A new release of Qualys Cloud Platform v2.42 (WAS/AM/SAQ) includes an updated API which is targeted for release in November 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.
AWS Asset Data Connector: Support for New Regions
The Asset Management and Tagging API has been updated to support the following new regions: GovCloud: us-gov-east-1China: cn-northwest-1Bahrain: me-south-1
Host Asset API: Search IBM assets
The Asset Management and Tagging API has been updated to allow searching for IBM assets in your account.
Security Assessment Questionnaire: New Campaign API
Introducing 2 new APIs for SAQ: Questionnaire Campaign API and Questionnaire API
Web Application Scanning (WAS): Tag Details in Web App API
With introduction of new optional parameter for Web Applications API, you can now also view the list of tags (and not just count of tags) associated with the web application.
WAS: XSS Payloads Option for Standard Scans
You can now enable comprehensive tests for cross-site scripting vulnerabilities to be executed during our standard scan using the new parameter in option profile. The comprehensive tests includes XSS with exhaustive set of payloads including set of standard payloads. Running a scan with XSS payloads option enabled in the detection scope of standard scan will provide the best assurance that your web application is free from XSS vulnerabilities. However, enabling this option leads to significant increase in the scan time.
WAS: New Groups for Information Gathered Issues
Currently, all Information Gathered issues in WAS are clubbed together in the report. We have now introduced two new groups for issues of type Information Gathered:- Diagnostic IG (general information about the scan)- Weakness IG (issues that are security weakness or conflict with best practices)
WAS: Cancel Scan with Results Support for Scans
Currently, canceling an unfinished scan on a web application which is in the user’s scope does not return any results. We have now introduced a new parameter <cancelWithResults> that allows you to cancel the scan and still retain results. You can use the scan ID and generate a report to view the results.
WAS: Scan Again Support for Scan API
We now provide the option to execute a previous scan again. Identify the scan you want to run again and use scanagain action. We’ll pre-fill the scan settings to match the original scan.