Get Posture Info

API URL:

/pcrs/1.0/posture/postureInfo?evidenceRequired=0&compressionRequired=1&lastEvaluationDate=2021-12-23

[POST]

Get continuous posture information for all the specified hosts for each policy ID included in the API.

To get posture information, you must use the host IDs retrieved in the Resolve Host IDs API request.

Input Parameters

Parameter

Description

evidenceRequired

Default value is 0, which indicates that evidence data will not be retrieved for the host posture. If you want evidence data to be retrieved, change the value to 1.

Note: Changing the value to 1 will increase the time required to fetch posture data

compressionRequired

Default value is 1, which indicates that the output will be compressed.

If you do not want the data to be compressed, change the value to 0.

Note: Not compressing the data will increase the time required to fetch posture data.

Request Body

Output of the Resolve Host ID and the JWT token.

Request header:

Authorization

(Required) JWT encrypted token.

Note: The token received from the Authorization API and the token used in the second API need to be the input here.

lastEvaluationDate

(Optional) Compliance posture information records when the posture is equal to or greater than the specified date.

You may also specify the time.

The format for date and time is:

YYYY-MM-DD

or,

YYYY-MM-DDTHH:MM:SSZ (UTC/GMT).

lastScanDate

(Optional) Compliance posture information on the date on which an asset was last scanned.

The formats for date are:

lastScanDate=2021-12-17

lastScanDate=2021-12-17T18:48:16Z

lastScanDateFrom,

lastScanDateTo

(Optional) Compliance posture information of the assets scanned between these two dates, both dates included.

The format for dates is:

lastScanDateFrom=2022-09-30 or 2022-09-30T18:48:16Z

lastScanDateTo=2022-12-27 or 2022-12-27T20:48:16Z

Notes:

- You must specify both dates.

- You must not use these parameters with lastScanDate

statusChangedSince

(Optional) Compliance posture information records when the posture is changed in policy since the specified date. You may also specify the time.

The format for date and time is:

YYYY-MM-DD

or

YYYY-MM-DDTHH:MM:SSZ (UTC/GMT)

Get Posture Info (single policy ID)

Get Posture Info with lastEvaluationDate, without evidence, without compression, without lastScanDate

API Request

curl -X POST "https://gateway.<assigned URL>/pcrs/1.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0&lastEvaluationDate=2021-12-23"

-H "accept: */*"

-H "Authorization: Bearer <token>"

-H "Content-Type: application/json"

-d "[{\"policyId\":\"<POLICY ID>\",\"subscriptionId\":\"<SUBSCRIPTION ID>\",\"hostIds\":[\"<HOST ID1>\",\"<HOST ID2>\"]}]"

JSON Output

[

{

"id": xxx,

"instance": "os",

"policyId": "<POLICY ID>",

"controlId": "<CONTROL ID>",

"controlStatement": "Status of the 'banner motd' configuration command on the device",

"rationale": "The 'Message of the Day (banner motd)' command is used to provide a warning banner displayed when a

connection to the device is made BEFORE a user successfully authenticates to the device. The Message of the Day banner can be used to provide an acceptable use policy or warning prior to login notifying that all user activity may be monitored and potential legal consequences may result from unauthorized use. Run this check periodically to ensure content of the banner displayed is in compliance with the requirements and expectations driven by internal standards and/or policies.",

"remediation": "Execute following commands to set desired

banner message:\n1. configure terminal\n2. banner motd

'delimiting-character' 'message' 'delimiting-character'\n3.

exit\n\nc",

"controlReference": null,

"technologyId": xxx,

"status": "Error",

"previousStatus": "Error",

"firstFailDate": "",

"lastFailDate": "",

"firstPassDate": "2021-12-21T11:28:21Z",

"lastPassDate": "2021-12-21T11:29:22Z",

"postureModifiedDate": "2021-12-22T12:56:41Z",

"lastEvaluatedDate": "2021-12-23T05:32:40Z",

"created": "2022-02-21T13:10:13Z",

"hostId": "<HOST ID>",

"ip": "xx.xx.xx.xxx",

"trackingMethod": "IP",

"os": null,

"osCpe": "cpe:/o:cisco::7.0%283%29i2%282%29:::",

"dns": null,

"qgHostid": null,

"networkId": 0,

"networkName": "Global Default Network",

"complianceLastScanDate": "2021-12-22T12:49:59Z",

"customerUuid": "<CUSTOMER UUID>",

"customerId": "<CUSTOMER ID>",

"assetId": "<ASSET ID>",

"technology": {

"id": xxx,

"name": "Cisco NX-OS"

},

"criticality": {

"label": "CRITICAL",

"value": 4

},

"evidence": null,

"causeOfFailure": null,

"currentBatch": 1,

"totalBatches": 1

}

Get Posture Info without lastEvaluationDate, without evidence, without compression, without lastScanDate

User input: evidenceRequired=0 and compressionRequired=0

API Request

curl -X POST "https://gateway.<assigned URL>/pcrs/1.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0"

-H "accept: */*"

-H "Authorization: Bearer <token>"

-H "Content-Type: application/json"

-d "[{\"policyId\":\"xxx\",\"subscriptionId\":\"xxx\",\"hostIds\":

[\"xxx\"]}]"

JSON Output

[

{

"id": xxx,

"instance": "os",

"policyId": <POLICY ID>,

"controlId": <CONTROL ID>,

"technologyId": xx,

"status": "Failed",

"previousStatus": "Failed",

"firstFailDate": "2021-10-25T07:21:13Z",

"lastFailDate": "2021-10-29T07:52:41Z",

"firstPassDate": "",

"lastPassDate": "",

"postureModifiedDate": "2021-10-25T07:21:11Z",

"lastEvaluatedDate": "2021-10-29T07:52:41Z",

"created": "2021-10-29T07:54:26Z",

"hostId": <HOST ID>,

"ip": "xx.xx.xx.xx",

"trackingMethod": "IP",

"os": null,

"osCpe":

"cpe:/o:microsoft:windows_server_2012:r2::x64:",

"dns": "comdevsql2016",

"qgHostid": null,

"networkId": "0",

"networkName": "Global Default Network",

"complianceLastScanDate": "2021-10-28T16:57:58Z",

"customerUuid": "xxx",

"customerId": "xxx",

"assetId": "xxx",

"technology": {

"id": xx,

"name": "Windows Server 2012 R2"

},

"criticality": {

"label": "SERIOUS",

"value": 3

},

"evidence": null,

"causeOfFailure": {

"missing": {

"logic": null,

"value": [

  "1",

"Attribute not found",

"Unable to retrieve password policy"

]

},

"unexpected": {

"value": [

"0"

]

}

}

},

{

"id": xxx,

"instance": "os",

"policyId": <POLICY ID>,

"controlId": <CONTROL ID>,

"technologyId": "<TECHNOLOGY ID>",

"status": "Passed",

"previousStatus": "Passed",

"firstFailDate": "",

"lastFailDate": "",

"firstPassDate": "2021-10-25T07:21:13Z",

"lastPassDate": "2021-10-29T07:52:41Z",

"postureModifiedDate": "2021-10-25T07:21:11Z",

"lastEvaluatedDate": "2021-10-29T07:52:41Z",

"created": "2021-10-29T07:54:26Z",

"hostId": <HOST ID>,

"ip": "xx.xx.xx.xx",

"trackingMethod": "IP",

"os": null,

"osCpe":

"cpe:/o:microsoft:windows_server_2012:r2::x64:",

"dns": "comdevsql2016",

"qgHostid": null,

"networkId": "0",

"networkName": "Global Default Network",

"complianceLastScanDate": "2021-10-28T16:57:58Z",

"customerUuid": "xxxx",

"customerId": "<CUSTOMER ID>",

"assetId": "<ASSET ID>",

"technology": {

"id": xx,

"name": "Windows Server 2012 R2"

},

"criticality": {

  "label": "URGENT",

"value": 5

},

"evidence": null,

"causeOfFailure": null

}

]

Get Posture Info without lastEvaluationDate, without evidence, with compression, without lastScanDate

User input: evidenceRequired=0 & compressionRequired=1

API Request

curl -X POST "https://gateway.<assigned URL>/pcrs/1.0/posture/postureInfo?evidenceRequired=0&compressionRequired=1"

-H "accept: */*"

-H "Authorization: Bearer <token>"

-H "Content-Type: application/json"

-d "[{\"policyId\":\"xxx\",\"subscriptionId\":\"xxx\",\"hostIds\":

[\"xxx\"]}]"

JSON Output (Compressed)

‹ íÝ]sÚHÅñ¯ââ:Îê!Áݬí?uUoeIì8©š©©)

²C?D2S©|÷•p2Ž_ÖôÁý€ÿ»d?…~é´8:ýÛçÆ ßè„í(ÈÒfð¬1OË

7:?bÚxÖ¸,†ƒÞ߇Õ6Í(ŠÓ${Öè-ãrR

ëÇÂ0Kž5ʼ÷~\

‹‹ùviõHμ?r6-öñª;?æýz?“üã ˜MOî<s>˜LËÿtÃýnY¿lõа{û‘ùFõ?|}(

¢p7

v£äM?v¢° Æ¿~ýÁû¶j×[%Q§þ:ÿ?¦ål’-ýÁù

ïÿß]†ßvyð±;oeU[ÝÙôæ~{“¼Þèî--N Ô?¼¯^¸>DY«?´ÚÍêh_V?‡Áó0|ž-Ï›QμM9éö>

ÆGyù¾¨÷uøªz´ú,:ãÙpXÿiï²~½Ë¼ó¯¢3ô&Å´8/;Ÿ-ã~ñiúÇ4Ÿ|Ì'?DAu&Q§óW«Ù©

öÐ×G½WOEúùÇéŸÃêéVõèŸÿ-ÞS}

\í}oe—

ŸŠÉ‡úM6‚Æ???ÙÕ¯ùó°8ëwöóóîlXî¼¼z²þÍ‹ÑåpPŸ7/ªÃuÒëŽo©ìMØêÄíN’Ì?ÔlZ

£|r:?Ì_©?giž-»ÙYÔÚM³óóÝ,l&»A˜žeaë¼?¦çßýÔüÝEIPí»z´>?Ê«‡Â´?diý¾¯OÉFç

ê ¯OËñÕ¯ñîêHíoeÌ?ÔN}¤vŽ£Æ—

ú ?”ƒ^w8(ç?7ìžåÃêöŽß?îýô¢Úq}&TûhV?W't?ŸS¹:v½îlšÿr^Ÿ¸ÕÙuõè—

g7€…*°(lE ÀÜ€Eò´C€ìvrp|øËéÉμ¯x9_±î+ž~t_Gû‡§G×¼¢åx5—

àõðÿëW»Ÿ×?ÏÜæõ€oeû¶ºy†ßfx—

?¼àμ’áësc4˜N«Or¾§âbÐû¶å×?üÖ¨ßþOe9oeÍÊ|g\”;çÅl\£8wφùNYìLòêùüc¾sYý¢

Õáîï\‘lü^½‡Ù8ÿë2ïÍOºÏ×û

ª'¿Ü²?,ñ_Sæ~ØþÑmŸÿ|ðòÍ5íd¹¡³uƒ×ÑÉÉëõ‹·:Õ¹ÖOEãÎü‘êß‘·Ç?W{ûoû»çâf5

Þ €Oàü¼ü*ðèÛAÛ©

\;l-âLê?á}—@aC>À0óÏ°•Á †0T¶-Æ0„!

Ý&?Ãvð0C.¼Âp›.¾úª]?MBÄw¾›d,1ˆK#†Ì,aC…aìŸa0 †

æÃ&

aC?abÁpÁ—ÿ\à?á63tˆ×Õo÷mý—éwÙº.û„÷\öñŸë©h·a¡

ma„5Èõ¤-æ›0„¡ÂРד’ë?áv0ôtdb ëI‰õ …‚–Aª'‹PˆB

Get Posture Info without lastEvaluationDate, with evidence, with compression, without lastScanDate

User input: evidenceRequired=1 & compressionRequired=1

API Request

curl -X POST "https://gateway.<assigned URL>/pcrs/1.0/posture/postureInfo?evidenceRequired=1&compressionRequired=1"

-H "accept: */*" -H "Authorization: Bearer <token>"

-H "Content-Type: application/json"

-d "[{\"policyId\":\"xxx\",\"subscriptionId\":\"xxx\",\"hostIds\":[\"xxx\"]}]"

JSON Output (Compressed)

‹ í?[sÛFš@ÿ

JμöΈ ¼€|“%yâÄr SvR“ÌNQ$LaC4 ÚÖÌä¿o7HJ¼

ša‹"qR•*YÂμÑ}ú‚ßùõß'^ÿ¤mμª¦Ó¬™?=ñü(îú=÷¤} D'?=C¯wÿFlS«VífÝùëI/ð

ã0ÊßY–SÿëIìöîü`

’íšâ7âñ$ ǸîF‘Û—ÇÝ/^0‰:k?ùä…Qüºë

/º±<-øÕ°»ú›d#¹ËìWU³j?Zæiμ~c6ÛU«mÙ?Ÿí˜¶UKnU¯¶kÖß“{ŠâIè^}ï“çö3iÍyù¥

;oeˆ-Ö6]>n/tåFë?ÔÚõ†ÜàNoeX‘ÓhÕ?-š(í±ØØ2+–

Uiš•ZUl ‡ÝÞïž?¸rã»@ëÍμø-xm?2?ÊŸÎÇòzc·ý?A{äõÂ

>Åí¯žß¾FÿOEÜð‹?þ³jZÕvXm·¿5jmq„¾/K½OEúî—

èóPü¹!~ûyð?¸&Y¦G÷Ýøk þ./òÄ<yø÷»îHžóoÃà¶;4.ÜOÝÉ06ÞMÿ(ï<?‡ž¬7oEqu

z]?μ¤oe?«Ñ®‹²p’’šDq0rà /9S×všnÓ<un«?Ó¦óéÓ©cÕꧦռu¬Æ§®Õü´°WruÕº)

Ž-~+ëQ<ý•ÕlÕ?¦¼îÇ*yÒžVqY-ýémü<-)£“””!KÊx_=ùC>A/özÝ¡'û

»·îPìpþþÍÍ›ó³·âÀ²&ˆcÔÄÆ¢B÷ݤ©üûÄý6v{âÙ?”?–

ý›?áEÝÛ¡Û7^˜/?óOþ3~|o,þû7ÿÒŸmjånúÞt&·?¸÷†ÄƧ`â÷óvYÚ8)Ç0týx~-¿ž,^

êÉ?D‘öâIw8ÿû´fô½PÜa Þ¿öFú½é¯e‘u'‘ûã'Ù\E›šÿz+–*VªV£

Get Posture Info without lastEvaluationDate, with evidence, without compression, without lastScanDate

User input: evidenceRequired=1, compressionRequired=0

API Request

curl -X POST "https://gateway.<assigned URL>/pcrs/1.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0"

-H "accept: */*" -H "Authorization: Bearer <token>"

-H "Content-Type: application/json"

-d "[{\"policyId\":\"xxx\",\"xxx\":\"xxx\",\"hostIds\":[\"xxx\"]}]"

JSON Output

[

{

"id": xxx,

"instance": "os",

"policyId": <POLICY ID>,

"controlId": <CONTROL ID>,

"technologyId": <TECHNOLOGY ID>,

"status": "Failed",

"previousStatus": "Failed",

"firstFailDate": "2021-10-25T07:21:13Z",

"lastFailDate": "2021-10-29T07:52:41Z",

"firstPassDate": "",

"lastPassDate": "",

"postureModifiedDate": "2021-10-25T07:21:11Z",

"lastEvaluatedDate": "2021-10-29T07:52:41Z",

"created": "2021-10-29T07:55:26Z",

"hostId": <HOST ID>,

"ip": "xx.xx.xx.xx",

"trackingMethod": "IP",

"os": null,

"osCpe":

"cpe:/o:microsoft:windows_server_2012:r2::x64:",

"dns": "comdevsql2016",

"qgHostid": null,

"networkId": "0",

"networkName": "Global Default Network",

"complianceLastScanDate": "2021-10-28T16:39:55Z",

"customerUuid": "0a387e70-8b26-78ff-8145-017b816fa17f",

"customerId": "<CUSTOMER ID>",

"assetId": "<ASSET ID>",

"technology": {

"id": xx,

"name": "Windows Server 2012 R2"

},

"criticality": {

"label": "SERIOUS",

"value": 3

},

"evidence": {

"expectedValues": "\nAttribute not found\n---------

--- OR ------------\nUnable to retrieve password policy\n------

------ OR ------------\nequal to\n1",

"currentValues": [

"0"

],

"actualValues": null,

"directoryFimUdc": null

},

"causeOfFailure": {

"missing": {

"logic": null,

"value": [

"1",

"Attribute not found",

"Unable to retrieve password policy"

]

},

"unexpected": {

"value": [

"0"

]

}

}

},

{

"id": xx,

"instance": "MSSQL 2016:1:1433:MSSQLSERVER:PCDEV",

"policyId": "<POLICY ID>",

"controlId": "<CONTROL ID>",

"technologyId": "<TECHNOLOGY ID>",

"status": "Passed",

"previousStatus": "Passed",

"firstFailDate": "",

"lastFailDate": "",

"firstPassDate": "2021-10-25T07:21:13Z",

"lastPassDate": "2021-10-29T07:52:41Z",

"postureModifiedDate": "2021-10-25T07:21:11Z",

"lastEvaluatedDate": "2021-10-29T07:52:41Z",

"created": "2021-10-29T07:55:27Z",

"hostId": <HOST ID>,

"ip": "xx.xx.xx.xx",

"trackingMethod": "IP",

"os": null,

"osCpe":

"cpe:/o:microsoft:windows_server_2012:r2::x64:",

"dns": "comdevsql2016",

"qgHostid": null,

"networkId": "0",

"networkName": "Global Default Network",

"complianceLastScanDate": "2021-10-28T16:39:55Z",

"customerUuid": "<CUSTOMER UUID>",

"customerId": "<CUSTOMER ID>",

"assetId": "<ASSET ID>",

"technology": {

"id": xx,

"name": "Microsoft SQL Server 2016"

},

"criticality": {

"label": "SERIOUS",

"value": 3

},

"evidence": {

"expectedValues": "\nGrantees not found\n----------

-- OR ------------\nmatches regular expression list\n.*",

"currentValues": [

"Grantees not found"

],

"actualValues": null,

"directoryFimUdc": null

},

"causeOfFailure": null

}

]

Get Posture Info (multiple policy IDs) with lastEvaluationDate, with evidence, without compression, without lastScanDate

User input: evidenceRequired=1 & compressionRequired=0

API Request

curl -X POST "https://gateway.<assigned URL>/pcrs/1.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0&lastEvaluationDate=2021-12-27T15:35:22Z"

-H "accept: /"

-H "Authorization: Bearer <token>"

-H "Content-Type:application/json"

-d "[{\"policyId\":\"<Policy_ID>\",\"subscriptionId\":\"<Subscription_ID>\",\"hostIds\":[\"<Host_ID1>\"]},{\"policyId\":\"policyId1\",\"subscriptionId\":\"<Subscription_ID\",\"hostIds\":[\"<HOST_ID1>\"]}]"

JSON Output

[

{

"id": xx,

"instance": "os",

"policyId": <POLICY_ID>,

"controlId": <CONTROL_ID,

"controlStatement": "Status of the 'Minimum Password Length' setting",

"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.", "remediation": "To establish the recommended configuration via GP, set the following UI path to 14 or more character(s):\n\n\tComputer Configuration\\Policies\\Windows

Settings\\Security Settings\\Account Policies\\Password

Policy\\Minimum password length",

"controlReference": null,

"technologyId": xx,

"status": "Passed",

"previousStatus": "Passed",

"firstFailDate": "",

"lastFailDate": "",

"firstPassDate": "2021-10-12T13:12:26Z",

"lastPassDate": "2021-12-27T15:35:22Z",

"postureModifiedDate": "2021-10-12T13:12:26Z",

"lastEvaluatedDate": "2021-12-27T15:35:22Z",

"created": "2022-02-24T14:21:06Z",

"hostId": xx,

"ip": "xx.xx.xx.xx",

"trackingMethod": "DNS Hostname",

"os": xx,

"osCpe": "cpe:/o:microsoft:windows_2003_server::sp2::",

"dns": "client5-25-244.root.vuln.qa.qualys.com",

"qgHostid": xx,

"networkId": xx,

"networkName": "Global Default Network",

"complianceLastScanDate": "2021-12-27T15:31:18Z",

"customerUuid": "xx",

"customerId": "xx",

"assetId": xx,

"technology": {

"id": xx,

"name": "Windows 2003 Server"

},

"criticality": {

"label": "CRITICAL",

"value": xx

},

"evidence": {

"expectedValues": "\ngreater than or equal to\n0",

"currentValues": [

"1"

],

"actualValues": null,

"directoryFimUdc": null

},

"causeOfFailure": null,

"currentBatch": xx,

"totalBatches": xx

},

{

"id": xx,

"instance": "os",

"policyId": <POLICY_ID>,

"controlId": <CONTROL_ID>,

"controlStatement": "Status of the

'net.ipv4.conf.all.send_redirects' setting within the

'/etc/sysctl.conf' file",

"rationale": "The 'net.ipv4.conf.all.send_redirects' network parameter (/etc/sysctl.conf) allows ICMP routing redirection. If the system is not going to be used as a firewall or gateway to pass network traffic, and this parameter is not disabled, malicious users may attempt to spoof source addresses or redirect traffic to a host with a network sniffer, so this value should be set according to the needs of the business.",

"remediation": "Set the following parameters in the /etc/sysctl.conf file:\n\n# net.ipv4.conf.all.send_redirects = 0\n\nOR \nRun the following commands to set the active kernel parameters:

\n# sysctl -w net.ipv4.conf.all.send_redirects=0\n#

sysctl -w net.ipv4.route.flush=1",

"controlReference": null,

"technologyId": 80,

"status": "Passed",

"previousStatus": "Passed",

"firstFailDate": "",

"lastFailDate": "",

"firstPassDate": "2022-02-11T12:54:23Z",

"lastPassDate": "2022-02-11T12:54:23Z",

"postureModifiedDate": "2022-02-11T12:54:23Z",

"lastEvaluatedDate": "2022-02-11T12:54:23Z",

"created": "2022-02-24T14:21:06Z",

"hostId": xx,

"ip": "xx.xx.xx.xx",

"trackingMethod": "IP",

"os": null,

"osCpe": "cpe:/o:centos:centos_linux:7.6.1810:::",

"dns": null,

"qgHostid": null,

"networkId": 0,

"networkName": "Global Default Network",

"complianceLastScanDate": "2022-02-11T12:47:29Z",

"customerUuid": "xx",

"customerId": "xx",

"assetId": xx,

"technology": {

"id": xx,

"name": "CentOS 7.x"

},

"criticality": {

"label": "CRITICAL",

"value": 4

},

"evidence": {

"expectedValues": "\nSetting not found\n------------ OR

------------\nFile not found\n------------ OR ------------

\nmatches regular expression list\n.*",

"currentValues": [

"Setting not found"

],

"actualValues": null,

"directoryFimUdc": null

},

"causeOfFailure": null,

"currentBatch": 1,

"totalBatches": 1

}

]

Get Posture Info without lastEvaluationDate, without evidence, without compression, without lastScanDate

User Input: evidenceRequired=0 & compressionRequired=0

API Request

curl -X POST "https://gateway.<assigned URL>/pcrs/1.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0"

-H "accept: */*"

-H "Authorization: Bearer <token>"

-H "Content-Type: application/json"

-d

"[{\"policyId\":\"xx\",\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]},{\"policyId\":\"policyId1\"subscriptionId\":\"xx\",\"ho

stIds\":[\"xx\"]}]"

JSON Output

[

{

"id": xx,

"instance": "os",

"policyId": "<POLICY ID>",

"controlId": "<CONTROL ID>",

"technologyId": "<TECHNOLOGY ID>",

"status": "Passed",

"previousStatus": "Passed",

"firstFailDate": "",

"lastFailDate": "",

"firstPassDate": "2021-10-14T11:19:31Z",

"lastPassDate": "2021-10-18T06:17:29Z",

"postureModifiedDate": "2021-10-14T11:19:30Z",

"lastEvaluatedDate": "2021-10-18T06:17:29Z",

"created": "2021-10-29T08:38:14Z",

"hostId": "<HOST ID>",

"ip": "xx.xx.xx.xx",

"trackingMethod": "IP",

"os": null,

"osCpe": "cpe:/o:cisco:asa:9.2%284%29:::",

"dns": null,

"qgHostid": null,

"networkId": "0",

"networkName": "Global Default Network",

"complianceLastScanDate": "2021-10-14T09:37:38Z",

"customerUuid": "<CUSTOMER UUID>",

"customerId": "<CUSTOMER ID>",

"assetId": "<ASSET ID>",

"technology": {

"id": xx,

"name": "Cisco ASA 9.x"

},

"criticality": {

"label": "MEDIUM",

"value": 2

},

"evidence": null,

"causeOfFailure": null

},

{

"id": xx,

"instance": "os",

"policyId": "<POLICY ID>",

"controlId": "<CONTROL ID>",

"technologyId": "<TECHNOLOGY ID>",

"status": "Passed",

"previousStatus": "Passed",

"firstFailDate": "",

"lastFailDate": "",

"firstPassDate": "2021-10-25T07:21:13Z",

"lastPassDate": "2021-10-29T08:38:10Z",

"postureModifiedDate": "2021-10-25T07:21:11Z",

"lastEvaluatedDate": "2021-10-29T08:38:10Z",

"created": "2021-10-29T08:38:14Z",

"hostId": "<HOST ID>",

"ip": "xx.xx.xx.xx",

"trackingMethod": "IP",

"os": null,

"osCpe":

"cpe:/o:microsoft:windows_server_2012:r2::x64:",

"dns": "comdevsql2016",

"qgHostid": null,

"networkId": "0",

"networkName": "Global Default Network",

"complianceLastScanDate": "2021-10-28T16:53:14Z",

"customerUuid": "0a387e70-8b26-78ff-8145-017b816fa17f",

"customerId": "<CUSTOMER ID>",

"assetId": "<ASSET ID>",

"technology": {

"id": xx,

"name": "Windows Server 2012 R2"

},

"criticality": {

"label": "CRITICAL",

"value": 4

},

"evidence": null,

"causeOfFailure": null

},

{

"id": 19235413,

"instance": "MSSQL 2016:1:1433:MSSQLSERVER:DB",

"policyId": "<POLICY ID>",

"controlId": "<CONTROL ID>",

"technologyId": "<TECHNOLOGY ID>",

"status": "Passed",

"previousStatus": "Passed",

"firstFailDate": "",

"lastFailDate": "",

"firstPassDate": "2021-10-28T16:53:06Z",

"lastPassDate": "2021-10-29T08:38:10Z",

"postureModifiedDate": "2021-10-28T16:53:06Z",

"lastEvaluatedDate": "2021-10-29T08:38:10Z",

"created": "2021-10-29T08:38:15Z",

"hostId": "<HOST ID>",

"ip": "xx.xx.xx.xx",

"trackingMethod": "IP",

"os": null,

"osCpe":

"cpe:/o:microsoft:windows_server_2012:r2::x64:",

"dns": "comdevsql2016",

"qgHostid": null,

"networkId": "0",

"networkName": "Global Default Network",

"complianceLastScanDate": "2021-10-28T16:53:14Z",

"customerUuid": "<CUSTOMER UUID>",

"customerId": "<CUSTOMER ID>",

"assetId": "<ASSET ID>",

"technology": {

"id": xx,

"name": "Microsoft SQL Server 2016"

},

"criticality": {

"label": "MEDIUM",

"value": 2

},

"evidence": null,

"causeOfFailure": null

}

]

Get Posture Info without lastEvaluationDate, with evidence, without compression, without lastScanDate

User input: evidenceRequired=1 & compressionRequired=0

API Request

curl -X POST "https://gateway.<assigned URL>/pcrs/1.0/posture/postureInfo?evidenceRequired=1&compressionRequired=0"

-H "accept: */*"

-H "Authorization: Bearer <token>"

-H "Content-Type: application/json"

-d "[{\"policyId\":\"xx\",\"subscriptionId\":\"xx\",\"hostIds\":[\"xx\"]},{\"policyId\":\"policyId1\",\"subscriptionId\":\"xx\",\

"hostIds\":[\"xx\"]}]"

JSON Output

[

{

"id": xx,

"instance": "os",

"policyId": "<POLICY ID>",

"controlId": "<CONTROL ID>",

"technologyId": "<TECHNOLOGY ID>",

"status": "Passed",

"previousStatus": "Passed",

"firstFailDate": "",

"lastFailDate": "",

"firstPassDate": "2021-10-14T11:19:31Z",

"lastPassDate": "2021-10-18T06:17:29Z",

"postureModifiedDate": "2021-10-14T11:19:30Z",

"lastEvaluatedDate": "2021-10-18T06:17:29Z",

"created": "2021-10-29T08:40:38Z",

"hostId": "<HOST ID>",

"ip": "xx.xx.xx.xx",

"trackingMethod": "IP",

"os": null,

"osCpe": "cpe:/o:cisco:asa:9.2%284%29:::",

"dns": null,

"qgHostid": null,

"networkId": "0",

"networkName": "Global Default Network",

"complianceLastScanDate": "2021-10-14T09:37:38Z",

"customerUuid": "<CUSTOMER UUID>",

"customerId": "<CUSTOMER ID>",

"assetId": "<ASSET ID>",

"technology": {

"id": xx,

"name": "Cisco ASA 9.x"

},

"criticality": {

"label": "MEDIUM",

"value": 2

},

"evidence": {

"expectedValues": "\nFilter 2 not found:

^[\\*\\.\\d]\n------------ OR ------------\nFilter 1 not found:

show clock detail\n------------ OR ------------\nmatches

regular expression list\n.*",

"currentValues": [

"show clock detail:08:26:29.074 pdt Thu Oct 14

2021"

],

"actualValues": null,

"directoryFimUdc": null

},

"causeOfFailure": null

},

{

  "id": xx,

"instance": "MSSQL 2016:1:1433:MSSQLSERVER:DB",

"policyId": "<POLICY ID>",

"controlId": "<CONTROL ID>",

"technologyId": xx,

"status": "Passed",

"previousStatus": "Passed",

"firstFailDate": "",

"lastFailDate": "",

"firstPassDate": "2021-10-28T16:53:06Z",

"lastPassDate": "2021-10-29T08:39:07Z",

"postureModifiedDate": "2021-10-28T16:53:06Z",

"lastEvaluatedDate": "2021-10-29T08:39:07Z",

"created": "2021-10-29T08:40:46Z",

"hostId": "<HOST ID>",

"ip": "xx.xx.xx.xx",

"trackingMethod": "IP",

"os": null,

"osCpe":

"cpe:/o:microsoft:windows_server_2012:r2::x64:",

"dns": "comdevsql2016",

"qgHostid": null,

"networkId": "0",

"networkName": "Global Default Network",

"complianceLastScanDate": "2021-10-28T16:57:58Z",

"customerUuid": "<CUSTOMER UUID>",

"customerId": "<CUSTOMER ID>",

"assetId": "<ASSET ID>",

"technology": {

"id": xx,

"name": "Microsoft SQL Server 2016"

},

"criticality": {

"label": "MEDIUM",

"value": 2

},

"evidence": {

"expectedValues": "\nSet status to PASS if no data

found\n------------ OR ------------\nmatches regular expression

list\n.*",

"currentValues": [

"Error Code 35:Failed to execute database query"

],

"actualValues": null,

"directoryFimUdc": null

},

"causeOfFailure": null

}

]

Get Posture Info without lastEvaluationDate, without evidence, with compression, with lastScanDate

User input: evidenceRequired=0 & compressionRequired=1 & lastScanDateRequired=1

API Request

Curl-X POST

"https://gateway.xxx.eng.xxx.qualys.com/pcrs/1.0/posture/postureInfo?evidenceRequired=0&compressionRequired=1&lastEvaluationDate=202

1-12-17T18:48:16Z&lastScanDate=2021-12-17T18:48:16Z"

-H "accept: */*"

-H "Content-Type: application/json"

-d "[{\"policyId\":\"<POLICY ID>\",\"subscriptionId\":\"<SUBCRIPTION ID>\",\"hostIds\":[\"<HOST ID>\"]}]"

JSON Output

[

{

"id": <HOST INSTANCE ID>,

"instance": "os",

"policyId": <POLICY ID>,

"controlId": <CONTROL ID>,

"controlStatement": "Status of the 'Minimum Password Length' setting", "rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly

considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.", "remediation": "To specify password length requirements for new accounts, edit the file \"/etc/login.defs\" and add or correct the

following lines: \n\nPASS_MIN_LEN <required value>\n\nexample:\n\nPASS_MIN_LEN 14\n\n\nNote:\nThe DoD requirement is

\"14\". If a program consults \"/etc/login.defs\" and also another PAM module (such as \"pam_cracklib\") during a password change operation, then the most restrictive must be satisfied.",

"controlReference": null,

"technologyId": <TECHNOLOGY ID>,

"status": "Passed",

"previousStatus": "Passed",

"firstFailDate": "",

"lastFailDate": "",

"firstPassDate": "2021-12-23T08:20:23Z",

"lastPassDate": "2022-02-02T11:54:20Z",

"postureModifiedDate": "2021-12-23T08:20:22Z",

"lastEvaluatedDate": "2022-02-02T11:54:20Z",

"created": "2022-07-11T11:53:46Z",

"hostId": <HOST ID>,

"CLOUD_RESOURCE_ID": "<CLOUD RESOURCE ID>",

"ip": "xx.xx.xx.xxx",

"trackingMethod": "EC2",

"os": "Red Hat Enterprise Linux 8.3",

"osCpe": null,

"dns": "ip-xx-xx-xx-xxx.af-south-1.compute.internal",

"qgHostid": null,

"networkId": 0,

"networkName": "Global Default Network",

"complianceLastScanDate": "2021-12-23T12:59:04Z",

"customerUuid": "<CUSTOMER UUID>",

"customerId": "<CUSTOMER ID>",

"assetId": <ASSET ID>,

"technology": {

"id": 217,

"name": "Red Hat Enterprise Linux 8.x"

},

"criticality": {

"label": "CRITICAL",

"value": 4

},

"evidence": null,

"causeOfFailure": null,

"currentBatch": 8,

"totalBatches": 12

},

]

Get Posture Info without evidence, without compression, with statusChangedSince=2021-12-23

API Request

curl -X POST

"https://gateway.<assigned

URL>/pcrs/1.0/posture/postureInfo?evidenceRequired=0&compressionRequired=0&statusChangedSince=2021-12-23" -H "accept: */*" -H

"Authorization: Bearer <token>" -H "Content-Type:

application/json" -d

"[{\"policyId\":\"<POLICYID>\",\"subscriptionId\":\"<SUBSCRIPTIONI

D>\",\"hostIds\":[\"<HOST ID1>\",\"<HOST ID2>\"]}]"

JSON Output

[

    {

        "id": 24705485,

        "instance": "os",

        "policyId": <POLICY ID>,

        "policyTitle": "pcas_win16_redhat7 tech",

        "netBios": "<NETBIOS>",

        "controlId": 1071,

        "controlStatement": "Status of the 'Minimum Password Length' setting",

        "rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement.  Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password.  While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.",

        "remediation": "To establish the recommended configuration via GP, set the following UI path to 14 or more character(s):\n\n\tComputer Configuration\\Policies\\Windows Settings\\Security Settings\\Account Policies\\Password Policy\\Minimum password length",

        "controlReference": null,

        "technologyId": 106,

        "status": "Passed",

        "previousStatus": "Passed",

        "firstFailDate": "",

        "lastFailDate": "",

        "firstPassDate": "2022-11-09T12:50:12Z",

        "lastPassDate": "2022-12-06T06:42:21Z",

        "postureModifiedDate": "2022-11-09T12:50:12Z",

        "lastEvaluatedDate": "2022-12-06T06:42:21Z",

        "created": "2022-12-07T07:35:56Z",

        "hostId": <HOST ID>,

        "CLOUD_RESOURCE_ID": null,

        "ip": "xx.xx.xx.xxx",

        "trackingMethod": "IP",

        "os": null,

        "osCpe": "cpe:/o:microsoft:windows_server_2016:1607::x64:",

        "domainName": "<DOMAIN NAME>",

        "dns": "<DNS>",

        "qgHostid": null,

        "networkId": 0,

        "networkName": "Global Default Network",

        "complianceLastScanDate": "2022-08-23T04:57:05Z",

        "customerUuid": "<CUSTOMER UUID>",

        "customerId": "<CUSTOMER ID>",

        "assetId": <ASSET ID>,

        "technology": {

            "id": 106,

            "name": "Windows 2016 Server"

        },

        "criticality": {

            "label": "high updated",

            "value": 5

        },

        "evidence": {

            "expectedValues": "\nAttribute not found\n------------ OR ------------\ngreater than or equal to\n0",

            "currentValues": [

                "6"

            ],

            "actualValues": null,

            "directoryFimUdc": null

        },

        "causeOfFailure": null,

        "currentDataSizeKB": "2.41",

        "totalDataSizeKB": "2.41",

        "currentBatch": 1,

        "totalBatches": 1

    },

]

 

Related Topics

PC Posture Streaming APIs

Get Policy IDs

Resolve Host IDs