Qualys 1.2.0
- 06 Apr 2025
- 2 Minutes to read
- DarkLight
- PDF
Qualys 1.2.0
- Updated on 06 Apr 2025
- 2 Minutes to read
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback!
Qualys - 1.2.0
tags: Python | Vulnerability Scanner | Qualys | Cli
Table of Contents
Description
Integration with Qualys supports CDC users by providing vulnerability data for provided IP addresses. This capability enables CDC users to make informed decisions regarding incident response.
The Qualys API allows third parties to integrate their own applications with Qualys cloud security and compliance solutions, using an extensible XML interface. Qualys tracks the disposition of each vulnerability on each host over time. This helps document actions taken in response to each vulnerability and monitor the effectiveness of remediation efforts.
CyberProof provides CLI commands to cater to different user actions, including initiating vulnerability scans for an IP address, looking for existing reports, and downloading completed scan reports. All of these enable getting more details about existing known vulnerabilities information on a specified IP address.
| Integration Type: | Enrichment |
| Information read: | Vulnerability data from Qualys Vulnerability Management tool for a given IP address. |
| API Supported: | API V2.0 |
| Input: | IP address details in CLI, selection of network if required. |
| Output: | Detailed PDF report containing vulnerability data for a given IP and network details in input. |
CDC Command Lines
- download_scan_report_cli
This CLI provides the capability for downloading a PDF report of an existing scan from Qualys, for the specific IP value provided as a parameter in the CLI.
| Option | Type | Description | Required |
|---|---|---|---|
| ip | string | IP address. | True |
- extended_scan_result_cli
This CLI provides the capability for either downloading the latest PDF report, or launching a new scan from Qualys. This depends on the user action for the specific IP value provided, as a parameter in the CLI.
| Option | Type | Description | Required |
|---|---|---|---|
| ip | string | IP address. | True |
- launch_vm_scan_cli
This CLI provides the capability for launching a VM scan from Qualys, for the specific IP value provided as a parameter in the CLI.
| Option | Type | Description | Required |
|---|---|---|---|
| ip | string | IP address to be scanned. | True |
- enrich_ip_cli
This CLI provides the capability for enriching the IP from Qualys, for the specific IP value provided as a parameter in the CLI.
| Option | Type | Description | Required |
|---|---|---|---|
| ip | string | Ipv4/v6 format. | True |
Workflows
download_report
Sub-workflow for a download report task.download_report_sub
Sub-workflow for a download report task.launch_scan
Launches a VM scan on a single IP address.post_enrich_ip
Post enrich-ip in CDC by ID of incident/message/channel.
Rules
No rules
Sensors
No sensors
Triggers
No triggers
Known Issues
- Qualys API has a limitation of 300 API calls per hour, with a waiting time given as 300 seconds (five minutes).
- Per execution of "/qualys launch_vm_scan –ip=[i]*" → takes around 7-10 calls.
- Per execution of "/qualys download_scan_report –ip=[ip]*" → takes 2-4 calls.
- Qualys has a concurrency limit for two instances requesting simultaneously.
- Qualys assigns a report size limit to every user. If that threshold is reached, no new reports can be generated. Currently it is 1 GB for an API user.
Was this article helpful?