Qualys Cloud Platform 10.11 (VM/PC) API notification 2

A new release of Qualys Cloud Platform 10.11 (VM,PC) includes an updated API which is targeted for release in June 2021. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

What’s New
Posture Info API – CSV and XML Output Changes for Consistency
/api/2.0/fo/compliance/posture/info
For the Posture Info API, we added several new columns to the CSV output and a new tag to the XML output to make these formats more consistent. This way you’ll get similar details in both formats.

New Authentication Support for Neo4j
/api/2.0/fo/auth
/api/2.0/fo/auth/neo4j/
Neo4j authentication is now supported for compliance scans. The new Neo4j Authentication API (api/2.0/fo/auth/neo4j/) lets you list, create, update, and delete Neo4j authentication records. User permissions for this API are the same as other authentication record APIs.

New Authentication Support for Network SSH
/api/2.0/fo/auth
/api/2.0/fo/auth/network_ssh/
Network SSH authentication is supported for vulnerability and compliance scans. The new Network SSH API (/api/2.0/fo/auth/network_ssh/) lets you list, create, update and delete Network SSH authentication records.

Enhanced Support for Database Technology Data Collection by Using Host OS Authentication Records
/api/2.0/fo/subscription/option_profile/pc/?action=update|create
/api/2.0/fo/subscription/option_profile/pc/?action=list
/api/2.0/fo/subscription/option_profile/?action=export
/api/2.0/fo/subscription/option_profile/?action=import
In Policy Compliance, you have an option to enable database instance data collection by using the underlying OS authentication records without creating an authentication record for the database technology. In this release, we have extended this support.

Filter Remediation Tickets List by Host ID
msp/ticket_list.php
Users can already use ips, asset_groups, dns_contains, and network ids as input parameters to filter the list of remediation tickets for an asset. Now we’re introducing a new parameter called HOST_ID that allows users to filter the list of remediation tickets for an asset based on the unique Host ID. Users cannot combine the HOST_ID parameter with the other asset parameters to filter the remediation tickets. We also introduced a new input to show the Host ID in the XML output called show_host_id. When show_host_id=1 is specified in the API request, the Host ID will appear in the output.

Change to Option Profile Info DTD
We updated the Option Profile Info DTD to fix DTD validation errors. This DTD is used by Option Profile Export/Import APIs.

The release notes are here: https://www.qualys.com/docs/release-notes/qualys-cloud-platform-10.11-api-release-notes.pdf
(NOTE: We have made a small change to how we attach release notes going forward. Previously we attached the PDF of release notes to these notifications directly, but going forward we will reference the link. The pre-release release notes and the post-release release notes will all be on this same link, depending on the time you look at it, so even if you reference the RN’s days or weeks later, you will always be referencing the latest version.)