Qualys 1.2.4-Beta
- 03 Feb 2023
- 2 Minutes to read
- DarkLight
- PDF
Qualys 1.2.4-Beta
- Updated on 03 Feb 2023
- 2 Minutes to read
- DarkLight
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
tags: Python | Vulnerability Scanner | Qualys | Cli
Description
Integration with Qualys supports CDC users by providing vulnerability data for provided IP addresses. This capability enables CDC users to make informed decisions regarding incident response.
The Qualys API allows third parties to integrate their own applications with Qualys cloud security and compliance solutions, using an extensible XML interface. Qualys tracks the disposition of each vulnerability on each host over time. This helps document actions taken in response to each vulnerability and monitor the effectiveness of remediation efforts.
CyberProof provides CLI commands to cater to different user actions, including initiating vulnerability scans for an IP address, looking for existing reports, and downloading completed scan reports. All of these enable getting more details about existing known vulnerabilities information on a specified IP address.
| Integration Type: | Threat Intelligence Enrichment |
| Information read: | Vulnerability data from the Qualys Vulnerability Management tool, for a given IP address. |
| API Supported: | API V2.0 |
| Input: | IP address details in CLI; selection of network if required. |
| Output: | Detailed PDF report containing vulnerability data for a given IP and network details in input. |
Customer Configuration
No customer configuration
CDC Command Lines
* **download_scan_report_cli**
This CLI provides the capability for downloading a PDF report of an existing scan from Qualys, for the specific IP value provided as a parameter in the CLI.
| Option | Type | Description | Required |
|---|---|---|---|
| ip | string | IP address. | True |
* **extended_scan_result_cli**
This CLI provides the capability for either downloading the latest PDF report, or launching a new scan from Qualys. This depends on the user action for the specific IP value provided, as a parameter in the CLI.
| Option | Type | Description | Required |
|---|---|---|---|
| ip | string | IP address. | True |
* **launch_vm_scan_cli**
This CLI provides the capability for launching a VM scan from Qualys, for the specific IP value provided as a parameter in the CLI.
| Option | Type | Description | Required |
|---|---|---|---|
| ip | string | IP address to be scanned. | True |
* **enrich_ip_cli**
This CLI provides the capability for enriching the IP from Qualys, for the specific IP value provided as a parameter in the CLI.
| Option | Type | Description | Required |
|---|---|---|---|
| ip | string | Ipv4/v6 format. | True |
Workflows
* **download_report**
Sub-workflow for a download report task.
* **download_report_sub**
Sub-workflow for a download report task.
* **launch_scan**
Launches a VM scan on a single IP address.
* **post_enrich_ip**
Post enrich-ip in the CDC, by the ID of the incident/message/channel.
Rules
No rules
Sensors
No sensors
Triggers
No triggers
Known Issues
- Qualys API has a limitation of 300 API calls per hour, with a waiting time given as 300 seconds (five minutes).
- Per execution of "/qualys launch_vm_scan –ip=[i]*" → takes around 7-10 calls.
- Per execution of "/qualys download_scan_report –ip=[ip]*" → takes 2-4 calls.
- Qualys has a concurrency limit for two instances requesting simultaneously.
- Qualys assigns a report size limit to every user. If that threshold is reached, no new reports can be generated. Currently it is 1 GB for our API users.
Was this article helpful?