Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 1 of 41
`Case 4:18-cv-07229—YGR Document 158-12 Filed 01/23/21 Page 1 of 41
`
`
`
`
`
`
`
`
`
`
`
`
`
`EXHIBIT 11
`
`EXHIBIT 11
`
`
`Case 4:18-cv-07229—YGR Document 158-12 Filed 01/23/21 Page 1 of 41
`
`
`
`
`
`
`
`
`
`
`
`
`
`EXHIBIT 11
`
`EXHIBIT 11
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 2 of 41
`Qualys API client examples I Qualys Community
`
`More documents in Developer
`
`Log in to create and rate content, and to follow, bookmark, and share content with other members. Not a member? Join Now!
`
`Qualys API client examples
`
`M Document created by Parag Baxi on Oct 3, 2013 • Last modified by Jeff Leggett on Feb 22, 2017
`1..% Version 44
`
`afi Like • 9
`
`Q Comment • 26
`
`Note: This is unsupported.
`
`C#, RestSharp
`
`• API vl
`
`• API v2
`
`Go Language Example
`
`• AM API
`
`Groovy, httpbuilder's RESTClient
`
`• API v1
`
`• API v2
`
`• WAS API
`
`• AM API
`
`Perl, LWP
`
`• API v1 and v2
`
`• WAS API
`
`• AM API
`
`PHP 5+, SimpleQAPI class
`
`• API v1 and v2
`
`• WAS API
`
`PHP 4+, curl
`
`• API v1 and v2
`
`• WAS API
`
`• AM API
`
`Python 2.x, qualysapi
`
`• API v1
`
`https://community.qualys.com/docs/DOC-4523-qualys-api-client-examples
`
`1/40
`
`FINJAN-QUALYS 042650
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 3 of 41
`Qualys API client examples I Qualys Community
`
`• API v2
`
`• WAS API
`
`• AM API
`
`• Pagination
`
`Ruby, rest-client
`
`• API vl
`
`• API v2
`
`• WAS
`
`• AM
`
`Ruby, httparty
`
`• API vl
`
`• API v2
`
`• WAS
`
`• AM
`
`VB.NET, vb_net_rest_sharp
`
`VB Script, getXMLFile
`
`• API vl
`
`• API v2
`
`Web browser, Chrome, Postman
`
`• Install and configure POSTMAN
`
`• How to use sample collections
`
`Windows Powershell 3.0
`
`• API vi
`
`• WAS API
`
`• AM API
`
`Purpose
`
`This is a community driven document to demonstrate examples of how to connect to the Qualys API using
`
`various platforms.
`
`C#, RestSharp
`The open source library assists in making calls to all API versions:
`
`http://restsharp.org/
`
`https://community.qualys.com/docs/DOC-4523-qualys-api-client-examples
`
`2/40
`
`FINJAN-QUALYS 042651
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 4 of 41
`Qualys API client examples I Qualys Community
`
`API vl
`Sample code:
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`29
`30
`31
`32
`33
`34
`35
`36
`37
`
`using System;
`
`using System.Collections.Generic;
`
`using System.Xml;
`
`using System.Xml.Linq;
`
`using System.Linq;
`
`using System.Text;
`
`using RestSharp;
`
`// Set up REST client to connect to US Platform 1.
`
`var client = new RestClient("
`
`https://qualysapi.qualys.com
`
`II ) ;
`
`// Set up credentials.
`
`client.Authenticator = new HttpBasicAuthenticator("username", "password");
`
`//
`
`// GET request
`
`// See QualysGuard version.
`
`//
`
`var request = new RestRequest("msp/about.php");
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`3/40
`
`FINJAN-QUALYS 042652
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 5 of 41
`Qualys API client examples I Qualys Community
`
`38
`
`39
`
`40
`
`41
`
`42
`
`43
`44
`45
`
`46
`
`47
`
`48
`49
`
`50
`51
`
`52
`
`53
`
`54
`55
`
`56
`
`57
`
`58
`59
`
`60
`
`61
`
`62
`
`63
`
`64
`
`65
`66
`67
`68
`
`69
`
`70
`
`71
`72
`
`73
`
`74
`
`75
`76
`77
`
`78
`
`79
`
`80
`
`81
`
`IRestResponse response = client.Execute(request);
`
`// Response contains the XML file.
`
`Console.WriteLine (response.Content);
`
`//
`
`// POST request.
`
`// Download raw scan results of scan/1234567890.12345.
`
`//
`
`// This method does not work!
`
`// var request_post = new RestRequest ("msp/scan_report.php", Method.POST);
`
`// request_post.AddParameter("ref", "scan/1390453521.15910");
`
`//
`
`// This method does work.
`
`var endpoint = String.Format("msp/scan_report.php?{0}={1}",
`
`"ref", "scan/1234567890.12345");
`
`var request_post = new RestRequest (endpoint, Method.POST);
`
`response = client. Execute(request_post);
`
`// Print out headers to see remaining calls against API limits.
`
`foreach (var header in response.Headers){
`
`Console. WriteLine(header);
`
`}
`
`// Print scan results.
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`4/40
`
`FINJAN-QUALYS 042653
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 6 of 41
`Qualys API client examples I Qualys Community
`
`Console.WriteLine(response.Content)
`
`82
`83
`
`84
`
`85
`
`86
`
`87
`
`88
`89
`
`API v2
`
`Sample code:
`
`1
`2
`
`3
`
`4
`
`5
`
`6
`7
`
`8
`
`9
`10
`
`11
`12
`
`13
`
`14
`15
`
`16
`
`17
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`24
`
`25
`26
`
`27
`
`28
`29
`
`30
`
`using System;
`
`using System.Collections.Generic;
`
`using System.Xml;
`
`using System.Xml.Linq;
`
`using System.Linq;
`
`using System.Text;
`
`using RestSharp;
`
`// Set up REST client to connect to US Platform 1.
`
`var client = new RestClient("
`
`https://qualysapi.qualys.com
`
`IIII ) ;
`
`// Set up credentials.
`
`client.Authenticator = new HttpBasicAuthenticator("username", "password");
`
`//
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`5/40
`
`FINJAN-QUALYS 042654
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 7 of 41
`Qualys API client examples I Qualys Community
`
`31
`
`32
`
`33
`
`34
`
`35
`
`36
`
`37
`38
`
`39
`40
`
`41
`42
`
`43
`44
`45
`
`46
`
`47
`
`48
`49
`
`50
`
`51
`
`52
`
`53
`54
`
`55
`
`56
`
`57
`
`58
`59
`60
`
`61
`
`62
`
`63
`
`64
`
`65
`66
`
`67
`68
`
`69
`
`70
`71
`
`72
`
`73
`74
`
`// v2 GET request.
`
`// Print out scans that ended in error.
`
`//
`
`var request = new RestRequest("api/2.0/fo/scan/", Method.GET);
`
`// Add header, reqiured for v2 API.
`
`request.AddHeader("X-Requested-With", "RestSharp");
`
`request.AddParameter("action", "list");
`
`response = client. Execute(request);
`
`var xml_text = response.Content;
`
`// Let's see where we are on our API limit. Do we need to throttle our script?
`
`foreach (var header in response.Headers){
`
`Console.WriteLine(header);
`
`}
`
`Console.WriteLine ("\n(Press enter to continue.)");
`
`pause_me = Console.ReadLine();
`
`//
`
`// Parse the XML to make it actionable.
`
`//
`
`// Load XML string.
`
`XDocument xdoc = XDocument.Parse(xml_text);
`
`// Parse XML for each scan.
`
`var scans = from scan in xdoc.Descendants ("SCAN")
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`6/40
`
`FINJAN-QUALYS 042655
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 8 of 41
`Qualys API client examples I Qualys Community
`
`select new {
`
`scan_ref = (string)scan.Element ("REF"),
`
`title = (string)scan.Element ("TITLE"),
`
`status = (string)scan.Element("STATUS").Element("STATE")
`
`75
`
`76
`
`77
`
`78
`
`79
`
`80
`
`81
`82
`
`83
`84 } ;
`85
`
`86
`
`87
`88
`
`89
`90 // Print out each scan reference, title, and status.
`
`91
`92 // Join the data into a string.
`93
`94 StringBuilder result = new StringBuilder();
`95
`96 //Loop through results
`97
`
`98 foreach (var scan in scans)
`
`99
`100 {
`101
`
`102
`103
`104 }
`105
`
`result.AppendLine(scan.scan_ref + " " + scan.title + " " + scan.status)
`
`106 Console.WriteLine(result.ToString());
`
`107
`
`108
`109
`
`110
`
`111
`
`112 // Print only scans that ended in error.
`
`113
`114 StringBuilder error_result = new StringBuilder();
`
`115
`
`116 //Loop through results
`
`117
`118 foreach (var scan in scans)
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`7/40
`
`FINJAN-QUALYS 042656
`
`
`
`4/13/2019
`
`119
`
`120
`
`{
`
`121
`
`122
`
`123
`
`124
`125
`126
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 9 of 41
`Qualys API client examples I Qualys Community
`
`if (scan.status == "Error") {
`
`error_result.AppendLine (scan.scan_ref + " " + scan.title + "
`
`}
`
`127
`128 }
`129
`130 Console.WriteLine(error_result.To5tring());
`131
`
`132
`133
`
`134
`
`135
`
`136
`
`Go Language Example
`AM API
`Go lends itself very well to Qualys' REST based API's - it includes builtin library support for HTTP and XML
`parsing. Further it's built in concurrency support will make multi threaded apps easy to use as well. Here's an
`initial example of using Go with the Asset Management API's
`
`package main
`
`import (
`"encoding/base64"
`
`"encoding/xml"
`"flag"
`
`"fmt"
`
`"io/ioutil"
`
`"net/http"
`
`func Get_Credential_Hash(User string, Password string) string {
`
`return base64.5tdEncoding.EncodeToString(Mbyte(User + ":" + Password))
`
`}
`
`https:llcommunity.qualys.corn/docs/DOC-4523-qualys-api- client. examples
`
`8/40
`
`FINJAN-QUALYS 042657
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 10 of 41
`Qualys API client examples I Qualys Community
`
`func Get_Command_Line_Args() (string, string, string) {
`
`/* Get cmd line paramters */
`
`UserPtr := flag.String("User", "BOGUS", "Qualys Account User Name")
`
`PasswordPtr := flag.String("Password", "BOGUS", "Qualys Account password")
`
`APIURLPtr := flag.String("API URL", "https://qualysapi.qualys.com/", "Qualys API endpoi
`
`flag.Parse()
`return *UserPtr, *PasswordPtr, *APIURLPtr
`}
`
`func QAPI_Hostasset_Count() int {
`
`type Hostasset_Count struct {
`ResponseCode string 'xml:"responseCode"'
`
`Count int 'xml:"count"'
`}
`
`User, Password, APIURL := Get_Command_Line_Args()
`
`encodedcred := Get_Credential_Hash(User, Password)
`
`url := APIURL + "qps/rest/2.0/count/am/hostasset/"
`
`req, _ := http.NewRequest("GET", url, nil)
`
`req.Header.Add("X-requested-with", "GOLANG")
`req.Header.Add("authorization", "Basic "+encodedcred)
`
`/* req.Header.Add() */
`
`res, _ := http.DefaultClient.Do(req)
`
`defer res.Body.Close()
`
`body, _ := ioutil.ReadAll(res.Body)
`
`/* fmt.Println(res)
`
`fmt.Println(string(body)) */
`var c Hostasset_Count
`
`xml.Unmarshal(body, &c)
`if c.ResponseCode == "SUCCESS" {
`
`return c.Count
`} else {
`return -1
`}
`
`}
`
`func main() {
`
`var numassets int
`numassets = QAPI_Hostasset_Count()
`
`if numassets >= 0 {
`
`fmt.Println("Numnber of Assets:", numassets)
`}
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`9/40
`
`FINJAN-QUALYS 042658
`
`
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 11 of 41
`Qualys API client examples I Qualys Community
`
`4/13/2019
`
`}
`
`Groovy, httpbuilder's RESTCIient
`This open source package assists in making calls to all API versions.
`
`API vl
`Sample code:
`
`import groovyx.net.http.RESTClient
`
`// Set up REST client.
`
`def qgc = new RESTClient('
`https://qualysapi.qualys.com/msp/
`')
`
`// Set headers.
`
`qgc.defaultRequestHeaders.'X-Requested-With' = 'Groovy'
`
`qgc.auth.basic 'username', 'password'
`
`// Optional: Force response handler to pass raw text to pass onto a parser like SAX
`
`//qgc.parser.'application/xml' = qgc.parser.'text/plain'
`
`// Call API via GET.
`
`def response = qgc.get(path:'about.php')
`
`// Store body of data separately.
`
`def xml = response.getData()
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`29
`30
`31
`32
`
`https://community.qualys.com/docs/DOC-4523-qualys-api-client-examples
`
`10/40
`
`FINJAN-QUALYS 042659
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 12 of 41
`Qualys API client examples I Qualys Community
`
`API v2
`Sample code:
`
`TODO
`
`1
`2
`3
`4
`5
`6
`7
`8
`
`WAS API
`Sample code:
`
`TODO
`
`1
`2
`3
`4
`5
`6
`7
`8
`
`AM API
`Sample code:
`
`TODO
`
`1
`2
`3
`4
`5
`6
`7
`8
`
`https://community.qualys.com/docs/DOC-4523-qualys-api-client-examples
`
`11/40
`
`FINJAN-QUALYS 042660
`
`
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 13 of 41
`Qualys API client examples I Qualys Community
`
`4/13/2019
`
`9
`10
`
`Peri, LWP
`The open source library assists in making calls to all API versions.
`API vl and v2
`Sample code:
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`29
`30
`31
`32
`
`use LWP;
`
`# retrieving data via HTTPS
`
`# Set base url to US Pod 1.
`
`my $APIURL = "qualysguard.qualys.com"
`
`# retrieves Scan_history for the account and saves to file
`
`my $url = "
`https://$APIURL/api/2.0/fo/asset/host/?action=list&details=All&ag_titles=All+Compli
`
`# Set creds.
`
`my $username = "username";
`
`my $passwd = "password";
`
`# Set up request headers.
`
`my $browser = LWP::UserAgent->new;
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`12/40
`
`FINJAN-QUALYS 042661
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 14 of 41
`Qualys API client examples I Qualys Community
`
`$browser->default_headers->header('X-Requested-with' => 'Sample');
`
`$browser->agent("libwww - script");
`
`# Send GET request.
`
`my $request = HTTP::Request->new( GET=>$url );
`
`$request->authorization_basic($username, $passwd);
`
`my $response = $browser->request($request);
`
`my $content = $response->content;
`
`## Save to file.
`
`open( XMLOUT, ">output.xml" );
`
`print XMLOUT $content;
`
`close( XMLOUT );
`
`33
`34
`35
`36
`37
`38
`39
`40
`41
`
`42
`
`43
`44
`
`45
`46
`47
`
`48
`
`49
`50
`
`51
`
`52
`
`53
`54
`
`55
`
`56
`
`57
`
`58
`
`59
`60
`
`61
`
`62
`63
`
`WAS API
`Sample code:
`
`TODO
`
`1
`2
`3
`4
`5
`6
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`13/40
`
`FINJAN-QUALYS 042662
`
`
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 15 of 41
`Qualys API client examples I Qualys Community
`
`4/13/2019
`
`7
`8
`
`AM API
`Sample code:
`
`TODO
`
`1
`2
`3
`4
`5
`6
`7
`8
`
`PHP 5+, SimpleQAPI class
`This community published package by Peter Stiehl assists in making calls to the API:
`Simple PHP Qualys API class
`API vl and v2
`Sample code:
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`
`$params = array('qlogin' => 'Qualys login',
`
`'connectTimeout' => 10',
`
`'timeout' => 59',
`
`'qpassword' => 'Qualys Password',
`
`'qdomain' => 'Qualys domain without HTTP', // For example 'qualysap
`
`'plogin' => 'Proxy login',
`
`'ppassword' => 'Proxy password',
`
`'headers' => array('X-Requested-With: SimpleQAPI'),
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`14/40
`
`FINJAN-QUALYS 042663
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 16 of 41
`Qualys API client examples I Qualys Community
`
`'purl' => '
`
`http://proxy.to.use
`
`'pport' => 'port number');
`
`$SimpleQAPI = new SimpleQAPI($params);
`
`// You have to use the login() method to be able to launch the view_xxx_list() meth
`
`// For each request the answer is stored in $SimpleQAPI->resp
`
`$SimpleQAPI->login();
`
`// This should print : 201x-xx-xxTxx:xx:xxZ Logged in
`
`echo $SimpleQAPI->resp;
`
`$SimpleQAPI->logout();
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`23
`24
`
`25
`
`26
`
`27
`28
`
`29
`
`30
`31
`
`32
`
`33
`34
`
`35
`
`36
`
`37
`
`38
`
`39
`40
`
`41
`
`42
`
`43
`44
`45
`
`46
`47
`48
`
`WAS API
`Sample code:
`
`TODO
`
`1
`
`2
`
`3
`
`4
`
`5
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`15/40
`
`FINJAN-QUALYS 042664
`
`
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 17 of 41
`Qualys API client examples I Qualys Community
`
`4/13/2019
`
`6
`
`7
`
`PHP 4+, curl
`Initialize a CURL session from PHP: http://www.php.net/manual/en/function.curl-exec.php
`API vl and v2
`Sample code:
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`29
`30
`31
`32
`
`<?php
`
`$username="ENTER_YOUR_USERNAME";
`
`$password="ENT ER_YOUR_PASSWORD";
`
`$ch = curl_init();
`
`$cookie]ar = dirname( FILE ) . '/cookie.txt';
`
`curl_setopt($ch, CURLOPT_URL, "
`https://qualysapi.qualys.com/api/2.0/fo/session/
`
`");
`
`curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-Requested-With: PHP curl
`
`1));
`
`curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieJar);
`
`curl_setopt($ch, CURLOPT_POST, 1);
`
`curl_setopt($ch, CURLOPT_POSTFIELDS, "action=login&username=$username&password=$pas
`
`$result = curl_exec ($ch) or die(curl_error($ch));
`
`echo $result;
`
`echo curl_error($ch);
`
`$ch = curl_init
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`16/40
`
`FINJAN-QUALYS 042665
`
`
`
`4/1 3/2 01 9
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 18 of 41
`Qualys API client examples I Qualys Community
`
`https://qualysapi.qualys.com/api/2.0/fo/appliance/
`
`");
`
`curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-Requested-With: PHP curl'));
`
`curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookieJar);
`
`curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
`
`curl_setopt($ch, CURLOPT_POST, 1);
`
`curl_setopt($ch, CURLOPT_POSTFIELDS, "action=list&output_mode=full");
`
`$output = curl_exec ('
`
`;
`
`echo $output;
`
`curl_close ($ch);
`
`?>
`
`33
`34
`35
`36
`37
`38
`39
`40
`41
`42
`43
`44
`45
`46
`47
`48
`49
`50
`51
`52
`53
`54
`55
`56
`57
`58
`s9
`
`WAS API
`
`Sample code:
`
`TODO
`
`1
`
`2
`
`3
`4
`
`5
`
`6
`7
`
`8
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`17/40
`
`FINJAN-QUALYS 042666
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 19 of 41
`Qualys API client examples I Qualys Community
`
`AM API
`Sample code:
`
`TODO
`
`1
`2
`3
`4
`5
`6
`7
`8
`
`Python 2.x, qualysapi
`This open source package assists in making calls to all API versions.
`
`More info:
`https://github.com/paragbaxi/qualysapi
`API vl
`Sample code:
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`
`import qualysapi
`
`# Setup connection to QualysGuard API -- only perform once per script.
`
`qgc = qualysapi.connect('config.txt')
`
`# API vi call: Scan the New York & Las Vegas asset groups
`
`# The call is our request's first parameter.
`
`call = 'scan.php'
`
`# The parameters to append to the url is our request's second parameter.
`
`parameters = {'scan_title': 'Go big or go home', 'asset_groups': 'New York&Las Vega
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`18/40
`
`FINJAN-QUALYS 042667
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 20 of 41
`Qualys API client examples I Qualys Community
`
`# Note qualysapi will automatically convert spaces into plus signs for API vi & v2.
`
`# Let's call the API and store the result in xml_output.
`
`xml_output = qgc.request(call, parameters)
`
`print xml_output
`
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`29
`30
`31
`12
`
`API v2
`
`Sample code:
`
`import qualysapi
`
`# Setup connection to QualysGuard API -- only perform once per script.
`
`qgc = qualysapi.connect('config.txt')
`
`# API v2 call: Print out DNS name for a range of IPs.
`
`call = '/api/2.0/fo/asset/host/'
`
`parameters = {'action': 'list', 'ips': '10.0.0.10-10.0.0.11'1
`
`xml_output = qgc.request(call, parameters)
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`
`14
`15
`16
`17
`18
`19
`20
`21
`22
`
`https://community.qualys.com/docs/DOC-4523-qualys-api-client-examples
`
`19/40
`
`FINJAN-QUALYS 042668
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 21 of 41
`Qualys API client examples I Qualys Community
`
`WAS API
`Sample code:
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`29
`30
`31
`32
`33
`34
`35
`36
`37
`38
`
`import qualysapi
`
`from lxml import objectify
`
`# Setup connection to QualysGuard API -- only perform once per script.
`
`qgc = qualysapi.connect('config.txt')
`
`# API v3 WAS call: Print out number of webapps.
`
`call = '/count/was/webapp'
`
`# Note that this call does not have a payload so we don't send any data parameters.
`
`xml_output = qgc.request(call)
`
`root = objectify. fromstring(xml_output)
`
`# Print out count of webapps.
`
`print root.count.text
`
`# Prints out:
`
`# 89
`
`# API v3 WAS call: Print out number of webapps containing title 'Supafly'.
`
`call = '/count/was/webapp'
`
`# We can send a string XML for the data.
`
`parameters = '<ServiceRequest><filters><Criteria operator="CONTAINS" field="name">S
`
`https://community.qualys.com/docs/DOC-4523-qualys-api-client-examples
`
`20/40
`
`FINJAN-QUALYS 042669
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 22 of 41
`Qualys API client examples I Qualys Community
`
`xml_output = qgc.request(call, parameters)
`
`root = objectify.fromstring(xml_output)
`
`# Print out count of webapps.
`
`print root.count.text
`
`# Prints out:
`
`# 3
`
`# API v3 WAS call: Print out number of webapps containing title 'Lightsabertooth Ti
`
`call = '/count/was/webapp'
`
`# We can also send an lxml.builder E object.
`
`parameters = (
`
`E.ServiceRequest(
`
`E.filters(
`
`E.Criteria('Lightsabertooth Tiger', field='name',operator='CONTAINS')))
`
`xml_output = qgc.request(call, parameters)
`
`root = objectify.fromstring(xml_output)
`
`# Print out count of webapps.
`
`print root.count.text
`
`# Prints out:
`
`# 0
`
`# Too bad, because that is an awesome webapp name!
`
`39
`
`40
`
`41
`
`42
`
`43
`44
`
`45
`46
`
`47
`
`48
`49
`
`50
`51
`
`52
`
`53
`54
`
`55
`
`56
`
`57
`
`58
`59
`60
`
`61
`
`62
`
`63
`
`64
`
`65
`
`66
`67
`
`68
`69
`
`70
`
`71
`
`72
`73
`
`74
`
`75
`
`76
`77
`
`78
`79
`
`80
`
`81
`82
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`21/40
`
`FINJAN-QUALYS 042670
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 23 of 41
`Qualys API client examples I Qualys Community
`
`83
`84
`85
`R6
`
`AM API
`Sample code:
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`29
`30
`31
`32
`33
`
`import qualysapi
`
`from lxml import objectify
`
`# Setup connection to QualysGuard API -- only perform once per script.
`
`qgc = qualysapi.connect('config.txt')
`
`# API v3 Asset Management call: Count tags.
`
`call = '/count/am/tag'
`
`xml_output = qgc.request(call)
`
`root = objectify. fromstring(xml_output)
`
`# We can use XPATH to find the count.
`
`print root.xpath('count')[0].text
`
`# Prints out:
`
`# 840
`
`# API v3 Asset Management call: Find asset by name.
`
`call = '/search/am/tag'
`
`https://community.qualys.com/docs/DOC-4523-qualys-api-client-examples
`
`22/40
`
`FINJAN-QUALYS 042671
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 24 of 41
`Qualys API client examples I Qualys Community
`
`parameters = '"<ServiceRequest>
`
`<preferences>
`
`<limitResults>10</limitResults>
`
`</preferences>
`
`<filters>
`
`<Criteria field="name" operator="CONTAINS">PB</Criteria>
`
`</filters>
`
`</ServiceRequest>"'
`
`xml_output = qgc.request(call, parameters)
`
`34
`
`35
`
`36
`
`37
`
`38
`
`39
`40
`41
`
`42
`43
`
`44
`45
`
`46
`47
`
`48
`49
`
`50
`
`51
`
`52
`
`53
`
`54
`
`55
`S6
`
`Pagination
`Sample code for v2 Host list & detection API:
`
`1
`2
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`9
`
`10
`
`11
`12
`
`13
`
`14
`15
`
`import qualysapi
`
`from lxml import etree, objectify
`
`qgc = qualysapi.connect()
`
`# Start with first host, which starts at 1.
`
`id min = 1
`
`while True:
`
`print 'Downloading hosts from ID %d' % id_min
`
`https://community.qualys.com/docs/DOC-4523-qualys-api-client-examples
`
`23/40
`
`FINJAN-QUALYS 042672
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 25 of 41
`Qualys API client examples I Qualys Community
`
`xml = qgc.request('/api/2.0/fo/asset/host/', {'action': 'list', 'ips': '10.10.10.
`
`# Parse.
`
`tree = etree.fromstring(xml)
`
`# Iterate through each host.
`
`elems = tree.findall('.//HOST')
`
`for host in elems:
`
`print host.xpath('IP')[0].text
`
`# Set up next request, if applicable.
`
`try:
`
`url = tree.xpath('/HOST_LIST_OUTPUT/RESPONSE/WARNING/URC)[0].text
`
`start =
`
`+ 7
`
`end = url.find(W,start)
`
`id_min = int(url[start:end])
`
`except IndexError, e:
`
`# No next url. All hosts downloaded.
`
`break
`
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`29
`30
`31
`32
`33
`34
`35
`36
`37
`38
`39
`40
`41
`42
`43
`44
`45
`46
`47
`48
`49
`50
`51
`S7
`
`Ruby, rest-client
`Leveraging the rest-client gem
`
`, it's simple to call the Qualys API.
`
`https://community.qualys.com/docs/DOC-4523-qualys-api-client-examples
`
`24/40
`
`FINJAN-QUALYS 042673
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 26 of 41
`Qualys API client examples I Qualys Community
`
`API vl
`Sample code:
`
`require 'rest-client'
`
`RestClient.get '
`https://username:password@qualysapi.qualys.com/msp/about.phppasswordPqualysapi.qual
`password@qualysapi.qualys.com
`/msp/about.phppassword@qualysapi.qualys.com
`/msp/about.php'
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`
`API v2
`Sample code:
`
`TODO
`
`1
`2
`3
`4
`5
`6
`7
`8
`
`WAS
`Sample code:
`
`1
`2
`3
`
`TODO
`
`https://community.qualys.com/docs/DOC-4523-qualys-api-client-examples
`
`25/40
`
`FINJAN-QUALYS 042674
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 27 of 41
`Qualys API client examples I Qualys Community
`
`4
`5
`6
`7
`
`AM
`Sample code:
`
`TODO
`
`1
`2
`3
`4
`5
`6
`7
`8
`
`Ruby, httparty
`Leveraging the httparty gem , it's simple to call the Qualys API.
`
`API vl
`Sample code:
`
`require 'httparty'
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`https://community.qualys.corn/docs/DOC.4523-qualys-api. client. examples
`
`auth = {:username => "username", :password => "password"}
`
`HTTParty.get("
`https://qualysapi.qualys.com/msp/about.php
`
`:basic_auth => auth)
`
`26/40
`
`FINJAN-QUALYS 042675
`
`
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 28 of 41
`Qualys API client examples I Qualys Community
`
`4/13/2019
`
`15
`16
`
`API v2
`Sample code:
`
`require 'httparty'
`
`auth = {:username => "username", :password => "password"}
`
`HTTParty.post("
`https://qualysapi.qualys.com/api/2.0/fo/scan/
`
`:basic_auth => auth,
`
`:query => { :action => "list" },
`
`:headers => { "X-Requested-With" => "ruby httparty"})
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`
`WAS
`
`Sample code:
`
`TODO
`
`1
`2
`3
`4
`5
`6
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`27/40
`
`FINJAN-QUALYS 042676
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 29 of 41
`Qualys API client examples I Qualys Community
`
`AM
`Sample code:
`
`TODO
`
`1
`2
`3
`4
`5
`6
`7
`8
`
`VB.NET, vb_net_rest_sharp
`This community published example by BD@Huntington assists in making calls to API vi & API v2:
`vb_net_rest sharp
`
`VB Script, getXMLFile
`This community published package by ScrlptWlzard assists in making calls to API vl & API v2:
`
`• Performing API calls from VBscript - Part I
`
`•
`
`Performing API calls from VBscript - Part II
`
`The getXMLFile subroutine takes 4 arguments:
`
`1. The first argument is the API version you want to use (1 or 2).
`
`2. The second argument is the file to store the output in.
`
`3. The third argument is the API call and arguments to pass.
`
`4. The fourth argument is the method to use when sending the data (GET or POST).
`
`API vl
`Sample code:
`
`getXMLFile 2, xmlResponse,"about.php", "GET"
`
`1
`2
`3
`
`4
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`28/40
`
`FINJAN-QUALYS 042677
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 30 of 41
`Qualys API client examples I Qualys Community
`
`5
`6
`7
`8
`9
`
`API v2
`Sample code:
`
`getXMLFi1e 2, xmlName,"report/?action=fetch&id=" & reportID, "POST"
`
`1
`2
`3
`4
`5
`6
`7
`8
`
`Web browser, Chrome, Postman
`This Chrome packaged app assists in making calls to all API versions.
`Install and configure POSTMAN
`A one time installation of POSTMAN and environment set up is required for POSTMAN to point your request
`to the appropriate QualysGuard platform.
`
`Install POSTMAN:
`
`1. Download POSTMAN: getpostman.com
`
`2. Open POSTMAN by pointing your Chrome browser to chrome://apps/ or by clicking on the Apps shortcut link:
`9Q
`
`, "Apps
`
`https://community.qualys.connidocs/DOC-4523-qualys-api-client-examples
`
`29/40
`
`FINJAN-QUALYS 042678
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 31 of 41
`Qualys API client examples I Qualys Community
`
`3. Open the POSTMAN packaged app:
`
`Postman - REST Clie...
`
`Import QualysGuard API POSTMAN settings:
`
`1. Download QualysGuard API POSTMAN data backup
`
`2. Open POSTMAN's settings dialog.
`
`S rtg
`
`in
`
`4
`
` No environme
`
`10
`
`3. Restore QualysGuard API configuration and sample collections:
`Data > Import data > Choose File button
`
`Settings
`
`1
`
`Settings
`
`Shortcuts
`
`Data
`
`Add-ons
`
`Links
`
`Download data
`
`Download all your collections, environments, globais and header presets in a single file.
`
`Download
`
`Import data
`
`Import a Postman data dump. This will overwrite existing data.
`
`Choose File No file chosen
`2
`
`4. Choose the QualysGuard API POSTMAN data file.
`
`Configure POSTMAN's environment to match your QualysGuard platform.
`
`https://community.qualys.corn/docs/DOC.4523-qualys-api. client. examples
`
`30/40
`
`FINJAN-QUALYS 042679
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 32 of 41
`Qualys API client examples I Qualys Community
`
`1. Identify your QualysGuard platform and download the correlating environment configuration:
`your QualysGuard Platform.
`
`Identify
`
`2. Click on "No environment" button:
`
`Normal
`
`No environment,'
`
`3. Select your newly imported POSTMAN environment by clicking on "No environment", and clicking on the environment
`
`you imported:
`
`(2)) No environment',
`
`EU Platform
`
`US Platform 1
`
`US Platform 2
`
`No environment
`
`Manage environments
`
`How to use sample collections
`In order to leverage the sample collections, your QualysGaurd credentials be applied to each reqeust. Just
`follow these easy steps:
`
`1. Add your credentials in the "Basic Auth" tab
`
`.
`
`gest Autil I oAuth 1.0 OAuth 2.0
`
`1 MED
`
`2
`
`Username
`
`L Password
`
`3
`Clear
`
`Refresh headers
`
`2. Click "Refresh headers" button.
`
`3. Click "Normal" tab.
`
`4. A new headers, "Authorization" should be populated with your basic authentication value. This should look something
`
`like, "Basic QWxhZGRobjpvcGVuIHNIc2FtZQ==".
`
`https://community.qualys.com/docs/DOC-4523-qualys-api-client-examples
`
`31/40
`
`FINJAN-QUALYS 042680
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 33 of 41
`Qualys API client examples I Qualys Community
`
`https://{{base_uri}}finsp/asset_group_lis GET
`
`RP
`
`W URL params
`
`CS Headers (2)
`
`X-Requested-With
`
`POSTMAN
`
`Authorization
`
`Basic ZG,'
`
`,
`
`i4Thle should autopopulate freagefiRefreett headers".
`
`click to
`hide
`
`0
`
`0
`
`Add preset ••
`
`Manage presets
`
`Send
`
`—
`
`Save
`
`Preview
`
`Save before sending for POSTMAN to
`remember your credentials.
`Tests a
` cotteG.,on
`
`Reset
`
`5. Click the Headers button to hide the headers. (optional)
`
`6. Click Save. Now you will not need to add your credentials to this request for future runs.
`
`7. Click "Send" button to send your request
`
`.
`
`Windows Powershell 3.0
`This is standard on Windows 8.
`API vl
`Sample code:
`
`$username = "username"
`
`$password = "password"
`
`$password_base64 = ConvertTo-SecureString $password -AsPlainText -Force
`
`$creds = New-Object System.Management.Automation.PSCredential ($username, $password
`
`$headers = @{"X-Requested-With"="powershell"}
`
`$url = "https://qualysapi.qualys.com/about.php
`
`I I
`
`Invoke-RestMethod -Headers $headers -Uri $url -Method Post -Credential $creds -OutF
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`
`https://community.qualys.corn/docs/DOC.4523-qualys-api. client. examples
`
`32/40
`
`FINJAN-QUALYS 042681
`
`
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 34 of 41
`Qualys API client examples I Qualys Community
`
`4/13/2019
`
`20
`21
`
`WAS API
`Sample code:
`
`TODO
`
`1
`2
`3
`4
`5
`6
`7
`8
`
`AM API
`Sample code:
`
`TODO
`
`1
`2
`3
`4
`5
`6
`7
`8
`
`ATTACHMENTS
`
`OUTCOMES
`
`3 people found this helpful
`
`https://community.qualys.com/docs/DOC-4523-qualys-api-client-examples
`
`33/40
`
`FINJAN-QUALYS 042682
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 35 of 41
`Qualys API client examples I Qualys Community
`
`Helpful(1)
`
`Visibility: 0 Developer • 83359 Views
`
`Last Modified by Jeff Leggett on Feb 22, 2017 9:43 AM
`
`Tags: api python pert powershell c# example code php csharp vbscript postman
`
`26 Comments
`
`Parag Baxi
`Oct 7, 20133:10 PM
`
`Added Perl API vl sample code.
`
`Q Actions
`
`crj Like • 0
`
`Parag Baxi
`Oct 8, 2013 6:33 AM
`
`Added VB Script API vl & API v2 sample code.
`
`Actions
`
`Like • 0
`
`Parag Baxi
`Oct 9, 20136:21 AM
`
`Added C#, RestSharp POST & GET calls.
`
`Actions
`
`6 Like • 0
`
`S. Parag Baxi
`
`Oct 22, 2013 8:21 AM
`
`Added Python, qualysapi WAS & AM calls.
`
`https://community.qualys.com/docs/DOC-4523-qualys-api-client-examples
`
`34/40
`
`FINJAN-QUALYS 042683
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 36 of 41
`Qualys API client examples I Qualys Community
`
`* Actions
`
`Like • 0
`
`Parag Baxi
`Oct 23, 2013 8:46 AM
`
`Added Groovy httpbuilder's RESTClient call.
`
`*Actions
`
`Co Like • 0
`
`fmc
`Nov 12, 2013 6:20 AM
`
`Great post Parag.
`
`*Actions
`
`Parag Baxi
`Nov 15, 2013 1:31 PM
`
`Added POSTMAN.
`
`Actions
`
`Parag Baxi
`Dec 1, 2013 6:40 AM
`
`Like • 1
`
`(1:5 Like • 0
`
`Updated C#, RestSharp for API v2 support.
`
`* Actions
`
`Like • 0
`
`P
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
