Create a New Option Profile
Create a new option profile.
Permissions required: User must have WAS module enabled. User account must have these permissions:
- Access Permission API Access
- Create Option Profile
Input ParametersInput Parameters
The element name (text) and OptionProfile is required, where name is option profile name.
Sample - Create - minimum criteria (POST)Sample - Create - minimum criteria (POST)
Create a new option profile with the name My Option Profile - with defaults. The default option profile settings are assigned automatically.
API request:
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary@-
"<qualys_base_url>/qps/rest/3.0/create/was/optionprofile/" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data:
<ServiceRequest>
<data>
<OptionProfile>
<name>
<![CDATA[My Option Profile - with defaults]]>
</name>
</OptionProfile>
</data>
</ServiceRequest>
XML response:
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>832265669</id>
<name>
<![CDATA[My Option Profile - with defaults]]>
</name>
<owner>
<id>8792415669</id>
<username>user_alex</username>
<firstName>
<![CDATA[Alex]]>
</firstName>
<lastName>
<![CDATA[Smith]]>
</lastName>
</owner>
<isDefault>false</isDefault>
<tags>
<count>0</count>
</tags>
<formSubmission>BOTH</formSubmission>
<maxCrawlRequests>300</maxCrawlRequests>
<timeoutErrorThreshold>20</timeoutErrorThreshold>
<unexpectedErrorThreshold>48</unexpectedErrorThreshold>
<parameterSet>
<id>0</id>
<name>
<![CDATA[Initial Parameters]]>
</name>
</parameterSet>
<ignoreBinaryFiles>false</ignoreBinaryFiles>
<performance>LOW</performance>
<bruteforceOption>MINIMAL</bruteforceOption>
<comments>
<count>0</count>
</comments>
<sensitiveContent>
<creditCardNumber>false</creditCardNumber>
<socialSecurityNumber>false</socialSecurityNumber>
</sensitiveContent>
<createdDate>2018-09-08T22:03:01Z</createdDate>
<createdBy>
<id>8792415669</id>
<username>user_alex</username>
<firstName>
<![CDATA[Alex]]>
</firstName>
<lastName>
<![CDATA[Smith]]>
</lastName>
</createdBy>
<updatedDate>2018-09-08T22:03:01Z</updatedDate>
<updatedBy>
<id>8792415669</id>
<username>user_alex</username>
<firstName>
<![CDATA[Alex]]>
</firstName>
<lastName>
<![CDATA[Smith]]>
</lastName>
</updatedBy>
</OptionProfile>
</data>
</ServiceResponse>
Sample - Create - multiple criteria (POST)Sample - Create - multiple criteria (POST)
Create a new option profile with the name My Option Profile - All Fields. The name setting is required in the request data, other settings are optional.
API request:
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary@-
"<qualys_base_url>/qps/rest/3.0/create/was/optionprofile/" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data:
<ServiceRequest>
<data>
<OptionProfile>
<name>
<![CDATA[My Option Profile - All Fields]]>
</name>
<timeoutErrorThreshold>22</timeoutErrorThreshold>
<unexpectedErrorThreshold>50</unexpectedErrorThreshold>
<formSubmission>BOTH</formSubmission>
<maxCrawlRequests>200</maxCrawlRequests>
<performance>LOW</performance>
<bruteforceOption>USER_DEFINED</bruteforceOption>
<parameterSet>
<id>15669</id>
</parameterSet>
<isDefault>true</isDefault>
<ignoreBinaryFiles>true</ignoreBinaryFiles>
<userAgent>
<![CDATA[Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36]]>
</userAgent>
<tags>
<set>
<Tag>
<id>75521225669</id>
</Tag>
</set>
</tags>
<sensitiveContent>
<customContents>zip code</customContents>
</sensitiveContent>
<comments>
<set>
<Comment>
<contents>
<![CDATA[Some Comment]]>
</contents>
</Comment>
</set>
</comments>
<bruteforceList>
<id>74005669</id>
</bruteforceList>
<detection>
<includedSearchLists>
<set>
<SearchList>
<id>3496185669</id>
</SearchList>
</set>
</includedSearchLists>
<excludedSearchLists>
<set>
<SearchList>
<id>3496175669</id>
</SearchList>
<SearchList>
<id>3496165669</id>
</SearchList>
</set>
</excludedSearchLists>
</detection>
</OptionProfile>
</data>
</ServiceRequest>
XML response:
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>832275669</id>
<name>
<![CDATA[My Option Profile - All Fields]]>
</name>
<owner>
<id>8792415669</id>
<username>user_cindy</username>
<firstName>
<![CDATA[Cindy]]>
</firstName>
<lastName>
<![CDATA[Green]]>
</lastName>
</owner>
<isDefault>true</isDefault>
<tags>
<count>1</count>
<list>
<Tag>
<id>75521225669</id>
<name>
<![CDATA[Business Units]]>
</name>
</Tag>
</list>
</tags>
<formSubmission>BOTH</formSubmission>
<maxCrawlRequests>200</maxCrawlRequests>
<timeoutErrorThreshold>22</timeoutErrorThreshold>
<unexpectedErrorThreshold>50</unexpectedErrorThreshold>
<userAgent>
<![CDATA[Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36]]>
</userAgent>
<parameterSet>
<id>15669</id>
<name>
<![CDATA[Custom Parameters]]>
</name>
</parameterSet>
<ignoreBinaryFiles>true</ignoreBinaryFiles>
<performance>LOW</performance>
<bruteforceOption>USER_DEFINED</bruteforceOption>
<bruteforceList>
<id>74005669</id>
<name>
<![CDATA[BFL]]>
</name>
</bruteforceList>
<detection>
<includedSearchLists>
<count>1</count>
<list>
<SearchList>
<id>3496185669</id>
</SearchList>
</list>
</includedSearchLists>
<excludedSearchLists>
<count>2</count>
<list>
<SearchList>
<id>3496175669</id>
</SearchList>
<SearchList>
<id>3496165669</id>
</SearchList>
</list>
</excludedSearchLists>
</detection>
<comments>
<count>1</count>
<list>
<Comment>
<contents>
<![CDATA[Some Comment]]>
</contents>
</Comment>
</list>
</comments>
<sensitiveContent>
<creditCardNumber>false</creditCardNumber>
<socialSecurityNumber>false</socialSecurityNumber>
<customContents>zip code</customContents>
</sensitiveContent>
<createdDate>2017-09-08T22:31:06Z</createdDate>
<createdBy>
<id>8792415669</id>
<username>user_cindy</username>
<firstName>
<![CDATA[Cindy]]>
</firstName>
<lastName>
<![CDATA[Green]]>
</lastName>
</createdBy>
<updatedDate>2017-09-08T22:31:07Z</updatedDate>
<updatedBy>
<id>8792415669</id>
<username>user_cindy</username>
<firstName>
<![CDATA[Cindy]]>
</firstName>
<lastName>
<![CDATA[Green]]>
</lastName>
</updatedBy>
</OptionProfile>
</data>
</ServiceResponse>
Sample - Create - disable error threshold values, set to 0 (POST)Sample - Create - disable error threshold values, set to 0 (POST)
API request:
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST"--data-binary@-"<qualys_base_url>/qps/rest/3.0/create/was/optionprofile/" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data:
<ServiceRequest>
<data>
<OptionProfile>
<name>
<![CDATA[My OP - with no threshold specified]]>
</name>
<timeoutErrorThreshold>0</timeoutErrorThreshold>
<unexpectedErrorThreshold>0</unexpectedErrorThreshold>
</OptionProfile>
</data>
</ServiceRequest>
XML response:
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>453133</id>
<name>
<![CDATA[My OP - with no threshold specified]]>
</name>
<owner>
<id>4354</id>
<username>user_amy</username>
<firstName>
<![CDATA[Amy]]>
</firstName>
<lastName>
<![CDATA[Kim]]>
</lastName>
</owner>
<isDefault>false</isDefault>
<tags>
<count>0</count>
</tags>
<formSubmission>BOTH</formSubmission>
<maxCrawlRequests>300</maxCrawlRequests>
<parameterSet>
<id>0</id>
<name>
<![CDATA[Initial Parameters]]>
</name>
</parameterSet>
<ignoreBinaryFiles>false</ignoreBinaryFiles>
<performance>LOW</performance>
<bruteforceOption>MINIMAL</bruteforceOption>
<comments>
<count>0</count>
</comments>
<sensitiveContent>
<creditCardNumber>false</creditCardNumber>
<socialSecurityNumber>false</socialSecurityNumber>
</sensitiveContent>
<createdDate>2017-11-07T01:29:24Z</createdDate>
<createdBy>
...
Sample - Create - enable SmartScan (POST)Sample - Create - enable SmartScan (POST)
Want to use SmartScan? This feature must be enabled for your subscription. We can help you with this quickly, just contact your Technical Account Manager or Qualys Support.
API request:
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>453133</id>
<name>
<![CDATA[My OP - with no threshold specified]]>
</name>
<owner>
<id>4354</id>
<username>user_amy</username>
<firstName>
<![CDATA[Amy]]>
</firstName>
<lastName>
<![CDATA[Kim]]>
</lastName>
</owner>
<isDefault>false</isDefault>
<tags>
<count>0</count>
</tags>
<formSubmission>BOTH</formSubmission>
<maxCrawlRequests>300</maxCrawlRequests>
<parameterSet>
<id>0</id>
<name>
<![CDATA[Initial Parameters]]>
</name>
</parameterSet>
<ignoreBinaryFiles>false</ignoreBinaryFiles>
<performance>LOW</performance>
<bruteforceOption>MINIMAL</bruteforceOption>
<comments>
<count>0</count>
</comments>
<sensitiveContent>
<creditCardNumber>false</creditCardNumber>
<socialSecurityNumber>false</socialSecurityNumber>
</sensitiveContent>
<createdDate>2017-11-07T01:29:24Z</createdDate>
<createdBy>
...
Request POST data:
<ServiceRequest>
<data>
<OptionProfile>
<name>
<![CDATA[My OP - with no threshold specified]]>
</name>
<timeoutErrorThreshold>0</timeoutErrorThreshold>
<unexpectedErrorThreshold>0</unexpectedErrorThreshold>
</OptionProfile>
</data>
</ServiceRequest>
XML response:
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>453133</id>
<name>
<![CDATA[My OP - with no threshold specified]]>
</name>
<owner>
<id>4354</id>
<username>user_amy</username>
<firstName>
<![CDATA[Amy]]>
</firstName>
<lastName>
<![CDATA[Kim]]>
</lastName>
</owner>
<isDefault>false</isDefault>
<tags>
<count>0</count>
</tags>
<formSubmission>BOTH</formSubmission>
<maxCrawlRequests>300</maxCrawlRequests>
<parameterSet>
<id>0</id>
<name>
<![CDATA[Initial Parameters]]>
</name>
</parameterSet>
<ignoreBinaryFiles>false</ignoreBinaryFiles>
<performance>LOW</performance>
<bruteforceOption>MINIMAL</bruteforceOption>
<comments>
<count>0</count>
</comments>
<sensitiveContent>
<creditCardNumber>false</creditCardNumber>
<socialSecurityNumber>false</socialSecurityNumber>
</sensitiveContent>
<createdDate>2017-11-07T01:29:24Z</createdDate>
<createdBy>
...
Sample - Create - enable action URI (POST)Sample - Create - enable action URI (POST)
Create a new option profile with the name My Option Profile to include action URI. The default option profile settings are assigned automatically.
API request:
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST"--data-binary@-
"<qualys_base_url>/qps/rest/3.0/create/was/optionprofile/" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data:
<ServiceRequest>
<data>
<OptionProfile>
<name>My Option Profile</name>
<smartScanSupport>true</smartScanSupport>
<smartScanDepth>10</smartScanDepth>
</OptionProfile>
</data>
</ServiceRequest>
XML response:
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>467333</id>
<name>
<![CDATA[My Option Profile]]>
</name>
<owner>
<id>4354</id>
<username>user_aril</username>
<firstName>
<![CDATA[Ari]]>
</firstName>
<lastName>
<![CDATA[Smith]]>
</lastName>
</owner>
<isDefault>false</isDefault>
<tags>
<count>0</count>
</tags>
<formSubmission>BOTH</formSubmission>
<maxCrawlRequests>300</maxCrawlRequests>
<timeoutErrorThreshold>100</timeoutErrorThreshold>
<unexpectedErrorThreshold>300</unexpectedErrorThreshold>
<parameterSet>
<id>15601</id>
<name>
<![CDATA[Test Paramset]]>
</name>
</parameterSet>
<ignoreBinaryFiles>false</ignoreBinaryFiles>
<smartScanSupport>true</smartScanSupport>
<smartScanDepth>10</smartScanDepth>
<performance>LOW</performance>
<bruteforceOption>MINIMAL</bruteforceOption>>
...
Sample - Create - associate pre-defined detection categorySample - Create - associate pre-defined detection category
Create a new option profile and associate pre-defined detection categories with Option Profile.
|
Element |
Description |
|---|---|
|
detectionCategory={Keyword} |
We now support the following new detection categories in your option profile:
|
|
<detectionCategories> is mutually exclusive with <includedSearchLists> and <excludedSearchLists>. |
API request:
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml"-X "POST"--data-binary @-
"<qualys_base_url>/qps/rest/3.0/create/was/optionprofile" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data:
<ServiceRequest>
<data>
<OptionProfile>
<name>sample option profile with detection category</name>
<detection>
<detectionCategories>
<set>
<DetectionCategory>
<name>Denial of Service</name>
</DetectionCategory>
</set>
</detectionCategories>
</detection>
</OptionProfile>
</data>
</ServiceRequest>
XML response:
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance"
xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd
/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<count>1</count>
<data>
<OptionProfile>
<id>305785</id>
<name>
<![CDATA[Sample option profile with detection category]]>
</name>
<owner>
<id>2501086</id>
<username>user_john</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</owner>
...
<detection>
<detectionCategories>
<count>1</count>
<set>
<DetectionCategory>
<id>154</id>
<name>Denial of Service</name>
</DetectionCategory>
</set>
</detectionCategories>
</detection>
<comments>
<count>0</count>
</comments>
...
</OptionProfile>
</data>
</ServiceResponse>
Sample - Create an option profile with XSS Power Mode detection scopeSample - Create an option profile with XSS Power Mode detection scope
You can execute specialized scan that performs comprehensive tests for cross-site scripting vulnerabilities using the new option profile with XSS Power Mode detection scope that we have introduced. The detection scope performs tests using the standard XSS payloads, which detect the most common instances of XSS, but also with additional payloads that can identify XSS in certain, less-common situations. Running a scan with option profile that has XSS Power Mode detection scope will provide the best assurance that your web application is free from XSS vulnerabilities.
To launch a scan in the XSS power mode, you need to set the <xssPowerMode> element to true under <detection> element.
Note: The includedSearchLists/excludeSearchLists, detectionCategories, xssPowerMode elements are mutually exclusive elements. Thus, you can set only one of the elements. under detection element.
API request:
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --databinary@- "<qualys_base_url>/qps/rest/3.0/create/was/optionprofile" < file.xml Note: “file.xml” contains the request POST data.
Request POST data:
<ServiceRequest>
<data>
<OptionProfile>
<name>Sample Option Profile With XSS</name>
<detection>
<xssPowerMode>true</xssPowerMode>
</detection>
</OptionProfile>
</data>
</ServiceRequest>
XML response:
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>1045129</id>
<name>
<![CDATA[Launch XSS Power Mode Scan]]>
</name>
<owner>
<id>412791</id>
<username>user_john</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</owner>
<isDefault>false</isDefault>
<tags>
<count>0</count>
</tags>
<formSubmission>BOTH</formSubmission>
<maxCrawlRequests>300</maxCrawlRequests>
<timeoutErrorThreshold>100</timeoutErrorThreshold>
<unexpectedErrorThreshold>300</unexpectedErrorThreshold>
<parameterSet>
<id>0</id>
<name>
<![CDATA[Initial Parameters]]>
</name>
</parameterSet>
<ignoreBinaryFiles>false</ignoreBinaryFiles>
<includeActionUriInFormId>false</includeActionUriInFormId>
<smartScanSupport>false</smartScanSupport>
<performance>LOW</performance>
<bruteforceOption>MINIMAL</bruteforceOption>
<detection>
<xssPowerMode>true</xssPowerMode>
</detection>
<comments>
<count>0</count>
</comments>
<sensitiveContent>
<creditCardNumber>false</creditCardNumber>
<socialSecurityNumber>false</socialSecurityNumber>
</sensitiveContent>
<createdDate>2018-07-25T03:45:12Z</createdDate>
<createdBy>
<owner>
<id>412791</id>
<username>user_john</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</owner>
</createdBy>
<updatedDate>2018-07-25T03:45:12Z</updatedDate>
<updatedBy>
<owner>
<id>412791</id>
<username>user_john</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</owner>
</updatedBy>
</OptionProfile>
</data>
</ServiceResponse>
Sample - Enabling XSS Payloads for standard scanSample - Enabling XSS Payloads for standard scan
You can enable comprehensive tests for cross-site scripting vulnerabilities to be executed during our standard scan using the new parameter in option profile. The comprehensive tests includes XSS with exhaustive set of payloads including set of standard payloads. Running a scan with XSS payloads option enabled in the detection scope of standard scan will provide the best assurance that your web application is free from XSS vulnerabilities. However, enabling this option leads to significant increase in the scan time.
|
Element |
Description |
|---|---|
|
enableXssPayloads |
(boolean) A flag to indicate if XSS payloads should be enabled or disabled during the scan. If the flag is set to true, comprehensive tests for cross-site scripting vulnerabilities are executed during the scan. Example:
|
Let us create an option profile to launch a standard scan with comprehensive tests for cross-site scripting vulnerabilities enabled.
API request:
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --databinary@- "<qualys_base_url>/qps/rest/3.0/create/was/optionprofile" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data:
<ServiceRequest>
<data>
<OptionProfile>
<name>Sample Option Profile With XSS Payloads</name>
<detection>
<detectionScope>CORE</detectionScope>
<enableXssPayloads>true</enableXssPayloads>
</detection>
</OptionProfile>
</data>
</ServiceRequest>
XML response:
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>81333</id>
<name>
<![CDATA[Launch Scan with XSS Payloads enabled]]>
</name>
<owner>
<id>412791</id>
<username>user_john</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</owner>
<isDefault>false</isDefault>
<tags>
<count>0</count>
</tags>
<formSubmission>BOTH</formSubmission>
<maxCrawlRequests>300</maxCrawlRequests>
<timeoutErrorThreshold>100</timeoutErrorThreshold>
<unexpectedErrorThreshold>300</unexpectedErrorThreshold>
<parameterSet>
<id>0</id>
<name>
<![CDATA[Initial Parameters]]>
</name>
</parameterSet>
<ignoreBinaryFiles>false</ignoreBinaryFiles>
<includeActionUriInFormId>false</includeActionUriInFormId>
<enhancedCrawling>false</enhancedCrawling>
<smartScanSupport>false</smartScanSupport>
<performance>LOW</performance>
<bruteforceOption>MINIMAL</bruteforceOption>
<detection>
<detectionScope>CORE</detectionScope>
<enableXssPayloads>true</enableXssPayloads>
</detection>
<comments>
<count>0</count>
</comments>
<sensitiveContent>
<creditCardNumber>false</creditCardNumber>
<socialSecurityNumber>false</socialSecurityNumber>
</sensitiveContent>
<createdDate>2019-10-04T11:11:59Z</createdDate>
<createdBy>
<owner>
<id>412791</id>
<username>user_john</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</owner>
</createdBy>
<updatedDate>2018-07-25T03:45:12Z</updatedDate>
<updatedBy>
<owner>
<id>412791</id>
<username>user_john</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</owner>
</updatedBy>
</OptionProfile>
</data>
</ServiceResponse>
Sample - Create an option profile with custom scan intensitySample - Create an option profile with custom scan intensity
You can define your custom scan intensity in the option profile and thus control the scan performance accordingly to your configured settings. Using our new parameter <customperformance> you can further configure the number of threads to be used to scan each host and the delay between requests.
API request:
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --databinary@- "<qualys_base_url>/qps/rest/3.0/create/was/optionprofile" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data:
<ServiceRequest>
<data>
<OptionProfile>
<name>
<![CDATA[Option Profile with Custom Scan Intensity]]>
</name>
<customPerformance>
<numOfHttpThreads>5</numOfHttpThreads>
<delayBetweenRequests>100</delayBetweenRequests>
</customPerformance>
</OptionProfile>
</data>
</ServiceRequest>
XML response:
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>1608560</id>
<name>
<![CDATA[Option Profile with Custom Scan Intensity]]>
</name>
…
<smartScanSupport>false</smartScanSupport>
<customPerformance>
<numOfHttpThreads>5</numOfHttpThreads>
<delayBetweenRequests>100</delayBetweenRequests>
</customPerformance>
<bruteforceOption>MINIMAL</bruteforceOption>
…
</OptionProfile>
</data>
</ServiceResponse>
Sample - Create an option profile with Enhanced Crawling enabledSample - Create an option profile with Enhanced Crawling enabled
API request:
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --databinary@- "<qualys_base_url>/qps/rest/3.0/create/was/optionprofile" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data:
<ServiceRequest>
<data>
<OptionProfile>
<name>
<![CDATA[Sample Option Profile]]>
</name>
<enhancedCrawling>true</enhancedCrawling>
</data>
</ServiceRequest>
XML response:
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>78110</id>
<name>
<![CDATA[Sample Option Profile]]>
</name>
<owner>
<id>337590</id>
<username>user_john</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</owner>
<isDefault>false</isDefault>
<tags>
<count>0</count>
</tags>
<formSubmission>BOTH</formSubmission>
<maxCrawlRequests>300</maxCrawlRequests>
<timeoutErrorThreshold>100</timeoutErrorThreshold>
<unexpectedErrorThreshold>300</unexpectedErrorThreshold>
<parameterSet>
<id>0</id>
<name>
<![CDATA[Initial Parameters]]>
</name>
</parameterSet>
<ignoreBinaryFiles>false</ignoreBinaryFiles>
<includeActionUriInFormId>false</includeActionUriInFormId>
<enhancedCrawling>true</enhancedCrawling>
<smartScanSupport>false</smartScanSupport>
<performance>LOW</performance>
<bruteforceOption>MINIMAL</bruteforceOption>
<detection/>
<comments>
<count>0</count>
</comments>
...
</lastName>
</updatedBy>
</OptionProfile>undefined</data>undefined</ServiceResponse>
Sample - Create - Everything as detection scopeSample - Create - Everything as detection scope
API request:
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --databinary@- "<qualys_base_url>/qps/rest/3.0/create/was/optionprofile" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data:
<ServiceRequest>
<data>
<OptionProfile>
<name>
<![CDATA[Sample Option Profile]]>
</name>
<detection>
<detectionScope>EVERYTHING</detectionScope>
</detection>
</OptionProfile>
</data>
</ServiceRequest>
XML response:
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>78744</id>
<name>
<![CDATA[Sample Option Profile]]>
</name>
<owner>
<id>337590</id>
<username>user_john</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</owner>
<isDefault>false</isDefault>
<tags>
<count>0</count>
</tags>
<formSubmission>BOTH</formSubmission>
<maxCrawlRequests>300</maxCrawlRequests>
<timeoutErrorThreshold>100</timeoutErrorThreshold>
<unexpectedErrorThreshold>300</unexpectedErrorThreshold>
<parameterSet>
<id>0</id>
<name>
<![CDATA[Initial Parameters]]>
</name>
</parameterSet>
<ignoreBinaryFiles>false</ignoreBinaryFiles>
<includeActionUriInFormId>false</includeActionUriInFormId>
<enhancedCrawling>false</enhancedCrawling>
<smartScanSupport>false</smartScanSupport>
<performance>LOW</performance>
<bruteforceOption>MINIMAL</bruteforceOption>
<detection>
<detectionScope>EVERYTHING</detectionScope>
</detection>
<comments>
<count>0</count>
</comments>
...
</updatedBy>
</OptionProfile>
</data>undefined</ServiceResponse>
Sample - Create - SSL/TLS and Certificate issuesSample - Create - SSL/TLS and Certificate issues
You can execute specialized scan that performs tests for SSL/TLS and Certificate related vulnerabilities using the option profile with SSL/TLS and Certificate category configured in the API request.
API request:
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --databinary@- "<qualys_base_url>/qps/rest/3.0/create/was/optionprofile" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data:
<ServiceRequest>
<data>
<OptionProfile>
<name>
<![CDATA[Option Profile with SSL data]]>
</name>
<detection>
<detectionCategories>
<set>
<DetectionCategory>
<name>SSL/TLS and Certificate issues</name>
</DetectionCategory>
</set>
</detectionCategories>
</detection>
</OptionProfile>
</data>
</ServiceRequest>
XML response:
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>897483</id>
<name>
<![CDATA[My Option Profile - SSL data]]>
</name>
<owner>
<id>412791</id>
<username>user_john</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</owner>
<isDefault>false</isDefault>
<tags>
<count>0</count>
</tags>
...
<detection>
<detectionCategories>
<count>1</count>
<list>
<DetectionCategory>
<id>152</id>
<name>SSL/TLS and Certificate issues</name>
</DetectionCategory>
</list>
</detectionCategories>
<enableXssPayloads>false</enableXssPayloads>
</detection>
...
</OptionProfile>
</data>
</ServiceResponse>
XSD
<platform API server>/qps/xsd/3.0/was/optionprofile.xsd