": "Status of the 'Minimum Password Age' setting",
"rationale": "Among the characteristics that make 'user identification' via password a workable security solution is setting a 'minimum password age.' Without this minimum age requirement, any user(s) who wish to re-use the same password can merely cycle through a number of previously used passwords until returning to the preferred one (this is determined by the 'Password History' setting). While no specific 'minimum password age' can guarantee password security, one (1) day is generally considered to be the shortest length of time permissible, along with requiring other password security factors, such as increasing the variability of the symbol set-space by requiring mixed-cases, special characters, further increases the difficulty of breaking any password using brute-force methods. Consider implementing this control for all account passwords in conjunction with CID 1318 (Password History) and CID 1071 (Minimum Password Length) and CID 1073 (Maximum Password Age).",
}
]
The following table depicts the information about the different versions of this API along with the status:
| API Version | EOS | EOL |
| /pcrs/5.0/posture/postureInfo? | Active | Active |
| /pcrs/4.0/posture/postureInfo? | May 2026 | November 2026 |
| /pcrs/3.0/posture/postureInfo? | December 2025 | June 2026 |
| /pcrs/2.0/posture/postureInfo? | December 2025 | June 2026 |
| /pcrs/1.0/posture/postureInfo? | December 2025 | June 2026 |