Reference: WasScanSchedule

The <WasScanSchedule> element includes sub elements used to define a web application scan schedule. A reference of these elements is provided below. An asterisk * indicates a complex element.

Parameter

Mandatory

/Optional

Data Type

Description

id

  integer

The schedule ID. This element is assigned by the service and is required for a certain type of request (details, activate, deactivate).

owner

 

keyword

The user who owns the schedule. User properties include user ID, user login, first and last name.

Example:

<owner>

  <id>123056</id>

  <username>username</username>

  <firstName><![CDATA[John]]></firstName>

  <lastName><![CDATA[Smith]]></lastName>

</owner>

active

  Boolean

The schedule is active: true or false.

launchedCount 

  integer

The number of times the scan has been launched.

nextLaunchDate 

 

  date

The next launch date and time in UTC date/time format (YYYY-MM-DDTHH:MM:SSZ).

target* (for single web application)

  text

The target of the scan. <webApp> is the target web application.

<scannerAppliance> - type (keyword) is set to INTERNAL for a scanner appliance, or EXTERNAL for external scanners or scannerTags for assigning multiple scanner appliances grouped by asset tag. If the type is INTERNAL, friendlyName (text) is the user-defined appliance name.

<cancelOption> set to DEFAULT - Forces the use of the target web app’s cancelScans option if set, else fall back to the one passed in to the API with the schedule settings.

<cancelOption> set to SPECIFIC - Always use the cancel scan option passed with the schedule settings.

Example: target.webApp is required

<target>

  <webApp>

    <id>324265</id>

    <name><![CDATA[Merchant Site]]></name>

    <url><![CDATA[http://url]]></url>

  </webApp>

  <scannerAppliance>

    <type>INTERNAL</type>

    <friendlyName><![CDATA[name]]></friendlyName>

  </scannerAppliance>

  <cancelOption>SPECIFIC</cancelOption>

</target>

target* (for multiple web application)

   

<cancelOption> set to DEFAULT - Forces the use of the target web app’s cancelScans option if set, else fall back to the one passed in to the API while launching the scan.

<cancelOption> set to SPECIFIC - Always use the cancel scan option passed while launching the scan.

<target.authRecordOption> set to SPECIFIC -Always use the authRecord passed while launching the scan

<target.authRecordOption> set to DEFAULT-Forces the use of the authRecord, if set, else fall back to the one passed in to the API while launching the scan.

<target.profileOption> set to SPECIFIC-Always use the optionProfile passed while launching the scan

<target.profileOption> set to DEFAULT-Forces the use of the optionProfile  if set, else fall back to the one passed in to the API while launching the scan.

<target.scannerOption> set to SPECIFIC-Always use the scanner passed while launching the scan

<target.scannerOption> set to DEFAULTForces the use of the scanner  if set, else fall back to the one passed in to the API while launching the scan.

<target.randomizeScan> (Boolean) - Set to true to scan the selected web applications in random order. Set to false to scan the selected web application in sequential order.

target.tags (For MultiScan)--

---target.tags.included.option(ALL/ANY) is required,

---target.tags.included.tagList is required, only <set> is allowed for target.tags.included.tagList.

--- target.tags.included.tagList.set.Tag.id is required and should be valid

---Only target.tags.exclusive is not allowed, it must be with target.tags.inclusive

---If target.tags.excluded is present, all the above rules are applicable to it

Example: Either target.webApps or target.tags is required and these are mutually exclusive.

target.webApps (For MultiScan)-

Only <set> is allowed for target.webApps

 <webApps>

   <set>

      <WebApp>

         <id>4330527</id>

      </WebApp>

      <WebApp>

         <id>4330327</id>

      </WebApp>

   </set>

  </webApps>

target.tags (For MultiScan)-

<tags>

     <included>

       <option>ALL</option>

         <tagList>

           <set>

             <Tag><id>12017424</id></Tag>

             <Tag><id>12017228</id></Tag>

           </set>

         </tagList>

         </included>

         <excluded>

            <option>ANY</option>

                <tagList>

                   <set>

                     <Tag><id>12017228</id></Tag>

                 </set>

                </tagList>

         </excluded>

   </tags>

profile.id

  integer

The name of the option profile that includes scan settings. The service provides the profile “Initial WAS Options” and we recommend this to get started.

Example:

<profile>

    <name>Initial WAS Options</name>

</profile>

proxy.id

  integer

The proxy for scanning the target web application.

Example:

<proxy>

   <id>12345</id>

</proxy>

dnsOverride.id

  integer

The DNS override record for scanning the target web application.

Example:

<dnsOverride>

   <id>67890</id>

</dnsOverride>

createdDate 

  date

The schedule creation date and time in UTC date/time format (YYYY-MM-DDTHH:MM:SSZ).

createdBy*

   

The user who created the schedule.

Example:

<createdBy>

  <id>123056</id>

  <username>username</username>

  <firstName><![CDATA[John]]></firstName>

  <lastName><![CDATA[Smith]]></lastName>

</createdBy>

updatedDate

  date

The date and time of the most recent update of the schedule in UTC date/time format (YYYY-MM-DDTHH:MM:SSZ).

updatedBy*

   

The user who updated the schedule.

Example:

<updatedBy>

  <id>123056</id>

  <username>username</username>

  <firstName><![CDATA[John]]></firstName>

  <lastName><![CDATA[Smith]]></lastName>

</updatedBy>

scheduling*

   

The schedule settings.

<doNotCancel> is to run scan until it completes, or the maximum scan time is reached. This option can be set to true. If you want to cancel scan automatically after some period of time - after a number of hours, or at a specific time, use one of the following options:

<cancelAfterNHours> is the number of hours after which the scan task will be cancelled.

<cancelTime> is the time at which a scan will be cancelled.

Note: The three tags — <doNotCancel>, <cancelAfterNHours>, and <cancelTime> are mutually exclusive.

<startDate> is the date and time the scan will begin.

<timeZone> is the time zone that applies to the schedule.

<occurrenceType> defines frequency of the task: ONCE, DAILY, WEEKLY or MONTHLY.

Example of single occurrence scan with the <doNotCancel> option:

<scheduling>

    <doNotCancel>true</doNotCancel>

    <timeZone>

        <code>Europe/Paris</code>

    </timeZone>

    <occurrenceType>ONCE</occurrenceType>

</scheduling>

 

Example of weekly scan with the <cancelAfterNHours> option:

<scheduling>

  <cancelAfterNHours>11</cancelAfterNHours>

  <startDate>2017-02-02T10:10:00Z</startDate>

   <timeZone>

     <code>Europe/Paris</code>

   </timeZone>

   <occurrenceType>WEEKLY</occurrenceType>

  <occurrence>

    <weeklyOccurrence>

      <everyNWeeks>2</everyNWeeks>

       <occurrenceCount>20</occurrenceCount>

       <onDays>

        <WeekDay>MONDAY</WeekDay>

        <WeekDay>SATURDAY</WeekDay>

         <WeekDay>SUNDAY</WeekDay>

      </onDays>

    </weeklyOccurrence>

  </occurrence>

</scheduling>

 

Example of single occurrence scan with the <cancelTime> option:

<scheduling>

    <startDate>2017-02-02T10:10:00Z</startDate>

    <cancelTime>11:15</cancelTime>

    <timeZone>

        <code>Europe/Paris</code>

    </timeZone>

    <occurrenceType>ONCE</occurrenceType>

</scheduling>

notification*

   

The notification settings.

- <active> indicates whether notification is enabled.

- <delay> indicates when the notification will be sent as number of days, hours, or minutes before the scan.

- <scale> indicates the delay unit: DAY, HOUR or MINUTE.

- <fromAddressOption> identifies the sender of the notification. The valid values for the tag are: QUALYS_SUPPORT and OWNER. OWNER means the user whose account is used to create the schedule. If you do not specify this tag, then by default the QUALYS_SUPPORT value is sent in the request for this tag.

<fromAddressOption>QUALYS_SUPPORT

</fromAddressOption>

<fromAddressOption>OWNER</fromAddressOption>

 

- <recipients> identifies the email addresses of the notification recipients. <message> is the text of the notification message.

Example:

<notification>

  <active>true</active>

  <delay>

    <nb>1</nb>

    <scale>DAY</scale>

  </delay>

  <fromAddressOption>OWNER</fromAddressOption>

  <recipients>

    <set>

<EmailAddress><![CDATA[1@a.com]]></EmailAddress>

<EmailAddress><![CDATA[2@a.com]]></EmailAddress>

    </set>

  </recipients>

  <message><![CDATA[The message]]></message>

</notification>

sendMail

  boolean

Set to false to disable scan complete email notifications.

Example:<sendMail>false</sendMail>

sendOneMail

  boolean

Set to true to send one email upon multi-scan completion. Set to false to send one email upon completion of each individual scan.

Example:<sendOneMail>true</sendOneMail>

Note: sendOneMail is valid only when sendMail = true for a multi-scan (multiple web applications being scanned). If sendMail is set to false, sendOneMail will be ignored.

sendMailFromAddressOption

   

Identifies the sender of the scan complete notifications. The valid values are: QUALYS_SUPPORT  and OWNER. OWNER means the user whose account is used to create the schedule.

Example:<sendMailFromAddressOption>QUALYS_

SUPPORT</sendMailFromAddressOption>

Example:<sendMailFromAddressOption>OWNER

</sendMailFromAddressOption>

 

To set this parameter, the sendMail parameter must be set to true. If the sendMail parameter is true, then sendMailFromAddressOption is by default set to QUALYS_SUPPORT. You can change the value of the parameter to OWNER.