Qualys Cloud Platform 10.28 (VM, PC) API Notification 2

Prabhas Gupte

A new release of Qualys Cloud Platform 10.28 (VM, PC) includes updated APIs, which is targeted for release in June 2024. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the upcoming API changes, allowing you to identify use cases that can leverage these updated APIs.

What’s New?

This release includes updates to the Host Asset List and Detection APIs, allowing optional inclusion of OS hostnames in responses for authenticated scans. The linux_hostname parameter has been renamed to os_hostname for generic purpose. Mark Logic database authentication is supported via a new API, and Active Directory (AD) Secrets Engine or Database Secrets Engine can be utilized with HashiCorp authentication records. Additionally, the Apache Cassandra Record API has a parameter name change from ssl_verify to ssl_verify_with_host.

Authenticated Scan: Hostname Detection by QID 45325 and 45361

GET, POST /api/2.0/fo/asset/host/
GET, POST /api/2.0/fo/asset/host/vm/detection/
DTD or XSD changes: Yes

In this release, the Host Asset List API and host List Detection API are updated to optionally include the OS hostname in the response, in case of an authenticated scan. We have also renamed the linux_hostname parameter to os_hostname to keep it as generic parameter for OS detection.

In this release, this is achieved through detection of below listed QIDs during the authenticated scans.

45325 – Microsoft Windows Hostname and Domain Name Information
45361 – Linux/Unix Hostname Information

Please note that, this is the 2nd notification for this API change.

New API to Support MarkLogic Database Authentication Record

GET, POST /api/2.0/fo/auth/marklogic

In this release, MarkLogic (version 9.x/10.x) database authentication record is now supported for the authentication of compliance scans. We have introduced a new API to manage the MarkLogic authentication records. It allows you to create, update, list, and delete records.

Use Active Directory (AD) Secrets Engine or Database Secrets Engine in HashiCorp Authentication Records

GET, POST /api/2.0/fo/auth/postgresql/
GET, POST /api/2.0/fo/auth/mongodb/
GET, POST /api/2.0/fo/auth/infoblox/
GET, POST /api/2.0/fo/auth/cisco_apic/
GET, POST /api/2.0/fo/auth/unix/
DTD or XSD changes: Yes

You can now use Active Directory (AD) Secrets Engine or Database Secrets Engine while creating or updating authentication records (PostgreSQL, MongoDB, Cisco, Cisco_APIC, Infoblox) with vault type HashiCorp. For this, we have added a new but optional parameter use_ad_hashicorp to the request for all the above listed APIs.

Change to Apache Cassandra Record API Input Parameter Name

GET, POST /api/2.0/fo/auth/cassandra
DTD or XSD changes: No

In this release, we have renamed the ssl_verify parameter as ssl_verify_with_host. Please ensure that you use the new parameter name while calling the API.

Please refer the detailed release note here: https://cdn2.qualys.com/docs/release-notes/qualys-cloud-platform-10.28-api-release-notes.pdf

Share your Comments


Your email address will not be published. Required fields are marked *