Update an option profile which is in the user’s scope.
Permissions required - User must have WAS module enabled. User account must have these permissions: Access Permission “API Access” and "Update Option Profile".
The element “id” (integer) is required, where “id” identifies an option profile. Additional elements are optional and must be supplied in POST XML data. At least one of the following elements must be set: name, isDefault, owner, tags, formSubmission, maxCrawlRequests, userAgent, parameterSet, ignoreBinaryFiles, performance, bruteforceOption, bruteforceList, numberOfAttempts, detection, sensitiveContent, comments.
Click here for available operators
|
Parameter |
Mandatory /Optional |
Data Type |
Description |
|---|---|---|---|
|
id |
Optional |
integer |
The ID of the option profile. |
|
name |
Optional |
text |
The name given to the option profile. |
|
tags |
Optional |
|
Filter by tags applied. |
|
tags.id |
Optional |
integer |
ID of the tag assigned to option profile. |
|
tags.name |
Optional |
text |
Tag name assigned to option profile. |
|
owner.id |
Optional |
Long with operator: EQUALS, IN, NOT EQUALS, GREATER or LESSER |
ID of the owner who created the option profile. |
|
owner.name |
Optional |
text |
Full name of the user who created the option profile. |
|
owner.username |
Optional |
text |
Username of the owner who created the option profile. (like user_ab3). |
|
isDefault |
Optional |
Default option profile for the subscription |
|
|
formSubmission |
Optional |
keyword |
Type of form: None, Post, Get, POST& GET |
|
maxCrawlRequests |
Optional |
date |
Total number of links and forms to follow and test within the scan scope. If performing a Discovery Scan, this is the maximum links that will be crawled, as there will not be any testing performed |
|
userAgent |
Optional |
Stores the browser and OS details. |
|
|
parameterSet |
Optional |
A parameter set tells us the request parameter settings you would like us to inject into your web applications during scanning. We provide a default one and it is easy to configure more. Once defined just select the parameter set name in your scan's option profile. |
|
|
ignoreBinaryFiles |
Optional |
If you choose these option files with extension zip, pdf, doc are not scanned. |
|
|
performance |
Optional | keyword |
Scan Intensity: LOWEST, LOW, MEDIUM, HIGH, MAXIMUM. |
|
customPerformance* |
Optional |
Configure the custom intensity level for web application scans. Example: <customPerformance>
Note: performance and customPerformance are mutually exclusive parameters and cannot be used together. You can use only either of them for an option profile. |
|
|
numOfHttpThreads |
Optional | integer |
Number of threads to be used to scan each host. The valid range is from 1 to 10. |
|
delayBetweenRequests |
Optional | integer |
The duration of delay introduced by WAS in between the scanning engine requests sent to the applications server. The valid range is from 0 to 2000 milliseconds. |
|
bruteforceOption |
Optional |
The level of brute forcing you prefer with options ranging from "Minimal" to "Exhaustive". |
|
|
bruteforceList |
Optional | keyword: User List/SYSTEM LIST |
System list: we'll attempt to guess the password for each detected login ID. User list: to select a bruteforce list defined in your account . |
|
numberOfAttempts |
Optional |
The threshold to be reached before stopping the scan. If you deactivate this settings, the scan will keep running no matter how many errors it will find. |
|
|
detection |
Optional | keyword |
Select if scans launched with this profile shall perform a full assessment for all WAS detections the engine is able to discover, or if the scan shall focus on the detection of specific vulnerabilities and/or information: Core, Categories, Custom Search list, XSS Power Mode, Everything. If <detectionScope> is present then the detection scope = CORE or EVERYTHING <detection> If <includedSearchLists> or <excludedSearchLists> are present then the detection scope = CUSTOM If <detectionCategories> is present then the detection scope = CATEGORY if <xssPowerMode> is true then the detection scope = XSS Note: The <includedSearchLists>, <excludedSearchLists>, <detectionCategories>, <xssPowerMode>, <detectionScope> elements are mutually exclusive elements. |
|
enableXssPayloads |
Optional | boolean |
A flag to indicate if XSS payloads should be enabled or disabled during the scan. If the flag is set to true, comprehensive tests for cross-site scripting vulnerabilities are executed during the scan. Example: <detection> <detectionScope>CORE</detectionScope> <enableXssPayloads>true</enableXssPayloads> </detection> |
|
sensitiveContent |
Optional |
Credit Card Numbers, Social Security Numbers (US), Custom Contents. |
|
|
keywordsUrlSearch |
Optional | text |
Specify keywords in the form of strings and regular expressions to search for URL links that contains the specified keyword. Currently, we search for keywords only in the internal links that are found in the crawling phase for target web applications in a Discovery/Vulnerability scan. You can enter a maximum of 10 keywords where each keyword appears on a separate line. A keyword should be 5 to 200 characters long. During a Discovery/Vulnerability scan, we search for these keywords and report all the unique links that contain the specified keywords in the Get Finding Details API output under information gathered QID 150141. Note that we show the crawled links under QID 150009. |
|
enhancedCrawling |
Optional | boolean |
Improve scan coverage for your web application with the enhanced crawling enabled. We will re-crawl individual directories present in the links which are found during crawling. For example, if the following link is found during crawling: https://www.example.com/foo/abc/xyz/register.php If the enhanced crawling is enabled, it will first make a request to https://www.example.com/foo/abc/xyz and will then remove the directory "xyz/" from the URL and crawl, https://www.example.com/foo/abc/ and later it will further remove "abc/" and will crawl https://www.example.com/foo/. All the links found during this process of removal and re-crawling will get added to the crawl queue thus improving the scan coverage. |
|
comments |
Optional |
User-defined comments. |
Change the option profile name to “Update Option Profile - title” for option profile ID 832265669.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST"--data-binary@-
"<qualys_base_url>/qps/rest/3.0/update/was/optionprofile/832265669" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<OptionProfile>
<name>
<![CDATA[Update Option Profile - title ]]>
</name>
</OptionProfile>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>832265669</id>
</OptionProfile>
</data>
</ServiceResponse>
Update multiple option profile settings for option profile ID 832275669.
API request
url -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST"--data-binary@-
"<qualys_base_url>/qps/rest/3.0/update/was/optionprofile/832275669" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<OptionProfile>
<name>
<![CDATA[My Option Profile - All Fields]]>
</name>
<formSubmission>BOTH</formSubmission>
<maxCrawlRequests>100</maxCrawlRequests>
<performance>HIGH</performance>
<bruteforceOption>USER_DEFINED</bruteforceOption>
<parameterSet>
<id>15669</id>
</parameterSet>
<isDefault>false</isDefault>
<ignoreBinaryFiles>false</ignoreBinaryFiles>
<userAgent>
<![CDATA[Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36]]>
</userAgent>
<tags>
<set>
<Tag>
<id>75521225669</id>
</Tag>
</set>
</tags>
<sensitiveContent>
<customContents>zip code</customContents>
</sensitiveContent>
<comments>
<set>
<Comment>
<contents>
<![CDATA[Comment 2]]>
</contents>
</Comment>
</set>
</comments>
<bruteforceList>
<id>74005669</id>
</bruteforceList>
<detection>
<includedSearchLists>
<set>
<SearchList>
<id>3496185669</id>
</SearchList>
</set>
</includedSearchLists>
<excludedSearchLists>
<set>
<SearchList>
<id>3496175669</id>
</SearchList>
<SearchList>
<id>3496165669</id>
</SearchList>
</set>
</excludedSearchLists>
</detection>
</OptionProfile>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>832275669</id>
</OptionProfile>
</data>
</ServiceRequest>
Update the option profile owner.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST"--data-binary@-
"<qualys_base_url>/qps/rest/3.0/update/was/optionprofile/123456" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<OptionProfile>
<owner>
<id>123456</id>
</owner>
</OptionProfile>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>123456</id>
</OptionProfile>
</data>
</ServiceResponse>
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST"--data-binary@-
"<qualys_base_url>/qps/rest/3.0/update/was/optionprofile/452933" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<OptionProfile>
<name>
<![CDATA[My OP - with custom threshold values]]>
</name>
<timeoutErrorThreshold>200</timeoutErrorThreshold>
<unexpectedErrorThreshold>20</unexpectedErrorThreshold>
</OptionProfile>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>452933</id>
</OptionProfile>
</data>
</ServiceResponse>
Update the Option Profile to disable Action URI.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml"-X "POST"--data-binary@-
"<qualys_base_url>/qps/rest/3.0/update/was/optionprofile/176683" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<OptionProfile>
<name>
<![CDATA[My Option Profile - with action URI]]>
</name>
<includeActionUriInFormId>false</includeActionUriInFormId>
</OptionProfile>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/
XMLSchema-instance"xsi:noNamespaceSchemaLocation="<qualys_base_url>/portal-api/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>176683</id>
</OptionProfile>
</data>
</ServiceResponse>
Update the detection scope in the Option Profile.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml"-X "POST"--data-binary@-
"<qualys_base_url>/qps/rest/3.0/update/was/optionprofile/176683" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<?xml version="1.0" encoding="UTF-8"?>
<ServiceRequest>
<data>
<OptionProfile>
<detection>
<detectionCategories>
<remove>
<DetectionCategory>
<name>Denial of Service</name>
</DetectionCategory>
</remove>
<add>
<DetectionCategory>
<name>SQL Injection</name>
</DetectionCategory>
</add>
</detectionCategories>
</detection>
</OptionProfile>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance"
xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd
/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>305786</id>
</OptionProfile>
</data>
</ServiceResponse>
Let us update an Option Profile with customized scan intensity.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml"-X "POST"--data-binary@-
"<qualys_base_url>/qps/rest/3.0/update/was/optionprofile/1608560" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<OptionProfile>
<name>
<![CDATA[Update Option Profile with Custom Scan Intensity]]>
</name>
<customPerformance>
<numOfHttpThreads>10</numOfHttpThreads>
<delayBetweenRequests>20</delayBetweenRequests>
</customPerformance>
</OptionProfile>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>1608560</id>
</OptionProfile>
</data>
</ServiceResponse>
Let us update an Option Profile with customized scan intensity.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST"--data-binary@-
"<qualys_base_url>/qps/rest/3.0/update/was/optionprofile/832265669" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<OptionProfile>
<enhancedCrawling>false</enhancedCrawling>
</OptionProfile>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>832265669</id>
</OptionProfile>
</data>
</ServiceResponse>
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST"--data-binary@-
"<qualys_base_url>/qps/rest/3.0/update/was/optionprofile/832265669" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<OptionProfile>
<detection>
<detectionScope>EVERYTHING</detectionScope>
</detection>
</OptionProfile>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>832265669</id>
</OptionProfile>
</data>
</ServiceResponse>
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST"--data-binary@-
"<qualys_base_url>/qps/rest/3.0/update/was/optionprofile/16003" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<OptionProfile>
<name>Sample Option Profile With XSS Payloads</name>
<detection>
<detectionScope>CORE</detectionScope>
<enableXssPayloads>true</enableXssPayloads>
</detection>
</OptionProfile>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>16003</id>
</OptionProfile>
</data>
</ServiceResponse>
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST"--data-binary@-
"<qualys_base_url>/qps/rest/3.0/update/was/optionprofile" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<data>
<OptionProfile>
<detection>
<detectionCategories>
<set>
<DetectionCategory>
<name>SSL/TLS and Certificate issues</name>
</DetectionCategory>
</set>
</detectionCategories>
</detection>
</OptionProfile>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/optionprofile.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<OptionProfile>
<id>897483</id>
</OptionProfile>
</data>
</ServiceResponse>
<platform API server>/qps/xsd/3.0/was/optionprofile.xsd