Qualys Cloud Platform v1.0 (IOC/EDR/CA) API notification 1

Jeff Leggett

A new release of Qualys Cloud Platform 1.0 (EDR/IOC) includes an updated API which is targeted for release in September 2020. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

What’s New

NOTE: Qualys Multi-Vector Endpoint Detection and Response (EDR) is an evolved superset of the IOC app. EDR expands the capabilities of the Qualys Cloud Platform to deliver threat hunting and remediation response. EDR detects suspicious activity, confirms the presence of known and unknown malware, and provides remediation response for your assets.

The IOC endpoints documented in this Release Notes will work with the new EDR 1.0 release.

Fetch events within a date range
/ioc/events
Get EDR events in the user account filtered by date range.

Get event count for a date range
/ioc/events/count
Get number of events logged within a date range.

Fetch event details
/ioc/events/{agentId}/{eventId}
Fetch details for an event.

CA API: Support for Endpoint Detection and Response (EDR)
/qps/rest/2.0/activate/am/asset/
/qps/rest/2.0/deactivate/am/asset/
/qps/rest/1.0/create/ca/agentactkey/

With this release, you can activate or deactivate agents for Endpoint Detection and Response (EDR) module, create agent key for EDR using APIs in Cloud Agent. A new value for modules parameter is introduced for EDR module – “AGENT_EDR”.

Share your Comments

Comments

Your email address will not be published. Required fields are marked *