With this API, you can list evaluation fields for technology associated with a specified control within a policy section.
|
Parameter |
Required/Optional |
Data Type |
Description |
|---|---|---|---|
| policyId={value} | Required | Integer | The ID of the policy from which you want to retrieve evaluation fields for technology associated with a specified control within a policy section. |
| sectionNumber={value} | Required | Integer | Enter the section number for which you want to obtain technology evaluation fields. |
| controlId={value} | Required | Integer | Enter the ID of the control within policy section for which you want to retrieve technology evaluation fields. |
| technologyId={value} | Required | Integer | Enter a valid technology ID for which you want to retrieve technology evaluation fields. |
API Request
curl -X 'GET' \
'<qualys_base_url>/pcas/v3/policy/section/control/technology/evaluation?policyId=5656121§ionNumber=1&controlId=1048&technologyId=54' \ -H
'accept: application/json' \ -H 'Authorization: BearerXML Output
{
"controlId": 1071,
"sectionNumber": 1,
"controlNumber": 1,
"statement": "Status of the 'Minimum Password Length' setting",
"criticality": "URGENT",
"isControlDisable": false,
"technologies": [
{
"technologyId": 1,
"technologyName": "Windows XP desktop",
"evaluate": {
"dp": {
"k": "win.auth.passwords.minlen",
"v": [
"0"
],
"l": 0,
"description": "The following Integer value <B>X</B> indicates the current status of the <B>Minimum Password Length (min_pass_len)</B> setting for local accounts.",
"op": "ge",
"fv": [
{
"value": "161803399999999",
"set": "0",
"description": "Attribute not found"
}
]
}
},
"remediation": "To establish the recommended configuration via GP, set the following UI path to 14 or more character(s):\n\n\tComputer Configuration\\Policies\\Windows Settings\\Security Settings\\Account Policies\\Password Policy\\Minimum password length",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack."
}
]
}