Policy Merge

/api/2.0/fo/compliance/policy/

[GET]  [POST]

Use the parameter action=merge to merge (combine) 2 or more compliance policies. You can choose to merge some or all parts of a new policy into an existing one. Also you can preview merge changes before saving them.

Permissions - Manager and Auditors

Input Parameters

Parameter

Description

action=merge

(Required) Specifies the action type for merging the policies.

ids={value}

(Required) The ID of the policy that will be updated with merged content (let’s call this Policy A).

merge_policy_id={value} -or-

policy XML data

(Required) Tell us the policy with the content that will be merged into Policy A (let’s call this Policy B). You can specify a policy ID using “merge_policy_id” or policy XML data. To upload XML data, use this syntax: --data-binary @path_to_xml_file.xml

The policy XML data and replace_asset_groups options are mutually exclusive.

replace_cover_page={0|1}

(Optional) Set replace_cover_page=1 to replace the cover page in Policy A with the cover page in Policy B.

replace_asset_groups={0|1}

(Optional) Set replace_asset_groups=1 to replace asset groups in Policy A with asset groups in Policy B.

The policy XML data and replace_asset_groups options are mutually exclusive.

add_asset_groups={0|1}

(Optional) Set add_asset_groups=1 to add new asset groups, i.e. add asset groups from Policy B if they are not already present in Policy A.

add_new_technologies={0|1}

(Optional) Set add_new_technologies=1 to add new technologies, i.e. add technologies from Policy B if they are not already in Policy A

add_new_controls={0|1}

(Optional) Set add_new_controls=1 to add new controls, i.e. add controls from Policy B if they are not already in Policy A.

update_section_heading={0|1}

(Optional) Set update_section_heading=1 to replace the section heading in Policy A with the one in Policy B, based on section number (applies only to common sections).

This parameter must be specified with: add_new_controls or update_existing_controls.

update_existing_controls={0|1}

(Optional) Set update_existing_controls=1 to replace the common controls in Policy A with the ones in Policy B. These are controls that exist in both policies. (Controls will not be removed).

preview_merge={0|1}

(Optional) Set preview_merge= 1 to view the changes merged into Policy A without saving them.

 

Sample - Preview merged policies

Policy ID 15993 (Policy A) will be updated with content merged from policy ID 15994 (Policy B) and the XML output will show the merged policy in preview mode. Policy changes will not be saved in Policy 15993 since the request includes “preview_merge=1”.

API request

https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/?action=merge&id=15993&merge_policy_id=15994&replace_cover_page=1&add_new_asset_groups=1&add_new_technologies=1&update_section_heading=1&add_new_controls=1&update_existing_controls=1&preview_merge=1

XML output

<!DOCTYPE POLICY_MERGE_RESULT_OUTPUT SYSTEM "https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/policy_merge_result_output.dtd">

 

<POLICY_MERGE_RESULT_OUTPUT>

  <RESPONSE>

    <DATETIME>2018-12-24T05:28:04Z</DATETIME>

    <POLICY_MERGE_RESULT>

      <NOTE>Policy changes were not merged or saved since the request had preview_merge=1.</NOTE>

      <NEW_COVER_PAGE><![CDATA[My Cover Page]]></NEW_COVER_PAGE>

      <ASSET_GROUPS_ADDED>

        <ASSET_GROUP>

          <ID>424422</ID>

          <NAME><![CDATA[<script>alert("xss");</script>]]></NAME>

        </ASSET_GROUP>

        <ASSET_GROUP>

          <ID>424577</ID>

          <NAME><![CDATA[10.10.32.26]]></NAME>

        </ASSET_GROUP>

      </ASSET_GROUPS_ADDED>

      <TECHNOLOGIES_ADDED>

        <TECHNOLOGY>

          <ID>1</ID>

          <NAME>Windows XP desktop</NAME>

        </TECHNOLOGY>

      </TECHNOLOGIES_ADDED>

      <SECTIONS_UPDATED>

        <SECTION>

          <ID>1</ID>

          <HEADING><![CDATA[First section]]></HEADING>

        </SECTION>

        <SECTION>

          <ID>2</ID>

          <HEADING><![CDATA[Second section]]></HEADING>

        </SECTION>

      </SECTIONS_UPDATED>

      <SECTIONS>

        <SECTION>

          <ID>1</ID>

          <CONTROLS_UPDATED>

            <CONTROL>

              <ID>1061</ID>

            </CONTROL>

          </CONTROLS_UPDATED>

        </SECTION>

        <SECTION>

          <ID>2</ID>

          <CONTROLS_ADDED>

            <CONTROL>

              <ID>1045</ID>

            </CONTROL>

            <CONTROL>

              <ID>1048</ID>

            </CONTROL>

          </CONTROLS_ADDED>

        </SECTION>

      </SECTIONS>  

    </POLICY_MERGE_RESULT>

  </RESPONSE>

</POLICY_MERGE_RESULT_OUTPUT>

Sample - Save merged policies

Policy ID 15993 (Policy A) will be updated with content merged from policy ID 15994 (Policy B). The merged policy will be saved in policy 15993.

API request

https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/?action=merge&id=15993&merge_policy_id=15994&replace_cover_page=1&add_new_asset_groups=1&add_new_technologies=1&update_section_heading=1&add_new_controls=1&update_existing_controls=1&preview_merge=0

XML output

<!DOCTYPE POLICY_MERGE_RESULT_OUTPUT SYSTEM "https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/policy_merge_result_output.dtd">

 

<POLICY_MERGE_RESULT_OUTPUT>

  <RESPONSE>

    <DATETIME>2013-12-24T05:31:26Z</DATETIME>

    <POLICY_MERGE_RESULT>

      <NOTE>Policy changes have been merged successfully.</NOTE>

      <NEW_COVER_PAGE><![CDATA[My Cover Page]]></NEW_COVER_PAGE>

      <ASSET_GROUPS_ADDED>

        <ASSET_GROUP>

          <ID>424422</ID>

...

    </POLICY_MERGE_RESULT>

  </RESPONSE>

</POLICY_MERGE_RESULT_OUTPUT>

Sample - Pass policy XML, preview merged policy

Policy ID 15993 (Policy A) will be updated with content merged from the policy defined in the file “path_to_policy_xml_file.xml.” The merged changes will not be saved in policy 15993 since the request includes “preview_merge=1”.

API request

curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -H "Content-type: text/xml" "https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/?

action=merge&id=15993&replace_cover_page=1&replace_asset_groups=1&add_new_technologies=1&update_section_heading=1&add_new_controls=1&update_existing_controls=1&preview_merge=1" --data-binary @/home/aamin/PC_XML/path_to_policy_xml_file.xml>

XML output

<?xml version="1.0" encoding="UTF-8" ?>

<!DOCTYPE POLICY_MERGE_RESULT_OUTPUT SYSTEM

"https://qualysapi.qualys.com/api/2.0/fo/compliance/policy/policy_merge_result_output.dtd">

<POLICY_MERGE_RESULT_OUTPUT>

  <RESPONSE>

    <DATETIME>2018-04-24T05:38:26Z</DATETIME>

    <POLICY_MERGE_RESULT>

      <NOTE>Policy changes were not merged or saved since the request had preview_merge=1.</NOTE>

      <NEW_COVER_PAGE><![CDATA[My Cover Page]]></NEW_COVER_PAGE>

      <SECTIONS_UPDATED>

        <SECTION>

          <ID>1</ID>

          <HEADING><![CDATA[First section]]></HEADING>

        </SECTION>

        <SECTION>

          <ID>2</ID>

          <HEADING><![CDATA[Second section]]></HEADING>

        </SECTION>

      </SECTIONS_UPDATED>

      <SECTIONS>

        <SECTION>

          <ID>1</ID>

          <CONTROLS_UPDATED>

            <CONTROL>

              <ID>1061</ID>

            </CONTROL>

          </CONTROLS_UPDATED>

        </SECTION>

        <SECTION>

          <ID>2</ID>

          <CONTROLS_ADDED>

            <CONTROL>

              <ID>1045</ID>

            </CONTROL>

            <CONTROL>

              <ID>1048</ID>

            </CONTROL>

          </CONTROLS_ADDED>

        </SECTION>

      </SECTIONS>

    </POLICY_MERGE_RESULT>

  </RESPONSE>

</POLICY_MERGE_RESULT_OUTPUT>

DTD

<platform API server>/api/2.0/fo/compliance/policy/policy_merge_result_output.dtd