Qualys Vulnerability Management

Version: 2.0.8

Qualys VM is a cloud-based service that gives you immediate, global visibility into where your IT systems might be vulnerable to the latest Internet threats and how to protect them. It helps you to continuously identify threats and monitor unexpected changes in your network before they turn into breaches.

Connect Qualys Vulnerability Management with LogicHub

  1. Navigate to Automations > Integrations.
  2. Search for Qualys Vulnerability Management.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Enter a connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Remote Agent: Run this integration using the LogicHub Remote Agent.
    • API Key: The API key to connect to the Qualys Vulnerability Management.
  4. After you've entered all the details, click Connect.

Actions for Qualys Vulnerability Management

Launch Scan

Launch a vulnerability scan against a target host.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
IP ColumnColumn name from parent table with an IP address to scan.Required
Scan TitleQualys Scan Title to run the scan with.Required
Option TitleAn option title from Qualys.Required
Scanner NameName of the scanner you'd like to scan with.Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
{
   "has_error": true,
   "error": "The input was empty, not processing this row"
}

Fetch Scan Result

Fetches vulnerability Scan Result from Scan Reference ID.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Scan Reference ColumnColumn name from parent table containing scan reference ID.Required
Scan Result ModeMode of the scan result (default is 'Brief').Required
Split ResultsSplit each result in independent rows (default is 'True').Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
{
   "has_error": true,
   "error": "Scan reference is either invalid or the scan is not in 'Finished' state yet."
}

Create And Fetch Report

Create a new report from a previous vulnerability scan.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Scan ReferenceColumn containing the Qualys scan reference to lookup.Required
Qualys Template IDThe template to be used for creating a Qualys report.Required
Report TimeoutAmount of time to spend retrieving a report before stopping (in seconds) (default is 180 seconds).Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
{
   "has_error": true,
   "error": "Error occurred while parsing create report response. Error: 'ITEM_LIST' {u'SIMPLE_RETURN': {u'RESPONSE': {u'TEXT': u'This account has expired.', u'CODE': u'2001', u'DATETIME': u'2021-01-30T17:07:53Z'}}}////12345"
}

Fetch Report By Name

Fetches complete Report with information for a report Name (only xml-reports are supported).

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Report NameEnter name of the Report.Required
Host Vulnerability MappingSelect host to vulnerability mapping. (Default is 'Host inside Vulnerability').Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
{
   "has_error": true,
   "error": "Some error(s) occurred while fetching Report. 'NoneType' object has no attribute '__getitem__'"
}

Fetch System Vulnerabilities

Fetches detailed vulnerabilities across assets.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Filtering Criteria TemplateJinja template in json-format. It should be a valid json.
Example: {"arf_kernel_filter": "{{arf_kernel_filter_col_name}}", "detection_updated_since": "{{detection_updated_since_col_name}}"}
Required
Vulnerability FieldsEnter Vulnerability fields (comma-separated) to include in response. Example: CVSS,DIAGNOSIS,SOLUTION,THREAT_INTELLIGENCE. (Default is 'QID,PORT,TYPE,CONSEQUENCE,SEVERITY,STATUS,TITLE'Required
Truncation LimitLimit the number of hosts records fetched in a single call. This will override 'truncation_limit' key in 'Filtering Criteria' JSON, if present. Specify 0 for no truncation limit. (Default is 1000).Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
{
   "has_error": true,
   "error": "Some error(s) occurred while fetching vulnerabilities for assets. {\"SIMPLE_RETURN\": {\"RESPONSE\": {\"TEXT\": \"This account has expired.\", \"CODE\": \"2001\", \"DATETIME\": \"2021-01-30T17:16:24Z\"}}}"
}

Fetch Report

Fetch Report by its Id.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Qualys Report IdJinja template for the report ID to downloadRequired

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • REPORT_LIST: Information of all the reports
{
	"REPORT_LIST":{
	"REPORT":[
    {
      "STATUS":{
              	"STATE":"Finished"
              },
      "EXPIRATION_DATETIME":"2022-03-18T07:23:43Z",
      "TITLE":"Authentication Report",
      "USER_LOGIN":"gchub8aa",
      "OUTPUT_FORMAT":"MHT",
      "LAUNCH_DATETIME":"2022-03-11T07:23:41Z",
      "TYPE":"Authentication",
      "ID":"4887476",
      "SIZE":"937.66 KB"
    },{
      "STATUS":{
              	"STATE":"Finished"
              },
      "EXPIRATION_DATETIME":"2022-03-18T06:43:36Z",
      "TITLE":"test pdf file",
      "USER_LOGIN":"gchub8aa",
      "OUTPUT_FORMAT":"PDF",
      "LAUNCH_DATETIME":"2022-03-11T06:43:34Z",
      "TYPE":"Authentication",
      "ID":"4887404",
      "SIZE":"10.01 KB",
     }]
   },
	"DATETIME":"2022-03-14T08:15:54Z"
}

List Report

List all the reports against a target host

Input Field

Choose a connection that you have previously created.

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • lhub_file_id: downloaded file id
{
	"lhub_file_id":"002cc462f7dd4977b7f48458350e8b2d.pdf",
	"has_error":false,
	"error":null
}

Release Notes

  • v2.0.8 - Support for US4 Cloud Agent Servers.
  • v2.0.0 - Updated architecture to support IO via filesystem.
  • v1.1.4 - Added documentation link in the automation library.
  • v1.1.3 - Added two actions: List reports and fetch report.

© Devo Technology Inc. All Rights Reserved.