You can schedule a Multi-Scan to run automatically, on a regular basis. This way you always have the most up-to-date security information in your account.
A Multi-Scan allows you to scan any number of web applications. This feature enables you to scan hundreds or even thousands of web applications you may have in your organization with granular insight into what scans are running and which ones are complete.
Permissions required - User must have WAS module enabled. User account must have these permissions: Access Permission “API Access” and "Create WAS Schedule" permission. The output includes schedules in the user's scope.
These elements are optional and act as filters. When multiple elements are specified, parameters are combined using a logical AND. See Reference: WasScanSchedule for descriptions of these <WasScanSchedule> elements.
Click here for available operators
|
Parameter |
Mandatory /Optional |
Data Type |
Description |
|---|---|---|---|
|
name |
Optional |
text |
Name of the schedule. |
|
webApps.id or tags.id |
Optional |
integer |
The web applications to be scanned. webApps.id: Specify the web application ID to include it in the scan. tags.id: Specify the tag ID associated with the web applications to be scanned. |
|
target.tags.excluded.option |
Optional |
keyword: ALL or ANY |
Decides which web applications should be excluded from the scan. ALL : Only the web applications associated with all the specified tags are excluded from the scan. ANY : Only the web applications associated with any of the specified tags are excluded from the scan. |
|
target.tags.excluded. tagList.Tag.id |
Optional |
integer |
The web applications associated with the tag (identified by the specified tag ID) are excluded from the scan. |
|
target.tags.included.option |
Optional |
keyword: ALL or ANY |
Decides which web applications should be excluded from the scan. ALL : Only the web applications associated with all the specified tags are excluded from the scan. ANY : Only the web applications associated with any of the specified tags are excluded from the scan. |
|
target.tags.included. tagList.Tag.id |
Optional |
integer |
The web applications associated with the tag (identified by the specified tag ID) are included in the scan. |
|
type |
Optional |
keyword |
The scheduled scan type: VULNERABILITY or DISCOVERY. |
|
profile.id (integer)2 |
Optional |
integer |
The name of the option profile that includes scan settings. The service provides the profile “Initial WAS Options” and we recommend this to get started. Example: <profile> <name>Initial WAS Options</name> </profile> |
|
startDate (date) |
Optional |
date |
The date when the schedule starts in UTC date/time format. |
|
timeZone (text) |
Optional |
text |
The timezone in which the scan is scheduled in UTC date/time format. |
|
occurrenceType |
Optional |
keyword |
The frequency of the scheduled scan : ONCE, DAILY, WEEKLY or MONTHLY. |
|
notification |
Optional | boolean |
A flag indicating whether email notification is enabled for scheduled scan. |
|
reschedule |
Optional | boolean |
Set this flag to reschedule the scan. |
|
target.authRecordOption |
Optional | integer |
Defines the authentication record to be used during the scan. Set to SPECIFIC -Always use the authRecord passed while launching the scan. Set to DEFAULT- Forces the use of the authRecord, if set, else fall back to the one passed in to the API while launching the scan. |
|
target.profileOption |
Optional | keyword: ALL or ANY |
Defines the option profile to be used during the scan. Set to SPECIFIC - Always use the optionProfile passed while launching the scan. Set to DEFAULT - Forces the use of the optionProfile if set, else fall back to the one passed in to the API while launching the scan. |
|
target.scannerOption |
Optional | integer |
Defines the scanner appliance to be used during the scan. Set to SPECIFIC - Always use the scanner passed while launching the scan Set to DEFAULT - Forces the use of the scanner if set, else fall back to the one passed in to the API while launching the scan. |
|
target.randomizeScan |
Optional |
Allows the service to scan the selected web applications in random order. The randomness will help prevent network slowdowns and/or errors |
|
|
target.scannerAppliance. type |
Optional | keyword: EXTERNAL or INTERNAL or scannerTags |
Type of the scanner appliance to be used for the scan. |
|
target.scannerAppliance. friendlyName |
Optional | text |
Name of the scanner appliance being used for the scan. |
|
cancelOption |
Optional |
Set to DEFAULT - Forces the use of the target web app’s cancelScans option if set, else fall back to the one passed in to the API while launching the scan. set to SPECIFIC - Always use the cancel scan option passed while launching the scan. |
|
|
sendMail |
Optional | boolean |
Set to false to disable scan complete email notifications. Example:<sendMail>false</sendMail> |
|
sendOneMail |
Optional | boolean |
Set to true to send one email upon multi-scan completion. Set to false to send one email upon completion of each individual scan. Example:<sendOneMail>true</sendOneMail> Note: sendOneMail is valid only when sendMail = true for a multi-scan (multiple web applications being scanned). If sendMail is set to false, sendOneMail will be ignored. |
|
sendMailFrom AddressOption |
Optional |
Identifies the sender of the scan complete notifications. The valid values are: QUALYS_SUPPORT and OWNER. OWNER means the user whose account is used to create the schedule. Example:<sendMailFromAddressOption>QUALYS_ SUPPORT</sendMailFromAddressOption> Example:<sendMailFromAddressOption>OWNER </sendMailFromAddressOption>
To set this parameter, the sendMail parameter must be set to true. If the sendMail parameter is true, then sendMailFromAddressOption is by default set to QUALYS_SUPPORT. You can change the value of the parameter to OWNER. |
|
|
enableWAFAuth |
Optional | boolean |
Set to true to allow Qualys scanners to scan a web application through WAF. Note: Enabling this option enhances assessment and reporting of WAF-blocked vulnerabilities that are not yet fixed in WAS detections and reports. |
1 The element target must have at least tags or web applications specified.
2 The element profile (text) is required unless the target has a default option profile.
Let’s schedule a multi-scan for two web applications by specifying the ID for the web applications.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @-
"<qualys_base_url>/qps/rest/3.0/create/was/wasscanschedule" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<?xml version="1.0" encoding="UTF-8"?>
<ServiceRequest>
<data>
<WasScanSchedule>
<name>MultiSchedule_1497351121650</name>
<type>VULNERABILITY</type>
<active>false</active>
<scheduling>
<cancelAfterNHours>8</cancelAfterNHours>
<startDate>2017-06-13T21:51:57Z</startDate>
<timeZone>
<code>America/Vancouver</code>
<offset>-07:00</offset>
</timeZone>
<occurrenceType>WEEKLY</occurrenceType>
<occurrence>
<weeklyOccurrence>
<everyNWeeks>2</everyNWeeks>
<occurrenceCount>20</occurrenceCount>
<onDays>
<WeekDay>SATURDAY</WeekDay>
</onDays>
</weeklyOccurrence>
</occurrence>
</scheduling>
<notification>
<active>true</active>
<reschedule>true</reschedule>
<delay>
<nb>1</nb>
<scale>DAY</scale>
</delay>
<message>
<![CDATA[A scan is scheduled to start soon.]]>
</message>
</notification>
<target>
<webApps>
<set>
<WebApp>
<id>4331923</id>
</WebApp>
<WebApp>
<id>4331924</id>
</WebApp>
</set>
</webApps>
<webAppAuthRecord>
<id>583957</id>
</webAppAuthRecord>
<scannerAppliance>
<type>EXTERNAL</type>
</scannerAppliance>
<cancelOption>SPECIFIC</cancelOption>
<authRecordOption>DEFAULT</authRecordOption>
<profileOption>SPECIFIC</profileOption>
<scannerOption>DEFAULT</scannerOption>
<randomizeScan>true</randomizeScan>
<useDnsOverride>true</useDnsOverride>
</target>
<profile>
<id>1071133</id>
</profile>
</WasScanSchedule>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/
was/wasscanschedule.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<WasScanSchedule>
<id>697193</id>
<name>
<![CDATA[MultiSchedule_1497351121650]]>
</name>
<owner>
<id>2911477</id>
<username>john_doe</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</owner>
<active>false</active>
<multi>true</multi>
<type>VULNERABILITY</type>
<target>
<webApps>
<list>
<WebApp>
<id>4331923</id>
<name>
<![CDATA[web app 1497351058103]]>
</name>
<url>
<![CDATA[http://www.example.com/cassium/xss/]]>
</url>
</WebApp>
<WebApp>
<id>4331924</id>
<name>
<![CDATA[web app 1497351100446]]>
</name>
<url>
<![CDATA[http://www.example.com/cassium/xss/]]>
</url>
</WebApp>
</list>
</webApps>
<webAppAuthRecord>
<id>583957</id>
<name>
<![CDATA[Form and Server]149735111801]]>
</name>
</webAppAuthRecord>
<scannerAppliance>
<type>EXTERNAL</type>
</scannerAppliance>
<cancelOption>SPECIFIC</cancelOption>
<authRecordOption>DEFAULT</authRecordOption>
<profileOption>SPECIFIC</profileOption>
<scannerOption>DEFAULT</scannerOption>
<randomizeScan>true</randomizeScan>
<useDnsOverride>true</useDnsOverride>
</target>
<progressiveScanning>DEFAULT</progressiveScanning>
<profile>
<id>1071133</id>
<name>
<![CDATA[My Option Profile - with defaults 1497351048931]]>
</name>
</profile>
<scheduling>
<startDate>2017-06-13T21:51:00Z</startDate>
<timeZone>
<code>America/Vancouver</code>
<offset>-07:00</offset>
</timeZone>
<occurrenceType>WEEKLY</occurrenceType>
<occurrence>
<weeklyOccurrence>
<everyNWeeks>2</everyNWeeks>
<onDays>
<WeekDay>SATURDAY</WeekDay>
</onDays>
<occurrenceCount>20</occurrenceCount>
</weeklyOccurrence>
</occurrence>
<cancelAfterNHours>8</cancelAfterNHours>
</scheduling>
<notification>
<active>true</active>
<reschedule>true</reschedule>
<delay>
<nb>1</nb>
<scale>DAY</scale>
</delay>
<message>
<![CDATA[A scan is scheduled to start soon.]]>
</message>
</notification>
<launchedCount>0</launchedCount>
<createdDate>2017-06-13T10:52:07Z</createdDate>
<createdBy>
<id>2911477</id>
<username>john_doe</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</createdBy>
<updatedDate>2017-06-13T10:52:09Z</updatedDate>
<updatedBy>
<id>2911477</id>
<username>john_doe</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</updatedBy>
<sendMail>true</sendMail>
<sendOneMail>false</sendOneMail>
<enableWAFAuth>false</enableWAFAuth>
</WasScanSchedule>
</data>
</ServiceResponse>
Let’s schedule a multi-scan for all the web applications that are associated with the tags specified in the request filter and configure scan completion notification to be sent after completion of the multi-scan.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @-
"<qualys_base_url>/qps/rest/3.0/create/was/wasscanschedule" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<?xml version="1.0" encoding="UTF-8"?>
<ServiceRequest>
<data>
<WasScanSchedule>
<name>SampleSchedule</name>
<type>VULNERABILITY</type>
<active>false</active>
<scheduling>
<cancelAfterNHours>8</cancelAfterNHours>
<startDate>2017-06-13T21:51:57Z</startDate>
<timeZone>
<code>America/Vancouver</code>
<offset>-07:00</offset>
</timeZone>
<occurrenceType>WEEKLY</occurrenceType>
<occurrence>
<weeklyOccurrence>
<everyNWeeks>2</everyNWeeks>
<occurrenceCount>20</occurrenceCount>
<onDays>
<WeekDay>SATURDAY</WeekDay>
</onDays>
</weeklyOccurrence>
</occurrence>
</scheduling>
<notification>
<active>true</active>
<reschedule>true</reschedule>
<delay>
<nb>1</nb>
<scale>DAY</scale>
</delay>
<message>
<![CDATA[A scan is scheduled to start soon.]]>
</message>
</notification>
<target>
<tags>
<included>
<option>ALL</option>
<tagList>
<set>
<Tag>
<id>12017424</id>
</Tag>
<Tag>
<id>12017228</id>
</Tag>
</set>
</tagList>
</included>
<excluded>
<option>ANY</option>
<tagList>
<set>
<Tag>
<id>12017228</id>
</Tag>
</set>
</tagList>
</excluded>
</tags>
<webAppAuthRecord>
<id>583957</id>
</webAppAuthRecord>
<scannerAppliance>
<type>EXTERNAL</type>
</scannerAppliance>
<cancelOption>SPECIFIC</cancelOption>
<authRecordOption>DEFAULT</authRecordOption>
<profileOption>SPECIFIC</profileOption>
<scannerOption>DEFAULT</scannerOption>
<randomizeScan>true</randomizeScan>
<useDnsOverride>true</useDnsOverride>
</target>
<profile>
<id>1071133</id>
</profile>
<sendOneMail>false</sendOneMail>
</WasScanSchedule>
</data>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/wasscanschedule.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<WasScanSchedule>
<id>699795</id>
<name>
<![CDATA[Schedule a multi scan for multiple web apps]]>
</name>
<owner>
<id>2911477</id>
<username>john_doe</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</owner>
<active>false</active>
<multi>true</multi>
<type>VULNERABILITY</type>
<target>
<tags>
<included>
<option>ANY</option>
<tagList>
<list>
<Tag>
<id>12017424</id>
</Tag>
<Tag>
<id>12017228</id>
</Tag>
</list>
</tagList>
</included>
<excluded>
<option>ANY</option>
<tagList>
<list>
<Tag>
<id>12017228</id>
</Tag>
</list>
</tagList>
</excluded>
</tags>
<webAppAuthRecord>
<id>583957</id>
<name>
<![CDATA[Form and Server]149735111801]]>
</name>
</webAppAuthRecord>
<scannerAppliance>
<type>EXTERNAL</type>
</scannerAppliance>
<cancelOption>SPECIFIC</cancelOption>
<authRecordOption>DEFAULT</authRecordOption>
<profileOption>SPECIFIC</profileOption>
<scannerOption>DEFAULT</scannerOption>
<randomizeScan>true</randomizeScan>
<useDnsOverride>true</useDnsOverride>
</target>
<progressiveScanning>DEFAULT</progressiveScanning>
<profile>
<id>1071133</id>
<name>
<![CDATA[My Option Profile - with defaults 1497351048931]]>
</name>
</profile>
<scheduling>
<startDate>2017-06-13T21:51:00Z</startDate>
<timeZone>
<code>America/Vancouver</code>
<offset>-07:00</offset>
</timeZone>
<occurrenceType>WEEKLY</occurrenceType>
<occurrence>
<weeklyOccurrence>
<everyNWeeks>2</everyNWeeks>
<onDays>
<WeekDay>SATURDAY</WeekDay>
</onDays>
<occurrenceCount>20</occurrenceCount>
</weeklyOccurrence>
</occurrence>
<cancelAfterNHours>8</cancelAfterNHours>
</scheduling>
<notification>
<active>true</active>
<reschedule>true</reschedule>
<delay>
<nb>1</nb>
<scale>DAY</scale>
</delay>
<message>
<![CDATA[A scan is scheduled to start soon.]]>
</message>
</notification>
<launchedCount>0</launchedCount>
<createdDate>2017-06-15T09:19:09Z</createdDate>
<createdBy>
<id>2911477</id>
<username>john_doe</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</createdBy>
<updatedDate>2017-06-15T09:19:09Z</updatedDate>
<updatedBy>
<id>2911477</id>
<username>john_doe</username>
<firstName>
<![CDATA[John]]>
</firstName>
<lastName>
<![CDATA[Doe]]>
</lastName>
</updatedBy>
<sendMail>true</sendMail>
<sendOneMail>false</sendOneMail>
<enableWAFAuth>false</enableWAFAuth>
</WasScanSchedule>
</data>
</ServiceResponse>
<platform API server>/qps/xsd/3.0/was/wasscanschedule.xsd