Global AssetView

CyberSecurity Asset Management

API User Guide v2
Version 3.1

September 24, 2024

Verity Confidential
Copyright 2021 - 2024 by Qualys, Inc. All Rights Reserved.
Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks
are the property of their respective owners.

Qualys, Inc.
919 E Hillsdale Blvd
4th Floor
Foster City, CA 94404
1 (650) 801 6100
 Table of Contents
Preface................................................................................................................. 5
About Qualys ........................................................................................................................... 5
Contact Qualys Support .......................................................................................................... 5

Get Started ......................................................................................................... 6

Qualys API Framework ........................................................................................................... 6
Qualys API Gateway URL ........................................................................................................ 7
Introduction to GAV/CSAM API Paradigm ............................................................................ 8
API Rate Limits ....................................................................................................................... 10
User Scoping for APIs ............................................................................................................ 12

Assets Host Data APIs ....................................................................................13

Count of Assets ...................................................................................................................... 13
Get Host details of specific asset ......................................................................................... 18
Get Host Details of All Assets ............................................................................................... 35

Import Business Information Metadata .....................................................53

Import Business App Metadata ............................................................................................ 53
Import Asset Business Metadata ......................................................................................... 55

Vulnerabilities Related APIs .........................................................................58

GET List of Vulnerabilities Discovered by EASM ................................................................ 58
GET List of Vulnerabilities discovered by EASM Scan ....................................................... 64
Fetch Vulnerability Data for Software and Operating Systems Across Assets .............. 69

EASM Profile APIs...........................................................................................72

Get an EASM Profile Data ..................................................................................................... 72
Create an EASM Profile ......................................................................................................... 77
Update an EASM Profile Data ............................................................................................... 79
Patch an EASM Profile data .................................................................................................. 81
Delete an EASM Profile ......................................................................................................... 84
Activate and Deactivate an EASM Profile ........................................................................... 84
Get an EASM Profile Discovery Status ................................................................................. 85

Import Third-Party Assets API.....................................................................88

Extended Certificates and Instance Details Support for Unmanaged
Assets Detected by EASM ............................................................................96
Get a List of Unresolved Domains ..............................................................97

Verity Confidential
Appendix.......................................................................................................... 101
Error Messages ..................................................................................................................... 101
Supported Operators ........................................................................................................... 101
 Preface
About Qualys

Preface
This user guide is intended for application developers who will use the Qualys Global
AssetView (GAV)/CyberSecurity Asset Management (CSAM) API v2. It is recommended to
use v2 APIs.
For GAV, we are still supporting the v1 APIs. Refer API v1 User Guide to use v1 APIs.

About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and
compliance solutions. The Qualys Cloud Platform and its integrated apps help businesses
simplify security operations and lower the cost of compliance by delivering critical
security intelligence on demand and automating the full spectrum of auditing,
compliance and protection for IT systems and web applications.
Founded in 1999, Qualys has established strategic partnerships with leading managed
service providers and consulting organizations including Accenture, BT, Cognizant
Technology Solutions, Deutsche Telekom, Fujitsu, HCL, HP Enterprise, IBM, Infosys, NTT,
Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a
founding member of the Cloud Security Alliance (CSA). For more information, please visit
www.qualys.com.

Contact Qualys Support

Qualys is committed to providing you with the most thorough support. Through online
documentation, telephone help, and direct email support, Qualys ensures that your
questions will be answered in the fastest time possible. We support you 7 days a week,
24 hours a day. Access support information at www.qualys.com/support/.

5
 Get Started
Qualys API Framework

Get Started
Qualys API Framework - Learn the basics about making API requests. The base URL
depends on the platform where your Qualys account is located.
Introduction to GAV/CSAM API Paradigm - Get tips on using the Curl command-line tool
to make API requests. Every API request must authenticate using a JSON Web Token (JWT)
obtained from the Qualys Authentication API.

Get API Notifications

Subscribe to our API Notifications RSS Feeds for announcements and latest news.

From our Community

Join our Community
API Notifications RSS Feeds

Qualys API Framework

The Qualys GAV/CSAM API uses the following framework.

Request URL
The URL for making API requests respects the following structure:
<qualys_base_url>/<module>/<object>/<object_id>/<operation>
where the components are described below.
<qualys_base_url> The Qualys API server URL that you should use for API
requests depends on the platform where your account
is located. The base URL for Qualys US Platform 1 is:
https://gateway.qg1.apps.qualys.com
<module> The API module. For the GAV/CSAM, the module is:
“am”.
<object> The module specific object.
<object_id> (Optional) The module specific object ID, if appropriate.
<operation> The request operation, such as count.

6
 Get Started
Qualys API Gateway URL

Qualys API Gateway URL

The Qualys API URL you should use for API requests depends on the Qualys platform
where your account is located.
Click here to identify your Qualys platform and get the API URL
In some of the API Release Notes and API User Guides, the API gateway URL for Qualys US
Platform 1 (https://gateway.qg1.apps.qualys.com) is used in sample API requests.
For this API guide, instead of providing any platform-specific URL, <qualys_base_url> is
mentioned in the sample API requests.
If you are on another platform, replace this URL with the appropriate gateway URL for
your account.

7
 Get Started
Introduction to GAV/CSAM API Paradigm

Introduction to GAV/CSAM API Paradigm

Authentication
You must authenticate to the Qualys Cloud Platform using Qualys account credentials
(user name and password) and get the JSON Web Token (JWT) before you can start using
the GAV/CSAM APIs. Use the Qualys Authentication API to get the JWT.
For example,
curl -X POST <qualys_base_url>/auth -d
"username=value1&password=passwordValue&token=true" -H "Content-
Type: application/x-www-form-urlencoded"

where <qualys_base_url> is the base URL to the Qualys API server where your account is
located.
- username and password are the credentials of the user account for which you want to
fetch GAV/CSAM data
- token should be true
- Content-Type should be "application/x-www-form-urlencoded"
The Authentication API returns a JSON Web Token (JWT) which you can use for
authentication during GAV/CSAM calls. The token expires in 4 hours. You must
regenerate the token to continue using the GAV/CSAM API.

Using Curl
Curl is a multi-platform command-line tool used to transfer data using multiple
protocols. This tool is supported on many systems, including Windows, Unix, Linux and
Mac. In this document Curl is used in the examples to build Qualys API requests using the
HTTP over SSL (https) protocol, which is required.
Want to learn more? Visit https://curl.haxx.se/
The following Curl options are used according to different situations:
Option Description
-X “POST” The POST method is required for all GAV/CSAM API requests.
-H “Authorization: This option is used to provide a custom HTTP request header parameter
Bearer <token>” for authentication. Provide the JSON Web Token (JWT) received from
Qualys authentication API in the following format:
Authorization: Bearer <token>
For information about Qualys authentication API, see Authentication.

The sample below shows a typical Curl request using options mentioned above and how
they interact with each other.
curl -X POST "<qualys_base_url>/rest/2.0/search/am/asset" -H "Authorization: Bearer
<token>"

8
 Get Started
Introduction to GAV/CSAM API Paradigm

Limit your results

Use the optional “fields” parameter for any API request to limit the amount of information
returned in the results. Simply specify the fields you want to include or exclude in the
output, and all other information will be filtered out (excluded). Multiple fields are comma
separated.

Sample limit results

Use this request to get a list of all asset hosts with information for only the
operatingSystem and hardware fields:
curl -X POST -H "Accept: */*" -H "Authorization: <JWT Token>" -H "Content-Type:
application/json" -i
"<qualys_base_url>/rest/2.0/search/am/asset?pageSize=100&includeFields=operatingSyst
em,hardware"
Note:
The response would still include all the fields, but other than the included fields, the value
returned for all other fields would be null.
You can include the following fields to limit your results:
address lastLocation domain
agent lastLoggedOnUser subdomain
agentId netbiosName whois
assetName networkInterface isp
biosAssetTag openPort asn
biosDescription operatingSystem customAttributes
biosSerialNumber processor
cloudProvider provider
container sensor
cpuCount service
dnsName software
hardware tag
hostId timeZone
inventory totalMemory
isContainerHost userAccount
lastBoot volume
criticality businessApps
businessInformation assignedLocation

9
 Get Started
API Rate Limits

API Rate Limits

The Qualys API enforces limits on the API calls a customer can make based on their
subscription settings. The limits apply to the use of all Qualys APIs except “auth” API (JWT
Token Generation API). Default API control settings are provided by the service. Note these
settings may be customized per subscription by Qualys Support.
The rate count and period are calculated dynamically each time an API call is received.
The rate period represents a rolling window when API calls are counted.

API Controls Definition

X-RateLimit-Remaining: This indicates the total API calls remaining in current rate limit
window.
X-RateLimit-ToWait-Sec: This time indicates the wait time for the rate limit to be reset.
The customer has to wait for that time to execute next API calls.
X-RateLimit-Window-Sec: This value indicates the total time window assigned for the
APIs to be executed.
X-RateLimit-Limit: This indicates the max number of API calls that can be executed in
that particular rate limit window.

Sample Request
curl -X POST -H "Accept: */*" -H "Authorization: Bearer <JWT Token>" -H
"Content-Type: application/json" -i
"<qualys_base_url>/rest/2.0/count/am/asset"

Note: Provide "-i" in the curl request as shown in the example returns the response
headers which includes the rate limit related parameters.
After executing a curl request, check the following parameters in response headers to
check the rate-limit status:
X-RateLimit-Remaining: 0
X-RateLimit-ToWait-Sec: 300
X-RateLimit-Window-Sec: 3600
X-RateLimit-Limit: 300
Example: A subscription for Standard API Service has the default API control settings.
Consider that the API rate limit set for a customer is 300 API calls for a time window of
3600 seconds. If 300 API calls are received in a 5 minute period and none are blocked by
any API limiting rules, then you need to wait 55 minutes before making the next call to the
API. During the wait period API calls will be blocked by the rate limiting rule.

10
 Get Started
API Rate Limits

Sample HTTP Response Headers

Sample 1: Normal API call (API call not blocked)
Server: nginx/1.19.1
Date: Fri, 16 Apr 2021 12:29:52 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-RateLimit-Remaining: 4
X-RateLimit-Window-Sec: 100
X-RateLimit-Limit: 5
Vary: Accept-Encoding
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1 ; mode=block
Referrer-Policy: no-referrer

{"count":580,"responseCode":"SUCCESS","responseMessage":"Valid API
Access"}

Sample 2: API Call Blocked - Rate Limit exceeded

Server: nginx/1.19.1
Date: Fri, 16 Apr 2021 12:28:53 GMT
Content-Length: 0
Connection: keep-alive
X-RateLimit-Remaining: 0
X-RateLimit-ToWait-Sec: 33
X-RateLimit-Window-Sec: 100
X-RateLimit-Limit: 5
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1 ; mode=block
Referrer-Policy: no-referrer

11
 Get Started
User Scoping for APIs

User Scoping for APIs

The user will get a response of the assets as per scope using count and list APIs. Typically
Manager user has access to more assets than the reader user. So, Reader user won’t be
able to get responses for the APIs requested for unauthorized assets.
For example:
If a Manager user has access to 100 assets: the Count API response will show 100 assets
and List API will show details of all these 100 assets. Now, consider that the Manager user
creates a ‘Reader’ sub user and assigns only 50 assets to this user and when Reader
executes APIs, the response will contain data of the only 50 assets and not all 100 assets.

12
 Assets Host Data APIs
Count of Assets

Assets Host Data APIs

Use these API functions to get host data from GAV/CSAM.
Note: The software.authorization and lifecycle related parameters are available only for
CSAM subscription. Hence, you can use it in filter criteria and you can see it in the
response if you’ve subscribed for CSAM.

Permissions
- User must have the GAV/CSAM module and the "App API Enabled" option enabled for
that role.

Count of Assets
Get count of assets satisfying the specified filter criteria.
/rest/2.0/count/am/asset
[POST]

Input Parameters

filter Filter the events list by providing a filter in json and xml format. Make sure
(String) your filter criteria is provided in xml/json format in the request body. If you
don’t provide filter parameter, it will show details of all the assets. For more
information on supported operators, refer Supported Operators.

For example (json) -

{
"filters": [
{
"field": "software.product",
"operator": "CONTAINS",
"value": "Python"
}
]
}

For example (xml) -

<FilterRequest>
<filters>
<Criteria field="software.product"
operator="CONTAINS"><value>Python</value></Criteria>
</filters>
</FilterRequest>

13
 Assets Host Data APIs
Count of Assets

assetLastUpdated (String) Shows records updated on or after this date with the UTC
format as yyyy-MM-ddTHH:mmZ e.g. 2019-03-01T11:30Z

This date gets updated whenever any activity happens on the

asset. Few examples of such activity:
- Vulnerability Management scan
- Policy Compliance scan
- Inventory collection
- Security Configuration Assessment
- CertView scan
- AssetView or CloudView connector run
- Secure Enterprise Mobility scan
- Out-of-Band Configuration Assessment
- Asset rename
- Purge of VM, PC, OCA, CertView records
- Agent manifest download
- Asset Inventory asset identification updates
lastSeenAssetId (Integer) Use to get the count of assets having asset id greater than the
specified last seen assetid.

Note: If you want to get a count of assets that fall after the
specific asset id, refer to the following example:

Example:
https://gateway.qg1.apps.qualys.com/rest/2.0/count/am/asset
?lastSeenAssetId=6920718

Consider the scenario, wherein you have 1000 assets.

In the API call, if you enter the asset id of the 200th asset in
the lastSeenAssetId parameter, the first 200 assets are skipped
from the count and the count of the rest of the assets, which
is 800 is shown.
Authorization (String) (Required) Authorization token to authenticate to the Qualys
Cloud Platform. Prepend token with "Bearer" and one space.
For example - Bearer authToken

Sample - Get count of all assets with filter criteria

Request:
curl -X POST -H "Accept: */*" -H "Authorization: Bearer
<JWTToken>" -H "Content-Type: application/json" -i
"<qualys_base_url>/rest/2.0/count/am/asset" < filter.json

Here, filter.json file is the request in json format.

Sample Request body in json format (filter.json)
{
"filters": [
{
"field": "software.authorization",

14
 Assets Host Data APIs
Count of Assets

"operator": "EQUALS",
"value": "Authorized"
}
]
}

Response:
{
"count": 850,
"responseCode": "SUCCESS",
"responseMessage": "Valid API Access"
}

Sample - added attribute to "cloudProvider" field

Request:
curl --location --request POST
'<qualys_base_url>/rest/2.0/count/am/asset' --header
'Authorization:
Bearer <JWT Token>' --header 'Content-Type: application/xml' --
data-raw
'<FilterRequest>'

Filter:
<FilterRequest>
<filters>
<Criteria field="alibaba.instance.instanceId"
operator="EQUALS"><value>Instance_MN72C8</value></Criteria>
</filters>
</FilterRequest>
Response:
{
"count": 1,
"responseCode": "SUCCESS",
"responseMessage": "Valid API Access"
}

Sample - added "hostingCategory1" information

Request
curl --location --request POST
'<qualys_base_url>/rest/2.0/count/am/asset' --header
'Authorization:
Bearer <JWT Token>' --header 'Content-Type: application/xml' --
data

15
 Assets Host Data APIs
Count of Assets

'<FilterRequest>

Filter
<FilterRequest>
<filters>
<Criteria field="asset.hostingCategory1"
operator="EQUALS"><value>Cloud</value></Criteria>
</filters>
</FilterRequest>

Response
{
"count": 77,
"responseCode": "SUCCESS",
"responseMessage": "Valid API Access"
}

Sample - Added Software Instance Details Information

API Request:
curl --location --request POST
'<qualys_base_url>/rest/2.0/count/am/asset'
--header 'Authorization: Bearer <JWT Token>'
--header 'Content-Type: application/xml'
--data-raw '<FilterRequest>'

Filter Request Sample (XML format):

<FilterRequest>
<filters>
<criteria field="software.hasRunningInstance" operator="EQUALS">
<value>true</value>
</criteria>
</filters>
</FilterRequest>

Response:
{
"count": 19,
"responseCode": "SUCCESS",
"responseMessage": "Valid API Access"
}

16
 Assets Host Data APIs
Count of Assets

Sample - Added "easmTags" Information

API Request:
curl --location --request POST
'<qualys_base_url>/rest/2.0/count/am/asset' --header 'Authorization:
Bearer <JWT Token>' --header 'Content-Type: application/xml' --data
'<FilterRequest>

Filter:
<filters>
<Criteria field="easm.tags.name"
operator="EQUALS"><value>cloud</value></Criteria>
</filters>
</FilterRequest>

Response:
{
"count": 173,
"responseCode": "SUCCESS",
"responseMessage": "Valid API Access"
}

17
 Assets Host Data APIs
Get Host details of specific asset

Get Host details of specific asset

Get details of specific asset by providing an asset id.
/rest/2.0/get/am/asset
[GET]

Input Parameters
excludeFields (String) Comma separated list of fields to be excluded from the asset
object in the response. Default is None. You can choose from
the list of fields specified in the section “Limit your results”.
For example, to exclude openPort and software from the
response:
excludeFields=openPort,software
includeFields (String) Comma separated list of fields to be included in the asset
object in the response. Default is All. You can choose from the
list of fields specified in the section “Limit your results”.
For example, to include only operatingSystem and hardware
in the response:
includeFields=operatingSystem,hardware
assetId (Integer) (Required) Use to specify theAssetId for which you want to
retrieve the details.
softwareType (String) (Optional) Specify the software type to get the host details for
specified software type. Available values for softwareType
parameter are Application, Unknown, and Others.
Authorization (String) (Required) Authorization token to authenticate to the Qualys
Cloud Platform. Prepend token with "Bearer" and one space.
For example - Bearer authToken

Sample - Get host details of specified asset by assetid

Request:
curl -X GET -H "Accept: */*" -H "Authorization: Bearer <JWTToken>"
-H "Content-Type: application/json" -i
"https://gateway.qg1.apps.qualys.com/rest/2.0/get/am/asset?assetId
=8194990"

Response:
{
"responseMessage": "Valid API Access",
"responseCode": "SUCCESS",
"assetListData": {
"asset": [
{
"assetId": 6920718,
"assetUUID": "50d20290-c66a-42e7-8c0a-

18
 Assets Host Data APIs
Get Host details of specific asset

ba6e92b6324c",
"hostId": 1437386,
"lastModifiedDate": "2021-04-06T10:02:33.000Z",
"agentId": null,
"createdDate": "2020-11-25T12:49:25.000Z",
"sensorLastUpdatedDate": "2021-04-
06T10:02:33.000Z",
"assetType": "HOST",
"address": "10.115.110.95",
"dnsName": "localhost.localdomain",
"assetName": "localhost.localdomain",
"netbiosName": null,
"timeZone": "IST",
"biosDescription": null,
"lastBoot": null,
"totalMemory": 5806,
"cpuCount": null,
"lastLoggedOnUser": "root",
"hwUUID": "422a2b16-4c8b-588a-a20c-c1851ad7e376",
"biosSerialNumber": "VMware-42 2a 2b 16 4c 8b 58 8a-
a2 0c c1 85 1a d7 e3 76",
"biosAssetTag": "No Asset Tag",
"isContainerHost": false,
"operatingSystem": {
"osName": "The CentOS Project CentOS 7 (1810)",
"fullName": "The CentOS Project CentOS 7
(1810)",
"category": "Linux / Server",
"category1": "Linux",
"category2": "Server",
"productName": "CentOS",
"publisher": "The CentOS Project",
"edition": null,
"marketVersion": "7",
"version": "1810",
"update": null,
"architecture": null,
"lifecycle": {
"gaDate": "2018-12-03T00:00:00.000Z",
"eolDate": "2020-12-31T00:00:00.000Z",
"eosDate": "2024-06-30T00:00:00.000Z",
"stage": "EOL",
"lifeCycleConfidence": "Exact",
"eolSupportStage": "Full updates",
"eosSupportStage": "Maintenance Updates"
},

19
 Assets Host Data APIs
Get Host details of specific asset

"taxonomy": {
"id": null,
"name": "Linux / Server",
"category1": "Linux",
"category2": "Server"
},
"productUrl":
"https://www.centos.org/,https://en.wikipedia.org/wiki/CentOS,",
"productFamily": null,
"installDate": null,
"release": "7.4.1708"
},
"hardware": {
"fullName": "VMware VMware Virtual Platform
VMware Virtual Platform",
"category": "Virtualized / Virtual Machine",
"category1": "Virtualized",
"category2": "Virtual Machine",
"manufacturer": "VMware",
"productName": "VMware Virtual Platform",
"model": "VMware Virtual Platform",
"lifecycle": {
"introDate": null,
"gaDate": null,
"eosDate": null,
"obsoleteDate": null,
"stage": "Unknown",
"lifeCycleConfidence": " "
},
"taxonomy": {
"id": null,
"name": "Virtualized / Virtual Machine",
"category1": "Virtualized",
"category2": "Virtual Machine"
},
"productUrl":
"https://www.linuxjournal.com/article/3458,,",
"productFamily": null
},
"userAccountListData": null,
"openPortListData": {
"openPort": [
{
"port": 709,
"description": "",
"protocol": "UDP",

20
 Assets Host Data APIs
Get Host details of specific asset

"detectedService": "portmap/rpcbind",
"firstFound": "2020-11-
25T12:46:42.000Z",
"lastUpdated": "2020-11-
25T12:46:42.000Z"
},
{
"port": 50000,
"description": "",
"protocol": "TCP",
"detectedService":
"IBM_DB2_Universal_Database",
"firstFound": "2020-11-
25T12:46:42.000Z",
"lastUpdated": "2020-11-
25T12:46:42.000Z"
},
{
"port": 6000,
"description": "",
"protocol": "TCP",
"detectedService": "x11",
"firstFound": "2020-11-
25T12:46:42.000Z",
"lastUpdated": "2020-11-
25T12:46:42.000Z"
},
{
"port": 22,
"description": "",
"protocol": "TCP",
"detectedService": "ssh",
"firstFound": "2020-11-
25T12:46:41.000Z",
"lastUpdated": "2020-11-
25T12:46:41.000Z"
},
{
"port": 3389,
"description": "",
"protocol": "TCP",
"detectedService": null,
"firstFound": "2020-11-
25T12:46:42.000Z",
"lastUpdated": "2020-11-
25T12:46:42.000Z"

21
 Assets Host Data APIs
Get Host details of specific asset

},
{
"port": 111,
"description": "",
"protocol": "UDP",
"detectedService": "rpc_udp",
"firstFound": "2020-11-
25T12:46:42.000Z",
"lastUpdated": "2020-11-
25T12:46:42.000Z"
},
{
"port": 111,
"description": "",
"protocol": "TCP",
"detectedService": "rpc",
"firstFound": "2020-11-
25T12:46:41.000Z",
"lastUpdated": "2020-11-
25T12:46:41.000Z"
}
]
},
"volumeListData": {
"volume": [
{
"name": "tmpfs",
"free": 2737078272,
"size": 3043934208
},
{
"name": "/dev/mapper/centos-home",
"free": 18629619712,
"size": 18700304384
},
{
"name": "devtmpfs",
"free": 3026444288,
"size": 3026444288
},
{
"name": "/dev/mapper/centos-root",
"free": 19672580096,
"size": 38304645120
},
{

22
 Assets Host Data APIs
Get Host details of specific asset

"name": "/dev/sda1",
"free": 876040192,
"size": 1063256064
}
]
},
"networkInterfaceListData": {
"networkInterface": [
{
"hostname": "localhost.localdomain",
"addressIpV4": "192.168.122.1",
"addressIpV6": null,
"macAddress": "52:54:00:77:e1:71",
"interfaceName": "virbr0",
"dnsAddress": null,
"gatewayAddress": "",
"manufacturer": null,
"macVendorIntroDate": null,
"addresses": null
},
{
"hostname": "localhost.localdomain",
"addressIpV4": "10.115.110.95",
"addressIpV6":
"fe80:0:0:0:250:56ff:feaa:e2da",
"macAddress": "00:50:56:aa:e2:da",
"interfaceName": "ens192",
"dnsAddress": null,
"gatewayAddress": "",
"manufacturer": "VMware",
"macVendorIntroDate": 946944000000,
"addresses": null
}
]
},
"softwareListData": {
"software": [
{
"id": -5698725809391962787,
"fullName": "Python 2.7.5 64-Bit",
"softwareType": "Application",
"isIgnored": false,
"ignoredReason": null,
"category": "Application Development /
Programming Languages",
"category1": "Application Development",

23
 Assets Host Data APIs
Get Host details of specific asset

"category2": "Programming Languages",

"productName": "Python",
"component": null,
"publisher": "Python",
"edition": null,
"marketVersion": "2",
"version": "2.7",
"update": "2.7.5",
"architecture": "64-Bit",
"installDate": "2020-03-
27T16:11:47.000Z",
"installPath": null,
"lastUpdated": "2020-11-
25T12:46:46.000Z",
"lastUseDate": null,
"language": null,
"formerlyKnownAs": null,
"isPackage": false,
"isPackageComponent": false,
"packageName": null,
"productUrl":
"https://en.wikipedia.org/wiki/History_of_Python,,",
"lifecycle": {
"gaDate": "2010-07-03T00:00:00.000Z",
"eolDate": "2020-01-
01T00:00:00.000Z",
"eosDate": "2020-01-
01T00:00:00.000Z",
"stage": "EOL/EOS",
"lifeCycleConfidence": "Exact",
"eolSupportStage": "End-of-life",
"eosSupportStage": "End-of-life"
},
"supportStageDesc": "Python's policy is
to drop support major versions once they reach their end of life",
"license": {
"category": "Open Source",
"subcategory": "Python License
(Python-2.0)"
},
"authorization": "Authorized"
},
{
"id": 9136542396418607016,
"fullName": "OpenBSD OpenSSH Server
7.4p1",

24
 Assets Host Data APIs
Get Host details of specific asset

"softwareType": "Application",
"isIgnored": false,
"ignoredReason": null,
"category": "Networking / Access
Software",
"category1": "Networking",
"category2": "Access Software",
"productName": "OpenSSH",
"component": "Server",
"publisher": "OpenBSD",
"edition": null,
"marketVersion": "7",
"version": "7.4",
"update": "7.4p1",
"architecture": null,
"installDate": "2020-03-
05T14:23:53.000Z",
"installPath": null,
"lastUpdated": "2020-11-
25T12:46:53.000Z",
"lastUseDate": null,
"language": null,
"formerlyKnownAs": "OpenBSD Secure
Shell",
"isPackage": true,
"isPackageComponent": false,
"packageName": null,
"productUrl":
"https://en.wikipedia.org/wiki/OpenSSH,,",
"lifecycle": {
"gaDate": "2016-12-19T00:00:00.000Z",
"eolDate": null,
"eosDate": null,
"stage": "EOL",
"lifeCycleConfidence": "Calculated",
"eolSupportStage": " ",
"eosSupportStage": " "
},
"supportStageDesc": null,
"license": {
"category": "Open Source",
"subcategory": "BSD 2-Clause License
(FreeBSD/Simplified)"
},
"authorization": "Authorized"
}

25
 Assets Host Data APIs
Get Host details of specific asset

]
},
"provider": null,
"cloudProvider": null,
"agent": null,
"sensor": {
"activatedForModules": [
"VM"
],
"pendingActivationForModules": [],
"lastVMScan": 1606306572000,
"lastComplianceScan": 0,
"lastFullScan": 1606306572000
},
"container": null,
"inventory": {
"source": "IP",
"created": 1606308565000,
"lastUpdated": 1617703353000
},
"activity": null,
"tagList": {
"tag": [
{
"tagId": 14151022,
"tagName": "static split",
"foregroundColor": 0,
"backgroundColor": -65536,
"businessImpact": null,
"criticalityScore": 2
}
]
},
"serviceList": null,
"lastLocation": null,
"criticality": {
"score": 2,
"isDefault": true,
"lastUpdated": "2021-06-30T09:43:27.000Z"
},
"businessInformation": {
"company": "Qualys",
"department": "Engineering",
"ownedBy": "Pxxl",
"environment": "QA",
"managedBy": "Bxxxn Fxxxuna",

26
 Assets Host Data APIs
Get Host details of specific asset

"supportedBy": "John Doe",

"supportGroup": "ABC_01",
"operationalStatus": "Blocked"
},
"assignedLocation": {
"name": "4492 Camino De La Plaza, Pune,IN",
"city": "Pune",
"state": "MH",
"country": "IN"
},
"businessAppListData": {
"businessApp": [
{
"id": "BARCODE283904",
"name": "Quoting App",
"environment": "Production",
"businessCriticality": "2 - Less
Critical",
"managedBy": "Bxxxn Fxxxuna",
"ownedBy": "Pxxl",
"supportedBy": "John Doe",
"supportGroup": "SME Operations",
"operationalStatus": "Mended",
"status": "Installed",
"usedFor": "Production"
},
{
"id": "BARCODE2839067gfh",
"name": "HRA",
"environment": "Production",
"businessCriticality": "1 - Most
Critical",
"managedBy": "Bxxxn Fxxxuna",
"ownedBy": "Pxxl",
"supportedBy": "John Doe",
"supportGroup": "SME Operations",
"operationalStatus": "broken",
"status": "Installed",
"usedFor": "Production"
}
]
},
"riskScore": 690,
"passiveSensor": null,
"asn": "AS27385",
"isp": "Qualys, Inc.",

27
 Assets Host Data APIs
Get Host details of specific asset

"domain": [
"qualys.com",
"qualys.in",
],
"subdomain": [
"docs.qualys.com",
"www.qualys.com"
],
"whois": [
{
"domain": "vulnerability-management.com",
"createdDate": null,
"dnssec": null,
"domainStatus": "clientTransferProhibited",
"registrantOrganization": "Qualys, Inc.",
"registrantName": null,
"registrantEmail":
"6d229c2ef8870a654745766aab8e6ace-
[email protected]",
"registrantContact": null,
"registrar": "Gandi SAS",
"organizationName": "Qualys, Inc.",
"updatedDate": null
}

"missingSoftware": null,
"customAttributes": [
{
"key": "Media State4",
"value": "Media disconnected",
"connectorName": "Qualys"
},
{
"key": "Default Gateway11",
"value": "192.168.1.1",
"connectorName": "Qualys"
},
...
{
"key": "Subnet Mask",
"value": "255.255.255.0",
"connectorName": "Qualys"
},
...
],

28
 Assets Host Data APIs
Get Host details of specific asset

"processor": null
}
]
}
}

Sample - Get asset details using asset by assetid

Request
curl --location --request GET
'<qualys_base_url>/rest/2.0/get/am/asset?assetId=19605572--header
'Content-Type: application/json' --header 'Authorization: Bearer
<JWT Token>' --header 'Content-Type: application/xml' --data-raw
'<FilterRequest>’

Filter in XML
<FilterRequest>
<filters>
<Criteria field="missingSoftware.product"
operator="EQUALS"><value>Windows Defender</value></Criteria>
</filters>
</FilterRequest>

Filter in json
{
"filters": [
{
"field": "missingSoftware.product",
"operator": "EQUALS",
"value": " Windows Defender "
}
]
}
Response
{
"responseMessage": "Valid API Access",
"count": 1,
"responseCode": "SUCCESS",
"lastSeenAssetId": null,
"hasMore": 0,
"assetListData": {
"asset": [
{
"assetId": 19605572,

29
 Assets Host Data APIs
Get Host details of specific asset

"assetUUID": "3eb82cb6-1026-465f-a68c-94e4a95a921b",
"hostId": 999990762,
...
"businessInformation": null,
"assignedLocation": null,
"businessAppListData": null,
"riskScore": null,
"passiveSensor": null,
"domain": null,
"subdomain": null,
"missingSoftware": [
{
"name": "Microsoft Windows Defender",
"category1": "Security",
"category2": "Endpoint Protection",
"publisher": "Microsoft",
"product": "Windows Defender",
"rule": "regression_14",
"criteria": [
{
"criteria": "ANY Version ",
"release": [
"ANY"
]
}
]
},
{
"name": "Microsoft Defender Advanced Threat
Protection",
"category1": "Security",
"category2": "Endpoint Protection",
"publisher": "Microsoft",
"product": "Microsoft Defender Advanced Threat
Protection",
"rule": "regression_14",
"criteria": [
{
"criteria": "ANY Version ",
"release": [
"ANY"
]
}
]
},

30
 Assets Host Data APIs
Get Host details of specific asset

...
],
"whois": null,
"isp": null,
"asn": null,
"easmTags": null,
...
}
]
}
}

Sample - added "hostingCategory1" Information

API Request:
curl --location --request GET
'<qualys_base_url>/rest/2.0/get/am/asset?assetId=22303276'
--header'Content-Type: application/json'
--header 'Authorization: Bearer <JWT Token>'

Response
{
"responseMessage": "Valid API Access",
"count": 1,
"responseCode": "SUCCESS",
"lastSeenAssetId": null,
"hasMore": 0,
"assetListData": {
"asset": [
{
"assetId": 22303276,
"assetUUID": "383c0696-0ac9-42f8-8189-28b7e81f4bb0",
"hostId": null,
...
"missingSoftware": null,
"whois": [
{
"domain": "blujaysolutions.com",
"createdDate": "2016-11-30T00:00:00.000Z",
...
}
],
"isp": "Amazon.com, Inc.",
"asn": "AS16509",
"easmTags": [

31
 Assets Host Data APIs
Get Host details of specific asset

"cloud"
],
"hostingCategory1": "ThirdParty",
"customAttributes": null,
"processor": null
}
]
}
}
Note: We also support this for includeFields and excludeFields. See the following example.
Example: Asset by asset ID API with includeFields
Request
curl --location --request GET
'<qualys_base_url>/rest/2.0/get/am/asset?
assetId=22303276&includeFields=hostingCategory1'
--header 'Content-Type: application/json'
--header 'Authorization: Bearer <JWT Token>'

Response
{
"responseMessage": "Valid API Access",
"count": 1,
"responseCode": "SUCCESS",
"lastSeenAssetId": null,
"hasMore": 0,
"assetListData": {
"asset": [
{
"assetId": 22303276,
"assetUUID": "383c0696-0ac9-42f8-8189-28b7e81f4bb0",
"hostId": null,
...
"missingSoftware": null,
"whois": null,
"isp": null,
"asn": null,
"easmTags": null,
"hostingCategory1": "ThirdParty",
"customAttributes": null,
"processor": null
}
]
}

32
 Assets Host Data APIs
Get Host details of specific asset

Sample - added "esamTags" Information

API Request:
curl --location --request GET
'<qualys_base_url>/rest/2.0/get/am/asset?assetId=22303132' --
header 'Content-Type: application/json' --header 'Authorization:
Bearer <JWT Token>'

API Response:
{
"responseMessage": "Valid API Access",
"count": 1,
"responseCode": "SUCCESS",
"lastSeenAssetId": null,
"hasMore": 0,
"assetListData": {
"asset": [
{
"assetId": 22303132,
"assetUUID": "xxx69134-dcxx-4e65-xxce-74f3e60caxxx",
"hostId": null,
...
"missingSoftware": null,
"whois": [
{
"domain": "totalcloud.io",
...
"registrar": "GoDaddy.com, LLC",
"organizationName": null,
"updatedDate": null
}
],
"isp": "Amazon.com, Inc.",
"asn": "AS16509",
"easmTags": [
"cloud",
"cdn"
],
"hostingCategory1": "Unknown",
"customAttributes": null,
"processor": null
}
]
}
}

33
 Assets Host Data APIs
Get Host details of specific asset

Note: We also support this for includeFields and excludeFields. See the following example.
Example: Asset by asset ID API with includeFields
API Request:
curl --location --request GET
'<qualys_base_url>/rest/2.0/get/am/asset?assetId=22303132&includeFields=e
asmTags' --header 'Content-Type: application/json' --header
'Authorization: Bearer <JWT Token>'

API Response:
{
"responseMessage": "Valid API Access",
"count": 1,
"responseCode": "SUCCESS",
"lastSeenAssetId": null,
"hasMore": 0,
"assetListData": {
"asset": [
{
"assetId": 22303132,
"assetUUID": "c9669134-dcb4-4e65-94ce-74f3e60ca697",
"hostId": null,
...
"riskScore": null,
"passiveSensor": null,
"domain": null,
"subdomain": null,
"missingSoftware": null,
"whois": null,
"isp": null,
"asn": null,
"easmTags": [
"cloud",
"cdn"
],
"hostingCategory1": null,
"customAttributes": null,
"processor": null
}
]
}
}

34
 Assets Host Data APIs
Get Host Details of All Assets

Get Host Details of All Assets

Get details of all assets that satisfy the filter criteria to include or exclude specified fields.
If you don’t provide filter parameter, it will show details of all the assets.
/rest/2.0/search/am/asset
[POST]

Input Parameter
excludeFields (String) Comma separated list of fields to be excluded from the asset object
in the response. Default is None. You can choose from the list of
fields specified in the section “Limit your results”.
For example, to exclude openPort and software from the response:
excludeFields=openPort,software
includeFields (String) Comma separated list of fields to be included in the asset object in
the response. Default is All. You can choose from the list of fields
specified in the section “Limit your results”.
For example, to include only operatingSystem and hardware in the
response:
includeFields=operatingSystem,hardware
assetLastUpdated (String) Shows records updated on or after this date with the UTC format as
yyyy-MM-ddTHH:mmZ e.g. 2019-03-01T11:30Z

This date gets updated whenever any activity happens on the asset.
Few examples of such activity:
- Vulnerability Management scan
- Policy Compliance scan
- Inventory collection
- Security Configuration Assessment
- CertView scan
- AssetView or CloudView connector run
- Secure Enterprise Mobility scan
- Out-of-Band Configuration Assessment
- Asset rename
- Purge of VM, PC, OCA, CertView records
- Agent manifest download
- Asset Inventory asset identification updates

35
 Assets Host Data APIs
Get Host Details of All Assets

lastSeenAssetId (Integer) Use to get the list of assets having asset id greater than the specified
last seen assetid.

Note: You can get a list of a maximum of 100 assets in one API call.
If you have more than 100 assets, you need to make multiple API
calls to get the list of all your assets.

See the following snippet from the Response:

Response:
{
"responseMessage": "Valid API Access",
"count": 1,
"responseCode": "SUCCESS",
"lastSeenAssetId": 6920718,
"hasMore": 1,

The snippet shows:

- lastSeenAssetId: 6920718
It indicates the asset id of the last seen asset.
- hasMore: 1
It indicates that there are more assets.

If you want to get a list of your all assets, refer to the following
example:

Example:
<qualys_base_url>/rest/2.0/search/am/asset?lastSeenAssetId=69207
18

Consider the scenario, wherein you have 1000 assets.

In the first API call, you get a list of 100 assets. The asset id of the
100th asset is shown in the lastSeenAssetId parameter. In the 2nd
API call, you must enter the asset id of the 100th asset in the
lastSeenAssetId parameter to get the list of the next 100 assets.
Similarly, in every subsequent API call, you must enter the asset id of
the 100th asset in the lastSeenAssetId parameter. Thus, you get the
list of your total assets by running 10 API calls.
pageSize (Integer) The number of records per page to be included in the
response. If pageSize is not specified in the request, 100 records will
be fetched by default.
The maximum value supported for pageSize is 300.

36
 Assets Host Data APIs
Get Host Details of All Assets

filter (String) Filter the events list by providing a filter in json and xml format.
Make sure your filter criteria is provided in xml/json format in the
request body. If you don’t provide filter parameter, it will show
details of all the assets. For more information on supported
operators, refer Supported Operators.

For example (json) -

{
"filters": [
{
"field": "software.product",
"operator": "CONTAINS",
"value": "Python"
}
]
}

For example (xml) -

<FilterRequest>
<filters>
<Criteria field="software.product"
operator="CONTAINS"><value>Python</value></Criteria>
</filters>
</FilterRequest>

softwareType (String) (Optional) Specify the software type to get the host details for
specified software type. Available values for softwareType parameter
are Application, Unknown, and Others.
Authorization (String) (Required) Authorization token to authenticate to the Qualys Cloud
Platform. Prepend token with "Bearer" and one space. For example -
Bearer authToken
missingSoftware.name (Required) Provide the missing software name.
(String)
missingSoftware.category1 (Required) Provide the missing software category 1.
(String)
missingSoftware.category2 (Required) Provide the missing software category 2.
(String)
missingSoftware.publisher (Required) Provide the missing software publisher.
(String)
missingSoftware.product (Required) Provide the missing software product.
(String)

37
 Assets Host Data APIs
Get Host Details of All Assets

Sample - Get details of all asset

Request (without filter):
curl -X POST -H "Accept: application/json" -H "Authorization:
Bearer <JWTToken>" -H "Content-Type: application/json" -i
"<qualys_base_url>/rest/2.0/search/am/asset"

Request (with filter - xml):

curl -X POST -H "Accept: application/xml" -H "Authorization:
Bearer <JWTToken>" -H "Content-Type: application/xml" -i
"<qualys_base_url>/rest/2.0/search/am/asset" < filter.xml
Here, filter.xml file is the request in xml format.

Request (with filter - json):

curl -X POST -H "Accept: application/json" -H "Authorization:
Bearer <JWTToken>" -H "Content-Type: application/json" -i
"<qualys_base_url>/rest/2.0/search/am/asset" < filter.json
Here, filter.json file is the request in json format.

Sample Request body in xml format (filter.xml)

<FilterRequest>
<filters>
<Criteria field="operatingSystem.category1"
operator="EQUALS"><value>Mac</value></Criteria>
</filters>
</FilterRequest>

Sample Request body in json format (filter.json)

{
"filters": [
{
"field": "operatingSystem.category1",
"operator": "EQUALS",
"value": "Mac"
}
]
}

Response:
{
"responseMessage": "Valid API Access",
"count": 1,
"responseCode": "SUCCESS",

38
 Assets Host Data APIs
Get Host Details of All Assets

"lastSeenAssetId": 6920718,
"hasMore": 1,
"assetListData": {
"asset": [
{
"assetId": 6920718,
"assetUUID": "50d20290-c66a-42e7-8c0a-
ba6e92b6324c",
"hostId": 1437386,
"lastModifiedDate": "2021-04-06T10:02:33.000Z",
"agentId": null,
"createdDate": "2020-11-25T12:49:25.000Z",
"sensorLastUpdatedDate": "2021-04-
06T10:02:33.000Z",
"assetType": "HOST",
"address": "10.115.110.95",
"dnsName": "localhost.localdomain",
"assetName": "localhost.localdomain",
"netbiosName": null,
"timeZone": "IST",
"biosDescription": null,
"lastBoot": null,
"totalMemory": 5806,
"cpuCount": null,
"lastLoggedOnUser": "root",
"hwUUID": "422a2b16-4c8b-588a-a20c-c1851ad7e376",
"biosSerialNumber": "VMware-42 2a 2b 16 4c 8b 58 8a-
a2 0c c1 85 1a d7 e3 76",
"biosAssetTag": "No Asset Tag",
"isContainerHost": false,
"operatingSystem": {
"osName": "The CentOS Project CentOS 7 (1810)",
"fullName": "The CentOS Project CentOS 7
(1810)",
"category": "Linux / Server",
"category1": "Linux",
"category2": "Server",
"productName": "CentOS",
"publisher": "The CentOS Project",
"edition": null,
"marketVersion": "7",
"version": "1810",
"update": null,
"architecture": null,
"lifecycle": {
"gaDate": "2018-12-03T00:00:00.000Z",

39
 Assets Host Data APIs
Get Host Details of All Assets

"eolDate": "2020-12-31T00:00:00.000Z",
"eosDate": "2024-06-30T00:00:00.000Z",
"stage": "EOL",
"lifeCycleConfidence": "Exact",
"eolSupportStage": "Full updates",
"eosSupportStage": "Maintenance Updates"
},
"taxonomy": {
"id": null,
"name": "Linux / Server",
"category1": "Linux",
"category2": "Server"
},
"productUrl":
"https://www.centos.org/,https://en.wikipedia.org/wiki/CentOS,",
"productFamily": null,
"installDate": null,
"release": "7.4.1708"
},
"hardware": {
"fullName": "VMware VMware Virtual Platform
VMware Virtual Platform",
"category": "Virtualized / Virtual Machine",
"category1": "Virtualized",
"category2": "Virtual Machine",
"manufacturer": "VMware",
"productName": "VMware Virtual Platform",
"model": "VMware Virtual Platform",
"lifecycle": {
"introDate": null,
"gaDate": null,
"eosDate": null,
"obsoleteDate": null,
"stage": "Unknown",
"lifeCycleConfidence": " "
},
"taxonomy": {
"id": null,
"name": "Virtualized / Virtual Machine",
"category1": "Virtualized",
"category2": "Virtual Machine"
},
"productUrl":
"https://www.linuxjournal.com/article/3458,,",
"productFamily": null
},

40
 Assets Host Data APIs
Get Host Details of All Assets

"userAccountListData": null,
"openPortListData": {
"openPort": [
{
"port": 709,
"description": "",
"protocol": "UDP",
"detectedService": "portmap/rpcbind",
"firstFound": "2020-11-
25T12:46:42.000Z",
"lastUpdated": "2020-11-
25T12:46:42.000Z"
},
{
"port": 50000,
"description": "",
"protocol": "TCP",
"detectedService":
"IBM_DB2_Universal_Database",
"firstFound": "2020-11-
25T12:46:42.000Z",
"lastUpdated": "2020-11-
25T12:46:42.000Z"
},
{
"port": 6000,
"description": "",
"protocol": "TCP",
"detectedService": "x11",
"firstFound": "2020-11-
25T12:46:42.000Z",
"lastUpdated": "2020-11-
25T12:46:42.000Z"
},
{
"port": 22,
"description": "",
"protocol": "TCP",
"detectedService": "ssh",
"firstFound": "2020-11-
25T12:46:41.000Z",
"lastUpdated": "2020-11-
25T12:46:41.000Z"
},
{
"port": 3389,

41
 Assets Host Data APIs
Get Host Details of All Assets

"description": "",
"protocol": "TCP",
"detectedService": null,
"firstFound": "2020-11-
25T12:46:42.000Z",
"lastUpdated": "2020-11-
25T12:46:42.000Z"
},
{
"port": 111,
"description": "",
"protocol": "UDP",
"detectedService": "rpc_udp",
"firstFound": "2020-11-
25T12:46:42.000Z",
"lastUpdated": "2020-11-
25T12:46:42.000Z"
},
{
"port": 111,
"description": "",
"protocol": "TCP",
"detectedService": "rpc",
"firstFound": "2020-11-
25T12:46:41.000Z",
"lastUpdated": "2020-11-
25T12:46:41.000Z"
}
]
},
"volumeListData": {
"volume": [
{
"name": "tmpfs",
"free": 2737078272,
"size": 3043934208
},
{
"name": "/dev/mapper/centos-home",
"free": 18629619712,
"size": 18700304384
},
{
"name": "devtmpfs",
"free": 3026444288,
"size": 3026444288

42
 Assets Host Data APIs
Get Host Details of All Assets

},
{
"name": "/dev/mapper/centos-root",
"free": 19672580096,
"size": 38304645120
},
{
"name": "/dev/sda1",
"free": 876040192,
"size": 1063256064
}
]
},
"networkInterfaceListData": {
"networkInterface": [
{
"hostname": "localhost.localdomain",
"addressIpV4": "192.168.122.1",
"addressIpV6": null,
"macAddress": "52:54:00:77:e1:71",
"interfaceName": "virbr0",
"dnsAddress": null,
"gatewayAddress": "",
"manufacturer": null,
"macVendorIntroDate": null,
"addresses": null
},
{
"hostname": "localhost.localdomain",
"addressIpV4": "10.115.110.95",
"addressIpV6":
"fe80:0:0:0:250:56ff:feaa:e2da",
"macAddress": "00:50:56:aa:e2:da",
"interfaceName": "ens192",
"dnsAddress": null,
"gatewayAddress": "",
"manufacturer": "VMware",
"macVendorIntroDate": 946944000000,
"addresses": null
}
]
},
"softwareListData": {
"software": [
{
"id": -5698725809391962787,

43
 Assets Host Data APIs
Get Host Details of All Assets

"fullName": "Python 2.7.5 64-Bit",

"softwareType": "Application",
"isIgnored": false,
"ignoredReason": null,
"category": "Application Development /
Programming Languages",
"category1": "Application Development",
"category2": "Programming Languages",
"productName": "Python",
"component": null,
"publisher": "Python",
"edition": null,
"marketVersion": "2",
"version": "2.7",
"update": "2.7.5",
"architecture": "64-Bit",
"installDate": "2020-03-
27T16:11:47.000Z",
"installPath": null,
"lastUpdated": "2020-11-
25T12:46:46.000Z",
"lastUseDate": null,
"language": null,
"formerlyKnownAs": null,
"isPackage": false,
"isPackageComponent": false,
"packageName": null,
"productUrl":
"https://en.wikipedia.org/wiki/History_of_Python,,",
"lifecycle": {
"gaDate": "2010-07-03T00:00:00.000Z",
"eolDate": "2020-01-
01T00:00:00.000Z",
"eosDate": "2020-01-
01T00:00:00.000Z",
"stage": "EOL/EOS",
"lifeCycleConfidence": "Exact",
"eolSupportStage": "End-of-life",
"eosSupportStage": "End-of-life"
},
"supportStageDesc": "Python's policy is
to drop support major versions once they reach their end of life",
"license": {
"category": "Open Source",
"subcategory": "Python License
(Python-2.0)"

44
 Assets Host Data APIs
Get Host Details of All Assets

},
"authorization": "Authorized"
},
{
"id": 9136542396418607016,
"fullName": "OpenBSD OpenSSH Server
7.4p1",
"softwareType": "Application",
"isIgnored": false,
"ignoredReason": null,
"category": "Networking / Access
Software",
"category1": "Networking",
"category2": "Access Software",
"productName": "OpenSSH",
"component": "Server",
"publisher": "OpenBSD",
"edition": null,
"marketVersion": "7",
"version": "7.4",
"update": "7.4p1",
"architecture": null,
"installDate": "2020-03-
05T14:23:53.000Z",
"installPath": null,
"lastUpdated": "2020-11-
25T12:46:53.000Z",
"lastUseDate": null,
"language": null,
"formerlyKnownAs": "OpenBSD Secure
Shell",
"isPackage": true,
"isPackageComponent": false,
"packageName": null,
"productUrl":
"https://en.wikipedia.org/wiki/OpenSSH,,",
"lifecycle": {
"gaDate": "2016-12-19T00:00:00.000Z",
"eolDate": null,
"eosDate": null,
"stage": "EOL",
"lifeCycleConfidence": "Calculated",
"eolSupportStage": " ",
"eosSupportStage": " "
},
"supportStageDesc": null,

45
 Assets Host Data APIs
Get Host Details of All Assets

"license": {
"category": "Open Source",
"subcategory": "BSD 2-Clause License
(FreeBSD/Simplified)"
},
"authorization": "Authorized"
}
]
},
"provider": null,
"cloudProvider": null,
"agent": null,
"sensor": {
"activatedForModules": [
"VM"
],
"pendingActivationForModules": [],
"lastVMScan": 1606306572000,
"lastComplianceScan": 0,
"lastFullScan": 1606306572000
},
"container": null,
"inventory": {
"source": "IP",
"created": 1606308565000,
"lastUpdated": 1617703353000
},
"activity": null,
"tagList": {
"tag": [
{
"tagId": 14151022,
"tagName": "static split",
"foregroundColor": 0,
"backgroundColor": -65536,
"businessImpact": null,
"criticalityScore": 3
}
]
},
"serviceList": null,
"lastLocation": null,
"criticality": {
"score": 2,
"isDefault": true,
"lastUpdated": "2021-06-30T09:43:27.000Z"

46
 Assets Host Data APIs
Get Host Details of All Assets

},
"businessInformation": {
"company": "Qualys",
"department": "Engineering",
"ownedBy": "Pxxl",
"environment": "QA",
"managedBy": "Bxxxn Fxxxuna",
"supportedBy": "John Doe",
"supportGroup": "ABC_01",
"operationalStatus": "Blocked"
},
"assignedLocation": {
"name": "4492 Camino De La Plaza, Pune,IN",
"city": "Pune",
"state": "MH",
"country": "IN"
},
"businessAppListData": {
"businessApp": [
{
"id": "BARCODE283904",
"name": "Quoting App",
"environment": "Production",
"businessCriticality": "2 - Less
Critical",
"managedBy": "Bxxxn Fxxxuna",
"ownedBy": "Pxxl",
"supportedBy": "John Doe",
"supportGroup": "SME Operations",
"operationalStatus": "Mended",
"status": "Installed",
"usedFor": "Production"
},
{
"id": "BARCODE2839067gfh",
"name": "HRA",
"environment": "Production",
"businessCriticality": "1 - Most
Critical",
"managedBy": "Bxxxn Fxxxuna",
"ownedBy": "Pxxl",
"supportedBy": "John Doe",
"supportGroup": "SME Operations",
"operationalStatus": "broken",
"status": "Installed",
"usedFor": "Production"

47
 Assets Host Data APIs
Get Host Details of All Assets

}
]
},
"riskScore": 690,
"passiveSensor": null,
"asn": "AS27385",
"isp": "Qualys, Inc.",
"domain": [
"qualys.com",
"qualys.in",
],
"subdomain": [
"docs.qualys.com",
"www.qualys.com"
],
"whois": [
{
"domain": "vulnerability-management.com",
"createdDate": null,
"dnssec": null,
"domainStatus": "clientTransferProhibited",
"registrantOrganization": "Qualys, Inc.",
"registrantName": null,
"registrantEmail":
"6d229c2ef8870a654745766aab8e6ace-
[email protected]",
"registrantContact": null,
"registrar": "Gandi SAS",
"organizationName": "Qualys, Inc.",
"updatedDate": null
}
"missingSoftware": null,
"customAttributes": [
{
"key": "Media State4",
"value": "Media disconnected",
"connectorName": "Qualys"
},
{
"key": "Default Gateway11",
"value": "192.168.1.1",
"connectorName": "Qualys"
},
...
{
"key": "Subnet Mask",

48
 Assets Host Data APIs
Get Host Details of All Assets

"value": "255.255.255.0",
"connectorName": "Qualys"
},
...
],
"processor": null
}
]
}
}

Sample - Added Software Instance Details Information

API Request:
curl --location --request POST
'<qualys_base_url>/rest/2.0/search/am/asset'
--header 'Authorization: Bearer <JWT Token>'
--header 'Content-Type: application/xml'
--data-raw '<FilterRequest>'

Note:
API Request for Get Software Instances Details from the Asset by AssetID
curl --location --request GET
'<qualys_base_url>/rest/2.0/search/am/asset?assetId=29003737&pageSize=1'
--header 'Authorization: Bearer <JWT Token>'
--header 'Content-Type: application/xml'
--data-raw ''

Filter Request Sample (XML format):

<FilterRequest>
<filters>
<criteria field="software.hasRunningInstance" operator="EQUALS">
<value>true</value>
</criteria>
</filters>
</FilterRequest>

Response:
{
"responseMessage": "Valid API Access",
"count": 1,
"responseCode": "SUCCESS",
"lastSeenAssetId": 40006682,
"hasMore": 1,
"assetListData": {
"asset": [
{
"assetId": 40006682,

49
 Assets Host Data APIs
Get Host Details of All Assets

...
"softwareListData": {
"software": [
...{
"id": -4649343832335530267,
"discoverySources": null,
"fullName": "Apache HTTP Server 2.4.38",
"softwareType": "Application",
...
"productUrl":
"https://httpd.apache.org/,https://access.redhat.com/errata/RHBA-
2018:1891,",
"lifecycle": {
"gaDate": "2005-12-01T00:00:00.000Z",
"eolDate": "Not Announced",
"eosDate": "Not Announced",
"stage": "GA",
"lifeCycleConfidence": "Exact",
"eolSupportStage": "Not Announced",
"eosSupportStage": "Not Announced",
"detectionScore": 46
},
"supportStageDesc": null,
"license": {
"category": "Open Source",
"subcategory": "Apache License 2.0 (Apache-
2.0)"
},
"authorization": null,
"discoveredPublisher": null,
"discoveredName": "apache2",
"discoveredVersion": "2.4.38-3+deb10u3",
"authorizationDetectionScore": null,
"cpeId": 31566331,
"cpe":
"cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*",
"cpeType": "NIST",
"softwareInstances": [
{
"firstSeen": "2022-11-06T03:10:40.000Z",
"lastSeen": "2022-12-12T12:52:28.000Z",
"BIN_PATH": "/usr/sbin/apache2",
"PRODUCT": "Apache",
"ServerRoot": "/etc/apache2",
"CONF_PATH": "/etc/apache2/apache2.conf"
}
]
},
]
}
}
]
}
}

50
 Assets Host Data APIs
Get Host Details of All Assets

Sample - Added "easmTags" Information

API Request (with filter):
curl --location --request POST
'<qualys_base_url>/rest/2.0/search/am/asset'
--header 'Authorization:
Bearer <JWT Token>' --header 'Content-Type: application/xml'
--data
'<FilterRequest>'

Request Body
<filters>
<Criteria field="easm.tags.name"
operator="EQUALS"><value>cloud</value></Criteria>
</filters>
</FilterRequest>'

API Response:
{
"responseMessage": "Valid API Access",
"count": 1,
"responseCode": "SUCCESS",
"lastSeenAssetId": 22303132,
"hasMore": 1,
"assetListData": {
"asset": [
{
"assetId": 22303132,
"assetUUID": "c966xxxx-dcb4-xx65-94ce-7xxxe60ca697",
"hostId": null,
...
"missingSoftware": null,
"whois": [
{
"domain": "totalcloud.io",
...
}
],
"isp": "Amazon.com, Inc.",
"asn": "AS16509",
"easmTags": [
"cloud",
"cdn"
],
"hostingCategory1": "Unknown",
"customAttributes": null,
"processor": null
}
]
}
}

51
 Assets Host Data APIs
Get Host Details of All Assets

API Request (with filter):

curl --location --request POST
'<qualys_base_url>/rest/2.0/search/am/asset?=null' --header
'Authorization: Bearer <JWT Token>' --header 'Content-Type:
application/xml' --data ''

API Response:
{
"responseMessage": "Valid API Access",
"count": 1,
"responseCode": "SUCCESS",
"lastSeenAssetId": 22303132,
"hasMore": 1,
"assetListData": {
"asset": [
{
"assetId": 22303132,
"assetUUID": "c9xx9134-dcxx-4e65-9xxe-xxx3e60ca697",
"hostId": null,
"lastModifiedDate": "2023-03-13T11:11:49.000Z",
"agentId": null,
...
"missingSoftware": null,
"whois": [
{
"domain": "totalcloud.io",
"createdDate": "2016-02-01T00:00:00.000Z",
"dnssec": null,
...
}
],
"isp": "Amazon.com, Inc.",
"asn": "AS16509",
"easmTags": [
"cloud",
"cdn"
],
"hostingCategory1": "Unknown",
"customAttributes": null,
"processor": null
}
]
}
}

52
 Import Business Information Metadata
Import Business App Metadata

Import Business Information Metadata

Use these API functions to import asset business metadata and business app metadata
using v2 APIs. This support is available for CSAM Paid and Trial subscriptions only. You’ll
be able to import maximum 250 records in the single request.

Permissions
- User must have the GAV/CSAM module and the "App API Enabled" option enabled for
that role.
Note:

1) For updating business information metadata, you need to send new request with
desired attributes to be changed along with all the attributes. If you don’t include an
attribute in the request, the value of the attribute will be override with NULL value.
2) If you have changed business app metadata then you need to explicitly send a request
to change the asset business metadata for those assets.

Import Business App Metadata

Import business app metadata as per input criteria in the request body.
/rest/2.0/update/am/businessapp/metadata
[POST]

Input Parameters
Attribute Description Character Limit
name (Required to import business app 255
metadata) Name of the business
application
businessAppid (Required to import business app 32
metadata) Unique ID of the business
application
operationalStatus Operational status of the application 255
businessCriticality How critical the application is to the 255
business.
environment Designates how this business app is 255
used, e.g. Production, Staging, QA, etc
ownedBy Person who owns the application from 255
the business side.
managedBy Person who owns the application from 255
the IT side

53
 Import Business Information Metadata
Import Business App Metadata

supportedBy User supporting the business 255

application
supportGroup Group supporting the business 255
application
created (Required to import business app NA
metadata) Business app created date
lastUpdated (Required to import business app NA
metadata) Business app last updated
date

Request:
curl -X POST -H "Accept: */*" -H "Authorization: Bearer
<JWTToken>" -H "Content-Type: application/json" -i
"<qualys_base_url>/rest/2.0/upsert/am/businessapp/metadata" --
data-binary @business-metadata.json

Note: If the json file mentioned in the request is available in a different directory, provide
its path accordingly.

Request body:
{
"data": [
{
"businessAppId": "2fc86c650a0a0bb4003698b5331640df",
"name": "Banking Service",
"businessCriticality": "1 - Most Critical",
"status": "Installed",
"environment": "Production",
"usedFor": "Production",
"created": 1620643264000,
"lastUpdated": 1620653309000,
"operationalStatus": "Installed",
"ownedBy": "Pxxl Axxp",
"managedBy": "Bxxxn Fxxxuna",
"supportedBy": "John Doe",
"supportGroup": "IT Operations"
},
{
"businessAppId": "5678f28f933a31003b4bb095e57ffb88",
"name": "Customer Support Portal",
"businessCriticality": "3 - Low",
"status": "Installed",
"environment": "Development",

54
 Import Business Information Metadata
Import Asset Business Metadata

"usedFor": "Development",
"created": 1620643264000,
"lastUpdated": 1620653309000,
"operationalStatus": "Installed",
"ownedBy": "Pxxl Axxp",
"managedBy": "Bxxxn Fxxxuna",
"supportedBy": "John Doe",
"supportGroup": "Application Security"
}
]
}
Response:
{
"requestId": "8e9b3fd5-bb89-4666-a472-4bc5758335a2",
"responseMessage": "Business app metadata imported successfully",
"responseCode": "SUCCESS",
"failedIds": null
}

Note: If the business app data for the associated business app id of the asset is not present
then the association of that business app with the asset will not happen but the rest of all
the data will get updated.

Import Asset Business Metadata

Import asset business metadata as per input criteria in the request body.
/rest/2.0/update/am/asset/business/metadata
[POST]

Input Parameters
Attribute Description Character Limit
qualysAssetId (Required to import asset business NA
metadata) Unique ID of the asset
businessAppIds Unique IDs of the business application NA
operationalStatus Operational status of the asset 128
environment The environment this asset is 128
connected to / runs on
ownedBy Person who owns the asset from the 255
business side.
managedBy Person who owns the asset from the IT 255
side
supportedBy User supporting the asset 255

55
 Import Business Information Metadata
Import Asset Business Metadata

supportGroup Group supporting the asset 255

company The Company or Subsidiary 128
department The departmental organizational 128
structure
assignedLocation.name The assigned location name, for 255
example building name
assignedLocation.citty The assigned location's city 128
assignedLocation.state The assigned location's state 128
assignedLocation.country The assigned location's country 128

API request:
curl -X POST -H "Accept: */*" -H "Authorization: Bearer
<JWTToken>" -H "Content-Type: application/json" -i
"<qualys_base_url>/rest/2.0/update/am/asset/business/metadata" --
data-binary @asset-business-metadata.json

Note: If the json file mentioned in the request is available in a different directory, provide
its path accordingly.

Request Body
{
"data": [
{
"qualysAssetId": "6420613",
"metadata": {
"operationalStatus": "Operational",
"environment": "Production",
"company": "Qualys",
"department": "IT Operations",
"ownedBy": "Pxxl Axxp",
"managedBy": "Bxxxn Fxxxuna",
"supportedBy": "John Doe",
"supportGroup": "IT Operations",
"businessAppIds": ["2fc86c650a0a0bb4003698b5331640df"],
"assignedLocation": {
"name": "401 Biscayne St, Miami FL",
"street": "401 Biscayne St, Miami FL",
"city": "Miami",
"state": "FL",
"country": "USA"
}
}
},
{
"qualysAssetId": "6286688",
"metadata": {

56
 Import Business Information Metadata
Import Asset Business Metadata

"operationalStatus": "Repair",
"environment": "Development",
"company": "Qualys",
"department": "Customer Support",
"ownedBy": "Pxxl Axxp",
"managedBy": "Bxxxn Fxxxuna",
"supportedBy": "John Doe",
"supportGroup": "Customer Support",
"businessAppIds":
["27d415a8c0a8000b00ffe2ab0f82e8d2","5678f28f933a31003b4bb095e57ffb88"],
"assignedLocation": {
"name": "123 Plazuela Roma Italy",
"street": "123 Plazuela Roma Italy",
"city": "Roma",
"state": "Roma",
"country": "Italy"
}
}
}
]
}

Response:
{
"requestId": "9017b662-01c9-4e74-97c5-eae6d29f08ed",
"responseMessage": "Asset metadata imported successfully",
"responseCode": "SUCCESS",
"failedIds": null
}

57
 Vulnerabilities Related APIs
GET List of Vulnerabilities Discovered by EASM

Vulnerabilities Related APIs

Learn more about the following vulnerabilities related APIs:
• GET List of Vulnerabilities Discovered by EASM
• GET List of Vulnerabilities discovered by EASM Scan
• Fetch Vulnerability Data for Software and Operating Systems Across Assets

GET List of Vulnerabilities Discovered by EASM

This API helps you to get host data from GAV/CSAM.
/rest/2.0/search/am/easm/vulns
[POST]

Input Parameters

asset.assetId Provide the asset Id for which you want to get the list of
(Integer) vulnerabilities.
asset.ipaddress Provide the IP address of the asset for which you want to get the list
(String) of vulnerabilities.

vulnerability.cveId Provide the cveId of the vulnerability.

(Integer)
vulnerability.type Provide the vulnerability type, for example - Potential.
(String)
vulnerability.cvss Provide the cvss score of the vulnerability.
(Integer)
vulnerability.qvs Provide the qvs score of the vulnerability.
(Integer)

Sample - Get a list of assets with vulnerabilities with specific CVEID,

CVSS, and QVS
API Request without filter:

curl --location --request POST

'<qualys_base_url>/rest/2.0/search/am/easm/vulns' \ --header
'Authorization: Bearer <JWT Token>' \--data-raw ''

58
 Vulnerabilities Related APIs
GET List of Vulnerabilities Discovered by EASM

Response
{
"responseMessage": "Valid API Access",
"count": 2,
"responseCode": "SUCCESS",
"lastSeenVulnId": 16972,
"hasMore": 0,
"externalVulnerabilityListData": {
"vulnerability": [
{
"ipaddress": "10.100.152.200",
"assetId": 19047900,
"vulnId": 16971,
"cveId": "CVE-2016-20012",
"type": "Potential",
"summary": "** DISPUTED ** OpenSSH through 8.7
allows remote attackers, who have a suspicion that a certain
combination of username and public key is known to an SSH server,
to test whether this suspicion is correct. This occurs because a
challenge is sent only when that combination could be valid for a
login session. NOTE: the vendor does not recognize user
enumeration as a vulnerability for this product.",
"lastUpdated": "2022-12-14",
"qvs": 37,
"cvss": 5.3
},
{
"ipaddress": "10.100.152.200",
"assetId": 19047900,
"vulnId": 16972,
"cveId": "CVE-2017-15906",
"type": "Potential",
"summary": "The process_open function in sftp-
server.c in OpenSSH before 7.6 does not properly prevent write
operations in readonly mode, which allows attackers to create
zero-length files.",
"lastUpdated": "2022-12-14",
"qvs": 30,
"cvss": 5.3
},
}
}

API Request with filter in XML format:

Refer to the following example, wherein you can see a sample request to get all assets
with vulnerabilities with CVSS greater then 9.

59
 Vulnerabilities Related APIs
GET List of Vulnerabilities Discovered by EASM

curl --location --request POST

'<qualys_base_url>/rest/2.0/search/am/easm/vulns' \
--header 'Authorization: Bearer <JWT Token> ' \
--header 'Content-Type: application/xml' \
--data-raw '<FilterRequest>
<filters>
<Criteria field="vulnerability.cvss" operator="GREATER">
<value>9</value>
</Criteria>
</filters>
</FilterRequest>'

Response
{
"responseMessage": "Valid API Access",
"count": 2,
"responseCode": "SUCCESS",
"lastSeenVulnId": 17060,
"hasMore": 0,
"externalVulnerabilityListData": {
"vulnerability": [
{
"ipaddress": "20.100.300.600",
"assetId": 19046733,
"vulnId": 17046,
"cveId": "CVE-2017-9120",
"type": "Potential",
"summary": "PHP 7.x through 7.1.5 allows remote
attackers to cause a denial of service (buffer overflow and
application crash) or possibly have unspecified other impact via a
long string because of an Integer overflow in
mysqli_real_escape_string.",
"lastUpdated": "2022-12-14",
"qvs": 72,
"cvss": 9.8
},
{
"ipaddress": "20.100.300.600",
"assetId": 19046733,
"vulnId": 17060,
"cveId": "CVE-2021-21708",
"type": "Potential",
"summary": "In PHP versions 7.4.x below 7.4.28,
8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter
functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if

60
 Vulnerabilities Related APIs
GET List of Vulnerabilities Discovered by EASM

the filter fails, there is a possibility to trigger use of

allocated memory after free, which can result it crashes, and
potentially in overwrite of other memory chunks and RCE. This issue
affects: code that uses FILTER_VALIDATE_FLOAT with min/max
limits.",
"lastUpdated": "2022-12-14",
"qvs": 72,
"cvss": 9.8
},
]
}
}

API Request with filter in JSON format:

Refer to the following example, wherein you can see the sample request to get all assets
with vulnerabilities with CVE-ID : CVE-2016-20012.
curl --location --request POST
'https://gateway.qg1.apps.qualys.com/rest/2.0/search/am/easm/vulns' \--header
'Authorization: Bearer <JWT Token>

curl --location --request POST

'<qualys_base_url>/rest/2.0/search/am/easm/vulns' \
--header 'Authorization: Bearer <JWT Token>' \
--header 'Content-Type: application/json' \
--data-raw '{
"filters": [
{
"field": "vulnerability.cveId",
"operator": "EQUALS",
"value": "CVE-2016-20012"
}
]
}'

Response
{
"responseMessage": "Valid API Access",
"count": 2,
"responseCode": "SUCCESS",
"lastSeenVulnId": 17043,
"hasMore": 0,
"externalVulnerabilityListData": {
"vulnerability": [
{
"ipaddress": "10.100.152.200",
"assetId": 19047900,
"vulnId": 16971,

61
 Vulnerabilities Related APIs
GET List of Vulnerabilities Discovered by EASM

"cveId": "CVE-2016-20012",
"type": "Potential",
"summary": "** DISPUTED ** OpenSSH through 8.7 allows remote
attackers, who have a suspicion that a certain combination of username and
public key is known to an SSH server, to test whether this suspicion is
correct. This occurs because a challenge is sent only when that
combination could be valid for a login session. NOTE: the vendor does not
recognize user enumeration as a vulnerability for this product.",
"lastUpdated": "2022-12-14",
"qvs": 37,
"cvss": 5.3
},
{
"ipaddress": "20.100.300.600",
"assetId": 19046733,
"vulnId": 17043,
"cveId": "CVE-2016-20012",
"type": "Potential",
"summary": "** DISPUTED ** OpenSSH through 8.7 allows remote
attackers, who have a suspicion that a certain combination of username and
public key is known to an SSH server, to test whether this suspicion is
correct. This occurs because a challenge is sent only when that
combination could be valid for a login session. NOTE: the vendor does not
recognize user enumeration as a vulnerability for this product.",
"lastUpdated": "2022-12-14",
"qvs": 37,
"cvss": 5.3
}
]
}
}

Request with multiple filters

Refer to the following example, wherein you can see the sample request to get all assets
with vulnerabilities type as ’Potential’ and cvss greater than 8.
curl --location --request POST
'<qualys_base_url>/rest/2.0/search/am/easm/vulns' \
--header 'Authorization: Bearer <JWT Token>' \
--header 'Content-Type: application/json' \
--data-raw '{
"filters": [
{
"field": "vulnerability.type",
"operator": "EQUALS",
"value": "Potential"
},
{
"field": "vulnerability.cvss",
"operator": "GREATER",
"value": "8"
}

62
 Vulnerabilities Related APIs
GET List of Vulnerabilities Discovered by EASM

],
"operation": "AND"
}'

Response
{
"responseMessage": "Valid API Access",
"count": 2,
"responseCode": "SUCCESS",
"lastSeenVulnId": 17068,
"hasMore": 0,
"externalVulnerabilityListData": {
"vulnerability": [
{
"ipaddress": "20.100.300.600",
"assetId": 19046733,
"vulnId": 17046,
"cveId": "CVE-2017-9120",
"type": "Potential",
"summary": "PHP 7.x through 7.1.5 allows remote attackers
to cause a denial of service (buffer overflow and application
crash) or possibly have unspecified other impact via a long string
because of an Integer overflow in mysqli_real_escape_string.",
"lastUpdated": "2022-12-14",
"qvs": 72,
"cvss": 9.8
},
{
"ipaddress": "20.100.300.600",
"assetId": 19046733,
"vulnId": 17068,
"cveId": "CVE-2022-37454",
"type": "Potential",
"summary": "The Keccak XKCP SHA-3 reference implementation
before fdc6fef has an integer overflow and resultant buffer
overflow that allows attackers to execute arbitrary code or
eliminate expected cryptographic properties. This occurs in the
sponge function interface.",
"lastUpdated": "2022-12-14",
"qvs": 72,
"cvss": 9.8
}
]
}

63
 Vulnerabilities Related APIs
GET List of Vulnerabilities discovered by EASM Scan

Note:
- The following operators are supported for 'vulnerability.cvss' and 'vulnerability.qvs':
EQUALS, IN, NOT_EQUALS, GREATER, LESSER, GREATER_THAN_EQUAL,
LESS_THAN_EQUAL
- Page Size for Response will be 1000. The lastSeenVulnId can be used for pagination.
Example: <qualys_base_url>/rest/2.0/search/am/easm/vulns?lastSeenVulnId=17068

Here, lastSeenVulnID is the VulnID of the last CVE in response where VulnID is a unique
identifier created for each CVE. It does not have any other significance.
- Provide multiple values as a comma separated list and also use the IN Operator.
Example:
{
"filters": [
{
"field": "vulnerability.cveId",
"operator": "IN",
"value": "CVE-2021-21707,CVE-2021-21708"
}
]
}

GET List of Vulnerabilities discovered by EASM Scan

/rest/2.0/search/am/easm/scan/vulns
[POST]
This API helps you to get a list of vulnerabilities discovered by an EASM scan.

64
 Vulnerabilities Related APIs
GET List of Vulnerabilities discovered by EASM Scan

Input Parameters
Parameter Required/ Type Description
Optional
asset.assetID Optional Integer Provide the asset Id for which you
want to get the list of
vulnerabilities.
vulnerabilities.disabled Optional Boolean Provide the value true or false.
vulnerabilities.ssl Optional Boolean Provide the value true or false.
vulnerabilities.found Optional Boolean Provide the value true or false.
vulnerabilities.ignored Optional Boolean Provide the value true or false.
vulnerabilities.qid Optional Integer Provide the qid of the vulnerability.
vulnerabilities.port Optional Integer Provide the port of the
vulnerability.
vulnerabilities.protocol Optional String Provide the protocol of the
vulnerability.
vulnerabilities.lastFoundDate Optional Date Provide the last found date of the
vulnerability.
vulnerabilities.firstFoundDate Optional Date Provide the first found date of the
vulnerability.

Important to Know!
- The following operators are supported for asset.assetID, vulnerabilities.qid,
vulnerabilities.port,and vulnerabilities.protocol input parameters:
EQUALS, IN, and NOT_EQUALS
- The page size for the response will be 1000; the lastSeenId can be used for pagination.
Example: <qualys_base_url>/rest/2.0/search/am/easm/scan/vulns?lastSeenId=23846
- You can provide multiple values for a given filter by using the "IN" Operator and
providing a comma-separated list of values.
Example:
{
"filters": [
{
"field": "asset.assetID",
"operator": "IN",
"value": "41734168,41734549"
}
]
}

Sample - Get List of Vulnerabilities Discovered by EASM Scan

API Request - Without Filter

65
 Vulnerabilities Related APIs
GET List of Vulnerabilities discovered by EASM Scan

curl --location --request POST

'<qualys_base_url>/rest/2.0/search/am/easm/scan/vulns' \
--header 'Authorization: Bearer <JWT Token>' \
--data-raw ''

Response:
{
"responseMessage": "Valid API Access",
"count": 2,
"responseCode": "SUCCESS",
"lastSeenId": 23846,
"hasMore": 0,
"easmVulnerabilityListData": {
"vulnerabilities": [
{
"id": 8760,
"assetID": 41734168,
"qid": 6,
"ssl": false,
"found": true,
"ignored": false,
"disabled": false,
"lastFoundDate": "2024-04-03T00:57:58.000Z",
"firstFoundDate": "2024-03-09T19:02:32.000Z",
"created": "2024-03-09T19:02:32.000Z",
"updated": "2024-04-03T00:57:58.000Z"
},
{
"id": 9022,
"assetID": 41734166,
"qid": 6,
"ssl": false,
"found": true,
"ignored": false,
"disabled": false,
"lastFoundDate": "2024-03-23T20:54:04.000Z",
"firstFoundDate": "2024-03-09T19:25:29.000Z",
"created": "2024-03-09T19:25:29.000Z",
"updated": "2024-03-23T20:54:04.000Z"
}
]
}
}

API Request with filter in XML format:

The following example shows the sample request to get vulnerabilities for a given assetID.
curl --location --request POST
'<qualys_base_url>/rest/2.0/search/am/easm/scan/vulns' \
--header 'Authorization: Bearer <JWT Token>' \
--header 'Content-Type: application/xml' \
--data-raw '<?xml version="1.0" encoding="UTF-8"?>
<FilterRequest>

66
 Vulnerabilities Related APIs
GET List of Vulnerabilities discovered by EASM Scan

<filters>
<criteria>
<field>asset.assetID</field>
<operator>EQUALS</operator>
<value>43333162</value>
</criteria>
</filters>
</FilterRequest>'
Response:
{
"responseMessage": "Valid API Access",
"count": 2,
"responseCode": "SUCCESS",
"lastSeenId": 32304,
"hasMore": 1,
"easmVulnerabilityListData": {
"vulnerabilities": [
{
"id": 32303,
"assetID": 43333162,
"qid": 86137,
"port": 443,
"ssl": false,
"found": true,
"ignored": false,
"disabled": false,
"protocol": "TCP",
"lastFoundDate": "2024-04-16T06:55:08.000Z",
"firstFoundDate": "2024-04-16T02:01:13.000Z",
"created": "2024-04-16T02:01:13.000Z",
"updated": "2024-04-16T06:55:08.000Z"
},
{
"id": 32304,
"assetID": 43333162,
"qid": 38704,
"port": 443,
"ssl": false,
"found": true,
"ignored": false,
"disabled": false,
"protocol": "TCP",
"lastFoundDate": "2024-04-16T06:55:08.000Z",
"firstFoundDate": "2024-04-16T02:01:13.000Z",
"created": "2024-04-16T02:01:13.000Z",
"updated": "2024-04-16T06:55:08.000Z"
}
]
}
}

API Request with filter in JSON format:

67
 Vulnerabilities Related APIs
GET List of Vulnerabilities discovered by EASM Scan

The following example shows a sample request to get all assets having vulnerabilities with
QID.
curl --location --request POST
'<qualys_base_url>/rest/2.0/search/am/easm/scan/vulns' \
--header 'Authorization: Bearer <JWT Token>' \
--header 'Content-Type: application/json' \
--data-raw '<?xml version="1.0" encoding="UTF-8"?>
<FilterRequest>
<filters>
<criteria>
<field>asset.assetID</field>
<operator>EQUALS</operator>
<value>41735712</value>
</criteria>
</filters>
</FilterRequest>'

Response:
{
"responseMessage": "Valid API Access",
"count": 2,
"responseCode": "SUCCESS",
"lastSeenId": 12326,
"hasMore": 0,
"easmVulnerabilityListData": {
"vulnerabilities": [
{
"id": 10029,
"assetID": 41735712,
"qid": 38173,
"port": 443,
"ssl": true,
"found": true,
"ignored": false,
"disabled": false,
"protocol": "TCP",
"lastFoundDate": "2024-04-03T02:59:36.000Z",
"firstFoundDate": "2024-03-09T23:59:10.000Z",
"lastScanned": "1970-01-01T00:00:00.000Z",
"created": "2024-03-09T23:59:10.000Z",
"updated": "2024-04-03T02:59:36.000Z"
},
{
"id": 12326,
"assetID": 41951252,
"qid": 38173,
"port": 443,
"ssl": true,
"found": true,
"ignored": false,
"disabled": false,
"protocol": "TCP",

68
 Vulnerabilities Related APIs
Fetch Vulnerability Data for Software and Operating Systems Across Assets

"lastFoundDate": "2024-04-03T02:34:24.000Z",
"firstFoundDate": "2024-03-09T23:24:47.000Z",
"lastScanned": "2024-04-02T23:47:48.000Z",
"created": "2024-03-09T23:24:47.000Z",
"updated": "2024-04-03T02:34:24.000Z"
}
]
}
}

Fetch Vulnerability Data for Software and Operating Systems

Across Assets
/rest/2.0/am/catalog/cve/detail
[POST]
This API helps you to view the vulnerability data for software and operating systems
across your assets.
Note:
- This API is supported only for CSAM Trial and Full (Paid).
- The API response time varies based on the number of software and operating Systems
installed on the assets. It might take up to approximately 15 to 25 minutes, as fetching the
vulnerability data generates a significant load on the system.

69
 Vulnerabilities Related APIs
Fetch Vulnerability Data for Software and Operating Systems Across Assets

Input Parameters
Parameter Required/ Type Description
Optional
cpeIds Mandatory String Provide a comma separated list of CPE Ids to
retrieve the list of corresponding CVE’s. The
maximum value supported for CPE list size is 100.
cpeType Optional String Specify "Qualys" or "NIST" CPE type to filter CVEs.
Note: This is case-sensitive.
pageNumber Optional Integer Provide the page number for which CVE’s are
included in the response. The default page number
is 0.

Note: If page Number is not specified in the request,

the first page records will be fetched by default.
pageSize Optional Integer Provide the number of records you want to include
per page in the response. The default value is 50.
Also, the maximum value for this parameter is 50.

Sample - Fetch Vulnerability Data for Software and Operating Systems

API Request:
curl --location --request POST
'<qualys_base_url>/am/catalog/cve/detail?cpeIds=4980’ --header
'Authorization: Bearer <JWT Token>'

Response:
{
"responseMessage": "Valid API Access",
"totalCveCount": 437438,
"responseCode": "SUCCESS",
"hasMore": 1,
"cpeCveListData": {
"cveList": [
{
"cveId": "CVE-2016-2334",
"qvs": 71,
"publishedOn": "2016-12-13T22:59:00.000Z",
"qvsType": "CVE",
"qvsPrimeCredit": 0,
"cvss": "9.3",
"cvssVersion": "v2",
"trending": [
"2024-01-22T00:00:00.000Z,2024-01-03T00:00:00.000Z,2024-01-
08T00:00:00.000Z,2024-01-10T00:00:00.000Z,2024-01-01T00:00:00.000Z,2024-
01-05T00:00:00.000Z,2024-01-12T00:00:00.000Z,2024-01-
04T00:00:00.000Z,2023-12-25T00:00:00.000Z,2024-01-06T00:00:00.000Z"
],
"highestContributor": false,
"cpeName": "cpe:2.3:a:7-zip:7-zip:4.65:*:*:*:*:*:*:*",

70
 Vulnerabilities Related APIs
Fetch Vulnerability Data for Software and Operating Systems Across Assets

"cpeId": 455,
"cpeType": "NIST",
"RTI": null,
"exploit_maturity": [
"weaponized,poc"
],
"malware_name": [
"Bl00dy Ransomware Gang,BianLian,Lockbit,Clop,Buhti"
],
"threat_actors": [
"Static Kitten,Graceful
Spider,Hezb,Wazawaka,FIN11,Unattributed,APT35,Charming Kitten"
],
"CISA_vuln": [
"YES"
]
},
...
{
"cveId": "CVE-2017-17969",
"qvs": 42,
"publishedOn": "2018-01-30T16:29:00.000Z",
"qvsType": "CVE",
"qvsPrimeCredit": 0,
"cvss": "7.8",
"cvssVersion": "v3.x",
"trending": [
"2024-04-19T00:00:00.000Z"
],
"highestContributor": false,
"cpeName": "cpe:2.3:a:7-zip:7-zip:4.65:*:*:*:*:*:*:*",
"cpeId": 455,
"cpeType": "NIST",
"RTI": null,
"exploit_maturity": [
"poc"
],
"malware_name": null,
"threat_actors": null,
"CISA_vuln": null
},
],
"totalCves": 437438
}
}

71
 EASM Profile APIs
Get an EASM Profile Data

EASM Profile APIs

Learn More about the following EASM Profile APIs:
• Get an EASM Profile Data
• Create an EASM Profile
• Update an EASM Profile Data
• Patch an EASM Profile data
• Delete an EASM Profile
• Activate and Deactivate an EASM Profile
• Get an EASM Profile Discovery Status

Important Considerations for EASM Profile APIs

Before working with the EASM Profile APIs, refer to the following:
• Only JSON format is supported for payload (POST, PUT, PATCH); XML is not
supported.
• If multiple values are provided for any SEED/Filters, those should be separated by
a semi-colon.
• For SEED type DOMAIN, only Top Level Domain should be provided.
• For SEED type NETBLOCK and CERTSUBJECT, enumerateSubsidiary and
horizontalEnumeration should always be set to False.
• SEED type DOMAIN and CERTSUBJECT are not supported in ExcludeSeeds.
• Country code should be provided for the COUNTRY attribute.
• Characters allowed for profile name creation are:
- a-z, A-Z, 0-9
- Blank space between two characters
- underscore (_) is allowed. The rest of the special characters are not allowed.

Get an EASM Profile Data

This API returns the EASM profile data. You can get the data for one specified profile, or
all profiles when multiple profiles are configured.
/easm/v2/profile
[GET]

72
 EASM Profile APIs
Get an EASM Profile Data

Input Parameters
Parameter Required/ Type Description
Optional
pageNumber Optional Integer Provide the page number. If the page number is not
provided, page no 0 is fetched by default.

Note: You can get the data for a maximum of 20

profiles. But if you want to get the data for more
than 20 profiles, you need to provide the pagination
query parameter that is
pageNumber=Numericvalue.
profileName Optional String Provide the profile name only if you want to get the
data for the individual profile.

Sample - Get Data of an Individual EASM Profile

API Request:
curl --location --request GET
'<qualys_base_url>/easm/v2/profile?profileName=NewProfile' \
--header 'Authorization: Bearer <Auth Token>' \
--data ''

Response:
{
"hasNextPage": false,
"profile": [
{
"name": "NewProfile",
"includeSeeds": [
{
"seedType": "DOMAIN",
"seedValue": "qualys.com",
"seedHeading": null,
"enumerateSubsidiary": true,
"horizontalEnumeration": true,
"seedFilters": []
}
],
"excludeSeeds": [
{
"seedType": "CITY",
"seedValue": "string"
}
],
"enableIFAScan": false,
"active": true
"profileTagName": "NewProfile"
}
]
}

73
 EASM Profile APIs
Get an EASM Profile Data

Sample - Get Data for Multiple EASM Profiles

API Request:
curl --location --request GET '<qualys_base_url>/easm/v2/profile' \
--header 'Authorization: Bearer <Auth Token>' \
--data ''

Response:
{
"hasNextPage": false,
"profile": [
{
"name": "NewProfile",
"includeSeeds": [
{
"seedType": "DOMAIN",
"seedValue": "qualys.com",
"seedHeading": null,
"enumerateSubsidiary": true,
"horizontalEnumeration": true,
"seedFilters": []
}
],
"excludeSeeds": [
{
"seedType": "CITY",
"seedValue": "string"
}
],
"enableIFAScan": false,
"active": true
"profileTagName": "NewProfile2"
},
{
"name": "NewProfile2",
"includeSeeds": [
{
"seedType": "DOMAIN",
"seedValue": "qualys.com",
"seedHeading": null,
"enumerateSubsidiary": true,
"horizontalEnumeration": true,
"seedFilters": []
}
],
"excludeSeeds": [],
"enableIFAScan": false,
"active": true
"profileTagName": "NewProfile2"
}
]
}

74
 EASM Profile APIs
Get an EASM Profile Data

Sample - With "enableEASMScan" and "includeVMAssets" fields

Prerequisites:
• EASM scan must be enabled for your subscription from the back office so that you
can set the EASM scan to true for an EASM profile.
• You can't set the "includeVMAssets" value to true unless you set the
"enableEASMScan" value to true.

Field Value Details

enableEASMScan true Indicates that you enabled the EASM scan for the
EASM profile.
enableEASMScan false Indicates that you didn't enable the EASM scan
for the EASM profile.
includeVMAssets true Indicates that you choose to include all EASM
assets in the EASM scan.
includeVMAssets false ndicates that you choose to include unmanaged
EASM assets in the EASM scan.

Sample - Get Data of Multiple EASM Profiles

API Request:
curl --location --request GET '<qualys_base_url>/easm/v2/profile' \
--header 'Authorization: Bearer <Auth Token>' \
--data ''

Response:
{
"hasNextPage": false,
"profile": [
{
"name": "NewProfile",
"includeSeeds": [
{
"seedType": "DOMAIN",
"seedValue": "qualys.com",
"seedHeading": null,
"enumerateSubsidiary": true,
"horizontalEnumeration": true,
"seedFilters": []
}
],
"excludeSeeds": [
{
"seedType": "CITY",
"seedValue": "string"
}
],
"enableIFAScan": false,

75
 EASM Profile APIs
Get an EASM Profile Data

"active": true
"profileTagName": "NewProfile2"
"enableEASMScan": true,
"includeVMAssets": false
},
{
"name": "NewProfile2",
"includeSeeds": [
{
"seedType": "DOMAIN",
"seedValue": "qualys.com",
"seedHeading": null,
"enumerateSubsidiary": true,
"horizontalEnumeration": true,
"seedFilters": []
}
],
"excludeSeeds": [],
"enableIFAScan": false,
"active": true
"profileTagName": "NewProfile2"
"enableEASMScan": false,
"includeVMAssets": false
}
]
}

Sample - Get Data of Single EASM Profile

API Request:
curl --location --request GET
'<qualys_base_url>/easm/v2/profile?profileName=NewProfile' \
--header 'Authorization: Bearer <Auth Token>' \
--data ''

Response:
{
"hasNextPage": false,
"profile": [
{
"name": "NewProfile",
"includeSeeds": [
{
"seedType": "DOMAIN",
"seedValue": "qualys.com",
"seedHeading": null,
"enumerateSubsidiary": true,
"horizontalEnumeration": true,
"seedFilters": []
}
],
"excludeSeeds": [
{

76
 EASM Profile APIs
Create an EASM Profile

"seedType": "CITY",
"seedValue": "string"
}
],
"enableIFAScan": false,
"active": true
"profileTagName": "NewProfile"
"enableEASMScan": true,
"includeVMAssets": false

}
]
}

Create an EASM Profile

This API helps you create EASM profiles.

/easm/v2/profile
[POST]

Input Parameters
Parameter Required/ Type Description
Optional
name Required String Provide the profile name in the API request body.
defaultProfile Optional Boolean Provide the value as true in API request body if you
want to save the EASM profile as a default one.

Sample - Create an EASM Profile

API Request:
curl --location --request POST '<qualys_base_url>/easm/v2/profile' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <Auth Token>' \
--data '
{
"name":"NewProfile1",
"defaultProfile":true,
"includeSeeds": [
{
"seedType": "DOMAIN",
"seedValue": "qualys.com",
"enumerateSubsidiary": "true",
"horizontalEnumeration": "true",
"seedFilters": []
}
]
}'

77
 EASM Profile APIs
Create an EASM Profile

Response:
{
"code": "201",
"status": "SAVED",
"date": "2024-01-15 10:08:53",
"message": "Profile Created Successfully: "
}

Note: You can't create a duplicate profile, that is, a profile with the same configurations as
the existing profile. The following response is shown if you attempt to do that:
Status Code=400Bad Request
{
"date": "2024-07-04 11:40:51",
"message": "Duplicate profile configurations are not allowed. The same
configuration exists with the existing profile FirstProfile.",
"details": [
"Duplicate profile configurations are not allowed. The same
configuration exists with the existing profile FirstProfile."
]
}

Sample - With "enableEASMScan" and "includeVMAssets" fields

Prerequisites:
• EASM scan must be enabled for your subscription from the back office so that you
can set the EASM scan to true for an EASM profile.
• You can't set the "includeVMAssets" value to true unless you set the
"enableEASMScan" value to true.

Field Value Details

enableEASMScan true Indicates that you enabled the EASM scan for the
EASM profile.
enableEASMScan false Indicates that you didn't enable the EASM scan
for the EASM profile.
includeVMAssets true Indicates that you choose to include all EASM
assets in the EASM scan.
includeVMAssets false ndicates that you choose to include unmanaged
EASM assets in the EASM scan.

API Request:
curl --location --request POST '<qualys_base_url>/easm/v2/profile' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <Auth Token>' \
--data '
{

78
 EASM Profile APIs
Update an EASM Profile Data

"name":"NewProfile1",
"defaultProfile":false,
"includeSeeds": [
{
"seedType": "DOMAIN",
"seedValue": "qualys.com",
"seedHeading": null,
"enumerateSubsidiary": "true",
"horizontalEnumeration": "true",
"seedFilters": []
}
],
"excludeSeeds": [],
"enableIFAScan": false,
"enableEASMScan": true,
"includeVMAssets": true
}'

Response:
{
"code": "201",
"status": "SAVED",
"date": 2024-04-21 11:35:12,
"message": "Profile Created Successfully."
}

Update an EASM Profile Data

This API helps you to update the existing EASM profile using the PUT
method. /

easm/v2/profile/{profileName}
[PUT]

Input Parameters
Parameter Required/ Type Description
Optional
Path Parameter Required String Provide the EASM profile name.

Sample - Update the EASM Profile

API Request:
curl --location --request PUT
'<qualys_base_url>/easm/v2/profile/NewProfile1' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <Auth Token>' \
--data '{
"name":"NewProfile1",

79
 EASM Profile APIs
Update an EASM Profile Data

"includeSeeds": [
{
"seedType": "DOMAIN",
"seedValue": "accenture.com",
"enumerateSubsidiary": true,
"horizontalEnumeration": true,
"seedFilters": []
}
]
}'

Response:
{
"code": "200",
"status": "UPDATED",
"date": "2024-01-15 10:59:08",
"message": "Profile Updated Successfully"
}

Note: You can't modify or update a profile in such a way that you end up creating a
duplicate profile, that is, a profile with the same configurations as the existing profile. The
following response is shown if you attempt to do that:
Status Code=400Bad Request
{
"date": "2024-07-04 11:40:51",
"message": "Duplicate profile configurations are not allowed. The same
configuration exists with the existing profile FirstProfile.",
"details": [
"Duplicate profile configurations are not allowed. The same
configuration exists with the existing profile FirstProfile."
]
}

Sample - With "enableEASMScan" and "includeVMAssets" fields

Prerequisites:
• EASM scan must be enabled for your subscription from the back office so that you
can set the EASM scan to true for an EASM profile.
• You can't set the "includeVMAssets" value to true unless you set the
"enableEASMScan" value to true.

Field Value Details

enableEASMScan true Indicates that you enabled the EASM scan for the
EASM profile.
enableEASMScan false Indicates that you didn't enable the EASM scan
for the EASM profile.

80
 EASM Profile APIs
Patch an EASM Profile data

includeVMAssets true Indicates that you choose to include all EASM

assets in the EASM scan.
includeVMAssets false ndicates that you choose to include unmanaged
EASM assets in the EASM scan.

API Request:
curl location --request PUT
'<qualys_base_url>/easm/v2/profile/NewProfile1' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <Auth Token>' \
--data '{
"name":"NewProfile1",
"includeSeeds": [
{
"seedType": "DOMAIN",
"seedValue": "accenture.com",
"seedHeading": null,
"enumerateSubsidiary": true,
"horizontalEnumeration": true,
"seedFilters": []
}
],
"excludeSeeds": [],
"enableIFAScan": false,
"active": true,
"profileTagName": "Test6",
"enableEASMScan": true,
"includeVMAssets": false
}'

Response:
{
"code": "200",
"status": "UPDATED",
"date": 2024-04-21 11:37:35,
"message": "Profile Updated Successfully."
}

Patch an EASM Profile data

This API helps you to update the existing EASM profile using the PATCH method.
/easm/v2/profile/{profileName}
[PATCH]

81
 EASM Profile APIs
Patch an EASM Profile data

Input Parameters
Parameter Required/ Type Description
Optional
Path Parameter Required String Provide the EASM profile name.

Sample - Patch the EASM Profile

API Request:
curl --location --request PATCH
'<qualys_base_url>/easm/v2/profile/NewProfile' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <Auth Token>' \
--data '{
"name":"NewProfile",
"includeSeeds": [
{
"seedType": "DOMAIN",
"seedValue": "accenture.com",
"enumerateSubsidiary": true,
"horizontalEnumeration": true,
"seedFilters": []
}
]
}'

Response:
{
"code": "200",
"status": "UPDATED",
"date": "2024-01-15 11:05:13",
"message": "Profile Updated Successfully"
}

Note: You can't modify or update a profile in such a way that you end up creating a
duplicate profile, that is, a profile with the same configurations as the existing profile. The
following response is shown if you attempt to do that:
Status Code=400Bad Request
{
"date": "2024-07-04 11:40:51",
"message": "Duplicate profile configurations are not allowed. The same
configuration exists with the existing profile FirstProfile.",
"details": [
"Duplicate profile configurations are not allowed. The same
configuration exists with the existing profile FirstProfile."
]
}

82
 EASM Profile APIs
Patch an EASM Profile data

Sample - With "enableEASMScan" and "includeVMAssets" fields

Prerequisites:
• EASM scan must be enabled for your subscription from the back office so that you
can set the EASM scan to true for an EASM profile.
• You can't set the "includeVMAssets" value to true unless you set the
"enableEASMScan" value to true.

Field Value Details

enableEASMScan true Indicates that you enabled the EASM scan for the
EASM profile.
enableEASMScan false Indicates that you didn't enable the EASM scan
for the EASM profile.
includeVMAssets true Indicates that you choose to include all EASM
assets in the EASM scan.
includeVMAssets false ndicates that you choose to include unmanaged
EASM assets in the EASM scan.

API Request:
curl --location --request PATCH
'<qualys_base_url>/easm/v2/profile/NewProfile' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <Auth Token>' \
--data '{
"name":"NewProfile",
"includeSeeds": [
{
"seedType": "DOMAIN",
"seedValue": "accenture.com",
"seedHeading": null,
"enumerateSubsidiary": true,
"horizontalEnumeration": true,
"seedFilters": []
}
]'
"excludeSeeds": [],
"enableIFAScan": false,
"active": true,
"profileTagName": "Test6",
"enableEASMScan": true,
"includeVMAssets": true
}'

Response:
{
"code": "200",
"status": "UPDATED",
"date": "2024-04-21 11:39:16",

83
 EASM Profile APIs
Delete an EASM Profile

"message": "Profile Updated Successfully"

}

Delete an EASM Profile

This API helps you to delete the EASM profiles.
/easm/v2/profile
[DELETE]

Sample - Delete an EASM Profile

Input Parameters

Parameter Required/ Type Description

Optional
profileName Required String Provide the profile name.

API Request:
curl --location --request DELETE
'<qualys_base_url>/easm/v2/profile?profileName=NewProfile' \
--header 'Authorization: Bearer <Auth Token>' \
--data ''

Response:
{
"code": "200",
"status": "DELETED",
"date": "2024-01-15 11:05:42",
"message": "Deleted profile data"
}

Activate and Deactivate an EASM Profile

This API helps you to activate and deactivate the EASM profiles.
/easm/v2/profile/activate/{profileName}
[PATCH]

84
 EASM Profile APIs
Get an EASM Profile Discovery Status

Input Parameters

Parameter Required/ Type Description

Optional
pathParameter Required String Provide the EASM profile name.
activate Required boolean Specify true to activate the EASM profile.
Specify false to deactivate the EASM profile.

Sample - Activate the EASM Profile

API Request:
curl --location --request PATCH
'<qualys_base_url>/easm/v2/profile/activate/EASM Default
Profile?activate=true' \
--header 'Authorization: Bearer <Auth Token>'

Response:
{
"code": "200",
"status": "ACTIVATED",
"date": "2024-01-24 07:04:49",
"message": "Profile updated successfully."
}

Sample - Deactivate the EASM Profile

API Request:
curl --location --request PATCH
'<qualys_base_url>/easm/v2/profile/activate/EASM Default
Profile?activate=false' \
--header 'Authorization: Bearer <Auth Token>'
Response:
{
"code": "200",
"status": "DEACTIVATED",
"date": "2024-01-24 07:06:16",
"message": "Profile updated successfully."
}

Get an EASM Profile Discovery Status

This API helps you to know the discovery status of your EASM profile.
/easm/v2/profile/status
[GET]

85
 EASM Profile APIs
Get an EASM Profile Discovery Status

Input Parameters

Parameter Required/ Type Description

Optional
profileName Optional Integer Provide the profile name to get the discovery status
of an individual profile.
Note: If you don’t provide the profile name, you get
the discovery status of all profiles.

Sample - Get Discovery Status of a Single EASM Profile

API Request:
curl --location --request GET
'<qualys_base_url>/easm/v2/profile/status?profileName=NewProfile' \
--header 'accept: */*' \
--header 'Authorization: Bearer <Auth Token>'

Response:
[
{
"profileName": "NewProfile",
"lastConfiguredOn": "2024-01-15 11:06:43",
"status": "Scheduled",
"nextScheduledSyncOn": null,
"discoveryStartedAt": null,
"discoveryFailedOn": null,
"lastDiscoveryCompletedOn": null
}
]

Sample - Get Discovery Status of All EASM Profiles

API Request:
curl --location --request GET
'<qualys_base_url>/easm/v2/profile/status' \
--header 'accept: */*' \
--header 'Authorization: Bearer <Auth Token>'

Response:
[
{
"profileName": "NewProfile",
"lastConfiguredOn": "2024-01-15 11:06:43",
"status": "Scheduled",
"nextScheduledSyncOn": null,
"discoveryStartedAt": null,
"discoveryFailedOn": null,
"lastDiscoveryCompletedOn": null
},

86
 EASM Profile APIs
Get an EASM Profile Discovery Status

{
"profileName": "NewProfile1",
"lastConfiguredOn": "2024-01-15 11:17:02",
"status": "Scheduled",
"nextScheduledSyncOn": null,
"discoveryStartedAt": null,
"discoveryFailedOn": null,
"lastDiscoveryCompletedOn": null
}
]

87
 Import Third-Party Assets API

Import Third-Party Assets API

/rest/2.0/am/connector/asset/data/sync
[POST]
This API helps you to import the Third-Party assets into your CSAM account. This API is
introduced only for the Third-Party asset source - Webhook.

Note: This API is introduced only for the Third-Party asset source - Webhook.
Before You Begin
- Create the "businessAppId" using the 2.0/upsert/am/businessapp/metadata API
before importing the Third-Party assets.
- The values mentioned in the "identityAttributes" list except "qualysAssetId",
"instanceUuid", and "instanceUuidSource" must be the same as mentioned in the
"coreAttributes" list.

Sample - Import Third-Party assets

API Request:
curl --location --request POST
'<qualys_base_url>/rest/2.0/am/connector/asset/data/sync' \
--header 'Authorization: Bearer <JWT Token>' \
--header 'Content-Type: application/json' \
--data-raw '<JSON payload>'

Sample JSON Payload:

{
"connectorMetaData": {
"requestId": "string",
"assetCount": "integer",
"source": "string",
"connectorUuid": "string"
},
"assetData": [
{
"identityAttributes": {
"qualysAssetId": "string",
"sourceNativeKey": "string",
"instanceUuid": "String",
"instanceUuidSource": "String",
"hostName": "String",
"netBiosName": "string",
"fqdn": "String",
"macAddress": [
"string"
],
"ipAddress": [
"String"
],

88
 Import Third-Party Assets API

"serialNumber": "String",
"hardwareUuid": "string",
"networkUuid": "String"
},
"coreAttributes": {
"lastLoggedOnUser": "String",
"operatingSystem": "String",
"hostName": "String",
"address": "String",
"dnsName": "String",
"biosInfo": {
"biosDescription": "String",
"lastBoot": "date",
"manufacturer": "String",
"totalMemory": "integer",
"timeZone": "String",
"model": "String",
"serialNumber": "String",
"biosAssetTag": "String",
"hardwareUuid": "String"
},
"netBiosName": "String",
"isContainer": "boolean",
"fqdn": "String",
"domain": "String",
"osVersion": "String",
"osArchitecture": "String",
"domainRole": "String",
"processor": {
"description": "String",
"speed": "float",
"numberOfCpu": "integer"
},
"ports": [
{
"port": "Integer",
"protocol": "String",
"detectedService": "String",
"description": "String",
"firstFound": "Date",
"lastUpdated": "Date"
}
],
"networkInterfaces": [
{
"interfaceName": "String",
"macAddress": "String",
"address": "String",
"gatewayAddress": [
"String"
],
"dnsAddress": [
"String"
],

89
 Import Third-Party Assets API

"hostName": "String",
"ipv4Address": [
"String"
],
"ipv6Address": [
"String"
],
"type": "String",
"networkUuid": "String"
}
],
"softwares": [
{
"name": "String",
"version": "String",
"installedDate": "date",
"lastUpdated": "date",
"identifier": "String",
"isSystemApp": "boolean",
"isEnterpriseApp": "boolean",
"publisher": "String",
"language": "String",
"type": "String",
"installPath": "String",
"lastUsedDate": "date",
"firstFoundDate": "date"
}
],
"services": [
{
"name": "String",
"description": "String",
"status": "String"
}
],
"volumes": [
{
"name": "String",
"size": "Integer",
"free": "Integer"
}
],
"accounts": [
{
"username": "String"
}
],
"businessMetaData": {
"status": "String",
"environment": "String",
"company": "String",
"department": "String",
"ownedBy": "String",
"managedBy": "String",

90
 Import Third-Party Assets API

"supportedBy": "String",
"supportGroup": "String"
},
"assignedLocation": {
"name": "String",
"street": "String",
"city": "String",
"state": "String",
"zip": "String",
"country": "String",
"latitude": "String",
"longitude": "String"
},
"businessApps": [
{
"businessAppId": "String"
}
],
"containers": [
{
"version": "String",
"numberOfContainers": "Integer",
"numberOfImages": "Integer",
"type": "String"
}
],
"customConnectorAttributes": {
"key": "value"
}
}
}
]
}

Example - Sample JSON Payload with values:

{
"connectorMetaData": {
"requestId": "7xxx8pwx7xx",
"assetCount": "1",
"connectorUuid": "2xxxa9a-6xxx-4xx9-8xxx-8xxxxxxxx280",
"source": "WEBHOOK"
},
"assetData": [
{
"identityAttributes": {
"qualysAssetId": "12xxx3",
"serialNumber": "abc-xxxxx9-4xxx-xxxf-bxxx",
"ipAddress": [
"67.x.2xx.xxx","2x4x:4xx:8xxx:a1a:23xe:6xx7:xxc:ax12"
],
"hostName": "test_hostname_xxxxaeb9-4xxx-4xxx-bxx",
"macAddress": [
"AA:5x:5x:xx:33:xx"

91
 Import Third-Party Assets API

],
"hardwareUuid": "3xxxxxb9-4xxx-4xxx-xxx3-axxxxxdc6681",
"fqdn": "test_hostname_366caeb9-4027-458f-b063-
a28b0adc6681",
"netBiosName": "test_hostname_366caeb9-4027-458f-b063-
a28b0adc6681",
"sourceNativeKey": "TEST74"
},
"coreAttributes": {
"dnsName": "DNS name Test",
"hostName": "test_hostname_366caeb9-4027-458f-b01",
"operatingSystem": "Microsoft Windows 7 Professional",
"netBiosName": "test_hostname_366caeb9-4027-458f-b063-
a28b0adc6681",
"lastLoggedOnUser": "root",
"address": "xx.7.xx.1xx",
"fqdn": "test_hostname_366caeb9-4027-458f-b063-
a28b0adc6681",
"isContainer": "true",
"domain": "Test",
"osVersion": "Windows 7",
"osArchitecture": "32 Bit",
"domainRole": "Test",
"businessMetaData": {
"department": "IT SECOPS",
"managedBy": "John Doe",
"company": "ACME",
"supportedBy": "Service Desk",
"ownedBy": "John",
"environment": "test-environment",
"supportGroup": "Linux Server Team",
"status": "Operational"
},
"assignedLocation": {
"country": "USA",
"state": "sample-state",
"name": "add your address",
"latitude": "33.11876",
"city": "Escondido",
"street": "add your street address",
"zip": "add your zip code",
"longitude": "-117.083405"
},
"biosInfo": {
"hardwareUuid": "366cxxx-4027-xxxf-b063-a2xxxxdc6681",
"timeZone": "+05:30",
"model": "VMware VMware Virtual Platform",
"serialNumber": "VMware-366caeb9-4027-458f-b078",
"totalMemory": 32014,
"biosDescription": "Phoenix Technologies LTD 6.00",
"manufacturer": "VMware",
"lastBoot": "1685361415000",
"biosAssetTag": "No Asset Tag"
},

92
 Import Third-Party Assets API

"processor": {
"description": "Intel(R) Xeon(R) ",
"speed": 2293,
"numberOfCpu": 1
},
"networkInterfaces": [
{
"address": "xx.7.x21.xx1",
"macAddress": "AA:xx:54:xx:33:3E",
"hostName": "test_hostname_366caeb9-4027-458f-b01",
"ipv4Address": [
"67.7.xxx.xxx"
],
"ipv6Address": [
"2001:470:xxxx:a1a:d58e:xxxx:f9c:xxxx"
],
"type": "Client",
"networkUuid": "Test",

"gatewayAddress": [
"10.xx.xx.1"
],
"dnsAddress": [
"15.xx.xx.15"
],
"interfaceName": "AA:51:xx:52:33:xx"
}
],
"customConnectorAttributes": {
"Vendor": "ACME India",
"attested By": "John Doe",
"Managed By Group": "CI Manager",
"Discovery Source": "SG-Qualys",
"Business Unit": "Business Unit Test 1"
},
"businessApps": [
{
"businessAppId": "CSAM2800FEBRELEASE2"
}
],
"volumes": [
{
"name": "C:",
"size": 63897071616,
"free": 31129092096
}
],
"containers": [
{
"version": "3.2",
"numberOfContainers": "1",
"numberOfImages": "3",
"type": "Docker"
}

93
 Import Third-Party Assets API

],
"accounts": [
{
"username": "Administrator"
}
],
"services": [
{
"description": "Qualys Cloud Agent",
"name": "QualysAgent",
"status": "RUNNING"
}
],
"softwares": [
{
"name": "Python 3.10.5 (64-bit)",
"version": "3.10.5150.0",
"installedDate": "1527595015000",
"lastUpdated": "1685361415000",
"identifier": "Microsoft Office
OneDrive$#$19.232.1124.005$#$1",
"isSystemApp": false,
"isEnterpriseApp": true,
"publisher": "Python Software Foundation",
"language": "English",
"type": "Application",
"installPath": "/applocal/Microsoft/",
"lastUsedDate": "1685361415000",
"firstFoundDate": "1527595015000"
}
],
"ports": [
{
"port": 4500,
"description": "authip ipsec keying modules",
"protocol": "UDP",
"detectedService": "authip ipsec keying modules",
"firstFound": "1527595015000",
"lastUpdated": "1685361415000"
}
]
}
}
]
}

Response:
{
"message": "All Assets are successfully published for sync.",
"responseCode": "SUCCESSFULLY_PUBLISHED",
"assetsError": {}
}

94
 Import Third-Party Assets API

95
 Extended Certificates and Instance Details Support for Unmanaged Assets Detected by EASM

Extended Certificates and Instance Details

Support for Unmanaged Assets Detected by
EASM
You can view certificates and instance details of unmanaged assets detected by EASM
using the following Certificate View APIs:
- List CertView Certificates (v2) API
- List Server Instances API
Prerequisites
- CSAM 2.18.0.0 version or later
- certificate View 3.5.0.0 version or later
For more information, refer to the Certificate View 3.5 API Release Notes.

96
 Get a List of Unresolved Domains

Get a List of Unresolved Domains

This API helps you to get the list of unresolved domains discovered by EASM.
/rest/2.0/am/domain/list
[POST]

Input Parameters
Parameter Required/ Type Description
Optional
domainType Optional String Provide the value UNRESOLVED_DOMAINS. If this
value is not provided, the unresolved domains are
fetched by default.
domainFilterType Optional String Provide the value from the following to filter the
data according to your requirements. Note that
you must provide the exact value as shown.
- DOMAIN
- SUBDOMAIN
- ALL
pageSize Optional Integer Provide the value for the page size between the
range 1-5000. This field is used to decrease the
page size. The default page size is 5000.
lastFetchDomainID Optional Integer Provide the value of the lastFetchDomainId from
the previous request response. Use this field only
when the previous response contains "hasMore":1
and you need to fetch unresolved domains from
the next page.

Sample - Get a List of Unresolved Domains

API Request (without filter):
curl --location --request POST
'<qualys_base_url>/rest/2.0/am/domain/list' \
--header 'Authorization: <JWT token>' \
--data ''

Response:
{
"responseMessage": "Valid API Access",
"responseCode": "SUCCESS",
"hasMore": 0,
"count": 2,
"lastFetchDomainId": 981517119,
"domainListData": {
"domains": [
{
"domain": "ib.link",

97
 Get a List of Unresolved Domains

"subdomain": "www.ib.link",
"whoIs": {
"registrar": "Pxx-USA, Inc. dxx Domxxn Roxxt",
"registrantOrg": "Ixxxcaja Bxxco S.A.",
"registrantEmailId": null,
"creationDate": "2017-11-10"
}
},
{
"domain": "ib.link",
"whoIs": {
"registrar": "Pxxx. dxa Doxxin Rxxot",
"registrantOrg": "Ixxrcaja Bxxco S.A.",
"registrantEmailId": null,
"creationDate": "2017-11-10"
}
}
]
}
}

Note: The following fields in the response of the given API request indicate:
• hasMore: More unresolved domains are present on the next page.
• lastFetchDomainId: A unique ID for every unresolved domain that must be
passed as a parameter value to go to the next page.
• count: The count of unresolved domains on a particular page.

Important to Know!
• To filter data, you can use the following filters in the API body:asset.domain,
whoIs.registrantOrg, asset.subdomain, whoIs.registrantEmailId,
whoIs.registrar,tags.name, whoIs.creationDate.
• The supported operators for asset.domain, whoIs.registrantOrg, asset.subdomain,
whoIs.registrantEmailId, whoIs.registrar, tags.name are CONTAINS, IN, EQUALS,
NOT EQUALS.
• The supported operators for whoIs.creationDate are EQUALS, NOT EQUALS,
GREATER, LESSER, GREATER THAN EQUAL, LESS THAN EQUAL.

Sample (JSON format):

API Request (with filter):
curl --location '<qualys_base_url>/rest/2.0/am/domain/list' \
--header 'Content-Type: application/json' \
--header 'Authorization: <JWT token>' \
--data '{
"filters": [
{
"value": "ib.link",

98
 Get a List of Unresolved Domains

"field": "asset.domain",
"operator": "EQUALS"
},
{
"value": "www.ib.link",
"field": "asset.subdomain",
"operator": "EQUALS"
}
],
"operation": "AND"
}

API Response:
{
"responseMessage": "Valid API Access",
"responseCode": "SUCCESS",
"hasMore": 0,
"count": 1,
"lastFetchDomainId": 575375801,
"domainListData": {
"domains": [
{
"domain": "ib.link",
"subdomain": "www.ib.link",
"whoIs": {
"registrar": "PxxxA, Inc. dxa Dxxxin Rxxot",
"registrantOrg": "Ibxxxx xxxx xxA.",
"registrantEmailId": null,
"creationDate": "2017-11-10"
}
}
]
}
}

Sample (XML format):

API Request:
curl --location '<qualys_base_url>/rest/2.0/am/domain/list' \
--header 'Content-Type: application/xml' \
--header 'Authorization: <JWT token>' \
--data '<FilterRequest>
<filters>
<Criteria field="asset.subdomain"
operator="EQUALS"><value>ota.dev.ssllabs.com</value></Criteria>
<Criteria field="whoIs.creationDate" operator="EQUALS"><value>2009-1-
1</value></Criteria>
</filters>
<operation>AND</operation>
</FilterRequest>'

API Response:

99
 Get a List of Unresolved Domains

{
"responseMessage": "Valid API Access",
"responseCode": "SUCCESS",
"hasMore": 0,
"count": 1,
"lastFetchDomainId": -66826159,
"domainListData": {
"domains": [
{
"domain": "ssllabs.com",
"subdomain": "ota.dev.ssllabs.com",
"whoIs": {
"registrar": "Gxxx xxS",
"registrantOrg": "Qualys, Inc.",
"registrantEmailId": "f21eded51f345decec6706a0fada7d45-
[email protected]",
"creationDate": "2009-01-01"
}
}
]
}
}

100
 Appendix
Error Messages

Appendix
This appendix describes the types of error messages returned from GAV/CSAM API
requests, list of operators with supported attributes.

Error Messages

Error Code Description

400 The request could not be understood by the server
due to malformed syntax. This error also occurs if you
provide wrong (or unsupported) operator in the
request.
403 Forbidden This response code is returned for the following
scenarios:

- If the Asset Inventory License is in “Pending

Activation”.
- If “App API Enabled” option is not checked.
- If “App API Enabled” option is checked, but the
license expiration date (for Trial/Full customers) has
elapsed.
- If the customer’s license subscription cannot be
validated.
404 Not found The server has not found anything matching the
Request
416 Requested Range Not Please provide a Page Size value less than the max
Satisfiable page size limit set.
500 Failure The server encountered an unexpected condition
which prevented it from fulfilling the request

Supported Operators
This section of the appendix lists supported operators for tokens.

Operator Values
NUMERIC_OPERATORS EQUALS, IN, NOT_EQUALS, GREATER, LESSER,
GREATER_THAN_EQUAL, and LESS_THAN_EQUAL
NUMERIC_AND_NOT_E EQUALS, IN, GREATER, LESSER, GREATER_THAN_EQUAL,
QUAL_OPERATORS LESS_THAN_EQUAL
STRING_OPERATORS CONTAINS, IN, EQUALS, and NOT_EQUALS
STRING_AND_NOT_EQ CONTAINS, IN, and EQUALS
UAL_OPERATORS

101
 Appendix
Supported Operators

Operator Values
DATE_OPERATORS EQUALS, NOT_EQUALS, GREATER, LESSER, GREATER_THAN_EQUAL,
and LESS_THAN_EQUAL
BOOLEAN_OPERATORS EQUALS
ENUM_OPERATORS EQUALS, NOT_EQUALS, and IN
UUID_OPERATORS EQUALS and IN
IP_OPERATORS EQUALS and IN

Following table lists different attributes with supported operators:

Attribute Operator
Asset Attributes
asset.assetID NUMERIC_OPERATORS
asset.name STRING_OPERATORS
asset.created DATE_OPERATORS
asset.lastUpdated DATE_OPERATORS
asset.type ENUM_OPERATORS
asset.lastLoggedOnUser STRING_OPERATORS
asset.totalMemory NUMERIC_OPERATORS
asset.timezone STRING_OPERATORS
asset.trackingMethod ENUM_OPERATORS
asset.domainRole ENUM_OPERATORS
asset.riskScore ENUM_OPERATORS
asset.lastBoot DATE_OPERATORS
asset.netbiosName STRING_OPERATORS
asset.hostID NUMERIC_OPERATORS
asset.isContainerHost BOOLEAN_OPERATORS
asset.biosAssetTag STRING_OPERATORS
asset.biosDescription STRING_OPERATORS
asset.biosHardwareUUID STRING_OPERATORS
asset.biosSerialNumber STRING_OPERATORS
asset.agentID UUID_OPERATORS
asset.criticalityScore NUMERIC_OPERATORS
accounts.username STRING_OPERATORS
provider ENUM_OPERATORS
assetCategory STRING_OPERATORS

102
 Appendix
Supported Operators

Attribute Operator
isDockerHost BOOLEAN_OPERATORS
Inventory Attributes
inventory.source STRING_OPERATORS
inventory.created DATE_OPERATORS
inventory.lastUpdated DATE_OPERATORS
Processor Attributes
processors STRING_AND_NOT_EQUAL_OPERATORS
processors.speed NUMERIC_AND_NOT_EQUAL_OPERATORS
processors.coresPerSocket NUMERIC_OPERATORSaccounts
processors.multithreadingStatus BOOLEAN_OPERATORS
processors.numberofCpu NUMERIC_OPERATORSaccounts
processors.numberofSockets NUMERIC_OPERATORSaccounts
processors.threadsPerCore NUMERIC_OPERATORSaccounts
Container Attributes
container.noOfContainers NUMERIC_AND_NOT_EQUAL_OPERATORS
container.noOfImages NUMERIC_AND_NOT_EQUAL_OPERATORS
container.version STRING_AND_NOT_EQUAL_OPERATORS
container.hasSensor BOOLEAN_OPERATORS
container.product STRING_AND_NOT_EQUAL_OPERATORS
Interface Attributes
interfaces.hostname STRING_AND_NOT_EQUAL_OPERATORS
interfaces.interfaceName STRING_AND_NOT_EQUAL_OPERATORS
interfaces.macAddress STRING_AND_NOT_EQUAL_OPERATORS
interfaces.manufacturer STRING_AND_NOT_EQUAL_OPERATORS
interfaces.address IP_OPERATORS
interfaces.dnsAddress IP_OPERATORS
interfaces.gatewayAddress IP_OPERATORS
interfaces.netmask IP_OPERATORS
Open Ports Attributes
openPorts.description STRING_AND_NOT_EQUAL_OPERATORS
openPorts.detectedService STRING_AND_NOT_EQUAL_OPERATORS
openPorts.protocol STRING_AND_NOT_EQUAL_OPERATORS
openPorts.port NUMERIC_AND_NOT_EQUAL_OPERATORS
openPorts.firstFound DATE_OPERATORS

103
 Appendix
Supported Operators

Attribute Operator
openPorts.lastUpdated DATE_OPERATORS
Services Attributes
services.description STRING_AND_NOT_EQUAL_OPERATORS
services.name STRING_AND_NOT_EQUAL_OPERATORS
services.status STRING_AND_NOT_EQUAL_OPERATORS
Sensors Attributes
sensors.lastComplianceScan DATE_OPERATORS
sensors.lastFullScan DATE_OPERATORS
sensors.lastVmScan DATE_OPERATORS
Tag Attributes
tags.name EQUALS, IN, CONTAINS
tags.businessImpact EQUALS, IN, CONTAINS
Volume Attributes
volumes.free NUMERIC_AND_NOT_EQUAL_OPERATORS
volumes.size NUMERIC_AND_NOT_EQUAL_OPERATORS
volumes.name STRING_AND_NOT_EQUAL_OPERATORS
Agent Attributes
agent.version NUMERIC_AND_NOT_EQUAL_OPERATORS
agent.connectedFrom IP_OPERATORS
agent.errorStatus BOOLEAN_OPERATORS
agent.lastActivity DATE_OPERATORS
agent.lastCheckedIn DATE_OPERATORS
Hardware Attributes
hardware STRING_OPERATORS
hardware.category STRING_OPERATORS
hardware.category1 STRING_OPERATORS
hardware.category2 STRING_OPERATORS
hardware.manufacturer STRING_OPERATORS
hardware.model STRING_OPERATORS
hardware.product STRING_OPERATORS
hardware.lifecycle.stage STRING_OPERATORS
hardware.lifecycle.eos DATE_OPERATORS
hardware.lifecycle.ga DATE_OPERATORS
hardware.lifecycle.intro DATE_OPERATORS

104
 Appendix
Supported Operators

Attribute Operator
hardware.lifecycle.obs DATE_OPERATORS
Software Attributes
software.architecture STRING_OPERATORS
software.category STRING_OPERATORS
software.category1 STRING_OPERATORS
software.category2 STRING_OPERATORS
software.component STRING_OPERATORS
software.edition STRING_OPERATORS
software.marketVersion STRING_OPERATORS
software.name STRING_OPERATORS
software.product STRING_OPERATORS
software.publisher STRING_OPERATORS
software.supportStage STRING_OPERATORS
software.version STRING_OPERATORS
software.update STRING_OPERATORS
software.isPackage BOOLEAN_OPERATORS
software.isPackageComponent BOOLEAN_OPERATORS
software.license.category STRING_OPERATORS
software.license.subcategory STRING_OPERATORS
software.lifecycle.stage EQUALS and NOT_EQUALS
software.installDate DATE_OPERATORS
software.lastUseDate DATE_OPERATORS
software.lastUpdated DATE_OPERATORS
software.lifecycle.eol DATE_OPERATORS
software.lifecycle.eos DATE_OPERATORS
software.lifecycle.ga DATE_OPERATORS
software.authorization EQUALS, NOT_EQUALS, and IN
Operating System Attributes
operatingSystem STRING_OPERATORS
operatingSystem.category STRING_OPERATORS
operatingSystem.category1 STRING_OPERATORS
operatingSystem.category2 STRING_OPERATORS
operatingSystem.architecture STRING_OPERATORS
operatingSystem.component STRING_OPERATORS

105
 Appendix
Supported Operators

Attribute Operator
operatingSystem.edition STRING_OPERATORS
operatingSystem.marketVersion STRING_OPERATORS
operatingSystem.name STRING_OPERATORS
operatingSystem.publisher STRING_OPERATORS
operatingSystem.version STRING_OPERATORS
operatingSystem.update STRING_OPERATORS
operatingSystem.lifecycle.stage STRING_OPERATORS
operatingSystem.installDate DATE_OPERATORS
operatingSystem.lifecycle.eol DATE_OPERATORS
operatingSystem.lifecycle.eos DATE_OPERATORS
operatingSystem.lifecycle.ga DATE_OPERATORS
AWS Attributes
aws.ec2.availabilityZone STRING_OPERATORS
aws.ec2.instanceType STRING_OPERATORS
aws.ec2.publicDNS STRING_OPERATORS
aws.ec2.privateDNS STRING_OPERATORS
aws.ec2.accountId STRING_OPERATORS
aws.ec2.imageId STRING_OPERATORS
aws.ec2.instanceId STRING_OPERATORS
aws.ec2.instanceState STRING_OPERATORS
aws.ec2.region.code STRING_OPERATORS
aws.ec2.subnetId STRING_OPERATORS
aws.ec2.vpcId STRING_OPERATORS
aws.ec2.hostname STRING_OPERATORS
aws.ec2.privateIpAddress IP_OPERATORS
aws.ec2.publicIpAddress IP_OPERATORS
aws.tags.key STRING_OPERATORS
aws.tags.value STRING_OPERATORS
aws.ec2.spotInstance STRING_OPERATORS
aws.ec2.launchDate DATE_OPERATORS
aws.ec2.hasAgent BOOLEAN_OPERATORS
Azure Attributes
azure.vm.imageOffer STRING_OPERATORS
azure.vm.imagePublisher STRING_OPERATORS

106
 Appendix
Supported Operators

Attribute Operator
azure.vm.imageVersion STRING_OPERATORS
azure.vm.name STRING_OPERATORS
azure.vm.size STRING_OPERATORS
azure.vm.vmId STRING_OPERATORS
azure.vm.resourceGroupName STRING_OPERATORS
azure.vm.virtualNetwork STRING_OPERATORS
azure.vm.state STRING_OPERATORS
azure.vm.subnet STRING_OPERATORS
azure.vm.subscriptionId STRING_OPERATORS
azure.vm.location STRING_OPERATORS
azure.vm.platform STRING_OPERATORS
azure.vm.macAddress STRING_OPERATORS
azure.tags.value STRING_OPERATORS
azure.tags.name STRING_OPERATORS
azure.vm.privateIpAddress IP_OPERATORS
azure.vm.publicIpAddress IP_OPERATORS
azure.vm.hasAgent BOOLEAN_OPERATORS
GCP Attributes
gcp.compute.hostname STRING_OPERATORS
gcp.compute.instanceId STRING_OPERATORS
gcp.compute.machineType STRING_OPERATORS
gcp.compute.network STRING_OPERATORS
gcp.compute.projectId STRING_OPERATORS
gcp.compute.projectNumber STRING_OPERATORS
gcp.compute.macAddress STRING_OPERATORS
gcp.compute.state STRING_OPERATORS
gcp.compute.zone STRING_OPERATORS
gcp.compute.privateIpAddres IP_OPERATORS
gcp.compute.publicIpAddress IP_OPERATORS
OCI Attributes
oci.compute.availabilityDomain STRING_OPERATORS
oci.compute.canonicalRegionName STRING_OPERATORS
oci.compute.compartmentId STRING_OPERATORS
oci.compute.compartmentName STRING_OPERATORS

107
 Appendix
Supported Operators

Attribute Operator
oci.compute.displayName STRING_OPERATORS
oci.compute.faultDomain STRING_OPERATORS
oci.compute.hostName STRING_OPERATORS
oci.compute.imageId STRING_OPERATORS
oci.compute.ociId STRING_OPERATORS
oci.compute.region STRING_OPERATORS
oci.compute.shape STRING_OPERATORS
oci.compute.state STRING_OPERATORS
oci.compute.tenantId STRING_OPERATORS
oci.compute.tenantName STRING_OPERATORS
oci.compute.timeCreated STRING_OPERATORS
oci.tags STRING_OPERATORS
oci.tags.key STRING_OPERATORS
oci.tags.namespace STRING_OPERATORS
oci.tags.type STRING_OPERATORS
oci.tags.value STRING_OPERATORS
oci.vnic.macAddr STRING_OPERATORS
oci.vnic.nicIndex STRING_OPERATORS
oci.vnic.privateIp IP_OPERATORS
oci.vnic.publicIp IP_OPERATORS
oci.vnic.subnetCidrBlock STRING_OPERATORS
oci.vnic.subnetId STRING_OPERATORS
oci.vnic.subnetName STRING_OPERATORS
oci.vnic.vcnId STRING_OPERATORS
oci.vnic.vcnName STRING_OPERATORS
oci.vnic.virtualRouterIp STRING_OPERATORS
oci.vnic.vlanTag STRING_OPERATORS
oci.vnic.vnicId STRING_OPERATORS
IBM Cloud Attributes
ibm.tags STRING_OPERATORS
ibm.tags.name STRING_OPERATORS
ibm.tags.value STRING_OPERATORS
ibm.virtualServer.datacenterId STRING_OPERATORS
ibm.virtualServer.deviceName STRING_OPERATORS

108
 Appendix
Supported Operators

Attribute Operator
ibm.virtualServer.domain STRING_OPERATORS
ibm.virtualServer.id STRING_OPERATORS
ibm.virtualServer.location STRING_OPERATORS
ibm.virtualServer.privateIpAddress IP_OPERATORS
ibm.virtualServer.privateVlan STRING_OPERATORS
ibm.virtualServer.publicIpAddress IP_OPERATORS
ibm.virtualServer.publicVlan STRING_OPERATORS
ibm.virtualServer.state STRING_OPERATORS
Geo IP Attributes
asset.lastLocation STRING_OPERATORS
asset.lastLocation.city STRING_OPERATORS
asset.lastLocation.country STRING_OPERATORS
asset.lastLocation.continent STRING_OPERATORS
asset.lastLocation.postal STRING_OPERATORS
asset.lastLocation.state STRING_OPERATORS
Business Information Attributes
asset.org.company STRING_OPERATORS
asset.org.department STRING_OPERATORS
asset.ownedBy STRING_OPERATORS
asset.managedBy STRING_OPERATORS
asset.supportedBy STRING_OPERATORS
asset.supportGroup STRING_OPERATORS
asset.environment STRING_OPERATORS
asset.operationalStatus STRING_OPERATORS
asset.assignedLocation.name STRING_OPERATORS
asset.assignedLocation.city STRING_OPERATORS
asset.assignedLocation.state STRING_OPERATORS
asset.assignedLocation.country STRING_OPERATORS
businessApp.name STRING_OPERATORS
businessApp.id STRING_OPERATORS
businessApp.businessCriticality STRING_OPERATORS
businessApp.ownedBy STRING_OPERATORS
businessApp.supportGroup STRING_OPERATORS
businessApp.operationalStatus STRING_OPERATORS

109
 Appendix
Supported Operators

Attribute Operator
businessApp.environment STRING_OPERATORS
businessApp.managedBy STRING_OPERATORS
businessApp.supportedBy STRING_OPERATORS
External Attack Surface Management
(EASM) Attributes
asset.org.name STRING_OPERATORS
asset.asn STRING_OPERATORS
asset.isp STRING_OPERATORS
asset.domain STRING_OPERATORS
asset.subdomain STRING_OPERATORS
whoIs.creationDate DATE_OPERATORS
whoIs.registrantOrg STRING_OPERATORS
whoIs.registrantEmailId STRING_OPERATORS
whoIs.registrar STRING_OPERATORS
Custom Attributes
customAttributes.key STRING_OPERATORS
customAttributes.value STRING_OPERATORS
customAttributes.connectorId NUMERIC_OPERATORS

Note: The following tokens are available only for CSAM License Subscriber:
hardware.lifecycle.stage, hardware.lifecycle.eos, hardware.lifecycle.ga,
hardware.lifecycle.intro, hardware.lifecycle.obs,
software.authorization, software.license.category,
software.license.subcategory, software.lifecycle.eol,
software.lifecycle.eos, software.lifecycle.ga, software.lifecycle.stage,
software.isPackage, software.isPackageComponent,
operatingSystem.lifecycle.eol, operatingSystem.lifecycle.eos,
operatingSystem.lifecycle.ga, operatingSystem.lifecycle.stage,
customAttributes.key, customAttributes.value, and
customAttributes.connectorId

Note: The External Attack Surface Management (EASM) is now GAed and all CSAM
customers will be able to activate this feature from their home page. The following tokens
are available after the feature is activated:
asset.org.name, asset.asn, asset.isp, asset.domain, asset.subdomain,
whoIs.creationDate, whoIs.registrantOrg, whoIs.registrantEmailId, and
whoIs.registrar

110
 Appendix
Supported Operators

Following are some example to understand the different supported operators by

comparing QQL(UI) tokens:
Example 1 - hardware.category1:Computers
Request Body in XML:
<FilterRequest>
<filters>
<Criteria field="hardware.category1" operator="CONTAINS">
<value>Computers</value>
</Criteria>
</filters>
</FilterRequest>

OR Request Body in Json:

{
"filters": [
{
"field": "hardware.category1",
"operator": "CONTAINS",
"value": "Computers"
}
]
}

Example 2 - hardware.manufacturer:`Apple` OR hardware.manufacturer:`HPE`

Request Body in XML:
<FilterRequest>
<filters>
<Criteria field="hardware.manufacturer" operator="IN">
<value>Apple,HPE</value>
</Criteria>
</filters>
</FilterRequest>

Example 3 - software:(product:Python and update:2.7.5)

Request Body in XML:
<FilterRequest>
<filters>
<Criteria field="software.product" operator="CONTAINS">
<value>Python</value>
</Criteria>
<Criteria field="software.update" operator="CONTAINS">

111
 Appendix
Supported Operators

<value>2.7.5</value>
</Criteria>
</filters>
</FilterRequest>

Example 4 - operatingSystem.category1:`Mac` and hardware.category:Notebook

Request Body in XML:
<FilterRequest>
<filters>
<Criteria field="operatingSystem.category1"
operator="EQUALS">
<value>Mac</value>
</Criteria>
<Criteria field="hardware.category" operator="EQUALS">
<value>Notebook</value>
</Criteria>
</filters>
</FilterRequest>

Example 5 - operatingSystem.category1:`Mac` or hardware.category:Notebook

Request Body in XML:
<FilterRequest>
<filters>
<Criteria field="operatingSystem.category1"
operator="EQUALS">
<value>Mac</value>
</Criteria>
<Criteria field="hardware.category" operator="EQUALS">
<value>Notebook</value>
</Criteria>
</filters>
<operation>OR</operation>
</FilterRequest>

Request Body in Json:

{
"filters": [
{

112
 Appendix
Supported Operators

"field": "operatingSystem.category1",
"operator": "EQUALS",
"value": "Mac"
},
{
"field": "hardware.category",
"operator": "EQUALS",
"value": "Notebook"
}
],
"operation": "OR"
}

Example 6 - operatingSystem.category1:`Mac` and hardware.category:Notebook

Request Body in XML:
<FilterRequest>
<filters>
<Criteria field="operatingSystem.category1"
operator="EQUALS">
<value>Mac</value>
</Criteria>
<Criteria field="hardware.category" operator="EQUALS">
<value>Notebook</value>
</Criteria>
</filters>
<operation>AND</operation>
</FilterRequest>

113