Qualys(R) Asset Management and Tagging v2 API User Guide

Transcript

1 Asset Management & Tagging API User Guide Version 2.37 March 29 , 2019

2 Qualys Asset Managemen t & Tagging API Table of Contents 6 Get Started ... 6 ... Asset Management & Tagging API 7 ... Qualys user account ... URL to Qualys API server 8 Making API calls ... 10 ... Tracking API usage by user 14 Know your portal version 16 ... ... Available operators 18 JSON Support ... 19 ... Tags 23 Create Tag ... 23 ... Update Tag 26 Search Tags 29 ... Count Tags ... 32 ... 34 Delete Tag 36 Evaluate Tag... List Users with their tags ... 39 Tag Fields ... 43 Get Tag Info 44 ... Host Assets ... 46 Get Host Asse t Info ... 46 Create Host Asset ... 55

3 Qualys Asset Management & Tagging API ... 62 Update Host Asset 67 ... Search Host Assets 86 Count Host Assets ... 89 Delete Host Asset ... Activate Host Asset ... 91 ... 95 Host Asset Fields Assets 99 ... ... Get Asset Info 99 ... 101 Update Asset ... 105 Search Assets Count Assets ... 108 Delete Asset ... 110 Activate Asset ... 112 115 ... Asset Fields ... 117 Host Instance Vulnerability data ... 117 Get Vulnerability Info ... 119 Search Vulnerabilities abilities ... Count Vulner 123 Host Instance Vulnerability Fields 125 ... Asset Data Connector ... 127 Get Connector Info ... 127 Update Connector ... 129 Search Connectors ... 133

4 Qualys Asset Management & Tagging API nnectors ... Count Co 136 138 ... Delete Connector 140 Run Connector ... ... Connector Fields 143 AWS Asset Data Connector ... 145 Get AWS Connector Info 145 ... Create AWS Connector 149 ... ... Support for AWS GovCloud 158 ... 161 Support for China Region Support for Cros s-Account Role Authentication ... 164 Update AWS Connector ... 168 Search AWS Connectors ... 174 179 Count AWS Connectors ... ... 181 Delete AWS Connector ... 183 Run AWS Connector ... 184 AWS Connector Fields 187 ... AWS Authentication Record Get AWS Auth Record Info 187 ... Create AWS Auth Record ... 189 Update AWS Auth Record ... 191 Search AWS Auth Records ... 193 Count AWS Auth Records ... 196 Delete AWS Auth Record ... 198

5 Qualys Asset Management & Tagging API AWS Auth Record Fields ... 200

6 Qualys Asset Management & Tagging API Get Started Get S tarted Asset Management & Tagging API Manage assets in your account that you want to scan for security and compliance, define asset tags and AWS connectors. Modules supported VM, PC, SCA, CERTVIEW, CLOUDVIEW Authentication Authentication to your Qualys account with valid Qualys credentials is required for making Qualys API requests to the Qualys API servers. Learn more about authentication to your Qualys account Get API Notifications We recommend you join our Community and subscribe to our API Notifications RSS Feeds for announcements and discussions. https://community.qualys.com/community/developer/notifications -api About Qualys Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud - based security and compliance solutions. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance and protection for IT systems and web applications on premises, on endpoints and elastic clouds. For more information, please visit www.qualys.com Qualys and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies 6

7 Qualys Asset Management & Tagging API Get Started Qualys user account Authentication to your Qualys account with valid Qualys credentials is required for m aking Qualys API requests to the Qualys API servers. The application must authenticate using Qualys account credentials (user name and password) as part of the HTTP request. The credentials are transmitted using the “Basic Authentication Scheme” over HTTP S. For information, see the “Basic Authentication Scheme” section of RFC #2617: http://www.faqs.org/rfcs/rfc2617.html The exact method of implementing authentication will vary according to which programming language is used. The allowed methods, POST and/or GET, for each API request are documented with each API call in this user guide. Sample request - basic authentication curl -u "USERNAME:PASSWORD" https://qualysapi.qualys.com/qps/rest/2.0/count/am/hostasset 7

8 Qualys Asset Management & Tagging API Get Started URL to Qualys API server Qualys maintains multiple Qualys Cloud Platforms. The API server URL that you should use for API requests depends on the platform where your Qualys account is located. Account API server URL location Qua lys US https://qualysapi.qualys.com Platform 1 Qualys US https://qualysapi.qg2.apps.qualys.com Platform 2 Qualys US https://qualysapi.qg3.apps.qualys.com Platform 3 Qualys EU https://qualysapi.qualys.eu Platform 1 Qualys EU https://qualysapi .qg2.apps.qualys.eu Platform 2 Qualys India https://qualysapi.qg1.apps.qualys.in Platform 1 Qualys Private https://qualysapi. Cloud Platform Looking for your API server URL for your account? You can find this easily. Just log in to your Qualys account and go to Help > About. You'll see this information under Security Operations Center (SOC). 8

9 Qualys Asset Management & Tagging API Get Started 9

10 Qualys Asset Management & Tagging API Get Started Making API calls Curl samples in our API doc We use curl in our API documentation to show an example how to form REST API calls, and it is not meant to be an actual production example of implementation. Object types You have core objects, which represent domain objects for specific business goals and related objects which contain related information or collections of information. Related objects are often simplified representations of core objects but are not implicitly core objects. For example, the tags collection on Asset is a simpler form of the Tag core object, but the ports collection is not. Collections Collections of related objects are found withi n a container object called a QList. These lists will have a specific name for the type of objects they contain. For example, the tags collection Asset is a TagSimpleQList and will read and write TagSimple API objects. These lists can contain a number of s ub elements. count - (Read only) The total number of items returned in the list element - (Read only) The items contained in the collection on the server list set - A new collection of items to place in the server side object. Any existing items not in th e list provided will be discarded. add - A new item to be added to the server side object. The item may be keyed of one ore more fields depending on the collection. In the even that that an item in the add collection collides with an existing entry, the ex isting entry will be updated with the fields provided. Many collections will allow you to either associate an existing item with the targeted collection, or create a new one and add it to the collection. If you provide a key field, most often id or uuid, t he object will be looked up and associated. In the absence of these fields, a new object will be created (if the list allows it). 10

11 Qualys Asset Management & Tagging API Get Started Removes an element from the list by the collections key, usually id. remove - If the item does not exist, the entry will be ig nored. Additional fields beyond the item key will also be ignored. update - Updates item(s) in the collection. This allows you to update the fields of non- core items via the objects and reference them. Items will be resolved by the collection’s key, and then additional fields applied to the found object. In the event that the supplied item does not match an existing related object, it will be ignored. Whitespace in HTML tags Whitespace (which includes line breaks) is not allowed in XML tags that are numbers . Invalid tag - This syntax will not work 34234 - This syntax will work just fine Valid tag 345254 Pagination Some API actions will return a list of core objects but will limit the number returned (default is 100). You can change which objects are returned and the number of objects by specifying a preferences tag in the POST body of your request. Preferences tag fields: startFromOffset - The first item to return by index. The default is 1. startFromId - The first item to return by pr imary key. No default value. limitResults - The total number of items to return. The default is 100. 11

12 Qualys Asset Management & Tagging API Get Started The allowed methods, POST and/or GET, for each API request are documented with each API call in this user guide. Sample pagination settings 100 50 Limit your results Use the optional “fields” parameter for any Search or Get API request to limit the amount of information returned in the results. Simply specify the fields you want to include in the output, and all other information will be filtered out. Multiple fields are comma separated and wildcards are supported. This get request will fetch tag ID 12345 and return the tag ID, name and creation date: Sample limit results https://qualysapi.qualys.com/qps/rest/2.0/get/am/tag/12345?fields=id,n ame,created This search request will return the ID of the connector and the ID of any default tags attached to the connector: Sample search connectors https://qualysapi.qualys.com/qps/rest/2.0/search/am/awsassetdataconnec tor?fields=id,defaultTags.list.SimpleTag.id Using wildcards, the example above could be represented as: Sample search connectors using wildcards 12

13 Qualys Asset Management & Tagging API Get Started https://qualysapi.qualys.com/qps/rest/2.0/search/am/awsassetdataconnec tor?fields=id,defaultTags.*.*.iddSimpleTag.id 13

14 Qualys Asset Management & Tagging API Get Started Tracking API usage by user You can track API usage by a user without the need to provide user tials such as the username and password. creden Optional X -Powered- By header API usage can be tracked using the X -Powered -By HTTP header which includes a unique ID generated for each subscription and a unique ID -Power ed -By HTTP header is generated for each user. Once enabled, the X returned for each API request made by a user. The X -Powered -By HTTP header will be returned for both valid and invalid requests. However, it will not be returned if an invalid URL is hit or when user authentication fails. -By HTTP header enabled. Contact Qual ys Support to get the X -Powered The X -Powered -By header is returned in the following format: By: Qualys::: X-Powered- where, - POD_ID is the shared POD or a PCP. Shared POD is USPOD1, USPOD2, etc. - SUB_UUID is the unique ID generated for the subscription - USER_UUID is the unique ID generated for the user. You can use the USER_UUID to track API usage per user. Sample X - Powered - By header X-Powered-By: Qualys:QAPOD4SJC:f972e2cc-69d6-7ebd- 80e67b9a931475d8:06198167-43f3-7591-802a-1c400a0e81b1 Sample outputs Here are sample outputs showing the X -Powered -By HTTP header. Sample output for VM, PC 14

15 Qualys Asset Management & Tagging API Get Started ... < HTTP/1.1 200 OK < Date: Thu, 14 Sep 2017 09:11:21 GMT < Server: Qualys < X-XSS-Protection: 1 < X-Content-Type-Options: nosniff < X-Frame-Options: SAMEORIGIN < X-Powered-By: Qualys:USPOD1:d9a7e94c-0a9d-c745- 82e9980877cc5043:f178af1e-4049-7fce-81ca-75584feb8e93 < X-RateLimit-Limit: 300 < X-RateLimit-Window-Sec: 3600 < X-Concurrency-Limit-Limit: 500 < X-Concurrency-Limit-Running: 0 < X-RateLimit-ToWait-Sec: 0 < X-RateLimit-Remaining: 298 < X-Qualys-Application-Version: QWEB-8.11.0.0- SNAPSHOT20170914072818#4205 < X-Server-Virtual-Host: qualysapi.qualys.com < X-Server-Http-Host: qualysapi.qualys.com < Transfer-Encoding: chunked < Content-Type: text/xml;charset=UTF-8 ... Sample output for other Qualys apps ... 229HTTP/1.1 200 OK X-Powered-By: Qualys:QAPOD4SJC:f972e2cc-69d6-7ebd- 80e67b9a931475d8:06198167-43f3-7591-802a-1c400a0e81b1 Content-Type: application/xml Transfer-Encoding: chunked Date: Mon, 04 Dec 2017 05:36:29 GMT Server: Apache LBDEBUG: NS=10.44.1.12,SERVER=10.44.77.81:50205,CSW=cs-p04- qualysapi443,VSERVER=vs-p04-papi-80,ACTIVE-SERVICES=2,HEALTH=100 ... 15

16 Qualys Asset Management & Tagging API Get Started Know your portal version /qps/rest/portal/version/ [GET] [POST] Using the Version API you can find out the installed version of Portal and its sub -modules that are available in your subscription. Sample XML API request curl -u "USERNAME:PASSWORD" -X "GET" -H "Accept: application/xml" https://qualysapi.qualys.com/qps/rest/portal/version Response SUCCESS 1 2.33.0.0-SNAPSHOT-1 DEVELOP #352 (2018-05-07T22:53:43Z) 6.0.0.0 1.5.1 1.0.3 1.1.0.0 1.20.1 2.11.7.0 2.9.1.0 1.1.0 0.1.0 2.14.0.4 2.7.0.0 16

17 Qualys Asset Management & Tagging API Get Started Sample JSON API request curl -u "USERNAME:PASSWORD" -X "GET" -H "Accept: application/json" https://qualysapi.qualys.com/qps/rest/portal/version Response { "ServiceResponse": { "data": [ { "Portal-Version": { "PortalApplication-VERSION": "2.33.0.0-SNAPSHOT-1 DEVELOP #352 (2018-05-07T22:53:43Z)", "WAS-VERSION": "6.0.0.0", "VM-VERSION": "1.0.3", "CM-VERSION": "1.20.1", "MDS-VERSION": "2.11.7.0", "CA-VERSION": "2.9.1.0", "QUESTIONNAIRE-VERSION": "2.14.0.4", "WAF-VERSION": "2.7.0.0" }, ... } } ], "responseCode": "SUCCESS", "count": 1 } } 17

18 Qualys Asset Management & Tagging API Get Started Available operators s supported by input parameters: Operator Integer - EQUALS, NOT EQUALS, GREATER, LESSER, IN Text - CONTAINS, EQUALS, NOT EQUALS EQUALS, NOT EQUALS, GREATER, LESSER Date - - EQUALS, NOT EQUALS, IN Keyword Boolean (true/false) - EQUALS, NOT EQUALS * NOT EQUALS ope rator is not supported for update and delete actions. Using the NOT EQUALS operator for updating or deleting objects (such as tags, assets, host assets, AWS connectors, AWS authentication records, etc.) could result in accidental update or deletion of the objects without any warning. To prevent accidental updates/deletions, we do not support NOT EQUALS operator for updating/deleting objects. 18

19 Qualys Asset Management & Tagging API Get Started JSON Support Qualys Asset Management and Tagging API supports JSON requests and responses starting with version 2.11. Samples are shown below. Headers used in samples Send JSON request "Content -Type: application/json" Get response in "Accept: JSON application/json" Sample 1 - Create a tag API request cat createTag.json | curl -s -k -X POST -H "Accept: application/json" -H "Content-Type: application/json" -H "user: acme_ss2" -H "password: passwd" -d @- "https://qualysapi.qualys.com/qps/rest/2.0/create/am/tag" POST data: { "ServiceRequest": { "data": { "Tag": { "name": "Parent Tag", "ruleType": "NAME_CONTAINS", "ruleText": "windows", "color": "#FFFFFF", "children": { "set": { "TagSimple": [ { "name": "Child 1" }, { "name": "Child 2" } ] } } 19

20 Qualys Asset Management & Tagging API Get Started } } } } XML output { "ServiceResponse" : { "data" : [ { "Tag" : { "ruleText" : "windows", "color" : "#FFFFFF", "modified" : "2016-01-04T19:51:56Z", "name" : "Parent Tag", "children" : { "list" : [ { "TagSimple" : { "name" : "Child 2", "id" : 2066216 } }, { "TagSimple" : { "name" : "Child 1", "id" : 2066217 } } ] }, "created" : "2016-01-04T19:51:56Z", "ruleType" : "NAME_CONTAINS", "id" : 2066215 } } ], "count" : 1, "responseCode" : "SUCCESS" } } Sample 2 - Search tags API request 20

21 Qualys Asset Management & Tagging API Get Started cat searchTag.json | curl -s -k -X POST -H "Accept: application/json" -H "Content-Type: application/json" -H "user: acme_ss2" -H "password: passwd" -d @- "https://qualysapi.qualys.com/qps/rest/2.0/search/am/tag" POST data: { "ServiceRequest": { "filters": { "Criteria": [{ "field": "parent", "operator": "EQUALS", "value": "2035617" }, { "field": "name", "operator": "CONTAINS", "value": "child" }, { "field": "id", "operator": "IN", "value": "2035619,2035618,2029815" }, { "field": "ruleType", "operator": "EQUALS", "value": "GROOVY" }, { "field": "color", "operator": "EQUALS", "value": "#EC7000" } ] } } } XML output { 21

22 Qualys Asset Management & Tagging API Get Started "ServiceResponse" : { "data" : [ { "Tag" : { "ruleText" : "windows", "color" : "#FFFFFF", "modified" : "2016-01-04T19:51:56Z", "name" : "Parent Tag", "children" : { "list" : [ { "TagSimple" : { "name" : "Child 2", "id" : 2066216 } }, { "TagSimple" : { "name" : "Child 1", "id" : 2066217 } } ] }, "created" : "2016-01-04T19:51:56Z", "ruleType" : "NAME_CONTAINS", "id" : 2066215 } } ], "count" : 1, "responseCode" : "SUCCESS" } } 22

23 Qualys Asset Management & Tagging API Tags Ta g s Create Tag /qps/rest/2.0/create/am/tag [POST] Create a new tag and possibly child tags. Permissions required - Managers with full scope, other users must have these permissions: Access Permission “API Access”, Tag Permission “Create User Tag”, Tag Permission “Modify Dynamic Tag Rules” (to creat e a dynamic tag) - Create new tag with 3 child tags Sample API request curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/create/am/tag" < file.xml Note: “file.xml” contains the request POST data. Request POST data Parent Tag Groovy if(asset.getAssetType()!=Asset.AssetType.HOST) return false; return asset.hasVulnsWithSeverity(4,5) 2014-02-06T19:14:50Z 2014-02-06T19:14:50Z #FFFFFF 23

24 Qualys Asset Management & Tagging API Tags Child 1 Child 2 Child 3 Response SUCCESS 1 1589217 Parent Tag 2014-02-06T19:14:50Z 2014-02-06T19:14:50Z #FFFFFF if(asset.getAssetType()!=Asset.AssetType.HOST) return false; return asset.hasVulnsWithSeverity(4,5) GROOVY 1 Child 1 2 Child 2 24

25 Qualys Asset Management & Tagging API Tags 3 Child 3 SUCCESS XSD /qps/xsd/2.0/am/tag.xsd Get to know Groovy Check out the following article on our Community to learn how to create asset tags using the Groovy p rogramming language. You’ll also get several Groovy rule examples that you can start using today. Create Asset Tags using Groovy 25

26 Qualys Asset Management & Tagging API Tags Update Tag /qps/rest/2.0/update/am/tag/ /qps/rest/2 .0/update/am/tag [POST] Update fields for a tag and collections of tags. Click here for available operators Using the NOT EQUALS operator for updating tags could result in accidental update of unknown tag s without any warning. To prevent accidental updates of unknown tags, we do not support NOT EQUALS operator for update actions. Managers with full scope, other users must have these Permissions required - permissions: Access Permission “API Access”, Tag Pe rmission “Create User Tag”, Tag Permission “Modify Dynamic Tag Rules” (to create a dynamic tag) Sample - Rename parent tag, remove some child tags API request curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/update/am/tag/12345" < file.xml Note: “file.xml” contains the request POST data. Request POST data Parent Tag (Updated) 123 26

27 Qualys Asset Management & Tagging API Tags 456 Response SUCCESS 1 12345 Tag 2014-02-06T19:14:50Z 2014-02-06T19:14:50Z #FFFFFF asset.installedSoftwares.contains { it.name == "Windows" } GROOVY 1 Child 1 2 Child 2 3 Child 3 123 Linked Child 1 27

28 Qualys Asset Management & Tagging API Tags 456 Linked Child 2 SUCCESS XSD /qps/xsd/2.0/am/tag.xsd 28

29 Qualys Asset Management & Tagging API Tags Search Tags /qps/rest/2.0/update/am/tag/ /qps/rest/2.0/update/am/tag [POST] Returns a list of tags that match the provided criteria. Pagination - A maximum of 100 tags are returned by default. To customize this specify a “preferences” tag in the POST body of your request. Limit your results - Use the optional “fields” parameter to limit the amount of information returned for the tag. Learn more Permissions required - Managers with full scope, other users must have Access Permission “API Access” Searchable Fields Click here for available operators Parameter Description id (Integer) name (Text) parentTagId (Integer) ruleType STATIC, GROOVY, OS_REGEX, NETWORK_RANGE, NAME_CONTAINS, INSTALLED_SOFTWARE, OPEN_PORTS, VULN_EXIST, ASSET_SEARCH, CLOUD_ASSET Text formatted as #FFFFFF where F can be any value color 29

30 Qualys Asset Management & Tagging API Tags between 0 - 9 and A - F - Find tags with groovy script rules Sample API request curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/search/am/tag" < file.xml Note: “file.xml” contains the request POST data. Request POST data GROOVY Response SUCCESS 2 12345 Tag 2014-02-06T19:14:50Z 2014-02-06T19:14:50Z #FF0000 asset.installedSoftwares.contains { it.name == "Windows" } GROOVY 123 30

31 Qualys Asset Management & Tagging API Tags Red 12346 Another Red Tag 2014-02-06T19:14:50Z 2014-02-06T19:14:50Z #FF0000 asset.installedSoftwares.contains { it.name == "Windows" } GROOVY 123 Red SUCCESS XSD /qps/xsd/2.0/am/tag.xsd 31

32 Qualys Asset Management & Tagging API Tags Count Tags /qps/rest/2.0/count/am/tag [POST] Count all the children of a tag. Permissions required - Managers with full scope, other users must have Access Permission “API Access” Available Fields Click here for available operators Des cription Parameter id (Integer) name (Text) parentTagId (Integer) ruleType STATIC, GROOVY, OS_REGEX, NETWORK_RANGE, NAME_CONTAINS, INSTALLED_SOFTWARE, OPEN_PORTS, VULN_EXIST, ASSET_SEARCH, CLOUD_ASSET color Text formatted as #FFFFFF where F can be any va lue between 0 - 9 and A - F Sample - Get count of all children of tag ID API request curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" 32

33 Qualys Asset Management & Tagging API Tags --data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/count/am/tag" < file.xml Note: “file.xml” contains the request POST data. Request POST data 12345 Response SUCCESS 2 SUCCESS XSD /qps/xsd/2.0/am/tag.xsd 33

34 Qualys Asset Management & Tagging API Tags Delete Tag /qps/rest/2.0/delete/am/tag/ /qps/rest/2.0/delete/am/tag [POST] Delete one or more tags. Click here for ava ilable operators Using the NOT EQUALS operator for deleting tags could result in accidental deletion of unknown tags without any warning. To prevent accidental deletion of unknown tags, we do not support NOT EQUALS operator for delete actions. Managers with full scope, other users must have these Permissions required - permissions: Access Permission “API Access” and Tag Permission “Delete User Tag” Sample - Delete tag API request curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/delete/am/tag/12345" Response SUCCESS 1 12345 34

35 Qualys Asset Management & Tagging API Tags SUCCESS XSD /qps/xsd/2.0/am/tag.xsd 35

36 Qualys Asset Management & Tagging API Tags Evaluate Tag /qps/rest/2.0/evaluate/am/tag/ /qps/rest/2.0/evaluate/am/tag [POST] Force re -evaluation of one or more tags. Assets will be tagged only if they match the tag rule and are visible to the user. The dynamic tag evaluation feature must be turned on for your subscription in order to run this API. Permissions required - Managers with full scope, other users must have Access Permission “API Access” Available Fields Click here for available operators Description Parameter id (Integer) name (Text) parentTagId (Integer) ruleType STATIC, GROOVY, OS_REGEX, NETWORK_RANGE, NAME_CONTAINS, INSTALLED_SOFTWARE, OPEN_PORTS, VULN_EXIST, ASSET_SEARC H, CLOUD_ASSET color Text formatted as #FFFFFF where F can be any value between 0 - 9 and A - F 36

37 Qualys Asset Management & Tagging API Tags Sample - Evaluate all tags that have Groovy Script tag rules API request curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/evaluate/am/tag" Note: “file.xml” contains the request POST data. Request POST data GROOVY Response SUCCESS 1 12345 Tag 2014-02-06T19:14:50Z 2014-02-06T19:14:50Z #FF0000 asset.installedSoftwares.contains { it.name == "Windows" } GROOVY 123 Red 37

38 Qualys Asset Management & Tagging API Tags SUCCESS XSD /qps/xsd/2.0/am/tag.xsd 38

39 Qualys Asset Management & Tagging API Tags List Users with their tags /qps/rest/1.0/{action}/admin/u ser Get information on users along with their tags to the authorized user. Currently, we support three actions for the users: search, count, and get details of a user. Permissions required - Managers with full scope, other users must have Access Permission “API Access” Search users Search for users by using different filters for user ID, username, email, tags, and module names. If no filter is specified, all users in the user’s scope are listed. Method: POST XSD: user.xsd API request curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qualys.com/qps/rest/1.0/search/admin/user" < file.xml Note: “file.xml” contains the request POST data. Request POST data 10 Response 39

40 Qualys Asset Management & Tagging API Tags SUCCESS 1 false 3989626 user_js10 [email protected] 1 8721654 5 QWEB_PCI WAS ADMIN ASSET_MANAGEMENT QWEB_VM SUCCESS Count users Returns the total number of users in the user’s scope. 40

41 Qualys Asset Management & Tagging API Tags Method: POST XSD: user.xs d API request curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qualys.com/qps/rest/1.0/count/admin/user" < file.xml Note: “file.xml” contains the request POST data. Request POST data 10 XML output SUCCESS 1 SUCCESS Get user details View details for a user in the user’s scope. You can use search action to find a user ID to use as input. Method: GET, POST XSD: user.xsd API request curl -u "USERNAME:PASSWORD" " -X GET -H "Content-type: text/xml" 41

42 Qualys Asset Management & Tagging API Tags "https://qualysapi.qualys.com/qps/rest/1.0/get/admin/user/3989626" < file.xml XML output SUCCESS 1 3989626 user_js10 [email protected] 1 8721654 5 WAS ADMIN QWEB_PCI ASSET_MANAGEMENT QWEB_VM SUCCESS 42

43 Qualys Asset Management & Tagging API Tags Tag Fields Description Name (integer) parentTagId (text) color ruleText (text) srcAssetGroupId (integer) srcBusinessUnitId (integer) srcOperatingSystemName (text) (TagSimpleQList) children Read only fields created (date) (date) modified Associations TagSimpleQList - Asset tags on the associated asset. This collection to be added to and removed from is provided as a tag ID wrapped in a TagSimple element TagSimple tag primary key id (long) tag name name (string ) 43

44 Qualys Asset Management & Tagging API Tags Get Tag Info /qps/rest/2.0/get/am/tag/ [GET] [POST] Returns a single tag by ID. Use the optional “fields” parameter to limit the amount of Limit your results - information returned for the tag. Learn more Permissions required - Managers with full scope, other users must have Access Permission “API Access” Sample - Fetch tag API request curl -n -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/qps/rest/2.0/get/am/tag/12345" Response SUCCESS 1 12345 Test Tag 2014-02-06T19:14:50Z 2014-02-06T19:14:50Z #FFFFFF asset.installedSoftwares.contains { it.name == "Windows" } GROOVY 44

45 Qualys Asset Management & Tagging API Tags SUCCESS XSD /qps/xsd/2.0/am/tag.xsd 45

46 Qualys Asset Management & Tagging API Host Assets Host Assets Get Host Asset Info /qps/rest/2.0/get/am/hostasset/ [GET] [POST] Returns a single host asset by ID.This API returns additional EC2 metadata of Amazon EC2 hosts when inventoried using the Qualys EC2 Connector. Limit your results - Use the optional “fields” parameter to limit the amount of information returned for the host asset. Learn more about limiting your results Managers with full scope. Other users must have Permissions required - requested asset in their scope and these permissions: Access Permission “API Access” and Asset Management Permission “Read Asset” Sample - Fetch host asset ID and list details API request curl -n -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/qps/rest/2.0/get/am/hostasset/84021" Response SUCCESS 1 false 84021 10.10.23.245 2018-09-12T06:21:54Z 46

47 Qualys Asset Management & Tagging API Host Assets 2018-09-13T01:14:34Z HOST 7539414 Cloud Agent 18903 Microsoft Windows XP Professional 5.1.2600 Service Pack 3 Build 2600 XPSP2-32-27-145 XPSP2-32-27-145

10.10.23.245
QAGENT VMware, Inc. VMware Virtual Platform 2047 -07:00 INTEL - 6040000 1900 UDP 7055 TCP Security Update for Windows XP (KB2347290) 47

48 Qualys Asset Management & Tagging API Host Assets 1 Security Update for Windows XP (KB950974) 1 118956 296963 2016-02-12T08:42:43Z 2016-02-13T01:13:04Z 119053 296965 2016-02-12T08:42:43Z 2016-02-13T01:13:04Z Intel Celeron processor 2799 A: 0 0 48

49 Qualys Asset Management & Tagging API Host Assets C: 16106090496 2418925568 Administrator Guest XPSP2-32-27-145 VMware Accelerated AMD PCNet Adapter - Packet Scheduler Miniport 00:50:56:A9:46:72 LOCAL

10.10.23.245
10.10.23.1
Sample - Fetch host asset ID o f AWS EC2 asset and list asset details Tags for the EC2 asset appear in the element. API request curl -n -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/qps/rest/2.0/get/am/hostasset/709838" 49

50 Qualys Asset Management & Tagging API Host Assets XML output SUCCESS 1 709838 my-ec2-target 2017-07-27T18:14:28Z 2017-07-27T18:21:31Z HOST 2017-07- 27T18:14:28Z 2017-07- 27T19:51:03Z 709838 Department Security Owner Jason Kim Email [email protected] JIRA POR-6719 50

51 Qualys Asset Management & Tagging API Host Assets Name my-ec2-target Lifecycle 20171231 us-east- 1e i-023b166432b1c7afc t2.medium 2017-07- 27T19:58:34Z STOPPED sg-6b619117 default true 205767712438 subnet-7bbbcd56 vpc-2da7154b us-east-1 VPC ami-22ce4934 127.0.0.1 10.97.15.117 false 12864 Linux

10.97.15.117
INSTANCE_ID 51

52 Qualys Asset Management & Tagging API Host Assets eni-09f901fe Primary network interface PRIVATE

10.97.15.117
Sample - Fetch host asset ID with dock er information Tags for the docker information appear in the element. API request curl -n -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/qps/rest/2.0/get/am/hostasset/7727721" XML output SUCCESS 1 52

53 Qualys Asset Management & Tagging API Host Assets 7727721 10.113.198.121 2018-06-15T11:51:26Z 2018-06-15T11:51:26Z HOST 8910214 SSD27701 9252992 All_data1 707520 2018-06-15T11:48:58Z CentOS Linux 7.2.1511

10.113.198.121
IP 8080 TCP 1180 HyperText Transport Protocol 45038 151189845 2018-06-15T11:48:58Z 2018-06-15T11:48:58Z 53

54 Qualys Asset Management & Tagging API Host Assets LOCAL

10.113.198.121
true 18.06.0-ce-rc1 1 2
XSD /qps/xsd/2.0/am/hostasset.xsd 54

55 Qualys Asset Management & Tagging API Host Assets Create Host Asset /qps/rest/2.0/create/am/hostasset [POST] Create one or more host assets using writable fields and collections. It is a good idea to attach tags that will make new assets visible to the current user if that user does not have permission to see all assets. Otherwise users will not be able to see or modify the new assets until an administrator or process attaches the appropriate tags to them. What's next? After you've created host assets you need to activate them to make them available for scanning and reporting. Learn more on Activating Host Assets st have these Managers with full scope. Other users mu Permissions required - permissions: Access Permission “API Access” and Asset Management Permission “Create Asset” Sample - Create new host asset with tags API request curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/create/am/hostasset" < file.xml Note: “file.xml” contains the request POST data. Request POST data My Windows Asset Windows 7 localhost TEST 10 55

56 Qualys Asset Management & Tagging API Host Assets 66bf43c8-7392-4257-b856-a320fde231eb

127.0.0.1
IP 12345 54321 Photoshop 9 Response SUCCESS 1 2020094 My Windows Asset 2018-09-06T19:16:35Z 2018-09-06T19:16:35Z HOST 12345 Tag 1 54321 56

57 Qualys Asset Management & Tagging API Host Assets Tag 2 Windows 7 localhost TEST 10 66bf43c8-7392-4257-b856-a320fde231eb

127.0.0.1
IP
Sample - Bulk creation of assets API request curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/create/am/hostasset" < file.xml Note: “file.xml” contains the request POST data. Request POST data My Windows Asset 57

58 Qualys Asset Management & Tagging API Host Assets Windows 8 localhost13 TEST 10 66bf43c8-7392-4257-b856- a320fde231eb

13.0.0.1
IP Photoshop 9
My Windows Asset Windows 8 localhost14 TEST 10 66bf43c8-7392-4257-b856- a320fde231eb
14.0.0.1
IP Photoshop 9
XML output

59 Qualys Asset Management & Tagging API Host Assets xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/2. 0/am/hostasset.xsd"> SUCCESS 2 2899060 My Windows Asset 2016-04-01T16:57:50Z 2016-04-01T16:57:50Z HOST Windows 8 localhost13 TEST 10 66bf43c8-7392-4257-b856- a320fde231eb

13.0.0.1
IP Photoshop 9 59

60 Qualys Asset Management & Tagging API Host Assets localhost13 LOCAL

13.0.0.1
2899061 My Windows Asset 2016-04-01T16:57:51Z 2016-04-01T16:57:51Z HOST Windows 8 localhost14 TEST 10 66bf43c8-7392-4257-b856- a320fde231eb
14.0.0.1
IP Photoshop 9 60

61 Qualys Asset Management & Tagging API Host Assets localhost14 LOCAL

14.0.0.1
XSD /qps/xsd/2.0/am/hostasset.xsd 61

62 Qualys Asset Management & Tagging API Host Assets Update Host Asset /qps/rest/2.0/update/am/asset /qps/rest/2.0/update/am/asset [POST] Update fields for a host asset and collections of host assets. Using the NOT EQUALS operator for updating h ost assets could result in accidental update of unknown hosts assets without any warning. To prevent accidental updates of unknown host assets, we do not support NOT EQUALS operator for update actions. users must have the Permissions required - Managers with full scope, other requested assets in their scope and these permissions: Access Permission “API Access” and Asset Management Permission “Update Asset” Sample - Update some fields for host asset ID API request curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/update/am/hostasset/12345" < file.xml Note: “file.xml” contains the request POST data. Request POST data Updated Name WINDOWS 95 win95.old.corp.net 62

63 Qualys Asset Management & Tagging API Host Assets Response SUCCESS 1 2020094 Updated Name WINDOWS 95 win95.old.corp.net 2018-09-06T19:16:35Z 2018-09-06T19:16:35Z HOST TEST 10 66bf43c8-7392-4257-b856-a320fde231eb

127.0.0.1
IP Sample - Update some fields for host as sets that have names containing the word OLD 63

64 Qualys Asset Management & Tagging API Host Assets API request curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/update/am/hostasset" < file.xml Note: “file.xml” contains the request POST data. Request POST data OLD 12345 54321 Windows 95 8080 TCP 64

65 Qualys Asset Management & Tagging API Host Assets XML output SUCCESS 1 2020094 Updated Name WINDOWS 95 win95.old.corp.net 2014-02-06T19:16:35Z 2014-02-06T19:16:35Z HOST 12345 Simple Tag 1 TEST 10 66bf43c8-7392-4257-b856-a320fde231eb

127.0.0.1
IP 8080 TCP Windows 65

66 Qualys Asset Management & Tagging API Host Assets 95 XSD /qps/xsd/2.0/am/hostasset.xsd 66

67 Qualys Asset Management & Tagging API Host Asse ts Search Host Assets /qps/rest/2.0/search/am/hostasset [POST] Returns a list of host assets matching the provided criteria. Assets are returned when they are visible to the user (i.e. in the user’s scope). Pagination - A maximum of 100 host assets are returned by default. To customize this specify a “preferences” tag in the POST body of your request. Limit your results - Use the optional “fields” parameter to limit the am ount of information returned for each host asset. Learn more about limiting your results Permissions required - Managers with full scope, other users must have these permissions: Access Permission “API Access” and Asset Management Permission “Read Asset” Searchable fields Click here for available operators Parameter Description qwebHostId (integer) lastVulnScan (date) lastComplianceScan (date) information GatheredUpdated (date) (text) os 67

68 Qualys Asset Management & Tagging API Host Assets dnsHostName (text) (text) address vulnsUpdated (date) id (integer) name (text) created (date) type (text) netbiosName (string) (text) netbiosNetworkID networdGuid (text) trackingMethod (keyword) NONE, IP, DNSNAME, NETBIOS, INSTANCE_ID, QAGENT port (integer) installedSoftware (text) tagName (text) tagId (integer) update (date) Assets with cloud agents activationKey (string) Allowed operator: EQUALS ALS, (string) Allowed operators: EQU agentConfigurationName 68

69 Qualys Asset Management & Tagging API Host Assets CONTAINS (long) Allowed operator: EQUALS agentConfigurationId (string) Allowed operators: EQUALS, agentVersion LESSER, GREATER lastCheckedIn (date) Allowed operators: EQUALS, LESSER, GREATER EC2 assets region (text) vpcId (text) ) imageId (text instanceId (text) accountId (text) instanceState (text) PENDING, RUNNING, TERMINATED, STOPPED, etc. subnetId (text) privateDnsName (text) awsTagKey (text) awsTagValue (text) For EC2 assets, apart from instanceState, awsTagKey, and awsTagValue, all other parameters are case sensitive. All EC2 parameters support text input with EQUALS operator. Additionally, the instanceState parameter supports EQUALS, NOT EQUALS. The awsTagKey and awsTagValue parameters support EQUALS, CONTAINS. 69

70 Qualys Asset Management & Tagging API Host Assets Sample - Search h ost assets Find host assets with a Windows operating system that are tracked by Instance ID API request curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/search/am/hostasset" < file.xml Note: “file.xml” contains the request POST data. Request POST data Windows INSTANCE_ID Response SUCCESS 1 2020094 Updated Name Windows win95.old.corp.net 2018-09-06T19:16:35Z 2018-09-06T19:16:35Z HOST 70

71 Qualys Asset Management & Tagging API Host Assets TEST 10 66bf43c8-7392-4257-b856- a320fde231eb

127.0.0.1
INSTANCE_ID - Find cloud agents with a specific agent version Sample API request curl -u fo_username:password -X POST -H "X-Requested-With: curl" -H "Content-Type: text/xml" -H "Cache-Control: no-cache" --data-binary @host_asset_search.xml "http://qualysapi.qualys.com/qps/rest/2.0/search/am/hostasset/" Request POST data 1.4.5.168 Cloud Agent Response 71

72 Qualys Asset Management & Tagging API Host Assets SUCCESS 6 false 3043442 102115-M83 2016-11-04T11:43:40Z 2016-11-08T22:35:53Z HOST 8832525 Cloud Agent 12688456922 102115-M83 1.4.5.168 2e689bb2-53ab-4a58-be0a- a7576964f310 STATUS_INACTIVE 2016-10-21T19:03:30Z 10.100.11.163 Manifest Downloaded Windows 8099 Initial Profile - SSN3 3ae32b8d-a8cf-4c0e-a477- 72

73 Qualys Asset Management & Tagging API Host Assets 86fad2dda4f4 harshal 102115-M83

10.100.11.163
QAGENT - Find host assets with specific ID containing docker Sample informati on API request curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/search/am/hostasset" < file.xml Note: “file.xml” contains the request POST data. 73

74 Qualys Asset Management & Tagging API Host Assets Request POST data 7727721 XML output SUCCESS 1 false 7727721 10.113.198.121 2018-06-15T11:51:26Z 2018-06-15T11:51:26Z HOST 8910214 SSD27701 9252992 All_data1 707520 2018-06-15T11:48:58Z CentOS Linux 7.2.1511

10.113.198.121
IP 74

75 Qualys Asset Management & Tagging API Host Assets 8080 TCP 1180 HyperText Transport Protocol 6 151189838 2018-06-15T11:48:58Z 2018-06-15T11:48:58Z 45038 151189845 2018-06-15T11:48:58Z 2018-06-15T11:48:58Z LOCAL

10.113.198.121
true 18.06.0-ce-rc1 1 2 75

76 Qualys Asset Management & Tagging API Host Assets Sample - Find host assets with specific ID containing split manifest version information for VM, PC, or SCA API request curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/search/am/hostasset" < file.xml Note: “file.xml” contains the request POST data. Request POST data 7866685 XML output SUCCESS 1 false 7866685 ip-172-31-3-82.ap-south-1.compute.internal 2018-08-01T09:34:44Z 2018-08-10T08:39:49Z HOST 10125654 Cloud Agent 76

77 Qualys Asset Management & Tagging API Host Assets 7866685 EC_2 2018-08- 01T09:34:45Z 2018-08- 01T09:34:45Z r- 0cd44450f874d4a08 ap-south- 1b ip-172-31-3-82.ap-south- 1.compute.internal ec2-13-232-170-59.ap-south- 1.compute.amazonaws.com ip-172-31-3-82.ap-south- 1.compute.internal i-0ce729520a8a7d696 t2.micro RUNNING sg-608b270a launch-wizard-4 false 383031258652 subnet-5a0d6a17 vpc-39ccea50 ap-south-1 VPC ami-5b673c34 13.232.170.59 172.31.3.82 0a:da:e8:58:09:fe false 753424 2018-08- 10T00:25:12Z 77

78 Qualys Asset Management & Tagging API Host Assets 2018-08-10T04:55:06Z 2018-08-01T09:23:42Z ec2-user Red Hat Enterprise Linux Server 7.5 ip-172-31-3-82.ap-south- 1.compute.internal 1.7.1.38 66fb864e-9609-4324-8eec- 48ab6cb7f260 STATUS_ACTIVE 2018-08-10T08:39:42Z 13.232.170.59 Mumbai,Maharashtra India 18.975 72.8258 Inventory Scan Complete Linux AGENT_VM VULNSIGS-VM-0.12.1.0-17 VULNSIGS-PC-0.17.0.0-27 514001 My Default f9391862-de71-4106-9478- ca14042980dd AWS 6b48277c-0742-61c1-82bb- cac0f9c4094a

13.232.170.59
QAGENT 990 UTC 323 UDP 78

79 Qualys Asset Management & Tagging API Host Assets ... GeoIP 1.5.0-11.el7 NetworkManager 1.10.2-13.el7 ... 370198 157377851 2018-08-06T10:08:37Z 2018-08-10T04:55:06Z 370472 157377852 2018-08-06T10:08:37Z 2018-08-10T04:55:06Z ... Intel(R) Xeon(R) 2400 79

80 Qualys Asset Management & Tagging API Host Assets / 10724814848 9259859968 ... root ec2-user eth0 0a:da:e8:58:09:fe LOCAL

fe80:0:0:0:8da:e8ff:fe58:9fe
172.31.0.1 ...
Sample - Search host assets using EC2 attributes API request curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- 80

81 Qualys Asset Management & Tagging API Host Assets "https://qualysapi.qualys.com/qps/rest/2.0/search/am/hostasset" < file.xml Note: "file.xml" contains the request POST data. Request POST data ap-northeast- 1 vpc-98a11ffd 205767712438 ip-172-30-1- 133.ap- northeast-1.compute.internal XML output SUCCESS 1 false 1553126 ip-172-30-1-133 2018-12-03T09:10:18Z 2018-12-08T10:14:40Z HOST 7977614 Cloud Agent 81

82 Qualys Asset Management & Tagging API Host Assets 1553126 EC_2 2018-12- 03T09:10:18Z 2018-12- 03T09:10:18Z r- 08a2a6ee33b3acd9f ap-northeast- 1b ip-172-30-1-133.ap-northeast- 1.compute.internal ip-172-30-1-133.ap-northeast- 1.compute.internal i-07081d0a8ab051d80 t2.micro RUNNING sg-9a08a0e3 launch-wizard-12 205767712438 subnet-5c198e2b vpc-98a11ffd ap-northeast-1 VPC ami-92df37ed 13.113.179.242 172.30.1.133 06:c2:ed:39:19:98 294355 2018-12- 08T01:45:34Z 2018-12-08T07:14:58Z 2018-05-25T06:06:35Z ec2-user Amazon Linux 2018.03 82

83 Qualys Asset Management & Tagging API Host Assets ip-172-30-1-133 2.3.0.20 f6e1a6be-a99a-4d79-a5b1- f339aeaf8095 STATUS_INACTIVE 2018-12-08T07:15:20Z 13.113.179.242 Tokyo,Tokyo Japan 35.685 139.7514 Inventory Scan Complete Linux AGENT_VM,AGENT_PC,FIM VULNSIGS-VM-0.19.0.0-34 VULNSIGS-PC-0.19.0.0-34 166800 27-March 8d988825-5685-4dcf-8d14- 0fde25eab037 september-2018 6b48277c-0742-61c1-82bb- cac0f9c4094a

13.113.179.242
QAGENT 987 UTC 57091 UDP ... 83

84 Qualys Asset Management & Tagging API Host Assets acl 2.2.49-6.11.amzn1 ... 38582 88353071 2018-12-03T22:07:32Z 2018-12-08T07:14:58Z ... Intel(R) Xeon(R) 2400 /dev 506937344 506880000 ... root 84

85 Qualys Asset Management & Tagging API Host Assets ec2-user ip-172-30-1-133 eth0 Link encap 06:C2:ED:39:19:98 LOCAL

172.30.1.133
172.30.1.1 ...
false XSD /qps/xsd/2.0/am/hostasset.xsd 85

86 Qualys Asset Management & Tagging API Host Assets Count Host Assets /qps/rest/2.0/count/am/hostasset [POST] Returns the number of host assets that match the provided criteria. A host asset is counted when the asset is visible to the user (i.e. it is in the user’s scope). Permissions required - Managers with full scope. Other users must have these permissions: Access Permission “API Access” and Asset Managemen t Permission “Read Asset” Searchable fields Click here for available operators Parameter Description (integer) qwebHostId lastVulnScan (date) lastComplianceScan (date) informationGatheredUpdated (dat e) os (text) dnsHostName (text) address (text) vulnsUpdated (date) (integer) id 86

87 Qualys Asset Management & Tagging API Host Assets (text) name created (date) type (text) netbiosName (string) netbiosNetworkID (text) networdGuid (text) trackingMethod (keyword) NONE, IP, DNSNAME, CE_ID, QAGENT NETBIOS, INSTAN port (integer) (text) installedSoftware (text) tagName (integer) tagId update (date) Sample - Count host assets API request curl -u "USERNAME:PASSWORD" -X POST --data-binary @- https://qualysapi.qualys.com/qps/rest/2.0/count/am/hostasset -H vContent-Type: application/xml" < file.xml Note: “file.xml” contains the request POST data. Request POST data 87

88 Qualys Asset Management & Tagging API Host Assets Windows Response ?xml version="1.0" encoding="UTF-8"?> SUCCESS 235 XSD /qps/xsd/2.0/am/hostasset.xsd 88

89 Qualys Asset Management & Tagging API Host Assets Delete Host Asset /qps/rest/2.0/delete/am/hostasset/ /qps/rest/2.0/delete/am /hostasset [POST] Delete one or more host assets. Using the NOT EQUALS operator for deleting host assets could result in accidental deletion of unknown host assets without any warning. To prevent accidental deletion of unknown host assets, we do not suppor t NOT EQUALS operator for delete actions. Managers with full scope. Other users must have these Permissions required - permissions: Access Permission “API Access” and Asset Management Permission “Delete Asset” Sample - Delete host assets with the tag “To D elete” API request curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/delete/am/hostasset" < file.xml Note: “file.xml” contains the request POST data. Request POST data To Delete Response 89

90 Qualys Asset Management & Tagging API Host Assets SUCCESS 1 2020094 XSD /qps/xsd/2.0/am/hostasset.xsd 90

91 Qualys Asset Management & Tagging API Host Assets Activate Host Asset /qps/rest/2.0/activate/am/hostasset/?module=QWEB_VM /qps/rest/2.0/activate/am/hostasset?module=QWEB_VM /qps/r est/2.0/activate/am/hostasset/?module=QWEB_PC /qps/rest/2.0/activate/am/hostasset?module=QWEB_PC [POST] Activate one or more assets to make them available in your account for scanning and reporting. You’ll want to activate newly created hosts to make them available in the Vulnerability Management (VM) module and/or the Policy Compliance (PC) module. Permissions required - Users with full scope. Other users must have requested assets in their scope and Access Permission “API Access”. Searchable fields Click here for available operators Parameter Description (integer) qwebHostId (date) lastVulnScan lastComplianceScan (date) informationGatheredUpdated (date) os (text) dnsHostName (text) 91

92 Qualys Asset Management & Tagging API Host Assets address (text) (date) vulnsUpdated id (integer) name (text) created (date) type (text) netbiosName (string) (text) netbiosNetworkID networdGuid (text) trackingMethod (keyword) NONE, IP, DNSNAME, NETBIOS, INSTANCE_ID, QAGENT (integer) port are (text) installedSoftw tagName (text) tagId (integer) update (date) Sample - Activate host assets with tag “Export to VM” API request curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- data-binary @- 92

93 Qualys Asset Management & Tagging API Host Assets "https://qualysapi.qualys.com/qps/rest/2.0/activate/am/hostasset" < file.xml Note: “file.xml” contains the request POST data. Request POST data Export to VM Response SUCCESS 1 2020094 Updated Name WINDOWS 95 win95.old.corp.net 2018-09-06T19:16:35Z 2018-09-06T19:16:35Z HOST TEST 10 66bf43c8-7392-4257-b856-a320fde231eb

127.0.0.1
IP 93

94 Qualys Asset Management & Tagging API Host Assets XSD /qps/xsd/2.0/am/hostasset.xsd 94

95 Qualys Asset Management & Tagging API Host Assets Host Asset Fields Description Name (string) os dnsHostName (string) netbios (string) Name netbiosNetworkId (integer) networkGuid (uuid) (string) address trackingMethod (AssetTrackingMethod: NONE, IP, DNSNAME, NETBIOS, INSTANCE_ID, QAGENT) openPort (HostAssetOpenPortQList) software (HostAssetSoftwareQList) Read only fields qwebHostId (long) lastVulnScan (date) lastComplianceScan (date) (date) vulnsUpdated 95

96 Qualys Asset Management & Tagging API Host Assets informationGatheredUpdated (date) (HostAssetAccount) account biosDescription (string) manufacturer (string) model (string) networkInterface (Ho stAssetInterface) processor (HostAssetProcessor) timezone (string) (long) totalMemory volume (HostAssetVolume) EC2 fields region (text) vpcId (text) imageId (text) instanceId (text) accountId (text) instanceState (text) PENDING, RUNNING, TERMINATED, STOPPED, etc. subnetId (text) (text) privateDnsName 96

97 Qualys Asset Management & Tagging API Host Assets (text) awsTagKey (text) awsTagValue Associations HostAssetOpenPortQList - Open ports (HostAssetOpenPortList) detected or explicitly added to the asset. This collection is keyed off of the port and protocol. Element integer port protocol (TCP, UDP, ICMP) protocol Element integer serviceId serverName string (name of the service detected on the port - read only) HostAssetSoftwareQList - A list of software (HostAssetSoftware) ins talled on the machine, keyed on the name. Element string name string version 97

98 Qualys Asset Management & Tagging API Host Assets HostAssetVulnQList - A list of vulnerabilities detected on the host. Only vulnerabilities flagged as found will be returned. More detailed information about each detected v ulnerability can be obtained from the HostInstanceVuln resource, cross referenced by the hostInstanceVulnId field. The HostInstanceVuln can also be used to find previously detected vulnerabilities that are currently marked as not found. Element long qid long hostInstanceVulnID firstFound date date lastFound 98

99 Qualys Asset Management & Tagging API Assets Assets Get Asset Info /qps/rest/2.0/get/am/asset/ [GET] [POST] Returns a single asset by ID. Limit your results - Use the optional “fields” parameter to limit the amount of information ret urned for the host asset. Learn more about limiting your results Permissions required - Managers with full scope. Other users must have requested asset in their scope and these permissions: Access Permission “ API Access” and Asset Management Permission “Read Asset” Sample - Fetch asset ID and list details API request curl -n -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/qps/rest/2.0/get/am/asset/12345" Response SUCCESS 1 12345 My Windows Asset 2014-02-06T19:16:35Z 2014-02-06T19:16:35Z HOST 99

100 Qualys Asset Management & Tagging API Assets 12345 Tag 1 54321 Tag 2 XSD /qps/xsd/2.0/am/asset.xsd 100

101 Qualys Asset Management & Tagging API Assets Update Asset /qps/rest/2.0/update/am/asset /qps/rest/2.0/update/am/asset [POST] Update fields for an asset and collections of assets. Only the name and tags can be modified. Us ing the NOT EQUALS operator for updating assets could result in accidental update of unknown assets without any warning. To prevent accidental updates of unknown assets, we do not support NOT EQUALS operator for update actions. ers with full scope, other users must have the Permissions required - Manag requested assets in their scope and these permissions: Access Permission “API Access” and Asset Management Permission “Update Asset” Sample - Update tag and give it another name API request curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/update/am/asset/12345" < file.xml Note: “file.xml” contains the request POST data. Request POST data Updated Name 101

102 Qualys Asset Management & Tagging API Assets Response SUCCESS 1 12345 Updated Name 2014-02-06T19:16:35Z 2014-02-06T19:16:35Z HOST 12345 Tag 1 54321 Tag 2 Sample - Update tags that have tag names containing the word DELETED API request curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/update/am/asset" < file.xml Note: “file.xml” contains the request POST data. Request POST data 102

103 Qualys Asset Management & Tagging API Assets DELETED 12345 XML output SUCCESS 1 543 Old Asset (DELETED) 2014-02-06T19:16:35Z 2014-02-06T19:16:35Z HOST 12345 Tag 1 XSD 103

104 Qualys Asset Management & Tagging API Assets /qps/xsd/2.0/am/asset.xsd 104

105 Qualys Asset Management & Tagging API Assets Search Assets /qps/rest/2.0/search/am/asse t [POST] Returns a list of assets matching the provided criteria. Assets are returned when they are visible to the user (i.e. in the user’s scope). Pagination - A maximum of 100 host assets are returned by default. To customize this specify a “preferences ” tag in the POST body of your request. Limit your results - Use the optional “fields” parameter to limit the amount of information returned for each host asset. Learn more about limiting your results Permissions required - Managers with full scope, other users must have these permissions: Access Permission “API Access” and Asset Management Permission “Read Asset” Searchable fields Click here for available opera tors Parameter Description id (integer) name (text) created (date) updated (date) type (keyword) UNKOWN, HOST, SCANNER, WEBAPP, MALWARE_DOMAIN 105

106 Qualys Asset Management & Tagging API Assets tagName (text) Parent tags of the tag will also match tagId (text) Parent tags of the tag will also mat ch Sample - Find an asset with a particular tag API request curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/search/am/asset" < file.xml Request POST data To Delete Response SUCCESS 1 543 Old Asset (To Delete) 2014-02-06T19:16:35Z 2014-02-06T19:16:35Z HOST 12345 Tag 1 106

107 Qualys Asset Management & Tagging API Assets XSD /qps/xsd/2.0/am/asset.xsd 107

108 Qualys Asset Management & Tagging API Assets Count Assets /qps/rest/2.0/count/am/asset [POST] Returns the number of assets that match the provided criteria. A host asset i s counted when the asset is visible to the user (i.e. in the user’s scope). Permissions required - Managers with full scope. Other users must have these permissions: Access Permission “API Access” and Asset Management Permission “Read Asset” Searchable fields Click here for available operators Parameter Description id (integer) name (text) (date) created (date) updated (keyword) UNKOWN, HOST, SCANNER, WEBAPP, type MALWARE_DOMAIN tagName (text) Paren t tags of the tag will also match tagId (text) Parent tags of the tag will also match Sample - Count assets with tag name "To Delete" 108

109 Qualys Asset Management & Tagging API Assets API request curl -u “USERNAME:PASSWORD” "https://qualysapi.qualys.com/qps/rest/2.0/count/am/asset" < file.xml Note: “file.xml” contains the request POST data. Request POST data To Delete Response SUCCESS 1 XSD /qps/xsd/2.0/am/asset.xsd 109

110 Qualys Asset Management & Tagging API Assets Delete Asset /qps/rest/2.0/delete/am/asset/ /qps/rest/2.0/delete/am/asset [POST] Delete one or more assets. Using the NOT EQUALS operator for deleting assets could result in acciden tal deletion of unknown assets without any warning. To prevent accidental deletion of unknown assets, we do not support NOT EQUALS operator for delete actions. Managers with full scope. Other users must have these Permissions required - permissions: Access Permission “API Access” and Asset Management Permission “Delete Asset” Searchable fields Click here for available operators Description Parameter (integer) id (text) name created (date) updated (date ) type (keyword) UNKOWN, HOST, SCANNER, WEBAPP, MALWARE_DOMAIN (text) Parent tags of the tag will also match tagName 110

111 Qualys Asset Management & Tagging API Assets tagId (text) Parent tags of the tag will also match Sample - Delete assets with a particular tag name API request curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/delete/am/asset" < file.xml Note: “file.xml” contains the request POST data. Request POST data To Delete Response SUCCESS 1 1972521 XSD /qps/xsd/2.0/am/asset.xsd 111

112 Qualys Asset Management & Tagging API Assets Activate Asset /qps/rest/2.0/activate/am/hostasset/?module=QWEB_VM /qps/rest/2.0/activate/am/hostasset?module=QWEB_VM /qps/rest/2.0/activate/am/hostasset/?module=QWEB_PC /qps/rest/2.0/activate/am/hostasset?module=QWEB_PC [PO ST] Activate one or more assets to make them available in your account for scanning and reporting. You’ll want to activate newly created hosts to make them available in the Vulnerability Management (VM) module and/or the Policy Compliance (PC) module. Per missions required - Users with full scope. Other users must have requested assets in their scope and Access Permission “API Access”. Searchable fields Click here for available operators Parameter Descripti on id (integer) name (text) created (date) updated (date) type (keyword) UNKOWN, HOST, SCANNER, WEBAPP, MALWARE_DOMAIN 112

113 Qualys Asset Management & Tagging API Assets (text) Parent tags of the tag will also match tagName tagId (text) Parent tags of the tag will also match Sample ssets with the tag “Export to VM” - Activate a API request curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/activate/am/asset?module=QW EB_VM" < file.xml Note: “file.xml” contains the request POST data. Request POST data Export to VM Response SUCCESS 1 1972521 Test Asset 2013-12-11T05:12:45Z 2014-02-04T23:55:54Z HOST 113

114 Qualys Asset Management & Tagging API Assets 12345 Export to VM 2014-02-06T19:14:50Z 2014-02-06T19:14:50Z 1972521 us-east ip-10-90-0-73.qualys.com i-8b545eef t1.micro ami-03ad6e6a 127.0.0.1 false XSD /qps/xsd/2.0/am/asset.xsd 114

115 Qualys Asset Management & Tagging API Assets Asset Fields Description Name (text) name (string) tags id (long) created (date) modified (date) type (keyword) UNKOWN, HOST, SCANNER, WEBAPP, MALWARE_DOMAIN sourceInfo (AssetSourceQList) Associations TagSimpleQList - Asset tags on the associated asset. This collection to be added to and removed from by providing a tag ID wrapped in a TagSimple element. TagSimple long (tag primary key) id name string (tag name) AssetSourceQList - Source information for the associated asset. At the moment this is u sed exclusively for assets that are in Amazon EC2 but may 115

116 Qualys Asset Management & Tagging API Assets contain additional types in the future. As such, elements will always be of type Ec2AssetSourceSimple. Description Element (string) availabilityZone privateDnsName (string) publicDnsName (strin g) (string) instanceID instanceType (string) imageID (string) publicIpAddress (string) privateIpAddress (string) (boolean) monitoringEnabled instanceState (AssetSourceStateCode: PENDING, RUNNING, SHUTTING_DOWN, TERMINATED, STOPPING, STOPPED, UNSUP PORTED) 116

117 Qualys Asset Management & Tagging API Host Instance Vulnerability data Host Instance Vulnerability data Get Vulnerability Info /qps/rest/2.0/get/am/hostinstancevuln/ [GET] Returns a single host instance vulnerability data by ID. Limit your results - Use the optional “fields” parameter to limit the amount of Learn more about information returned for the host instance vulnerability. limiting your results Permissions required - Managers with Full Scope. Users without Full Scope must have these account settings: 1) sco pe includes the requested asset, and 2) permissions include: Access Permission “API Access” and Asset Management Permission “Read Asset”. Sample - Fetch a host instance vulnerability API request curl -n -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/qps/rest/2.0/get/am/hostinstancevuln/123 45" Response SUCCESS 1 9534081 1543621 117

118 Qualys Asset Management & Tagging API Host Instance Vulnerability data 38167 25 true true false false 2012-10-19T21:56:23Z TCP HOST XSD /qps/xsd/2.0/am/hostinstancevuln.xsd 118

119 Qualys Asset Management & Tagging API Host Instance Vulnerability data Search Vulnerabilities /qps/rest/2.0/search/am/hostinstancevuln [POST] Returns a list of host instance vulnerabilities that match the provided criteria. These vulnerabilities are returned when the hosts are visible to the user (i.e. in the user’s scope). Limit your results - Use the optional “fields” parameter to limit the amount of information returned for each vulnerability. Learn mo re about limiting your results Pagination - A maximum of 100 instances are returned by default. To customize this specify a “preferences” tag in the POST body of your request. Managers with Full Scope. Users without Full Scope Permissions required - must have these account settings: 1) scope includes the requested asset, and 2) permissions include: Access Permission “API Access” and Asset Management Permission “Read Asset”. Searchable fields Click here for available operators Parameter Description id (long) The primary host instance vulnerability key. hostAssetId (long) The ID of the host asset where the vulnerability was found. created (date) The date the vulnerability was added to the KnowledgeBase. found (boolean) Set to true if the QID was detected on the host by the latest scan of that host. 119

120 Qualys Asset Management & Tagging API Host Instance Vulnerability data (date) The date/time the vulnerability was first firstFound detected on the host. lastfound (date) The most recent date/time the vulnerability was detec ted on the host. lastScanned (date) The most recent date/time the vulnerability was tested for the host. qid (long) The Qualys vulnerability ID of the vulnerability. disabled (boolean) Set to true if the QID is marked as disabled in your subscription. Set to false if the QID is not marked disabled. (string) The fully qualified domain name of the host. fqdn ssl (boolean) Set to true if the vulnerability was detected over SSL. Set to false if the vulnerability was not detected over SSL. This element is not returned for information gathered. updated (date) The last date/time the vulnerability data was updated for the host. ignored (boolean) Set to true if the QID/host/port is marked as ignored in your subscription. Set to false if the QID/host/por t is not marked ignored. protocol (string) The protocol the vulnerability was detected on. TCP, UDP, ICMP. port (integer) The port number the vulnerability was detected on. source (string) The vulnerability source. HOST, ORACLE, HSSQL, OTHER. 120

121 Qualys Asset Management & Tagging API Host Instance Vulnerability data Sam ple - Search vulnerability instances Find all vulnerabilities that were previously detected on a host, and that have since been resolved API request curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/search/am/hostinstancevuln" 12345 false Response SUCCESS 1 9534081 12345 38167 25 true true false false 2012-10-19T21:56:23Z TCP HOST 121

122 Qualys Asset Management & Tagging API Host Instance Vulnerability data XSD /qps/xsd/2.0/am/hostinstancevuln.xsd 122

123 Qualys Asset Management & Tagging API Host Instance Vulnerability data Count Vulnerabilities /qps/rest/2.0/count/am/hostinstancevuln [GET] Returns the number of host instance vulnerabilities that match the provided criteria. A host instance vulnerability is counted when the asset visible to the user (i.e. it is in the user’s scope). Permissions required - Managers with Full Scope. Users without Full Scope must have these account settings: 1) scope includes the requested asset, and 2) permissions include: Access Permission “API Access” and Asset Management Permission “Read Asset”. - Count vulnerabilities on assets Sample Count the number of host instance vulnerabilities across all visible assets API request curl -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/qps/rest/2.0/count/am/hostinstancevuln"< file.xml Note: file.xml contains the request POST data Request POST data true Response SUCCESS 123

124 Qualys Asset Management & Tagging API Host Instance Vulnerability data 1 XSD /qps/xsd/2.0/am/hostinstancevuln.xsd 124

125 Qualys Asset Management & Tagging API Host Instance Vulnerability data Host Instance Vulnerability Fields Field name Description mary host instance vulnerability key. (long) The pri id hostAssetId (long) The ID of the host asset where the vulnerability was found. created (date) The date the vulnerability was added to the KnowledgeBase. found (boolean) Set to true if the QID was detected on the host by the latest scan of that host. (date) The date/time the vulnerability was first firstFound detected on the host. lastfound (date) The most recent date/time the vulnerability was detected on the host. lastScanned (date) The most recent date/ti me the vulnerability was tested for the host. qid (long) The Qualys vulnerability ID of the vulnerability. disabled (long) Set to true if the QID is marked as disabled in your subscription. Set to false if the QID is not marked disabled. fqdn (string ) The fully qualified domain name of the host. ssl (boolean) Set to true if the vulnerability was detected over SSL. Set to false if the vulnerability was not detected over SSL. This element is not returned for information gathered. 125

126 Qualys Asset Management & Tagging API Host Instance Vulnerability data (date) The last date/time the vulnerability data was updated updated for the host. (boolean) Set to true if the QID/host/port is marked as ignored ignored in your subscription. Set to false if the QID/host/port is not marked ignored. ity was detected on (TCP, The protocol the vulnerabil protocol UDP, ICMP). port (integer) The port number the vulnerability was detected on. source The vulnerability source (HOST, ORACLE, HSSQL, OTHER). 126

127 Qualys Asset Management & Tagging API Asset Data Connector Asset Data Connector Get Connector Info /qps/rest/2.0/get/am/assetdataconnector/ [GET] Returns a single asset data connector by ID. Use the optional “fields” parameter to limit the amount of Limit your results - Learn more about limiting information returned for the asset data connector. your results Permissions required - Managers with Full Scope. Sample - Fetch asset data connector info API request curl -n -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/qps/rest/2.0/get/am/assetdataconnector/1 2345" Response SUCCESS 1 false 12345 new connector 205767712438 2014-11-26T08:44:05Z 127

128 Qualys Asset Management & Tagging API Asset Data Connector Invalid EC2 AuthRecord ERROR AWS 1 EC2 VM XSD /qps/xsd/2.0/am/assetdataconnector.xsd 128

129 Qualys Asset Management & Tagging API Asset Data Connector Update Connector /qps/rest/2.0/update/am/assetdataconnector /qps/rest/2.0/update/am/assetdataconnector/ [GET] Updates writable fields and collections. Only the name and tags can be modified. Using the NOT EQUALS operator for updating connectors could result i n accidental update of unknown connectors without any warning. To prevent accidental updates of unknown connectors, we do not support NOT EQUALS operator for update actions. Managers with Full Scope. Permissions required - Sample 1 - ector name Change asset data conn Change the name of the asset data connector with ID 12345 and add a tag with the ID of 1 to the defaultTags collection API request curl -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/qps/rest/2.0/update/assetdataconnector/a sset/12345" < file.xml Request POST data (file.xml): Updated Name 1 129

130 Qualys Asset Management & Tagging API Asset Data Connector Response SUCCESS 1 false 12345 External VPC 2014-11-26T08:44:05Z SUCCESS AWS 1 EC2 VM Sample 2 - Add a tag to connectors Add a tag to all asset data connectors who's names contain External API request 130

131 Qualys Asset Management & Tagging API Asset Data Connector curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/update/assetdataconnector/a sset < file.xml Request POST data (file.xml): External 2 XML output SUCCESS 13 false 12345 External VPC 2014-11-26T08:44:05Z SUCCESS AWS 2 External 131

132 Qualys Asset Management & Tagging API Asset Data Connector VM ... XSD /qps/xsd/2.0/am/assetdataconnector.xsd 132

133 Qualys Asset Management & Tagging API Asset Data Connector Search Connectors /qps/rest/2.0/search/am/assetdataconnector [POST] Returns a list of asset data connectors that match the provided criteria. Limit your results - Use the optional “fields” parameter to limit the amount of Learn more about limiting information returned for each asset data connector. your results A maximum of 100 instances are returned by default. To Pagination - customize this specify a “preferences” tag in the POST body of your request. Managers with Full Scope. Permissions required - Searchable fields Click here for avail able operators Description Parameter id (long) Primary key name (string) description (string) lastSynch (date) lastError (string) connectorState (Keyword) PENDING. RUNNING, SUCCESS, ERROR (Keyword) VM, PC, SCA, CERTVIEW activation 133

134 Qualys Asset Management & Tagging API Asset Data Connector defaultTa gs.name (Text) The name of a tag in the defaultTags collection defaultTag (Integer) The ID of a tag in the defaultTags collection disabled (boolean) Whether execution of the connector is disabled (YES). If disabled the connector will not synchronize asse ts. awsAccountId (Long) The AWS account ID an asset data connector is connecting to. - Find all asset data connectors with tag name USA Sample API request curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/search/am/assetdataconnecto r" < file.xml Note: file.xml contains request POST data Request POST data USA Response SUCCESS 13 false 134

135 Qualys Asset Management & Tagging API Asset Data Connector 12345 DB1 205767712438 2014-11-26T08:44:05Z SUCCESS AWS 3 USA VM PC XSD /qps/xsd/2.0/am/assetdataconnector.xsd 135

136 Qualys Asset Management & Tagging API ctor Asset Data Conne Count Connectors /qps/rest/2.0/count/am/assetdataconnector [POST] Returns the number of asset data connectors that match the provided criteria. Permissions required - Ma nagers with Full Scope. Sample - Count connectors Count the number of asset data connectors with the tag name USA API request curl -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/qps/rest/2.0/count/am/assetdataconnector "< file.xml Request POST data (file.xml): USA Response SUCCESS 1 XSD 136

137 Qualys Asset Management & Tagging API Asset Data Connector /qps/xsd/2.0/am/assetdataconnector.xsd 137

138 Qualys Asset Management & Tagging API Asset Data Connector Delete Connector /qps/rest/2.0/delete/am/assetdataconnector /qps/rest/2.0/delete/am/assetdataconnector/ [POST] Delete one or more asset data connectors. Using the NOT EQUALS operator for deleting connectors could result in accidental deletion of unknown connectors without any warning. To prevent accidental deletion of unknown connectors, we do not support NOT EQUALS operator for delete actions. Managers with Full Scope. Permissions required - Delete a single asset data connector Sample 1 - API request curl -n -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/qps/rest/2.0/delete/am/assetdataconnecto r/12345" Response SUCCESS 1 12345 138

139 Qualys Asset Management & Tagging API Asset Data Connector Sample 2 - Delete several asset data connectors tagged with the To Delete tag API request curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/delete/am/assetdataconnecto r" < file.xml Request POST data (file.xml): To Delete XML output SUCCESS 1 1972521 XSD am/assetdataconnector.xsd /qps/xsd/2.0/ 139

140 Qualys Asset Management & Tagging API Asset Data Connector Run Connector /qps/rest/2.0/run/am/assetdataconnector /qps/rest/2.0/run/am/assetdataconnector/ [POST] Request that one or more asset data connectors are run. The connectors may be run immediately, or queued to run when there is capacity. The response will almost always indicate that the connector is pending. Use GET calls to monitor the status of connectors. Permissions required - Managers with Full Scope. Run a single connector Sample 1 - API request curl -n -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/qps/rest/2.0/run/am/assetdataconnector/1 2345" Response SUCCESS 1 false 12345 DB1 2014-11-26T08:44:05Z SUCCESS AWS 140

141 Qualys Asset Management & Tagging API Asset Data Connector 3 USA VM PC Sample 2 - Re -run all errored connectors API request curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/run/am/assetdataconnector" < file.xml Request POST data (file.xml): ERROR Response SUCCESS 13 false 141

142 Qualys Asset Management & Tagging API Asset Data Connector 12345 DB1 2014-11-26T08:44:05Z ... 12346 DB2 2015-01-07T01:50:05Z ... XSD xsd/2.0/am/assetdataconnector.xsd /qps/ 142

143 Qualys Asset Management & Tagging API Asset Data Connector Connector Fields Writabl Field name Description e No id (long) Primary key, not writeable name (string) Yes description (string) Yes (date) Last synch date, not No lastSynch writeable No lastError (string) Last erro r, not writeable connectorState (AssetDataConnectorState) No PENDING. RUNNING, SUCCESS, ERROR, not writeable No type (AssetDataConnectorType) AWS, not writeable Yes defaultTags (TagSimpleQList) Tags applied to any asset discovered by the connector activation (List) Yes Assets discovered by the connector will be activated for the modules specified 143

144 Qualys Asset Management & Tagging API Asset Data Connector disabled (boolean) Whether Yes execution of the connector is disabled (YES). If disabled the connector will not synchronize assets. awsAccountId The AWS account ID an No asset data connector is connecting to. Associations TagSimpleQList - Asset tags to be applied to assets found by the connector. This collection to be added to and removed from by providing a tag ID wrapped in a TagS imple element. TagSimple id (long) Primary key name (string) Tag name 144

145 Qualys Asset Management & Tagging API AWS Asset Data Connector AWS Asset Data Connector Get AWS Connector Info /qps/rest/2.0/get/am/awsassetdataconnector/ [GET] Returns a single AWS connector by ID. Limit your results - fields” parameter to limit the amount of Use the optional “ Learn more about limiting your information returned for the AWS connector. results Permissions required - Managers with full scope. ector with the ID 12345 Sample 1 - Fetch the asset data conn API request curl -n -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/qps/rest/2.0/get/am/awsassetdataconnecto r/12345" Response SUCCESS 1 false 12345 new connector 205767712438 2014-11-26T09:27:48Z 145

146 Qualys Asset Management & Tagging API AWS Asset Data Connector Invalid EC2 AuthRecord ERROR AWS 1 EC2 VM CLOUDVIEW 1 my ec2 true Sample 2 - Fetch the EC2 connector information with the ID 78801, that has CertView module activated. API request curl -n -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/qps/rest/2.0/get/am/assetdataconnector/7 8801" Response 147 Qualys Asset Management & Tagging API AWS Asset Data Connector qps1.dev.qualys.com:8080/portal- api/xsd/2.0/am/asset_data_connector.xsd"> SUCCESS 1 78801 cv 383031258652 2019-02-12T23:58:05Z FINISHED_SUCCESS AWS CERTVIEW VM false false false Sample 3 - Get connector details Here’s how to get details on a connector using GET request. This connector is using ARN. For more information on ARN authentication, refer to Support for Cross -Account Role Authentication . API request curl -n -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/qps/rest/2.0/get/am/awsassetdataconn ector/19201" Response responseCode>SUCCESS 147

148 Qualys Asset Management & Tagging API AWS Asset Data Connector 1 19201 user_john 205767712438 2018-02-15T12:51:00Z FINISHED_SUCCESS AWS CLOUDVIEW false false arn:aws:iam::205767712438:role/qualys_dev_test 1518689351038 383031258652 ap-south-1 false XSD /qps/xsd/2.0/am/aws_asset_data_connector.xsd 148

149 Qualys Asset Management & Tagging API AWS Asset Data Connector Create AWS Connector /qps/rest/2.0/create/am/awsassetdataconnector [POST] Creates an AWS asset data connector. disabled (boolean) is used to disable an EC2 connec tor. This parameter can be set for a “create” or “update” request. When set to “true” the connector is disabled and will not run. - If a single connector is run and it is disabled an error is returned. - If multiple connectors are run and all are disabled an error is returned. - If multiple connectors are run and some are disabled, only connectors that are enabled will run. Managers with full scope. Permissions required - Sample 1 - Create new AWS asset data connector API request curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/create/am/awsassetdataconne ctor" < file.xml Note: file.xml contains request POST data Request POST data new connector 149

150 Qualys Asset Management & Tagging API AWS Asset Data Connector 1 VM 1 true Response SUCCESS 13 false 12345 new connector PENDING AWS 1 EC2 VM 150

151 Qualys Asset Management & Tagging API AWS Asset Data Connector false false 1 my ec2 true Sample 2 - Create new AWS asset data connector in disabled state API request curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/create/am/awsassetdataconne ctor" < file.xml Note: file.xml contains request POST data Request POST data conn-disabled VM PC 90802 false true 151

152 Qualys Asset Management & Tagging API AWS Asset Data Connector true XML output SUCCESS 1 254401 disabled-connector DISABLED AWS VM PC true false us-west-1 ap-northeast-1 eu-west-1 ... 152

153 Qualys Asset Management & Tagging API AWS Asset Data Connector us-east-2 true Sample 3 - Create new AWS asset data connector to be available in the CloudView App API request curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/create/am/awsassetdataconne ctor" < file.xml Note: file.xml contains request POST data Request POST data ARN Connector arn:aws:iam::205767712433:role/qualys-demo-account 123456789123 true true Response SUCCESS 1 153

154 Qualys Asset Management & Tagging API AWS Asset Data Connector 266408 conn1 205767712433 QUEUED AWS CLOUDVIEW false false false arn:aws:iam::205767712433:role/qualys-demo- account 123456789123 205767712438 us-west-1 ap-northeast-1 ... true - Create connectors to include CERTVIEW module Sample 4 API request curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/create/am/awsassetdataconne ctor/" < file.xml 154

155 Qualys Asset Management & Tagging API AWS Asset Data Connector Note: file.xml contains request POST data Request POST data ARN_Global arn:aws:iam::705355653965:role/Demo-PODs true VM CERTVIEW Response SUCCESS 1 566601 ARN_Global 705355653965 QUEUED AWS CERTVIEW VM false 155

156 Qualys Asset Management & Tagging API AWS Asset Data Connector false false arn:aws:iam::705355653965:role/Demo-PODs 1550261312725 383031258652 us-west-1 ap-northeast-1 eu-west-1 eu-central-1 ap-southeast-1 us-east-1 ca-central-1 eu-west-2 ap-southeast-2 sa-east-1 ap-northeast-2 ap-south-1 156

157 Qualys Asset Management & Tagging API AWS Asset Data Connector us-west-2 us-east-2 eu-west-3 true XSD /qps/xsd/2.0/am/awsassetdataconnector.xsd 157

158 Qualys Asset Management & Tagging API AWS Asset Data Connector Support for AWS GovCloud /qps/rest/2.0/create/am/awsassetdataconnector [POST] Creates an AWS asset data connector for GovCloud. disabled (boolean) is used to disable an EC2 connector. This parameter can be set for a “create” or “update” request. When set to “true” the connector is disabled and will not run. - If a single connector is run and it is disabled an error is returned. - If multiple connectors are run and all are disabled an error is returned. - If multiple connectors are run and some are disabled, only connectors that are enabled will run. Permissions required - e. Managers with full scop - Create new AWS asset data connector for GovCloud Sample API request curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/create/am/awsassetdataconne ctor" < file.xml Note: file.xml contains request POST data Request POST data gov-cloud VM 158

159 Qualys Asset Management & Tagging API AWS Asset Data Connector PC true 134601 false false Response SUCCESS 1 149008 gov-cloud 205767712438 PENDING AWS VM PC false true us-gov-west-1 159

160 Qualys Asset Management & Tagging API AWS Asset Data Connector false XSD /qps/xsd/2.0/am/awsassetdataconnector.xsd 160

161 Qualys Asset Management & Tagging API AWS Asset Data Connector Support for China Region /qps/rest/2.0/create/am/awsassetdataconnector [POST] Creates an AWS asset data connector for China region. You can easily scan EC2 instances included in the AWS China region for vulnerabilities and policy compliance using the Qualys Cloud Platform. You can create/update EC2 connectors to pull instance info from the China region, activate discovered instances for the VM, PC or SCA module, and scan them using our EC2 scan workf low. isChinaConfigured (boolean) is used to enable the China region for an EC2connector using the AWS Asset Data Connector API (awsassetdataconnector). This parameter can be set for a “create” or “update” request, and is valid only when AWS China option is enabled for your subscription. When isChinaConfigured is set to “true” - The connector is configured to pull instance info from the China region only. - The connector can’t be configured with allRegions set to “true”. Permissions required - Managers with full scope. Sample - Create new AWS asset data connector for China region API request curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/create/am/awsassetdataconne ctor" < file.xml Note: file.xml contains request POST data Request POST data 161

162 Qualys Asset Management & Tagging API AWS Asset Data Connector cn-north-1-conn1 132601 cn-north-1 true false Response SUCCESS 1 136605 cn-north-1-conn1 205767712438 QUEUED AWS false false true 162

163 Qualys Asset Management & Tagging API AWS Asset Data Connector 132601 china-auth cn-north-1 false XSD /qps/xsd/2.0/am/awsassetdataconnector.xsd 163

164 Qualys Asset Management & Tagging API AWS Asset Data Connector -Acco Support for Cross unt Role Authentication /qps/rest/2.0/create/am/awsassetdataconnector [POST] Creates an AWS asset data connector using Cross -Account Role Authentication. Qualys supports the creation of EC2 connectors using a cross -account access role. This allows you to g rant Qualys access to your AWS EC2 instances without sharing your AWS security credentials. Qualys will access your AWS EC2 instances by assuming the IAM role that you create in your AWS account. To get started you’ll need an IAM role created using your A WS account.You can update your existing EC2 connectors to now use cross -account access roles. Note that this migration of your existing EC2 connector to cross account role is unidirectional and cannot be reverted. You can create only one connector for each unique AWS account. It’s recommended that you merge multiple EC2 connectors into one by removing duplicate connectors before you upgrade to ARN. Permissions required - Managers with full scope. Sample 1 - Create a new connector Create connector when you already have the ARN generated from your AWS account API request curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/create/am/awsassetdataconne ctor" < file.xml Note: "file.xml" contains the request POST data. Request POST data 164

165 Qualys Asset Management & Tagging API AWS Asset Data Connector user_john arn:aws:iam::705355653965:role/ARN_UPGRADE 1234567890 ap-south-1 false Response SUCCESS 1 19803 user_john 205767712438 QUEUED AWS false false false arn:aws:iam::705355653965:role/ARN_UPGRADE 165

166 Qualys Asset Management & Tagging API AWS Asset Data Connector 1234567890 383031258652 ap-south-1 false Sample 2 - Create a new connector when you want to provide the ARN later If you have dependencies and cannot provide the ARN at the time of creation, you could always provide the ARN at a later stage. In this case, the AWS connector is created with an INCOMPLETE state. API request curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/create/am/awsassetdataconne ctor" < file.xml Note: "file.xml" contains the request POST data. Request POST data (file.xml): user_john ap-south-1 false 166

167 Qualys Asset Management & Tagging API AWS Asset Data Connector XML output SUCCESS 1 19201 my-aws-connector 205767712438 INCOMPLETE AWS false false 1518689351038 383031258652 ap-south-1 false XSD /qps/xsd/2.0/am/awsassetdataconnector.xsd 167

168 Qualys Asset Management & Tagging API AWS Asset Data Connector Update AWS Connector /qps/rest/2.0/update/am/awsassetdataconnector /qps/rest/2.0/update/am/awsassetdataconne ctor/ [POST] Updates writable fields and collections. Using the NOT EQUALS operator for updating AWS connectors could result in accidental update of unknown AWS connectors without any warning. To prevent accidental updates of unknown AWS connectors, we do not support NOT EQUALS operator for update actions. Permissions required - Managers with full scope. Sample 1 - Update AWS connector name Change the name of an asset data connector with ID of 12345, add a tag with ion, and add us -east -1 as scanned region the ID of 1 to the defaultTags collect API request curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/update/am/awsassetdataconne ctor/12345" < file.xml Note: file.xml contains request POST data Request POST data Updated Name 1 168

169 Qualys Asset Management & Tagging API AWS Asset Data Connector us-east-1 Response SUCCESS 1 false 12345 External VPC 2014-11-26T08:44:05Z SUCCESS AWS 1 EC2 VM false false 169

170 Qualys Asset Management & Tagging API AWS Asset Data Connector -account Sample 2 - Update existing key- based connector to cross role Here’s how to update an existing connector to use a cross -access account role. You’ll need the ARN generated from your AWS account. Note that this migration of your existing EC2 connector to cross account role is unidirectional and cannot be reverted. API request curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/update/am/awsassetdataconne ctor/12345" < file.xml Note: file.xml contains request POST data Request POST data arn:aws:iam::205767712438:role/qualys_dev_test 123456789 Response SUCCESS 1 19201 170

171 Qualys Asset Management & Tagging API AWS Asset Data Connector Sample 3 - Update existing AWS asset data connector to make it available in the CloudView App Change the name of an asset data connector with ID of 12345, add a tag with the ID of 1 to the defaultTags collection, and add us 1 as scanned region -east- API request curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/update/am/awsassetdataconne ctor/266203" < file.xml Note: file.xml contains request POST data equest POST data R true Response SUCCESS 1 266203 171

172 Qualys Asset Management & Tagging API AWS Asset Data Connector Sample 4 - Update existing AWS asset data connector to include CertView module Change the name of an asset data connector wit h ID of 12345, add a tag with -1 as scanned region the ID of 1 to the defaultTags collection, and add us -east API request curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/update/am/awsassetdataconne ctor/80201" < file.xml Note: file.xml contains request POST data Request POST data new connector-edit CERTVIEW Response SUCCESS 1 80201 172

173 Qualys Asset Management & Tagging API AWS Asset Data Connector XSD /qps/xsd/2.0/am/aws_asset_data_connector.xsd 173

174 Qualys Asset Management & Tagging API AWS Asset Data Connector Search AWS Connectors /qps/rest/2.0/search/am/awsassetdataconnector [POST] Returns a list of AWS connectors that match the provided criteria. Limit your results - Use the optional “fields” parameter to limit the amount of information returned for each AWS connector. re about limiting your Learn mo results A maximum of 100 instances are returned by default. To Pagination - customize this specify a “preferences” tag in the POST body of your request. Managers with full scope. Permissions required - Searchable fields Click here for available operators Parameter Description (Integer) Primary key id (Text) name description (Text) lastSync (Date) lastError (Text) connectorState (Keyword) PENDING, RUNNING, SUCCESS, ERROR 174

175 Qualys Asset Management & Tagging API AWS Asset Data Connector (Keyword) VM, PC, SCA, CERTVIEW, CLOUDVIEW activation defaultTags.name (Text) The name of a tag in the defaultTags collection (Integer) The ID of a tag in the defaultTags collection defaultTag allRegions (Boolean) (Keyword) EC2 serviceType endp oint.region (Text) AWS region code (Integer) The ID of the authentication record authRecord authRecord.name (Text) The name of the authentication record disabled (Boolean) Whether execution of the connector is disabled (YES). If disabled the connect or will not synchronize assets. awsAccountId (Long) The AWS account ID an AWS asset data connector is connecting to. Sample 1 - Find all asset data connectors with tag name USA API request curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/search/am/awsassetdataconne ctor" < file.xml Note: file.xml contains request POST data Request POST data 175

176 Qualys Asset Management & Tagging API AWS Asset Data Connector USA Response SUCCESS 13 false 12345 NEW Connector 205767712438 2014-11-26T09:27:48Z Invalid EC2 AuthRecord ERROR AWS 1 USA 1 my ec2 us-east-1 false 176

177 Qualys Asset Management & Tagging API AWS Asset Data Connector Sample 2 - Search A WS asset data connectors that are made available in the CloudView App API request curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/search/am/awsassetdataconne ctor" < file.xml Note: file.xml contains request POST data Request POST data CLOUDVIEW Response SUCCESS 1 false 266408 conn1 205767712433 QUEUED AWS 177

178 Qualys Asset Management & Tagging API AWS Asset Data Connector CLOUDVIEW false false false arn:aws:iam::205767712433:role/qualys-demo- account 123456789123 205767712438 us-west-1 ap-northeast-1 ... true XSD /qps/xsd/2.0/am/awsassetdataconnector.xsd 178

179 Qualys Asset Management & Tagging API AWS Asset Data Connector Count AWS Connectors /qps/rest/2.0/count/am/awsassetdataconnector [POST] Returns the number of AWS connectors that match the provided criteria. Permissions required - Managers with full scope. Sample - Get count of AWS connectors Count the number of AWS connectors with the tag name USA API request curl -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/qps/rest/2.0/count/am/assetdataconnector "< file.xml Note: file.xml contains request POST data Request POST data USA Response SUCCESS 1 179

180 Qualys Asset Management & Tagging API AWS Asset Data Connector XSD /qps/xsd/2.0/am/awsassetdataco nnector.xsd 180

181 Qualys Asset Management & Tagging API AWS Asset Data Connector Delete AWS Connector /qps/rest/2.0/delete/am/awsassetdataconnector /qps/rest/2.0/delete/am/awsassetdataconnector/ [POST] Delete one or more AWS connectors. Using the NOT EQUALS operator for deleting AWS connectors could result in accidenta l deletion of AWS connectors without any warning. To prevent accidental deletion of unknown AWS connectors, we do not support NOT EQUALS operator for delete actions. Managers with full scope. Permissions required - Delete a single AWS connector Sample 1 - API request curl -n -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/qps/rest/2.0/delete/am/awsassetdataconne ctor/12345" Response SUCCESS 1 12345 - Delete several AWS connectors tagged with the To Sample 2 Delete tag 181

182 Qualys Asset Management & Tagging API AWS Asset Data Connector API request curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/delete/am/awsassetdataconne ctor" < file.xml Note: file.xml contains request POST data Request POST data To Delete Response SUCCESS 1 1972521 XSD /qps/xsd/2.0/am/awsassetdataconnector.xsd 182

183 Qualys Asset Management & Tagging API AWS Asset Data Connector Run AWS Connector /qps/rest/2.0 /run/am/assetdataconnector /qps/rest/2.0/run/am/assetdataconnector/ [POST] Request that one or more asset data connectors are run. The connectors may be run immediately, or queued to run when there is capacity. The response will almost always indicate that the connector is pending. Use GET calls to monitor the status of connectors. Permissions required - Managers with full scope. See Run Connector 183

184 Qualys Asset Management & Tagging API AWS Asset Data Connector AWS Connector Fields Description Field name W ritabl e id (long) Primary key, not No writeable name (string) Yes description (string) Yes No lastSynch (date) Last synch date, not writeable No lastError (string) Last error, not writeable (AssetDataConnectorState) connectorState No PENDING. RUNNING, SUCCESS, ERROR, DISABLED, INCOMPLETE, not writeable No (AssetDataConnectorType) type AWS, not writeable Yes defaultTags (TagSimpleQList) Tags applied to any asset discovered by the connector activation (List) Yes Assets discovered by the connector will be activated for the modules specified 184

185 Qualys Asset Management & Tagging API AWS Asset Data Connector (AwsAuthRecordSimple) authRecord Yes The AWS authentication record the connector will use to connect to AWS. When writing/updating it is looked up by the ID field. serviceType (AwsService Type) EC2 Yes Yes allRegions (boolean) If true the end point’s collection will be ignored an all AWS regions scanned disabled Yes (boolean) Whether execution of the connector is disabled (YES). If disabled the connector will not synchronize assets. arn Generated by AWS. Ensure Yes that you provide the same ARN that is generated by AWS. externalId Random string which is Yes unique for each user. awsAccountId The AWS account ID an No AWS asset data connector is connecting to. useForCloudView (boolean) If true the Yes connector is made available in the CloudView App. Associations 185

186 Qualys Asset Management & Tagging API AWS Asset Data Connector AwsEndointSimpleQList - A basic wrapper with one field: regionCode. This is the AWS region code, e.g. us -1. -east AwsAuthRecordSimple - The authentication record a connector wi ll use to communicate with AWS. id (long) is the connector ID, and name (string) is a human readable name to identify the connector key. 186

187 Qualys Asset Management & Tagging API AWS Authentication Record AWS Authentication Record Get AWS Auth Record Info /qps/rest/2.0/get/am/awsauthrecord/ [GET] Returns a single AWS authentication record by ID. Limit your results - Use the optional “fields” parameter to limit the amount of Learn more about limiting information returned for the authentication record. your results Managers with full scope. Permissio ns required - Sample - Fetch details on AWS authentication record API request curl -n -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/qps/rest/2.0/get/am/awsauthrecord/12345" Response SUCCESS 1 12345 Auth Record 2014-02-06T19:14:50Z 2014-02-06T19:14:50Z 187

188 Qualys Asset Management & Tagging API AWS Authentication Record XSD /qps/xsd/2.0/am/awsauthrecord.xsd 188

189 Qualys Asset Management & Tagging API ecord AWS Authentication R Create AWS Auth Record /qps/rest/2.0/create/am/awsauthrecord [POST] Creates a new authentication record. Permissions required - Managers with full scope. Sample - Create new AWS authentication record API reque st curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/create/awsauthrecord" < file.xml Note: file.xml contains request POST data Request POST data Simple Auth Record Production Auth Record AAAAAAAAAAAAAAAAA11A 1aA1aa1aaaaa1aAaAaaAaa1Aaaaa11aaAAAAaaaA Response 189

190 Qualys Asset Management & Tagging API AWS Authentication Record SUCCESS 1 12345 Simple Auth Record Production Auth Record 2014-02-06T19:14:50Z 2014-02-06T19:14:50Z XSD /qps/xsd/2.0/am/awsauthrecord.xsd 190

191 Qualys Asset Management & Tagging API AWS Authentication Record Update AWS Auth Record /qps/rest/2.0/update/am/awsauthrecord /qps/rest/2.0/update/am/awsauthrecord/ [POST] Updates writable fields. Using the NOT EQUALS operator for updating AWS authentication records could result in accidental update of unknown AWS authenti cation records without any warning. To prevent accidental updates of unknown AWS authentication records, we do not support NOT EQUALS operator for update actions. Managers with full scope. Permissions required - Sample - Update the secret key of AWS auth record API request curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/update/awsauthrecord/12345" < file.xml Note: file.xml contains request POST data Request POST data 1aA1aa1aaaaa1aAaAaaAaa1Aaaaa11aaAAAAaaaA 191

192 Qualys Asset Management & Tagging API AWS Authentication Record Response SUCCESS 1 12345 Simple Auth Record Production Auth Record 2014-02-06T19:14:50Z 2014-02-06T19:14:50Z XSD /qps/xsd/2.0/am/awsauthrecord.xsd 192

193 Qualys Asset Management & Tagging API AWS Authentication Record Search AWS Auth Records /qps/rest/2.0/search/am/awsauthrecord [POST] Returns a list of authentication records that match the provided criteria. Limit your results - Use the optional “fields” parameter to limit the amount of information returned for each authentication record. Learn more about limiting your results Pagination - A maximum of 100 insta nces are returned by default. To customize this specify a “preferences” tag in the POST body of your request. Permissions required - Managers with full scope. Searchable fields rators Click here for available ope Parameter Description id (Integer) AWS auth record ID name (Text) AWS auth record name description (Text) AWS auth record description created (Date) When AWS auth record was created modified (Date) When AWS auth record was last modified Sample - Search AWS auth records Find all authentication records that have a name that contains the string AUTH 193

194 Qualys Asset Management & Tagging API AWS Authentication Record API request curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/search/am/awsaauthrecord" < file.xml Note: file.xml contains request POST data Request POST data Simple Response SUCCESS 4 false 66013771 Simple Auth Record 1 2014-12-22T18:36:44Z 66023771 Simple Auth Record 2 2014-12-22T18:36:58Z 66033771 Simple Auth Record 3 2014-12-22T18:37:01Z 66043771 194

195 Qualys Asset Management & Tagging API AWS Authentication Record Simple Auth Record 4 2014-12-22T19:11:18Z XSD /qps/xsd/2.0/am/awsauthrecord.xsd 195

196 Qualys Asset Management & Tagging API AWS Authentication Record Count AWS Auth Records /qps/rest/2.0/count/am/awsauthrecord [POST] Returns the number of authentication records that match the provided criteria. Managers with full scope. Permissions required - Sample - Count AWS auth records Count the number of AWS authentication records that have a name that contains the string AUTH API request curl -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/qps/rest/2.0/count/am/awsauthrecord"< file.xml Note: file.xml contains request POST data Request POST data AUTH Response SUCCESS 1 196

197 Qualys Asset Management & Tagging API AWS Authentication Record XSD /qps/xsd/2.0/am/awsauthrecord.xsd 197

198 Qualys Asset Management & Tagging API AWS Authentication Record Delete AWS Auth Record /qps/rest/2.0/delete/am/awsauthrecord /qps/rest/2.0/delete/am/awsauthrecord/ [POST] Delete one or more authentication records. Using the NOT EQUALS operator for deleting AWS authentication records could result in accidental deletion of unknown AWS authenticati on records without any warning. To prevent accidental deletion of unknown AWS authentication records, we do not support NOT EQUALS operator for delete actions. Managers with full scope. Permissions required - Delete a single authentication recor d Sample 1 - API request curl -n -u "USERNAME:PASSWORD" "https://qualysapi.qualys.com/qps/rest/2.0/delete/am/awsauthrecord/123 45" Response SUCCESS 1 12345 198

199 Qualys Asset Management & Tagging API AWS Authentication Record Sample 2 - Delete several authentication records whose names contain the string "delete me" API request curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/delete/am/awsauthrecord" < file.xml Note: file.xml contains request POST data Request POST data delete me Response SUCCESS 1 2020094 XSD /qps/xsd/2.0/am/awsauthrecord.xsd 199

200 Qualys Asset Management & Tagging API AWS Authentication Record AWS Auth Record Fields Description Field name (string) Name of the authentication record name description (string) Brief description of the authentication record created (date) When record was created, not writeable modified (date) When records was last modified, not writeable secretKey (str ing) The AWS secret key - write only, cannot be read accessKeyId (string) The AWS access key - write only, cannot be read 200

Related documents

NI XNET Hardware and Software Manual   National Instruments

NI XNET Hardware and Software Manual National Instruments

XNET NI-XNET Hardware and Software Manual NI-XNET Hardware and Software Manual July 2014 372840H-01

More info »
Description of STM32F1 HAL and Low layer drivers

Description of STM32F1 HAL and Low layer drivers

UM1850 User manual Description of STM32F1 HAL and Low - layer drivers Introduction TM is an STMicroelectronics original initiative to make developers' lives easier by reducing STMCube development effo...

More info »
Qualys Web Application Scanning API User Guide

Qualys Web Application Scanning API User Guide

Web Application Scanning API User Guide Version 2.38 April 09, 2019

More info »
bluetooth api reference

bluetooth api reference

Bluetooth Software API Reference Manual This document contains the full API reference for the Silicon Labs Bluetooth Software, version 2.11.4. The Blue Gecko family of the Silicon Labs' Bluetooth chip...

More info »
Nios® II Software Developer's Handbook

Nios® II Software Developer's Handbook

® Nios II Software Developer's Handbook ® ® Quartus Updated for Intel Prime Design Suite: 19.1 Subscribe NII-SDH | 2019.04.30 Send Feedback Latest document on the web: PDF | HTML

More info »
40002505m

40002505m

DEFENSE LOGISTICS AGENCY HEADQUARTERS DoD 4000.25-5-M 8725 SUITE 2533 JOHN KINGMAN ROAD, J. VIRGINIA FT. 22060-622 BELVOIR, 1 REPLY IN DLMSO REFER TO FOREWORD the authority of Department of This manua...

More info »
aa39 final rule

aa39 final rule

4310- VH DEPARTMENT OF THE INTERIOR Bureau of Safety and Environmental Enforcement 30 CFR Part 250 000 EEEE500000] [Docket ID: BSEE -2018- 0002; 190E1700D2 ET1SF0000.EAQ RIN 1014–AA39 Oil and Gas and ...

More info »
Gutmans Frontmatter

Gutmans Frontmatter

Gutmans_Frontmatter Page i Thursday, September 23, 2004 9:05 AM PHP 5 Power Programming

More info »
Zebra Scanner SDK for Windows Developer’s Guide

Zebra Scanner SDK for Windows Developer’s Guide

ZEBRA SCANNER SDK FOR WINDOWS DEVELOPER’S GUIDE

More info »
Amazon Cloud Directory   Developer Guide

Amazon Cloud Directory Developer Guide

Amazon Cloud Directory Developer Guide

More info »
Amazon Cloud Directory   Developer Guide

Amazon Cloud Directory Developer Guide

Amazon Cloud Directory Developer Guide

More info »
SmartMesh IP Tools Guide

SmartMesh IP Tools Guide

SmartMesh IP Tools Guide SmartMesh IP Tools Guide Page of 1 212

More info »
32713

32713

How to Design a Good API and Why it Matters Joshua Bloch Principal Software Engineer _ How to Design a Good API and Why it Matters 1

More info »
Amazon CloudWatch Events   User Guide

Amazon CloudWatch Events User Guide

Amazon CloudWatch Events User Guide

More info »
VAM Book

VAM Book

                                                 

More info »
openapi

openapi

Industry Direction for Open APIs A Discussion October 2017

More info »
AWS Certificate Manager Private Certificate Authority   User Guide

AWS Certificate Manager Private Certificate Authority User Guide

AWS Certificate Manager Private Certificate Authority User Guide Version latest

More info »
PRRI Millennials Web FINAL

PRRI Millennials Web FINAL

HOW RACE AND RELIGION SHAPE HOW RACE AND RELIGION SHAPE MILLENNIAL ATTITUDES ON SEXUALITY MILLENNIAL ATTITUDES ON SEXUALITY AND REPRODUCTIVE HEALTH AND REPRODUCTIVE HEALTH Robert P. Jones and Daniel C...

More info »