Fortinet black logo

Qualys v1.0.0

1.0.0
Copy Link
Copy Doc ID f127043b-25da-4252-b30b-4487dba49318:1

About the connector

Qualys Vulnerability Management is a cloud service that gives you immediate, global visibility into where your IT systems might be vulnerable to the latest Internet threats and how to protect them. It helps you to continuously secure your IT infrastructure and comply with internal policies and external regulations, allows you to address new security and compliance requirements, and to find and fix vulnerabilities fast before hackers can attack or compromise your system.

This document provides information about the Qualys connector, which facilitates automated interactions, with a Qualys server using FortiSOAR™ playbooks. Add the Qualys connector as a step in FortiSOAR™ playbooks and perform automated operations, such as launching compliance scans on the Qualys API server and managing virtual hosts from the Qualys API server.

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 4.11.0-1161

Qualys Version Tested on: 8.14.3.0-1

Authored By: Fortinet

Certified: Yes

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-qualys

For the detailed procedure to install a connector, click here.

Prerequisites to configuring the connector

  • You must have the URL of the Qualys cloud to which you will connect and perform the automated operations and the credentials (username and password pair) with appropriate permissions to connect to that server.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Qualys connector row, and in the Configuration tab enter the required configuration details.

Parameter Description
Server URL API Server URL of the Qualys Cloud that you want to use for API requests. This will depend on the platform where your account is located.
Username Username used to connect to the Qualys Cloud to which you will connect and perform automated operations.
Password Password used to connect to the Qualys Cloud to which you will connect and perform automated operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Add Assets Adds assets, i.e., IP addresses, to the subscription on the Qualys cloud, based on the IP addresses and other input parameters you have specified. add_ip
Investigation
Get Asset List Retrieves the list of all IP addresses that are present in the user's account on the Qualys cloud, or specific IP addresses based on the input parameters you have specified. get_ip_list
Investigation
Update Asset Updates assets, i.e., existing IP addresses, in the subscription on the Qualys cloud, based on the IP addresses and other input parameters you have specified. update_ip
Investigation
Get Asset Group List Retrieves the list and details of asset groups from Qualys based on the input parameters (filters) you have specified. get_asset_groups
Investigation
Get Host Detection List Retrieves the list of and details hosts including the hosts latest vulnerability data from Qualys, based on the automatic data available in user's account and other input parameters you have specified. get_host_detection_list
Investigation
Get Scanned Host List Retrieves the list and details of all scanned hosts that are present in the user's account on the Qualys cloud, or specific scanned hosts based on the input parameters you have specified. get_scanned_host
Investigation
Manage Virtual Host Manages a virtual host on the Qualys cloud, based on the IP addresses, actions, and other input parameters you have specified. manage_host
Investigation
Get Virtual Host List Retrieves the list and details of all virtual hosts that are present in the user's account on the Qualys cloud, or specific virtual hosts based on the input parameters you have specified. get_host_list
Investigation
Manage Excluded Host Manages an excluded host on the Qualys cloud, based on the IP addresses, actions, and other input parameters you have specified. manage_host
Investigation
Get Excluded Host List Retrieves the list and details of all excluded hosts that are present in the user's account on the Qualys cloud, or specific excluded hosts based on the input parameters you have specified. get_host_list
Investigation
Get Option Profiles Retrieves the list and details of available option profiles from the user's account on the Qualys cloud. get_option_profile
Investigation
Get Scanner Appliance Retrieves the list and details of available scanner appliances from the user's account on the Qualys cloud. get_scanner_appliance
Investigation
VM - Launch Scan Launches vulnerability scans in the user’s account on the Qualys cloud, based on the input parameters you have specified. launch_scan
Investigation
VM - Get Scan List Retrieves the list and details of all vulnerability scans that are present in the user's account on the Qualys cloud, or specific vulnerability scans based on the input parameters you have specified. get_scan_list
Investigation
VM - Fetch Scan Downloads all the vulnerability management scan results from the Qualys cloud, or specific vulnerability management scan results based on the input parameters you have specified. get_report
Investigation
VM - Manage Scan Manages a vulnerability management scan on the Qualys cloud, based on the scan reference and actions you have specified. manage_scan
Investigation
PC - Launch Scan Launches compliance scans in the user’s account on the Qualys cloud, based on the input parameters you have specified. launch_scan
Investigation
PC - Get Scan List Retrieves the list and details of all policy compliance scans that are present in the user's account on the Qualys cloud, or specific policy compliance scans based on the input parameters you have specified. get_scan_list
Investigation
PC - Fetch Scan Downloads all the compliance management scan results from the Qualys cloud, or specific compliance management scan results based on the input parameters you have specified. get_report
Investigation
PC - Manage Scan Manages a vulnerability management scan on the Qualys cloud, based on the scan reference and actions you have specified. manage_scan
Investigation
Get Schedule Scan List Retrieves the list and details of all scheduled scans present in the user's account on the Qualys cloud, or specific scheduled scans based on the input parameters you have specified. get_scan
Investigation
Get Vulnerability List Retrieves the list and details of vulnerabilities from KnowledgeBase on the Qualys cloud, based on the input parameters you have specified. search_vulnerability
Investigation
Get Report Template List Retrieves the list and details of all report templates present in the user's account on the Qualys cloud. get_template
Investigation
Launch Scheduled Report Launches a scheduled report in the user's account on the Qualys cloud, based on the scheduled report ID you have specified. launch_report
Investigation
Launch Scan Based Findings Report Launches a scan-based findings report in the user's account on the Qualys cloud, based on the scan references and other input parameters you have specified. launch_report
Investigation
Launch Host Based Findings Report Launches a host-based findings report in the user's account on the Qualys cloud, based on the input parameters you have specified. launch_report
Investigation
Launch Patch Report Launches a patch report in the user's account on the Qualys cloud, based on the input parameters you have specified. launch_report
Investigation
Launch Remediation Report Launches a remediation report in the user's account on the Qualys cloud, based on the input parameters you have specified. launch_report
Investigation
Launch Compliance Report Launches a compliance report in the user's account on the Qualys cloud, based on the input parameters you have specified. launch_report
Investigation
Launch Compliance Policy Report Launches a compliance policy report in the user's account on the Qualys cloud, based on the policy ID and other input parameters you have specified. launch_report
Investigation
Launch Scorecard Report Launches a vulnerability scorecard report in the user's report share on the Qualys cloud, based on the scorecard type and other input parameters you have specified. launch_report
Investigation
Download Saved Report Downloads a saved report in the user's account on the Qualys cloud, based on the report ID you have specified. get_report
Investigation
Get Report List Retrieves a list of reports from the user's report share on the Qualys cloud. get_report
Investigation
Get Scheduled Report List Retrieves a list of scheduled reports from the user's report share on the Qualys cloud. get_report
Investigation
Delete Report Deletes a saved report from the user's account on the Qualys cloud, based on the report ID you have specified. delete_report
Investigation

operation: Add Assets

Input parameters

Parameter Description
IPs/Ranges Hosts (IP addresses) that you want to add to the subscription on the Qualys cloud.
You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
For example, xx.xx.xx.1, xx.xx.xx.1-xx.xx.xx.10
Tracking Method (Optional) Select the tracking method used for the IP address that you want to add on the Qualys cloud.
You can choose from the following IP, DNS, or NETBIOS.
By default, this is set to IP.
Enable VM Select this option, i.e., set it to true, to enable the hosts for the VM application.
By default, this is set to False.
Enable PC Select this option, i.e., set it to true, to enable the hosts for the PC application.
By default, this is set to False.
Owner (Optional) Owner of the host asset(s).
Attribute 1 (Optional) Host attribute name that is displayed while viewing host information.
This is a user-defined field. You can define up to 3 attributes while adding an asset.
Attribute 2 (Optional) Host attribute name that is displayed while viewing host information.
This is a user-defined field. You can define up to 3 attributes while adding an asset.
Attribute 3 (Optional) Host attribute name that is displayed while viewing host information.
This is a user-defined field. You can define up to 3 attributes while adding an asset.
Comments (Optional) User-defined comments that you want to add while adding an asset.
Asset Group Title (Optional) Title of an asset group in the Unit Manager’s business unit to which the host(s) will be added.
Note: This parameter is valid and required only if the request is being made by the Unit Manager.

Output

The JSON output displays a message containing the result of the Add Assets operation and the datetime when the asset(s) were added on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": ""
}

operation: Get Asset List

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
IPs/Ranges Hosts (IP addresses) for which you want to retrieve details from the Qualys cloud.
You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
For example, xx.xx.xx.1, xx.xx.xx.1-xx.xx.xx.10
Network ID Specify the Network ID, i.e., retrieve a list for only those IP addresses that have the specified network ID from the Qualys cloud.
Note: This parameter is valid only when the Network Support feature is enabled for the user’s account.
Tracking Method Select the tracking method used, i.e., retrieve a list for only those IP addresses that have been tracked using the selected tracking method from the Qualys cloud.
You can choose from the following IP, DNS, or NETBIOS.
By default, this is set to IP.
Compliance Enabled Select this option, i.e., set it to true, to retrieve a list for only those IP addresses from the user’s account that are assigned to the Policy Compliance module on the Qualys cloud.
Clear this option, i.e., set it to false, to retrieve a list for only those IP addresses from the user’s account that are not assigned to the Policy Compliance module on the Qualys cloud. Note: This parameter is valid only when the Policy Compliance module is enabled for the user’s account.

Output

The JSON output contains a list of all available assets retrieved from the Qualys cloud or specific assets based on the input parameters you have specified.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"IP_SET": {
"IP": [],
"IP_RANGE": []
}
}

operation: Update Asset

Input parameters

Parameter Description
IPs/Ranges Hosts (IP addresses) that you want to update in the subscription on the Qualys cloud.
You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
For example, xx.xx.xx.1, xx.xx.xx.1-xx.xx.xx.10
Tracking Method (Optional) Select the tracking method used for the IP address that you want to update on the Qualys cloud.
You can choose from the following IP, DNS, or NETBIOS.
By default, this is set to IP.
Enable VM Select this option, i.e., set it to true, to enable the hosts for the VM application.
By default, this is set to False.
Enable PC Select this option, i.e., set it to true, to enable the hosts for the PC application.
By default, this is set to False.
Owner (Optional) Owner of the host asset(s).
Attribute 1 (Optional) Host attribute name that is displayed while viewing host information.
This is a user-defined field. You can define up to 3 attributes while adding an asset.
Attribute 2 (Optional) Host attribute name that is displayed while viewing host information.
This is a user-defined field. You can define up to 3 attributes while adding an asset.
Attribute 3 (Optional) Host attribute name that is displayed while viewing host information.
This is a user-defined field. You can define up to 3 attributes while adding an asset.
Comments (Optional) User-defined comments that you want to add while updating an asset.
Asset Group Title (Optional) Title of an asset group in the Unit Manager’s business unit to which the host(s) will be updated.
Note: This parameter is valid and required only if the request is being made by the Unit Manager.

Output

The JSON output displays a message containing the result of the Update Assets operation and the datetime when the asset(s) were updated on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": ""
}

operation: Get Asset Group List

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Input parameters

Parameter Description
Group IDs Group IDs based on which you want to retrieve the asset group list from the Qualys cloud.
You can enter multiple group IDs using a comma separator.
Minimum ID Retrieve only those asset groups that have an ID greater than or equal to the specified ID from the Qualys cloud.
Maximum ID Retrieve only those asset groups that have an ID lesser than or equal to the specified ID from the Qualys cloud.
Truncation Limit Maximum number of asset group records that are processed per request from the Qualys cloud.
By default, this is set to 1000 records. If you specify truncation_limit=0, the output is not paginated and all records are returned in a single output.
Network IDs Valid only when the Networks feature is enabled for your account. Network IDs based on which you want to retrieve the asset group list from the Qualys cloud.
You can enter multiple network IDs using a comma separator.
Unit ID Retrieve only those asset groups that have a business unit ID equal to the specified ID.
User ID Retrieve only those asset groups that have a user ID equal to the specified ID.
Title Retrieve only those asset groups that have a title equal to the specified string.
Note: This must be an exact match.
Show Attributes Specify the attributes that you want to retrieve for each asset group along with the ID.
You can choose from the following options:
  • All
  • ID
  • Title
  • Owner User Name
  • Owner User ID
  • Owner Unit ID
  • Last Update
  • IP Set
  • Appliance List
  • Domain List
  • Host IDs
  • Assigned User IDs
  • Assigned Unit IDs
  • Business Impact
  • Comments
Note: Select All or list of attribute names.

Output

The output contains the following populated JSON schema:
{
"DATETIME": "",
"ASSET_GROUP_LIST": {
"ASSET_GROUP": [
{
"OWNER_USER_ID": "",
"OWNER_USER_NAME": "",
"ASSIGNED_UNIT_IDS": "",
"LAST_UPDATE": "",
"ID": "",
"TITLE": "",
"BUSINESS_IMPACT": "",
"HOST_IDS": "",
"IP_SET": {
"IP": [],
"IP_RANGE": []
}
}
]
}
}

operation: Get Host Detection List

Input parameters

Note: This API is available to Express Lite users, and all the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
Host IDs Host IDs whose scan details you want to retrieve from the Qualys cloud. In this case, scan details of only those host IDs that have specified will be retrieved from the Qualys cloud.
You can enter multiple hosts using a comma separator, or you can add a range of hosts using a hyphen (-).
Minimum Host ID Minimum Host ID value based on which you want to retrieve host details from the Qualys cloud.
Maximum Host ID Maximum Host ID value based on which you want to retrieve host details from the Qualys cloud.
Use Tags Set this option as True, to include assets tags in the host details. By default, this is set to False.
If you set the Use Tags parameter as True, then you can optionally specify the following parameters:
  • Tags Include Selector: Select any (the default) to include hosts that match at least one of the selected tags. Select all to include hosts that match all of the selected tags.
  • Tags Exclude Selector: Select any (the default) to exclude hosts that match at least one of the selected tags. Select all to exclude hosts that match all of the selected tags.
  • Tag Set By: Select ID (the default) to select a tag set by providing tag IDs. Select name to select a tag set by providing tag names.
  • Tag Set Include: Specify a tag set that you want to include in the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.
  • Tag Set Exclude: Specify a tag set that you want to exclude from the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.
If you set the Use Tags parameter as False, then you can optionally specify the following parameters:
  • IPs/Ranges: Show IP addresses or a range of IP addresses You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
  • Asset Group IDs: Asset Group IDs based on which you want to launch the compliance report on the Qualys cloud. You can enter multiple IDs using a comma separator, or you can add a range of IDs using a hyphen (-).
  • Asset Group Titles: Show only hosts belonging to asset groups with certain strings in the asset group title. One or more asset group titles may be specified. Multiple entries are comma separated.
Network IDs Valid only when the Networks feature is enabled for your account. Network IDs based on which you want to retrieve the host details from the Qualys cloud. You can enter multiple network IDs using a comma separator.
VM Scan Since Retrieve host details for those hosts that have been last scanned for vulnerabilities since the datetime you have specified in this field from the Qualys cloud.
No VM Scan Since Retrieve host details for those hosts that have not been scanned from the datetime you have specified in this field from the Qualys cloud.
Max Days Since Last Vm Scan Retrieve only hosts scanned and processed in the past number of days, value of which you specify, from the Qualys cloud.
VM Processed Before Retrieve host details, from the Qualys cloud, for those hosts that have vulnerability scan results processed before the datetime you have specified in this field.
VM Processed After Retrieve host details, from the Qualys cloud, for those hosts that have vulnerability scan results processed after the datetime you have specified in this field.
VM Scan Date Before Retrieve host details, from the Qualys cloud, for those hosts that have vulnerability end date before the datetime you have specified in this field.
VM Scan Date After Retrieve host details, from the Qualys cloud, for those hosts that have vulnerability end date after the datetime you have specified in this field.
Vm Auth Scan Date Before Retrieve host details, from the Qualys cloud, which have a successful authenticated vulnerability scan end date before a the date and time you have specified.
Vm Auth Scan Date After Retrieve host details, from the Qualys cloud, which have a successful authenticated vulnerability scan end date after a the date and time you have specified
Status Retrieve host details, from the Qualys cloud, which have one or more of these status values: New, Active, Re-Opened, Fixed.
You can enter multiple status values using a comma separator.
Compliance Enabled Select one of the following options: List hosts which are assigned to Policy Compliance Module List hosts which are not assigned to Policy Compliance Module
OS Pattern Retrieve host details, from the Qualys cloud, which have an operating system that matches the regular expression that you have specified in this field.
For example,^Win.*64+bit.*Service+Pack+1 or ^Windows
QIDs Retrieve host detection records, from the Qualys cloud, based on the QIDs you have specified.
You must enter valid QIDs and you can enter multiple QIDs using a comma separator, or you can add a range of QIDs using a hyphen (-), for example, 68518-68522.
Severity Level Retrieve host details, from the Qualys cloud, which have one or more of these severity values: 1-Minimal, 2-Medium, 3-Serious, 4-Critical-Standard, or 5-Urgent.
Show Information Gathered Select one of the options below:
  • Show Detection Records with Information
  • Gathered Hide Detection Record's Information Gathered
Note: If you do not selected any option this information will not be shown.
Search List By Show detection records based on following:
  • IDs: When you specify IDs as a search list, you can mention the following optional parameters:
    • Include Search List IDs: Show detection records only when a record’s QID is included in one or more of the specified search list titles. One or more IDs may be specified. A range is specified with a dash (for example, 10-15). Multiple entries are comma separated You cannot specify this parameter with This cannot be specified with QIDs, Severities or Include Search List Titles.
    • Exclude Search List IDs: Show detection records only when a record’s QID is excluded from one or more of the specified search list titles. One or more IDs may be specified. A range is specified with a dash (for example, 40-42). Multiple entries are comma separated. This cannot be specified with QIDs, Severities or Exclude Search List Titles.
  • Titles: When you specify Titles as a search list, you can mention the following optional parameters:
    • Include Search List Titles: Show detection records only when a record’s QID is included in one or more of the specified search list titles. One or more titles may be specified. Multiple titles are comma separated This cannot be specified with QIDs, Severities or Include Search List IDs.
    • Exclude Search List Titles: (Optional) Show detection records only when a record’s QID is excluded from one or more of the specified search list titles. One or more titles may be specified. Multiple titles are comma separated. This cannot be specified with QIDs, Severities or Exclude Search List IDs.
Show Results Select this option, i.e, set it True (default) to include results in the output.
Show Reopened Information Select this option, i.e, set it True to include reopened information, i.e., first/last reopened date, times reopened etc. When this option is not selected, i.e., set to False (default) reopened information for reopened vulnerabilities is not included in the output.
Kernel Filter Filter for identifying vulnerabilities found on running or non-running Linux kernels. You can choose from the following options:
  • 0-Vulnerabilities are not filtered based on kernel activity
  • 1-Exclude kernel related vulnerabilities that are not exploitable (found on non-running kernels)
  • 2-Include kernel related vulnerabilities that are not exploitable (found on non-running kernels)
  • 3-Include kernel related vulnerabilities that are exploitable (found on running kernels)
  • 4-Include kernel related vulnerabilities
Service Filter Filter for identifying vulnerabilities found on running or non-running ports/services. You can choose from the following options:
  • 0-Vulnerabilities are not filtered based on running ports/services
  • 1-Exclude service related vulnerabilities that are not exploitable (found on non-running ports/services)
  • 2-Include service related vulnerabilities that are not exploitable (found on non-running ports/services)
  • 3-Include exploitable service related vulnerabilities (found on running ports/services)
  • 4-Include service related vulnerabilities
Configuration Filter Filter for identifying vulnerabilities that might or might not be exploitable due to the current host configuration. You can choose from the following options:
  • 0- Vulnerabilities are not filtered based on host configuration
  • 1-Exclude vulnerabilities not exploitable due to host configuration
  • 2-Include config related vulnerabilities that are not exploitable
  • 3-Include config related vulnerabilities that are exploitable
  • 4-Include config related vulnerabilities
Output Format Format of the host detection list output retrieved from Qualys. When you do not specify the output format, then the default output format is XML. Forllowing are valid output format values: XML, CSV, or CSV_No_Metadata.
Suppress Duplicated Data From CSV Clear this option, i.e., set it to False (default) to repeat host details in each line of detection information in the CSV output. When this option is selected, i.e., set to True, host details will not be repeated (suppressed) in each detection line.
You must specify this parameter only if the output format is selected as CSV, or CSV_No_Metadata.
Truncation Limit Maximum number of host records that are processed per request from the Qualys cloud. By default, this is set to 1000 records. You can specify a value less than the default (1-999), or greater than the default (1001-1000000).
Maximum Days Since Detection Updated Retrieve only those detections from Qualys whose detection status hs changed since some maximum number of days you specify. For detections that have never changed, the maximum number of days is applied as the last detection date.
Detection Updated Since Retrieve only those detections from Qualys whose detection status has changed after the date and time you have specified. For detections that have never changed the date is applied as the last detection date.
Detection Updated Before Retrieve only those detections from Qualys whose detection status has changed before the date and time you have specified.
Dectection Processed Before Retrieve only those detections from Qualys whose vulnerability scan results are processed before the date and time you have specified.
Dectection Processed After Retrieve only those detections from Qualys whose vulnerability scan results are processed after the date and time you have specified.
Download Result As an Attachment Select this option, i.e., set it to True to add detections with vulnerability scan results in a file and add it as an attachment in FortiSOAR™. Clear this option, i.e., set it to False (default) to include detections with vulnerability scan results in the connector output.

Output

The output contains a non-dictionary value.

operation: Get Scanned Host List

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
Truncation Limit Specify the maximum number of scanned host records that are processed per request.
If you do not specify the truncation limit, then this limit is set to 1000 host records. You can specify a value less than the default (1-999), or greater than the default (1001-1000000).
Details Choose the amount of host information you want to retrieve for each host from the Qualys cloud.
You can choose from the following values:
  • Basic (Default): Retrieves basic host information that includes the host ID, IP address, tracking method, DNS and NetBIOS hostnames, and operating system, from the Qualys cloud.
  • Basic/AGs: Retrieves basic host information plus asset group information, which includes asset group ID and title, from the Qualys cloud.
  • All: Retrieves all host information that includes the basic host information plus the last vulnerability and compliance scan dates, from the Qualys cloud.
  • All/AGs: Retrieves all host information plus asset group information, which includes asset group ID and title, from the Qualys cloud.
  • None: Retrieves only the host IDs from the Qualys cloud.
IPs/Ranges Hosts (IP addresses) for which you want to retrieve scanned host details from the Qualys cloud.
You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
For example, xx.xx.xx.1, xx.xx.xx.1-xx.xx.xx.10
Host IDs Host IDs whose scan details you want to retrieve from the Qualys cloud. In this case, scan details of only those host IDs that have specified will be retrieved from the Qualys cloud.
You can enter multiple hosts using a comma separator, or you can add a range of hosts using a hyphen (-).
Asset Group IDs Asset Group IDs whose host scan details you want to retrieve from the Qualys cloud. In this case, scan details of only those hosts that are part of the Asset Groups that have specified will be retrieved from the Qualys cloud.
You can enter multiple IDs using a comma separator, or you can add a range of IDs using a hyphen (-). You can specify either the Asset Group IDs or the Asset Group titles but not both.
Asset Group Titles Asset Groups whose host scan details you want to retrieve from the Qualys cloud. In this case, scan details of only those hosts that are part of the Asset Groups that have specified and which contain certain strings in the asset group title will be retrieved from the Qualys cloud.
You can enter multiple entries using a comma separator. You can specify either the Asset Group IDs or the Asset Group titles but not both.
Minimum Host ID Minimum Host ID value based on which you want to retrieve host scan details from the Qualys cloud.
Maximum Host ID Maximum Host ID value based on which you want to retrieve host scan details from the Qualys cloud.
Network ID Specify the Network ID, i.e., retrieves a list for only scanned hosts that have the specified network ID from the Qualys cloud.
Note: This parameter is valid only when the Network Support feature is enabled for the user’s account.
No VM Scan Since Retrieve scan details for those hosts that have not been scanned from the datetime you have specified in this field from the Qualys cloud.
No Compliance Scan Since Retrieve scan details for those hosts that have not been scanned for compliance from the datetime you have specified in this field from the Qualys cloud.
VM Scan Since Retrieve scan details for those hosts that have been last scanned for vulnerabilities since the datetime you have specified in this field from the Qualys cloud.
Compliance Scan Since Retrieve scan details for those hosts that have been last scanned for compliance since the datetime you have specified in this field from the Qualys cloud.
VM Processed Before Retrieve scan details for those hosts that have vulnerability scan results processed before the datetime you have specified in this field from the Qualys cloud.
VM Processed After Retrieve scan details for those hosts that have vulnerability scan results processed after the datetime you have specified in this field from the Qualys cloud.
VM Scan Date Before Retrieve scan details for those hosts that have their vulnerability scan end date before the datetime you have specified in this field from the Qualys cloud.
VM Scan Date After Retrieve scan details for those hosts that have their vulnerability scan end date after the datetime you have specified in this field from the Qualys cloud.
OS Pattern Retrieve scan details for those hosts that have an operating system matching the regular expression, which you have specified in this field, from the Qualys cloud.

Output

The JSON output contains a list and details of all scanned hosts retrieved from the Qualys cloud or specific scanned hosts based on the input parameters you have specified.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"GLOSSARY": {
"USER_DEF": {
"LABEL_1": "",
"LABEL_3": "",
"LABEL_2": ""
},
"ASSET_GROUP_LIST": {
"ASSET_GROUP": [
{
"TITLE": "",
"ID": ""
}
]
},
"USER_LIST": {
"USER": {
"USER_LOGIN": "",
"LAST_NAME": "",
"FIRST_NAME": ""
}
}
},
"HOST_LIST": {
"HOST": [
{
"IP": "",
"OWNER": "",
"TRACKING_METHOD": "",
"NETBIOS": "",
"ID": "",
"LAST_VM_SCANNED_DURATION": "",
"USER_DEF": {
"VALUE_3": "",
"VALUE_2": "",
"VALUE_1": ""
},
"LAST_VULN_SCAN_DATETIME": "",
"OS": "",
"DNS": "",
"COMMENTS": "",
"LAST_VM_SCANNED_DATE": "",
"LAST_COMPLIANCE_SCAN_DATETIME": ""
}
]
}
}

operation: Manage Virtual Host

Input parameters

Parameter Description
Action Action that you want to perform on the virtual host on the Qualys cloud.
You must choose one of the following actions:
  • Create: Creates a virtual host on the Qualys cloud.
  • Update: Update or edit an existing virtual host on the Qualys cloud.
  • Delete: Deletes a virtual host from the Qualys cloud.
  • Add FQDN: Adds one or more FQDNs to an existing virtual host on the Qualys cloud.
  • Delete FQDN: Removes one or more FQDNs from an existing virtual host on the Qualys cloud.
IP Address IP address that you will use for virtual host configuration on the Qualys cloud.
Fully Qualified Domain Name One or more FQDNs that you will use for virtual host configuration on the Qualys cloud.
Note: You must fill this field for all actions, except the Delete action.

Output

The JSON output displays a message containing the result and item details of the Manage Virtual Host operation and the datetime when the actions that you specified for managing the virtual host were performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": ""
}

operation: Get Virtual Host List

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
IP Address Retrieve details only for those hosts that have the IP address that you have specified in this field from the Qualys cloud.
Port Retrieve details only for those hosts that have the port that you have specified in this field from the Qualys cloud.

Output

The JSON output contains a list and details of all virtual hosts for the user's account retrieved from the Qualys cloud or the list and details of specific virtual hosts based on the input parameters you have specified.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"VIRTUAL_HOST_LIST": {
"VIRTUAL_HOST": [
{
"IP": "",
"FQDN": "",
"PORT": ""
}
]
}
}

operation: Manage Excluded Host

Input parameters

Parameter Description
Action Action that you want to perform on the excluded host on the Qualys cloud.
You must choose one of the following actions:
  • Add: Adds IP addresses to your excluded IPs list on the Qualys cloud.
  • Remove: Removes IP addresses from your excluded IPs list on the Qualys cloud.
  • Remove All: Removes all IP addresses from your excluded IPs list on the Qualys cloud.
IPs/Ranges IP addresses that you want to add or remove from your excluded IPs list on the Qualys cloud.
You can enter multiple IP addresses using a comma separator.
Comments User-defined notes that you want to add while managing excluded hosts on the Qualys cloud.
Network ID (Optional)Specify a Network ID that is assigned to the IPs being removed from the excluded IPs list. By default, the user’s default network ID is assigned.
Note: This parameter is valid when the user making the request has access to more than one network.

Output

The JSON output displays a message containing the result and item details of the Manage Excluded Host operation and the datetime when the actions that you specified for managing the excluded host were performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": [
{
"KEY": "",
"VALUE": ""
}
]
}
}

operation: Get Excluded Host List

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
IPs/Ranges Retrieve the list of only for those excluded IP address(es) that you have specified in this field from the Qualys cloud.
If you do not specify any IP addresses, then all excluded IP addresses and IP ranges are retrieved from the Qualys cloud.
You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
Network ID Retrieve the list of only for those excluded IP address(es) that belong to the Network ID that you have specified in this field from the Qualys cloud.
Note: This parameter is valid only when the Network Support feature is enabled for the user’s account.

Output

The JSON output contains a list of all excluded hosts for the user's account retrieved from the Qualys cloud or the list of specific excluded hosts based on the input parameters you have specified.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"IP_SET": {
"IP": []
}
}

operation: Get Option Profiles

Input parameters

None.

Output

The JSON output contains a list of all available option profiles and their details like basic info, map, scan, etc., retrieved from the Qualys cloud.

The output contains the following populated JSON schema:
{
"OPTION_PROFILE": [
{
"BASIC_INFO": {
"ID": "",
"GROUP_NAME": "",
"GROUP_TYPE": "",
"USER_ID": "",
"UNIT_ID": "",
"SUBSCRIPTION_ID": "",
"IS_DEFAULT": "",
"IS_GLOBAL": "",
"IS_OFFLINE_SYNCABLE": "",
"UPDATE_DATE": ""
},
"SCAN": {
"PORTS": {
"TCP_PORTS": {
"TCP_PORTS_TYPE": "",
"THREE_WAY_HANDSHAKE": ""
},
"UDP_PORTS": {
"UDP_PORTS_TYPE": ""
},
"AUTHORITATIVE_OPTION": ""
},
"SCAN_DEAD_HOSTS": "",
"PERFORMANCE": {
"PARALLEL_SCALING": "",
"OVERALL_PERFORMANCE": "",
"HOSTS_TO_SCAN": {
"EXTERNAL_SCANNERS": "",
"SCANNER_APPLIANCES": ""
},
"PROCESSES_TO_RUN": {
"TOTAL_PROCESSES": "",
"HTTP_PROCESSES": ""
},
"PACKET_DELAY": "",
"PORT_SCANNING_AND_HOST_DISCOVERY": ""
},
"LOAD_BALANCER_DETECTION": "",
"VULNERABILITY_DETECTION": {
"COMPLETE": "",
"DETECTION_INCLUDE": {
"BASIC_HOST_INFO_CHECKS": "",
"OVAL_CHECKS": ""
}
},
"AUTHENTICATION": "",
"ADDL_CERT_DETECTION": ""
},
"MAP": {
"BASIC_INFO_GATHERING_ON": "",
"TCP_PORTS": {
"TCP_PORTS_STANDARD_SCAN": ""
},
"MAP_OPTIONS": {
"PERFORM_LIVE_HOST_SWEEP": "",
"DISABLE_DNS_TRAFFIC": ""
},
"MAP_PERFORMANCE": {
"OVERALL_PERFORMANCE": "",
"MAP_PARALLEL": {
"EXTERNAL_SCANNERS": "",
"SCANNER_APPLIANCES": "",
"NETBLOCK_SIZE": ""
},
"PACKET_DELAY": ""
},
"MAP_AUTHENTICATION": ""
},
"ADDITIONAL": {
"HOST_DISCOVERY": {
"TCP_PORTS": {
"STANDARD_SCAN": ""
},
"UDP_PORTS": {
"STANDARD_SCAN": ""
},
"ICMP": ""
},
"PACKET_OPTIONS": {
"IGNORE_FIREWALL_GENERATED_TCP_RST": "",
"IGNORE_ALL_TCP_RST": "",
"IGNORE_FIREWALL_GENERATED_TCP_SYN_ACK": "",
"NOT_SEND_TCP_ACK_OR_SYN_ACK_DURING_HOST_DISCOVERY": ""
}
}
}
]
}

operation: Get Scanner Appliance

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
Output Mode Amount of detail to be retrieved from Qualys for each scanner appliance in the output. You can select from the following options:
  • Brief (default): Includes this information for each appliance: appliance ID, friendly name, software version, the number of running scans, and heartbeat check status (online or offline)
  • Full : includes the full appliance information, including the same details available in the Qualys user interface If you choose Full, then you can optionally specify the following parameters:
    • Show Tags: Select this option, i.e., set it to True (default) to include asset tag information for each scanner appliance in the output.
    • Type: Select one of the following scanner appliance types: Physical, Virtual, or Offline.
    • Include Cloud Info: Select this option, i.e., set it to True, to include cloud information in the output for virtual scanner appliances deployed on cloud platforms. For example, Amazon EC2, Microsoft Azure Cloud Platform, or Google Cloud Platform. Clear this option, i.e., set it to False (default) to exclude cloud information.
Scan Detail Select this option, i.e., set it to True to include scan details for scans currently running on the scanner appliance. Clear this option, i.e., set it to False (default) to exclude scan details.
Scan detail includes scan ID, title, scan reference, scan type, and scan date.
Busy If you do not select any of the following options, then all scanner appliances in the user account will be retrieved from Qualys:
  • Show appliances which are not currently running scans
  • (Default) Show appliances which are currently running scan
Scan Reference Scan reference code based on which you to retrieve the scanner appliances that are running a particular scan on Qualys. You can enter a valid scan reference code for a currently running scan.
Name Name based on which you want to retrieve the list of scanner appliances (physical and virtual) from Qualys. If you specify a name, then this operation will return only those scanner appliances that have names matching the string that you have specified.
IDs IDs based on which you want to retrieve the list of scanner appliances (physical and virtual) from Qualys. If you specify IDs, then this operation will return only those scanner appliances that have IDs matching the IDs that you have specified. You can specify multiple IDs using a comma separator.
Include License Information Select this option, i.e., set it to True to include virtual scanner license information. Clear this option, i.e., set it to False (default) to exclude virtual scanner license information.
License information includes the number of licenses you have and the number of licenses you have used.

Output

The output contains the following populated JSON schema:
{
"DATETIME": "",
"APPLIANCE_LIST": {
"APPLIANCE": [
{
"PROXY_SETTINGS": {
"PROXY": {
"IP_ADDRESS": "",
"USER": "",
"PORT": ""
},
"SETTING": ""
},
"USER_LOGIN": "",
"ML_LATEST": "",
"ID": "",
"UPDATED": "",
"STATUS": "",
"SS_LAST_CONNECTED": "",
"SOFTWARE_VERSION": "",
"ASSET_TAGS_LIST": {
"ASSET_TAG": [
{
"NAME": "",
"UUID": ""
}
]
},
"LAST_UPDATED_DATE": "",
"NAME": "",
"VULNSIGS_VERSION": "",
"COMMENTS": "",
"ML_VERSION": "",
"ASSET_GROUP_COUNT": "",
"MODEL_NUMBER": "",
"ACTIVATION_CODE": "",
"RUNNING_SCANS": {
"SCAN": {
"REF": "",
"TITLE": "",
"SCAN_DATE": "",
"TYPE": "",
"ID": ""
}
},
"MAX_CAPACITY_UNITS": "",
"HEARTBEATS_MISSED": "",
"UUID": "",
"TYPE": "",
"RUNNING_SCAN_COUNT": "",
"SS_CONNECTION": "",
"RUNNING_SLICES_COUNT": "",
"USER_LIST": "",
"POLLING_INTERVAL": "",
"VULNSIGS_LATEST": "",
"SERIAL_NUMBER": "",
"INTERFACE_SETTINGS": [
{
"IP_ADDRESS": "",
"SPEED": "",
"GATEWAY": "",
"NETMASK": "",
"DNS": {
"DOMAIN": "",
"SECONDARY": "",
"PRIMARY": ""
},
"LEASE": "",
"DUPLEX": "",
"INTERFACE": ""
},
{
"IP_ADDRESS": "",
"SPEED": "",
"GATEWAY": "",
"NETMASK": "",
"DNS": {
"SECONDARY": "",
"PRIMARY": ""
},
"LEASE": "",
"DUPLEX": "",
"SETTING": "",
"INTERFACE": ""
}
],
"ASSET_GROUP_LIST": {
"ASSET_GROUP": {
"NAME": "",
"ID": ""
}
}
}
]
}
}

operation: VM - Launch Scan

Input parameters

Parameter Description
Scan Title (Optional) Title of the vulnerability scan that you want to run on the Qualys cloud.
Option Profile Option based on which you want to run the vulnerability scan on the Qualys cloud.
You must select Option ID or Option Title.
  • Option ID: ID of option profile to be used for launching the scan that you want to run on the Qualys cloud.
  • Option Title: Title of option profile to be used for launching the scan that you want to run on the Qualys cloud.
Scanner Appliance Scanner Appliance that you want to use for the vulnerability scan that you want to run on the Qualys cloud.
You must select Scanner ID or Scanner Name.
  • Scanner ID: IDs of the scanner appliances to be used for launching the scan that you want to run on the Qualys cloud. You can enter multiple IDs using a comma separator.
  • Scanner Name: Friendly names of the scanner appliances to be used for launching the scan that you want to run on the Qualys cloud. Specify External for external scanners. You can enter multiple names using a comma separator.
Processing Priority (Optional) Processing priority level for the vulnerability scan that you want to run on the Qualys cloud. You can select any value between 0-9. If you do not choose any value, then the value of 0, i.e. no priority is assigned
You can select from one of the following values:
  • 0: No Priority (default value)
  • 1: Emergency
  • 2: Ultimate
  • 3: Critical
  • 4: Major
  • 5: High
  • 6: Standard
  • 7: Medium
  • 8: Minor
  • 9: Low
Runtime Http Header (Optional) Sets a custom value in order to drop defenses (such as logging, IPs, etc.) when an authorized scan is being run. The value you enter will be used in the “Qualys-Scan:” header that will be set for many CGI and web application fingerprinting checks. Some discovery and web server fingerprinting checks will not use this header.
Default Scanner (Optional) Select this option, i.e., set it to True, if you want to use the default scanner in each target asset group for the scan that you want to run on the Qualys cloud.
IP Network ID (Optional) ID of a network used to filter the IP addresses or IP ranges specified in the IPs/Ranges parameter. Specify a custom network ID, or specify 0, which is the default for the Global Default Network - this is used to scan hosts outside of your custom networks.
Note: This parameter is valid only when the Network Support feature is enabled for the user’s account
Target From Targets on which you want to run the vulnerability scan on the Qualys cloud.
You must select Assets or Tags.
  • Assets: Specify the IP addresses/ranges and/or asset groups that you want to scan on the Qualys cloud.
  • Tags: Specify the asset tags based on which you want to run the scan on the Qualys cloud.
Note: Based on the Target that you choose, you might require to specify other parameters.If you choose Assets, then you can optionally specify the following parameters:
  • IPs/Ranges: IP addresses on which you want to run the compliance scan on the Qualys cloud. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
  • Asset Group IDs: IDs of the asset groups in which you want to run the compliance scan on the Qualys cloud. You can enter multiple asset group IDs using a comma separator. You can specify either the Asset Group IDs or the Asset Groups but not both.
  • Asset Group: Titles of the asset groups on which you want to run the compliance scan on the Qualys cloud. You can enter multiple asset titles using a comma separator. You can specify either the Asset Group IDs or the Asset Groups but not both.
  • Exclude IP per scan: IP addresses that you want to exclude from the compliance scan on the Qualys cloud. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
If you choose Tags, then you can optionally specify the following parameters:
  • Tags Include Selector: Select any (the default) to include hosts that match at least one of the selected tags. Select all to include hosts that match all of the selected tags.
  • Tags Exclude Selector: Select any (the default) to exclude hosts that match at least one of the selected tags. Select all to exclude hosts that match all of the selected tags.
  • Tag Set By: Select id (the default) to select a tag set by providing tag IDs. Select name to select a tag set by providing tag names. This is valid only when the Use Tags parameter is set to True.
  • Tag Set Include: Specify a tag set that you want to include in the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.
  • Tag Set Exclude: Specify a tag set that you want to exclude from the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.
  • Use IP Not in Range Tags: Select this option, i.e., set it to True to scan all IP addresses defined in tags. Clear this option, i.e, set to False (the default) to select from all tags (tags with any tag rule).
  • Scanners In Target: Select this option, i.e., set it to True to distribute the scan to scanner appliances that match the asset tags specified for the scan target. By default, this is set to False.

Output

The JSON output displays a message containing the result of the VM - Launch Scan operation and the item details such as scan reference number and scan ID of the scan performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": [
{
"KEY": "",
"VALUE": ""
}
]
}
}

operation: VM - Get Scan List

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
Scan Reference Scan Reference for which you want to retrieve vulnerability scan details from the Qualys cloud.
For a vulnerability scan, the format is: scan/987659876.19876
State Scan state(s) for which you want to retrieve vulnerability scan details from the Qualys cloud.
Select one or more scan states from the available options: Running, Paused, Canceled, Finished, Error, Queued (scan job is waiting to be distributed to scanner(s), or Loading (scanner(s) are finished, and scan results are being loaded onto the platform).
Type Type of scan or which you want to retrieve vulnerability scan details from the Qualys cloud.
You can select one of the following options: On Demand, Scheduled, or API.
Target IPs IP addresses whose vulnerability scan details you want to retrieve from the Qualys cloud.
You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
User Login Vulnerability scan details will be retrieved from the Qualys cloud based on the user login that you specify in this field.
Launched After Datetime Retrieve vulnerability scan details for all vulnerability scans that were launched after the datetime you have specified in this field from the Qualys cloud.
Launched Before Datetime Retrieve vulnerability scan details for all vulnerability scans that were launched before the datetime you have specified in this field from the Qualys cloud.
Processed Process state(s) of the vulnerability scans whose details you want to retrieve from the Qualys cloud.
You can select Show only Processed scans or Show scans that are not Processed scans. If you do not specify any option, then the scan list output is not filtered based on the processed state.
Show Asset Group Information Select this option, i.e., set it to True, to include asset group information for each vulnerability scan in the output.
By default, this is set to False, and the asset group information is not included in the output.
Show Option Profile Information Select this option, i.e., set it to True, to include option profile information for each vulnerability scan in the output.
By default, this is set to False, and the option profile information is not included in the output.
Show Scan Status Select this option, i.e., set it to True, to include the status information for each vulnerability scan in the output.
By default, this is set to True.
Show Most Recent Scan Select this option, i.e., set it to True, to include only the most recent vulnerability scan (which meets all other search filters in the request) information in the output.
By default, this is set to False, and all vulnerability scans are included in the output.

Output

The JSON output contains a list of all vulnerability scans and their details such as user login, title, duration, option profile details, etc., for the user's account retrieved from the Qualys cloud, or the list and details of specific vulnerability scans based on the input parameters you have specified.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"SCAN_LIST": {
"SCAN": [
{
"USER_LOGIN": "",
"TARGET": "",
"LAUNCH_DATETIME": "",
"PROCESSING_PRIORITY": "",
"REF": "",
"TITLE": "",
"STATUS": {
"SUB_STATE": "",
"STATE": ""
},
"DURATION": "",
"TYPE": "",
"PROCESSED": ""
}
]
}
}

operation: VM - Fetch Scan

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
Scan Reference Scan Reference for which you want to retrieve vulnerability management scan results from the Qualys cloud.
Format for this field is: scan/987659876.19876
IPs/Ranges IP addresses whose vulnerability management scan results you want to retrieve from the Qualys cloud.
You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
Mode Mode based on which information of the vulnerability management scan results will be retrieved from the Qualys cloud.
You can enter choose from the following options:
Brief: This is the default option, and it includes the IP address, DNS hostname, NetBIOS hostname, QID and scan test results if applicable.
Extended: Includes the brief output plus following extended information: protocol, port, an SSL flag (“yes” is returned when SSL was used for the detection, “no” is returned when SSL was not used), and FQDN if applicable.

Output

The JSON output contains details of the of the attached file.

The output contains the following populated JSON schema:
{
"@type": "",
"id": "",
"createDate": "",
"file": {
"@type": "",
"size": "",
"filename": "",
"metadata": "",
"file": {
"@type": ""
},
"uploadDate": "",
"@context": "",
"mimeType": "",
"owners": "",
"@id": ""
},
"type": "",
"modifyDate": "",
"@context": "",
"@id": "",
"name": "",
"description": "",
"createUser": {
"@type": "",
"createUser": "",
"createDate": "",
"userId": "",
"modifyDate": "",
"modifyUser": "",
"@id": "",
"name": "",
"@settings": "",
"avatar": "",
"id": "",
"userType": ""
},
"modifyUser": {
"@type": "",
"createUser": "",
"createDate": "",
"userId": "",
"modifyDate": "",
"modifyUser": "",
"@id": "",
"name": "",
"@settings": "",
"avatar": "",
"id": "",
"userType": ""
}
}

operation: VM - Manage Scan

Input parameters

Parameter Description
Action Action that you want to perform on the vulnerability scan that you want to manage on the Qualys cloud.
You must choose one of the following actions:
  • Cancel: Stops a vulnerability scan that is in progress on the Qualys cloud.
  • Pause: Stops a vulnerability scan that is in progress on the Qualys cloud and changes its status to Paused.
  • Resume: Restarts a vulnerability scan that has been paused on the Qualys cloud.
  • Delete: Deletes a vulnerability scan from your user account on the Qualys cloud.
Scan Reference Reference of the vulnerability scan that you want to manage, i.e., on which you want to perform the specified action on the Qualys cloud.
Format for this field is: scan/987659876.19876

Output

The JSON output displays a message containing the result of the VM - Manage Scan operation and the item details of the action performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": [
{
"KEY": "",
"VALUE": ""
}
]
}
}

operation: PC - Launch Scan

Input parameters

Parameter Description
Scan Title (Optional) Title of the compliance scan that you want to run on the Qualys cloud.
Option Profile Option based on which you want to run the compliance scan on the Qualys cloud.
You must select Option ID or Option Title.
  • Option ID: ID of option profile to be used for launching the scan that you want to run on the Qualys cloud.
  • Option Title: Title of option profile to be used for launching the scan that you want to run on the Qualys cloud.
Scanner Appliance Scanner Appliance that you want to use for the compliance scan that you want to run on the Qualys cloud.
You must select Scanner ID or Scanner Name.
  • Scanner ID: IDs of the scanner appliances to be used for launching the scan that you want to run on the Qualys cloud. You can enter multiple IDs using a comma separator.
  • Scanner Name: Friendly names of the scanner appliances to be used for launching the scan that you want to run on the Qualys cloud. Specify External for an external scanner. You can enter multiple names using a comma separator.
Runtime Http Header (Optional) Sets a custom value in order to drop defenses (such as logging, IPs, etc.) when an authorized scan is being run. The value you enter will be used in the “Qualys-Scan:” header that will be set for many CGI and web application fingerprinting checks. Some discovery and web server fingerprinting checks will not use this header.
Default Scanner (Optional) Select this option, i.e., set it to True, if you want to use the default scanner in each target asset group for the scan that you want to run on the Qualys cloud.
IP Network ID (Optional) ID of a network used to filter the IP addresses or IP ranges specified in the IPs/Ranges parameter. Specify a custom network ID, or specify 0, which is the default for the Global Default Network - this is used to scan hosts outside of your custom networks.
Note: This parameter is valid only when the Network Support feature is enabled for the user’s account
Target From Targets on which you want to run the compliance scan on the Qualys cloud.
You must select Assets or Tags.
  • Assets: Specify the IP addresses/ranges and/or asset groups that you want to scan on the Qualys cloud.
  • Tags: Specify the asset tags based on which you want to run the scan on the Qualys cloud.
Note: Based on the Target that you choose, you might require to specify other parameters.If you choose Assets, then you can optionally specify the following parameters:
  • IPs/Ranges: IP addresses on which you want to run the compliance scan on the Qualys cloud. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
  • Asset Group IDs: IDs of the asset groups on which you want to run the compliance scan on the Qualys cloud. You can enter multiple asset group IDs using a comma separator. You can specify either the Asset Group IDs or the Asset Groups but not both.
  • Asset Group: Titles of the asset groups on which you want to run the compliance scan on the Qualys cloud. You can enter multiple asset titles using a comma separator. You can specify either the Asset Group IDs or the Asset Groups but not both.
  • Exclude IP per scan: IP addresses that you want to exclude from the compliance scan on the Qualys cloud. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
If you choose Tags, then you can optionally specify the following parameters:
  • Tags Include Selector: Select any (the default) to include hosts that match at least one of the selected tags. Select all to include hosts that match all of the selected tags.
  • Tags Exclude Selector: Select any (the default) to exclude hosts that match at least one of the selected tags. Select all to exclude hosts that match all of the selected tags.
  • Tag Set By: Select id (the default) to select a tag set by providing tag IDs. Select name to select a tag set by providing tag names. This is valid only when the Use Tags parameter is set to True.
  • Tag Set Include: Specify a tag set that you want to include in the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.
  • Tag Set Exclude: Specify a tag set that you want to exclude from the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.
  • Use IP Not in Range Tags: Select this option, i.e., set it to True to scan all IP addresses defined in tags. Clear this option, i.e., set to False (the default) to select from all tags (tags with any tag rule).
  • Scanners In Target: Select this option, i.e., set it to True to distribute the scan to scanner appliances that match the asset tags specified for the scan target. By default, this is set to False.

Output

The JSON output displays a message containing the result of the PC - Launch Scan operation and the item details such as scan reference number and scan ID of the scan performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": [
{
"KEY": "",
"VALUE": ""
}
]
}
}

operation: PC - Get Scan List

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
Scan ID ID of the scan for which you want to retrieve compliance scan details from the Qualys cloud.
Scan Reference Scan Reference for which you want to retrieve compliance scan details from the Qualys cloud.
For a vulnerability scan, the format is: scan/987659876.19876
For a compliance scan, the format is: compliance/98765456.12345
For a SCAP scan, the format is: qscap/987659999.22222
State Scan state(s) for which you want to retrieve compliance scan details from the Qualys cloud.
Select one or more scan states from the available options: Running, Paused, Canceled, Finished, Error, Queued (scan job is waiting to be distributed to scanner(s), or Loading (scanner(s) are finished, and scan results are being loaded onto the platform).
Type Type of scan or which you want to retrieve compliance scan details from the Qualys cloud.
You can select one of the following options: On Demand, Scheduled, or API.
Target IPs IP addresses whose compliance scan details you want to retrieve from the Qualys cloud.
You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
User Login Compliance scan details will be retrieved from the Qualys cloud based on the user login that you specify in this field.
Launched After Datetime Retrieve compliance scan details for all vulnerability scans that were launched after the datetime you have specified in this field from the Qualys cloud.
Launched Before Datetime Retrieve compliance scan details for all vulnerability scans that were launched before the datetime you have specified in this field from the Qualys cloud.
Processed Process state(s) of the compliance scans whose details you want to retrieve from the Qualys cloud.
You can select Show only Processed scans or Show scans that are not Processed scans. If you do not specify any option, then the scan list output is not filtered based on the processed state.
Show Asset Group Information Select this option, i.e., set it to True, to include asset group information for each compliance scan in the output.
By default, this is set to False, and the asset group information is not included in the output.
Show Option Profile Information Select this option, i.e., set it to True, to include option profile information for each compliance scan in the output.
By default, this is set to False, and the option profile information is not included in the output.
Show Scan Status Select this option, i.e., set it to True, to include the status information for each compliance scan in the output.
By default, this is set to True.
Show Most Recent Scan Select this option, i.e., set it to True, to include only the most recent compliance scan (which meets all other search filters in the request) information in the output.
By default, this is set to False, and all vulnerability scans are included in the output.

Output

The JSON output contains a list of all compliance scans and their details such as user login, title, duration, option profile details, etc., for the user's account retrieved from the Qualys cloud, or the list and details of specific compliance scans based on the input parameters you have specified.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"SCAN_LIST": {
"SCAN": [
{
"USER_LOGIN": "",
"ID": "",
"OPTION_PROFILE": {
"TITLE": "",
"DEFAULT_FLAG": ""
},
"TITLE": "",
"STATUS": {
"STATE": ""
},
"DURATION": "",
"TYPE": "",
"PROCESSED": "",
"TARGET": "",
"REF": "",
"LAUNCH_DATETIME": "",
"ASSET_GROUP_TITLE_LIST": {
"ASSET_GROUP_TITLE": ""
}
}
]
}
}

operation: PC - Fetch Scan

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
Scan Reference Reference of the scan for which you want to download compliance management scan results from the Qualys cloud.
Format for this field is: scan/987659876.19876

Output

The JSON output contains the details of the attached file.

The output contains the following populated JSON schema:
{
"@type": "",
"id": "",
"createDate": "",
"file": {
"@type": "",
"size": "",
"filename": "",
"metadata": "",
"file": {
"@type": ""
},
"uploadDate": "",
"@context": "",
"mimeType": "",
"owners": "",
"@id": ""
},
"type": "",
"modifyDate": "",
"@context": "",
"@id": "",
"name": "",
"description": "",
"createUser": {
"@type": "",
"createUser": "",
"createDate": "",
"userId": "",
"modifyDate": "",
"modifyUser": "",
"@id": "",
"name": "",
"@settings": "",
"avatar": "",
"id": "",
"userType": ""
},
"modifyUser": {
"@type": "",
"createUser": "",
"createDate": "",
"userId": "",
"modifyDate": "",
"modifyUser": "",
"@id": "",
"name": "",
"@settings": "",
"avatar": "",
"id": "",
"userType": ""
}
}

operation: PC - Manage Scan

Input parameters

Parameter Description
Action Action that you want to perform on the compliance scan that you want to manage on the Qualys cloud.
You must choose one of the following actions:
  • Cancel: Stops a compliance scan that is in progress on the Qualys cloud.
  • Pause: Stops a compliance scan that is in progress on the Qualys cloud and changes its status to Paused.
  • Resume: Restarts a compliance scan that has been paused on the Qualys cloud.
  • Delete: Deletes a compliance scan from your user account on the Qualys cloud.
Scan Reference Reference of the compliance scan that you want to manage, i.e., on which you want to perform the specified action on the Qualys cloud.
Format for this field is: scan/987659876.19876

Output

The JSON output displays a message containing the result of the PC - Manage Scan operation and the item details of the action performed on the Qualys cloud.
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": [
{
"KEY": "",
"VALUE": ""
}
]
}
}

operation: Get Schedule Scan List

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
Scan ID ID of the scan whose scan schedule you want to retrieve from the Qualys cloud.
Active Select this option, i.e., set it to True, to retrieve scan schedules for only active scans from the Qualys cloud.
Clear this option, i.e., set it to Talse, to retrieve scan schedules for only deactivated scans from the Qualys cloud

Output

The JSON output contains a list of all report templates and their details such as ID, Template type, title, user, type, etc., for the user's account retrieved from the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"SCHEDULE_SCAN_LIST": {
"SCAN": [
{
"USER_LOGIN": "",
"TARGET": "",
"ISCANNER_NAME": "",
"SCHEDULE": {
"MAX_OCCURRENCE": "",
"START_HOUR": "",
"START_DATE_UTC": "",
"TIME_ZONE": {
"TIME_ZONE_DETAILS": "",
"TIME_ZONE_CODE": ""
},
"NEXTLAUNCH_UTC": "",
"WEEKLY": "",
"DST_SELECTED": "",
"START_MINUTE": ""
},
"ID": "",
"TITLE": "",
"ACTIVE": "",
"OPTION_PROFILE": {
"TITLE": "",
"DEFAULT_FLAG": ""
},
"USER_ENTERED_IPS": {
"RANGE": [
{
"START": "",
"END": ""
},
{
"START": "",
"END": ""
}
]
},
"PROCESSING_PRIORITY": ""
}
]
}
}

operation: Get Vulnerability List

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
Details Amount of vulnerability information that you want to retrieve for each host from the Qualys cloud.
You can choose from the following values:
  • Basic (Default): Retrieves basic vulnerability information that includes basic elements plus CVSS Base and Temporal scores
  • All: Retrieves all vulnerability information that includes all vulnerability details, including the Basic details from the Qualys cloud.
  • None: Retrieves only the vulnerability IDs from the Qualys cloud
QIDs QIDs whose vulnerability information you want to retrieve from the Qualys cloud. In this case, vulnerability information of only those QIDs that have specified will be retrieved from the Qualys cloud.
You can enter multiple hosts using a comma separator, or you can add a range of hosts using a hyphen (-).
Minimum QID Minimum QID value based on which you want to retrieve vulnerability information from the Qualys cloud.
Maximum QID Maximum QID value based on which you want to retrieve vulnerability information from the Qualys cloud.
Is Patchable Filter the output to include only vulnerabilities that are patchable or not patchable. You can choose from the following options:
  • Show Vulnerabilities that are Patchable
  • Show Vulnerabilities that are Not Patchable
Last Modified After Filter the output to include only those vulnerabilities that have been last modified after the datetime you have specified. The list of vulnerabilities will include vulnerabilities last modified by a user or by the service.
Last Modified Before Filter the output to include only those vulnerabilities that have been last modified before the datetime you have specified. The list of vulnerabilities will include vulnerabilities last modified by a user or by the service.
Last Modified By User After Filter the output to include only those vulnerabilities that have been last modified by the user after the datetime you have specified.
Last Modified By User Before Filter the output to include only those vulnerabilities that have been last modified by the user before the datetime you have specified.
Last Modified By Service After Filter the output to include only those vulnerabilities that have been last modified by the service after the datetime you have specified.
Last Modified By Service Before Filter the output to include only those vulnerabilities that have been last modified by the service before the datetime you have specified.
Published After Filter the output to include only those vulnerabilities that have been published after the datetime you have specified.
Published Before Filter the output to include only those vulnerabilities that have been published before the datetime you have specified.
Discovery Method Filter the output to include only those vulnerabilities that are assigned the specified discovery method. You can choose from the following options:
  • Remote
  • Authenticated
  • Remote Only
  • Authenticated Only
  • Remote And Authenticated
Discovery Authentication Types Filter the XML output to include only those vulnerabilities that have one or more specified authentication types. You can choose multiple values from the following options:
  • Windows
  • Oracle
  • Unix
  • SNMP
  • DB2
  • HTTP
  • MySQL
  • VMware
Show PCI Reasons Select this option, i.e., set it to True,to include the reasons for passing or failing PCI compliance (when the CVSS Scoring feature is turned on in the user’s subscription) in the output. Clear this option, i.e., setto False (default) to exclude the reasons the reasons for passing or failing PCI compliance from the output.
Show Supported Modules Information Select this option, i.e., set it to True, to include the supported Qualys modules that can be used to detect each vulnerability in the output. Clear this option, i.e., set to False (default) to exclude the supported modules from the output.
Show Disabled Flag Select this option, i.e., set it to True, to include the disabled flag for each vulnerability in the output. Clear this option, i.e., set to False (default) to exclude the disabled flag for each vulnerability from the output.
Show QID Change Log Select this option, i.e., set it to True, to include QID changes for each vulnerability in output. Clear this option, i.e., set to False (default) to exclude QID changes for each vulnerability from the output
Download Result As an Attachment Select this option, i.e., set it to True to add vulnerability results in a file and add it as an attachment in FortiSOAR™. Clear this option, i.e., set it to False (default) to include vulnerability results in the connector output.

Output

The output contains the following populated JSON schema:
{
"DATETIME": "",
"VULN_LIST": {
"VULN": [
{
"SOLUTION": "",
"PCI_FLAG": "",
"VULN_TYPE": "",
"PATCHABLE": "",
"TITLE": "",
"LAST_SERVICE_MODIFICATION_DATETIME": "",
"CVE_LIST": {
"CVE": [
{
"URL": "",
"ID": ""
}
]
},
"DIAGNOSIS": "",
"CONSEQUENCE": "",
"BUGTRAQ_LIST": {
"BUGTRAQ": [
{
"URL": "",
"ID": ""
}
]
},
"SOFTWARE_LIST": {
"SOFTWARE": {
"VENDOR": "",
"PRODUCT": ""
}
},
"DISCOVERY": {
"AUTH_TYPE_LIST": {
"AUTH_TYPE": ""
},
"ADDITIONAL_INFO": "",
"REMOTE": ""
},
"CATEGORY": "",
"QID": "",
"PUBLISHED_DATETIME": "",
"SEVERITY_LEVEL": "",
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": {
"URL": "",
"ID": ""
}
}
}
]
}
}

operation: Get Report Template List

Input parameters

None.

Output

The JSON output contains a list of all scheduled scans and their details such as title, target, processing priority, option profile details, user entered IPs, schedule details, etc., for the user's account retrieved from the Qualys cloud, or the list and details of scheduled compliance scans based on the input parameters you have specified.

The output contains the following populated JSON schema:
{
"REPORT_TEMPLATE": [
{
"ID": "",
"TYPE": "",
"TEMPLATE_TYPE": "",
"TITLE": "",
"USER": {
"LOGIN": "",
"FIRSTNAME": "",
"LASTNAME": ""
},
"LAST_UPDATE": "",
"GLOBAL": ""
}
]
}

operation: Launch Scheduled Report

Input parameters

Parameter Description
Scheduled Report ID ID of the scheduled report that you want to launch on the Qualys cloud.

Output

The JSON output displays a message containing the result of the Launch Scheduled Report operation and details such as report ID and datetime of when this operation was performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}

operation: Launch Scan Based Findings Report

Input parameters

Parameter Description
Template ID ID of the template of the scan-based findings report that you want to launch on the Qualys cloud.
Report Title (Optional) Title of the scan-based findings report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters.
Output Format Format of the scan-based findings report that you want to launch on the Qualys cloud.
You can choose from the following options:
  • PDF
  • HTML
  • MHT
  • XML
  • CSV
  • Docx
Note: Based on the output format that you choose, you might require to specify other parameters.
  • For the PDF output, enter the following parameters:
    • In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account.
    • In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
    • In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
  • For the CSV output, you can select the Hide Header checkbox, i.e., set it to True, to omit the header information from the report. By default, this is set to False, i.e., Header information is included in the report.
IP Restrictions (Optional) Important: Currently, this functionality is not available for this report type. Qualys might provide this functionality in the future.
This field is used to restrict the scan report content to only the IP addresses you have specified. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
Scan References Scan Reference based on which you want to launch the scan-based findings report on the Qualys cloud.
Format for this field is: scan/1532543415.81997
You can enter multiple scan references using a comma separator.
Use Tags (Optional) Select this option, i.e., set it to True, to include assets tags in the scan-based findings report. By default, this is set to False, i.e., to include IP addresses/ranges and/or asset groups in the report.
If you set the Use Tags parameter as True, then you can optionally specify the following parameters:
  • Tags Include Selector: Select any (the default) to include hosts that match at least one of the selected tags. Select all to include hosts that match all of the selected tags.
  • Tags Exclude Selector: Select any (the default) to exclude hosts that match at least one of the selected tags. Select all to exclude hosts that match all of the selected tags.
  • Tag Set By: Select id (the default) to select a tag set by providing tag IDs. Select name to select a tag set by providing tag names. This is valid only when the Use Tags parameter is set to True.
  • Tag Set Include: Specify a tag set that you want to include in the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.
  • Tag Set Exclude: Specify a tag set that you want to exclude from the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.

Output

The JSON output displays a message containing the result of the Launch Scan Based Findings Report operation and details such as report ID and datetime of when this operation was performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}

operation: Launch Host Based Findings Report

Input parameters

Parameter Description
Template ID ID of the template of the host-based findings report that you want to launch on the Qualys cloud.
Report Title (Optional) Title of the host-based findings report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters.
Output Format Format of the host-based findings report that you want to launch on the Qualys cloud.
You can choose from the following options:
  • PDF
  • HTML
  • MHT
  • XML
  • CSV
  • Docx
Note: Based on the output format that you choose, you might require to specify other parameters.
  • For the PDF output, enter the following parameters:
    • In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account.
    • In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
    • In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
  • For the CSV output, you can select the Hide Header checkbox, i.e., set it to True, to omit the header information from the report. By default, this is set to False, i.e., Header information is included in the report.
IPs Network ID (Optional) Enter the IPs network ID to restrict the scan report content to only the IPs network ID you have specified.
Use Tags (Optional) Select this option, i.e., set it to True, to include assets tags in the host-based findings report. By default, this is set to False, i.e., to include IP addresses/ranges and/or asset groups in the host-based findings report.
If you set the Use Tags parameter as True, then you can optionally specify the following parameters:
  • Tags Include Selector: Select any (the default) to include hosts that match at least one of the selected tags. Select all to include hosts that match all of the selected tags.
  • Tags Exclude Selector: Select any (the default) to exclude hosts that match at least one of the selected tags. Select all to exclude hosts that match all of the selected tags.
  • Tag Set By: Select id (the default) to select a tag set by providing tag IDs. Select name to select a tag set by providing tag names. This is valid only when the Use Tags parameter is set to True.
  • Tag Set Include: Specify a tag set that you want to include in the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.
  • Tag Set Exclude: Specify a tag set that you want to exclude from the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.
IPs/Ranges (Optional) IP addresses or a range of IP addresses based on which you want to launch the host-based report on the Qualys cloud.
You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
Asset Group IDs (Optional) Asset Group IDs based on which you want to launch the host-based report on the Qualys cloud.
You can enter multiple IDs using a comma separator, or you can add a range of IDs using a hyphen (-).

Output

The JSON output displays a message containing the result of the Launch Host Based Findings Report operation and details such as report ID and datetime of when this operation was performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}

operation: Launch Patch Report

Input parameters

Parameter Description
Template ID ID of the template of the patch report that you want to launch on the Qualys cloud.
Report Title (Optional) Title of the patch report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters.
Output Format Format of the patch report that you want to launch on the Qualys cloud.
You can choose from the following options:
  • PDF
  • Online
  • XML
  • CSV
Note: Based on the output format that you choose, you might require to specify other parameters.
  • For the PDF output, enter the following parameters:
    • In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account.
    • In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
    • In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
  • For the CSV output, you can select the Hide Header checkbox, i.e., set it to True, to omit the header information from the report. By default, this is set to False, i.e., Header information is included in the report.
Use Tags (Optional) Select this option, i.e., set it to True, to include assets tags in the patch report. By default, this is set to False, i.e., to include IP addresses/ranges and/or asset groups in the report.
IPs/Ranges (Optional) IP addresses or a range of IP addresses based on which you want to launch the patch report on the Qualys cloud.
You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
Asset Group IDs (Optional) Asset Group IDs based on which you want to launch the patch report on the Qualys cloud.
You can enter multiple IDs using a comma separator, or you can add a range of IDs using a hyphen (-).

Output

The JSON output displays a message containing the result of the Launch Patch Report operation and details such as report ID and datetime of when this operation was performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}

operation: Launch Remediation Report

Input parameters

Parameter Description
Template ID ID of the template of the remediation report that you want to launch on the Qualys cloud.
Report Title (Optional) Title of the remediation report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters.
Output Format Format of the remediation report that you want to launch on the Qualys cloud.
You can choose from the following options:
  • PDF
  • HTML
  • MHT
  • CSV
Note: Based on the output format that you choose, you might require to specify other parameters.
  • For the PDF output, enter the following parameters:
    • In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account.
    • In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
    • In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
  • For the CSV output, you can select the Hide Header checkbox, i.e., set it to True, to omit the header information from the report. By default, this is set to False, i.e., Header information is included in the report.
Assignee Type (Optional) Select User in this field to specify that the remediation report will include tickets that are assigned to the current user only (User is set by default). Select All in this field to specify that the remediation report will include all the tickets in the user's account.
Use Tags (Optional) Select this option, i.e., set it to True, to include assets tags in the report. By default, this is set to False, i.e., to include IP addresses/ranges and/or asset groups in the remediation report.
If you set the Use Tags parameter as True, then you can optionally specify the following parameters:
  • Tags Include Selector: Select any (the default) to include hosts that match at least one of the selected tags. Select all to include hosts that match all of the selected tags.
  • Tags Exclude Selector: Select any (the default) to exclude hosts that match at least one of the selected tags. Select all to exclude hosts that match all of the selected tags.
  • Tag Set By: Select id (the default) to select a tag set by providing tag IDs. Select name to select a tag set by providing tag names. This is valid only when the Use Tags parameter is set to True.
  • Tag Set Include: Specify a tag set that you want to include in the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.
  • Tag Set Exclude: Specify a tag set that you want to exclude from the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.
IPs/Ranges (Optional) IP addresses or a range of IP addresses based on which you want to launch the remediation report on the Qualys cloud.
You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
Asset Group IDs (Optional) Asset Group IDs based on which you want to launch the remediation report on the Qualys cloud.
You can enter multiple IDs using a comma separator, or you can add a range of IDs using a hyphen (-).

Output

The JSON output displays a message containing the result of the Launch Remediation Report operation and details such as report ID and datetime of when this operation was performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}

operation: Launch Compliance Report

Input parameters

Parameter Description
Template ID ID of the template of the compliance report that you want to launch on the Qualys cloud.
Report Title (Optional) Title of the compliance report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters.
Output Format Format of the compliance report that you want to launch on the Qualys cloud.
You can choose from the following options:
  • PDF
  • HTML
  • MHT
Note: Based on the output format that you choose, you might require to specify other parameters.
  • For the PDF output, enter the following parameters:
    • In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account.
    • In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
    • In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
IPs/Ranges (Optional) IP addresses or a range of IP addresses based on which you want to launch the compliance report on the Qualys cloud.
You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
Asset Group IDs (Optional) Asset Group IDs based on which you want to launch the compliance report on the Qualys cloud.
You can enter multiple IDs using a comma separator, or you can add a range of IDs using a hyphen (-).

Output

The JSON output displays a message containing the result of the Launch Compliance Report operation and details such as report ID and datetime of when this operation was performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}

operation: Launch Compliance Policy Report

Input parameters

Parameter Description
Template ID ID of the template of the compliance policy report that you want to launch on the Qualys cloud.
Report Title (Optional) Title of the compliance policy report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters.
Output Format Format of the compliance policy report that you want to launch on the Qualys cloud.
You can choose from the following options:
  • PDF
  • HTML
  • MHT
  • XML
  • CSV
Note: Based on the output format that you choose, you might require to specify other parameters.
  • For the PDF output, enter the following parameters:
    • In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account.
    • In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
    • In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
  • For the CSV output, you can select the Hide Header checkbox, i.e., set it to True, to omit the header information from the report. By default, this is set to False, i.e., Header information is included in the report.
Policy ID ID of the compliance policy based on which you want to launch the compliance policy report on the Qualys cloud.
Host ID (Optional) ID of the host, if you want to launch the compliance policy report on the Qualys cloud, based on only a single host instance.
Important: Specify the Host ID parameter, if you are specifying the Instance String parameter.
Instance String (Optional) Single instance on the host that you have specified. You can enter the instance string in the format as: “os” or in a a string-like format: “oracle10:1:1521:ora10204u”
Use Tags (Optional) Select this option, i.e., set it to True, to include assets tags in the compliance policy report. By default, this is set to False, i.e., to include IP addresses/ranges and/or asset groups in the compliance report.
If you set the Use Tags parameter as True, then you can optionally specify the following parameters:
  • Tags Include Selector: Select any (the default) to include hosts that match at least one of the selected tags. Select all to include hosts that match all of the selected tags.
  • Tags Exclude Selector: Select any (the default) to exclude hosts that match at least one of the selected tags. Select all to exclude hosts that match all of the selected tags.
  • Tag Set By: Select id (the default) to select a tag set by providing tag IDs. Select name to select a tag set by providing tag names. This is valid only when the Use Tags parameter is set to True.
  • Tag Set Include: Specify a tag set that you want to include in the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.
  • Tag Set Exclude: Specify a tag set that you want to exclude from the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.
IPs/Ranges (Optional) IP addresses or a range of IP addresses based on which you want to launch the compliance policy report on the Qualys cloud.
You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
Asset Group IDs (Optional) Asset Group IDs based on which you want to launch the compliance policy report on the Qualys cloud.
You can enter multiple IDs using a comma separator, or you can add a range of IDs using a hyphen (-).

Output

The JSON output displays a message containing the result of the Launch Compliance Policy Report operation and details such as report ID and datetime of when this operation was performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}

operation: Launch Scorecard Report

Input parameters

Parameter Description
Scorecard Type Type of the vulnerability scorecard report you want to launch on the Qualys cloud.
You can choose from the following options: Service Provided Scorecard or User Created Scorecard.
Scorecard Name If you specify the scorecard type as Service Provided Scorecard, then you can choose any of the following options as the scorecard name: Asset Group Vulnerability Report, Ignored Vulnerabilities Report, Most Prevalent Vulnerabilities Report, Most Vulnerable Hosts Report, or Patch Report.
If you specify the scorecard type as User Created Scorecard, then you can specify the name of your choice for the report.
Report Title (Optional) Title of the scorecard report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters.
Note: If you do not specify a report title, then the scorecard name will become the report title also.
Output Format Format of the scorecard policy report that you want to launch on the Qualys cloud.
You can choose from the following options:
  • PDF
  • HTML
  • MHT
  • XML
  • CSV
Note: Based on the output format that you choose, you might require to specify other parameters.
  • For the PDF output, enter the following parameters:
    • In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account.
    • In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
    • In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
  • For the CSV output, you can select the Hide Header checkbox, i.e., set it to True, to omit the header information from the report. By default, this is set to False, i.e., Header information is included in the report.
Source Source asset groups based on which you want to launch the scorecard report on the Qualys cloud.
You can choose from the following options:
  • Asset Groups: This is the default option and select this option launch a scorecard report with all assets groups.
  • Business Unit: Select this option to launch a scorecard report with all assets groups in a particular business unit.

Note: Based on the source that you choose, you might require to specify other parameters.
If you choose Asset Groups, then you can optionally specify the following parameters:
  • Asset Groups: Titles of asset groups, which are to be used as source asset groups for the scorecard report.
  • All Asset Groups: If you can select the All Asset Groups checkbox, i.e., set it to True, to set all asset groups available in your account as the source asset groups for the scorecard report.
    You cannot use the Asset Groups and All Asset Groups parameters at the same time.

If you choose Business Unit, then you can optionally specify the following parameters:
  • Business Unit: Title of a business unit containing the source asset groups for the scorecard report. All asset groups in the business unit will be included in the report source.
  • Division: A business info tag identifying a division to which the asset group(s) belong. When specified, only asset groups with this tag are included in the scorecard report source.
  • Function: A business info tag identifying a business function to which that asset group(s) belong. When specified, only asset groups with this tag are included in the scorecard report source.
  • Location: A business info tag identifying a location where that asset group(s) are located. When specified, only asset groups with this tag are included in the scorecard report source.
Patch QID (Optional) Patch QIDs for vulnerabilities or potential vulnerabilities with available patches, when these detected on the host, this means the host does not have the patches installed, and it will be reported in the scorecard output. You can enter multiple patch QIDs, up to a maximum of 10, using a comma separator.
Note: Valid and required in case of a Patch Scorecard Report.
Missing QIDs (Optional) Missing software QIDs when not detected on host means the host is missing software and it will be reported in the scorecard output. You can enter multiple patch QIDs, up to a maximum of 2, using a comma separator.
Note: Valid and required in case of a Patch Scorecard Report.

Output

The JSON output displays a message containing the result of the Launch Scorecard Report operation and details such as report ID and datetime of when this operation was performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}

operation: Download Saved Report

Input parameters

Parameter Description
Report ID ID of a saved report that you want to download in the user's account on the Qualys cloud.
Note: To download a saved report, the status of the report must be Finished.

Output

The JSON output contains the details of the report that you have downloaded in the user's account on the Qualys cloud, based on the report ID you have specified.

The output contains the following populated JSON schema:
{
"@type": "",
"id": "",
"createDate": "",
"file": {
"@type": "",
"size": "",
"filename": "",
"metadata": "",
"file": {
"@type": ""
},
"uploadDate": "",
"@context": "",
"mimeType": "",
"owners": "",
"@id": ""
},
"type": "",
"modifyDate": "",
"@context": "",
"@id": "",
"name": "",
"description": "",
"createUser": {
"@type": "",
"createUser": "",
"createDate": "",
"userId": "",
"modifyDate": "",
"modifyUser": "",
"@id": "",
"name": "",
"@settings": "",
"avatar": "",
"id": "",
"userType": ""
},
"modifyUser": {
"@type": "",
"createUser": "",
"createDate": "",
"userId": "",
"modifyDate": "",
"modifyUser": "",
"@id": "",
"name": "",
"@settings": "",
"avatar": "",
"id": "",
"userType": ""
}
}

operation: Get Report List

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
Report ID ID of the report that is saved in the user's Report Share storage space, whose details you want to retrieve from the Qualys cloud.
State State of the report that is saved in the user's Report Share storage space, whose details you want to retrieve from the Qualys cloud.
You can select from the available options: Running (reports are in progress), Finished, Submitted, Canceled or Errors.
User Login Login of the user who has launched the report in the user's Report Share, whose details you want to retrieve from the Qualys cloud.
Expires Before Datetime Retrieve those reports from the Qualys cloud that expire before the datetime that you specify in this field.

Output

The JSON output contains a list and details such as report id , type, user login, output format, title, status etc. of all reports that are saved in the the user's Report Share storage space and retrieved from the Qualys cloud, or the list and details of specific reports based on the input parameters you have specified.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"REPORT_LIST": {
"REPORT": [
{
"USER_LOGIN": "",
"OUTPUT_FORMAT": "",
"LAUNCH_DATETIME": "",
"ID": "",
"TITLE": "",
"STATUS": {
"STATE": ""
},
"SIZE": "",
"TYPE": "",
"EXPIRATION_DATETIME": ""
}
]
}
}

operation: Get Scheduled Report List

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
Report ID ID of the scheduled report that is saved in the user's Report Share storage space, whose details you want to retrieve from the Qualys cloud.
Is Active Select this option, i.e., set it to True, to retrieve scheduled reports for only active reports from the Qualys cloud.

Output

The JSON output contains a list and details such as report id , type, user login, output format, title, status etc. of all scheduled reports that are saved in the the user's Report Share storage space and retrieved from the Qualys cloud, or the list and details of specific scheduled reports based on the input parameters you have specified.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"SCHEDULE_REPORT_LIST": {
"REPORT": [
{
"OUTPUT_FORMAT": "",
"ID": "",
"ACTIVE": "",
"TITLE": "",
"TEMPLATE_TITLE": "",
"SCHEDULE": {
"DST_SELECTED": "",
"MAX_OCCURRENCE": "",
"START_HOUR": "",
"START_DATE_UTC": "",
"TIME_ZONE": {
"TIME_ZONE_DETAILS": "",
"TIME_ZONE_CODE": ""
},
"DAILY": "",
"START_MINUTE": ""
}
}
]
}
}

operation: Delete Report

Input parameters

Parameter Description
Report ID ID of a saved report that you want to delete from the user's account on the Qualys cloud.

Output

The JSON output displays a message containing the result of the Delete Report operation and details such as report ID and datetime of when this operation was performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}

Included playbooks

The Sample - Qualys - 1.0.0 playbook collection comes bundled with the Qualys connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Qualys connector.

  • Add Assets
  • Delete Report
  • Download Saved Report
  • Get Asset Group List
  • Get Asset List
  • Get Excluded Host List
  • Get Host Detection List
  • Get Option Profiles
  • Get Report List
  • Get Report Template List
  • Get Scanned Host List
  • Get Scanner Appliance
  • Get Scheduled Report List
  • Get Schedule Scan List
  • Get Virtual Host List
  • Get Vulnerability List
  • Launch Compliance Policy Report
  • Launch Compliance Report
  • Launch Host Based Findings Report
  • Launch Patch Report
  • Launch Remediation Report
  • Launch Scan Based Findings Report
  • Launch Scheduled Report
  • Launch Scorecard
  • Manage Excluded Host
  • Manage Virtual Host
  • PC - Fetch Scan
  • PC - Get Scan List
  • PC - Launch Scan
  • PC - Manage Scan
  • Update IPs
  • VM - Fetch Scan
  • VM - Get Scan List
  • VM - Launch Scan
  • VM - Manage Scan

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next

About the connector

Qualys Vulnerability Management is a cloud service that gives you immediate, global visibility into where your IT systems might be vulnerable to the latest Internet threats and how to protect them. It helps you to continuously secure your IT infrastructure and comply with internal policies and external regulations, allows you to address new security and compliance requirements, and to find and fix vulnerabilities fast before hackers can attack or compromise your system.

This document provides information about the Qualys connector, which facilitates automated interactions, with a Qualys server using FortiSOAR™ playbooks. Add the Qualys connector as a step in FortiSOAR™ playbooks and perform automated operations, such as launching compliance scans on the Qualys API server and managing virtual hosts from the Qualys API server.

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 4.11.0-1161

Qualys Version Tested on: 8.14.3.0-1

Authored By: Fortinet

Certified: Yes

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-qualys

For the detailed procedure to install a connector, click here.

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Qualys connector row, and in the Configuration tab enter the required configuration details.

Parameter Description
Server URL API Server URL of the Qualys Cloud that you want to use for API requests. This will depend on the platform where your account is located.
Username Username used to connect to the Qualys Cloud to which you will connect and perform automated operations.
Password Password used to connect to the Qualys Cloud to which you will connect and perform automated operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Add Assets Adds assets, i.e., IP addresses, to the subscription on the Qualys cloud, based on the IP addresses and other input parameters you have specified. add_ip
Investigation
Get Asset List Retrieves the list of all IP addresses that are present in the user's account on the Qualys cloud, or specific IP addresses based on the input parameters you have specified. get_ip_list
Investigation
Update Asset Updates assets, i.e., existing IP addresses, in the subscription on the Qualys cloud, based on the IP addresses and other input parameters you have specified. update_ip
Investigation
Get Asset Group List Retrieves the list and details of asset groups from Qualys based on the input parameters (filters) you have specified. get_asset_groups
Investigation
Get Host Detection List Retrieves the list of and details hosts including the hosts latest vulnerability data from Qualys, based on the automatic data available in user's account and other input parameters you have specified. get_host_detection_list
Investigation
Get Scanned Host List Retrieves the list and details of all scanned hosts that are present in the user's account on the Qualys cloud, or specific scanned hosts based on the input parameters you have specified. get_scanned_host
Investigation
Manage Virtual Host Manages a virtual host on the Qualys cloud, based on the IP addresses, actions, and other input parameters you have specified. manage_host
Investigation
Get Virtual Host List Retrieves the list and details of all virtual hosts that are present in the user's account on the Qualys cloud, or specific virtual hosts based on the input parameters you have specified. get_host_list
Investigation
Manage Excluded Host Manages an excluded host on the Qualys cloud, based on the IP addresses, actions, and other input parameters you have specified. manage_host
Investigation
Get Excluded Host List Retrieves the list and details of all excluded hosts that are present in the user's account on the Qualys cloud, or specific excluded hosts based on the input parameters you have specified. get_host_list
Investigation
Get Option Profiles Retrieves the list and details of available option profiles from the user's account on the Qualys cloud. get_option_profile
Investigation
Get Scanner Appliance Retrieves the list and details of available scanner appliances from the user's account on the Qualys cloud. get_scanner_appliance
Investigation
VM - Launch Scan Launches vulnerability scans in the user’s account on the Qualys cloud, based on the input parameters you have specified. launch_scan
Investigation
VM - Get Scan List Retrieves the list and details of all vulnerability scans that are present in the user's account on the Qualys cloud, or specific vulnerability scans based on the input parameters you have specified. get_scan_list
Investigation
VM - Fetch Scan Downloads all the vulnerability management scan results from the Qualys cloud, or specific vulnerability management scan results based on the input parameters you have specified. get_report
Investigation
VM - Manage Scan Manages a vulnerability management scan on the Qualys cloud, based on the scan reference and actions you have specified. manage_scan
Investigation
PC - Launch Scan Launches compliance scans in the user’s account on the Qualys cloud, based on the input parameters you have specified. launch_scan
Investigation
PC - Get Scan List Retrieves the list and details of all policy compliance scans that are present in the user's account on the Qualys cloud, or specific policy compliance scans based on the input parameters you have specified. get_scan_list
Investigation
PC - Fetch Scan Downloads all the compliance management scan results from the Qualys cloud, or specific compliance management scan results based on the input parameters you have specified. get_report
Investigation
PC - Manage Scan Manages a vulnerability management scan on the Qualys cloud, based on the scan reference and actions you have specified. manage_scan
Investigation
Get Schedule Scan List Retrieves the list and details of all scheduled scans present in the user's account on the Qualys cloud, or specific scheduled scans based on the input parameters you have specified. get_scan
Investigation
Get Vulnerability List Retrieves the list and details of vulnerabilities from KnowledgeBase on the Qualys cloud, based on the input parameters you have specified. search_vulnerability
Investigation
Get Report Template List Retrieves the list and details of all report templates present in the user's account on the Qualys cloud. get_template
Investigation
Launch Scheduled Report Launches a scheduled report in the user's account on the Qualys cloud, based on the scheduled report ID you have specified. launch_report
Investigation
Launch Scan Based Findings Report Launches a scan-based findings report in the user's account on the Qualys cloud, based on the scan references and other input parameters you have specified. launch_report
Investigation
Launch Host Based Findings Report Launches a host-based findings report in the user's account on the Qualys cloud, based on the input parameters you have specified. launch_report
Investigation
Launch Patch Report Launches a patch report in the user's account on the Qualys cloud, based on the input parameters you have specified. launch_report
Investigation
Launch Remediation Report Launches a remediation report in the user's account on the Qualys cloud, based on the input parameters you have specified. launch_report
Investigation
Launch Compliance Report Launches a compliance report in the user's account on the Qualys cloud, based on the input parameters you have specified. launch_report
Investigation
Launch Compliance Policy Report Launches a compliance policy report in the user's account on the Qualys cloud, based on the policy ID and other input parameters you have specified. launch_report
Investigation
Launch Scorecard Report Launches a vulnerability scorecard report in the user's report share on the Qualys cloud, based on the scorecard type and other input parameters you have specified. launch_report
Investigation
Download Saved Report Downloads a saved report in the user's account on the Qualys cloud, based on the report ID you have specified. get_report
Investigation
Get Report List Retrieves a list of reports from the user's report share on the Qualys cloud. get_report
Investigation
Get Scheduled Report List Retrieves a list of scheduled reports from the user's report share on the Qualys cloud. get_report
Investigation
Delete Report Deletes a saved report from the user's account on the Qualys cloud, based on the report ID you have specified. delete_report
Investigation

operation: Add Assets

Input parameters

Parameter Description
IPs/Ranges Hosts (IP addresses) that you want to add to the subscription on the Qualys cloud.
You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
For example, xx.xx.xx.1, xx.xx.xx.1-xx.xx.xx.10
Tracking Method (Optional) Select the tracking method used for the IP address that you want to add on the Qualys cloud.
You can choose from the following IP, DNS, or NETBIOS.
By default, this is set to IP.
Enable VM Select this option, i.e., set it to true, to enable the hosts for the VM application.
By default, this is set to False.
Enable PC Select this option, i.e., set it to true, to enable the hosts for the PC application.
By default, this is set to False.
Owner (Optional) Owner of the host asset(s).
Attribute 1 (Optional) Host attribute name that is displayed while viewing host information.
This is a user-defined field. You can define up to 3 attributes while adding an asset.
Attribute 2 (Optional) Host attribute name that is displayed while viewing host information.
This is a user-defined field. You can define up to 3 attributes while adding an asset.
Attribute 3 (Optional) Host attribute name that is displayed while viewing host information.
This is a user-defined field. You can define up to 3 attributes while adding an asset.
Comments (Optional) User-defined comments that you want to add while adding an asset.
Asset Group Title (Optional) Title of an asset group in the Unit Manager’s business unit to which the host(s) will be added.
Note: This parameter is valid and required only if the request is being made by the Unit Manager.

Output

The JSON output displays a message containing the result of the Add Assets operation and the datetime when the asset(s) were added on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": ""
}

operation: Get Asset List

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
IPs/Ranges Hosts (IP addresses) for which you want to retrieve details from the Qualys cloud.
You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
For example, xx.xx.xx.1, xx.xx.xx.1-xx.xx.xx.10
Network ID Specify the Network ID, i.e., retrieve a list for only those IP addresses that have the specified network ID from the Qualys cloud.
Note: This parameter is valid only when the Network Support feature is enabled for the user’s account.
Tracking Method Select the tracking method used, i.e., retrieve a list for only those IP addresses that have been tracked using the selected tracking method from the Qualys cloud.
You can choose from the following IP, DNS, or NETBIOS.
By default, this is set to IP.
Compliance Enabled Select this option, i.e., set it to true, to retrieve a list for only those IP addresses from the user’s account that are assigned to the Policy Compliance module on the Qualys cloud.
Clear this option, i.e., set it to false, to retrieve a list for only those IP addresses from the user’s account that are not assigned to the Policy Compliance module on the Qualys cloud. Note: This parameter is valid only when the Policy Compliance module is enabled for the user’s account.

Output

The JSON output contains a list of all available assets retrieved from the Qualys cloud or specific assets based on the input parameters you have specified.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"IP_SET": {
"IP": [],
"IP_RANGE": []
}
}

operation: Update Asset

Input parameters

Parameter Description
IPs/Ranges Hosts (IP addresses) that you want to update in the subscription on the Qualys cloud.
You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
For example, xx.xx.xx.1, xx.xx.xx.1-xx.xx.xx.10
Tracking Method (Optional) Select the tracking method used for the IP address that you want to update on the Qualys cloud.
You can choose from the following IP, DNS, or NETBIOS.
By default, this is set to IP.
Enable VM Select this option, i.e., set it to true, to enable the hosts for the VM application.
By default, this is set to False.
Enable PC Select this option, i.e., set it to true, to enable the hosts for the PC application.
By default, this is set to False.
Owner (Optional) Owner of the host asset(s).
Attribute 1 (Optional) Host attribute name that is displayed while viewing host information.
This is a user-defined field. You can define up to 3 attributes while adding an asset.
Attribute 2 (Optional) Host attribute name that is displayed while viewing host information.
This is a user-defined field. You can define up to 3 attributes while adding an asset.
Attribute 3 (Optional) Host attribute name that is displayed while viewing host information.
This is a user-defined field. You can define up to 3 attributes while adding an asset.
Comments (Optional) User-defined comments that you want to add while updating an asset.
Asset Group Title (Optional) Title of an asset group in the Unit Manager’s business unit to which the host(s) will be updated.
Note: This parameter is valid and required only if the request is being made by the Unit Manager.

Output

The JSON output displays a message containing the result of the Update Assets operation and the datetime when the asset(s) were updated on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": ""
}

operation: Get Asset Group List

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Input parameters

Parameter Description
Group IDs Group IDs based on which you want to retrieve the asset group list from the Qualys cloud.
You can enter multiple group IDs using a comma separator.
Minimum ID Retrieve only those asset groups that have an ID greater than or equal to the specified ID from the Qualys cloud.
Maximum ID Retrieve only those asset groups that have an ID lesser than or equal to the specified ID from the Qualys cloud.
Truncation Limit Maximum number of asset group records that are processed per request from the Qualys cloud.
By default, this is set to 1000 records. If you specify truncation_limit=0, the output is not paginated and all records are returned in a single output.
Network IDs Valid only when the Networks feature is enabled for your account. Network IDs based on which you want to retrieve the asset group list from the Qualys cloud.
You can enter multiple network IDs using a comma separator.
Unit ID Retrieve only those asset groups that have a business unit ID equal to the specified ID.
User ID Retrieve only those asset groups that have a user ID equal to the specified ID.
Title Retrieve only those asset groups that have a title equal to the specified string.
Note: This must be an exact match.
Show Attributes Specify the attributes that you want to retrieve for each asset group along with the ID.
You can choose from the following options:
  • All
  • ID
  • Title
  • Owner User Name
  • Owner User ID
  • Owner Unit ID
  • Last Update
  • IP Set
  • Appliance List
  • Domain List
  • Host IDs
  • Assigned User IDs
  • Assigned Unit IDs
  • Business Impact
  • Comments
Note: Select All or list of attribute names.

Output

The output contains the following populated JSON schema:
{
"DATETIME": "",
"ASSET_GROUP_LIST": {
"ASSET_GROUP": [
{
"OWNER_USER_ID": "",
"OWNER_USER_NAME": "",
"ASSIGNED_UNIT_IDS": "",
"LAST_UPDATE": "",
"ID": "",
"TITLE": "",
"BUSINESS_IMPACT": "",
"HOST_IDS": "",
"IP_SET": {
"IP": [],
"IP_RANGE": []
}
}
]
}
}

operation: Get Host Detection List

Input parameters

Note: This API is available to Express Lite users, and all the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
Host IDs Host IDs whose scan details you want to retrieve from the Qualys cloud. In this case, scan details of only those host IDs that have specified will be retrieved from the Qualys cloud.
You can enter multiple hosts using a comma separator, or you can add a range of hosts using a hyphen (-).
Minimum Host ID Minimum Host ID value based on which you want to retrieve host details from the Qualys cloud.
Maximum Host ID Maximum Host ID value based on which you want to retrieve host details from the Qualys cloud.
Use Tags Set this option as True, to include assets tags in the host details. By default, this is set to False.
If you set the Use Tags parameter as True, then you can optionally specify the following parameters:
  • Tags Include Selector: Select any (the default) to include hosts that match at least one of the selected tags. Select all to include hosts that match all of the selected tags.
  • Tags Exclude Selector: Select any (the default) to exclude hosts that match at least one of the selected tags. Select all to exclude hosts that match all of the selected tags.
  • Tag Set By: Select ID (the default) to select a tag set by providing tag IDs. Select name to select a tag set by providing tag names.
  • Tag Set Include: Specify a tag set that you want to include in the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.
  • Tag Set Exclude: Specify a tag set that you want to exclude from the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.
If you set the Use Tags parameter as False, then you can optionally specify the following parameters:
  • IPs/Ranges: Show IP addresses or a range of IP addresses You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
  • Asset Group IDs: Asset Group IDs based on which you want to launch the compliance report on the Qualys cloud. You can enter multiple IDs using a comma separator, or you can add a range of IDs using a hyphen (-).
  • Asset Group Titles: Show only hosts belonging to asset groups with certain strings in the asset group title. One or more asset group titles may be specified. Multiple entries are comma separated.
Network IDs Valid only when the Networks feature is enabled for your account. Network IDs based on which you want to retrieve the host details from the Qualys cloud. You can enter multiple network IDs using a comma separator.
VM Scan Since Retrieve host details for those hosts that have been last scanned for vulnerabilities since the datetime you have specified in this field from the Qualys cloud.
No VM Scan Since Retrieve host details for those hosts that have not been scanned from the datetime you have specified in this field from the Qualys cloud.
Max Days Since Last Vm Scan Retrieve only hosts scanned and processed in the past number of days, value of which you specify, from the Qualys cloud.
VM Processed Before Retrieve host details, from the Qualys cloud, for those hosts that have vulnerability scan results processed before the datetime you have specified in this field.
VM Processed After Retrieve host details, from the Qualys cloud, for those hosts that have vulnerability scan results processed after the datetime you have specified in this field.
VM Scan Date Before Retrieve host details, from the Qualys cloud, for those hosts that have vulnerability end date before the datetime you have specified in this field.
VM Scan Date After Retrieve host details, from the Qualys cloud, for those hosts that have vulnerability end date after the datetime you have specified in this field.
Vm Auth Scan Date Before Retrieve host details, from the Qualys cloud, which have a successful authenticated vulnerability scan end date before a the date and time you have specified.
Vm Auth Scan Date After Retrieve host details, from the Qualys cloud, which have a successful authenticated vulnerability scan end date after a the date and time you have specified
Status Retrieve host details, from the Qualys cloud, which have one or more of these status values: New, Active, Re-Opened, Fixed.
You can enter multiple status values using a comma separator.
Compliance Enabled Select one of the following options: List hosts which are assigned to Policy Compliance Module List hosts which are not assigned to Policy Compliance Module
OS Pattern Retrieve host details, from the Qualys cloud, which have an operating system that matches the regular expression that you have specified in this field.
For example,^Win.*64+bit.*Service+Pack+1 or ^Windows
QIDs Retrieve host detection records, from the Qualys cloud, based on the QIDs you have specified.
You must enter valid QIDs and you can enter multiple QIDs using a comma separator, or you can add a range of QIDs using a hyphen (-), for example, 68518-68522.
Severity Level Retrieve host details, from the Qualys cloud, which have one or more of these severity values: 1-Minimal, 2-Medium, 3-Serious, 4-Critical-Standard, or 5-Urgent.
Show Information Gathered Select one of the options below:
  • Show Detection Records with Information
  • Gathered Hide Detection Record's Information Gathered
Note: If you do not selected any option this information will not be shown.
Search List By Show detection records based on following:
  • IDs: When you specify IDs as a search list, you can mention the following optional parameters:
    • Include Search List IDs: Show detection records only when a record’s QID is included in one or more of the specified search list titles. One or more IDs may be specified. A range is specified with a dash (for example, 10-15). Multiple entries are comma separated You cannot specify this parameter with This cannot be specified with QIDs, Severities or Include Search List Titles.
    • Exclude Search List IDs: Show detection records only when a record’s QID is excluded from one or more of the specified search list titles. One or more IDs may be specified. A range is specified with a dash (for example, 40-42). Multiple entries are comma separated. This cannot be specified with QIDs, Severities or Exclude Search List Titles.
  • Titles: When you specify Titles as a search list, you can mention the following optional parameters:
    • Include Search List Titles: Show detection records only when a record’s QID is included in one or more of the specified search list titles. One or more titles may be specified. Multiple titles are comma separated This cannot be specified with QIDs, Severities or Include Search List IDs.
    • Exclude Search List Titles: (Optional) Show detection records only when a record’s QID is excluded from one or more of the specified search list titles. One or more titles may be specified. Multiple titles are comma separated. This cannot be specified with QIDs, Severities or Exclude Search List IDs.
Show Results Select this option, i.e, set it True (default) to include results in the output.
Show Reopened Information Select this option, i.e, set it True to include reopened information, i.e., first/last reopened date, times reopened etc. When this option is not selected, i.e., set to False (default) reopened information for reopened vulnerabilities is not included in the output.
Kernel Filter Filter for identifying vulnerabilities found on running or non-running Linux kernels. You can choose from the following options:
  • 0-Vulnerabilities are not filtered based on kernel activity
  • 1-Exclude kernel related vulnerabilities that are not exploitable (found on non-running kernels)
  • 2-Include kernel related vulnerabilities that are not exploitable (found on non-running kernels)
  • 3-Include kernel related vulnerabilities that are exploitable (found on running kernels)
  • 4-Include kernel related vulnerabilities
Service Filter Filter for identifying vulnerabilities found on running or non-running ports/services. You can choose from the following options:
  • 0-Vulnerabilities are not filtered based on running ports/services
  • 1-Exclude service related vulnerabilities that are not exploitable (found on non-running ports/services)
  • 2-Include service related vulnerabilities that are not exploitable (found on non-running ports/services)
  • 3-Include exploitable service related vulnerabilities (found on running ports/services)
  • 4-Include service related vulnerabilities
Configuration Filter Filter for identifying vulnerabilities that might or might not be exploitable due to the current host configuration. You can choose from the following options:
  • 0- Vulnerabilities are not filtered based on host configuration
  • 1-Exclude vulnerabilities not exploitable due to host configuration
  • 2-Include config related vulnerabilities that are not exploitable
  • 3-Include config related vulnerabilities that are exploitable
  • 4-Include config related vulnerabilities
Output Format Format of the host detection list output retrieved from Qualys. When you do not specify the output format, then the default output format is XML. Forllowing are valid output format values: XML, CSV, or CSV_No_Metadata.
Suppress Duplicated Data From CSV Clear this option, i.e., set it to False (default) to repeat host details in each line of detection information in the CSV output. When this option is selected, i.e., set to True, host details will not be repeated (suppressed) in each detection line.
You must specify this parameter only if the output format is selected as CSV, or CSV_No_Metadata.
Truncation Limit Maximum number of host records that are processed per request from the Qualys cloud. By default, this is set to 1000 records. You can specify a value less than the default (1-999), or greater than the default (1001-1000000).
Maximum Days Since Detection Updated Retrieve only those detections from Qualys whose detection status hs changed since some maximum number of days you specify. For detections that have never changed, the maximum number of days is applied as the last detection date.
Detection Updated Since Retrieve only those detections from Qualys whose detection status has changed after the date and time you have specified. For detections that have never changed the date is applied as the last detection date.
Detection Updated Before Retrieve only those detections from Qualys whose detection status has changed before the date and time you have specified.
Dectection Processed Before Retrieve only those detections from Qualys whose vulnerability scan results are processed before the date and time you have specified.
Dectection Processed After Retrieve only those detections from Qualys whose vulnerability scan results are processed after the date and time you have specified.
Download Result As an Attachment Select this option, i.e., set it to True to add detections with vulnerability scan results in a file and add it as an attachment in FortiSOAR™. Clear this option, i.e., set it to False (default) to include detections with vulnerability scan results in the connector output.

Output

The output contains a non-dictionary value.

operation: Get Scanned Host List

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
Truncation Limit Specify the maximum number of scanned host records that are processed per request.
If you do not specify the truncation limit, then this limit is set to 1000 host records. You can specify a value less than the default (1-999), or greater than the default (1001-1000000).
Details Choose the amount of host information you want to retrieve for each host from the Qualys cloud.
You can choose from the following values:
  • Basic (Default): Retrieves basic host information that includes the host ID, IP address, tracking method, DNS and NetBIOS hostnames, and operating system, from the Qualys cloud.
  • Basic/AGs: Retrieves basic host information plus asset group information, which includes asset group ID and title, from the Qualys cloud.
  • All: Retrieves all host information that includes the basic host information plus the last vulnerability and compliance scan dates, from the Qualys cloud.
  • All/AGs: Retrieves all host information plus asset group information, which includes asset group ID and title, from the Qualys cloud.
  • None: Retrieves only the host IDs from the Qualys cloud.
IPs/Ranges Hosts (IP addresses) for which you want to retrieve scanned host details from the Qualys cloud.
You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
For example, xx.xx.xx.1, xx.xx.xx.1-xx.xx.xx.10
Host IDs Host IDs whose scan details you want to retrieve from the Qualys cloud. In this case, scan details of only those host IDs that have specified will be retrieved from the Qualys cloud.
You can enter multiple hosts using a comma separator, or you can add a range of hosts using a hyphen (-).
Asset Group IDs Asset Group IDs whose host scan details you want to retrieve from the Qualys cloud. In this case, scan details of only those hosts that are part of the Asset Groups that have specified will be retrieved from the Qualys cloud.
You can enter multiple IDs using a comma separator, or you can add a range of IDs using a hyphen (-). You can specify either the Asset Group IDs or the Asset Group titles but not both.
Asset Group Titles Asset Groups whose host scan details you want to retrieve from the Qualys cloud. In this case, scan details of only those hosts that are part of the Asset Groups that have specified and which contain certain strings in the asset group title will be retrieved from the Qualys cloud.
You can enter multiple entries using a comma separator. You can specify either the Asset Group IDs or the Asset Group titles but not both.
Minimum Host ID Minimum Host ID value based on which you want to retrieve host scan details from the Qualys cloud.
Maximum Host ID Maximum Host ID value based on which you want to retrieve host scan details from the Qualys cloud.
Network ID Specify the Network ID, i.e., retrieves a list for only scanned hosts that have the specified network ID from the Qualys cloud.
Note: This parameter is valid only when the Network Support feature is enabled for the user’s account.
No VM Scan Since Retrieve scan details for those hosts that have not been scanned from the datetime you have specified in this field from the Qualys cloud.
No Compliance Scan Since Retrieve scan details for those hosts that have not been scanned for compliance from the datetime you have specified in this field from the Qualys cloud.
VM Scan Since Retrieve scan details for those hosts that have been last scanned for vulnerabilities since the datetime you have specified in this field from the Qualys cloud.
Compliance Scan Since Retrieve scan details for those hosts that have been last scanned for compliance since the datetime you have specified in this field from the Qualys cloud.
VM Processed Before Retrieve scan details for those hosts that have vulnerability scan results processed before the datetime you have specified in this field from the Qualys cloud.
VM Processed After Retrieve scan details for those hosts that have vulnerability scan results processed after the datetime you have specified in this field from the Qualys cloud.
VM Scan Date Before Retrieve scan details for those hosts that have their vulnerability scan end date before the datetime you have specified in this field from the Qualys cloud.
VM Scan Date After Retrieve scan details for those hosts that have their vulnerability scan end date after the datetime you have specified in this field from the Qualys cloud.
OS Pattern Retrieve scan details for those hosts that have an operating system matching the regular expression, which you have specified in this field, from the Qualys cloud.

Output

The JSON output contains a list and details of all scanned hosts retrieved from the Qualys cloud or specific scanned hosts based on the input parameters you have specified.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"GLOSSARY": {
"USER_DEF": {
"LABEL_1": "",
"LABEL_3": "",
"LABEL_2": ""
},
"ASSET_GROUP_LIST": {
"ASSET_GROUP": [
{
"TITLE": "",
"ID": ""
}
]
},
"USER_LIST": {
"USER": {
"USER_LOGIN": "",
"LAST_NAME": "",
"FIRST_NAME": ""
}
}
},
"HOST_LIST": {
"HOST": [
{
"IP": "",
"OWNER": "",
"TRACKING_METHOD": "",
"NETBIOS": "",
"ID": "",
"LAST_VM_SCANNED_DURATION": "",
"USER_DEF": {
"VALUE_3": "",
"VALUE_2": "",
"VALUE_1": ""
},
"LAST_VULN_SCAN_DATETIME": "",
"OS": "",
"DNS": "",
"COMMENTS": "",
"LAST_VM_SCANNED_DATE": "",
"LAST_COMPLIANCE_SCAN_DATETIME": ""
}
]
}
}

operation: Manage Virtual Host

Input parameters

Parameter Description
Action Action that you want to perform on the virtual host on the Qualys cloud.
You must choose one of the following actions:
  • Create: Creates a virtual host on the Qualys cloud.
  • Update: Update or edit an existing virtual host on the Qualys cloud.
  • Delete: Deletes a virtual host from the Qualys cloud.
  • Add FQDN: Adds one or more FQDNs to an existing virtual host on the Qualys cloud.
  • Delete FQDN: Removes one or more FQDNs from an existing virtual host on the Qualys cloud.
IP Address IP address that you will use for virtual host configuration on the Qualys cloud.
Fully Qualified Domain Name One or more FQDNs that you will use for virtual host configuration on the Qualys cloud.
Note: You must fill this field for all actions, except the Delete action.

Output

The JSON output displays a message containing the result and item details of the Manage Virtual Host operation and the datetime when the actions that you specified for managing the virtual host were performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": ""
}

operation: Get Virtual Host List

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
IP Address Retrieve details only for those hosts that have the IP address that you have specified in this field from the Qualys cloud.
Port Retrieve details only for those hosts that have the port that you have specified in this field from the Qualys cloud.

Output

The JSON output contains a list and details of all virtual hosts for the user's account retrieved from the Qualys cloud or the list and details of specific virtual hosts based on the input parameters you have specified.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"VIRTUAL_HOST_LIST": {
"VIRTUAL_HOST": [
{
"IP": "",
"FQDN": "",
"PORT": ""
}
]
}
}

operation: Manage Excluded Host

Input parameters

Parameter Description
Action Action that you want to perform on the excluded host on the Qualys cloud.
You must choose one of the following actions:
  • Add: Adds IP addresses to your excluded IPs list on the Qualys cloud.
  • Remove: Removes IP addresses from your excluded IPs list on the Qualys cloud.
  • Remove All: Removes all IP addresses from your excluded IPs list on the Qualys cloud.
IPs/Ranges IP addresses that you want to add or remove from your excluded IPs list on the Qualys cloud.
You can enter multiple IP addresses using a comma separator.
Comments User-defined notes that you want to add while managing excluded hosts on the Qualys cloud.
Network ID (Optional)Specify a Network ID that is assigned to the IPs being removed from the excluded IPs list. By default, the user’s default network ID is assigned.
Note: This parameter is valid when the user making the request has access to more than one network.

Output

The JSON output displays a message containing the result and item details of the Manage Excluded Host operation and the datetime when the actions that you specified for managing the excluded host were performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": [
{
"KEY": "",
"VALUE": ""
}
]
}
}

operation: Get Excluded Host List

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
IPs/Ranges Retrieve the list of only for those excluded IP address(es) that you have specified in this field from the Qualys cloud.
If you do not specify any IP addresses, then all excluded IP addresses and IP ranges are retrieved from the Qualys cloud.
You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
Network ID Retrieve the list of only for those excluded IP address(es) that belong to the Network ID that you have specified in this field from the Qualys cloud.
Note: This parameter is valid only when the Network Support feature is enabled for the user’s account.

Output

The JSON output contains a list of all excluded hosts for the user's account retrieved from the Qualys cloud or the list of specific excluded hosts based on the input parameters you have specified.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"IP_SET": {
"IP": []
}
}

operation: Get Option Profiles

Input parameters

None.

Output

The JSON output contains a list of all available option profiles and their details like basic info, map, scan, etc., retrieved from the Qualys cloud.

The output contains the following populated JSON schema:
{
"OPTION_PROFILE": [
{
"BASIC_INFO": {
"ID": "",
"GROUP_NAME": "",
"GROUP_TYPE": "",
"USER_ID": "",
"UNIT_ID": "",
"SUBSCRIPTION_ID": "",
"IS_DEFAULT": "",
"IS_GLOBAL": "",
"IS_OFFLINE_SYNCABLE": "",
"UPDATE_DATE": ""
},
"SCAN": {
"PORTS": {
"TCP_PORTS": {
"TCP_PORTS_TYPE": "",
"THREE_WAY_HANDSHAKE": ""
},
"UDP_PORTS": {
"UDP_PORTS_TYPE": ""
},
"AUTHORITATIVE_OPTION": ""
},
"SCAN_DEAD_HOSTS": "",
"PERFORMANCE": {
"PARALLEL_SCALING": "",
"OVERALL_PERFORMANCE": "",
"HOSTS_TO_SCAN": {
"EXTERNAL_SCANNERS": "",
"SCANNER_APPLIANCES": ""
},
"PROCESSES_TO_RUN": {
"TOTAL_PROCESSES": "",
"HTTP_PROCESSES": ""
},
"PACKET_DELAY": "",
"PORT_SCANNING_AND_HOST_DISCOVERY": ""
},
"LOAD_BALANCER_DETECTION": "",
"VULNERABILITY_DETECTION": {
"COMPLETE": "",
"DETECTION_INCLUDE": {
"BASIC_HOST_INFO_CHECKS": "",
"OVAL_CHECKS": ""
}
},
"AUTHENTICATION": "",
"ADDL_CERT_DETECTION": ""
},
"MAP": {
"BASIC_INFO_GATHERING_ON": "",
"TCP_PORTS": {
"TCP_PORTS_STANDARD_SCAN": ""
},
"MAP_OPTIONS": {
"PERFORM_LIVE_HOST_SWEEP": "",
"DISABLE_DNS_TRAFFIC": ""
},
"MAP_PERFORMANCE": {
"OVERALL_PERFORMANCE": "",
"MAP_PARALLEL": {
"EXTERNAL_SCANNERS": "",
"SCANNER_APPLIANCES": "",
"NETBLOCK_SIZE": ""
},
"PACKET_DELAY": ""
},
"MAP_AUTHENTICATION": ""
},
"ADDITIONAL": {
"HOST_DISCOVERY": {
"TCP_PORTS": {
"STANDARD_SCAN": ""
},
"UDP_PORTS": {
"STANDARD_SCAN": ""
},
"ICMP": ""
},
"PACKET_OPTIONS": {
"IGNORE_FIREWALL_GENERATED_TCP_RST": "",
"IGNORE_ALL_TCP_RST": "",
"IGNORE_FIREWALL_GENERATED_TCP_SYN_ACK": "",
"NOT_SEND_TCP_ACK_OR_SYN_ACK_DURING_HOST_DISCOVERY": ""
}
}
}
]
}

operation: Get Scanner Appliance

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
Output Mode Amount of detail to be retrieved from Qualys for each scanner appliance in the output. You can select from the following options:
  • Brief (default): Includes this information for each appliance: appliance ID, friendly name, software version, the number of running scans, and heartbeat check status (online or offline)
  • Full : includes the full appliance information, including the same details available in the Qualys user interface If you choose Full, then you can optionally specify the following parameters:
    • Show Tags: Select this option, i.e., set it to True (default) to include asset tag information for each scanner appliance in the output.
    • Type: Select one of the following scanner appliance types: Physical, Virtual, or Offline.
    • Include Cloud Info: Select this option, i.e., set it to True, to include cloud information in the output for virtual scanner appliances deployed on cloud platforms. For example, Amazon EC2, Microsoft Azure Cloud Platform, or Google Cloud Platform. Clear this option, i.e., set it to False (default) to exclude cloud information.
Scan Detail Select this option, i.e., set it to True to include scan details for scans currently running on the scanner appliance. Clear this option, i.e., set it to False (default) to exclude scan details.
Scan detail includes scan ID, title, scan reference, scan type, and scan date.
Busy If you do not select any of the following options, then all scanner appliances in the user account will be retrieved from Qualys:
  • Show appliances which are not currently running scans
  • (Default) Show appliances which are currently running scan
Scan Reference Scan reference code based on which you to retrieve the scanner appliances that are running a particular scan on Qualys. You can enter a valid scan reference code for a currently running scan.
Name Name based on which you want to retrieve the list of scanner appliances (physical and virtual) from Qualys. If you specify a name, then this operation will return only those scanner appliances that have names matching the string that you have specified.
IDs IDs based on which you want to retrieve the list of scanner appliances (physical and virtual) from Qualys. If you specify IDs, then this operation will return only those scanner appliances that have IDs matching the IDs that you have specified. You can specify multiple IDs using a comma separator.
Include License Information Select this option, i.e., set it to True to include virtual scanner license information. Clear this option, i.e., set it to False (default) to exclude virtual scanner license information.
License information includes the number of licenses you have and the number of licenses you have used.

Output

The output contains the following populated JSON schema:
{
"DATETIME": "",
"APPLIANCE_LIST": {
"APPLIANCE": [
{
"PROXY_SETTINGS": {
"PROXY": {
"IP_ADDRESS": "",
"USER": "",
"PORT": ""
},
"SETTING": ""
},
"USER_LOGIN": "",
"ML_LATEST": "",
"ID": "",
"UPDATED": "",
"STATUS": "",
"SS_LAST_CONNECTED": "",
"SOFTWARE_VERSION": "",
"ASSET_TAGS_LIST": {
"ASSET_TAG": [
{
"NAME": "",
"UUID": ""
}
]
},
"LAST_UPDATED_DATE": "",
"NAME": "",
"VULNSIGS_VERSION": "",
"COMMENTS": "",
"ML_VERSION": "",
"ASSET_GROUP_COUNT": "",
"MODEL_NUMBER": "",
"ACTIVATION_CODE": "",
"RUNNING_SCANS": {
"SCAN": {
"REF": "",
"TITLE": "",
"SCAN_DATE": "",
"TYPE": "",
"ID": ""
}
},
"MAX_CAPACITY_UNITS": "",
"HEARTBEATS_MISSED": "",
"UUID": "",
"TYPE": "",
"RUNNING_SCAN_COUNT": "",
"SS_CONNECTION": "",
"RUNNING_SLICES_COUNT": "",
"USER_LIST": "",
"POLLING_INTERVAL": "",
"VULNSIGS_LATEST": "",
"SERIAL_NUMBER": "",
"INTERFACE_SETTINGS": [
{
"IP_ADDRESS": "",
"SPEED": "",
"GATEWAY": "",
"NETMASK": "",
"DNS": {
"DOMAIN": "",
"SECONDARY": "",
"PRIMARY": ""
},
"LEASE": "",
"DUPLEX": "",
"INTERFACE": ""
},
{
"IP_ADDRESS": "",
"SPEED": "",
"GATEWAY": "",
"NETMASK": "",
"DNS": {
"SECONDARY": "",
"PRIMARY": ""
},
"LEASE": "",
"DUPLEX": "",
"SETTING": "",
"INTERFACE": ""
}
],
"ASSET_GROUP_LIST": {
"ASSET_GROUP": {
"NAME": "",
"ID": ""
}
}
}
]
}
}

operation: VM - Launch Scan

Input parameters

Parameter Description
Scan Title (Optional) Title of the vulnerability scan that you want to run on the Qualys cloud.
Option Profile Option based on which you want to run the vulnerability scan on the Qualys cloud.
You must select Option ID or Option Title.
  • Option ID: ID of option profile to be used for launching the scan that you want to run on the Qualys cloud.
  • Option Title: Title of option profile to be used for launching the scan that you want to run on the Qualys cloud.
Scanner Appliance Scanner Appliance that you want to use for the vulnerability scan that you want to run on the Qualys cloud.
You must select Scanner ID or Scanner Name.
  • Scanner ID: IDs of the scanner appliances to be used for launching the scan that you want to run on the Qualys cloud. You can enter multiple IDs using a comma separator.
  • Scanner Name: Friendly names of the scanner appliances to be used for launching the scan that you want to run on the Qualys cloud. Specify External for external scanners. You can enter multiple names using a comma separator.
Processing Priority (Optional) Processing priority level for the vulnerability scan that you want to run on the Qualys cloud. You can select any value between 0-9. If you do not choose any value, then the value of 0, i.e. no priority is assigned
You can select from one of the following values:
  • 0: No Priority (default value)
  • 1: Emergency
  • 2: Ultimate
  • 3: Critical
  • 4: Major
  • 5: High
  • 6: Standard
  • 7: Medium
  • 8: Minor
  • 9: Low
Runtime Http Header (Optional) Sets a custom value in order to drop defenses (such as logging, IPs, etc.) when an authorized scan is being run. The value you enter will be used in the “Qualys-Scan:” header that will be set for many CGI and web application fingerprinting checks. Some discovery and web server fingerprinting checks will not use this header.
Default Scanner (Optional) Select this option, i.e., set it to True, if you want to use the default scanner in each target asset group for the scan that you want to run on the Qualys cloud.
IP Network ID (Optional) ID of a network used to filter the IP addresses or IP ranges specified in the IPs/Ranges parameter. Specify a custom network ID, or specify 0, which is the default for the Global Default Network - this is used to scan hosts outside of your custom networks.
Note: This parameter is valid only when the Network Support feature is enabled for the user’s account
Target From Targets on which you want to run the vulnerability scan on the Qualys cloud.
You must select Assets or Tags.
  • Assets: Specify the IP addresses/ranges and/or asset groups that you want to scan on the Qualys cloud.
  • Tags: Specify the asset tags based on which you want to run the scan on the Qualys cloud.
Note: Based on the Target that you choose, you might require to specify other parameters.If you choose Assets, then you can optionally specify the following parameters:
  • IPs/Ranges: IP addresses on which you want to run the compliance scan on the Qualys cloud. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
  • Asset Group IDs: IDs of the asset groups in which you want to run the compliance scan on the Qualys cloud. You can enter multiple asset group IDs using a comma separator. You can specify either the Asset Group IDs or the Asset Groups but not both.
  • Asset Group: Titles of the asset groups on which you want to run the compliance scan on the Qualys cloud. You can enter multiple asset titles using a comma separator. You can specify either the Asset Group IDs or the Asset Groups but not both.
  • Exclude IP per scan: IP addresses that you want to exclude from the compliance scan on the Qualys cloud. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
If you choose Tags, then you can optionally specify the following parameters:
  • Tags Include Selector: Select any (the default) to include hosts that match at least one of the selected tags. Select all to include hosts that match all of the selected tags.
  • Tags Exclude Selector: Select any (the default) to exclude hosts that match at least one of the selected tags. Select all to exclude hosts that match all of the selected tags.
  • Tag Set By: Select id (the default) to select a tag set by providing tag IDs. Select name to select a tag set by providing tag names. This is valid only when the Use Tags parameter is set to True.
  • Tag Set Include: Specify a tag set that you want to include in the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.
  • Tag Set Exclude: Specify a tag set that you want to exclude from the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.
  • Use IP Not in Range Tags: Select this option, i.e., set it to True to scan all IP addresses defined in tags. Clear this option, i.e, set to False (the default) to select from all tags (tags with any tag rule).
  • Scanners In Target: Select this option, i.e., set it to True to distribute the scan to scanner appliances that match the asset tags specified for the scan target. By default, this is set to False.

Output

The JSON output displays a message containing the result of the VM - Launch Scan operation and the item details such as scan reference number and scan ID of the scan performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": [
{
"KEY": "",
"VALUE": ""
}
]
}
}

operation: VM - Get Scan List

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
Scan Reference Scan Reference for which you want to retrieve vulnerability scan details from the Qualys cloud.
For a vulnerability scan, the format is: scan/987659876.19876
State Scan state(s) for which you want to retrieve vulnerability scan details from the Qualys cloud.
Select one or more scan states from the available options: Running, Paused, Canceled, Finished, Error, Queued (scan job is waiting to be distributed to scanner(s), or Loading (scanner(s) are finished, and scan results are being loaded onto the platform).
Type Type of scan or which you want to retrieve vulnerability scan details from the Qualys cloud.
You can select one of the following options: On Demand, Scheduled, or API.
Target IPs IP addresses whose vulnerability scan details you want to retrieve from the Qualys cloud.
You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
User Login Vulnerability scan details will be retrieved from the Qualys cloud based on the user login that you specify in this field.
Launched After Datetime Retrieve vulnerability scan details for all vulnerability scans that were launched after the datetime you have specified in this field from the Qualys cloud.
Launched Before Datetime Retrieve vulnerability scan details for all vulnerability scans that were launched before the datetime you have specified in this field from the Qualys cloud.
Processed Process state(s) of the vulnerability scans whose details you want to retrieve from the Qualys cloud.
You can select Show only Processed scans or Show scans that are not Processed scans. If you do not specify any option, then the scan list output is not filtered based on the processed state.
Show Asset Group Information Select this option, i.e., set it to True, to include asset group information for each vulnerability scan in the output.
By default, this is set to False, and the asset group information is not included in the output.
Show Option Profile Information Select this option, i.e., set it to True, to include option profile information for each vulnerability scan in the output.
By default, this is set to False, and the option profile information is not included in the output.
Show Scan Status Select this option, i.e., set it to True, to include the status information for each vulnerability scan in the output.
By default, this is set to True.
Show Most Recent Scan Select this option, i.e., set it to True, to include only the most recent vulnerability scan (which meets all other search filters in the request) information in the output.
By default, this is set to False, and all vulnerability scans are included in the output.

Output

The JSON output contains a list of all vulnerability scans and their details such as user login, title, duration, option profile details, etc., for the user's account retrieved from the Qualys cloud, or the list and details of specific vulnerability scans based on the input parameters you have specified.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"SCAN_LIST": {
"SCAN": [
{
"USER_LOGIN": "",
"TARGET": "",
"LAUNCH_DATETIME": "",
"PROCESSING_PRIORITY": "",
"REF": "",
"TITLE": "",
"STATUS": {
"SUB_STATE": "",
"STATE": ""
},
"DURATION": "",
"TYPE": "",
"PROCESSED": ""
}
]
}
}

operation: VM - Fetch Scan

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
Scan Reference Scan Reference for which you want to retrieve vulnerability management scan results from the Qualys cloud.
Format for this field is: scan/987659876.19876
IPs/Ranges IP addresses whose vulnerability management scan results you want to retrieve from the Qualys cloud.
You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
Mode Mode based on which information of the vulnerability management scan results will be retrieved from the Qualys cloud.
You can enter choose from the following options:
Brief: This is the default option, and it includes the IP address, DNS hostname, NetBIOS hostname, QID and scan test results if applicable.
Extended: Includes the brief output plus following extended information: protocol, port, an SSL flag (“yes” is returned when SSL was used for the detection, “no” is returned when SSL was not used), and FQDN if applicable.

Output

The JSON output contains details of the of the attached file.

The output contains the following populated JSON schema:
{
"@type": "",
"id": "",
"createDate": "",
"file": {
"@type": "",
"size": "",
"filename": "",
"metadata": "",
"file": {
"@type": ""
},
"uploadDate": "",
"@context": "",
"mimeType": "",
"owners": "",
"@id": ""
},
"type": "",
"modifyDate": "",
"@context": "",
"@id": "",
"name": "",
"description": "",
"createUser": {
"@type": "",
"createUser": "",
"createDate": "",
"userId": "",
"modifyDate": "",
"modifyUser": "",
"@id": "",
"name": "",
"@settings": "",
"avatar": "",
"id": "",
"userType": ""
},
"modifyUser": {
"@type": "",
"createUser": "",
"createDate": "",
"userId": "",
"modifyDate": "",
"modifyUser": "",
"@id": "",
"name": "",
"@settings": "",
"avatar": "",
"id": "",
"userType": ""
}
}

operation: VM - Manage Scan

Input parameters

Parameter Description
Action Action that you want to perform on the vulnerability scan that you want to manage on the Qualys cloud.
You must choose one of the following actions:
  • Cancel: Stops a vulnerability scan that is in progress on the Qualys cloud.
  • Pause: Stops a vulnerability scan that is in progress on the Qualys cloud and changes its status to Paused.
  • Resume: Restarts a vulnerability scan that has been paused on the Qualys cloud.
  • Delete: Deletes a vulnerability scan from your user account on the Qualys cloud.
Scan Reference Reference of the vulnerability scan that you want to manage, i.e., on which you want to perform the specified action on the Qualys cloud.
Format for this field is: scan/987659876.19876

Output

The JSON output displays a message containing the result of the VM - Manage Scan operation and the item details of the action performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": [
{
"KEY": "",
"VALUE": ""
}
]
}
}

operation: PC - Launch Scan

Input parameters

Parameter Description
Scan Title (Optional) Title of the compliance scan that you want to run on the Qualys cloud.
Option Profile Option based on which you want to run the compliance scan on the Qualys cloud.
You must select Option ID or Option Title.
  • Option ID: ID of option profile to be used for launching the scan that you want to run on the Qualys cloud.
  • Option Title: Title of option profile to be used for launching the scan that you want to run on the Qualys cloud.
Scanner Appliance Scanner Appliance that you want to use for the compliance scan that you want to run on the Qualys cloud.
You must select Scanner ID or Scanner Name.
  • Scanner ID: IDs of the scanner appliances to be used for launching the scan that you want to run on the Qualys cloud. You can enter multiple IDs using a comma separator.
  • Scanner Name: Friendly names of the scanner appliances to be used for launching the scan that you want to run on the Qualys cloud. Specify External for an external scanner. You can enter multiple names using a comma separator.
Runtime Http Header (Optional) Sets a custom value in order to drop defenses (such as logging, IPs, etc.) when an authorized scan is being run. The value you enter will be used in the “Qualys-Scan:” header that will be set for many CGI and web application fingerprinting checks. Some discovery and web server fingerprinting checks will not use this header.
Default Scanner (Optional) Select this option, i.e., set it to True, if you want to use the default scanner in each target asset group for the scan that you want to run on the Qualys cloud.
IP Network ID (Optional) ID of a network used to filter the IP addresses or IP ranges specified in the IPs/Ranges parameter. Specify a custom network ID, or specify 0, which is the default for the Global Default Network - this is used to scan hosts outside of your custom networks.
Note: This parameter is valid only when the Network Support feature is enabled for the user’s account
Target From Targets on which you want to run the compliance scan on the Qualys cloud.
You must select Assets or Tags.
  • Assets: Specify the IP addresses/ranges and/or asset groups that you want to scan on the Qualys cloud.
  • Tags: Specify the asset tags based on which you want to run the scan on the Qualys cloud.
Note: Based on the Target that you choose, you might require to specify other parameters.If you choose Assets, then you can optionally specify the following parameters:
  • IPs/Ranges: IP addresses on which you want to run the compliance scan on the Qualys cloud. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
  • Asset Group IDs: IDs of the asset groups on which you want to run the compliance scan on the Qualys cloud. You can enter multiple asset group IDs using a comma separator. You can specify either the Asset Group IDs or the Asset Groups but not both.
  • Asset Group: Titles of the asset groups on which you want to run the compliance scan on the Qualys cloud. You can enter multiple asset titles using a comma separator. You can specify either the Asset Group IDs or the Asset Groups but not both.
  • Exclude IP per scan: IP addresses that you want to exclude from the compliance scan on the Qualys cloud. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
If you choose Tags, then you can optionally specify the following parameters:
  • Tags Include Selector: Select any (the default) to include hosts that match at least one of the selected tags. Select all to include hosts that match all of the selected tags.
  • Tags Exclude Selector: Select any (the default) to exclude hosts that match at least one of the selected tags. Select all to exclude hosts that match all of the selected tags.
  • Tag Set By: Select id (the default) to select a tag set by providing tag IDs. Select name to select a tag set by providing tag names. This is valid only when the Use Tags parameter is set to True.
  • Tag Set Include: Specify a tag set that you want to include in the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.
  • Tag Set Exclude: Specify a tag set that you want to exclude from the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.
  • Use IP Not in Range Tags: Select this option, i.e., set it to True to scan all IP addresses defined in tags. Clear this option, i.e., set to False (the default) to select from all tags (tags with any tag rule).
  • Scanners In Target: Select this option, i.e., set it to True to distribute the scan to scanner appliances that match the asset tags specified for the scan target. By default, this is set to False.

Output

The JSON output displays a message containing the result of the PC - Launch Scan operation and the item details such as scan reference number and scan ID of the scan performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": [
{
"KEY": "",
"VALUE": ""
}
]
}
}

operation: PC - Get Scan List

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
Scan ID ID of the scan for which you want to retrieve compliance scan details from the Qualys cloud.
Scan Reference Scan Reference for which you want to retrieve compliance scan details from the Qualys cloud.
For a vulnerability scan, the format is: scan/987659876.19876
For a compliance scan, the format is: compliance/98765456.12345
For a SCAP scan, the format is: qscap/987659999.22222
State Scan state(s) for which you want to retrieve compliance scan details from the Qualys cloud.
Select one or more scan states from the available options: Running, Paused, Canceled, Finished, Error, Queued (scan job is waiting to be distributed to scanner(s), or Loading (scanner(s) are finished, and scan results are being loaded onto the platform).
Type Type of scan or which you want to retrieve compliance scan details from the Qualys cloud.
You can select one of the following options: On Demand, Scheduled, or API.
Target IPs IP addresses whose compliance scan details you want to retrieve from the Qualys cloud.
You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
User Login Compliance scan details will be retrieved from the Qualys cloud based on the user login that you specify in this field.
Launched After Datetime Retrieve compliance scan details for all vulnerability scans that were launched after the datetime you have specified in this field from the Qualys cloud.
Launched Before Datetime Retrieve compliance scan details for all vulnerability scans that were launched before the datetime you have specified in this field from the Qualys cloud.
Processed Process state(s) of the compliance scans whose details you want to retrieve from the Qualys cloud.
You can select Show only Processed scans or Show scans that are not Processed scans. If you do not specify any option, then the scan list output is not filtered based on the processed state.
Show Asset Group Information Select this option, i.e., set it to True, to include asset group information for each compliance scan in the output.
By default, this is set to False, and the asset group information is not included in the output.
Show Option Profile Information Select this option, i.e., set it to True, to include option profile information for each compliance scan in the output.
By default, this is set to False, and the option profile information is not included in the output.
Show Scan Status Select this option, i.e., set it to True, to include the status information for each compliance scan in the output.
By default, this is set to True.
Show Most Recent Scan Select this option, i.e., set it to True, to include only the most recent compliance scan (which meets all other search filters in the request) information in the output.
By default, this is set to False, and all vulnerability scans are included in the output.

Output

The JSON output contains a list of all compliance scans and their details such as user login, title, duration, option profile details, etc., for the user's account retrieved from the Qualys cloud, or the list and details of specific compliance scans based on the input parameters you have specified.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"SCAN_LIST": {
"SCAN": [
{
"USER_LOGIN": "",
"ID": "",
"OPTION_PROFILE": {
"TITLE": "",
"DEFAULT_FLAG": ""
},
"TITLE": "",
"STATUS": {
"STATE": ""
},
"DURATION": "",
"TYPE": "",
"PROCESSED": "",
"TARGET": "",
"REF": "",
"LAUNCH_DATETIME": "",
"ASSET_GROUP_TITLE_LIST": {
"ASSET_GROUP_TITLE": ""
}
}
]
}
}

operation: PC - Fetch Scan

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
Scan Reference Reference of the scan for which you want to download compliance management scan results from the Qualys cloud.
Format for this field is: scan/987659876.19876

Output

The JSON output contains the details of the attached file.

The output contains the following populated JSON schema:
{
"@type": "",
"id": "",
"createDate": "",
"file": {
"@type": "",
"size": "",
"filename": "",
"metadata": "",
"file": {
"@type": ""
},
"uploadDate": "",
"@context": "",
"mimeType": "",
"owners": "",
"@id": ""
},
"type": "",
"modifyDate": "",
"@context": "",
"@id": "",
"name": "",
"description": "",
"createUser": {
"@type": "",
"createUser": "",
"createDate": "",
"userId": "",
"modifyDate": "",
"modifyUser": "",
"@id": "",
"name": "",
"@settings": "",
"avatar": "",
"id": "",
"userType": ""
},
"modifyUser": {
"@type": "",
"createUser": "",
"createDate": "",
"userId": "",
"modifyDate": "",
"modifyUser": "",
"@id": "",
"name": "",
"@settings": "",
"avatar": "",
"id": "",
"userType": ""
}
}

operation: PC - Manage Scan

Input parameters

Parameter Description
Action Action that you want to perform on the compliance scan that you want to manage on the Qualys cloud.
You must choose one of the following actions:
  • Cancel: Stops a compliance scan that is in progress on the Qualys cloud.
  • Pause: Stops a compliance scan that is in progress on the Qualys cloud and changes its status to Paused.
  • Resume: Restarts a compliance scan that has been paused on the Qualys cloud.
  • Delete: Deletes a compliance scan from your user account on the Qualys cloud.
Scan Reference Reference of the compliance scan that you want to manage, i.e., on which you want to perform the specified action on the Qualys cloud.
Format for this field is: scan/987659876.19876

Output

The JSON output displays a message containing the result of the PC - Manage Scan operation and the item details of the action performed on the Qualys cloud.
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": [
{
"KEY": "",
"VALUE": ""
}
]
}
}

operation: Get Schedule Scan List

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
Scan ID ID of the scan whose scan schedule you want to retrieve from the Qualys cloud.
Active Select this option, i.e., set it to True, to retrieve scan schedules for only active scans from the Qualys cloud.
Clear this option, i.e., set it to Talse, to retrieve scan schedules for only deactivated scans from the Qualys cloud

Output

The JSON output contains a list of all report templates and their details such as ID, Template type, title, user, type, etc., for the user's account retrieved from the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"SCHEDULE_SCAN_LIST": {
"SCAN": [
{
"USER_LOGIN": "",
"TARGET": "",
"ISCANNER_NAME": "",
"SCHEDULE": {
"MAX_OCCURRENCE": "",
"START_HOUR": "",
"START_DATE_UTC": "",
"TIME_ZONE": {
"TIME_ZONE_DETAILS": "",
"TIME_ZONE_CODE": ""
},
"NEXTLAUNCH_UTC": "",
"WEEKLY": "",
"DST_SELECTED": "",
"START_MINUTE": ""
},
"ID": "",
"TITLE": "",
"ACTIVE": "",
"OPTION_PROFILE": {
"TITLE": "",
"DEFAULT_FLAG": ""
},
"USER_ENTERED_IPS": {
"RANGE": [
{
"START": "",
"END": ""
},
{
"START": "",
"END": ""
}
]
},
"PROCESSING_PRIORITY": ""
}
]
}
}

operation: Get Vulnerability List

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
Details Amount of vulnerability information that you want to retrieve for each host from the Qualys cloud.
You can choose from the following values:
  • Basic (Default): Retrieves basic vulnerability information that includes basic elements plus CVSS Base and Temporal scores
  • All: Retrieves all vulnerability information that includes all vulnerability details, including the Basic details from the Qualys cloud.
  • None: Retrieves only the vulnerability IDs from the Qualys cloud
QIDs QIDs whose vulnerability information you want to retrieve from the Qualys cloud. In this case, vulnerability information of only those QIDs that have specified will be retrieved from the Qualys cloud.
You can enter multiple hosts using a comma separator, or you can add a range of hosts using a hyphen (-).
Minimum QID Minimum QID value based on which you want to retrieve vulnerability information from the Qualys cloud.
Maximum QID Maximum QID value based on which you want to retrieve vulnerability information from the Qualys cloud.
Is Patchable Filter the output to include only vulnerabilities that are patchable or not patchable. You can choose from the following options:
  • Show Vulnerabilities that are Patchable
  • Show Vulnerabilities that are Not Patchable
Last Modified After Filter the output to include only those vulnerabilities that have been last modified after the datetime you have specified. The list of vulnerabilities will include vulnerabilities last modified by a user or by the service.
Last Modified Before Filter the output to include only those vulnerabilities that have been last modified before the datetime you have specified. The list of vulnerabilities will include vulnerabilities last modified by a user or by the service.
Last Modified By User After Filter the output to include only those vulnerabilities that have been last modified by the user after the datetime you have specified.
Last Modified By User Before Filter the output to include only those vulnerabilities that have been last modified by the user before the datetime you have specified.
Last Modified By Service After Filter the output to include only those vulnerabilities that have been last modified by the service after the datetime you have specified.
Last Modified By Service Before Filter the output to include only those vulnerabilities that have been last modified by the service before the datetime you have specified.
Published After Filter the output to include only those vulnerabilities that have been published after the datetime you have specified.
Published Before Filter the output to include only those vulnerabilities that have been published before the datetime you have specified.
Discovery Method Filter the output to include only those vulnerabilities that are assigned the specified discovery method. You can choose from the following options:
  • Remote
  • Authenticated
  • Remote Only
  • Authenticated Only
  • Remote And Authenticated
Discovery Authentication Types Filter the XML output to include only those vulnerabilities that have one or more specified authentication types. You can choose multiple values from the following options:
  • Windows
  • Oracle
  • Unix
  • SNMP
  • DB2
  • HTTP
  • MySQL
  • VMware
Show PCI Reasons Select this option, i.e., set it to True,to include the reasons for passing or failing PCI compliance (when the CVSS Scoring feature is turned on in the user’s subscription) in the output. Clear this option, i.e., setto False (default) to exclude the reasons the reasons for passing or failing PCI compliance from the output.
Show Supported Modules Information Select this option, i.e., set it to True, to include the supported Qualys modules that can be used to detect each vulnerability in the output. Clear this option, i.e., set to False (default) to exclude the supported modules from the output.
Show Disabled Flag Select this option, i.e., set it to True, to include the disabled flag for each vulnerability in the output. Clear this option, i.e., set to False (default) to exclude the disabled flag for each vulnerability from the output.
Show QID Change Log Select this option, i.e., set it to True, to include QID changes for each vulnerability in output. Clear this option, i.e., set to False (default) to exclude QID changes for each vulnerability from the output
Download Result As an Attachment Select this option, i.e., set it to True to add vulnerability results in a file and add it as an attachment in FortiSOAR™. Clear this option, i.e., set it to False (default) to include vulnerability results in the connector output.

Output

The output contains the following populated JSON schema:
{
"DATETIME": "",
"VULN_LIST": {
"VULN": [
{
"SOLUTION": "",
"PCI_FLAG": "",
"VULN_TYPE": "",
"PATCHABLE": "",
"TITLE": "",
"LAST_SERVICE_MODIFICATION_DATETIME": "",
"CVE_LIST": {
"CVE": [
{
"URL": "",
"ID": ""
}
]
},
"DIAGNOSIS": "",
"CONSEQUENCE": "",
"BUGTRAQ_LIST": {
"BUGTRAQ": [
{
"URL": "",
"ID": ""
}
]
},
"SOFTWARE_LIST": {
"SOFTWARE": {
"VENDOR": "",
"PRODUCT": ""
}
},
"DISCOVERY": {
"AUTH_TYPE_LIST": {
"AUTH_TYPE": ""
},
"ADDITIONAL_INFO": "",
"REMOTE": ""
},
"CATEGORY": "",
"QID": "",
"PUBLISHED_DATETIME": "",
"SEVERITY_LEVEL": "",
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": {
"URL": "",
"ID": ""
}
}
}
]
}
}

operation: Get Report Template List

Input parameters

None.

Output

The JSON output contains a list of all scheduled scans and their details such as title, target, processing priority, option profile details, user entered IPs, schedule details, etc., for the user's account retrieved from the Qualys cloud, or the list and details of scheduled compliance scans based on the input parameters you have specified.

The output contains the following populated JSON schema:
{
"REPORT_TEMPLATE": [
{
"ID": "",
"TYPE": "",
"TEMPLATE_TYPE": "",
"TITLE": "",
"USER": {
"LOGIN": "",
"FIRSTNAME": "",
"LASTNAME": ""
},
"LAST_UPDATE": "",
"GLOBAL": ""
}
]
}

operation: Launch Scheduled Report

Input parameters

Parameter Description
Scheduled Report ID ID of the scheduled report that you want to launch on the Qualys cloud.

Output

The JSON output displays a message containing the result of the Launch Scheduled Report operation and details such as report ID and datetime of when this operation was performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}

operation: Launch Scan Based Findings Report

Input parameters

Parameter Description
Template ID ID of the template of the scan-based findings report that you want to launch on the Qualys cloud.
Report Title (Optional) Title of the scan-based findings report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters.
Output Format Format of the scan-based findings report that you want to launch on the Qualys cloud.
You can choose from the following options:
  • PDF
  • HTML
  • MHT
  • XML
  • CSV
  • Docx
Note: Based on the output format that you choose, you might require to specify other parameters.
  • For the PDF output, enter the following parameters:
    • In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account.
    • In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
    • In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
  • For the CSV output, you can select the Hide Header checkbox, i.e., set it to True, to omit the header information from the report. By default, this is set to False, i.e., Header information is included in the report.
IP Restrictions (Optional) Important: Currently, this functionality is not available for this report type. Qualys might provide this functionality in the future.
This field is used to restrict the scan report content to only the IP addresses you have specified. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
Scan References Scan Reference based on which you want to launch the scan-based findings report on the Qualys cloud.
Format for this field is: scan/1532543415.81997
You can enter multiple scan references using a comma separator.
Use Tags (Optional) Select this option, i.e., set it to True, to include assets tags in the scan-based findings report. By default, this is set to False, i.e., to include IP addresses/ranges and/or asset groups in the report.
If you set the Use Tags parameter as True, then you can optionally specify the following parameters:
  • Tags Include Selector: Select any (the default) to include hosts that match at least one of the selected tags. Select all to include hosts that match all of the selected tags.
  • Tags Exclude Selector: Select any (the default) to exclude hosts that match at least one of the selected tags. Select all to exclude hosts that match all of the selected tags.
  • Tag Set By: Select id (the default) to select a tag set by providing tag IDs. Select name to select a tag set by providing tag names. This is valid only when the Use Tags parameter is set to True.
  • Tag Set Include: Specify a tag set that you want to include in the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.
  • Tag Set Exclude: Specify a tag set that you want to exclude from the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.

Output

The JSON output displays a message containing the result of the Launch Scan Based Findings Report operation and details such as report ID and datetime of when this operation was performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}

operation: Launch Host Based Findings Report

Input parameters

Parameter Description
Template ID ID of the template of the host-based findings report that you want to launch on the Qualys cloud.
Report Title (Optional) Title of the host-based findings report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters.
Output Format Format of the host-based findings report that you want to launch on the Qualys cloud.
You can choose from the following options:
  • PDF
  • HTML
  • MHT
  • XML
  • CSV
  • Docx
Note: Based on the output format that you choose, you might require to specify other parameters.
  • For the PDF output, enter the following parameters:
    • In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account.
    • In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
    • In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
  • For the CSV output, you can select the Hide Header checkbox, i.e., set it to True, to omit the header information from the report. By default, this is set to False, i.e., Header information is included in the report.
IPs Network ID (Optional) Enter the IPs network ID to restrict the scan report content to only the IPs network ID you have specified.
Use Tags (Optional) Select this option, i.e., set it to True, to include assets tags in the host-based findings report. By default, this is set to False, i.e., to include IP addresses/ranges and/or asset groups in the host-based findings report.
If you set the Use Tags parameter as True, then you can optionally specify the following parameters:
  • Tags Include Selector: Select any (the default) to include hosts that match at least one of the selected tags. Select all to include hosts that match all of the selected tags.
  • Tags Exclude Selector: Select any (the default) to exclude hosts that match at least one of the selected tags. Select all to exclude hosts that match all of the selected tags.
  • Tag Set By: Select id (the default) to select a tag set by providing tag IDs. Select name to select a tag set by providing tag names. This is valid only when the Use Tags parameter is set to True.
  • Tag Set Include: Specify a tag set that you want to include in the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.
  • Tag Set Exclude: Specify a tag set that you want to exclude from the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.
IPs/Ranges (Optional) IP addresses or a range of IP addresses based on which you want to launch the host-based report on the Qualys cloud.
You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
Asset Group IDs (Optional) Asset Group IDs based on which you want to launch the host-based report on the Qualys cloud.
You can enter multiple IDs using a comma separator, or you can add a range of IDs using a hyphen (-).

Output

The JSON output displays a message containing the result of the Launch Host Based Findings Report operation and details such as report ID and datetime of when this operation was performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}

operation: Launch Patch Report

Input parameters

Parameter Description
Template ID ID of the template of the patch report that you want to launch on the Qualys cloud.
Report Title (Optional) Title of the patch report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters.
Output Format Format of the patch report that you want to launch on the Qualys cloud.
You can choose from the following options:
  • PDF
  • Online
  • XML
  • CSV
Note: Based on the output format that you choose, you might require to specify other parameters.
  • For the PDF output, enter the following parameters:
    • In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account.
    • In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
    • In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
  • For the CSV output, you can select the Hide Header checkbox, i.e., set it to True, to omit the header information from the report. By default, this is set to False, i.e., Header information is included in the report.
Use Tags (Optional) Select this option, i.e., set it to True, to include assets tags in the patch report. By default, this is set to False, i.e., to include IP addresses/ranges and/or asset groups in the report.
IPs/Ranges (Optional) IP addresses or a range of IP addresses based on which you want to launch the patch report on the Qualys cloud.
You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
Asset Group IDs (Optional) Asset Group IDs based on which you want to launch the patch report on the Qualys cloud.
You can enter multiple IDs using a comma separator, or you can add a range of IDs using a hyphen (-).

Output

The JSON output displays a message containing the result of the Launch Patch Report operation and details such as report ID and datetime of when this operation was performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}

operation: Launch Remediation Report

Input parameters

Parameter Description
Template ID ID of the template of the remediation report that you want to launch on the Qualys cloud.
Report Title (Optional) Title of the remediation report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters.
Output Format Format of the remediation report that you want to launch on the Qualys cloud.
You can choose from the following options:
  • PDF
  • HTML
  • MHT
  • CSV
Note: Based on the output format that you choose, you might require to specify other parameters.
  • For the PDF output, enter the following parameters:
    • In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account.
    • In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
    • In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
  • For the CSV output, you can select the Hide Header checkbox, i.e., set it to True, to omit the header information from the report. By default, this is set to False, i.e., Header information is included in the report.
Assignee Type (Optional) Select User in this field to specify that the remediation report will include tickets that are assigned to the current user only (User is set by default). Select All in this field to specify that the remediation report will include all the tickets in the user's account.
Use Tags (Optional) Select this option, i.e., set it to True, to include assets tags in the report. By default, this is set to False, i.e., to include IP addresses/ranges and/or asset groups in the remediation report.
If you set the Use Tags parameter as True, then you can optionally specify the following parameters:
  • Tags Include Selector: Select any (the default) to include hosts that match at least one of the selected tags. Select all to include hosts that match all of the selected tags.
  • Tags Exclude Selector: Select any (the default) to exclude hosts that match at least one of the selected tags. Select all to exclude hosts that match all of the selected tags.
  • Tag Set By: Select id (the default) to select a tag set by providing tag IDs. Select name to select a tag set by providing tag names. This is valid only when the Use Tags parameter is set to True.
  • Tag Set Include: Specify a tag set that you want to include in the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.
  • Tag Set Exclude: Specify a tag set that you want to exclude from the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.
IPs/Ranges (Optional) IP addresses or a range of IP addresses based on which you want to launch the remediation report on the Qualys cloud.
You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
Asset Group IDs (Optional) Asset Group IDs based on which you want to launch the remediation report on the Qualys cloud.
You can enter multiple IDs using a comma separator, or you can add a range of IDs using a hyphen (-).

Output

The JSON output displays a message containing the result of the Launch Remediation Report operation and details such as report ID and datetime of when this operation was performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}

operation: Launch Compliance Report

Input parameters

Parameter Description
Template ID ID of the template of the compliance report that you want to launch on the Qualys cloud.
Report Title (Optional) Title of the compliance report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters.
Output Format Format of the compliance report that you want to launch on the Qualys cloud.
You can choose from the following options:
  • PDF
  • HTML
  • MHT
Note: Based on the output format that you choose, you might require to specify other parameters.
  • For the PDF output, enter the following parameters:
    • In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account.
    • In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
    • In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
IPs/Ranges (Optional) IP addresses or a range of IP addresses based on which you want to launch the compliance report on the Qualys cloud.
You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
Asset Group IDs (Optional) Asset Group IDs based on which you want to launch the compliance report on the Qualys cloud.
You can enter multiple IDs using a comma separator, or you can add a range of IDs using a hyphen (-).

Output

The JSON output displays a message containing the result of the Launch Compliance Report operation and details such as report ID and datetime of when this operation was performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}

operation: Launch Compliance Policy Report

Input parameters

Parameter Description
Template ID ID of the template of the compliance policy report that you want to launch on the Qualys cloud.
Report Title (Optional) Title of the compliance policy report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters.
Output Format Format of the compliance policy report that you want to launch on the Qualys cloud.
You can choose from the following options:
  • PDF
  • HTML
  • MHT
  • XML
  • CSV
Note: Based on the output format that you choose, you might require to specify other parameters.
  • For the PDF output, enter the following parameters:
    • In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account.
    • In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
    • In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
  • For the CSV output, you can select the Hide Header checkbox, i.e., set it to True, to omit the header information from the report. By default, this is set to False, i.e., Header information is included in the report.
Policy ID ID of the compliance policy based on which you want to launch the compliance policy report on the Qualys cloud.
Host ID (Optional) ID of the host, if you want to launch the compliance policy report on the Qualys cloud, based on only a single host instance.
Important: Specify the Host ID parameter, if you are specifying the Instance String parameter.
Instance String (Optional) Single instance on the host that you have specified. You can enter the instance string in the format as: “os” or in a a string-like format: “oracle10:1:1521:ora10204u”
Use Tags (Optional) Select this option, i.e., set it to True, to include assets tags in the compliance policy report. By default, this is set to False, i.e., to include IP addresses/ranges and/or asset groups in the compliance report.
If you set the Use Tags parameter as True, then you can optionally specify the following parameters:
  • Tags Include Selector: Select any (the default) to include hosts that match at least one of the selected tags. Select all to include hosts that match all of the selected tags.
  • Tags Exclude Selector: Select any (the default) to exclude hosts that match at least one of the selected tags. Select all to exclude hosts that match all of the selected tags.
  • Tag Set By: Select id (the default) to select a tag set by providing tag IDs. Select name to select a tag set by providing tag names. This is valid only when the Use Tags parameter is set to True.
  • Tag Set Include: Specify a tag set that you want to include in the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.
  • Tag Set Exclude: Specify a tag set that you want to exclude from the scan. Hosts that match these tags will be included. You identify the tag set by providing tag name or IDs. You can enter multiple tag sets using a comma separator.
IPs/Ranges (Optional) IP addresses or a range of IP addresses based on which you want to launch the compliance policy report on the Qualys cloud.
You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).
Asset Group IDs (Optional) Asset Group IDs based on which you want to launch the compliance policy report on the Qualys cloud.
You can enter multiple IDs using a comma separator, or you can add a range of IDs using a hyphen (-).

Output

The JSON output displays a message containing the result of the Launch Compliance Policy Report operation and details such as report ID and datetime of when this operation was performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}

operation: Launch Scorecard Report

Input parameters

Parameter Description
Scorecard Type Type of the vulnerability scorecard report you want to launch on the Qualys cloud.
You can choose from the following options: Service Provided Scorecard or User Created Scorecard.
Scorecard Name If you specify the scorecard type as Service Provided Scorecard, then you can choose any of the following options as the scorecard name: Asset Group Vulnerability Report, Ignored Vulnerabilities Report, Most Prevalent Vulnerabilities Report, Most Vulnerable Hosts Report, or Patch Report.
If you specify the scorecard type as User Created Scorecard, then you can specify the name of your choice for the report.
Report Title (Optional) Title of the scorecard report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters.
Note: If you do not specify a report title, then the scorecard name will become the report title also.
Output Format Format of the scorecard policy report that you want to launch on the Qualys cloud.
You can choose from the following options:
  • PDF
  • HTML
  • MHT
  • XML
  • CSV
Note: Based on the output format that you choose, you might require to specify other parameters.
  • For the PDF output, enter the following parameters:
    • In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account.
    • In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
    • In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both.
  • For the CSV output, you can select the Hide Header checkbox, i.e., set it to True, to omit the header information from the report. By default, this is set to False, i.e., Header information is included in the report.
Source Source asset groups based on which you want to launch the scorecard report on the Qualys cloud.
You can choose from the following options:
  • Asset Groups: This is the default option and select this option launch a scorecard report with all assets groups.
  • Business Unit: Select this option to launch a scorecard report with all assets groups in a particular business unit.

Note: Based on the source that you choose, you might require to specify other parameters.
If you choose Asset Groups, then you can optionally specify the following parameters:
  • Asset Groups: Titles of asset groups, which are to be used as source asset groups for the scorecard report.
  • All Asset Groups: If you can select the All Asset Groups checkbox, i.e., set it to True, to set all asset groups available in your account as the source asset groups for the scorecard report.
    You cannot use the Asset Groups and All Asset Groups parameters at the same time.

If you choose Business Unit, then you can optionally specify the following parameters:
  • Business Unit: Title of a business unit containing the source asset groups for the scorecard report. All asset groups in the business unit will be included in the report source.
  • Division: A business info tag identifying a division to which the asset group(s) belong. When specified, only asset groups with this tag are included in the scorecard report source.
  • Function: A business info tag identifying a business function to which that asset group(s) belong. When specified, only asset groups with this tag are included in the scorecard report source.
  • Location: A business info tag identifying a location where that asset group(s) are located. When specified, only asset groups with this tag are included in the scorecard report source.
Patch QID (Optional) Patch QIDs for vulnerabilities or potential vulnerabilities with available patches, when these detected on the host, this means the host does not have the patches installed, and it will be reported in the scorecard output. You can enter multiple patch QIDs, up to a maximum of 10, using a comma separator.
Note: Valid and required in case of a Patch Scorecard Report.
Missing QIDs (Optional) Missing software QIDs when not detected on host means the host is missing software and it will be reported in the scorecard output. You can enter multiple patch QIDs, up to a maximum of 2, using a comma separator.
Note: Valid and required in case of a Patch Scorecard Report.

Output

The JSON output displays a message containing the result of the Launch Scorecard Report operation and details such as report ID and datetime of when this operation was performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}

operation: Download Saved Report

Input parameters

Parameter Description
Report ID ID of a saved report that you want to download in the user's account on the Qualys cloud.
Note: To download a saved report, the status of the report must be Finished.

Output

The JSON output contains the details of the report that you have downloaded in the user's account on the Qualys cloud, based on the report ID you have specified.

The output contains the following populated JSON schema:
{
"@type": "",
"id": "",
"createDate": "",
"file": {
"@type": "",
"size": "",
"filename": "",
"metadata": "",
"file": {
"@type": ""
},
"uploadDate": "",
"@context": "",
"mimeType": "",
"owners": "",
"@id": ""
},
"type": "",
"modifyDate": "",
"@context": "",
"@id": "",
"name": "",
"description": "",
"createUser": {
"@type": "",
"createUser": "",
"createDate": "",
"userId": "",
"modifyDate": "",
"modifyUser": "",
"@id": "",
"name": "",
"@settings": "",
"avatar": "",
"id": "",
"userType": ""
},
"modifyUser": {
"@type": "",
"createUser": "",
"createDate": "",
"userId": "",
"modifyDate": "",
"modifyUser": "",
"@id": "",
"name": "",
"@settings": "",
"avatar": "",
"id": "",
"userType": ""
}
}

operation: Get Report List

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
Report ID ID of the report that is saved in the user's Report Share storage space, whose details you want to retrieve from the Qualys cloud.
State State of the report that is saved in the user's Report Share storage space, whose details you want to retrieve from the Qualys cloud.
You can select from the available options: Running (reports are in progress), Finished, Submitted, Canceled or Errors.
User Login Login of the user who has launched the report in the user's Report Share, whose details you want to retrieve from the Qualys cloud.
Expires Before Datetime Retrieve those reports from the Qualys cloud that expire before the datetime that you specify in this field.

Output

The JSON output contains a list and details such as report id , type, user login, output format, title, status etc. of all reports that are saved in the the user's Report Share storage space and retrieved from the Qualys cloud, or the list and details of specific reports based on the input parameters you have specified.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"REPORT_LIST": {
"REPORT": [
{
"USER_LOGIN": "",
"OUTPUT_FORMAT": "",
"LAUNCH_DATETIME": "",
"ID": "",
"TITLE": "",
"STATUS": {
"STATE": ""
},
"SIZE": "",
"TYPE": "",
"EXPIRATION_DATETIME": ""
}
]
}
}

operation: Get Scheduled Report List

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.

Parameter Description
Report ID ID of the scheduled report that is saved in the user's Report Share storage space, whose details you want to retrieve from the Qualys cloud.
Is Active Select this option, i.e., set it to True, to retrieve scheduled reports for only active reports from the Qualys cloud.

Output

The JSON output contains a list and details such as report id , type, user login, output format, title, status etc. of all scheduled reports that are saved in the the user's Report Share storage space and retrieved from the Qualys cloud, or the list and details of specific scheduled reports based on the input parameters you have specified.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"SCHEDULE_REPORT_LIST": {
"REPORT": [
{
"OUTPUT_FORMAT": "",
"ID": "",
"ACTIVE": "",
"TITLE": "",
"TEMPLATE_TITLE": "",
"SCHEDULE": {
"DST_SELECTED": "",
"MAX_OCCURRENCE": "",
"START_HOUR": "",
"START_DATE_UTC": "",
"TIME_ZONE": {
"TIME_ZONE_DETAILS": "",
"TIME_ZONE_CODE": ""
},
"DAILY": "",
"START_MINUTE": ""
}
}
]
}
}

operation: Delete Report

Input parameters

Parameter Description
Report ID ID of a saved report that you want to delete from the user's account on the Qualys cloud.

Output

The JSON output displays a message containing the result of the Delete Report operation and details such as report ID and datetime of when this operation was performed on the Qualys cloud.

The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}

Included playbooks

The Sample - Qualys - 1.0.0 playbook collection comes bundled with the Qualys connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Qualys connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next