Returns a list of scheduled scans on web applications that are in the user’s scope.
Permissions required - User must have WAS module enabled. User account must have these permissions: Access Permission “API Access”. The output includes scan targets in the user's scope.
These elements are optional and act as filters. When multiple elements are specified, parameters are combined using a logical AND. All dates must be entered in UTC date/time format. See Reference: WasScanSchedule for descriptions of these <WasScanSchedule> elements.
Click here for available operators
|
Parameter |
Mandatory /Optional |
Data Type |
Description |
|---|---|---|---|
|
id |
Optional |
integer |
The schedule ID. This element is assigned by the service and is required for a certain type of request. |
|
name |
Optional |
text |
The user-defined schedule name (maximum 256 characters). |
|
owner.id |
Optional |
integer |
ID associated with the owner who created the schedule. |
|
createdDate |
Optional |
date |
The date when the schedule was created in WAS, in UTC date/time format. |
|
updatedDate |
Optional |
date |
The date when the schedule was created in WAS, in UTC date/time format. |
|
active |
Optional |
boolean |
Indicates whether the schedule is active or not. True indicates active schedule. |
|
type |
Optional |
keyword |
The scheduled scan type: VULNERABILITY or DISCOVERY. |
|
webApp.name |
Optional |
text |
The name of the web application being scanned. |
|
webApp.id |
Optional |
integer |
The ID of the web application being scanned. |
|
webApp.tags (with operator="NONE") |
Optional |
keyword |
Tags associated with the web application being scanned. |
|
webApp.tags.id |
Optional |
integer |
ID of the tag applied to the web application being scanned. |
|
invalid |
Optional | boolean |
Indicates the schedule is invalid. The web application to which the schedule was applied is deleted and hence the schedule is invalid. |
|
lastScan (with operation="NONE") |
Optional | boolean |
Indicates if the last scan was performed or not. True indicates that the last scan was performed. |
|
lastScan.launchedDate |
Optional | date |
Date when the last scan was launched on the web application, in UTC date/time format. |
|
lastScan.status |
Optional | keyword |
Scan status reported by last web application scan: SUBMITTED, RUNNING, FINISHED, TIME_LIMIT_EXCEEDED, SCAN_NOT_LAUNCHED, SCANNER_NOT_AVAILABLE, ERROR, CANCELED) |
|
multi |
Optional | boolean |
Indicates if the scheduled scan is single scan or multiple scan. |
Let us view a list of all schedules that are in the user’s scope but were not launched.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" "<qualys_base_url>/qps/rest/3.0/search/was/wasscanschedule < file.xml"
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<filters>
<Criteria field="lastScan" operator="NONE"></Criteria>
</filters>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://qualysapi.qualys.com/qps/xsd/3.0/was/wasscanschedule.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<hasMoreRecords>false</hasMoreRecords>
<data>
<WasScanSchedule>
<id>171425669</id>
<name>
<![CDATA[Web Application Vulnerability Scan - 2017-Aug-19]]>
</name>
<owner>
<id>8792415669</id>
</owner>
<active>false</active>
<type>VULNERABILITY</type>
<target>
<webApp>
<id>1296335669</id>
<name>
<![CDATA[My Web Application]]>
</name>
<url>
<![CDATA[http://10.10.1.100]]>
</url>
</webApp>
<webAppAuthRecord>
<id>175535669</id>
<name>
<![CDATA[AR1]]>
</name>
</webAppAuthRecord>
<scannerAppliance>
<type>EXTERNAL</type>
</scannerAppliance>
</target>
<profile>
<id>716315669</id>
<name>
<![CDATA[Copy of Initial WAS Options]]>
</name>
</profile>
<scheduling>
<startDate>2017-08-19T12:30:00Z</startDate>
<timeZone>
<code>America/Dawson</code>
<offset>-07:00</offset>
</timeZone>
<occurrenceType>ONCE</occurrenceType>
</scheduling>
<createdDate>2017-08-19T19:30:49Z</createdDate>
<updatedDate>2017-08-19T19:30:50Z</updatedDate>
</WasScanSchedule>
</data>
</ServiceResponse>
Let us view a list of all schedules that are in the user’s scope and were launched.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "<qualys_base_url>/qps/rest/3.0/search/was/wasscanschedule" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<filters>
<Criteria field="lastScan.status" operator="IN">FINISHED,ERROR</Criteria>
<Criteria field="lastScan.launchedDate" operator="LESSER">2017-08-19</Criteria>
</filters>
</ServiceRequest>
XML response
…
undefined</WasScanSchedule>undefined<WasScanSchedule>
<id>97354000</id>
<name>
<![CDATA[Schedule Notification]]>
</name>
<owner>
<id>334527</id>
</owner>
<active>false</active>
<type>VULNERABILITY</type>
<target>
<webApp>
<id>1061764000</id>
<name>
<![CDATA[My Web App]]>
</name>
<url>
<![CDATA[http://10.10.26.238]]>
</url>
</webApp>
<webAppAuthRecord>
<id>8753</id>
<name>
<![CDATA[Auth Record 1]]>
</name>
</webAppAuthRecord>
<scannerAppliance>
<type>EXTERNAL</type>
</scannerAppliance>
</target>
<profile>
<id>55784</id>
<name>
<![CDATA[Initial WAS Options]]>
</name>
</profile>
<scheduling>
<startDate>2017-05-06T18:22:00Z</startDate>
<timeZone>
<code>America/Dawson</code>
<offset>-07:00</offset>
</timeZone>
<occurrenceType>DAILY</occurrenceType>
<occurrence>
<dailyOccurrence>
<everyNDays>1</everyNDays>
</dailyOccurrence>
</occurrence>
</scheduling>
<lastScan>
<id>14929668885</id>
<launchedDate>2017-05-12T01:22:02Z</launchedDate>
<status>FINISHED</status>
</lastScan>
<createdDate>2017-05-06T23:17:23Z</createdDate>
<updatedDate>2017-05-13T01:22:02Z</updatedDate>undefined</WasScanSchedule>
…
Let us view a list of all schedules that are in the user’s scope and were launched.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "<qualys_base_url>/qps/rest/3.0/search/was/wasscanschedule" < file.xml
Note: “file.xml” contains the request POST data. Specify an empty file, since no search criteria is being specified.
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/wasscanschedule.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<hasMoreRecords>false</hasMoreRecords>
<data>
<WasScanSchedule>
<id>649146</id>
<name>
<![CDATA[Web Application Vulnerability Scan - 2018-10-08]]>
</name>
<owner>
<id>412791</id>
</owner>
<active>true</active>
<multi>false</multi>
<type>VULNERABILITY</type>
<target>
<webApp>
<id>8077389</id>
<name>
<![CDATA[SampleWebApp_1538665472012 ]]>
</name>
<url>
<![CDATA[http://funkytown.vuln.qa.example.com:80/cassium/xss/]]>
</url>
</webApp>
<scannerAppliance>
<type>EXTERNAL</type>
</scannerAppliance>
<cancelOption>SPECIFIC</cancelOption>
</target>
<profile>
<id>1162483</id>
<name>
<![CDATA[Option Profile]]>
</name>
</profile>
<scheduling>
<startDate>2018-10-08T16:41:00Z</startDate>
<timeZone>
<code>Asia/Colombo</code>
<offset>+05:30</offset>
</timeZone>
<occurrenceType>ONCE</occurrenceType>
</scheduling>
<nextLaunchDate>2018-10-09T11:11:00Z</nextLaunchDate>
<createdDate>2018-10-08T11:12:28Z</createdDate>
<updatedDate>2018-10-08T11:12:29Z</updatedDate>
</WasScanSchedule>
</data>
</ServiceResponse>
Let us view a list of all schedules that are in the user’s scope and were launched.
API request
curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "<qualys_base_url>/qps/rest/3.0/search/was/wasscanschedule" < file.xml
Note: “file.xml” contains the request POST data.
Request POST data
<ServiceRequest>
<filters>
<Criteria field="active" operator="EQUALS">true</Criteria>
<Criteria field="type" operator="EQUALS">VULNERABILITY</Criteria>
</filters>
</ServiceRequest>
XML response
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/was/wasscanschedule.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<hasMoreRecords>false</hasMoreRecords>
<data>
<WasScanSchedule>
<id>649146</id>
<name>
<![CDATA[Web Application Vulnerability Scan - 2018-10-08]]>
</name>
<owner>
<id>412791</id>
</owner>
<active>true</active>
<multi>false</multi>
<type>VULNERABILITY</type>
<target>
<webApp>
<id>8077389</id>
<name>
<![CDATA[SampleWebApp_1538665472012 ]]>
</name>
<url>
<![CDATA[http://funkytown.vuln.qa.example.com:80/cassium/xss/]]>
</url>
</webApp>
<scannerAppliance>
<type>EXTERNAL</type>
</scannerAppliance>
<cancelOption>SPECIFIC</cancelOption>
</target>
<profile>
<id>1162483</id>
<name>
<![CDATA[Option Profile]]>
</name>
</profile>
<scheduling>
<startDate>2018-10-08T16:41:00Z</startDate>
<timeZone>
<code>Asia/Colombo</code>
<offset>+05:30</offset>
</timeZone>
<occurrenceType>ONCE</occurrenceType>
</scheduling>
<nextLaunchDate>2018-10-09T11:11:00Z</nextLaunchDate>
<createdDate>2018-10-08T11:12:28Z</createdDate>
<updatedDate>2018-10-08T11:12:29Z</updatedDate>
</WasScanSchedule>
</data>
</ServiceResponse>
<platform API server>/qps/xsd/3.0/was/webappauthrecord.xsd