/api/2.0/fo/auth/mysql/
[POST]
Create, update, list and delete MySQL records for authenticated scans of MySQL Server instances. Vulnerability and compliance scans are supported (using VM, PC).
Requirement - You must configure authentication credentials on target hosts.
Download Qualys User Guide - MySQL Authentication (.zip)
Parameter |
Description |
action={action} |
(Required) Specify create, update, delete (using POST) or list (using GET or POST). See List Auth Records for type |
echo_request={0|1} |
(Optional) Specify 1 to view (echo) input parameters in the XML output. By default these are not included. |
ids={value} |
(Required to update or delete record) Record IDs to update/delete. Specify record IDs and/or ID ranges (for example, 1359-1407). Multiple entries are comma separated. |
title={value} |
(Required to create record) A title for the record. The title must be unique. Maximum 255 characters (ascii). |
comments={value} |
(Optional to create or update record) User defined comments. Maximum of 1999 characters. |
MySQL |
|
ssl_verify={0|1} |
(Optional to create or update record, and valid for server that supports SSL) Specify 1 for a complete SSL certificate validation. - If unspecified (or ssl_verify=0), Qualys scanners authenticate with MySQL Servers that don't use SSL or MySQL servers that use SSL. However, in the SSL case, the server SSL certificate verification will be skipped. - If ssl_verify=1, the Qualys scanners will only send a login request after verifying that a connection the MySQL server uses SSL, the server SSL certificate is valid and matches the scanned host. |
hosts={value} |
(Optional to create or update record) A list of FQDNs for the hosts that correspond to all host IP addresses on which a custom SSL certificate signed by a trusted root CA is installed. Multiple hosts are comma separated. |
database={value} |
(Required to create orecord) The database name to authenticate to. Specify a valid MySQL database name. |
port={value} |
(Required to create record) The port the database name is running on. |
windows_config_file={value} |
(Optional to create or update record) The path to the Windows MySQL config file. Access to this config file is required to run certain checks on Windows hosts. |
unix_config_file={value} |
(Optional to create or update record) The path to the Unix MySQL config file. Access to this config file is required to run certain checks on Unix hosts. |
client_cert={value} |
(Optional to create or update record) PEM-encoded X.509 certificate. Specify if certificate authentication is required by your server to establish an SSL connection. |
client_key={value} |
(Optional to create or update record) PEM-encoded RSA private key. Specify if certificate authentication is required by your server to establish an SSL connection. |
Login Credentials |
|
username={value} |
(Required to create record, optional to update record, when login_type=basic) The username of the account to be used for authentication. If password is specified this is the username of a MySQL account. If login_type=vault is specified, this is the username of a vault account. |
password={value} |
(Required to create record, optional to update record, when login_type=basic) The password to be used for authentication to MySQL server. Maximum 100 characters (ascii). |
Vault |
|
login_type={basic|vault} |
(Optional) The login type is basic by default. Specify login_type=vault to use an authentication vault. |
vault_id={value} |
(Required only when action=create and login_type= vault) The ID of the vault you want to use. |
vault_type={value} |
(Required only when action=create and login_type= vault) The vault to be used for authentication. For MySQL authentication, valid values are: BeyondTrust PBPS, CyberArk AIM, CyberArk PIM Suite, Quest Vault, Thycotic Secret Server |
{vault parameters} |
(Required only when action=create and login_type=vault) Vault specific parameters required depend on the vault type you've selected. See Vault Parameters |
|
|
Target Hosts |
|
ips={value} |
(Required to create record) The IP address(es) the server will log into using the record’s credentials. Multiple entries are comma separated. (Optional to update record) IPs specified will overwrite existing IPs in the record, and existing IPs will be removed. |
add_ips={value} |
(Optional to update record) Add IPs to the IPs list for this record. Multiple IPs/ranges are comma separated. |
remove_ips={value} |
(Optional to update record) IPs to be removed from your record. You may enter a combination of IPs and ranges. Multiple entries are comma separated. This parameter and the ips or member_domain parameter cannot be specified in the same request. |
network_id={value} |
(Optional to create or update record, and valid when the networks feature is enabled) The network ID for the record. |
API request
curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -d "action=create&ips=10.10.10.181&username=USERNAME&title=NewMySQLRecord&ssl_verify=1&hosts=www.test.com&login_type=vault&vault_type=Thycotic Secret Server&vault_id=166638&secret_name=secret&comments=test comments&port=22&database=mysql&windows_config_file=c:\mysql\myu.ini" "https://qualysapi.qualys.com/api/2.0/fo/auth/mysql/"
XML output
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE BATCH_RETURN SYSTEM "https://qualysapi.qualys.com/api/2.0/batch_return.dtd">
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2018-07-17T21:14:05Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Created</TEXT>
<ID_SET>
<ID>272380</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API request
curl -u "USERNAME:PASSWORD" -H "X-Requested-With: Curl" -X "POST" -d "action=update&ids=137296922&password=NEWPASSWORD"
"https://qualysapi.qualys.com/api/2.0/fo/auth/mysql/"
XML output
<BATCH_RETURN>
<RESPONSE>
<DATETIME>2018-01-23T17:14:28Z</DATETIME>
<BATCH_LIST>
<BATCH>
<TEXT>Successfully Updated</TEXT>
<ID_SET>
<ID>137296922</ID>
</ID_SET>
</BATCH>
</BATCH_LIST>
</RESPONSE>
</BATCH_RETURN>
API request
curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -d "action=list&ids=284212" "https://qualysapi.qualys.com/api/2.0/fo/auth/mysql/"
XML output
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE AUTH_MYSQL_LIST_OUTPUT SYSTEM "https://qualysapi.qualys.com/api/2.0/fo/auth/mysql/auth_mysql_list_output.dtd">
<AUTH_MYSQL_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2018-07-17T17:09:18Z</DATETIME>
<AUTH_MYSQL_LIST>
<AUTH_MYSQL>
<ID>284212</ID>
<TITLE><![CDATA[api-Thycotic Secret Server_tss]]></TITLE>
<USERNAME><![CDATA[test_tss]]></USERNAME>
<DATABASE><![CDATA[mysql]]></DATABASE>
<PORT>22</PORT>
<HOSTS>
<HOST><![CDATA[www.test.com]]></HOST>
</HOSTS>
<IP_SET>
<IP>10.10.10.181</IP>
</IP_SET>
<LOGIN_TYPE><![CDATA[vault]]></LOGIN_TYPE>
<DIGITAL_VAULT>
<DIGITAL_VAULT_ID><![CDATA[166638]]></DIGITAL_VAULT_ID>
<DIGITAL_VAULT_TYPE><![CDATA[Thycotic Secret Server]]></DIGITAL_VAULT_TYPE>
<DIGITAL_VAULT_TITLE><![CDATA[3_Secret Server]]></DIGITAL_VAULT_TITLE>
<VAULT_SECRET_NAME><![CDATA[secret]]></VAULT_SECRET_NAME>
</DIGITAL_VAULT>
<SSL_VERIFY>true</SSL_VERIFY>
<WINDOWS_CONF_FILE><![CDATA[c:\mysql\myu.ini]]></WINDOWS_CONF_FILE>
<UNIX_CONF_FILE><![CDATA[]]></UNIX_CONF_FILE>
<NETWORK_ID>0</NETWORK_ID>
<CREATED>
<DATETIME>2018-07-16T21:53:55Z</DATETIME>
<BY>seenu_yn</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2018-07-16T21:55:05Z</DATETIME>
</LAST_MODIFIED>
<COMMENTS><![CDATA[test comments]]></COMMENTS>
</AUTH_MYSQL>
</AUTH_MYSQL_LIST>
</RESPONSE>
</AUTH_MYSQL_LIST_OUTPUT>
<platform API server>/api/2.0/batch_return.dtd
<platform API server>/api/2.0/fo/auth/mysql/auth_mysql_list_output.dtd