Qualys Cloud Platform 3.3 (GAV/CSAM) API Notification 1
A new release of Qualys Cloud Platform 3.3 (GAV/CSAM) includes new and updated APIs which is targeted for release in December 2024. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API changes, allowing you to identify use cases that can leverage this updated API.
What’s New?
In this release, a new API has been introduced to allow downloading of completed reports directly. Several EASM APIs have been enhanced with additional parameters and fields to refine profile management. Additionally, support for including vulnerability and misconfiguration findings has been added to the Third-Party Asset Import API, catering to ETM customers. Other improvements include updates to APIs for retrieving scanner assets and identifying typosquatted or defamatory domains associated with specific profiles.
New API to Download Reports
GET /rest/2.0/am/report/download
Until now, you could download the required report only using the CSAM UI. In this release, we have introduced a new API to download the report specified with reportName
parameter. Please note that, you can download the reports only with the COMPLETED
status.
Enhancements in EASM APIs
With this release, we have added following new, optional input parameters to the below listed APIs.
excludeCDNAssets
defaultPurgeRuleFrequency
excludeDefamatoryDomain
enableTyposquattedDomainGeneration
Following APIs are updated to support these input parameters.
Updated API: Create EASM Profile
POST /easm/v2/profile
DTD or XSD changes: Not Applicable
Updated API: Update an EASM Profile Data
PUT /easm/v2/profile/{profileName}
DTD or XSD changes: Not Applicable
Updated API: Patch an EASM Profile Data
PATCH /easm/v2/profile/{profileName}
DTD or XSD changes: Not Applicable
Additionally, we have added above-listed same fields in the response of following API.
Updated API: Get an EASM Profile Data
GET /easm/v2/profile
DTD or XSD changes: Not Applicable
Vulnerability and Misconfiguration Findings Support in Third Party Assets API
POST /rest/2.0/am/connector/asset/data/sync
DTD or XSD changes: Not Applicable
With this release, you can provide vulnerability or misconfiguration findings information in the request payload of this API. A new findings
section is introduced in the request payload explicitly for ETM customers. We support the Vulnerability and Misconfiguration categories for the payload.
Enhanced APIs to Get the Scanner Assets from the CSAM Application
With this release, the following APIs are enhanced to get the Scanner Assets from the CSAM Application.
Updated API: Get Host Details of All Assets
POST /rest/2.0/search/am/asset
DTD or XSD changes: Not Applicable
This API is updated so that you can also get the scanner assets from the CSAM application.
Updated API: Get Host Details of Specific Asset
GET /rest/2.0/get/am/asset
DTD or XSD changes: Not Applicable
This API is updated to get the details of a specific scanner asset using its assetid
.
Updated API: Get Count of Assets
POST /rest/2.0/count/am/asset
DTD or XSD changes: Not Applicable
This API is updated to provide the count of scanner assets.
Enhanced APIs to Get the List of typosquatted and defamatory Domains
With this release, we enhanced the following APIs so that you can get the list or count of typosquatted (look-alike) and defamatory domains for the domain and organization seed values configured in the respective EASM profile.
Updated API: Get List of Unresolved Domains
POST /rest/2.0/am/domain/list
DTD or XSD changes: Not Applicable
This API is updated to get the list of typosquatted (look alike) and defamatory domains for the domain and organization seed values configured in the respective EASM profile.
Updated API: Get Count of Unresolved Domains
POST /rest/2.0/am/domain/count
DTD or XSD changes: Not Applicable
This API is updated to get the count of the typosquatted (look alike) and defamatory domains for the domain and organization seed values configured in the respective EASM profile.
Please refer the release note here for more details: https://docs.qualys.com/en/csam/release-notes/cybersecurity_asset_management/release_3_3_api.htm