`Case 4:18-cv-07229—YGR Document 158-12 Filed 01/23/21 Page 1 of 41
`
`
`
`
`
`
`
`
`
`
`
`
`
`EXHIBIT 11
`
`EXHIBIT 11
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 2 of 41
`Qualys API client examples I Qualys Community
`
`More documents in Developer
`
`Log in to create and rate content, and to follow, bookmark, and share content with other members. Not a member? Join Now!
`
`Qualys API client examples
`
`M Document created by Parag Baxi on Oct 3, 2013 • Last modified by Jeff Leggett on Feb 22, 2017
`1..% Version 44
`
`afi Like • 9
`
`Q Comment • 26
`
`Note: This is unsupported.
`
`C#, RestSharp
`
`• API vl
`
`• API v2
`
`Go Language Example
`
`• AM API
`
`Groovy, httpbuilder's RESTClient
`
`• API v1
`
`• API v2
`
`• WAS API
`
`• AM API
`
`Perl, LWP
`
`• API v1 and v2
`
`• WAS API
`
`• AM API
`
`PHP 5+, SimpleQAPI class
`
`• API v1 and v2
`
`• WAS API
`
`PHP 4+, curl
`
`• API v1 and v2
`
`• WAS API
`
`• AM API
`
`Python 2.x, qualysapi
`
`• API v1
`
`https://community.qualys.com/docs/DOC-4523-qualys-api-client-examples
`
`1/40
`
`FINJAN-QUALYS 042650
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 3 of 41
`Qualys API client examples I Qualys Community
`
`• API v2
`
`• WAS API
`
`• AM API
`
`• Pagination
`
`Ruby, rest-client
`
`• API vl
`
`• API v2
`
`• WAS
`
`• AM
`
`Ruby, httparty
`
`• API vl
`
`• API v2
`
`• WAS
`
`• AM
`
`VB.NET, vb_net_rest_sharp
`
`VB Script, getXMLFile
`
`• API vl
`
`• API v2
`
`Web browser, Chrome, Postman
`
`• Install and configure POSTMAN
`
`• How to use sample collections
`
`Windows Powershell 3.0
`
`• API vi
`
`• WAS API
`
`• AM API
`
`Purpose
`
`This is a community driven document to demonstrate examples of how to connect to the Qualys API using
`
`various platforms.
`
`C#, RestSharp
`The open source library assists in making calls to all API versions:
`
`http://restsharp.org/
`
`https://community.qualys.com/docs/DOC-4523-qualys-api-client-examples
`
`2/40
`
`FINJAN-QUALYS 042651
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 4 of 41
`Qualys API client examples I Qualys Community
`
`API vl
`Sample code:
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`29
`30
`31
`32
`33
`34
`35
`36
`37
`
`using System;
`
`using System.Collections.Generic;
`
`using System.Xml;
`
`using System.Xml.Linq;
`
`using System.Linq;
`
`using System.Text;
`
`using RestSharp;
`
`// Set up REST client to connect to US Platform 1.
`
`var client = new RestClient("
`
`https://qualysapi.qualys.com
`
`II ) ;
`
`// Set up credentials.
`
`client.Authenticator = new HttpBasicAuthenticator("username", "password");
`
`//
`
`// GET request
`
`// See QualysGuard version.
`
`//
`
`var request = new RestRequest("msp/about.php");
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`3/40
`
`FINJAN-QUALYS 042652
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 5 of 41
`Qualys API client examples I Qualys Community
`
`38
`
`39
`
`40
`
`41
`
`42
`
`43
`44
`45
`
`46
`
`47
`
`48
`49
`
`50
`51
`
`52
`
`53
`
`54
`55
`
`56
`
`57
`
`58
`59
`
`60
`
`61
`
`62
`
`63
`
`64
`
`65
`66
`67
`68
`
`69
`
`70
`
`71
`72
`
`73
`
`74
`
`75
`76
`77
`
`78
`
`79
`
`80
`
`81
`
`IRestResponse response = client.Execute(request);
`
`// Response contains the XML file.
`
`Console.WriteLine (response.Content);
`
`//
`
`// POST request.
`
`// Download raw scan results of scan/1234567890.12345.
`
`//
`
`// This method does not work!
`
`// var request_post = new RestRequest ("msp/scan_report.php", Method.POST);
`
`// request_post.AddParameter("ref", "scan/1390453521.15910");
`
`//
`
`// This method does work.
`
`var endpoint = String.Format("msp/scan_report.php?{0}={1}",
`
`"ref", "scan/1234567890.12345");
`
`var request_post = new RestRequest (endpoint, Method.POST);
`
`response = client. Execute(request_post);
`
`// Print out headers to see remaining calls against API limits.
`
`foreach (var header in response.Headers){
`
`Console. WriteLine(header);
`
`}
`
`// Print scan results.
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`4/40
`
`FINJAN-QUALYS 042653
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 6 of 41
`Qualys API client examples I Qualys Community
`
`Console.WriteLine(response.Content)
`
`82
`83
`
`84
`
`85
`
`86
`
`87
`
`88
`89
`
`API v2
`
`Sample code:
`
`1
`2
`
`3
`
`4
`
`5
`
`6
`7
`
`8
`
`9
`10
`
`11
`12
`
`13
`
`14
`15
`
`16
`
`17
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`24
`
`25
`26
`
`27
`
`28
`29
`
`30
`
`using System;
`
`using System.Collections.Generic;
`
`using System.Xml;
`
`using System.Xml.Linq;
`
`using System.Linq;
`
`using System.Text;
`
`using RestSharp;
`
`// Set up REST client to connect to US Platform 1.
`
`var client = new RestClient("
`
`https://qualysapi.qualys.com
`
`IIII ) ;
`
`// Set up credentials.
`
`client.Authenticator = new HttpBasicAuthenticator("username", "password");
`
`//
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`5/40
`
`FINJAN-QUALYS 042654
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 7 of 41
`Qualys API client examples I Qualys Community
`
`31
`
`32
`
`33
`
`34
`
`35
`
`36
`
`37
`38
`
`39
`40
`
`41
`42
`
`43
`44
`45
`
`46
`
`47
`
`48
`49
`
`50
`
`51
`
`52
`
`53
`54
`
`55
`
`56
`
`57
`
`58
`59
`60
`
`61
`
`62
`
`63
`
`64
`
`65
`66
`
`67
`68
`
`69
`
`70
`71
`
`72
`
`73
`74
`
`// v2 GET request.
`
`// Print out scans that ended in error.
`
`//
`
`var request = new RestRequest("api/2.0/fo/scan/", Method.GET);
`
`// Add header, reqiured for v2 API.
`
`request.AddHeader("X-Requested-With", "RestSharp");
`
`request.AddParameter("action", "list");
`
`response = client. Execute(request);
`
`var xml_text = response.Content;
`
`// Let's see where we are on our API limit. Do we need to throttle our script?
`
`foreach (var header in response.Headers){
`
`Console.WriteLine(header);
`
`}
`
`Console.WriteLine ("\n(Press enter to continue.)");
`
`pause_me = Console.ReadLine();
`
`//
`
`// Parse the XML to make it actionable.
`
`//
`
`// Load XML string.
`
`XDocument xdoc = XDocument.Parse(xml_text);
`
`// Parse XML for each scan.
`
`var scans = from scan in xdoc.Descendants ("SCAN")
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`6/40
`
`FINJAN-QUALYS 042655
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 8 of 41
`Qualys API client examples I Qualys Community
`
`select new {
`
`scan_ref = (string)scan.Element ("REF"),
`
`title = (string)scan.Element ("TITLE"),
`
`status = (string)scan.Element("STATUS").Element("STATE")
`
`75
`
`76
`
`77
`
`78
`
`79
`
`80
`
`81
`82
`
`83
`84 } ;
`85
`
`86
`
`87
`88
`
`89
`90 // Print out each scan reference, title, and status.
`
`91
`92 // Join the data into a string.
`93
`94 StringBuilder result = new StringBuilder();
`95
`96 //Loop through results
`97
`
`98 foreach (var scan in scans)
`
`99
`100 {
`101
`
`102
`103
`104 }
`105
`
`result.AppendLine(scan.scan_ref + " " + scan.title + " " + scan.status)
`
`106 Console.WriteLine(result.ToString());
`
`107
`
`108
`109
`
`110
`
`111
`
`112 // Print only scans that ended in error.
`
`113
`114 StringBuilder error_result = new StringBuilder();
`
`115
`
`116 //Loop through results
`
`117
`118 foreach (var scan in scans)
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`7/40
`
`FINJAN-QUALYS 042656
`
`
`
`4/13/2019
`
`119
`
`120
`
`{
`
`121
`
`122
`
`123
`
`124
`125
`126
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 9 of 41
`Qualys API client examples I Qualys Community
`
`if (scan.status == "Error") {
`
`error_result.AppendLine (scan.scan_ref + " " + scan.title + "
`
`}
`
`127
`128 }
`129
`130 Console.WriteLine(error_result.To5tring());
`131
`
`132
`133
`
`134
`
`135
`
`136
`
`Go Language Example
`AM API
`Go lends itself very well to Qualys' REST based API's - it includes builtin library support for HTTP and XML
`parsing. Further it's built in concurrency support will make multi threaded apps easy to use as well. Here's an
`initial example of using Go with the Asset Management API's
`
`package main
`
`import (
`"encoding/base64"
`
`"encoding/xml"
`"flag"
`
`"fmt"
`
`"io/ioutil"
`
`"net/http"
`
`func Get_Credential_Hash(User string, Password string) string {
`
`return base64.5tdEncoding.EncodeToString(Mbyte(User + ":" + Password))
`
`}
`
`https:llcommunity.qualys.corn/docs/DOC-4523-qualys-api- client. examples
`
`8/40
`
`FINJAN-QUALYS 042657
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 10 of 41
`Qualys API client examples I Qualys Community
`
`func Get_Command_Line_Args() (string, string, string) {
`
`/* Get cmd line paramters */
`
`UserPtr := flag.String("User", "BOGUS", "Qualys Account User Name")
`
`PasswordPtr := flag.String("Password", "BOGUS", "Qualys Account password")
`
`APIURLPtr := flag.String("API URL", "https://qualysapi.qualys.com/", "Qualys API endpoi
`
`flag.Parse()
`return *UserPtr, *PasswordPtr, *APIURLPtr
`}
`
`func QAPI_Hostasset_Count() int {
`
`type Hostasset_Count struct {
`ResponseCode string 'xml:"responseCode"'
`
`Count int 'xml:"count"'
`}
`
`User, Password, APIURL := Get_Command_Line_Args()
`
`encodedcred := Get_Credential_Hash(User, Password)
`
`url := APIURL + "qps/rest/2.0/count/am/hostasset/"
`
`req, _ := http.NewRequest("GET", url, nil)
`
`req.Header.Add("X-requested-with", "GOLANG")
`req.Header.Add("authorization", "Basic "+encodedcred)
`
`/* req.Header.Add() */
`
`res, _ := http.DefaultClient.Do(req)
`
`defer res.Body.Close()
`
`body, _ := ioutil.ReadAll(res.Body)
`
`/* fmt.Println(res)
`
`fmt.Println(string(body)) */
`var c Hostasset_Count
`
`xml.Unmarshal(body, &c)
`if c.ResponseCode == "SUCCESS" {
`
`return c.Count
`} else {
`return -1
`}
`
`}
`
`func main() {
`
`var numassets int
`numassets = QAPI_Hostasset_Count()
`
`if numassets >= 0 {
`
`fmt.Println("Numnber of Assets:", numassets)
`}
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`9/40
`
`FINJAN-QUALYS 042658
`
`
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 11 of 41
`Qualys API client examples I Qualys Community
`
`4/13/2019
`
`}
`
`Groovy, httpbuilder's RESTCIient
`This open source package assists in making calls to all API versions.
`
`API vl
`Sample code:
`
`import groovyx.net.http.RESTClient
`
`// Set up REST client.
`
`def qgc = new RESTClient('
`https://qualysapi.qualys.com/msp/
`')
`
`// Set headers.
`
`qgc.defaultRequestHeaders.'X-Requested-With' = 'Groovy'
`
`qgc.auth.basic 'username', 'password'
`
`// Optional: Force response handler to pass raw text to pass onto a parser like SAX
`
`//qgc.parser.'application/xml' = qgc.parser.'text/plain'
`
`// Call API via GET.
`
`def response = qgc.get(path:'about.php')
`
`// Store body of data separately.
`
`def xml = response.getData()
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`29
`30
`31
`32
`
`https://community.qualys.com/docs/DOC-4523-qualys-api-client-examples
`
`10/40
`
`FINJAN-QUALYS 042659
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 12 of 41
`Qualys API client examples I Qualys Community
`
`API v2
`Sample code:
`
`TODO
`
`1
`2
`3
`4
`5
`6
`7
`8
`
`WAS API
`Sample code:
`
`TODO
`
`1
`2
`3
`4
`5
`6
`7
`8
`
`AM API
`Sample code:
`
`TODO
`
`1
`2
`3
`4
`5
`6
`7
`8
`
`https://community.qualys.com/docs/DOC-4523-qualys-api-client-examples
`
`11/40
`
`FINJAN-QUALYS 042660
`
`
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 13 of 41
`Qualys API client examples I Qualys Community
`
`4/13/2019
`
`9
`10
`
`Peri, LWP
`The open source library assists in making calls to all API versions.
`API vl and v2
`Sample code:
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`29
`30
`31
`32
`
`use LWP;
`
`# retrieving data via HTTPS
`
`# Set base url to US Pod 1.
`
`my $APIURL = "qualysguard.qualys.com"
`
`# retrieves Scan_history for the account and saves to file
`
`my $url = "
`https://$APIURL/api/2.0/fo/asset/host/?action=list&details=All&ag_titles=All+Compli
`
`# Set creds.
`
`my $username = "username";
`
`my $passwd = "password";
`
`# Set up request headers.
`
`my $browser = LWP::UserAgent->new;
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`12/40
`
`FINJAN-QUALYS 042661
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 14 of 41
`Qualys API client examples I Qualys Community
`
`$browser->default_headers->header('X-Requested-with' => 'Sample');
`
`$browser->agent("libwww - script");
`
`# Send GET request.
`
`my $request = HTTP::Request->new( GET=>$url );
`
`$request->authorization_basic($username, $passwd);
`
`my $response = $browser->request($request);
`
`my $content = $response->content;
`
`## Save to file.
`
`open( XMLOUT, ">output.xml" );
`
`print XMLOUT $content;
`
`close( XMLOUT );
`
`33
`34
`35
`36
`37
`38
`39
`40
`41
`
`42
`
`43
`44
`
`45
`46
`47
`
`48
`
`49
`50
`
`51
`
`52
`
`53
`54
`
`55
`
`56
`
`57
`
`58
`
`59
`60
`
`61
`
`62
`63
`
`WAS API
`Sample code:
`
`TODO
`
`1
`2
`3
`4
`5
`6
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`13/40
`
`FINJAN-QUALYS 042662
`
`
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 15 of 41
`Qualys API client examples I Qualys Community
`
`4/13/2019
`
`7
`8
`
`AM API
`Sample code:
`
`TODO
`
`1
`2
`3
`4
`5
`6
`7
`8
`
`PHP 5+, SimpleQAPI class
`This community published package by Peter Stiehl assists in making calls to the API:
`Simple PHP Qualys API class
`API vl and v2
`Sample code:
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`
`$params = array('qlogin' => 'Qualys login',
`
`'connectTimeout' => 10',
`
`'timeout' => 59',
`
`'qpassword' => 'Qualys Password',
`
`'qdomain' => 'Qualys domain without HTTP', // For example 'qualysap
`
`'plogin' => 'Proxy login',
`
`'ppassword' => 'Proxy password',
`
`'headers' => array('X-Requested-With: SimpleQAPI'),
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`14/40
`
`FINJAN-QUALYS 042663
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 16 of 41
`Qualys API client examples I Qualys Community
`
`'purl' => '
`
`http://proxy.to.use
`
`'pport' => 'port number');
`
`$SimpleQAPI = new SimpleQAPI($params);
`
`// You have to use the login() method to be able to launch the view_xxx_list() meth
`
`// For each request the answer is stored in $SimpleQAPI->resp
`
`$SimpleQAPI->login();
`
`// This should print : 201x-xx-xxTxx:xx:xxZ Logged in
`
`echo $SimpleQAPI->resp;
`
`$SimpleQAPI->logout();
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`23
`24
`
`25
`
`26
`
`27
`28
`
`29
`
`30
`31
`
`32
`
`33
`34
`
`35
`
`36
`
`37
`
`38
`
`39
`40
`
`41
`
`42
`
`43
`44
`45
`
`46
`47
`48
`
`WAS API
`Sample code:
`
`TODO
`
`1
`
`2
`
`3
`
`4
`
`5
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`15/40
`
`FINJAN-QUALYS 042664
`
`
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 17 of 41
`Qualys API client examples I Qualys Community
`
`4/13/2019
`
`6
`
`7
`
`PHP 4+, curl
`Initialize a CURL session from PHP: http://www.php.net/manual/en/function.curl-exec.php
`API vl and v2
`Sample code:
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`29
`30
`31
`32
`
`<?php
`
`$username="ENTER_YOUR_USERNAME";
`
`$password="ENT ER_YOUR_PASSWORD";
`
`$ch = curl_init();
`
`$cookie]ar = dirname( FILE ) . '/cookie.txt';
`
`curl_setopt($ch, CURLOPT_URL, "
`https://qualysapi.qualys.com/api/2.0/fo/session/
`
`");
`
`curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-Requested-With: PHP curl
`
`1));
`
`curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieJar);
`
`curl_setopt($ch, CURLOPT_POST, 1);
`
`curl_setopt($ch, CURLOPT_POSTFIELDS, "action=login&username=$username&password=$pas
`
`$result = curl_exec ($ch) or die(curl_error($ch));
`
`echo $result;
`
`echo curl_error($ch);
`
`$ch = curl_init
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`16/40
`
`FINJAN-QUALYS 042665
`
`
`
`4/1 3/2 01 9
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 18 of 41
`Qualys API client examples I Qualys Community
`
`https://qualysapi.qualys.com/api/2.0/fo/appliance/
`
`");
`
`curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-Requested-With: PHP curl'));
`
`curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookieJar);
`
`curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
`
`curl_setopt($ch, CURLOPT_POST, 1);
`
`curl_setopt($ch, CURLOPT_POSTFIELDS, "action=list&output_mode=full");
`
`$output = curl_exec ('
`
`;
`
`echo $output;
`
`curl_close ($ch);
`
`?>
`
`33
`34
`35
`36
`37
`38
`39
`40
`41
`42
`43
`44
`45
`46
`47
`48
`49
`50
`51
`52
`53
`54
`55
`56
`57
`58
`s9
`
`WAS API
`
`Sample code:
`
`TODO
`
`1
`
`2
`
`3
`4
`
`5
`
`6
`7
`
`8
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`17/40
`
`FINJAN-QUALYS 042666
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 19 of 41
`Qualys API client examples I Qualys Community
`
`AM API
`Sample code:
`
`TODO
`
`1
`2
`3
`4
`5
`6
`7
`8
`
`Python 2.x, qualysapi
`This open source package assists in making calls to all API versions.
`
`More info:
`https://github.com/paragbaxi/qualysapi
`API vl
`Sample code:
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`
`import qualysapi
`
`# Setup connection to QualysGuard API -- only perform once per script.
`
`qgc = qualysapi.connect('config.txt')
`
`# API vi call: Scan the New York & Las Vegas asset groups
`
`# The call is our request's first parameter.
`
`call = 'scan.php'
`
`# The parameters to append to the url is our request's second parameter.
`
`parameters = {'scan_title': 'Go big or go home', 'asset_groups': 'New York&Las Vega
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`18/40
`
`FINJAN-QUALYS 042667
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 20 of 41
`Qualys API client examples I Qualys Community
`
`# Note qualysapi will automatically convert spaces into plus signs for API vi & v2.
`
`# Let's call the API and store the result in xml_output.
`
`xml_output = qgc.request(call, parameters)
`
`print xml_output
`
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`29
`30
`31
`12
`
`API v2
`
`Sample code:
`
`import qualysapi
`
`# Setup connection to QualysGuard API -- only perform once per script.
`
`qgc = qualysapi.connect('config.txt')
`
`# API v2 call: Print out DNS name for a range of IPs.
`
`call = '/api/2.0/fo/asset/host/'
`
`parameters = {'action': 'list', 'ips': '10.0.0.10-10.0.0.11'1
`
`xml_output = qgc.request(call, parameters)
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`
`14
`15
`16
`17
`18
`19
`20
`21
`22
`
`https://community.qualys.com/docs/DOC-4523-qualys-api-client-examples
`
`19/40
`
`FINJAN-QUALYS 042668
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 21 of 41
`Qualys API client examples I Qualys Community
`
`WAS API
`Sample code:
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`29
`30
`31
`32
`33
`34
`35
`36
`37
`38
`
`import qualysapi
`
`from lxml import objectify
`
`# Setup connection to QualysGuard API -- only perform once per script.
`
`qgc = qualysapi.connect('config.txt')
`
`# API v3 WAS call: Print out number of webapps.
`
`call = '/count/was/webapp'
`
`# Note that this call does not have a payload so we don't send any data parameters.
`
`xml_output = qgc.request(call)
`
`root = objectify. fromstring(xml_output)
`
`# Print out count of webapps.
`
`print root.count.text
`
`# Prints out:
`
`# 89
`
`# API v3 WAS call: Print out number of webapps containing title 'Supafly'.
`
`call = '/count/was/webapp'
`
`# We can send a string XML for the data.
`
`parameters = '<ServiceRequest><filters><Criteria operator="CONTAINS" field="name">S
`
`https://community.qualys.com/docs/DOC-4523-qualys-api-client-examples
`
`20/40
`
`FINJAN-QUALYS 042669
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 22 of 41
`Qualys API client examples I Qualys Community
`
`xml_output = qgc.request(call, parameters)
`
`root = objectify.fromstring(xml_output)
`
`# Print out count of webapps.
`
`print root.count.text
`
`# Prints out:
`
`# 3
`
`# API v3 WAS call: Print out number of webapps containing title 'Lightsabertooth Ti
`
`call = '/count/was/webapp'
`
`# We can also send an lxml.builder E object.
`
`parameters = (
`
`E.ServiceRequest(
`
`E.filters(
`
`E.Criteria('Lightsabertooth Tiger', field='name',operator='CONTAINS')))
`
`xml_output = qgc.request(call, parameters)
`
`root = objectify.fromstring(xml_output)
`
`# Print out count of webapps.
`
`print root.count.text
`
`# Prints out:
`
`# 0
`
`# Too bad, because that is an awesome webapp name!
`
`39
`
`40
`
`41
`
`42
`
`43
`44
`
`45
`46
`
`47
`
`48
`49
`
`50
`51
`
`52
`
`53
`54
`
`55
`
`56
`
`57
`
`58
`59
`60
`
`61
`
`62
`
`63
`
`64
`
`65
`
`66
`67
`
`68
`69
`
`70
`
`71
`
`72
`73
`
`74
`
`75
`
`76
`77
`
`78
`79
`
`80
`
`81
`82
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`21/40
`
`FINJAN-QUALYS 042670
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 23 of 41
`Qualys API client examples I Qualys Community
`
`83
`84
`85
`R6
`
`AM API
`Sample code:
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`29
`30
`31
`32
`33
`
`import qualysapi
`
`from lxml import objectify
`
`# Setup connection to QualysGuard API -- only perform once per script.
`
`qgc = qualysapi.connect('config.txt')
`
`# API v3 Asset Management call: Count tags.
`
`call = '/count/am/tag'
`
`xml_output = qgc.request(call)
`
`root = objectify. fromstring(xml_output)
`
`# We can use XPATH to find the count.
`
`print root.xpath('count')[0].text
`
`# Prints out:
`
`# 840
`
`# API v3 Asset Management call: Find asset by name.
`
`call = '/search/am/tag'
`
`https://community.qualys.com/docs/DOC-4523-qualys-api-client-examples
`
`22/40
`
`FINJAN-QUALYS 042671
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 24 of 41
`Qualys API client examples I Qualys Community
`
`parameters = '"<ServiceRequest>
`
`<preferences>
`
`<limitResults>10</limitResults>
`
`</preferences>
`
`<filters>
`
`<Criteria field="name" operator="CONTAINS">PB</Criteria>
`
`</filters>
`
`</ServiceRequest>"'
`
`xml_output = qgc.request(call, parameters)
`
`34
`
`35
`
`36
`
`37
`
`38
`
`39
`40
`41
`
`42
`43
`
`44
`45
`
`46
`47
`
`48
`49
`
`50
`
`51
`
`52
`
`53
`
`54
`
`55
`S6
`
`Pagination
`Sample code for v2 Host list & detection API:
`
`1
`2
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`9
`
`10
`
`11
`12
`
`13
`
`14
`15
`
`import qualysapi
`
`from lxml import etree, objectify
`
`qgc = qualysapi.connect()
`
`# Start with first host, which starts at 1.
`
`id min = 1
`
`while True:
`
`print 'Downloading hosts from ID %d' % id_min
`
`https://community.qualys.com/docs/DOC-4523-qualys-api-client-examples
`
`23/40
`
`FINJAN-QUALYS 042672
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 25 of 41
`Qualys API client examples I Qualys Community
`
`xml = qgc.request('/api/2.0/fo/asset/host/', {'action': 'list', 'ips': '10.10.10.
`
`# Parse.
`
`tree = etree.fromstring(xml)
`
`# Iterate through each host.
`
`elems = tree.findall('.//HOST')
`
`for host in elems:
`
`print host.xpath('IP')[0].text
`
`# Set up next request, if applicable.
`
`try:
`
`url = tree.xpath('/HOST_LIST_OUTPUT/RESPONSE/WARNING/URC)[0].text
`
`start =
`
`+ 7
`
`end = url.find(W,start)
`
`id_min = int(url[start:end])
`
`except IndexError, e:
`
`# No next url. All hosts downloaded.
`
`break
`
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`29
`30
`31
`32
`33
`34
`35
`36
`37
`38
`39
`40
`41
`42
`43
`44
`45
`46
`47
`48
`49
`50
`51
`S7
`
`Ruby, rest-client
`Leveraging the rest-client gem
`
`, it's simple to call the Qualys API.
`
`https://community.qualys.com/docs/DOC-4523-qualys-api-client-examples
`
`24/40
`
`FINJAN-QUALYS 042673
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 26 of 41
`Qualys API client examples I Qualys Community
`
`API vl
`Sample code:
`
`require 'rest-client'
`
`RestClient.get '
`https://username:password@qualysapi.qualys.com/msp/about.phppasswordPqualysapi.qual
`password@qualysapi.qualys.com
`/msp/about.phppassword@qualysapi.qualys.com
`/msp/about.php'
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`
`API v2
`Sample code:
`
`TODO
`
`1
`2
`3
`4
`5
`6
`7
`8
`
`WAS
`Sample code:
`
`1
`2
`3
`
`TODO
`
`https://community.qualys.com/docs/DOC-4523-qualys-api-client-examples
`
`25/40
`
`FINJAN-QUALYS 042674
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 27 of 41
`Qualys API client examples I Qualys Community
`
`4
`5
`6
`7
`
`AM
`Sample code:
`
`TODO
`
`1
`2
`3
`4
`5
`6
`7
`8
`
`Ruby, httparty
`Leveraging the httparty gem , it's simple to call the Qualys API.
`
`API vl
`Sample code:
`
`require 'httparty'
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`https://community.qualys.corn/docs/DOC.4523-qualys-api. client. examples
`
`auth = {:username => "username", :password => "password"}
`
`HTTParty.get("
`https://qualysapi.qualys.com/msp/about.php
`
`:basic_auth => auth)
`
`26/40
`
`FINJAN-QUALYS 042675
`
`
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 28 of 41
`Qualys API client examples I Qualys Community
`
`4/13/2019
`
`15
`16
`
`API v2
`Sample code:
`
`require 'httparty'
`
`auth = {:username => "username", :password => "password"}
`
`HTTParty.post("
`https://qualysapi.qualys.com/api/2.0/fo/scan/
`
`:basic_auth => auth,
`
`:query => { :action => "list" },
`
`:headers => { "X-Requested-With" => "ruby httparty"})
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`
`WAS
`
`Sample code:
`
`TODO
`
`1
`2
`3
`4
`5
`6
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`27/40
`
`FINJAN-QUALYS 042676
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 29 of 41
`Qualys API client examples I Qualys Community
`
`AM
`Sample code:
`
`TODO
`
`1
`2
`3
`4
`5
`6
`7
`8
`
`VB.NET, vb_net_rest_sharp
`This community published example by BD@Huntington assists in making calls to API vi & API v2:
`vb_net_rest sharp
`
`VB Script, getXMLFile
`This community published package by ScrlptWlzard assists in making calls to API vl & API v2:
`
`• Performing API calls from VBscript - Part I
`
`•
`
`Performing API calls from VBscript - Part II
`
`The getXMLFile subroutine takes 4 arguments:
`
`1. The first argument is the API version you want to use (1 or 2).
`
`2. The second argument is the file to store the output in.
`
`3. The third argument is the API call and arguments to pass.
`
`4. The fourth argument is the method to use when sending the data (GET or POST).
`
`API vl
`Sample code:
`
`getXMLFile 2, xmlResponse,"about.php", "GET"
`
`1
`2
`3
`
`4
`
`https://community.qualys.conn/docs/DOC-4523-qualys-api-client-examples
`
`28/40
`
`FINJAN-QUALYS 042677
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 30 of 41
`Qualys API client examples I Qualys Community
`
`5
`6
`7
`8
`9
`
`API v2
`Sample code:
`
`getXMLFi1e 2, xmlName,"report/?action=fetch&id=" & reportID, "POST"
`
`1
`2
`3
`4
`5
`6
`7
`8
`
`Web browser, Chrome, Postman
`This Chrome packaged app assists in making calls to all API versions.
`Install and configure POSTMAN
`A one time installation of POSTMAN and environment set up is required for POSTMAN to point your request
`to the appropriate QualysGuard platform.
`
`Install POSTMAN:
`
`1. Download POSTMAN: getpostman.com
`
`2. Open POSTMAN by pointing your Chrome browser to chrome://apps/ or by clicking on the Apps shortcut link:
`9Q
`
`, "Apps
`
`https://community.qualys.connidocs/DOC-4523-qualys-api-client-examples
`
`29/40
`
`FINJAN-QUALYS 042678
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 31 of 41
`Qualys API client examples I Qualys Community
`
`3. Open the POSTMAN packaged app:
`
`Postman - REST Clie...
`
`Import QualysGuard API POSTMAN settings:
`
`1. Download QualysGuard API POSTMAN data backup
`
`2. Open POSTMAN's settings dialog.
`
`S rtg
`
`in
`
`4
`
` No environme
`
`10
`
`3. Restore QualysGuard API configuration and sample collections:
`Data > Import data > Choose File button
`
`Settings
`
`1
`
`Settings
`
`Shortcuts
`
`Data
`
`Add-ons
`
`Links
`
`Download data
`
`Download all your collections, environments, globais and header presets in a single file.
`
`Download
`
`Import data
`
`Import a Postman data dump. This will overwrite existing data.
`
`Choose File No file chosen
`2
`
`4. Choose the QualysGuard API POSTMAN data file.
`
`Configure POSTMAN's environment to match your QualysGuard platform.
`
`https://community.qualys.corn/docs/DOC.4523-qualys-api. client. examples
`
`30/40
`
`FINJAN-QUALYS 042679
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 32 of 41
`Qualys API client examples I Qualys Community
`
`1. Identify your QualysGuard platform and download the correlating environment configuration:
`your QualysGuard Platform.
`
`Identify
`
`2. Click on "No environment" button:
`
`Normal
`
`No environment,'
`
`3. Select your newly imported POSTMAN environment by clicking on "No environment", and clicking on the environment
`
`you imported:
`
`(2)) No environment',
`
`EU Platform
`
`US Platform 1
`
`US Platform 2
`
`No environment
`
`Manage environments
`
`How to use sample collections
`In order to leverage the sample collections, your QualysGaurd credentials be applied to each reqeust. Just
`follow these easy steps:
`
`1. Add your credentials in the "Basic Auth" tab
`
`.
`
`gest Autil I oAuth 1.0 OAuth 2.0
`
`1 MED
`
`2
`
`Username
`
`L Password
`
`3
`Clear
`
`Refresh headers
`
`2. Click "Refresh headers" button.
`
`3. Click "Normal" tab.
`
`4. A new headers, "Authorization" should be populated with your basic authentication value. This should look something
`
`like, "Basic QWxhZGRobjpvcGVuIHNIc2FtZQ==".
`
`https://community.qualys.com/docs/DOC-4523-qualys-api-client-examples
`
`31/40
`
`FINJAN-QUALYS 042680
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 33 of 41
`Qualys API client examples I Qualys Community
`
`https://{{base_uri}}finsp/asset_group_lis GET
`
`RP
`
`W URL params
`
`CS Headers (2)
`
`X-Requested-With
`
`POSTMAN
`
`Authorization
`
`Basic ZG,'
`
`,
`
`i4Thle should autopopulate freagefiRefreett headers".
`
`click to
`hide
`
`0
`
`0
`
`Add preset ••
`
`Manage presets
`
`Send
`
`—
`
`Save
`
`Preview
`
`Save before sending for POSTMAN to
`remember your credentials.
`Tests a
` cotteG.,on
`
`Reset
`
`5. Click the Headers button to hide the headers. (optional)
`
`6. Click Save. Now you will not need to add your credentials to this request for future runs.
`
`7. Click "Send" button to send your request
`
`.
`
`Windows Powershell 3.0
`This is standard on Windows 8.
`API vl
`Sample code:
`
`$username = "username"
`
`$password = "password"
`
`$password_base64 = ConvertTo-SecureString $password -AsPlainText -Force
`
`$creds = New-Object System.Management.Automation.PSCredential ($username, $password
`
`$headers = @{"X-Requested-With"="powershell"}
`
`$url = "https://qualysapi.qualys.com/about.php
`
`I I
`
`Invoke-RestMethod -Headers $headers -Uri $url -Method Post -Credential $creds -OutF
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`
`https://community.qualys.corn/docs/DOC.4523-qualys-api. client. examples
`
`32/40
`
`FINJAN-QUALYS 042681
`
`
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 34 of 41
`Qualys API client examples I Qualys Community
`
`4/13/2019
`
`20
`21
`
`WAS API
`Sample code:
`
`TODO
`
`1
`2
`3
`4
`5
`6
`7
`8
`
`AM API
`Sample code:
`
`TODO
`
`1
`2
`3
`4
`5
`6
`7
`8
`
`ATTACHMENTS
`
`OUTCOMES
`
`3 people found this helpful
`
`https://community.qualys.com/docs/DOC-4523-qualys-api-client-examples
`
`33/40
`
`FINJAN-QUALYS 042682
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 35 of 41
`Qualys API client examples I Qualys Community
`
`Helpful(1)
`
`Visibility: 0 Developer • 83359 Views
`
`Last Modified by Jeff Leggett on Feb 22, 2017 9:43 AM
`
`Tags: api python pert powershell c# example code php csharp vbscript postman
`
`26 Comments
`
`Parag Baxi
`Oct 7, 20133:10 PM
`
`Added Perl API vl sample code.
`
`Q Actions
`
`crj Like • 0
`
`Parag Baxi
`Oct 8, 2013 6:33 AM
`
`Added VB Script API vl & API v2 sample code.
`
`Actions
`
`Like • 0
`
`Parag Baxi
`Oct 9, 20136:21 AM
`
`Added C#, RestSharp POST & GET calls.
`
`Actions
`
`6 Like • 0
`
`S. Parag Baxi
`
`Oct 22, 2013 8:21 AM
`
`Added Python, qualysapi WAS & AM calls.
`
`https://community.qualys.com/docs/DOC-4523-qualys-api-client-examples
`
`34/40
`
`FINJAN-QUALYS 042683
`
`
`
`4/13/2019
`
`Case 4:18-cv-07229-YGR Document 158-12 Filed 01/23/21 Page 36 of 41
`Qualys API client examples I Qualys Community
`
`* Actions
`
`Like • 0
`
`Parag Baxi
`Oct 23, 2013 8:46 AM
`
`Added Groovy httpbuilder's RESTClient call.
`
`*Actions
`
`Co Like • 0
`
`fmc
`Nov 12, 2013 6:20 AM
`
`Great post Parag.
`
`*Actions
`
`Parag Baxi
`Nov 15, 2013 1:31 PM
`
`Added POSTMAN.
`
`Actions
`
`Parag Baxi
`Dec 1, 2013 6:40 AM
`
`Like • 1
`
`(1:5 Like • 0
`
`Updated C#, RestSharp for API v2 support.
`
`* Actions
`
`Like • 0
`
`P