Was this topic helpful?
For API version information, refer to the API Version History section.
The V3 API is designed to fetch only PC Asset data. To retrieve both PC and SCA Asset data, continue using API Versions V1 or V2.
Get continuous posture information for all the specified hosts for each policy ID included in the API.
To get posture information, you must use the host IDs retrieved in the Resolve Host IDs API request.
|
Parameter |
Required/Optional |
Data Type |
Description |
|---|---|---|---|
|
evidenceRequired={0|1} |
Optional |
Integer |
Default value is 0, which indicates that evidence data will not be retrieved for the host posture. If you want evidence data to be retrieved, change the value to 1. Note: Changing the value to 1 will increase the time required to fetch posture data |
|
compressionRequired={0|1} |
Optional |
Integer |
Default value is 1, which indicates that the output will be compressed. If you do not want the data to be compressed, change the value to 0. Note: Not compressing the data will increase the time required to fetch posture data. |
|
Request Body |
Required |
String |
Output of the Resolve Host ID and the JWT . |
|
Request header: Authorization |
Required |
String |
JWT encrypted . Note: The received from the Authorization API and the used in the second API need to be the input here. |
|
lastEvaluationDate={value} |
Optional |
Integer |
Compliance posture information records when the posture is equal to or greater than the specified date. You may also specify the time. The format for date and time is: YYYY-MM-DD or, YYYY-MM-DDTHH:MM:SSZ (UTC/GMT). |
|
lastScanDate={value} |
Optional |
Integer |
Compliance posture information on the date on which an asset was last scanned. The formats for date are: lastScanDate=2021-12-17 lastScanDate=2021-12-17T18:48:16Z |
|
lastScanDateFrom, lastScanDateTo={value} |
Optional |
Integer |
Compliance posture information of the assets scanned between these two dates, both dates included. The format for dates is: lastScanDateFrom=2022-09-30 or 2022-09-30T18:48:16Z lastScanDateTo=2022-12-27 or 2022-12-27T20:48:16Z Notes: - You must specify both dates. - You must not use these parameters with lastScanDate |
|
statusChangedSince={value} |
Optional |
Integer |
Compliance posture information records when the posture is changed in policy since the specified date. You may also specify the time. The format for date and time is: YYYY-MM-DD or YYYY-MM-DDTHH:MM:SSZ (UTC/GMT) |
Get Posture Info With lastEvaluationDate, Without Evidence, Without Compression, Without lastScanDate
API Request
curl -X POST "https://<qualys_base_url>/pcrs/1.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0&lastEvaluationDate=2021-12-23"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"POLICY ID\",\"subscriptionId\":\"SUBSCRIPTION ID\",\"hostIds\":[\"HOST ID1\",\"HOST ID2\"]}]"JSON Output
[
{
"id": xxx,
"instance": "os",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"controlStatement": "Status of the 'banner motd' configuration command on the device",
"rationale": "The 'Message of the Day (banner motd)' command is used to provide a warning banner displayed when a
connection to the device is made BEFORE a user successfully authenticates to the device. The Message of the Day banner can be used to provide an acceptable use policy or warning prior to login notifying that all user activity may be monitored and potential legal consequences may result from unauthorized use. Run this check periodically to ensure content of the banner displayed is in compliance with the requirements and expectations driven by internal standards and/or policies.",
"remediation": "Execute following commands to set desired
banner message:\n1. configure terminal\n2. banner motd
'delimiting-character' 'message' 'delimiting-character'\n3.
exit\n\nc",
"controlReference": null,
"technologyId": xxx,
"status": "Error",
"previousStatus": "Error",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-12-21T11:28:21Z",
"lastPassDate": "2021-12-21T11:29:22Z",
"postureModifiedDate": "2021-12-22T12:56:41Z",
"lastEvaluatedDate": "2021-12-23T05:32:40Z",
"created": "2022-02-21T13:10:13Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xxx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:cisco::7.0%283%29i2%282%29:::",
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-12-22T12:49:59Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xxx,
"name": "Cisco NX-OS"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": null,
"causeOfFailure": null,
"currentBatch": 1,
"totalBatches": 1
}Get Posture Info Without lastEvaluationDate, Without Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=0 and compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/1.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"subscriptionId\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output
[
{
"id": xxx,
"instance": "os",
"policyId": <POLICY ID>,
"controlId": <CONTROL ID>,
"technologyId": xx,
"status": "Failed",
"previousStatus": "Failed",
"firstFailDate": "2021-10-25T07:21:13Z",
"lastFailDate": "2021-10-29T07:52:41Z",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:54:26Z",
"hostId": <HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:57:58Z",
"customerUuid": "xxx",
"customerId": "xxx",
"assetId": "xxx",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": null,
"causeOfFailure": {
"missing": {
"logic": null,
"value": [
"1",
"Attribute not found",
"Unable to retrieve password policy"
]
},
"unexpected": {
"value": [
"0"
]
}
}
},
{
"id": xxx,
"instance": "os",
"policyId": <POLICY ID>,
"controlId": <CONTROL ID>,
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-25T07:21:13Z",
"lastPassDate": "2021-10-29T07:52:41Z",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:54:26Z",
"hostId": <HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:57:58Z",
"customerUuid": "xxxx",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "URGENT",
"value": 5
},
"evidence": null,
"causeOfFailure": null
}
]Get Posture Info Without lastEvaluationDate, Without Evidence, With Compression, Without lastScanDate
User input: evidenceRequired=0 & compressionRequired=1
API Request
curl -X POST "https://<qualys_base_url>/pcrs/1.0/posture/postureInfo?evidenceRequired=0&compressionRequired=1"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"subscriptionId\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output (Compressed)
‹ íÝ]sÚHÅñ¯ââ:Îê!Áݬí?uUoeIì8©š©©)
²C?D2S©|÷•p2Ž_ÖôÁý€ÿ»d?…~é´8:ýÛçÆ ßè„í(ÈÒfð¬1OË
7:?bÚxÖ¸,†ƒÞ߇Õ6Í(ŠÓ${Öè-ãrR
ëÇÂ0Kž5ʼ÷~\
‹‹ùviõHμ?r6-öñª;?æýz?“üã ˜MOî<s>˜LËÿtÃýnY¿lõа{û‘ùFõ?|}(
¢p7
v£äM?v¢° Æ¿~ýÁû¶j×[%Q§þ:ÿ?¦ål’-ýÁù
ïÿß]†ßvyð±;oeU[ÝÙôæ~{“¼Þèî--N Ô?¼¯^¸>DY«?´ÚÍêh_V?‡Áó0|ž-Ï›QμM9éö>
ÆGyù¾¨÷uøªz´ú,:ãÙpXÿiï²~½Ë¼ó¯¢3ô&Å´8/;Ÿ-ã~ñiúÇ4Ÿ|Ì'?DAu&Q§óW«Ù©
öÐ×G½WOEúùÇéŸÃêéVõèŸÿ-ÞS}
\í}oe—
ŸŠÉ‡úM6‚Æ???ÙÕ¯ùó°8ëwöóóîlXî¼¼z²þÍ‹ÑåpPŸ7/ªÃuÒëŽo©ìMØêÄíN’Ì?ÔlZ
£|r:?Ì_©?giž-»ÙYÔÚM³óóÝ,l&»A˜žeaë¼?¦çßýÔüÝEIPí»z´>?Ê«‡Â´?diý¾¯OÉFç
ê ¯OËñÕ¯ñîêHíoeÌ?ÔN}¤vŽ£Æ—
ú ?”ƒ^w8(ç?7ìžåÃêöŽß?îýô¢Úq}&TûhV?W't?ŸS¹:v½îlšÿr^Ÿ¸ÕÙuõè—
g7€…*°(lE ÀÜ€Eò´C€ìvrp|øËéÉμ¯x9_±î+ž~t_Gû‡§G×¼¢åx5—
àõðÿëW»Ÿ×?ÏÜæõ€oeû¶ºy†ßfx—
?¼àμ’áësc4˜N«Or¾§âbÐû¶å×?üÖ¨ßþOe9oeÍÊ|g\”;çÅl\£8wφùNYìLòêùüc¾sYý¢
Õáîï\‘lü^½‡Ù8ÿë2ïÍOºÏ×û
ª'¿Ü²?,ñ_Sæ~ØþÑmŸÿ|ðòÍ5íd¹¡³uƒ×ÑÉÉëõ‹·:Õ¹ÖOEãÎü‘êß‘·Ç?W{ûoû»çâf5
Þ €Oàü¼ü*ðèÛAÛ©
\;l-âLê?á}—@aC>À0óÏ°•Á †0T¶-Æ0„!
Ý&?Ãvð0C.¼Âp›.¾úª]?MBÄw¾›d,1ˆK#†Ì,aC…aìŸa0 †
æÃ&
aC?abÁpÁ—ÿ\à?á63tˆ×Õo÷mý—éwÙº.û„÷\öñŸë©h·a¡
ma„5Èõ¤-æ›0„¡ÂРד’ë?áv0ôtdb ëI‰õ …‚–Aª'‹PˆBUser input: evidenceRequired=1 & compressionRequired=1
API Request
curl -X POST "https://<qualys_base_url>/pcrs/1.0/posture/postureInfo?evidenceRequired=1&compressionRequired=1"-H "accept: */*" -H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"subscriptionId\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output (Compressed)
‹ í?[sÛFš@ÿ
JμöΈ ¼€|“%yâÄr SvR“ÌNQ$LaC4 ÚÖÌä¿o7HJ¼
ša‹"qR•*YÂμÑ}ú‚ßùõß'^ÿ¤mμª¦Ó¬™?=ñü(îú=÷¤} D'?=C¯wÿFlS«VífÝùëI/ð
ã0ÊßY–SÿëIìöîü`
’íšâ7âñ$ ǸîF‘Û—ÇÝ/^0‰:k?ùä…Qüºë
/º±<-øÕ°»ú›d#¹ËìWU³j?Zæiμ~c6ÛU«mÙ?Ÿí˜¶UKnU¯¶kÖß“{ŠâIè^}ï“çö3iÍyù¥
;oeˆ-Ö6]>n/tåFë?ÔÚõ†ÜàNoeX‘ÓhÕ?-š(í±ØØ2+–
Uiš•ZUl ‡ÝÞïž?¸rã»@ëÍμø-xm?2?ÊŸÎÇòzc·ý?A{äõÂ
>Åí¯žß¾FÿOEÜð‹?þ³jZÕvXm·¿5jmq„¾/K½OEúî—
èóPü¹!~ûyð?¸&Y¦G÷Ýøk þ./òÄ<yø÷»îHžóoÃà¶;4.ÜOÝÉ06ÞMÿ(ï<?‡ž¬7oEqu
z]?μ¤oe?«Ñ®‹²p’’šDq0rà /9S×všnÓ<un«?Ó¦óéÓ©cÕꧦռu¬Æ§®Õü´°WruÕº)
Ž-~+ëQ<ý•ÕlÕ?¦¼îÇ*yÒžVqY-ýémü<-)£“””!KÊx_=ùC>A/özÝ¡'û
»·îPìpþþÍÍ›ó³·âÀ²&ˆcÔÄÆ¢B÷ݤ©üûÄý6v{âÙ?”?–
ý›?áEÝÛ¡Û7^˜/?óOþ3~|o,þû7ÿÒŸmjånúÞt&·?¸÷†ÄƧ`â÷óvYÚ8)Ç0týx~-¿ž,^
êÉ?D‘öâIw8ÿû´fô½PÜa Þ¿öFú½é¯e‘u'‘ûã'Ù\E›šÿz+–*VªV£
VÀGet Posture Info Without lastEvaluationDate, With Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=1, compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/1.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0"-H "accept: */*" -H "Authorization: Bearer Token"-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"xxx\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output
[
{
"id": xxx,
"instance": "os",
"policyId": <POLICY ID>,
"controlId": <CONTROL ID>,
"technologyId": <TECHNOLOGY ID>,
"status": "Failed",
"previousStatus": "Failed",
"firstFailDate": "2021-10-25T07:21:13Z",
"lastFailDate": "2021-10-29T07:52:41Z",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:55:26Z",
"hostId": <HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:39:55Z",
"customerUuid": "0a387e70-8b26-78ff-8145-017b816fa17f",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nAttribute not found\n---------
--- OR ------------\nUnable to retrieve password policy\n------
------ OR ------------\nequal to\n1",
"currentValues": [
"0"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": {
"missing": {
"logic": null,
"value": [
"1",
"Attribute not found",
"Unable to retrieve password policy"
]
},
"unexpected": {
"value": [
"0"
]
}
}
},
{
"id": xx,
"instance": "MSSQL 2016:1:1433:MSSQLSERVER:PCDEV",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-25T07:21:13Z",
"lastPassDate": "2021-10-29T07:52:41Z",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:55:27Z",
"hostId": <HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:39:55Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Microsoft SQL Server 2016"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nGrantees not found\n----------
-- OR ------------\nmatches regular expression list\n.*",
"currentValues": [
"Grantees not found"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": null
}
]Get Posture Info (Multiple Policy IDs) With lastEvaluationDate, With Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=1 & compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/1.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0&lastEvaluationDate=2021-12-27T15:35:22Z"-H "accept: /"-H "Authorization: Bearer Token "-H "Content-Type:application/json"-d "[{\"policyId\":\"Policy_ID\",\"subscriptionId\":\"Subscription_ID\",\"hostIds\":[\"Host_ID1\"]},{\"policyId\":\"policyId1\",\"subscriptionId\":\"Subscription_ID\",\"hostIds\":[\"HOST_ID1\"]}]"JSON Output
[
{
"id": xx,
"instance": "os",
"policyId": <POLICY_ID>,
"controlId": <CONTROL_ID,
"controlStatement": "Status of the 'Minimum Password Length' setting",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.", "remediation": "To establish the recommended configuration via GP, set the following UI path to 14 or more character(s):\n\n\tComputer Configuration\\Policies\\Windows
Settings\\Security Settings\\Account Policies\\Password
Policy\\Minimum password length",
"controlReference": null,
"technologyId": xx,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-12T13:12:26Z",
"lastPassDate": "2021-12-27T15:35:22Z",
"postureModifiedDate": "2021-10-12T13:12:26Z",
"lastEvaluatedDate": "2021-12-27T15:35:22Z",
"created": "2022-02-24T14:21:06Z",
"hostId": xx,
"ip": "xx.xx.xx.xx",
"trackingMethod": "DNS Hostname",
"os": xx,
"osCpe": "cpe:/o:microsoft:windows_2003_server::sp2::",
"dns": "client5-25-244.root.vuln.qa.qualys.com",
"qgHostid": xx,
"networkId": xx,
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-12-27T15:31:18Z",
"customerUuid": "xx",
"customerId": "xx",
"assetId": xx,
"technology": {
"id": xx,
"name": "Windows 2003 Server"
},
"criticality": {
"label": "CRITICAL",
"value": xx
},
"evidence": {
"expectedValues": "\ngreater than or equal to\n0",
"currentValues": [
"1"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": null,
"currentBatch": xx,
"totalBatches": xx
},
{
"id": xx,
"instance": "os",
"policyId": <POLICY_ID>,
"controlId": <CONTROL_ID>,
"controlStatement": "Status of the
'net.ipv4.conf.all.send_redirects' setting within the
'/etc/sysctl.conf' file",
"rationale": "The 'net.ipv4.conf.all.send_redirects' network parameter (/etc/sysctl.conf) allows ICMP routing redirection. If the system is not going to be used as a firewall or gateway to pass network traffic, and this parameter is not disabled, malicious users may attempt to spoof source addresses or redirect traffic to a host with a network sniffer, so this value should be set according to the needs of the business.",
"remediation": "Set the following parameters in the /etc/sysctl.conf file:\n\n# net.ipv4.conf.all.send_redirects = 0\n\nOR \nRun the following commands to set the active kernel parameters:
\n# sysctl -w net.ipv4.conf.all.send_redirects=0\n#
sysctl -w net.ipv4.route.flush=1",
"controlReference": null,
"technologyId": 80,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2022-02-11T12:54:23Z",
"lastPassDate": "2022-02-11T12:54:23Z",
"postureModifiedDate": "2022-02-11T12:54:23Z",
"lastEvaluatedDate": "2022-02-11T12:54:23Z",
"created": "2022-02-24T14:21:06Z",
"hostId": xx,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:centos:centos_linux:7.6.1810:::",
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2022-02-11T12:47:29Z",
"customerUuid": "xx",
"customerId": "xx",
"assetId": xx,
"technology": {
"id": xx,
"name": "CentOS 7.x"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": {
"expectedValues": "\nSetting not found\n------------ OR
------------\nFile not found\n------------ OR ------------
\nmatches regular expression list\n.*",
"currentValues": [
"Setting not found"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": null,
"currentBatch": 1,
"totalBatches": 1
}
]Get Posture Info Without lastEvaluationDate, Without Evidence, Without Compression, Without lastScanDate
User Input: evidenceRequired=0 & compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/1.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d"[{\"policyId\":\"xx\",\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]},{\"policyId\":\"policyId1\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]}]"JSON Output
[
{
"id": xx,
"instance": "os",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-14T11:19:31Z",
"lastPassDate": "2021-10-18T06:17:29Z",
"postureModifiedDate": "2021-10-14T11:19:30Z",
"lastEvaluatedDate": "2021-10-18T06:17:29Z",
"created": "2021-10-29T08:38:14Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:cisco:asa:9.2%284%29:::",
"dns": null,
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-14T09:37:38Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Cisco ASA 9.x"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": null,
"causeOfFailure": null
},
{
"id": xx,
"instance": "os",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-25T07:21:13Z",
"lastPassDate": "2021-10-29T08:38:10Z",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T08:38:10Z",
"created": "2021-10-29T08:38:14Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:53:14Z",
"customerUuid": "0a387e70-8b26-78ff-8145-017b816fa17f",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": null,
"causeOfFailure": null
},
{
"id": 19235413,
"instance": "MSSQL 2016:1:1433:MSSQLSERVER:DB",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-28T16:53:06Z",
"lastPassDate": "2021-10-29T08:38:10Z",
"postureModifiedDate": "2021-10-28T16:53:06Z",
"lastEvaluatedDate": "2021-10-29T08:38:10Z",
"created": "2021-10-29T08:38:15Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:53:14Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Microsoft SQL Server 2016"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": null,
"causeOfFailure": null
}
]Get Posture Info Without lastEvaluationDate, With Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=1 & compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/1.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xx\",\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]},{\"policyId\":\"policyId1\",\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]}]"JSON Output
[
{
"id": xx,
"instance": "os",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-14T11:19:31Z",
"lastPassDate": "2021-10-18T06:17:29Z",
"postureModifiedDate": "2021-10-14T11:19:30Z",
"lastEvaluatedDate": "2021-10-18T06:17:29Z",
"created": "2021-10-29T08:40:38Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:cisco:asa:9.2%284%29:::",
"dns": null,
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-14T09:37:38Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Cisco ASA 9.x"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": {
"expectedValues": "\nFilter 2 not found:
^[\\*\\.\\d]\n------------ OR ------------\nFilter 1 not found:
show clock detail\n------------ OR ------------\nmatches
regular expression list\n.*",
"currentValues": [
"show clock detail:08:26:29.074 pdt Thu Oct 14
2021"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": null
},
{
"id": xx,
"instance": "MSSQL 2016:1:1433:MSSQLSERVER:DB",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": xx,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-28T16:53:06Z",
"lastPassDate": "2021-10-29T08:39:07Z",
"postureModifiedDate": "2021-10-28T16:53:06Z",
"lastEvaluatedDate": "2021-10-29T08:39:07Z",
"created": "2021-10-29T08:40:46Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:57:58Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Microsoft SQL Server 2016"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": {
"expectedValues": "\nSet status to PASS if no data
found\n------------ OR ------------\nmatches regular expression
list\n.*",
"currentValues": [
"Error Code 35:Failed to execute database query"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": null
}
]Get Posture Info Without lastEvaluationDate, Without Evidence, With Compression, With lastScanDate
User input: evidenceRequired=0 & compressionRequired=1 & lastScanDateRequired=1
API Request
Curl-X POST"https://<qualys_base_url>/pcrs/1.0/posture/postureInfo?evidenceRequired=0&compressionRequired=1&lastEvaluationDate=2021-12-17T18:48:16Z&lastScanDate=2021-12-17T18:48:16Z"-H "accept: */*"-H "Content-Type: application/json"-d "[{\"policyId\":\"POLICY ID\",\"subscriptionId\":\"SUBCRIPTION ID\",\"hostIds\":[\"HOST ID\"]}]"JSON Output
[
{
"id": <HOST INSTANCE ID>,
"instance": "os",
"policyId": <POLICY ID>,
"controlId": <CONTROL ID>,
"controlStatement": "Status of the 'Minimum Password Length' setting", "rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly
considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.", "remediation": "To specify password length requirements for new accounts, edit the file \"/etc/login.defs\" and add or correct the
following lines: \n\nPASS_MIN_LEN <required value>\n\nexample:\n\nPASS_MIN_LEN 14\n\n\nNote:\nThe DoD requirement is
\"14\". If a program consults \"/etc/login.defs\" and also another PAM module (such as \"pam_cracklib\") during a password change operation, then the most restrictive must be satisfied.",
"controlReference": null,
"technologyId": <TECHNOLOGY ID>,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-12-23T08:20:23Z",
"lastPassDate": "2022-02-02T11:54:20Z",
"postureModifiedDate": "2021-12-23T08:20:22Z",
"lastEvaluatedDate": "2022-02-02T11:54:20Z",
"created": "2022-07-11T11:53:46Z",
"hostId": <HOST ID>,
"CLOUD_RESOURCE_ID": "<CLOUD RESOURCE ID>",
"ip": "xx.xx.xx.xxx",
"trackingMethod": "EC2",
"os": "Red Hat Enterprise Linux 8.3",
"osCpe": null,
"dns": "ip-xx-xx-xx-xxx.af-south-1.compute.internal",
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-12-23T12:59:04Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": <ASSET ID>,
"technology": {
"id": 217,
"name": "Red Hat Enterprise Linux 8.x"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": null,
"causeOfFailure": null,
"currentBatch": 8,
"totalBatches": 12
},
]Get Posture Info Without Evidence, Without Compression, With statusChangedSince=2021-12-23
API Request
curl -X POST"https://<qualys_base_url>/pcrs/1.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0&statusChangedSince=2021-12-23" -H "accept: */*" -H"Authorization: Bearer Token " -H "Content-Type:application/json" -d"[{\"policyId\":\"POLICYID\",\"subscriptionId\":\"SUBSCRIPTIONID\",\"hostIds\":[\"HOST ID1\",\"HOST ID2\"]}]"JSON Output
[
{
"id": 24705485,
"instance": "os",
"policyId": <POLICY ID>,
"policyTitle": "pcas_win16_redhat7 tech",
"netBios": "<NETBIOS>",
"controlId": 1071,
"controlStatement": "Status of the 'Minimum Password Length' setting",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.",
"remediation": "To establish the recommended configuration via GP, set the following UI path to 14 or more character(s):\n\n\tComputer Configuration\\Policies\\Windows Settings\\Security Settings\\Account Policies\\Password Policy\\Minimum password length",
"controlReference": null,
"technologyId": 106,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2022-11-09T12:50:12Z",
"lastPassDate": "2022-12-06T06:42:21Z",
"postureModifiedDate": "2022-11-09T12:50:12Z",
"lastEvaluatedDate": "2022-12-06T06:42:21Z",
"created": "2022-12-07T07:35:56Z",
"hostId": <HOST ID>,
"CLOUD_RESOURCE_ID": null,
"ip": "xx.xx.xx.xxx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:microsoft:windows_server_2016:1607::x64:",
"domainName": "<DOMAIN NAME>",
"dns": "<DNS>",
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2022-08-23T04:57:05Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": <ASSET ID>,
"technology": {
"id": 106,
"name": "Windows 2016 Server"
},
"criticality": {
"label": "high updated",
"value": 5
},
"evidence": {
"expectedValues": "\nAttribute not found\n------------ OR ------------\ngreater than or equal to\n0",
"currentValues": [
"6"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": null,
"currentDataSizeKB": "2.41",
"totalDataSizeKB": "2.41",
"currentBatch": 1,
"totalBatches": 1
},
]
|
Parameter |
Required/Optional |
Data Type |
Description |
|---|---|---|---|
|
Authentication Token (Bearer Token) |
Required | String | Specify the authentication that is returned by the authentication request. |
|
evidenceRequired={0|1} |
Optional |
Integer |
Default value is 0, which indicates that evidence data will not be retrieved for the host posture. If you want evidence data to be retrieved, change the value to 1. Note: Changing the value to 1 will increase the time required to fetch posture data |
|
compressionRequired={0|1} |
Required |
Integer |
Default value is 1, which indicates that the output will be compressed. If you do not want the data to be compressed, change the value to 0. Note: Not compressing the data will increase the time required to fetch posture data. |
|
Request Body |
Required |
String |
Output of the Resolve Host ID and the JWT . |
|
Request header: Authorization |
Required |
String |
JWT encrypted . Note: The received from the Authorization API and the used in the second API need to be the input here. |
|
lastEvaluationDate={value} |
Optional |
Integer |
Compliance posture information records when the posture is equal to or greater than the specified date. You may also specify the time. The format for date and time is: YYYY-MM-DD or, YYYY-MM-DDTHH:MM:SSZ (UTC/GMT). |
|
lastScanDate={value} |
Optional |
Integer |
Compliance posture information on the date on which an asset was last scanned. The formats for date are: lastScanDate=2021-12-17 lastScanDate=2021-12-17T18:48:16Z |
|
lastScanDateFrom, lastScanDateTo={value} |
Optional |
Integer |
Compliance posture information of the assets scanned between these two dates, both dates included. The format for dates is: lastScanDateFrom=2022-09-30 or 2022-09-30T18:48:16Z lastScanDateTo=2022-12-27 or 2022-12-27T20:48:16Z Notes: - You must specify both dates. - You must not use these parameters with lastScanDate |
|
statusChangedSince={value} |
Optional |
Integer |
Compliance posture information records when the posture is changed in policy since the specified date. You may also specify the time. The format for date and time is: YYYY-MM-DD or YYYY-MM-DDTHH:MM:SSZ (UTC/GMT) |
| excludeInactiveControl={0|1} | Optional | Integer | Default value is 0, which indicates that inactive controls data is retrieved for the host posture. If you want to exclude inactive control data then, change the value to 1. |
Using this V2 API URL you can retrieve extended evidence and last updated date information for the hosts. The evidence for a control includes the expected and actual values for the control on the host. The extended evidence includes any additional findings/information collected during the control evaluation on the host to support the actual result. To retrieve the extended information in the API response, specify the following input parameters.
API Request
https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?compressionRequired=0&evidenceRequired=1
JSON Output
{
"id": 13603803,
"instance": "os",
"policyId": 725886,
"policyTitle": "AllTech_policy",
"netBios": null,
"controlId": 1071,
"controlStatement": "Status of the 'Minimum Password
Length' setting",
"rationale":
"Among the several characteristics that make'user identification' via password a secure and workable solution
is setting a 'minimum password length' requirement. Each
character that is added to the password length squares the
difficulty of breaking the password via 'brute force,' which
attempts using every combination possible within the password
symbol set-space, in order to discover a user's password. While no
'minimum length' can be guaranteed secure, eight (8) is commonly
considered to be the minimum for most application access, along
with requiring other password security factors, such as increasing
the size of the symbol set-space by requiring mixed-cases, along
with other forms of password variability creation, increases the
difficulty of breaking any password by brute-force attack.",
"remediation": "To specify password length requirements for
new accounts, edit the file \"/etc/login.defs\" and add or correct
the following lines: \n\nPASS_MIN_LEN <required
value>\n\nexample:\n\nPASS_MIN_LEN 14\n\n\nNote:\nThe DoD
requirement is \"14\". If a program consults \"/etc/login.defs\"
and also another PAM module (such as \"pam_cracklib\") during a
password change operation, then the most restrictive must be
satisfied.",
"controlReference": null,
"technologyId": 80,
"status": "Failed",
"previousStatus": "Failed",
"firstFailDate": "2023-07-04T13:58:08Z",
"lastFailDate": "2024-01-23T12:56:18Z",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2023-07-04T13:58:08Z",
"lastEvaluatedDate": "2024-01-23T12:56:18Z",
"created": "2024-02-02T13:02:57Z",
"hostId": 1756436,
"ip": "10.11.70.116",
"trackingMethod": "IP",
"os": null,
"osCpe": null,
"domainName": null,
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2023-07-04T13:59:25Z",
"customerUuid": "6009e710-108b-f57b-83d0-1768010d577f",
"customerId": "1033824",
"assetId": 9228010,
"technology": {
"id": 80,"name": "CentOS 7.x"
},
"criticality": {
"label": "URGENT",
"value": 5
},
"evidence": {
"expectedValues": "\ngreater than or equal to\n9",
"currentValues": [
"5"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "2023-07-04T13:59:25Z",
"extendedEvidence": "Row 1:File name,Setting,Value\nRow
2:/etc/login.defs,PASS_MIN_LEN,5\n"
},
You can include/exclude inactive controls (SDC, UDC) from the host compliance posture information in the API response. Inactive controls are the controls removed or deactivated from a policy.
API Request
https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?evidenceRequired=1&compres sionRequired=0&excludeInactiveControl=1
JSON Output
"id": 26081552, "instance": "oracle19cdb:1:1527:ora19csu", "policyId": 5561690, "policyTitle": "Oracle_DB_UDC", "netBios": null, "controlId": 100432, "controlStatement": "Oracle_DB_UDC_3", "rationale": "rationle", "remediation": "Remediation", "controlReference": null, "technologyId": 312, "status": "Failed", "previousStatus": "Failed", "firstFailDate": "2023-06-08T09:52:13Z", "lastFailDate": "2023-08-24T10:00:05Z", "firstPassDate": "", "lastPassDate": "", "postureModifiedDate": "2023-06-08T09:52:13Z", "lastEvaluatedDate": "2023-08-24T10:00:05Z", "created": "2024-01-30T06:54:04Z", "hostId": 11587415, "ip": "10.14.70.18", "trackingMethod": "IP", "os": null, "osCpe": null, "domainName": null, "dns": null, "qgHostid": null, "networkId": 0, "networkName": "Global Default Network", "complianceLastScanDate": "2024-01-05T10:24:32Z", "customerUuid": "3b3573f9-dd5e-eb05-8140-8a19a01c5980", "customerId": "1981058", "assetId": 37640401, "technology": { "id": 312, "name": "Oracle 19c Multitenant" }, "criticality": { "label": "SERIOUS", "value": 3 }, "evidence": { "expectedValues": "\nSet status to PASS if no data found", "currentValues": [ "GRANTEE|:|GRANTED_ROLE", "APPQOSSYS|:|DBA", "UDC_SENSITIVE_SCAN|:|DBA", "QUALYS_SCAN|:|DBA" ], "actualValues": null, "directoryFimUdc": null }, "causeOfFailure": { "missing": { "logic": null, "value": [ "------------ OR ------------", "Set status to PASS if no data found" ] }, "unexpected": { "value": [ "DBA,DBA,DBA", "APPQOSSYS,UDC_SENSITIVE_SCAN,QUALYS_SCAN" ] } }, "currentDataSizeKB": "1.47", "totalDataSizeKB": "4.59", "currentBatch": 1, "totalBatches": 1, "CLOUD_RESOURCE_ID": null }
API response now displays the status of the controls on a host as passed when an exception has been created and approved. The controls on which the exception has been approved are displayed as Passed*. Exception is a way to temporarily change the status of a control on a host from Failed to PassedE (passed with an exception). To learn about what is exceptions refer to Exceptions- The Basics.
API Request
https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?compressionRequired=0' \ --header 'accept: */*' \ --header 'Authorization: Bearer Token' \ --header 'Content-Type: application/json' \ --data '[ { "policyId": "5657103", "subscriptionId": "4417720", "hostIds": [ "13372203" ] } ]'
JSON Response
{
"id": 29483648,
"instance": "os",
"policyId": 5657103,
"policyTitle": "LinuxAllAssetScan_withAssetTag",
"netBios": null,
"controlId": 100000,
"controlStatement": "File_content_check_udc-2",
"rationale": "rationale",
"remediation": null,
"category": "Access Control Requirements",
"subCategory": "Authentication/Passwords",
"controlReference": null,
"technologyId": 43,
"status": "Passed*",
"previousStatus": "Error",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2024-07-10T15:10:32Z",
"lastEvaluatedDate": "2024-08-25T17:36:31Z",
"created": "2024-08-29T10:58:49Z",
"hostId": 13372203,
"ip": "10.20.31.36",
"trackingMethod": "IP",
"os": null,
"osCpe": null,
"domainName": null,
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-06-10T17:08:52Z",
"customerUuid": "872f6779-71cc-c748-8045-7dfa12015834",
"customerId": "2727621",
"assetId": 54149619,
"technology":
{ "id": 43, "name": "CentOS 6.x" }
,
"criticality":
{ "label": "MEDIUM", "value": 2 }
,
"evidence": null,
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "1.14",
"totalDataSizeKB": "1.14",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": null
}
Two new fields in the API response to display control category and sub-category.
API Request
https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?compressionRequired=0' \ --header 'accept: */*' \ --header 'Authorization: Bearer Token' \ --header 'Content-Type: application/json' \ --data '[ { "policyId": "5657103", "subscriptionId": "4417720", "hostIds": [ "13372203" ] } ]'
JSON Response
{
"id": 29483648,
"instance": "os",
"policyId": 5657103,
"policyTitle": "LinuxAllAssetScan_withAssetTag",
"netBios": null,
"controlId": 100000,
"controlStatement": "File_content_check_udc-2",
"rationale": "rationale",
"remediation": null,
"category": "Access Control Requirements",
"subCategory": "Authentication/Passwords",
"controlReference": null,
"technologyId": 43,
"status": "Passed*",
"previousStatus": "Error",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2024-07-10T15:10:32Z",
"lastEvaluatedDate": "2024-08-25T17:36:31Z",
"created": "2024-08-29T10:58:49Z",
"hostId": 13372203,
"ip": "10.20.31.36",
"trackingMethod": "IP",
"os": null,
"osCpe": null,
"domainName": null,
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-06-10T17:08:52Z",
"customerUuid": "872f6779-71cc-c748-8045-7dfa12015834",
"customerId": "2727621",
"assetId": 54149619,
"technology": {
"id": 43,
"name": "CentOS 6.x"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": null,
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "1.14",
"totalDataSizeKB": "1.14",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": null
}
Get Posture Info With lastEvaluationDate, Without Evidence, Without Compression, Without lastScanDate
API Request
curl -X POST "https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0&lastEvaluationDate=2021-12-23"-H "accept: */*"-H "Authorization: Bearer Token"-H "Content-Type: application/json"-d "[{\"policyId\":\"POLICY ID\",\"subscriptionId\":\"SUBSCRIPTION ID\",\"hostIds\":[\"HOST ID1\",\"HOST ID2\"]}]"JSON Output
[
{
"id": xxx,
"instance": "os",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"controlStatement": "Status of the 'banner motd' configuration command on the device",
"rationale": "The 'Message of the Day (banner motd)' command is used to provide a warning banner displayed when a
connection to the device is made BEFORE a user successfully authenticates to the device. The Message of the Day banner can be used to provide an acceptable use policy or warning prior to login notifying that all user activity may be monitored and potential legal consequences may result from unauthorized use. Run this check periodically to ensure content of the banner displayed is in compliance with the requirements and expectations driven by internal standards and/or policies.",
"remediation": "Execute following commands to set desired
banner message:\n1. configure terminal\n2. banner motd
'delimiting-character' 'message' 'delimiting-character'\n3.
exit\n\nc",
"controlReference": null,
"technologyId": xxx,
"status": "Error",
"previousStatus": "Error",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-12-21T11:28:21Z",
"lastPassDate": "2021-12-21T11:29:22Z",
"postureModifiedDate": "2021-12-22T12:56:41Z",
"lastEvaluatedDate": "2021-12-23T05:32:40Z",
"created": "2022-02-21T13:10:13Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xxx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:cisco::7.0%283%29i2%282%29:::",
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-12-22T12:49:59Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xxx,
"name": "Cisco NX-OS"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": null,
"causeOfFailure": null,
"currentBatch": 1,
"totalBatches": 1
}Get Posture Info Without lastEvaluationDate, Without Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=0 and compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"subscriptionId\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output
[
{
"id": xxx,
"instance": "os",
"policyId": <POLICY ID>,
"controlId": <CONTROL ID>,
"technologyId": xx,
"status": "Failed",
"previousStatus": "Failed",
"firstFailDate": "2021-10-25T07:21:13Z",
"lastFailDate": "2021-10-29T07:52:41Z",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:54:26Z",
"hostId": <HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:57:58Z",
"customerUuid": "xxx",
"customerId": "xxx",
"assetId": "xxx",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": null,
"causeOfFailure": {
"missing": {
"logic": null,
"value": [
"1",
"Attribute not found",
"Unable to retrieve password policy"
]
},
"unexpected": {
"value": [
"0"
]
}
}
},
{
"id": xxx,
"instance": "os",
"policyId": <POLICY ID>,
"controlId": <CONTROL ID>,
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-25T07:21:13Z",
"lastPassDate": "2021-10-29T07:52:41Z",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:54:26Z",
"hostId": <HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:57:58Z",
"customerUuid": "xxxx",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "URGENT",
"value": 5
},
"evidence": null,
"causeOfFailure": null
}
]Get Posture Info Without lastEvaluationDate, Without Evidence, With Compression, Without lastScanDate
User input: evidenceRequired=0 & compressionRequired=1
API Request
curl -X POST "https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?evidenceRequired=0&compressionRequired=1"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"subscriptionId\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output (Compressed)
‹ íÝ]sÚHÅñ¯ââ:Îê!Áݬí?uUoeIì8©š©©)
²C?D2S©|÷•p2Ž_ÖôÁý€ÿ»d?…~é´8:ýÛçÆ ßè„í(ÈÒfð¬1OË
7:?bÚxÖ¸,†ƒÞ߇Õ6Í(ŠÓ${Öè-ãrR
ëÇÂ0Kž5ʼ÷~\
‹‹ùviõHμ?r6-öñª;?æýz?“üã ˜MOî<s>˜LËÿtÃýnY¿lõа{û‘ùFõ?|}(
¢p7
v£äM?v¢° Æ¿~ýÁû¶j×[%Q§þ:ÿ?¦ål’-ýÁù
ïÿß]†ßvyð±;oeU[ÝÙôæ~{“¼Þèî--N Ô?¼¯^¸>DY«?´ÚÍêh_V?‡Áó0|ž-Ï›QμM9éö>
ÆGyù¾¨÷uøªz´ú,:ãÙpXÿiï²~½Ë¼ó¯¢3ô&Å´8/;Ÿ-ã~ñiúÇ4Ÿ|Ì'?DAu&Q§óW«Ù©
öÐ×G½WOEúùÇéŸÃêéVõèŸÿ-ÞS}
\í}oe—
ŸŠÉ‡úM6‚Æ???ÙÕ¯ùó°8ëwöóóîlXî¼¼z²þÍ‹ÑåpPŸ7/ªÃuÒëŽo©ìMØêÄíN’Ì?ÔlZ
£|r:?Ì_©?giž-»ÙYÔÚM³óóÝ,l&»A˜žeaë¼?¦çßýÔüÝEIPí»z´>?Ê«‡Â´?diý¾¯OÉFç
ê ¯OËñÕ¯ñîêHíoeÌ?ÔN}¤vŽ£Æ—
ú ?”ƒ^w8(ç?7ìžåÃêöŽß?îýô¢Úq}&TûhV?W't?ŸS¹:v½îlšÿr^Ÿ¸ÕÙuõè—
g7€…*°(lE ÀÜ€Eò´C€ìvrp|øËéÉμ¯x9_±î+ž~t_Gû‡§G×¼¢åx5—
àõðÿëW»Ÿ×?ÏÜæõ€oeû¶ºy†ßfx—
?¼àμ’áësc4˜N«Or¾§âbÐû¶å×?üÖ¨ßþOe9oeÍÊ|g\”;çÅl\£8wφùNYìLòêùüc¾sYý¢
Õáîï\‘lü^½‡Ù8ÿë2ïÍOºÏ×û
ª'¿Ü²?,ñ_Sæ~ØþÑmŸÿ|ðòÍ5íd¹¡³uƒ×ÑÉÉëõ‹·:Õ¹ÖOEãÎü‘êß‘·Ç?W{ûoû»çâf5
Þ €Oàü¼ü*ðèÛAÛ©
\;l-âLê?á}—@aC>À0óÏ°•Á †0T¶-Æ0„!
Ý&?Ãvð0C.¼Âp›.¾úª]?MBÄw¾›d,1ˆK#†Ì,aC…aìŸa0 †
æÃ&
aC?abÁpÁ—ÿ\à?á63tˆ×Õo÷mý—éwÙº.û„÷\öñŸë©h·a¡
ma„5Èõ¤-æ›0„¡ÂРד’ë?áv0ôtdb ëI‰õ …‚–Aª'‹PˆBUser input: evidenceRequired=1 & compressionRequired=1
API Request
curl -X POST "https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?evidenceRequired=1&compressionRequired=1"-H "accept: */*" -H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"subscriptionId\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output (Compressed)
‹ í?[sÛFš@ÿ
JμöΈ ¼€|“%yâÄr SvR“ÌNQ$LaC4 ÚÖÌä¿o7HJ¼
ša‹"qR•*YÂμÑ}ú‚ßùõß'^ÿ¤mμª¦Ó¬™?=ñü(îú=÷¤} D'?=C¯wÿFlS«VífÝùëI/ð
ã0ÊßY–SÿëIìöîü`
’íšâ7âñ$ ǸîF‘Û—ÇÝ/^0‰:k?ùä…Qüºë
/º±<-øÕ°»ú›d#¹ËìWU³j?Zæiμ~c6ÛU«mÙ?Ÿí˜¶UKnU¯¶kÖß“{ŠâIè^}ï“çö3iÍyù¥
;oeˆ-Ö6]>n/tåFë?ÔÚõ†ÜàNoeX‘ÓhÕ?-š(í±ØØ2+–
Uiš•ZUl ‡ÝÞïž?¸rã»@ëÍμø-xm?2?ÊŸÎÇòzc·ý?A{äõÂ
>Åí¯žß¾FÿOEÜð‹?þ³jZÕvXm·¿5jmq„¾/K½OEúî—
èóPü¹!~ûyð?¸&Y¦G÷Ýøk þ./òÄ<yø÷»îHžóoÃà¶;4.ÜOÝÉ06ÞMÿ(ï<?‡ž¬7oEqu
z]?μ¤oe?«Ñ®‹²p’’šDq0rà /9S×všnÓ<un«?Ó¦óéÓ©cÕꧦռu¬Æ§®Õü´°WruÕº)
Ž-~+ëQ<ý•ÕlÕ?¦¼îÇ*yÒžVqY-ýémü<-)£“””!KÊx_=ùC>A/özÝ¡'û
»·îPìpþþÍÍ›ó³·âÀ²&ˆcÔÄÆ¢B÷ݤ©üûÄý6v{âÙ?”?–
ý›?áEÝÛ¡Û7^˜/?óOþ3~|o,þû7ÿÒŸmjånúÞt&·?¸÷†ÄƧ`â÷óvYÚ8)Ç0týx~-¿ž,^
êÉ?D‘öâIw8ÿû´fô½PÜa Þ¿öFú½é¯e‘u'‘ûã'Ù\E›šÿz+–*VªV£
VÀGet Posture Info Without lastEvaluationDate, With Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=1, compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0"-H "accept: */*" -H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"xxx\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output
[
{
"id": xxx,
"instance": "os",
"policyId": <POLICY ID>,
"controlId": <CONTROL ID>,
"technologyId": <TECHNOLOGY ID>,
"status": "Failed",
"previousStatus": "Failed",
"firstFailDate": "2021-10-25T07:21:13Z",
"lastFailDate": "2021-10-29T07:52:41Z",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:55:26Z",
"hostId": <HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:39:55Z",
"customerUuid": "0a387e70-8b26-78ff-8145-017b816fa17f",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nAttribute not found\n---------
--- OR ------------\nUnable to retrieve password policy\n------
------ OR ------------\nequal to\n1",
"currentValues": [
"0"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": {
"missing": {
"logic": null,
"value": [
"1",
"Attribute not found",
"Unable to retrieve password policy"
]
},
"unexpected": {
"value": [
"0"
]
}
}
},
{
"id": xx,
"instance": "MSSQL 2016:1:1433:MSSQLSERVER:PCDEV",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-25T07:21:13Z",
"lastPassDate": "2021-10-29T07:52:41Z",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:55:27Z",
"hostId": <HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:39:55Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Microsoft SQL Server 2016"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nGrantees not found\n----------
-- OR ------------\nmatches regular expression list\n.*",
"currentValues": [
"Grantees not found"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": null
}
]Get Posture Info (Multiple Policy IDs) With lastEvaluationDate, With Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=1 & compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0&lastEvaluationDate=2021-12-27T15:35:22Z"-H "accept: /"-H "Authorization: Bearer Token "-H "Content-Type:application/json"-d "[{\"policyId\":\"Policy_ID\",\"subscriptionId\":\"Subscription_ID\",\"hostIds\":[\"Host_ID1\"]},{\"policyId\":\"policyId1\",\"subscriptionId\":\"Subscription_ID\",\"hostIds\":[\"HOST_ID1\"]}]"JSON Output
[
{
"id": xx,
"instance": "os",
"policyId": <POLICY_ID>,
"controlId": <CONTROL_ID,
"controlStatement": "Status of the 'Minimum Password Length' setting",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.", "remediation": "To establish the recommended configuration via GP, set the following UI path to 14 or more character(s):\n\n\tComputer Configuration\\Policies\\Windows
Settings\\Security Settings\\Account Policies\\Password
Policy\\Minimum password length",
"controlReference": null,
"technologyId": xx,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-12T13:12:26Z",
"lastPassDate": "2021-12-27T15:35:22Z",
"postureModifiedDate": "2021-10-12T13:12:26Z",
"lastEvaluatedDate": "2021-12-27T15:35:22Z",
"created": "2022-02-24T14:21:06Z",
"hostId": xx,
"ip": "xx.xx.xx.xx",
"trackingMethod": "DNS Hostname",
"os": xx,
"osCpe": "cpe:/o:microsoft:windows_2003_server::sp2::",
"dns": "client5-25-244.root.vuln.qa.qualys.com",
"qgHostid": xx,
"networkId": xx,
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-12-27T15:31:18Z",
"customerUuid": "xx",
"customerId": "xx",
"assetId": xx,
"technology": {
"id": xx,
"name": "Windows 2003 Server"
},
"criticality": {
"label": "CRITICAL",
"value": xx
},
"evidence": {
"expectedValues": "\ngreater than or equal to\n0",
"currentValues": [
"1"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": null,
"currentBatch": xx,
"totalBatches": xx
},
{
"id": xx,
"instance": "os",
"policyId": <POLICY_ID>,
"controlId": <CONTROL_ID>,
"controlStatement": "Status of the
'net.ipv4.conf.all.send_redirects' setting within the
'/etc/sysctl.conf' file",
"rationale": "The 'net.ipv4.conf.all.send_redirects' network parameter (/etc/sysctl.conf) allows ICMP routing redirection. If the system is not going to be used as a firewall or gateway to pass network traffic, and this parameter is not disabled, malicious users may attempt to spoof source addresses or redirect traffic to a host with a network sniffer, so this value should be set according to the needs of the business.",
"remediation": "Set the following parameters in the /etc/sysctl.conf file:\n\n# net.ipv4.conf.all.send_redirects = 0\n\nOR \nRun the following commands to set the active kernel parameters:
\n# sysctl -w net.ipv4.conf.all.send_redirects=0\n#
sysctl -w net.ipv4.route.flush=1",
"controlReference": null,
"technologyId": 80,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2022-02-11T12:54:23Z",
"lastPassDate": "2022-02-11T12:54:23Z",
"postureModifiedDate": "2022-02-11T12:54:23Z",
"lastEvaluatedDate": "2022-02-11T12:54:23Z",
"created": "2022-02-24T14:21:06Z",
"hostId": xx,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:centos:centos_linux:7.6.1810:::",
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2022-02-11T12:47:29Z",
"customerUuid": "xx",
"customerId": "xx",
"assetId": xx,
"technology": {
"id": xx,
"name": "CentOS 7.x"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": {
"expectedValues": "\nSetting not found\n------------ OR
------------\nFile not found\n------------ OR ------------
\nmatches regular expression list\n.*",
"currentValues": [
"Setting not found"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": null,
"currentBatch": 1,
"totalBatches": 1
}
]Get Posture Info Without lastEvaluationDate, Without Evidence, Without Compression, Without lastScanDate
User Input: evidenceRequired=0 & compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d"[{\"policyId\":\"xx\",\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]},{\"policyId\":\"policyId1\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]}]"JSON Output
[
{
"id": xx,
"instance": "os",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-14T11:19:31Z",
"lastPassDate": "2021-10-18T06:17:29Z",
"postureModifiedDate": "2021-10-14T11:19:30Z",
"lastEvaluatedDate": "2021-10-18T06:17:29Z",
"created": "2021-10-29T08:38:14Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:cisco:asa:9.2%284%29:::",
"dns": null,
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-14T09:37:38Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Cisco ASA 9.x"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": null,
"causeOfFailure": null
},
{
"id": xx,
"instance": "os",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-25T07:21:13Z",
"lastPassDate": "2021-10-29T08:38:10Z",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T08:38:10Z",
"created": "2021-10-29T08:38:14Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:53:14Z",
"customerUuid": "0a387e70-8b26-78ff-8145-017b816fa17f",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": null,
"causeOfFailure": null
},
{
"id": 19235413,
"instance": "MSSQL 2016:1:1433:MSSQLSERVER:DB",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-28T16:53:06Z",
"lastPassDate": "2021-10-29T08:38:10Z",
"postureModifiedDate": "2021-10-28T16:53:06Z",
"lastEvaluatedDate": "2021-10-29T08:38:10Z",
"created": "2021-10-29T08:38:15Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:53:14Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Microsoft SQL Server 2016"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": null,
"causeOfFailure": null
}
]Get Posture Info Without lastEvaluationDate, With Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=1 & compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xx\",\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]},{\"policyId\":\"policyId1\",\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]}]"JSON Output
[
{
"id": xx,
"instance": "os",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-14T11:19:31Z",
"lastPassDate": "2021-10-18T06:17:29Z",
"postureModifiedDate": "2021-10-14T11:19:30Z",
"lastEvaluatedDate": "2021-10-18T06:17:29Z",
"created": "2021-10-29T08:40:38Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:cisco:asa:9.2%284%29:::",
"dns": null,
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-14T09:37:38Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Cisco ASA 9.x"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": {
"expectedValues": "\nFilter 2 not found:
^[\\*\\.\\d]\n------------ OR ------------\nFilter 1 not found:
show clock detail\n------------ OR ------------\nmatches
regular expression list\n.*",
"currentValues": [
"show clock detail:08:26:29.074 pdt Thu Oct 14
2021"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": null
},
{
"id": xx,
"instance": "MSSQL 2016:1:1433:MSSQLSERVER:DB",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": xx,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-28T16:53:06Z",
"lastPassDate": "2021-10-29T08:39:07Z",
"postureModifiedDate": "2021-10-28T16:53:06Z",
"lastEvaluatedDate": "2021-10-29T08:39:07Z",
"created": "2021-10-29T08:40:46Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:57:58Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Microsoft SQL Server 2016"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": {
"expectedValues": "\nSet status to PASS if no data
found\n------------ OR ------------\nmatches regular expression
list\n.*",
"currentValues": [
"Error Code 35:Failed to execute database query"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": null
}
]Get Posture Info Without lastEvaluationDate, Without Evidence, With Compression, With lastScanDate
User input: evidenceRequired=0 & compressionRequired=1 & lastScanDateRequired=1
API Request
Curl-X POST"https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?evidenceRequired=0&compressionRequired=1&lastEvaluationDate=2021-12-17T18:48:16Z&lastScanDate=2021-12-17T18:48:16Z"-H "accept: */*"-H "Content-Type: application/json"-d "[{\"policyId\":\"POLICY ID\",\"subscriptionId\":\"SUBCRIPTION ID\",\"hostIds\":[\"HOST ID\"]}]"JSON Output
[
{
"id": <HOST INSTANCE ID>,
"instance": "os",
"policyId": <POLICY ID>,
"controlId": <CONTROL ID>,
"controlStatement": "Status of the 'Minimum Password Length' setting", "rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly
considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.", "remediation": "To specify password length requirements for new accounts, edit the file \"/etc/login.defs\" and add or correct the
following lines: \n\nPASS_MIN_LEN <required value>\n\nexample:\n\nPASS_MIN_LEN 14\n\n\nNote:\nThe DoD requirement is
\"14\". If a program consults \"/etc/login.defs\" and also another PAM module (such as \"pam_cracklib\") during a password change operation, then the most restrictive must be satisfied.",
"controlReference": null,
"technologyId": <TECHNOLOGY ID>,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-12-23T08:20:23Z",
"lastPassDate": "2022-02-02T11:54:20Z",
"postureModifiedDate": "2021-12-23T08:20:22Z",
"lastEvaluatedDate": "2022-02-02T11:54:20Z",
"created": "2022-07-11T11:53:46Z",
"hostId": <HOST ID>,
"CLOUD_RESOURCE_ID": "<CLOUD RESOURCE ID>",
"ip": "xx.xx.xx.xxx",
"trackingMethod": "EC2",
"os": "Red Hat Enterprise Linux 8.3",
"osCpe": null,
"dns": "ip-xx-xx-xx-xxx.af-south-1.compute.internal",
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-12-23T12:59:04Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": <ASSET ID>,
"technology": {
"id": 217,
"name": "Red Hat Enterprise Linux 8.x"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": null,
"causeOfFailure": null,
"currentBatch": 8,
"totalBatches": 12
},
]Get Posture Info Without Evidence, Without Compression, With statusChangedSince=2021-12-23
API Request
curl -X POST"https://<qualys_base_url>/pcrs/2.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0&statusChangedSince=2021-12-23" -H "accept: */*" -H"Authorization: Bearer Token " -H "Content-Type:application/json" -d"[{\"policyId\":\"POLICYID\",\"subscriptionId\":\"SUBSCRIPTIONID\",\"hostIds\":[\"HOST ID1\",\"HOST ID2\"]}]"JSON Output
[
{
"id": 24705485,
"instance": "os",
"policyId": <POLICY ID>,
"policyTitle": "pcas_win16_redhat7 tech",
"netBios": "<NETBIOS>",
"controlId": 1071,
"controlStatement": "Status of the 'Minimum Password Length' setting",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.",
"remediation": "To establish the recommended configuration via GP, set the following UI path to 14 or more character(s):\n\n\tComputer Configuration\\Policies\\Windows Settings\\Security Settings\\Account Policies\\Password Policy\\Minimum password length",
"controlReference": null,
"technologyId": 106,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2022-11-09T12:50:12Z",
"lastPassDate": "2022-12-06T06:42:21Z",
"postureModifiedDate": "2022-11-09T12:50:12Z",
"lastEvaluatedDate": "2022-12-06T06:42:21Z",
"created": "2022-12-07T07:35:56Z",
"hostId": <HOST ID>,
"CLOUD_RESOURCE_ID": null,
"ip": "xx.xx.xx.xxx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:microsoft:windows_server_2016:1607::x64:",
"domainName": "<DOMAIN NAME>",
"dns": "<DNS>",
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2022-08-23T04:57:05Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": <ASSET ID>,
"technology": {
"id": 106,
"name": "Windows 2016 Server"
},
"criticality": {
"label": "high updated",
"value": 5
},
"evidence": {
"expectedValues": "\nAttribute not found\n------------ OR ------------\ngreater than or equal to\n0",
"currentValues": [
"6"
],
"actualValues": null,
"directoryFimUdc": null
},
"causeOfFailure": null,
"currentDataSizeKB": "2.41",
"totalDataSizeKB": "2.41",
"currentBatch": 1,
"totalBatches": 1
},
]
The V3 API is designed to fetch only PC Asset data. To retrieve both PC and SCA Asset data, continue using API Versions v1 or v2.
This version (/pcrs/3.0/posture/postureInfo) of the API enables you to:
|
Parameter |
Required/Optional |
Data Type |
Description |
|---|---|---|---|
|
Authentication Token (Bearer Token) |
Required | String | Specify the authentication that is returned by the authentication request. |
|
evidenceRequired={0|1} |
Optional |
Integer |
Default value is 0, which indicates that evidence data will not be retrieved for the host posture. If you want evidence data to be retrieved, change the value to 1. Changing the value to 1 will increase the time required to fetch posture data |
|
compressionRequired={0|1} |
Required |
Integer |
Default value is 1, which indicates that the output will be compressed. If you do not want the data to be compressed, change the value to 0. Not compressing the data will increase the time required to fetch posture data. |
|
Request Body |
Required |
String |
Output of the Resolve Host ID and the JWT . |
|
Request header: Authorization |
Required |
String |
JWT encrypted . The received from the Authorization API and the used in the second API need to be the input here. |
|
lastEvaluationDate={value} |
Optional |
Integer |
Compliance posture information records when the posture is equal to or greater than the specified date. You may also specify the time. The format for date and time is: YYYY-MM-DD or, YYYY-MM-DDTHH:MM:SSZ (UTC/GMT). |
|
lastScanDate={value} |
Optional |
Integer |
Compliance posture information on the date on which an asset was last scanned. The formats for date are: lastScanDate=2021-12-17 lastScanDate=2021-12-17T18:48:16Z |
|
lastScanDateFrom, lastScanDateTo={value} |
Optional |
Integer |
Compliance posture information of the assets scanned between these two dates, both dates included. The format for dates is: lastScanDateFrom=2022-09-30 or 2022-09-30T18:48:16Z lastScanDateTo=2022-12-27 or 2022-12-27T20:48:16Z Notes: - You must specify both dates. - You must not use these parameters with lastScanDate |
|
statusChangedSince={value} |
Optional |
Integer |
Compliance posture information records when the posture is changed in policy since the specified date. You may also specify the time. The format for date and time is: YYYY-MM-DD or YYYY-MM-DDTHH:MM:SSZ (UTC/GMT) |
| excludeInactiveControl={0|1} | Optional | Integer | Default value is 0, which indicates that inactive controls data is retrieved for the host posture. If you want to exclude inactive control data then, change the value to 1. |
| cloudMetaDataRequired={0|1} | Optional | Integer |
This parameter allows you to retrieve cloud metadata. Specify "1" to retrieve cloud metadata information in the API response. Specify "0" to not retrieve cloud metadata information in the API response. Cloud metadata is returned as null in the response for the postures that do not have cloud metadata. |
| status={value} | Optional | String | This parameter lets you retrieve posture information based on the current posture status. Possible values are Passed, Failed, and Error. You can provide multiple comma-separated values. |
| previousStatus={value} | Optional | String | This parameter lets you retrieve posture information based on the previous posture status. Possible values are Passed, Failed, and Error. You can provide a single value at a time. |
| criticalityValues={0|1|2|3|4|5} | Optional | String |
This parameter lets you retrieve posture information based on the criticality levels. You can provide multiple comma-separated values. When set to 0, posture information with criticality level UNDEFINED is retrieved. When set to 1, posture information with criticality level MINIMAL is retrieved. When set to 2, posture information with criticality level MEDIUM is retrieved. When set to 3, posture information with criticality level SERIOUS is retrieved. When set to 4, posture information with criticality level CRITICAL is retrieved. When set to 5, posture information with criticality level URGENT is retrieved. When executing this API, you can use either the criticalityLabels parameter or criticalityValues parameter, but not both parameters simultaneously. |
| criticalityLabels={value} | Optional | String |
This parameter lets you retrieve posture information based on the criticality levels. You can provide multiple comma-separated crticality labels. Possible values are:
When executing this API, you can use either the criticalityLabels parameter or criticalityValues parameter, but not both parameters simultaneously. |
You can retrieve extended evidence and last updated date information for the hosts. The evidence for a control includes the expected and actual values for the control on the host. The extended evidence includes any additional findings/information collected during the control evaluation on the host to support the actual result. You can also view a control description under the evidence section for the particular host posture.To retrieve the extended information in the API response, specify the following input parameters.
API Request
curl -X POST "https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0"
-H "accept: */*"
-H "Authorization: Bearer Token"
-H "Content-Type: application/json"-d "[{\"policyId\":\"POLICY ID\",\"subscriptionId\":\"SUBSCRIPTION ID\",\"hostIds\":[\"HOST ID1\",\"HOST ID2\"]}]"
JSON Output
{
"id": 20245394,
"instance": "os",
"policyId": 1455112,
"policyTitle": "Linux_IP_TRACKED_IPV4_POLICY_AG",
"netBios": null,
"controlId": 1071,
"controlStatement": "Status of the 'Minimum Password Length' setting",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.",
"remediation": "To specify password length requirements for new accounts, edit the file \"/etc/login.defs\" and add or correct the following lines: \n\nPASS_MIN_LEN
<required value>\n\nexample:\n\nPASS_MIN_LEN 14\n\n\nNote:\nThe DoD requirement is \"14\". If a program consults \"/etc/login.defs\" and also another PAM module (such as \"pam_cracklib\") during a password change operation, then the most restrictive must be satisfied.",
"category": "Access Control Requirements",
"subCategory": "Authentication/Passwords",
"controlReference": null,
"technologyId": 43,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2024-11-06T10:40:30Z",
"lastPassDate": "2024-11-15T01:22:58Z",
"postureModifiedDate": "2024-11-06T10:40:30Z",
"lastEvaluatedDate": "2024-11-15T01:22:58Z",
"created": "2025-02-05T06:01:09Z",
"hostId": 6396397,
"ip": "10.11.70.111",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:centos:centos:6.6:::",
"domainName": null,
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-11-06T10:42:29Z",
"customerUuid": "e57ba830-15e4-714c-8243-6d1740d3577e",
"customerId": "2309240",
"assetId": 50568616,
"technology": {
"id": 43,
"name": "CentOS 6.x"
},
"criticality": {
"label": "urg_updated",
"value": 5
},
"evidence": {
"expectedValues": "\nSetting not found\n------------ OR ------------\nFile not found\n------------ OR ------------\ngreater than or equal to\n0",
"currentValues": [
"5"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "2024-11-06T10:42:29Z",
"extendedEvidence": "Row 1:File name,Setting,Value\nRow 2:/etc/login.defs,PASS_MIN_LEN,5\n",
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "2.88",
"totalDataSizeKB": "2.88",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": null
}
You can include/exclude inactive controls (SDC, UDC) from the host compliance posture information in the API response. Inactive controls are the controls removed or deactivated from a policy.
API Request
https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=1&compres sionRequired=0&excludeInactiveControl=1
JSON Output
"id": 26081552,
"instance": "oracle19cdb:1:1527:ora19csu",
"policyId": 5561690,
"policyTitle": "Oracle_DB_UDC",
"netBios": null,
"controlId": 100432,
"controlStatement": "Oracle_DB_UDC_3",
"rationale": "rationle",
"remediation": "Remediation",
"controlReference": null,
"technologyId": 312,
"status": "Failed",
"previousStatus": "Failed",
"firstFailDate": "2023-06-08T09:52:13Z",
"lastFailDate": "2023-08-24T10:00:05Z",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2023-06-08T09:52:13Z",
"lastEvaluatedDate": "2023-08-24T10:00:05Z",
"created": "2024-01-30T06:54:04Z",
"hostId": 11587415,
"ip": "10.14.70.18",
"trackingMethod": "IP",
"os": null,
"osCpe": null,
"domainName": null,
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-01-05T10:24:32Z",
"customerUuid": "3b3573f9-dd5e-eb05-8140-8a19a01c5980",
"customerId": "1981058",
"assetId": 37640401,
"technology": {
"id": 312,
"name": "Oracle 19c Multitenant"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nSet status to PASS if no data found",
"currentValues": [
"GRANTEE|:|GRANTED_ROLE",
"APPQOSSYS|:|DBA",
"UDC_SENSITIVE_SCAN|:|DBA",
"QUALYS_SCAN|:|DBA"
],
"actualValues": null,
"directoryFimUdc": null
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": {
"missing": {
"logic": null,
"value": [
"------------ OR ------------",
"Set status to PASS if no data found"
]
},
"unexpected": {
"value": [
"DBA,DBA,DBA",
"APPQOSSYS,UDC_SENSITIVE_SCAN,QUALYS_SCAN"
]
}
},
"currentDataSizeKB": "1.47",
"totalDataSizeKB": "4.59",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": null
}
API response now displays the status of the controls on a host as passed when an exception has been created and approved. The controls on which the exception has been approved are displayed as Passed*. Exception is a way to temporarily change the status of a control on a host from Failed to PassedE (passed with an exception). To learn about what is exceptions refer to Exceptions- The Basics.
API Request
https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?compressionRequired=0' \ --header 'accept: */*' \ --header 'Authorization: Bearer Token' \ --header 'Content-Type: application/json' \ --data '[ { "policyId": "5657103", "subscriptionId": "4417720", "hostIds": [ "13372203" ] } ]'
JSON Response
{
"id": 29483648,
"instance": "os",
"policyId": 5657103,
"policyTitle": "LinuxAllAssetScan_withAssetTag",
"netBios": null,
"controlId": 100000,
"controlStatement": "File_content_check_udc-2",
"rationale": "rationale",
"remediation": null,
"category": "Access Control Requirements",
"subCategory": "Authentication/Passwords",
"controlReference": null,
"technologyId": 43,
"status": "Passed*",
"previousStatus": "Error",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2024-07-10T15:10:32Z",
"lastEvaluatedDate": "2024-08-25T17:36:31Z",
"created": "2024-08-29T10:58:49Z",
"hostId": 13372203,
"ip": "10.20.31.36",
"trackingMethod": "IP",
"os": null,
"osCpe": null,
"domainName": null,
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-06-10T17:08:52Z",
"customerUuid": "872f6779-71cc-c748-8045-7dfa12015834",
"customerId": "2727621",
"assetId": 54149619,
"technology":
{ "id": 43, "name": "CentOS 6.x" }
,
"criticality":
{ "label": "MEDIUM", "value": 2 }
,
"evidence": null,
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "1.14",
"totalDataSizeKB": "1.14",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": null
}
Two new fields in the API response to display control category and sub-category.
API Request
https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?compressionRequired=0' \ --header 'accept: */*' \ --header 'Authorization: Bearer Token' \ --header 'Content-Type: application/json' \ --data '[ { "policyId": "5657103", "subscriptionId": "4417720", "hostIds": [ "13372203" ] } ]'
JSON Response
{
"id": 29483648,
"instance": "os",
"policyId": 5657103,
"policyTitle": "LinuxAllAssetScan_withAssetTag",
"netBios": null,
"controlId": 100000,
"controlStatement": "File_content_check_udc-2",
"rationale": "rationale",
"remediation": null,
"category": "Access Control Requirements",
"subCategory": "Authentication/Passwords",
"controlReference": null,
"technologyId": 43,
"status": "Passed*",
"previousStatus": "Error",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2024-07-10T15:10:32Z",
"lastEvaluatedDate": "2024-08-25T17:36:31Z",
"created": "2024-08-29T10:58:49Z",
"hostId": 13372203,
"ip": "10.20.31.36",
"trackingMethod": "IP",
"os": null,
"osCpe": null,
"domainName": null,
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-06-10T17:08:52Z",
"customerUuid": "872f6779-71cc-c748-8045-7dfa12015834",
"customerId": "2727621",
"assetId": 54149619,
"technology": {
"id": 43,
"name": "CentOS 6.x"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": null,
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "1.14",
"totalDataSizeKB": "1.14",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": null
}
Get Posture Info With lastEvaluationDate, Without Evidence, Without Compression, Without lastScanDate
API Request
curl -X POST "https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0&lastEvaluationDate=2021-12-23"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"POLICY ID\",\"subscriptionId\":\"SUBSCRIPTION ID\",\"hostIds\":[\"HOST ID1\",\"HOST ID2\"]}]"JSON Output
[
{
"id": xxx,
"instance": "os",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"controlStatement": "Status of the 'banner motd' configuration command on the device",
"rationale": "The 'Message of the Day (banner motd)' command is used to provide a warning banner displayed when a
connection to the device is made BEFORE a user successfully authenticates to the device. The Message of the Day banner can be used to provide an acceptable use policy or warning prior to login notifying that all user activity may be monitored and potential legal consequences may result from unauthorized use. Run this check periodically to ensure content of the banner displayed is in compliance with the requirements and expectations driven by internal standards and/or policies.",
"remediation": "Execute following commands to set desired
banner message:\n1. configure terminal\n2. banner motd
'delimiting-character' 'message' 'delimiting-character'\n3.
exit\n\nc",
"controlReference": null,
"technologyId": xxx,
"status": "Error",
"previousStatus": "Error",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-12-21T11:28:21Z",
"lastPassDate": "2021-12-21T11:29:22Z",
"postureModifiedDate": "2021-12-22T12:56:41Z",
"lastEvaluatedDate": "2021-12-23T05:32:40Z",
"created": "2022-02-21T13:10:13Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xxx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:cisco::7.0%283%29i2%282%29:::",
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-12-22T12:49:59Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xxx,
"name": "Cisco NX-OS"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": null,
"causeOfFailure": null,
"currentBatch": 1,
"totalBatches": 1
}Get Posture Info Without lastEvaluationDate, Without Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=0 and compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/1.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"subscriptionId\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output
[
{
"id": xxx,
"instance": "os",
"policyId": <POLICY ID>,
"controlId": <CONTROL ID>,
"technologyId": xx,
"status": "Failed",
"previousStatus": "Failed",
"firstFailDate": "2021-10-25T07:21:13Z",
"lastFailDate": "2021-10-29T07:52:41Z",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:54:26Z",
"hostId": <HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:57:58Z",
"customerUuid": "xxx",
"customerId": "xxx",
"assetId": "xxx",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": null,
"causeOfFailure": {
"missing": {
"logic": null,
"value": [
"1",
"Attribute not found",
"Unable to retrieve password policy"
]
},
"unexpected": {
"value": [
"0"
]
}
}
},
{
"id": xxx,
"instance": "os",
"policyId": <POLICY ID>,
"controlId": <CONTROL ID>,
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-25T07:21:13Z",
"lastPassDate": "2021-10-29T07:52:41Z",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:54:26Z",
"hostId": <HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:57:58Z",
"customerUuid": "xxxx",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "URGENT",
"value": 5
},
"evidence": null,
"causeOfFailure": null
}
]Get Posture Info Without lastEvaluationDate, Without Evidence, With Compression, Without lastScanDate
User input: evidenceRequired=0 & compressionRequired=1
API Request
curl -X POST "https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=0&compressionRequired=1"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"subscriptionId\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output (Compressed)
‹ íÝ]sÚHÅñ¯ââ:Îê!Áݬí?uUoeIì8©š©©)
²C?D2S©|÷•p2Ž_ÖôÁý€ÿ»d?…~é´8:ýÛçÆ ßè„í(ÈÒfð¬1OË
7:?bÚxÖ¸,†ƒÞ߇Õ6Í(ŠÓ${Öè-ãrR
ëÇÂ0Kž5ʼ÷~\
‹‹ùviõHμ?r6-öñª;?æýz?“üã ˜MOî<s>˜LËÿtÃýnY¿lõа{û‘ùFõ?|}(
¢p7
v£äM?v¢° Æ¿~ýÁû¶j×[%Q§þ:ÿ?¦ål’-ýÁù
ïÿß]†ßvyð±;oeU[ÝÙôæ~{“¼Þèî--N Ô?¼¯^¸>DY«?´ÚÍêh_V?‡Áó0|ž-Ï›QμM9éö>
ÆGyù¾¨÷uøªz´ú,:ãÙpXÿiï²~½Ë¼ó¯¢3ô&Å´8/;Ÿ-ã~ñiúÇ4Ÿ|Ì'?DAu&Q§óW«Ù©
öÐ×G½WOEúùÇéŸÃêéVõèŸÿ-ÞS}
\í}oe—
ŸŠÉ‡úM6‚Æ???ÙÕ¯ùó°8ëwöóóîlXî¼¼z²þÍ‹ÑåpPŸ7/ªÃuÒëŽo©ìMØêÄíN’Ì?ÔlZ
£|r:?Ì_©?giž-»ÙYÔÚM³óóÝ,l&»A˜žeaë¼?¦çßýÔüÝEIPí»z´>?Ê«‡Â´?diý¾¯OÉFç
ê ¯OËñÕ¯ñîêHíoeÌ?ÔN}¤vŽ£Æ—
ú ?”ƒ^w8(ç?7ìžåÃêöŽß?îýô¢Úq}&TûhV?W't?ŸS¹:v½îlšÿr^Ÿ¸ÕÙuõè—
g7€…*°(lE ÀÜ€Eò´C€ìvrp|øËéÉμ¯x9_±î+ž~t_Gû‡§G×¼¢åx5—
àõðÿëW»Ÿ×?ÏÜæõ€oeû¶ºy†ßfx—
?¼àμ’áësc4˜N«Or¾§âbÐû¶å×?üÖ¨ßþOe9oeÍÊ|g\”;çÅl\£8wφùNYìLòêùüc¾sYý¢
Õáîï\‘lü^½‡Ù8ÿë2ïÍOºÏ×û
ª'¿Ü²?,ñ_Sæ~ØþÑmŸÿ|ðòÍ5íd¹¡³uƒ×ÑÉÉëõ‹·:Õ¹ÖOEãÎü‘êß‘·Ç?W{ûoû»çâf5
Þ €Oàü¼ü*ðèÛAÛ©
\;l-âLê?á}—@aC>À0óÏ°•Á †0T¶-Æ0„!
Ý&?Ãvð0C.¼Âp›.¾úª]?MBÄw¾›d,1ˆK#†Ì,aC…aìŸa0 †
æÃ&
aC?abÁpÁ—ÿ\à?á63tˆ×Õo÷mý—éwÙº.û„÷\öñŸë©h·a¡
ma„5Èõ¤-æ›0„¡ÂРד’ë?áv0ôtdb ëI‰õ …‚–Aª'‹PˆBUser input: evidenceRequired=1 & compressionRequired=1
API Request
curl -X POST "https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=1&compressionRequired=1"-H "accept: */*" -H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"subscriptionId\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output (Compressed)
‹ í?[sÛFš@ÿ
JμöΈ ¼€|“%yâÄr SvR“ÌNQ$LaC4 ÚÖÌä¿o7HJ¼
ša‹"qR•*YÂμÑ}ú‚ßùõß'^ÿ¤mμª¦Ó¬™?=ñü(îú=÷¤} D'?=C¯wÿFlS«VífÝùëI/ð
ã0ÊßY–SÿëIìöîü`
’íšâ7âñ$ ǸîF‘Û—ÇÝ/^0‰:k?ùä…Qüºë
/º±<-øÕ°»ú›d#¹ËìWU³j?Zæiμ~c6ÛU«mÙ?Ÿí˜¶UKnU¯¶kÖß“{ŠâIè^}ï“çö3iÍyù¥
;oeˆ-Ö6]>n/tåFë?ÔÚõ†ÜàNoeX‘ÓhÕ?-š(í±ØØ2+–
Uiš•ZUl ‡ÝÞïž?¸rã»@ëÍμø-xm?2?ÊŸÎÇòzc·ý?A{äõÂ
>Åí¯žß¾FÿOEÜð‹?þ³jZÕvXm·¿5jmq„¾/K½OEúî—
èóPü¹!~ûyð?¸&Y¦G÷Ýøk þ./òÄ<yø÷»îHžóoÃà¶;4.ÜOÝÉ06ÞMÿ(ï<?‡ž¬7oEqu
z]?μ¤oe?«Ñ®‹²p’’šDq0rà /9S×všnÓ<un«?Ó¦óéÓ©cÕꧦռu¬Æ§®Õü´°WruÕº)
Ž-~+ëQ<ý•ÕlÕ?¦¼îÇ*yÒžVqY-ýémü<-)£“””!KÊx_=ùC>A/özÝ¡'û
»·îPìpþþÍÍ›ó³·âÀ²&ˆcÔÄÆ¢B÷ݤ©üûÄý6v{âÙ?”?–
ý›?áEÝÛ¡Û7^˜/?óOþ3~|o,þû7ÿÒŸmjånúÞt&·?¸÷†ÄƧ`â÷óvYÚ8)Ç0týx~-¿ž,^
êÉ?D‘öâIw8ÿû´fô½PÜa Þ¿öFú½é¯e‘u'‘ûã'Ù\E›šÿz+–*VªV£
VÀGet Posture Info Without lastEvaluationDate, With Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=1, compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0"-H "accept: */*" -H "Authorization: Bearer Token "-H "Content-Type: application/json"-d "[{\"policyId\":\"xxx\",\"xxx\":\"xxx\",\"hostIds\":[\"xxx\"]}]"JSON Output
{
"id": xxx,
"instance": "os",
"policyId":
<POLICY ID>,
"controlId":
<CONTROL ID>,
"technologyId":
<TECHNOLOGY ID>,
"status": "Failed",
"previousStatus": "Failed",
"firstFailDate": "2021-10-25T07:21:13Z",
"lastFailDate": "2021-10-29T07:52:41Z",
"firstPassDate": "",
"lastPassDate": "",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:55:26Z",
"hostId":
<HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:39:55Z",
"customerUuid": "0a387e70-8b26-78ff-8145-017b816fa17f",
"customerId": "
<CUSTOMER ID>",
"assetId": "
<ASSET ID>",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nAttribute not found\n---------
--- OR ------------\nUnable to retrieve password policy\n------
------ OR ------------\nequal to\n1",
"currentValues": [
"0"
],
"actualValues": null,
"directoryFimUdc": null
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": {
"missing": {
"logic": null,
"value": [
"1",
"Attribute not found",
"Unable to retrieve password policy"
]
},
"unexpected": {
"value": [
"0"
]
}
}
},
{
"id": xx,
"instance": "MSSQL 2016:1:1433:MSSQLSERVER:PCDEV",
"policyId": "
<POLICY ID>",
"controlId": "
<CONTROL ID>",
"technologyId": "
<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-25T07:21:13Z",
"lastPassDate": "2021-10-29T07:52:41Z",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T07:52:41Z",
"created": "2021-10-29T07:55:27Z",
"hostId":
<HOST ID>,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:39:55Z",
"customerUuid": "
<CUSTOMER UUID>",
"customerId": "
<CUSTOMER ID>",
"assetId": "
<ASSET ID>",
"technology": {
"id": xx,
"name": "Microsoft SQL Server 2016"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nGrantees not found\n----------
-- OR ------------\nmatches regular expression list\n.*",
"currentValues": [
"Grantees not found"
],
"actualValues": null,
"directoryFimUdc": null
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null
}
]
Get Posture Info (Multiple Policy IDs) With lastEvaluationDate, With Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=1 & compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0&lastEvaluationDate=2021-12-27T15:35:22Z"-H "accept: /"-H "Authorization: Bearer Token "-H "Content-Type:application/json"-d "[{\"policyId\":\"Policy_ID\",\"subscriptionId\":\"Subscription_ID\",\"hostIds\":[\"Host_ID1\"]},{\"policyId\":\"policyId1\",\"subscriptionId\":\"Subscription_ID\",\"hostIds\":[\"HOST_ID1\"]}]"JSON Output
[
{
"id": xx,
"instance": "os",
"policyId":
<POLICY_ID>,
"controlId":
<CONTROL_ID,
"controlStatement": "Status of the 'Minimum Password Length' setting",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.", "remediation": "To establish the recommended configuration via GP, set the following UI path to 14 or more character(s):\n\n\tComputer Configuration\\Policies\\Windows
Settings\\Security Settings\\Account Policies\\Password
Policy\\Minimum password length",
"controlReference": null,
"technologyId": xx,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-12T13:12:26Z",
"lastPassDate": "2021-12-27T15:35:22Z",
"postureModifiedDate": "2021-10-12T13:12:26Z",
"lastEvaluatedDate": "2021-12-27T15:35:22Z",
"created": "2022-02-24T14:21:06Z",
"hostId": xx,
"ip": "xx.xx.xx.xx",
"trackingMethod": "DNS Hostname",
"os": xx,
"osCpe": "cpe:/o:microsoft:windows_2003_server::sp2::",
"dns": "client5-25-244.root.vuln.qa.qualys.com",
"qgHostid": xx,
"networkId": xx,
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-12-27T15:31:18Z",
"customerUuid": "xx",
"customerId": "xx",
"assetId": xx,
"technology": {
"id": xx,
"name": "Windows 2003 Server"
},
"criticality": {
"label": "CRITICAL",
"value": xx
},
"evidence": {
"expectedValues": "\ngreater than or equal to\n0",
"currentValues": [
"1"
],
"actualValues": null,
"directoryFimUdc": null
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"currentBatch": xx,
"totalBatches": xx
},
{
"id": xx,
"instance": "os",
"policyId":
<POLICY_ID>,
"controlId":
<CONTROL_ID>,
"controlStatement": "Status of the
'net.ipv4.conf.all.send_redirects' setting within the
'/etc/sysctl.conf' file",
"rationale": "The 'net.ipv4.conf.all.send_redirects' network parameter (/etc/sysctl.conf) allows ICMP routing redirection. If the system is not going to be used as a firewall or gateway to pass network traffic, and this parameter is not disabled, malicious users may attempt to spoof source addresses or redirect traffic to a host with a network sniffer, so this value should be set according to the needs of the business.",
"remediation": "Set the following parameters in the /etc/sysctl.conf file:\n\n# net.ipv4.conf.all.send_redirects = 0\n\nOR \nRun the following commands to set the active kernel parameters:
\n# sysctl -w net.ipv4.conf.all.send_redirects=0\n#
sysctl -w net.ipv4.route.flush=1",
"controlReference": null,
"technologyId": 80,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2022-02-11T12:54:23Z",
"lastPassDate": "2022-02-11T12:54:23Z",
"postureModifiedDate": "2022-02-11T12:54:23Z",
"lastEvaluatedDate": "2022-02-11T12:54:23Z",
"created": "2022-02-24T14:21:06Z",
"hostId": xx,
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:centos:centos_linux:7.6.1810:::",
"dns": null,
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2022-02-11T12:47:29Z",
"customerUuid": "xx",
"customerId": "xx",
"assetId": xx,
"technology": {
"id": xx,
"name": "CentOS 7.x"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": {
"expectedValues": "\nSetting not found\n------------ OR
------------\nFile not found\n------------ OR ------------
\nmatches regular expression list\n.*",
"currentValues": [
"Setting not found"
],
"actualValues": null,
"directoryFimUdc": null
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"currentBatch": 1,
"totalBatches": 1
}
]
Get Posture Info Without lastEvaluationDate, Without Evidence, Without Compression, Without lastScanDate
User Input: evidenceRequired=0 & compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0"-H "accept: */*"-H "Authorization: Bearer Token "-H "Content-Type: application/json"-d"[{\"policyId\":\"xx\",\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]},{\"policyId\":\"policyId1\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]}]"JSON Output
[
{
"id": xx,
"instance": "os",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-14T11:19:31Z",
"lastPassDate": "2021-10-18T06:17:29Z",
"postureModifiedDate": "2021-10-14T11:19:30Z",
"lastEvaluatedDate": "2021-10-18T06:17:29Z",
"created": "2021-10-29T08:38:14Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:cisco:asa:9.2%284%29:::",
"dns": null,
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-14T09:37:38Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Cisco ASA 9.x"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": null,
"causeOfFailure": null
},
{
"id": xx,
"instance": "os",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-25T07:21:13Z",
"lastPassDate": "2021-10-29T08:38:10Z",
"postureModifiedDate": "2021-10-25T07:21:11Z",
"lastEvaluatedDate": "2021-10-29T08:38:10Z",
"created": "2021-10-29T08:38:14Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:53:14Z",
"customerUuid": "0a387e70-8b26-78ff-8145-017b816fa17f",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Windows Server 2012 R2"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": null,
"causeOfFailure": null
},
{
"id": 19235413,
"instance": "MSSQL 2016:1:1433:MSSQLSERVER:DB",
"policyId": "<POLICY ID>",
"controlId": "<CONTROL ID>",
"technologyId": "<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-28T16:53:06Z",
"lastPassDate": "2021-10-29T08:38:10Z",
"postureModifiedDate": "2021-10-28T16:53:06Z",
"lastEvaluatedDate": "2021-10-29T08:38:10Z",
"created": "2021-10-29T08:38:15Z",
"hostId": "<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:53:14Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": "<ASSET ID>",
"technology": {
"id": xx,
"name": "Microsoft SQL Server 2016"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": null,
"causeOfFailure": null
}
]Get Posture Info Without lastEvaluationDate, With Evidence, Without Compression, Without lastScanDate
User input: evidenceRequired=1 & compressionRequired=0
API Request
curl -X POST "https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0"-H "accept: */*"-H "Authorization: Bearer Token"-H "Content-Type: application/json"-d "[{\"policyId\":\"xx\",\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]},{\"policyId\":\"policyId1\",\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]}]"JSON Output
[
{
"id": xx,
"instance": "os",
"policyId": "
<POLICY ID>",
"controlId": "
<CONTROL ID>",
"technologyId": "
<TECHNOLOGY ID>",
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-14T11:19:31Z",
"lastPassDate": "2021-10-18T06:17:29Z",
"postureModifiedDate": "2021-10-14T11:19:30Z",
"lastEvaluatedDate": "2021-10-18T06:17:29Z",
"created": "2021-10-29T08:40:38Z",
"hostId": "
<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:cisco:asa:9.2%284%29:::",
"dns": null,
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-14T09:37:38Z",
"customerUuid": "
<CUSTOMER UUID>",
"customerId": "
<CUSTOMER ID>",
"assetId": "
<ASSET ID>",
"technology": {
"id": xx,
"name": "Cisco ASA 9.x"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": {
"expectedValues": "\nFilter 2 not found:
^[\\*\\.\\d]\n------------ OR ------------\nFilter 1 not found:
show clock detail\n------------ OR ------------\nmatches
regular expression list\n.*",
"currentValues": [
"show clock detail:08:26:29.074 pdt Thu Oct 14
2021"
],
"actualValues": null,
"directoryFimUdc": null
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null
},
{
"id": xx,
"instance": "MSSQL 2016:1:1433:MSSQLSERVER:DB",
"policyId": "
<POLICY ID>",
"controlId": "
<CONTROL ID>",
"technologyId": xx,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-10-28T16:53:06Z",
"lastPassDate": "2021-10-29T08:39:07Z",
"postureModifiedDate": "2021-10-28T16:53:06Z",
"lastEvaluatedDate": "2021-10-29T08:39:07Z",
"created": "2021-10-29T08:40:46Z",
"hostId": "
<HOST ID>",
"ip": "xx.xx.xx.xx",
"trackingMethod": "IP",
"os": null,
"osCpe":
"cpe:/o:microsoft:windows_server_2012:r2::x64:",
"dns": "comdevsql2016",
"qgHostid": null,
"networkId": "0",
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-10-28T16:57:58Z",
"customerUuid": "
<CUSTOMER UUID>",
"customerId": "
<CUSTOMER ID>",
"assetId": "
<ASSET ID>",
"technology": {
"id": xx,
"name": "Microsoft SQL Server 2016"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": {
"expectedValues": "\nSet status to PASS if no data
found\n------------ OR ------------\nmatches regular expression
list\n.*",
"currentValues": [
"Error Code 35:Failed to execute database query"
],
"actualValues": null,
"directoryFimUdc": null
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null
}
]
Get Posture Info Without lastEvaluationDate, Without Evidence, With Compression, With lastScanDate
User input: evidenceRequired=0 & compressionRequired=1 & lastScanDateRequired=1
API Request
Curl-X POST"https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=0&compressionRequired=1&lastEvaluationDate=2021-12-17T18:48:16Z&lastScanDate=2021-12-17T18:48:16Z"-H "accept: */*"-H "Content-Type: application/json"-d "[{\"policyId\":\"POLICY ID\",\"subscriptionId\":\"SUBCRIPTION ID\",\"hostIds\":[\"HOST ID\"]}]"JSON Output
[
{
"id": <HOST INSTANCE ID>,
"instance": "os",
"policyId": <POLICY ID>,
"controlId": <CONTROL ID>,
"controlStatement": "Status of the 'Minimum Password Length' setting", "rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly
considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.", "remediation": "To specify password length requirements for new accounts, edit the file \"/etc/login.defs\" and add or correct the
following lines: \n\nPASS_MIN_LEN <required value>\n\nexample:\n\nPASS_MIN_LEN 14\n\n\nNote:\nThe DoD requirement is
\"14\". If a program consults \"/etc/login.defs\" and also another PAM module (such as \"pam_cracklib\") during a password change operation, then the most restrictive must be satisfied.",
"controlReference": null,
"technologyId": <TECHNOLOGY ID>,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2021-12-23T08:20:23Z",
"lastPassDate": "2022-02-02T11:54:20Z",
"postureModifiedDate": "2021-12-23T08:20:22Z",
"lastEvaluatedDate": "2022-02-02T11:54:20Z",
"created": "2022-07-11T11:53:46Z",
"hostId": <HOST ID>,
"CLOUD_RESOURCE_ID": "<CLOUD RESOURCE ID>",
"ip": "xx.xx.xx.xxx",
"trackingMethod": "EC2",
"os": "Red Hat Enterprise Linux 8.3",
"osCpe": null,
"dns": "ip-xx-xx-xx-xxx.af-south-1.compute.internal",
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2021-12-23T12:59:04Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": <ASSET ID>,
"technology": {
"id": 217,
"name": "Red Hat Enterprise Linux 8.x"
},
"criticality": {
"label": "CRITICAL",
"value": 4
},
"evidence": null,
"causeOfFailure": null,
"currentBatch": 8,
"totalBatches": 12
},
]Get Posture Info Without Evidence, Without Compression, With statusChangedSince=2021-12-23
API Request
curl -X POST"https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0&statusChangedSince=2021-12-23" -H "accept: */*" -H"Authorization: Bearer Token " -H "Content-Type:application/json" -d"[{\"policyId\":\"POLICYID\",\"subscriptionId\":\"SUBSCRIPTIONID\",\"hostIds\":[\"HOST ID1\",\"HOST ID2\"]}]"JSON Output
[
{
"id": 24705485,
"instance": "os",
"policyId": <POLICY ID>,
"policyTitle": "pcas_win16_redhat7 tech",
"netBios": "<NETBIOS>",
"controlId": 1071,
"controlStatement": "Status of the 'Minimum Password Length' setting",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.",
"remediation": "To establish the recommended configuration via GP, set the following UI path to 14 or more character(s):\n\n\tComputer Configuration\\Policies\\Windows Settings\\Security Settings\\Account Policies\\Password Policy\\Minimum password length",
"controlReference": null,
"technologyId": 106,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2022-11-09T12:50:12Z",
"lastPassDate": "2022-12-06T06:42:21Z",
"postureModifiedDate": "2022-11-09T12:50:12Z",
"lastEvaluatedDate": "2022-12-06T06:42:21Z",
"created": "2022-12-07T07:35:56Z",
"hostId": <HOST ID>,
"CLOUD_RESOURCE_ID": null,
"ip": "xx.xx.xx.xxx",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:microsoft:windows_server_2016:1607::x64:",
"domainName": "<DOMAIN NAME>",
"dns": "<DNS>",
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2022-08-23T04:57:05Z",
"customerUuid": "<CUSTOMER UUID>",
"customerId": "<CUSTOMER ID>",
"assetId": <ASSET ID>,
"technology": {
"id": 106,
"name": "Windows 2016 Server"
},
"criticality": {
"label": "high updated",
"value": 5
},
"evidence": {
"expectedValues": "\nAttribute not found\n------------ OR ------------\ngreater than or equal to\n0",
"currentValues": [
"6"
],
"actualValues": null,
"directoryFimUdc": null
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"currentDataSizeKB": "2.41",
"totalDataSizeKB": "2.41",
"currentBatch": 1,
"totalBatches": 1
},
]
API Request
curl -X POST "https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0&cloudMetaDataRequired=1" -H "accept: */*" -H "Authorization: Bearer Token" -H "Content-Type:application/json" -d "[{\"policyId\":\"<POLICY ID>\",\"subscriptionId\":\"<SUBSCRIPTION_ID>\",\"hostIds\":[\"<HOST ID1>\",\"<HOST ID2>\"]}]"
JSON Response
[ {
"id": 19029070,
"instance": "os",
"policyId": 1438626,
"policyTitle": "CPS -Test",
"netBios": "INSTANCE-20240223-173020",
"controlId": 1131,
"controlStatement": "Status of the 'Trivial File Transfer Protocol (TFTP)' service",
"rationale": "The 'TFTP' service is both a command and TCP protocol that is normally used only for booting diskless workstations, getting or saving network component configuration files, or as a 'kickstart' type host configuration from a network-based template. The connection initiation and data transfer is all done in clear text without requiring credentials of any kind. As a malicious user with a 'sniffer' running on the network, could easily capture the data and/or reproduce the same operation, simply by knowing the name of the file(s) and the source address(es), this process should be disabled/restricted according to the needs of the business.",
"remediation": "Review \"/etc/inetd.conf\" file to check whether tftp service's configuration in line with business needs and organization's security policies.\n\nExample: To disable the tftp service,\n\nRemove or comment out any tftp lines in /etc/inetd.conf: \n# tftp stream tcp nowait root internal",
"category": "Services",
"subCategory": "Guidelines/Procedures (Services)",
"controlReference": null,
"technologyId": 346,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2024-10-04T09:47:33Z",
"lastPassDate": "2024-10-04T09:47:33Z",
"postureModifiedDate": "2024-10-04T09:47:33Z",
"lastEvaluatedDate": "2024-10-04T09:47:33Z",
"created": "2024-11-12T06:20:49Z",
"hostId": 4980343,
"ip": "34.133.253.84",
"trackingMethod": "AGENT",
"os": "Debian Linux 11.1",
"osCpe": null,
"domainName": "179.87.224.35.bc.googleusercontent.com",
"dns": "17grayscale(100%);">9.87.224.35.bc.googleusercontent.com",
"qgHostid": "4bd9e81e-12f8-4d8f-a51d-c475131a55b8",
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-10-04T09:39:21Z",
"customerUuid": "93f7ad53-1590-e3ac-83cd-322b91180e13",
"customerId": "1337821",
"assetId": 42078290,
"technology": {
"id": 346,
"name": "Debian GNU/Linux 11.x"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nDisabled (0)\n------------ OR ------------\nEnabled (1)\n------------ OR ------------\nSetting not found\n------------ OR ------------\nFile not found",
"currentValues": [
"File not found"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "2024-10-04T09:39:21Z",
"extendedEvidence": "Row 1:\n"
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "2.98",
"totalDataSizeKB": "27.09",
"currentBatch": 1,
"totalBatches": 1,
"cloudMetaData": {
"cloudProvider": "GCP",
"cloudService": "Compute Engine",
"cloudResourceId": "2182777093928348127",
"cloudResourceType": "Instance",
"cloudAccountId": "175127636344",
"cloudImageId": null,
"cloudResourceMetadata": "{'Public IP Address':'35.224.87.179', 'Private IP Address':'10.128.0.27', 'Machine Type':'e2-medium', 'Zone':'null', 'ProjectId':'qlys-devqa-qweb', 'State':'RUNNING', 'Network':'N/A', 'MAC Address':'null'}"
},
"CLOUD_RESOURCE_ID": "2182777093928348127"
}
]
API Request
curl -X POST "https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0&status=Passed" -H "accept: */*" -H "Authorization: Bearer Token" -H "Content-Type:application/json" -d "[{\"policyId\":\"<POLICY ID>\",\"subscriptionId\":\"<SUBSCRIPTION_ID>\",\"hostIds\":[\"<HOST ID1>\",\"<HOST ID2>\"]}]"
JSON Response
[ {
"id": 19029069,
"instance": "os",
"policyId": 1438626,
"policyTitle": "CPS -Test",
"netBios": "INSTANCE-20240223-173020",
"controlId": 1130,
"controlStatement": "Status of the 'telnet' service (Unix/Linux)",
"rationale": "'Telnet' is both a user command and a TCP/IP protocol, most commonly used for accessing remote computers via a command line interface (CLI) on tcp port 23. Telnet streams are transmitted in clear text including any uid/password input, so if a telnet session is used for privileged communication(s)/host configuration purposes, the entire session is susceptible to interception by eavesdroppers on the network. As this can lead to the session being hijacked or replayed by malicious users, this process should be disabled/restricted according to the needs of the business.",
"remediation": "Edit the file '/etc/inetd.conf' and add or comment the 'telnet' entry according to the business needs or organization's security policies.",
"category": "OS Security Settings",
"subCategory": "Performance Monitoring (All OSI Layers)",
"controlReference": null,
"technologyId": 346,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2024-10-04T09:47:33Z",
"lastPassDate": "2024-10-04T09:47:33Z",
"postureModifiedDate": "2024-10-04T09:47:33Z",
"lastEvaluatedDate": "2024-10-04T09:47:33Z",
"created": "2024-11-12T06:32:08Z",
"hostId": 4980343,
"ip": "34.133.253.84",
"trackingMethod": "AGENT",
"os": "Debian Linux 11.1",
"osCpe": null,
"domainName": "179.87.224.35.bc.googleusercontent.com",
"dns": "179.87.224.35.bc.googleusercontent.com",
"qgHostid": "4bd9e81e-12f8-4d8f-a51d-c475131a55b8",
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-10-04T09:39:21Z",
"customerUuid": "93f7ad53-1590-e3ac-83cd-322b91180e13",
"customerId": "1337821",
"assetId": 42078290,
"technology": {
"id": 346,
"name": "Debian GNU/Linux 11.x"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nDisabled (0)\n------------ OR ------------\nEnabled (1)\n------------ OR ------------\nSetting not found\n------------ OR ------------\nFile not found",
"currentValues": [
"File not found"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "2024-10-04T09:39:21Z",
"extendedEvidence": "Row 1:\n"
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "2.35",
"totalDataSizeKB": "20.78",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": "2182777093928348127"
}
]
API Request
curl -X POST "https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0&previousStatus=Passed" -H "accept: */*" -H "Authorization: Bearer Token" -H "Content-Type:application/json" -d "[{\"policyId\":\"<POLICY ID>\",\"subscriptionId\":\"<SUBSCRIPTION_ID>\",\"hostIds\":[\"<HOST ID1>\",\"<HOST ID2>\"]}]"
JSON Response
[ {
"id": 19029069,
"instance": "os",
"policyId": 1438626,
"policyTitle": "CPS -Test",
"netBios": "INSTANCE-20240223-173020",
"controlId": 1130,
"controlStatement": "Status of the 'telnet' service (Unix/Linux)",
"rationale": "'Telnet' is both a user command and a TCP/IP protocol, most commonly used for accessing remote computers via a command line interface (CLI) on tcp port 23. Telnet streams are transmitted in clear text including any uid/password input, so if a telnet session is used for privileged communication(s)/host configuration purposes, the entire session is susceptible to interception by eavesdroppers on the network. As this can lead to the session being hijacked or replayed by malicious users, this process should be disabled/restricted according to the needs of the business.",
"remediation": "Edit the file '/etc/inetd.conf' and add or comment the 'telnet' entry according to the business needs or organization's security policies.",
"category": "OS Security Settings",
"subCategory": "Performance Monitoring (All OSI Layers)",
"controlReference": null,
"technologyId": 346,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2024-10-04T09:47:33Z",
"lastPassDate": "2024-10-04T09:47:33Z",
"postureModifiedDate": "2024-10-04T09:47:33Z",
"lastEvaluatedDate": "2024-10-04T09:47:33Z",
"created": "2024-11-12T06:32:08Z",
"hostId": 4980343,
"ip": "34.133.253.84",
"trackingMethod": "AGENT",
"os": "Debian Linux 11.1",
"osCpe": null,
"domainName": "179.87.224.35.bc.googleusercontent.com",
"dns": "179.87.224.35.bc.googleusercontent.com",
"qgHostid": "4bd9e81e-12f8-4d8f-a51d-c475131a55b8",
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-10-04T09:39:21Z",
"customerUuid": "93f7ad53-1590-e3ac-83cd-322b91180e13",
"customerId": "1337821",
"assetId": 42078290,
"technology": {
"id": 346,
"name": "Debian GNU/Linux 11.x"
},
"criticality": {
"label": "SERIOUS",
"value": 3
},
"evidence": {
"expectedValues": "\nDisabled (0)\n------------ OR ------------\nEnabled (1)\n------------ OR ------------\nSetting not found\n------------ OR ------------\nFile not found",
"currentValues": [
"File not found"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "2024-10-04T09:39:21Z",
"extendedEvidence": "Row 1:\n"
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "2.35",
"totalDataSizeKB": "20.78",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": "2182777093928348127"
}
]
API Request
curl -X POST "https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0& criticalityValues=2" -H "accept: */*" -H "Authorization: Bearer Token" -H "Content-Type:application/json" -d "[{\"policyId\":\"<POLICY ID>\",\"subscriptionId\":\"<SUBSCRIPTION_ID>\",\"hostIds\":[\"<HOST ID1>\",\"<HOST ID2>\"]}]"
JSON Response
[
{
"id": 20244862,
"instance": "os",
"policyId": 1455059,
"policyTitle": "WINDOWS_IP_TRACKED_IPV4_POLICY_AG",
"netBios": "SYS_25_25_25_25",
"controlId": 1161,
"controlStatement": "Status of the 'Fax' service",
"rationale": "The Microsoft 'Fax' service provides a software-based facsimile service that can take system documents and send these out to a fax-recipient via a hardware modem and analog phone line. (One reported public exploit uses the Windows Picture and Fax Viewer (SHIMGVW.DLL) to execute code arbitrarily.) As this transfer capability can potentially compromise sensitive system documents, by transmitting information to unauthorized recipients and can be activated remotely, this capability should be restricted/set according to the needs of the business.",
"remediation": "Remove or disable the Fax (fax) service.",
"category": "OS Security Settings",
"subCategory": "Performance Monitoring (All OSI Layers)",
"controlReference": null,
"technologyId": 21,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2024-11-06T09:17:38Z",
"lastPassDate": "2024-11-06T09:20:57Z",
"postureModifiedDate": "2024-11-06T09:17:38Z",
"lastEvaluatedDate": "2024-11-06T09:20:57Z",
"created": "2024-11-12T07:38:05Z",
"hostId": 6396343,
"ip": "25.25.25.25",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:microsoft:windows_server_2008:r2::enterprise_x64:",
"domainName": "25-25-25-25.bogus.tld",
"dns": "25-25-25-25.bogus.tld",
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-11-06T09:12:22Z",
"customerUuid": "e57ba830-15e4-714c-8243-6d1740d3577e",
"customerId": "2309240",
"assetId": 50622236,
"technology": {
"id": 21,
"name": "Windows 2008 Server"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": {
"expectedValues": "\nAutomatic (2)\n------------ OR ------------\nAutomatic (Delayed Start) (21)\n------------ OR ------------\nManual (3)\n------------ OR ------------\nKey not found\n------------ OR ------------\nDisabled (4)",
"currentValues": [
"Key not found"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "2024-11-06T09:12:22Z",
"extendedEvidence": "Row 1:Service Name,Registry Key,Start Value,Delayed Start\nRow 2:Fax,HKLM\\SYSTEM\\CurrentControlSet\\Services\\Fax,,\n"
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "2.34",
"totalDataSizeKB": "7.61",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": null
}
]
API Request
curl -X POST "https://<qualys_base_url>/pcrs/3.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0& criticalityLabels= MEDIUM" -H "accept: */*" -H "Authorization: Bearer Token" -H "Content-Type:application/json" -d "[{\"policyId\":\"<POLICY ID>\",\"subscriptionId\":\"<SUBSCRIPTION_ID>\",\"hostIds\":[\"<HOST ID1>\",\"<HOST ID2>\"]}]"
JSON Response
[
{
"id": 20244862,
"instance": "os",
"policyId": 1455059,
"policyTitle": "WINDOWS_IP_TRACKED_IPV4_POLICY_AG",
"netBios": "SYS_25_25_25_25",
"controlId": 1161,
"controlStatement": "Status of the 'Fax' service",
"rationale": "The Microsoft 'Fax' service provides a software-based facsimile service that can take system documents and send these out to a fax-recipient via a hardware modem and analog phone line. (One reported public exploit uses the Windows Picture and Fax Viewer (SHIMGVW.DLL) to execute code arbitrarily.) As this transfer capability can potentially compromise sensitive system documents, by transmitting information to unauthorized recipients and can be activated remotely, this capability should be restricted/set according to the needs of the business.",
"remediation": "Remove or disable the Fax (fax) service.",
"category": "OS Security Settings",
"subCategory": "Performance Monitoring (All OSI Layers)",
"controlReference": null,
"technologyId": 21,
"status": "Passed",
"previousStatus": "Passed",
"firstFailDate": "",
"lastFailDate": "",
"firstPassDate": "2024-11-06T09:17:38Z",
"lastPassDate": "2024-11-06T09:20:57Z",
"postureModifiedDate": "2024-11-06T09:17:38Z",
"lastEvaluatedDate": "2024-11-06T09:20:57Z",
"created": "2024-11-12T07:38:05Z",
"hostId": 6396343,
"ip": "25.25.25.25",
"trackingMethod": "IP",
"os": null,
"osCpe": "cpe:/o:microsoft:windows_server_2008:r2::enterprise_x64:",
"domainName": "25-25-25-25.bogus.tld",
"dns": "25-25-25-25.bogus.tld",
"qgHostid": null,
"networkId": 0,
"networkName": "Global Default Network",
"complianceLastScanDate": "2024-11-06T09:12:22Z",
"customerUuid": "e57ba830-15e4-714c-8243-6d1740d3577e",
"customerId": "2309240",
"assetId": 50622236,
"technology": {
"id": 21,
"name": "Windows 2008 Server"
},
"criticality": {
"label": "MEDIUM",
"value": 2
},
"evidence": {
"expectedValues": "\nAutomatic (2)\n------------ OR ------------\nAutomatic (Delayed Start) (21)\n------------ OR ------------\nManual (3)\n------------ OR ------------\nKey not found\n------------ OR ------------\nDisabled (4)",
"currentValues": [
"Key not found"
],
"actualValues": null,
"directoryFimUdc": null,
"lastUpdated": "2024-11-06T09:12:22Z",
"extendedEvidence": "Row 1:Service Name,Registry Key,Start Value,Delayed Start\nRow 2:Fax,HKLM\\SYSTEM\\CurrentControlSet\\Services\\Fax,,\n"
"description": "The following Integer value X indicates the current value of the PASS_MIN_LEN setting as defined within the /etc/login.defs file."
},
"causeOfFailure": null,
"userDefinedAttributesList": null,
"currentDataSizeKB": "2.34",
"totalDataSizeKB": "7.61",
"currentBatch": 1,
"totalBatches": 1,
"CLOUD_RESOURCE_ID": null
}
]
The following table depicts the information about the different versions of this API along with the status:
| API Version | API Status | Release Date |
| /pcrs/1.0/posture/postureInfo? | To be deprecated | March 2025 |
| /pcrs/2.0/posture/postureInfo? | To be deprecated | May 2025 |
| /pcrs/3.0/posture/postureInfo? | Active | November 2024 |
Was this topic helpful?