Qualys Vulnerability Management

Qualys VM is a cloud-based service that gives you immediate, global visibility into where your IT systems might be vulnerable to the latest Internet threats and how to protect them. It helps you to continuously identify threats and monitor unexpected changes in your network before they turn into breaches.

Integration with LogicHub

Connecting with Qualys Vulnerability Management

To connect to Qualys Vulnerability Management following details are required:

  • Label: Connection name.
  • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
  • API Key: The API key to connect to the Qualys Vulnerability Management.

Actions with Qualys Vulnerability Management

Launch Scan

Launch a vulnerability scan against a target host.

Inputs to this Action:

  • Connections: Choose a connection that you have created.
  • IP Column: Column name from parent table with an IP address to scan.
  • Scan Title: Qualys Scan Title to run the scan with.
  • Option Title: An option title from Qualys.
  • Scanner Name: Name of the scanner you'd like to scan with.

Output of Action:
JSON containing the following items:

  • has_error: True/False
  • error: message/null
{
   "has_error": true,
   "error": "The input was empty, not processing this row"
}

Fetch Scan Result

Fetches vulnerability Scan Result from Scan Reference ID.

Inputs to this Action:

  • Connections: Choose a connection that you have created.
  • Scan Reference Column: Column name from parent table containing scan reference ID.
  • Scan Result Mode: Mode of the scan result (default is 'Brief').
  • Split Results: Split each result in independent rows (default is 'True').

Output of Action:
JSON containing the following items:

  • has_error: True/False
  • error: message/null
{
   "has_error": true,
   "error": "Scan reference is either invalid or the scan is not in 'Finished' state yet."
}

Create And Fetch Report

Create a new report from a previous vulnerability scan.

Inputs to this Action:

  • Connections: Choose a connection that you have created.
  • Scan Reference: Column containing the Qualys scan reference to lookup.
  • Qualys Template ID: The template to be used for creating a Qualys report.
  • Report Timeout: Amount of time to spend retrieving a report before stopping (in seconds) (default is 180 seconds).

Output of Action:
JSON containing the following items:

  • has_error: True/False
  • error: message/null
{
   "has_error": true,
   "error": "Error occurred while parsing create report response. Error: 'ITEM_LIST' {u'SIMPLE_RETURN': {u'RESPONSE': {u'TEXT': u'This account has expired.', u'CODE': u'2001', u'DATETIME': u'2021-01-30T17:07:53Z'}}}////12345"
}

Fetch Report By Name

Fetches complete Report with information for a report Name (only xml-reports are supported).

Inputs to this Action:

  • Connections: Choose a connection that you have created.
  • Report Name: Enter name of the Report.
  • Host Vulnerability Mapping: Select host to vulnerability mapping. (Default is 'Host inside Vulnerability').

Output of Action:
JSON containing the following items:

  • has_error: True/False
  • error: message/null
{
   "has_error": true,
   "error": "Some error(s) occurred while fetching Report. 'NoneType' object has no attribute '__getitem__'"
}

Fetch System Vulnerabilities

Fetches detailed vulnerabilities across assets.

Inputs to this Action:

  • Connections: Choose a connection that you have created.
  • Filtering Criteria Template: Jinja template in json-format. It should be a valid json. Eg: {"arf_kernel_filter": "{{arf_kernel_filter_col_name}}", "detection_updated_since": "{{detection_updated_since_col_name}}"}
  • Vulnerability Fields: Enter Vulnerability fields (comma-separated) to include in response. Eg: CVSS,DIAGNOSIS,SOLUTION,THREAT_INTELLIGENCE. (Default is 'QID,PORT,TYPE,CONSEQUENCE,SEVERITY,STATUS,TITLE'
  • Truncation Limit: Limit the number of hosts records fetched in a single call. This will override 'truncation_limit' key in 'Filtering Criteria' JSON, if present. Specify 0 for no truncation limit. (Default is 1000)

Output of Action:
JSON containing the following items:

  • has_error: True/False
  • error: message/null
{
   "has_error": true,
   "error": "Some error(s) occurred while fetching vulnerabilities for assets. {\"SIMPLE_RETURN\": {\"RESPONSE\": {\"TEXT\": \"This account has expired.\", \"CODE\": \"2001\", \"DATETIME\": \"2021-01-30T17:16:24Z\"}}}"
}

Did this page help you?