Qualys Cloud Platform 3.18 (AM, CA, WAS) API Notification 2

Whats New?
WAS API: Renamed Parameters for Whitelist and Blacklist
WAS API: Added XML Tag to API responses
WAS API: Updated Retrieve Scan Result APIs
AM API: New Tracking Method for Host Assets
CA API: Restriction on Create and Update Configuration Profile API Usage

A new release of Qualys Cloud Platform 3.18 (WAS) includes updated APIs which is targeted for release in April 2024. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.

What’s New?

In this release, we have updated four WAS APIs, and one API each for AM and CA. This update brings several changes, including parameter renaming for inclusivity, addition of <fixedDate> tag for vulnerability details, and enhancements to tracking methods for host assets. Additionally, a restriction has been placed on certain configuration profile API usage.

WAS API: Renamed Parameters for Whitelist and Blacklist

In this release, we have renamed the <urlWhiteList>, <urlBlackList>, and <postDataBlackList> parameters to align with inclusive language and ensure consistency between the API parameters and the terminology used in the user interface. This change may break your integration if you are using any of these parameters. Please note that, this is the 2nd notification for this API change.

Following is the list of APIs affected with this parameter change. Please evaluate your use of these APIs carefully.

Create Web Application

POST /qps/rest/3.0/create/was/webapp/
DTD or XSD changes: Yes

Update Web Application

POST /qps/rest/3.0/update/was/webapp/
DTD or XSD changes: Yes

Get Web Application Details

GET /qps/rest/3.0/get/was/webapp/
DTD or XSD changes: Yes

WAS API: Added XML Tag to API responses

With this release, we have added XML tag to the below listed APIs. Now you can see the vulnerability fixed date details for a finding in the API response.

Get Finding Details API

GET /qps/rest/3.0/get/was/finding/
DTD or XSD changes: Yes

Search Findings API

POST /qps/rest/3.0/search/was/finding/
DTD or XSD changes: Yes

WAS API: Updated Retrieve Scan Result APIs

We have updated the Retrieve Scan Result APIs to generate scan response based on detections group. Following APIs are updated with this change.

GET /qps/rest/3.0/download/was/wasscan/ GET /qps/rest/2.0/download/was/wasscan/
DTD or XSD changes: Yes

AM API: New Tracking Method for Host Assets

With this release, we have added THIRD_PARTY as one of the tracking methods for host assets. The tracking method gives you the visibility of asset deduplication. The THIRD_PARTY tracking method identifies the third-party assets scanned or discovered by various data connectors, such as Webhook, Active Directory, and ServiceNow.

Below listed APIs are updated with this change.

POST /qps/rest/1.0/get/am/hostasset/ POST /qps/rest/1.0/search/am/hostasset/
DTD or XSD changes: No

CA API: Restriction on Create and Update Configuration Profile API Usage

With this release, we have added a restriction on usage of create and update configuration profile APIs if you are migrated to the new configuration profile user interface. Please read more on this in the release notes. Below listed APIs are affected by this restriction.

POST /qps/rest/1.0/create/ca/agentconfig/ POST /qps/rest/1.0/update/ca/agentconfig/
DTD or XSD changes: No

Please refer the detailed release notes at https://cdn2.qualys.com/docs/release-notes/qualys-cloud-platform-3.18-api-release-notes.pdf