Qualys Enterprise TruRisk™ Platform (GAV/CSAM 3.6) API Notification
Table of Contents
- Whats New
- Enhanced Typosquatted Domain APIs
- Updated API: Get the List of Typosquatted Domains API
- Updated API: Get the Count of Typosquatted Domains API
- EASM Profile APIs Enhanced with Domain Security Details
- Updated API: Create EASM Profile API
- Updated API: Update EASM Profile Data API
- Updated API: Patch EASM Profile Data API
- Updated API: Get EASM Profile Data API
- New Software Lifecycle Information in Asset APIs
- Updated API: Get Host Details of Specific Asset API
- Updated API: Get Host Details of All Assets API
A new release of Qualys Enterprise TruRisk™ Platform (GAV/CSAM 3.6 API), which is released in August 2025, includes updates to existing APIs. This API notification highlights recently released changes, enabling you to identify use cases that can benefit from the updated APIs.
What’s New
With this release, we have enhanced the Typosquatted Domain APIs with new DNS-based filters for more refined results. Additionally, EASM Profile APIs now include new Domain Security settings, and Asset APIs can retrieve information on assets with software that has a Publicly Unavailable lifecycle status.
Enhanced Typosquatted Domain APIs
We have enhanced the Typosquatted Domain APIs with a new optional input parameter, includeFields, to support new DNS-based filters.
The impacted APIs are listed below.
Updated API: Get the List of Typosquatted Domains API
POST /rest/2.0/am/domain/list
DTD and XSD Changes: NA
This API is used to fetch a list of typosquatted domains filtered by DNS type, source, or value.
Updated API: Get the Count of Typosquatted Domains API
POST /rest/2.0/am/domain/count
DTD and XSD Changes: NA
This API is used to fetch the count of typosquatted domains filtered by DNS type, source, or value.
EASM Profile APIs Enhanced with Domain Security Details
You can now enable, disable, or fetch the Domain Security details for an EASM profile using the EASM profile APIs. We have added a new optional parameter, enableDomainSecurity, to the APIs listed below.
Updated API: Create EASM Profile API
POST /easm/v2/profile
DTD and XSD Changes: NA
This API can be used to create an EASM profile with Domain Security enabled.
Updated API: Update EASM Profile Data API
PUT /easm/v2/profile/{profileName}
DTD and XSD Changes: NA
This API can be used to update the enableDomainSecurity parameter in an EASM profile using the PUT method.
Updated API: Patch EASM Profile Data API
PATCH /easm/v2/profile/{profileName}
DTD and XSD Changes: NA
This API is used to update the enableDomainSecurity parameter in an EASM profile using the PATCH method.
Updated API: Get EASM Profile Data API
GET /easm/v2/profile
DTD and XSD Changes: NA
This API is used to fetch EASM profile details and check whether Domain Security is enabled for the profile.
New Software Lifecycle Information in Asset APIs
We have introduced a new lifecycle status, Publicly Unavailable, in the software lifecycle information. You can view the assets along with their software lifecycle status by using the APIs provided below.
Updated API: Get Host Details of Specific Asset API
GET /rest/2.0/get/am/asset
DTD and XSD Changes: NA
This API is used to fetch software lifecycle information of a specific asset, including those with Publicly Unavailable software.
Updated API: Get Host Details of All Assets API
POST /rest/2.0/search/am/asset
DTD and XSD Changes: NA
This API is used to fetch software lifecycle information of all assets, including those with Publicly Unavailable software.
For more details, please refer to the detailed release notes here: https://docs.qualys.com/en/csam/release-notes/cybersecurity_asset_management/release_3_6_api.htm