Qualys Cloud Platform 3.4 (WAS/MDS) API notification 1

Jeff Leggett

A new release of Qualys Cloud Platform 3.4 (WAS/MDS) includes an updated API which is targeted for release in December 2020. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

What’s New

WAS API: Finding Output to Identify Potential Vulnerability and Show Original QID Severity
/qps/rest/2.0/search/was/finding
/qps/rest/2.0/get/was/finding/

The Search and Get Findings API output contains category to distinguish between Vulnerability, Sensitive Content and Information Gathered. However, these categories do not have a field to specify if findings for a vulnerability is confirmed or potential. We added a new parameter in the API output to display this information. Findings for the potential vulnerability show potential as true, and findings for the confirmed vulnerability show potential as false.

WAS API: WAS Scan Download to Show Severity, Original Severity, and Potential Information
/qps/rest/3.0/download/was/wascan/{id}
The WAS Scan API output displays findings in WasScanVuln, WasScanSensitiveContent, and WasScanIg tags. These three tags contain finding details of every category; however, we do not specify if the finding for a vulnerability is confirmed or potential. Also, we do not mention the severity of a QID and original severity in case the severity is edited by the user from the KnowledgeBase.

We added and parameters in the WasScanVuln, WasScanSensitiveContent, and WasScanIg tags to show the severity and original severity of the vulnerability and added parameter to WasScanVuln tag. For the potential vulnerability, the parameter will show potential true and for confirmed vulnerability, this parameter will show potential false.

MDS API: Search and View Detection Output to Include associated WAS Web App ID
/qps/rest/1.0/search/md/detection
/qps/rest/1.0/get/md/detection/{id}

We now show two new parameters (site ID) and (web applicaiton ID)for malware detections in the Search detections and View malware detection details output. This information links a detection back to the WAS application for which detection is made. Web application ID is shown only if the site is controlled by the WAS application. In this case only site ID is shown.

Share your Comments

Comments

Your email address will not be published. Required fields are marked *