Qualys REST messages

Qualys REST messages are used to make calls to the Qualys API.

Qualys Host Detection REST message

The Qualys Host Detection REST message makes the initial call to the Host List Detection API for the Qualys Host Detection Integration.

Table 1. Qualys host detection REST message parameters
Parameter Name Value Description
action list Indicates the type of operation requested.

Required parameter; changes are not required.

output_format XML Sets the format of the report returned by Qualys.

The various scripts and transforms assume XML, so changes to the value are not recommended.

vm_scan_since ${lastScanDate} Retrieves data based on the last scan date. The value is a variable that is set from the integration based on the last time the integration was run.

Modifying this value is not recommended, but you can remove it if you need to retrieve all vulnerability data. However, due to the volume of data, removing the value is NOT recommended.

truncation_limit 500

The number of hosts to retrieve data from, per request. This is used for pagination purposes.

The default value is 500, but larger or smaller values can be used.

Smaller values require more calls to the Qualys API and larger values result in larger result sets to process and potential data retrieval/processing timeouts.

status New, Fixed, Active, Re-opened Detection statuses to retrieve from Qualys.

The default is to retrieve all statuses, but for large data pulls (often the initial pull of data), it can be beneficial to exclude Fixed statuses from this list.

It is important to include the Fixed status when updating vulnerabilities already in the system.

Qualys host detection pagination REST message

The Host Detection Pagination REST message handles pagination requests to the Host Detection API.

When the primary host detection runs, if the Qualys API provides a URL to fetch the next page of data, this REST message retrieves that additional data. This data is used by Host Detection Pagination Handler.

Host detection pagination REST is a specialized REST message and is not intended to be modified.

Qualys knowledge base (backfill) REST message

The Qualys Knowledge Base (Backfill) REST message retrieves Qualys knowledge base data based on the last modified timestamp of the vulnerability data for the Qualys Knowledge Base integration.

Changes to the REST message method record impact the request made to Qualys to retrieve knowledge base information.

The table below shows the request parameters that are sent.

Table 2. Qualys knowledge base (backfill) REST message parameters
Parameter Value Description
action list Indicates the type of operation being requested.

Required parameter; changes are not recommended.

details All

Indicates the level of detail shown for vulnerabilities retrieved.

Safe to modify as needed.

ids ${qids}

Specifies which QIDs to retrieve from Qualys.

Referenced in code; modifications are not recommended.

Qualys knowledge base (date-based) REST message

The Qualys Knowledge Base (Date-Based) REST message is used to retrieve Qualys knowledge base data based on the last modified timestamp of the vulnerability data. This message is used by the Qualys Knowledge Base integration.

Changes to the REST message method record impact the request made to Qualys to retrieve knowledge base information.

The following table shows the request parameters that are sent.

Table 3. Qualys knowledge base (date-based) REST message parameters
Source Field Target Field Description
action list Indicates the type of operation requested.

Required parameter; changes are not recommended.

details All Indicates the level of detail shown for vulnerabilities retrieved.

Safe to modify as needed.

last_modified_after ${dateStart} Indicates when to start retrieving historical data.

Used by code to determine both the start time and to assist with pagination.

Modifications or removal is not recommended.

last_modifiedbefore ${dateEnd}

Indicates when to end retrieving historical data. Used by code to determine both the end time and to assist with pagination.

Modifications or removal is not recommended.

Qualys tickets REST message

The Qualys tickets REST message retrieves Qualys ticket information for the Qualys Ticket Integration. Changes to the REST message method record impact the requests made to Qualys to retrieve ticket information.

The table shows the request parameters that are sent.

Table 4. Qualys tickets REST message parameters
Parameter Name Value Description
modified_since_datetime ${lastRunDatetime}

Indicates the last run date of the integration and the date after which to pull data.

Used by code; changes are not recommended.

since_ticket_number ${lastTicketNumber}

Indicates which ticket was last retrieved from Qualys.

Used for pagination; changes are not recommended.

show_vuln_details 1

Indicates whether the vulnerability details are retrieved.