Qualys API Release Notes



Similar documents
Tenable for CyberArk

Secret Server Qualys Integration Guide

Managing Qualys Scanners

Qualys PC/SCAP Auditor

Setting Up Scan to SMB on TaskALFA series MFP s.

Qualys API V1. User Guide. Version 8.6

IBM Security QRadar SIEM Version MR1. Vulnerability Assessment Configuration Guide

NETASQ ACTIVE DIRECTORY INTEGRATION

Creating an ESS instance on the Amazon Cloud

Web Application Firewall

Protected Trust Setup Guide for Brother MFC Devices

White Paper. Installation and Configuration of Fabasoft Folio IMAP Service. Fabasoft Folio 2015 Update Rollup 3

Asset Management and Tagging API v1. User Guide Version 2.3

Setup Corporate (Microsoft Exchange) . This tutorial will walk you through the steps of setting up your corporate account.

Contents. 2 Alfresco API Version 1.0

EMC ViPR Controller. ViPR Controller REST API Virtual Data Center Configuration Guide. Version

Startup guide for Zimonitor

IBM Security QRadar Version Vulnerability Assessment Configuration Guide IBM

Eucalyptus User Console Guide

SCADA Security. Enabling Integrated Windows Authentication For CitectSCADA Web Client. Applies To: CitectSCADA 6.xx and 7.xx VijeoCitect 6.xx and 7.

UFTP AUTHENTICATION SERVICE

Policy Compliance. Getting Started Guide. January 22, 2016

Two Factor Authentication in SonicOS

/ Preparing to Manage a VMware Environment Page 1

HTTP Reverse Proxy Scenarios

QualysGuard WAS. Getting Started Guide Version 3.3. March 21, 2014

Use Enterprise SSO as the Credential Server for Protected Sites

4. Getting started: Performing an audit

vcommander will use SSL and session-based authentication to secure REST web services.

Secure Messaging Server Console... 2

QualysGuard WAS. Getting Started Guide Version 4.1. April 24, 2015

Active Directory Authentication Integration

Copyright Pivotal Software Inc, of 10

Vulnerability Scan Results in XML

CTS2134 Introduction to Networking. Module Network Security

SmarterMeasure Inbound Single Sign On (SSO) Version 1.3 Copyright 2010 SmarterServices, LLC / SmarterServices.com PO Box , Deatsville, AL 36022

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support

How to Configure Captive Portal

Managing Software and Configurations

User-ID Features. PAN-OS New Features Guide Version 6.0. Copyright Palo Alto Networks

Establishing two-factor authentication with Barracuda NG Firewall and HOTPin authentication server from Celestix Networks

Qualys API. Network Support Qualys Version 8.2

Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure

MadCap Software. Upgrading Guide. Pulse

Contents. Before You Install Server Installation Configuring Print Audit Secure... 10

Asset Management and Tagging API v2. User Guide Version 2.9

PaperCut Payment Gateway Module - PayPal Payflow Link - Quick Start Guide

Fairsail. Implementer. Fairsail to Active Directory Synchronization. Version 1.0 FS-PS-FSAD-IG R001.00

File Management Utility User Guide

Ciphermail Gateway PDF Encryption Setup Guide

Installation & Configuration Guide User Provisioning Service 2.0

TRIPWIRE PURECLOUD. TRIPWIRE PureCloud USER GUIDE

How to Configure Active Directory based User Authentication

External authentication with Astaro AG Astaro Security Gateway UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

Oracle Identity Manager, Oracle Internet Directory

SAML 2.0 SSO Deployment with Okta

Matrix Technical Support Mailer 33 COSEC Integrate (Import from Active Directory)

Configuring Global Protect SSL VPN with a user-defined port

OneLogin Integration User Guide

RoomWizard Synchronization Software Manual Installation Instructions

The data between TC Monitor and remote devices is exchanged using HTTP protocol. Monitored devices operate either as server or client mode.

NetBrain Security Guidance

How to configure the TopCloudXL WHMCS plugin (version 2+) Update: Version: 2.2

Free Multi-Factor Authentication. Using and SMS in Enterprise/Random Password Manager (E/RPM)

Easy CramBible Lab DEMO ONLY VERSION Test284,IBM WbS.DataPower SOA Appliances, Firmware V3.6.0

Kentico CMS security facts

Integrating a Hitachi IP5000 Wireless IP Phone

Qualys API Limits. July 10, Overview. API Control Settings. Implementation

File Share Navigator Online 1

Fairsail REST API: Guide for Developers

FileMaker Server 14. FileMaker Server Help

Preparing for GO!Enterprise MDM On-Demand Service

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

Phone Inventory 1.0 (1000) Installation and Administration Guide

AVG Business Secure Sign On Active Directory Quick Start Guide

PageScope Enterprise Suite

Lab Configure Basic AP Security through IOS CLI

Working Folder Linkage Setup Guide

F-SECURE MESSAGING SECURITY GATEWAY

login timeout 30 access list ALL line 20 extended permit ip any any port 9053 interval 15 passdetect interval 30

Axway API Gateway. Version 7.4.1

Web Service Integration

How to Use Print from Register the printer

NetMotion + YubiRADIUS Quick Start Guide

Using LDAP Authentication in a PowerCenter Domain

Device LinkUP + Desktop LP Guide RDP

TECHNICAL NOTE Stormshield Network Firewall AUTOMATIC BACKUPS. Document version: 1.0 Reference: snentno_autobackup

VMware Identity Manager Connector Installation and Configuration

Configuration Backup and Restore. Dgw v2.0 May 14,

IIS, FTP Server and Windows

Mobile Device Management Solution Hexnode MDM

Owner of the content within this article is Written by Marc Grote

SCENARIO EXAMPLE. Case study of an implementation of Swiss SafeLab M.ID with Citrix. Redundancy and Scalability

Secure Transfers. Contents. SSL-Based Services: HTTPS and FTPS 2. Generating A Certificate 2. Creating A Self-Signed Certificate 3

App Orchestration 2.5

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

Shipping Services Files (SSF) Secure File Transmission Account Setup

Security Analytics Engine 1.0. Help Desk User Guide

FireEye App for Splunk Enterprise

How to Migrate to MailEnable using the Migration Console

Transcription:

Qualys API Release Notes Version 8.3 November 15, 2014 Qualys 8.3 includes improvements to the Qualys API, giving you more ways to integrate your programs and API calls with Qualys Vulnerability Management (VM) and Qualys Policy Compliance (PC). Looking for our API user guides? Just log in to your Qualys account and go to Help > Resources. What s New New Authentication Vault API v2 Tell me about the base URL Our documentation and sample code use the API server URL for Qualys US Platform 1. Do you have another base URL? If yes please use it instead. Account Login Qualys US Platform 1 Qualys US Platform 2 Qualys EU Platform Qualys Private Cloud Platform Base URL https://qualysapi.qualys.com https://qualysapi.qg2.apps.qualys.com https://qualysapi.qualys.eu https://qualysapi.<customer_base_url> Copyright 2014 by Qualys, Inc. All Rights Reserved.

New Authentication Vault API v2 The new Vault API (/api/2.0/fo/vault) allows you to manage authentication vaults for authentication records that use them. Using this API you can list vaults, create new vaults, update and view vault settings, and delete vaults. Permissions: Managers, Unit Managers and Scanners can view vaults and their settings. Managers can perform more functions (create, update, delete). Unit Managers can perform these functions if they are granted the permission Create/edit authentication records/vaults. List vaults Use the parameter action=list to list the vaults defined in your account. API request: curl -u "USERNAME:PASSWD" -H "X-Requested-With: curl" -d "action=list" "https://qualysapi.qualys.com/api/2.0/fo/vault/" XML output: <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE AUTH_VAULT_LIST_OUTPUT SYSTEM "https://qualysapi.qualys.com/api/2.0/fo/vault/vault_output.dtd"> <AUTH_VAULT_LIST_OUTPUT> <RESPONSE> <DATETIME>2014-09-12T13:55:57Z</DATETIME> <STATUS>Success</STATUS> <COUNT>13</COUNT> <AUTH_VAULTS> <AUTH_VAULT> <TITLE> <![CDATA[added failover ip]]> </TITLE> <VAULT_TYPE> <![CDATA[Cyber-Ark PIM Suite]]> </VAULT_TYPE> <LAST_MODIFIED> <DATETIME>2014-02-13T12:05:21Z</DATETIME> <BY>quays_rn1</BY> </LAST_MODIFIED> <ID>1421</ID> </AUTH_VAULT> <AUTH_VAULT> <TITLE> <![CDATA[added failover ip1]]> Qualys API Release Notes 2

</TITLE> <VAULT_TYPE> <![CDATA[Cyber-Ark PIM Suite]]> </VAULT_TYPE> <LAST_MODIFIED> <DATETIME>2014-02-19T06:43:44Z</DATETIME> <BY>quays_rn1</BY> </LAST_MODIFIED> <ID>1441</ID> </AUTH_VAULT> <AUTH_VAULT> <TITLE> <![CDATA[Blue]]> </TITLE> <VAULT_TYPE> <![CDATA[CA Access Control]]> </VAULT_TYPE> <LAST_MODIFIED> <DATETIME>2013-09-21T05:26:32Z</DATETIME> <BY>quays_rn1</BY> </LAST_MODIFIED> <ID>1406</ID> </AUTH_VAULT> </AUTH_VAULTS> </RESPONSE> </AUTH_VAULT_LIST_OUTPUT> s: action=list echo_request={0 1} title={value} type={value} modified={date} (Required) (Optional) Set to 1 to show (echo) the request s input parameters (names and value) in the XML output. (Optional) Include vaults matching this title. (Optional) Include a certain vault type only. A valid value is: Cyber-Ark PIM Suite Thycotic Secret Server Quest Vault CA Access Control Hitachi ID PAM Lieberman ERPM (Optional) Include vaults modified on or after a certain date/time, in this format: YYYY-MM-DD[THH:MM:SSZ] (UTC/GMT). Qualys API Release Notes 3

orderby={value} sortorder={asc desc} limit={value} (Optional) Sort the vaults list by certain data. One of: id, title, system_name, last_modified, last_modified_by. A date must be specified in YYYYMM- DD[THH:MM:SSZ] format (UTC/GMT). (Optional) The sort order, used when the request includes the orderby parameter. One of: asc (for ascending order) or desc (for descending order). (Optional) The maximum number of vault records processed for the request, starting at the record number specified by the offset parameter. These parameters must be specified together: limit and offset. When not specified, default limit is set to 1,000 vault records. You can specify a value less than or greater than the default. offset={value} It s possible to specify limit=0 for no limit. In this case the output is not paginated and all records are returned in a single output. Warning: This is not recommended since it may generate a very large output and processing large XML files can consume a lot of resources on the client side. (Optional) The starting vault record number, used only when the request includes the limit parameter. More sample requests: 1) List all vaults, order vaults by system name curl -H "X-Requested-With:API" -u "USERNAME:PASSWD" -d "action=list&orderby=system_name" "https://qualysapi.qualys.com/api/2.0/fo/vault/index.php/?" 2) List all vaults, order vaults by title in descending order curl -H "X-Requested-With:API" -u "USERNAME:PASSWD" -d "action=list&sortorder=desc&title" "https://qualysapi.eng.qualys.com/api/2.0/fo/vault/index.php/?" 3) List only 9th and 10th vault records curl -H "X-Requested-With:API" -u "USERNAME:PASSWD" -d "action=list&limit=2&offset=9" "https://qualysapi.qualys.com/api/2.0/fo/vault/index.php/?" Qualys API Release Notes 4

Create a new vault Use the parameter action=create. s: action=create title={value} type={value} comments={value} {vault settings} (Required) (Required) The vault title. (Required) The vault type. A valid value is: Cyber-Ark PIM Suite Thycotic Secret Server Quest Vault CA Access Control Hitachi ID PAM Lieberman ERPM (Optional) User defined comments. Tell me about vault settings API request: curl -u "USERNAME:PASSWD" -H "X-Requested-With: curl" -X "POST" -d "title=my+vault&type=cyber-ark+pim+suite&server_address=123.123.123.123&p ort=1858&safe=mysafe1&username=someusername&password=somepasswd" "https://qualysapi.qualys.com/api/2.0/fo/vault/?action=create" XML output: <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE SIMPLE_RETURN SYSTEM "https://qualysapi.qualys.com/api/2.0/simple_return.dtd"> <SIMPLE_RETURN> <RESPONSE> <DATETIME>2014-09-12T14:13:28Z</DATETIME> <TEXT>Success</TEXT> <ITEM_LIST> <ITEM> <KEY>ID</KEY> <VALUE>14836922</VALUE> </ITEM> </ITEM_LIST> </RESPONSE> </SIMPLE_RETURN> Qualys API Release Notes 5

Update vault settings Use the parameter action=update. s: action=update id={value} title={value} comments={value} {vault settings} (Required) (Required) A vault ID. (Optional) A new title to replace the existing title. (Optional) User defined comments. Tell me about vault settings API request: curl -u "USERNAME:PASSWD" -H "X-Requested-With: curl" -X "POST" -d "id=14836922&server_address=10.10.10.10" "https://qualysapi.qualys.com/api/2.0/fo/vault/?action=update" XML output: <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE SIMPLE_RETURN SYSTEM "https://qualysapi.qualys.com/api/2.0/simple_return.dtd"> <SIMPLE_RETURN> <RESPONSE> <DATETIME>2014-09-12T14:13:28Z</DATETIME> <TEXT>Success</TEXT> <ITEM_LIST> <ITEM> <KEY>ID</KEY> <VALUE>14836922</VALUE> </ITEM> </ITEM_LIST> </RESPONSE> </SIMPLE_RETURN> View vault settings Use the parameter action=view. action=view id={value} (Required) (Required) A vault ID. Qualys API Release Notes 6

API request: curl -u "USERNAME:PASSWD" -H "X-Requested-With: curl" "id=14836922" "https://qualysapi.qualys.com/api/2.0/fo/vault/?action=view" XML output: <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE VAULT_OUTPUT SYSTEM "https://qualysapi.qualys.com/api/2.0/fo/vault/vault_view.dtd"> <VAULT_OUTPUT> <RESPONSE> <DATETIME>2014-09-12T14:25:04Z</DATETIME> <VAULT_QUEST> <TITLE> <![CDATA[My vault]]> </TITLE> <COMMENTS> <![CDATA[Some comments]]> </COMMENTS> <VAULT_TYPE> <![CDATA[Thycotic Secret Server]]> </VAULT_TYPE> <CREATED_ON>2014-09-12T14:13:28Z</CREATED_ON> <OWNER>acme_ab1</OWNER> <LAST_MODIFIED> <DATETIME>2014-09-12T14:13:28Z</DATETIME> <BY>acme_ab1</BY> </LAST_MODIFIED> <USERNAME> <![CDATA[acme_ab1]]> </USERNAME> <URL> <![CDATA[https://corp1.corp.com]]> </URL> <DOMAIN> <![CDATA[corp-test.com]]> </DOMAIN> <ID>14836922</ID> </VAULT_QUEST> </RESPONSE> </VAULT_OUTPUT> Qualys API Release Notes 7

Delete a vault Use the parameter action=delete. action=view id={value} (Required) (Required) A vault ID. API request: curl -u "USERNAME:PASSWD" -H "X-Requested-With: curl" -d "id=43463" "https://qualysapi.qualys.com/api/2.0/fo/vault/?action=delete" XML output: <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE SIMPLE_RETURN SYSTEM "https://qualysapi.qualys.com/api/2.0/simple_return.dtd"> <SIMPLE_RETURN> <RESPONSE> <DATETIME>2014-09-12T14:13:28Z</DATETIME> <TEXT>Success</TEXT> <ITEM_LIST> <ITEM> <KEY>Status</KEY> <VALUE>Deleted</VALUE> </ITEM> </ITEM_LIST> </RESPONSE> </SIMPLE_RETURN> Qualys API Release Notes 8

Tell me about vault settings The vault settings differ per vault type. CA Access Control ca_url={value} (Required for new vault) The HTTP or HTTPS URL of the CA Access Control web services, an API interface to your CA Access Control Enterprise Management installation. Note that the web services URL is different from the web management URL. Sample web services URL: http://caac126u-32-235.caac125.domain.com:18080/iam/te WS6/ac ca_api_username={value} ca_ssl_verify={1 0} ca_web_username={value} ca_web_password={value} Cyber-Ark PIM Suite server_address={value} port={value} safe={value} username={value} password={value} Sample web management URL: http://caac126p-33-166.caac125.domain.com:18080/iam/ac/ (Required for new vault) The name of a user that is granted GetAccountPassword API permissions. (Required for new vault) When set to 1, our service will verify the SSL certificate of the web server to make sure the certificate is valid and trusted. When set to 0 our service will not verify the certificate of the web server. (Optional) The web user name used to access Basic Authentication of the CA Access Control web server. (Optional) The web password used to access Basic Authentication of the CA Access Control web server. (Required for new vault) The IP address of the vault server that stores system login credentials to be used. (Optional) The port the vault server is running on. The port must be in the range 1025 to 65535. For a new vault the port is set to 1858 by default, if the port parameter is not specified. (Required for new vault) The name of the digital password safe. The safe name can contain a maximum of 28 characters (leading and/or trailing space in the input value will be removed). These special characters cannot be included in a safe name: \ / : *? " < >. (Required for new vault) The username for an account with access to your Cyber-Ark PIM Suite environment. (Required for new vault) The password for an account with access to your Cyber-Ark PIM Suite environment. Qualys API Release Notes 9

Hitachi ID PAM url={value} username={value} password={value} ssl_verify={1 0} Lieberman ERPM url={value} domain={value} username={value} password={value} ssl_verify={1 0} Quest Vault server_address={value} port={value} username={value} (Required for new vault) The HTTP or HTTPS URL of the Hitachi ID PAM webservices. (Required for new vault) The username (ID) for the Hitachi ID PAM user account. To allow Qualys scanners to connect using this account, this user must have the following settings under Administrator information in the Hitachi ID Management Suite: 1) the privilege OTP IDAPI caller and 2) the value entered in the IP address with CIDR bitmask field must include the Qualys scanner IP addresses. (Required for new vault) The password for the Hitachi ID PAM user account. (Required for new vault) When set to 1, our service will verify the SSL certificate of the web server to make sure the certificate is valid and trusted. When set to 0 our service will not verify the certificate of the web server. (Required for new vault) The HTTP or HTTPS URL of the Lieberman ERPM server. (Optional) A domain name if your Lieberman ERPM server is part of a domain. (Required for new vault) The username for the Lieberman ERPM server account. (Required) The password for the Lieberman ERPM server account. (Required for new vault) Our service will verify the SSL certificate of the web server to make sure the certificate is valid and trusted, unless you set ssl_verify=0. For a new vault the default is set to 1 (i.e. verify). (Required for new vault) The IP address of the vault server, Quest One Privileged Password Manager. (Optional) The listing port of the vault server. For a new vault the port is set to 22 by default, if the port parameter is not specified. (Required for new vault) The username to be used for SSH authentication. We recommend you create a dedicated user account for Qualys scanning. Using Quest/Dell 2.4 or higher, enter the key for the API user account you've created for use with our service. We support both API and CLI keys but recommend use of an API key. Qualys API Release Notes 10

access_key={value} Thycotic Secret Server url={value} username={value} password={value} domain={value} (Required for new vault) The DSA private key in PEM format for SSH authentication. (Required for new vault) The HTTP or HTTPS URL of the Secret Server webservices. The URL may contain a maximum of 256 characters, and must not contain multibyte characters. (Required for new vault) The username for a Secret Server user. This user must have access to the secret names to be used for authentication. (Required for new vault) The password for a Secret Server user. (Optional) Specify a fully qualified domain name if Secret Server is integrated with Active Directory. The domain may contain a maximum of 128 characters, and must not contain any multibyte characters. Qualys API Release Notes 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information