Qualys Vulnerability Management

Version: 1.1.4

Qualys VM is a cloud-based service that gives you immediate, global visibility into where your IT systems might be vulnerable to the latest Internet threats and how to protect them. It helps you to continuously identify threats and monitor unexpected changes in your network before they turn into breaches.

Connect Qualys Vulnerability Management with LogicHub

  1. Navigate to Automations > Integrations.
  2. Search for Qualys Vulnerability Management.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Enter a connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Remote Agent: Run this integration using the LogicHub Remote Agent.
    • API Key: The API key to connect to the Qualys Vulnerability Management.
  4. After you've entered all the details, click Connect.

Actions for Qualys Vulnerability Management

Launch Scan

Launch a vulnerability scan against a target host.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

IP Column

Column name from parent table with an IP address to scan.

Required

Scan Title

Qualys Scan Title to run the scan with.

Required

Option Title

An option title from Qualys.

Required

Scanner Name

Name of the scanner you'd like to scan with.

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
{
   "has_error": true,
   "error": "The input was empty, not processing this row"
}

Fetch Scan Result

Fetches vulnerability Scan Result from Scan Reference ID.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Scan Reference Column

Column name from parent table containing scan reference ID.

Required

Scan Result Mode

Mode of the scan result (default is 'Brief').

Required

Split Results

Split each result in independent rows (default is 'True').

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
{
   "has_error": true,
   "error": "Scan reference is either invalid or the scan is not in 'Finished' state yet."
}

Create And Fetch Report

Create a new report from a previous vulnerability scan.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Scan Reference

Column containing the Qualys scan reference to lookup.

Required

Qualys Template ID

The template to be used for creating a Qualys report.

Required

Report Timeout

Amount of time to spend retrieving a report before stopping (in seconds) (default is 180 seconds).

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
{
   "has_error": true,
   "error": "Error occurred while parsing create report response. Error: 'ITEM_LIST' {u'SIMPLE_RETURN': {u'RESPONSE': {u'TEXT': u'This account has expired.', u'CODE': u'2001', u'DATETIME': u'2021-01-30T17:07:53Z'}}}////12345"
}

Fetch Report By Name

Fetches complete Report with information for a report Name (only xml-reports are supported).

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Report Name

Enter name of the Report.

Required

Host Vulnerability Mapping

Select host to vulnerability mapping. (Default is 'Host inside Vulnerability').

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
{
   "has_error": true,
   "error": "Some error(s) occurred while fetching Report. 'NoneType' object has no attribute '__getitem__'"
}

Fetch System Vulnerabilities

Fetches detailed vulnerabilities across assets.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Filtering Criteria Template

Jinja template in json-format. It should be a valid json.
Example: {"arf_kernel_filter": "{{arf_kernel_filter_col_name}}", "detection_updated_since": "{{detection_updated_since_col_name}}"}

Required

Vulnerability Fields

Enter Vulnerability fields (comma-separated) to include in response. Example: CVSS,DIAGNOSIS,SOLUTION,THREAT_INTELLIGENCE. (Default is 'QID,PORT,TYPE,CONSEQUENCE,SEVERITY,STATUS,TITLE'

Required

Truncation Limit

Limit the number of hosts records fetched in a single call. This will override 'truncation_limit' key in 'Filtering Criteria' JSON, if present. Specify 0 for no truncation limit. (Default is 1000).

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
{
   "has_error": true,
   "error": "Some error(s) occurred while fetching vulnerabilities for assets. {\"SIMPLE_RETURN\": {\"RESPONSE\": {\"TEXT\": \"This account has expired.\", \"CODE\": \"2001\", \"DATETIME\": \"2021-01-30T17:16:24Z\"}}}"
}

Fetch Report

Fetch Report by its Id.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Qualys Report Id

Jinja template for the report ID to download

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • REPORT_LIST: Information of all the reports
{
    "REPORT_LIST":{
    "REPORT":[
    {
      "STATUS":{
                "STATE":"Finished"
              },
      "EXPIRATION_DATETIME":"2022-03-18T07:23:43Z",
      "TITLE":"Authentication Report",
      "USER_LOGIN":"gchub8aa",
      "OUTPUT_FORMAT":"MHT",
      "LAUNCH_DATETIME":"2022-03-11T07:23:41Z",
      "TYPE":"Authentication",
      "ID":"4887476",
      "SIZE":"937.66 KB"
    },{
      "STATUS":{
                "STATE":"Finished"
              },
      "EXPIRATION_DATETIME":"2022-03-18T06:43:36Z",
      "TITLE":"test pdf file",
      "USER_LOGIN":"gchub8aa",
      "OUTPUT_FORMAT":"PDF",
      "LAUNCH_DATETIME":"2022-03-11T06:43:34Z",
      "TYPE":"Authentication",
      "ID":"4887404",
      "SIZE":"10.01 KB",
     }]
   },
    "DATETIME":"2022-03-14T08:15:54Z"
}

List Report

List all the reports against a target host

Input Field

Choose a connection that you have previously created.

Output

A JSON object containing multiple rows of result:

  • has_error: True/False
  • error: message/null
  • lhub_file_id: downloaded file id
{
    "lhub_file_id":"002cc462f7dd4977b7f48458350e8b2d.pdf",
    "has_error":false,
    "error":null
}

Release Notes

  • v1.1.4 - Added documentation link in the automation library.
  • v1.1.3 - Added two actions: List reports and fetch report.

Did this page help you?