Qualys Vulnerability Management is a cloud service that gives you immediate, global visibility into where your IT systems might be vulnerable to the latest Internet threats and how to protect them. It helps you to continuously secure your IT infrastructure and comply with internal policies and external regulations, allows you to address new security and compliance requirements, and to find and fix vulnerabilities fast before hackers can attack or compromise your system.
This document provides information about the Qualys connector, which facilitates automated interactions, with a Qualys server using FortiSOAR™ playbooks. Add the Qualys connector as a step in FortiSOAR™ playbooks and perform automated operations, such as launching compliance scans on the Qualys API server and managing virtual hosts from the Qualys API server.
Connector Version: 1.1.0
FortiSOAR™ Version Tested on: 7.6.0-5012
Qualys Version Tested on: Cloud Platform 3.18.1.0-6
Authored By: Fortinet
Certified: Yes
Following enhancements have been made to the Qualys connector in version 1.1.0:
Show Tags parameter in Get Host Detection List action.Client ID parameter in VM - Launch Scan action.CVE ID parameter in Get Vulnerability List action.Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command as a root user to install the connector:
yum install cyops-connector-qualys
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the Qualys connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
| Parameter | Description |
|---|---|
| Server URL | API Server URL of the Qualys Cloud that you want to use for API requests. This will depend on the platform where your account is located. |
| Username | Username used to connect to the Qualys Cloud to which you will connect and perform automated operations. |
| Password | Password used to connect to the Qualys Cloud to which you will connect and perform automated operations. |
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified. By default, this option is selected, i.e., set to true. |
You can use the following automated operations in playbooks and also use the annotations to access operations:
| Function | Description | Annotation and Category |
|---|---|---|
| Add Assets | Adds assets, i.e., IP addresses, to the subscription on the Qualys cloud based on the IP addresses, tracking method, and other input parameters you have specified. | add_ip Investigation |
| Get Asset List | Retrieves the list of all IP addresses present in the user's account on the Qualys cloud based on the IP addresses, tracking method, and other input parameters you have specified. | get_ip_list Investigation |
| Update Asset | Updates assets, i.e., existing IP addresses, in the subscription on the Qualys cloud based on the IP addresses, tracking method, and other input parameters you have specified. | update_ip Investigation |
| Get Scanned Host List | Retrieves a detailed list of all scanned hosts present in the user's account on the Qualys cloud based on the IP addresses, host IDs, and other input parameters you have specified. | get_scanned_host Investigation |
| Get Asset Group List | Retrieves a detailed list of asset groups from Qualys cloud based on the asset group IDs, asset group ID range, and other filter criteria that you have specified. | get_asset_groups Investigation |
| Get Host Detection List | Retrieves a detailed list of hosts from Qualys cloud based on the host group IDs, host group ID range, and other filter criteria that you have specified. | get_host_detection_list Investigation |
| Manage Virtual Host | Manages a virtual host on the Qualys cloud based on the actions, IP addresses, and other input parameters you have specified. | manage_host Investigation |
| Get Virtual Host List | Retrieves a detailed list of all virtual hosts present in the user's account on the Qualys cloud, or specific virtual hosts based on the port and IP address that you have specified. | get_host_list Investigation |
| Manage Excluded Host | Manages an excluded host on the Qualys cloud based on the actions, IP addresses, and other input parameters you have specified. | manage_host Investigation |
| Get Excluded Host List | Retrieves a detailed list of specific or all excluded hosts present in the user's account on the Qualys cloud based on the IP range and network ID that you have specified. | list_hosts Investigation |
| Get Option Profiles | Retrieves a detailed list of available option profiles from the user's account on the Qualys cloud. | get_option_profile Investigation |
| Get Scanner Appliance | Retrieves a detailed list of available scanner appliances from the user's account on the Qualys cloud based on the scan reference, scanner appliance name, and other input parameters that you have specified. | get_scanner_appliance Investigation |
| VM - Launch Scan | Launches vulnerability scans in the user's account on the Qualys cloud based on the scan title, option profile, and other input parameters that you have specified. | launch_scan Investigation |
| VM - Get Scan List | Retrieves a detailed list of specific or all vulnerability scans present in the user's account on the Qualys cloud based on the scan reference, scan state, and other input parameters that you have specified. | get_scan_list Investigation |
| VM - Fetch Scan | Downloads specific or all the vulnerability management scan results from the Qualys cloud based on the scan reference, IP address, and other input parameters that you have specified. | get_report Investigation |
| VM - Manage Scan | Manages a vulnerability management scan on the Qualys cloud based on the scan reference and action that you have specified. | manage_scan Investigation |
| PC - Launch Scan | Launches compliance scans in the user's account on the Qualys cloud based on the scan title, option profile, and other input parameters that you have specified. | launch_scan Investigation |
| PC - Get Scan List | Retrieves a detailed list of specific or all policy compliance scans present in the user's account on the Qualys cloud based on the scan ID, scan state, and other input parameters you have specified. | get_scan_list Investigation |
| PC - Fetch Scan | Downloads specific or all compliance management scan results from the Qualys cloud based on the scan reference and other input parameters you have specified. | get_report Investigation |
| PC - Manage Scan | Manages a vulnerability management scan on the Qualys cloud based on the scan reference and action that you have specified. | manage_scan Investigation |
| Get Schedule Scan List | Retrieves a detailed list of specific or all scheduled scans present in the user's account on the Qualys cloud based on the scan ID and other input parameters you have specified. | get_scan Investigation |
| Get Vulnerability List | Retrieves a detailed list of vulnerabilities from KnowledgeBase on the Qualys cloud based on the CVE ID, QID, and other input parameters you have specified. | search_vulnerability Investigation |
| Get Report Template List | Retrieves a detailed list of all report templates present in the user's account on the Qualys cloud. | get_template Investigation |
| Launch Scheduled Report | Launches a scheduled report in the user's account on the Qualys cloud based on the scheduled report ID you have specified. | launch_report Investigation |
| Launch Scan Based Findings Report | Launches a scan-based findings report in the user's account on the Qualys cloud based on the template ID, report title, and other input parameters you have specified. | launch_report Investigation |
| Launch Host Based Findings Report | Launches a host-based findings report in the user's account on the Qualys cloud based on the template ID, report title, and other input parameters you have specified. | launch_report Investigation |
| Launch Patch Report | Launches a patch report in the user's account on the Qualys cloud based on the template ID, report title, and other input parameters you have specified. | launch_report Investigation |
| Launch Remediation Report | Launches a remediation report in the user's account on the Qualys cloud based on the template ID, report title, and other input parameters you have specified. | launch_report Investigation |
| Launch Compliance Report | Launches a compliance report in the user's account on the Qualys cloud based on the template ID, report title, and other input parameters you have specified. | launch_report Investigation |
| Launch Compliance Policy Report | Launches a compliance policy report in the user's account on the Qualys cloud based on the template ID, report title, and other input parameters you have specified. | launch_report Investigation |
| Launch Scorecard Report | Launches a vulnerability scorecard report in the user's report share on the Qualys cloud based on the scorecard type, report title, and other input parameters you have specified. | launch_report Investigation |
| Download Saved Report | Downloads a saved report in the user's account on the Qualys cloud based on the report ID you have specified. | get_report Investigation |
| Get Report List | Retrieves a list of reports from the user's report share on the Qualys cloud based on the report ID, report state, and other input parameters that you have specified. | get_report Investigation |
| Get Scheduled Report List | Retrieves a list of scheduled reports from the user's report share on the Qualys cloud based on the report ID and other input parameters that you have specified. | get_report Investigation |
| Delete Report | Deletes a saved report from the user's account on the Qualys cloud based on the report ID you have specified. | delete_report Investigation |
| Get Static Search List | Retrieves Static Search list details from Qualys cloud based on the search list ID that you have specified. | get_static_search_list Investigation |
| Create Static Search List | Creates static search list in Qualys Cloud based on the title, QID, and other input parameters that you have specified. | create_static_search_list Investigation |
| Update Static Search List | Updates static search list in Qualys Cloud based on the search list ID, title, and other input parameters that you have specified. | update_static_search_list Investigation |
| Delete Static Search List | Deletes static search list in Qualys Cloud based on the search list ID that you have specified. | delete_static_search_list Investigation |
| Create VM Option Profile | Creates option profiles for VM scans in Qualys Cloud based on the title, scan type, and other input parameters that you have specified. | create_vm_option_profile Investigation |
| Update VM Option Profile | Updates option profiles for VM scans in Qualys Cloud based on the option profile ID and other input parameters that you have specified. | update_vm_option_profile Investigation |
| Get VM Option Profile List | Retrieves option profiles for VM scans in Qualys Cloud based on the filter criteria that you have specified. | get_vm_option_profile_list Investigation |
| Delete VM Option Profile | Deletes option profiles for VM scans in Qualys Cloud based on the option profile ID that you have specified. | delete_vm_option_profile Investigation |
| Get Asset Search Report | Retrieves report on assets from Qualys Cloud based on the output format and other input parameters that you have specified. | get_asset_search_report Investigation |
| Create Asset Group | Adds a new asset group in the user's account in Qualys Cloud based on the title, network ID, and other input parameters that you have specified. | create_asset_group Investigation |
| Edit Asset Group | Edit an existing asset group in the user's account in Qualys Cloud based on the asset group ID and other input parameters that you have specified. | edit_asset_group Investigation |
| Delete Asset Group | Delete an asset group present in the user's account in Qualys Cloud based on the asset group ID that you have specified.
NOTE: By deleting an asset group any scheduled scans using the asset group will be deactivated. |
delete_asset_group Investigation |
| Parameter | Description |
|---|---|
| IPs/Ranges | Specify IP addresses to add to the subscription on the Qualys cloud. You can enter multiple IP addresses as comma-separated values, or add a range of IP addresses using a hyphen (-). For example: xx.xx.xx.1, xx.xx.xx.1-xx.xx.xx.10. |
| Add to Vulnerability Management Module | Select this option, i.e., set it to True, to enable hosts for the VM application. By default, this is set to False. |
| Add to Policy Compliance Module | Select this option, i.e., set it to True, to enable hosts for the PC application. By default, this is set to False. |
| Tracking Method | (Optional) Select the tracking method used for the IP address that you want to add on the Qualys cloud. You can choose from the following options:
|
| Owner | (Optional) Specify owner of the host assets. |
| Attribute 1 | (Optional) Specify host attribute name that is displayed while viewing host information. This is a user-defined field. You can define up to 3 attributes while adding an asset. |
| Attribute 2 | (Optional) Host attribute name that is displayed while viewing host information. This is a user-defined field. You can define up to 3 attributes while adding an asset. |
| Attribute 3 | (Optional) Host attribute name that is displayed while viewing host information. This is a user-defined field. You can define up to 3 attributes while adding an asset. |
| Comments | (Optional) User-defined comments that you want to add while adding an asset. |
| Asset Group Title | (Optional) Title of an asset group in the Unit Manager's business unit to which the host(s) will be added. Note: This parameter is valid and required only if the request is being made by the Unit Manager. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": ""
}
| Parameter | Description |
|---|---|
| IPs/Ranges | (Optional) Hosts (IP addresses) for which you want to retrieve details from the Qualys cloud. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-). For example, xx.xx.xx.1, xx.xx.xx.1-xx.xx.xx.10 |
| Tracking Method | (Optional) Select the tracking method used, i.e., retrieve a list for only those IP addresses that have been tracked using the selected tracking method from the Qualys cloud. You can choose from the following IP, DNS, or NETBIOS. By default, this is set to IP. |
| Network ID | (Optional) Specify the Network ID, i.e., retrieve a list for only those IP addresses that have the specified network ID from the Qualys cloud. Note: This parameter is valid only when the Network Support feature is enabled for the user's account. |
| Compliance Enabled | (Optional) Select this option, i.e., set it to true, to retrieve a list for only those IP addresses from the user's account that are assigned to the Policy Compliance module on the Qualys cloud.Clear this option, i.e., set it to false, to retrieve a list for only those IP addresses from the user's account that are not assigned to the Policy Compliance module on the Qualys cloud. Note: This parameter is valid only when the Policy Compliance module is enabled for the user's account. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"IP_SET": {
"IP": [],
"IP_RANGE": []
}
}
| Parameter | Description |
|---|---|
| IPS/Ranges | Hosts (IP addresses) that you want to update in the subscription on the Qualys cloud. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).For example, xx.xx.xx.1, xx.xx.xx.1-xx.xx.xx.10 |
| Tracking Method | (Optional) Select the tracking method used for the IP address that you want to update on the Qualys cloud.You can choose from the following IP, DNS, or NETBIOS.By default, this is set to IP. |
| Host DNS | (Optional) The DNS hostname for the IP you want to update.A single IP must be specified in the same request and the IP will only be updated if it matches the hostname specified. |
| Host NETBIOS | (Optional) The NetBIOS hostname for the IP you want to update. A single IP must be specified in the same request and the IP will only be updated if it matches the hostname specified. |
| Owner | (Optional) Owner of the host asset(s). |
| Attribute 1 | (Optional) Host attribute name that is displayed while viewing host information. This is a user-defined field. You can define up to 3 attributes while adding an asset. |
| Attribute 2 | (Optional) Host attribute name that is displayed while viewing host information. This is a user-defined field. You can define up to 3 attributes while adding an asset. |
| Attribute 3 | (Optional) Host attribute name that is displayed while viewing host information. This is a user-defined field. You can define up to 3 attributes while adding an asset. |
| Comments | (Optional) User-defined comments that you want to add while updating an asset. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": ""
}
| Parameter | Description |
|---|---|
| Details | (Optional) Choose the amount of host information you want to retrieve for each host from the Qualys cloud. You can choose from the following values: Basic (Default): Retrieves basic host information that includes the host ID, IP address, tracking method, DNS and NetBIOS hostnames, and operating system, from the Qualys cloud. Basic/AGs: Retrieves basic host information plus asset group information, which includes asset group ID and title, from the Qualys cloud. All: Retrieves all host information that includes the basic host information plus the last vulnerability and compliance scan dates, from the Qualys cloud. All/AGs: Retrieves all host information plus asset group information, which includes asset group ID and title, from the Qualys cloud. |
| IPs/Ranges | (Optional) Hosts (IP addresses) for which you want to retrieve scanned host details from the Qualys cloud. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-). For example, xx.xx.xx.1, xx.xx.xx.1-xx.xx.xx.10 |
| Host IDs | (Optional) Host IDs whose scan details you want to retrieve from the Qualys cloud. In this case, scan details of only those host IDs that have specified will be retrieved from the Qualys cloud. You can enter multiple hosts using a comma separator, or you can add a range of hosts using a hyphen (-). |
| Asset Group IDs | (Optional) Asset Group IDs whose host scan details you want to retrieve from the Qualys cloud. In this case, scan details of only those hosts that are part of the Asset Groups that have specified will be retrieved from the Qualys cloud. You can enter multiple IDs using a comma separator, or you can add a range of IDs using a hyphen (-). You can specify either the Asset Group IDs or the Asset Group titles but not both. |
| Asset Group Titles | (Optional) Asset Groups whose host scan details you want to retrieve from the Qualys cloud. In this case, scan details of only those hosts that are part of the Asset Groups that have specified and which contain certain strings in the asset group title will be retrieved from the Qualys cloud. You can enter multiple entries using a comma separator. You can specify either the Asset Group IDs or the Asset Group titles but not both. |
| Show Host with Minimum Host ID | (Optional) Minimum Host ID value based on which you want to retrieve host scan details from the Qualys cloud. |
| Show Host with Maximum Host ID | (Optional) Maximum Host ID value based on which you want to retrieve host scan details from the Qualys cloud. |
| Show Host within Network IDs | (Optional) Specify the Network ID, i.e., retrieves a list for only scanned hosts that have the specified network ID from the Qualys cloud. Note: This parameter is valid only when the Network Support feature is enabled for the user's account. |
| Show Hosts Not Scanned Since | (Optional) Retrieve scan details for those hosts that have not been scanned from the datetime you have specified in this field from the Qualys cloud. |
| Show Compliance Hosts Not Scanned Since | (Optional) Retrieve scan details for those hosts that have not been scanned for compliance from the datetime you have specified in this field from the Qualys cloud. |
| Show VM Scan Hosts Since | (Optional) Retrieve scan details for those hosts that have been last scanned for vulnerabilities since the datetime you have specified in this field from the Qualys cloud. |
| Show Compliance Scan Hosts Since | (Optional) Retrieve scan details for those hosts that have been last scanned for compliance since the datetime you have specified in this field from the Qualys cloud. |
| Show VM Scan Processed Host Before | (Optional) Retrieve scan details for those hosts that have vulnerability scan results processed before the datetime you have specified in this field from the Qualys cloud. |
| Show VM Processed Host After | (Optional) Retrieve scan details for those hosts that have vulnerability scan results processed after the datetime you have specified in this field from the Qualys cloud. |
| Show Hosts with VM Scan End Date Before | (Optional) Retrieve scan details for those hosts that have their vulnerability scan end date before the datetime you have specified in this field from the Qualys cloud. |
| Show Hosts with VM Scan End Date After | (Optional) Retrieve scan details for those hosts that have their vulnerability scan end date after the datetime you have specified in this field from the Qualys cloud. |
| OS Pattern | (Optional) Retrieve scan details for those hosts that have an operating system matching the regular expression, which you have specified in this field, from the Qualys cloud. For Example ^Win.*64+bit.*Service+Pack+1 or ^Windows. To match the empty string use '^$' |
| Truncation Limit | (Optional) Specify the maximum number of scanned host records that are processed per request. If you do not specify the truncation limit, then this limit is set to 1000 host records. You can specify a value less than the default (1-999), or greater than the default (1001-1000000). |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"HOST_LIST": {
"HOST": [
{
"ID": "",
"LAST_VULN_SCAN_DATETIME": "",
"LAST_COMPLIANCE_SCAN_DATETIME": "",
"USER_DEF": {
"VALUE_3": "",
"VALUE_1": "",
"VALUE_2": ""
},
"IP": "",
"OS": "",
"OWNER": "",
"NETBIOS": "",
"COMMENTS": "",
"LAST_VM_SCANNED_DURATION": "",
"TRACKING_METHOD": "",
"DNS": "",
"LAST_VM_SCANNED_DATE": ""
}
]
},
"GLOSSARY": {
"USER_LIST": {
"USER": {
"USER_LOGIN": "",
"FIRST_NAME": "",
"LAST_NAME": ""
}
},
"ASSET_GROUP_LIST": {
"ASSET_GROUP": [
{
"ID": "",
"TITLE": ""
}
]
},
"USER_DEF": {
"LABEL_3": "",
"LABEL_2": "",
"LABEL_1": ""
}
}
}
| Parameter | Description |
|---|---|
| Asset Group IDs | (Optional) Group IDs based on which you want to retrieve the asset group list from the Qualys cloud. You can enter multiple group IDs using a comma separator. |
| Minimum Asset Group ID | (Optional) Retrieve only those asset groups that have an ID greater than or equal to the specified ID from the Qualys cloud. |
| Maximum Asset Group ID | (Optional) Retrieve only those asset groups that have an ID lesser than or equal to the specified ID from the Qualys cloud. |
| Show Asset Group with Business Unit ID | (Optional) Retrieve only those asset groups that have a business unit ID equal to the specified ID. |
| Show Asset Group with User ID | (Optional) Retrieve only those asset groups that have a user ID equal to the specified ID. |
| Show Asset Group with Title | (Optional) Retrieve only those asset groups that have a title equal to the specified string. Note: This must be an exact match. |
| Network IDs | (Optional) Valid only when the Networks feature is enabled for your account. Network IDs based on which you want to retrieve the asset group list from the Qualys cloud. You can enter multiple network IDs using a comma separator. |
| Truncation Limit | (Optional) Maximum number of asset group records that are processed per request from the Qualys cloud. By default, this is set to 1000 records. If you specify truncation_limit=0, the output is not paginated and all records are returned in a single output. |
| Show Attributes | (Optional) Specify the attributes that you want to retrieve for each asset group along with the ID. You can choose from the following options: All ID Title Owner User Name Owner User ID Owner Unit ID Last Update IP Set Appliance List Domain List Host IDs Assigned User IDs Assigned Unit IDs Business Impact CommentsNote: Select All or list of attribute names. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"ASSET_GROUP_LIST": {
"ASSET_GROUP": [
{
"ID": "",
"TITLE": "",
"OWNER_USER_ID": "",
"LAST_UPDATE": "",
"BUSINESS_IMPACT": "",
"IP_SET": {
"IP": [],
"IP_RANGE": []
},
"HOST_IDS": "",
"ASSIGNED_UNIT_IDS": "",
"OWNER_USER_NAME": ""
}
]
}
}
| Parameter | Description |
|---|---|
| Host IDs | (Optional) Host IDs whose scan details you want to retrieve from the Qualys cloud. In this case, scan details of only those host IDs that have specified will be retrieved from the Qualys cloud. You can enter multiple hosts using a comma separator, or you can add a range of hosts using a hyphen (-). |
| Show Host with Minimum Host ID | (Optional) Minimum Host ID value based on which you want to retrieve host details from the Qualys cloud. |
| Show Host with Maximum Host ID | (Optional) Maximum Host ID value based on which you want to retrieve host details from the Qualys cloud. |
| Use Tags | (Optional) Set this option as True, to include assets tags in the host details. By default, this is set to False. If you choose 'False'
|
| Show Host within Network IDs | (Optional) Specify the Network ID, i.e., retrieves only hosts details that have the specified network ID from the Qualys cloud. Note: This parameter is valid only when the Network Support feature is enabled for the user's account. You can enter multiple network IDs using a comma separator. |
| Show VM Scan Hosts Since | (Optional) Retrieve host details for those hosts that have been last scanned for vulnerabilities since the datetime you have specified in this field from the Qualys cloud. |
| Show Hosts Not VM Scanned Since | (Optional) Retrieve host details for those hosts that have not been scanned from the datetime you have specified in this field from the Qualys cloud. Note:This parameter cannot be specified with Show Hosts Scanned in Past Number of Days in the same request. |
| Show Hosts Scanned in Past Number of Days | (Optional) Retrieve only hosts scanned and processed in the past number of days, value of which you specify, from the Qualys cloud. |
| Show VM Scan Processed Host Before | (Optional) Retrieve host details, from the Qualys cloud, for those hosts that have vulnerability scan results processed before the datetime you have specified in this field. |
| Show VM Processed Host After | (Optional) Retrieve host details, from the Qualys cloud, for those hosts that have vulnerability scan results processed after the datetime you have specified in this field. |
| Show Hosts with VM Scan End Date Before | (Optional) Retrieve host details, from the Qualys cloud, for those hosts that have vulnerability end date before the datetime you have specified in this field. |
| Show Hosts with VM Scan End Date After | (Optional) Retrieve host details, from the Qualys cloud, for those hosts that have vulnerability end date after the datetime you have specified in this field. |
| Show Hosts with VM Auth Scan Date Before | (Optional) Retrieve host details, from the Qualys cloud, which have a successful authenticated vulnerability scan end date before a the date and time you have specified. |
| Show Hosts with VM Auth Scan Date After | (Optional) Retrieve host details, from the Qualys cloud, which have a successful authenticated vulnerability scan end date after a the date and time you have specified. |
| Show Hosts with Vulnearability Status | (Optional) Retrieve host details, from the Qualys cloud, which have one or more of these status values: New, Active, Re-Opened, Fixed. You can enter multiple status values using a comma separator. |
| Compliance Enabled | (Optional) Select one of the following options: List hosts which are assigned to Policy Compliance Module List hosts which are not assigned to Policy Compliance Module |
| OS Pattern | (Optional) Retrieve host details, from the Qualys cloud, which have an operating system that matches the regular expression that you have specified in this field. For example,^Win.*64+bit.*Service+Pack+1 or ^Windows |
| QIDs | (Optional) Retrieve host detection records, from the Qualys cloud based on the QIDs you have specified. You must enter valid QIDs and you can enter multiple QIDs using a comma separator, or you can add a range of QIDs using a hyphen (-), for example, 68518-68522. |
| Severity Level | (Optional) Retrieve host details, from the Qualys cloud, which have one or more of these severity values: 1-Minimal, 2-Medium, 3-Serious, 4-Critical-Standard, or 5-Urgent. |
| Show Information Gathered | (Optional) Select one of the options below:Show Detection Records with Information Gathered Hide Detection Record's Information Gathered Note: If you do not selected any option this information will not be shown. |
| Search List By | (Optional) Show detection records based on following: IDs Titles If you choose 'IDs'
|
| Show Results | (Optional) Select this option, i.e, set it True (default) to include results in the output. |
| Show Tags | (Optional) Select this option, i.e, set it True (default) to include tags in the output. |
| Show Reopened Information | (Optional) Select this option, i.e, set it True to include reopened information, i.e., first/last reopened date, times reopened etc. When this option is not selected, i.e., set to False (default) reopened information for reopened vulnerabilities is not included in the output. |
| Kernel Filter | (Optional) Filter for identifying vulnerabilities found on running or non-running Linux kernels. You can choose from the following options: 0-Vulnerabilities are not filtered based on kernel activity 1-Exclude kernel related vulnerabilities that are not exploitable (found on non-running kernels) 2-Include kernel related vulnerabilities that are not exploitable (found on non-running kernels) 3-Include kernel related vulnerabilities that are exploitable (found on running kernels) 4-Include kernel related vulnerabilities |
| Service Filter | (Optional) Filter for identifying vulnerabilities found on running or non-running ports/services. You can choose from the following options: 0-Vulnerabilities are not filtered based on running ports/services 1-Exclude service related vulnerabilities that are not exploitable (found on non-running ports/services) 2-Include service related vulnerabilities that are not exploitable (found on non-running ports/services) 3-Include exploitable service related vulnerabilities (found on running ports/services) 4-Include service related vulnerabilities |
| Configuration Filter | (Optional) Filter for identifying vulnerabilities that might or might not be exploitable due to the current host configuration. You can choose from the following options: 0- Vulnerabilities are not filtered based on host configuration 1-Exclude vulnerabilities not exploitable due to host configuration 2-Include config related vulnerabilities that are not exploitable 3-Include config related vulnerabilities that are exploitable 4-Include config related vulnerabilities |
| Output Format | (Optional) Format of the host detection list output retrieved from Qualys. When you do not specify the output format, then the default output format is XML. Forllowing are valid output format values: XML, CSV, or CSV_No_Metadata. |
| Suppress Duplicated Data From CSV | (Optional) Clear this option, i.e., set it to False (default) to repeat host details in each line of detection information in the CSV output. When this option is selected, i.e., set to True, host details will not be repeated (suppressed) in each detection line.You must specify this parameter only if the output format is selected as CSV, or CSV_No_Metadata. |
| Truncation Limit | (Optional) Maximum number of host records that are processed per request from the Qualys cloud. By default, this is set to 1000 records. You can specify a value less than the default (1-999), or greater than the default (1001-1000000). |
| Maximum Days Since Detection Updated | (Optional) Retrieve only those detections from Qualys whose detection status ihs changed since some maximum number of days you specify. For detections that have never changed, the maximum number of days is applied as the last detection date. |
| Detection Updated Since | (Optional) Retrieve only those detections from Qualys whose detection status has changed after the date and time you have specified. For detections that have never changed the date is applied as the last detection date. |
| Detection Updated Before | (Optional) Retrieve only those detections from Qualys whose detection status has changed before the date and time you have specified. |
| Dectection Processed Before | (Optional) Retrieve only those detections from Qualys whose vulnerability scan results are processed before the date and time you have specified. |
| Dectection Processed After | (Optional) Retrieve only those detections from Qualys whose vulnerability scan results are processed after the date and time you have specified. |
| Download Result As an Attachment | (Optional) Select this option, i.e., set it to True to add detections with vulnerability scan results in a file and add it as an attachment in CyOPs™. Clear this option, i.e., set it to False (default) to include detections with vulnerability scan results in the connector output. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"HOST_LIST": {
"HOST": [
{
"ID": "",
"IP": "",
"TRACKING_METHOD": "",
"OS": "",
"DNS": "",
"DNS_DATA": {
"HOSTNAME": "",
"DOMAIN": "",
"FQDN": ""
},
"QG_HOSTID": "",
"LAST_SCAN_DATETIME": "",
"LAST_VM_SCANNED_DATE": "",
"LAST_VM_AUTH_SCANNED_DATE": "",
"DETECTION_LIST": {
"DETECTION": [
{
"UNIQUE_VULN_ID": "",
"QID": "",
"TYPE": "",
"SEVERITY": "",
"SSL": "",
"RESULTS": "",
"STATUS": "",
"FIRST_FOUND_DATETIME": "",
"LAST_FOUND_DATETIME": "",
"TIMES_FOUND": "",
"LAST_TEST_DATETIME": "",
"LAST_UPDATE_DATETIME": "",
"IS_IGNORED": "",
"IS_DISABLED": "",
"LAST_PROCESSED_DATETIME": ""
}
]
}
}
]
}
}
| Parameter | Description |
|---|---|
| Action | Action that you want to perform on the virtual host on the Qualys cloud. You must choose one of the following actions: Create: Creates a virtual host on the Qualys cloud. Update: Update or edit an existing virtual host on the Qualys cloud. Delete: Deletes a virtual host from the Qualys cloud. Add FQDN: Adds one or more FQDNs to an existing virtual host on the Qualys cloud. Delete FQDN: Removes one or more FQDNs from an existing virtual host on the Qualys cloud. |
| IP Address | IP address that you will use for virtual host configuration on the Qualys cloud. |
| Port | A port number that you will use for the virtual host configuration on the Qualys cloud. |
| Fully Qualified Domain Name | (Optional) One or more FQDNs that you will use for virtual host configuration on the Qualys cloud. Note: You must fill this field for all actions, except the Delete action. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": ""
}
| Parameter | Description |
|---|---|
| Port | (Optional) Retrieve details only for those hosts that have the port that you have specified in this field from the Qualys cloud. |
| IP Address | (Optional) Retrieve details only for those hosts that have the IP address that you have specified in this field from the Qualys cloud. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"VIRTUAL_HOST_LIST": {
"VIRTUAL_HOST": [
{
"IP": "",
"PORT": "",
"FQDN": ""
}
]
}
}
| Parameter | Description |
|---|---|
| Action | If you choose 'Add'
|
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": [
{
"KEY": "",
"VALUE": ""
}
]
}
}
| Parameter | Description |
|---|---|
| IPs/Ranges | (Optional) Retrieve the list of only for those excluded IP address(es) that you have specified in this field from the Qualys cloud. If you do not specify any IP addresses, then all excluded IP addresses and IP ranges are retrieved from the Qualys cloud. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-). |
| Network ID | (Optional) Retrieve the list of only for those excluded IP address(es) that belong to the Network ID that you have specified in this field from the Qualys cloud. Note: This parameter is valid only when the Network Support feature is enabled for the user's account. |
The output contains the following populated JSON schema:
{
"IP_SET": {
"IP": []
},
"DATETIME": ""
}
None.
The output contains the following populated JSON schema:
{
"OPTION_PROFILE": [
{
"BASIC_INFO": {
"ID": "",
"GROUP_NAME": "",
"GROUP_TYPE": "",
"USER_ID": "",
"UNIT_ID": "",
"SUBSCRIPTION_ID": "",
"IS_DEFAULT": "",
"IS_GLOBAL": "",
"IS_OFFLINE_SYNCABLE": "",
"UPDATE_DATE": ""
},
"SCAN": {
"PORTS": {
"TCP_PORTS": {
"TCP_PORTS_TYPE": "",
"THREE_WAY_HANDSHAKE": ""
},
"UDP_PORTS": {
"UDP_PORTS_TYPE": ""
},
"AUTHORITATIVE_OPTION": ""
},
"SCAN_DEAD_HOSTS": "",
"PERFORMANCE": {
"PARALLEL_SCALING": "",
"OVERALL_PERFORMANCE": "",
"HOSTS_TO_SCAN": {
"EXTERNAL_SCANNERS": "",
"SCANNER_APPLIANCES": ""
},
"PROCESSES_TO_RUN": {
"TOTAL_PROCESSES": "",
"HTTP_PROCESSES": ""
},
"PACKET_DELAY": "",
"PORT_SCANNING_AND_HOST_DISCOVERY": ""
},
"LOAD_BALANCER_DETECTION": "",
"VULNERABILITY_DETECTION": {
"COMPLETE": "",
"DETECTION_INCLUDE": {
"BASIC_HOST_INFO_CHECKS": "",
"OVAL_CHECKS": ""
}
},
"AUTHENTICATION": "",
"ADDL_CERT_DETECTION": ""
},
"MAP": {
"BASIC_INFO_GATHERING_ON": "",
"TCP_PORTS": {
"TCP_PORTS_STANDARD_SCAN": ""
},
"MAP_OPTIONS": {
"PERFORM_LIVE_HOST_SWEEP": "",
"DISABLE_DNS_TRAFFIC": ""
},
"MAP_PERFORMANCE": {
"OVERALL_PERFORMANCE": "",
"MAP_PARALLEL": {
"EXTERNAL_SCANNERS": "",
"SCANNER_APPLIANCES": "",
"NETBLOCK_SIZE": ""
},
"PACKET_DELAY": ""
},
"MAP_AUTHENTICATION": ""
},
"ADDITIONAL": {
"HOST_DISCOVERY": {
"TCP_PORTS": {
"STANDARD_SCAN": ""
},
"UDP_PORTS": {
"STANDARD_SCAN": ""
},
"ICMP": ""
},
"PACKET_OPTIONS": {
"IGNORE_FIREWALL_GENERATED_TCP_RST": "",
"IGNORE_ALL_TCP_RST": "",
"IGNORE_FIREWALL_GENERATED_TCP_SYN_ACK": "",
"NOT_SEND_TCP_ACK_OR_SYN_ACK_DURING_HOST_DISCOVERY": ""
}
}
}
]
}
| Parameter | Description |
|---|---|
| Scan Reference | (Optional) Scan reference code based on which you to retrieve the scanner appliances that are running a particular scan on Qualys. You can enter a valid scan reference code for a currently running scan. |
| Scanner Appliances's Name | (Optional) Name based on which you want to retrieve the list of scanner appliances (physical and virtual) from Qualys. If you specify a name, then this operation will return only those scanner appliances that have names matching the string that you have specified. |
| Scanner Appliance IDs | (Optional) IDs based on which you want to retrieve the list of scanner appliances (physical and virtual) from Qualys. If you specify IDs, then this operation will return only those scanner appliances that have IDs matching the IDs that you have specified. You can specify multiple IDs using a comma separator. |
| Busy | (Optional) If you do not select any of the following options, then all scanner appliances in the user account will be retrieved from Qualys: Show appliances which are not currently running scans (Default) Show appliances which are currently running scan |
| Scan Detail | (Optional) Select this option, i.e., set it to True to include scan details for scans currently running on the scanner appliance. Clear this option, i.e., set it to False (default) to exclude scan details. Scan detail includes scan ID, title, scan reference, scan type, and scan date. |
| Output Mode | (Optional) Amount of detail to be retrieved from Qualys for each scanner appliance in the output. You can select from the following options: Brief (default): Includes this information for each appliance: appliance ID, friendly name, software version, the number of running scans, and heartbeat check status (online or offline) Full : includes the full appliance information, including the same details available in the Qualys user interface If you choose Full, then you can optionally specify the following parameters: If you choose 'Full'
|
| Include License Information | (Optional) Select this option, i.e., set it to True to include virtual scanner license information. Clear this option, i.e., set it to False (default) to exclude virtual scanner license information. License information includes the number of licenses you have and the number of licenses you have used. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"APPLIANCE_LIST": {
"APPLIANCE": [
{
"ID": "",
"UUID": "",
"NAME": "",
"SOFTWARE_VERSION": "",
"RUNNING_SLICES_COUNT": "",
"RUNNING_SCAN_COUNT": "",
"STATUS": "",
"MODEL_NUMBER": "",
"TYPE": "",
"SERIAL_NUMBER": "",
"ACTIVATION_CODE": "",
"INTERFACE_SETTINGS": [
{
"INTERFACE": "",
"IP_ADDRESS": "",
"NETMASK": "",
"GATEWAY": "",
"LEASE": "",
"SPEED": "",
"DUPLEX": "",
"DNS": {
"DOMAIN": "",
"PRIMARY": "",
"SECONDARY": ""
}
},
{
"SETTING": "",
"INTERFACE": "",
"IP_ADDRESS": "",
"NETMASK": "",
"GATEWAY": "",
"LEASE": "",
"SPEED": "",
"DUPLEX": "",
"DNS": {
"PRIMARY": "",
"SECONDARY": ""
}
}
],
"PROXY_SETTINGS": {
"SETTING": "",
"PROXY": {
"IP_ADDRESS": "",
"PORT": "",
"USER": ""
}
},
"ML_LATEST": "",
"ML_VERSION": "",
"VULNSIGS_LATEST": "",
"VULNSIGS_VERSION": "",
"ASSET_GROUP_COUNT": "",
"ASSET_GROUP_LIST": {
"ASSET_GROUP": {
"ID": "",
"NAME": ""
}
},
"ASSET_TAGS_LIST": {
"ASSET_TAG": [
{
"UUID": "",
"NAME": ""
}
]
},
"LAST_UPDATED_DATE": "",
"POLLING_INTERVAL": "",
"USER_LOGIN": "",
"HEARTBEATS_MISSED": "",
"SS_CONNECTION": "",
"SS_LAST_CONNECTED": "",
"USER_LIST": "",
"UPDATED": "",
"COMMENTS": "",
"RUNNING_SCANS": {
"SCAN": {
"ID": "",
"TITLE": "",
"REF": "",
"TYPE": "",
"SCAN_DATE": ""
}
},
"MAX_CAPACITY_UNITS": ""
}
]
}
}
| Parameter | Description |
|---|---|
| Scan Title | (Optional) Title of the vulnerability scan that you want to run on the Qualys cloud. |
| Option Profile | Option based on which you want to run the vulnerability scan on the Qualys cloud. You must select Option ID or Option Title. If you choose 'Option ID'
|
| Processing Priority | (Optional) Processing priority level for the vulnerability scan that you want to run on the Qualys cloud. You can select any value between 0-9. If you do not choose any value, then the value of 0, i.e. no priority is assigned You can select from one of the following values: 0: No Priority (default value) 1: Emergency 2: Ultimate 3: Critical 4: Major 5: High 6: Standard 7: Medium 8: Minor 9: Low |
| Scanner Appliance | (Optional) Scanner Appliance that you want to use for the vulnerability scan that you want to run on the Qualys cloud. You must select Scanner ID or Scanner Name. If you choose 'Scanner ID'
|
| Default Scanner | (Optional) Select this option, i.e., set it to True, if you want to use the default scanner in each target asset group for the scan that you want to run on the Qualys cloud. |
| Choose Target Host to Scan From | (Optional) Assets: Specify the IP addresses/ranges and/or asset groups that you want to scan on the Qualys cloud. Tags: Specify the asset tags based on which you want to run the scan on the Qualys cloud. If you choose 'Assets'
|
| Runtime Http Header | (Optional) Sets a custom value in order to drop defenses (such as logging, IPs, etc.) when an authorized scan is being run. The value you enter will be used in the “Qualys-Scan:” header that will be set for many CGI and web application fingerprinting checks. Some discovery and web server fingerprinting checks will not use this header. |
| IP Network ID | (Optional) ID of a network used to filter the IP addresses or IP ranges specified in the IPs/Ranges parameter. Specify a custom network ID, or specify 0, which is the default for the Global Default Network - this is used to scan hosts outside of your custom networks. Note: This parameter is valid only when the Network Support feature is enabled for the user's account |
| Client ID | (Optional) Specify the ID of client (Consultant type subscription only) to be used for launching the scan. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": [
{
"KEY": "",
"VALUE": ""
}
]
}
}
| Parameter | Description |
|---|---|
| Scan Reference | (Optional) Scan Reference for which you want to retrieve vulnerability scan details from the Qualys cloud. For a vulnerability scan, the format is: scan/987659876.19876 |
| Scan State | (Optional) Scan state(s) for which you want to retrieve vulnerability scan details from the Qualys cloud. Select one or more scan states from the available options: Running, Paused, Canceled, Finished, Error, Queued (scan job is waiting to be distributed to scanner(s), or Loading (scanner(s) are finished, and scan results are being loaded onto the platform). |
| Scan Type | (Optional) Type of scan or which you want to retrieve vulnerability scan details from the Qualys cloud. You can select one of the following options: On Demand, Scheduled, or API. |
| Target IPs | (Optional) IP addresses whose vulnerability scan details you want to retrieve from the Qualys cloud. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-). |
| User Who Launched Scan | (Optional) Vulnerability scan details will be retrieved from the Qualys cloud based on the user login that you specify in this field. |
| Show Scan Launched After Datetime | (Optional) Retrieve vulnerability scan details for all vulnerability scans that were launched after the datetime you have specified in this field from the Qualys cloud. |
| Show Scan Launched Before Datetime | (Optional) Retrieve vulnerability scan details for all vulnerability scans that were launched before the datetime you have specified in this field from the Qualys cloud. |
| Processed Scan | (Optional) Process state(s) of the vulnerability scans whose details you want to retrieve from the Qualys cloud. You can select Show only Processed scans or Show scans that are not Processed scans. If you do not specify any option, then the scan list output is not filtered based on the processed state. |
| Show Asset Group Information | (Optional) Select this option, i.e., set it to True, to include asset group information for each vulnerability scan in the output. By default, this is set to False, and the asset group information is not included in the output. |
| Show Option Profile Information | (Optional) Select this option, i.e., set it to True, to include option profile information for each vulnerability scan in the output. By default, this is set to False, and the option profile information is not included in the output. |
| Show Scan Status | (Optional) Select this option, i.e., set it to True, to include the status information for each vulnerability scan in the output. By default, this is set to True. |
| Show Most Recent Scan | (Optional) Select this option, i.e., set it to True, to include only the most recent vulnerability scan (which meets all other search filters in the request) information in the output. By default, this is set to False, and all vulnerability scans are included in the output. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"SCAN_LIST": {
"SCAN": [
{
"REF": "",
"TYPE": "",
"TITLE": "",
"USER_LOGIN": "",
"LAUNCH_DATETIME": "",
"DURATION": "",
"PROCESSING_PRIORITY": "",
"PROCESSED": "",
"STATUS": {
"STATE": "",
"SUB_STATE": ""
},
"TARGET": ""
}
]
}
}
| Parameter | Description |
|---|---|
| Scan Reference | (Optional) Scan Reference for which you want to retrieve vulnerability management scan results from the Qualys cloud. Format for this field is: scan/987659876.19876 |
| IPs/Ranges | (Optional) IP addresses whose vulnerability management scan results you want to retrieve from the Qualys cloud. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-). |
| Scan Result Details | (Optional) Mode based on which information of the vulnerability management scan results will be retrieved from the Qualys cloud. You can enter choose from the following options: Brief: This is the default option, and it includes the IP address, DNS hostname, NetBIOS hostname, QID and scan test results if applicable. Extended: Includes the brief output plus following extended information: protocol, port, an SSL flag (“yes” is returned when SSL was used for the detection, “no” is returned when SSL was not used), and FQDN if applicable. |
| Download Result As an Attachment | (Optional) Select this option, i.e., set it to True to download VM scan results in a file and add it as an attachment in CyOPs™. The VM scan must have the status “Finished”, “Canceled”, “Paused” or “Error” in order to download the scan results. Clear this option, i.e., set it to False (default) to include VM scan results in the connector output. |
The output contains the following populated JSON schema:
{
"result": [
{
"instance": "",
"result": "",
"ssl": "",
"port": "",
"qid": "",
"fqdn": "",
"netbios": "",
"protocol": "",
"dns": "",
"ip": ""
}
]
}
| Parameter | Description |
|---|---|
| Action | Action that you want to perform on the vulnerability scan that you want to manage on the Qualys cloud. You must choose one of the following actions: Cancel: Stops a vulnerability scan that is in progress on the Qualys cloud. Pause: Stops a vulnerability scan that is in progress on the Qualys cloud and changes its status to Paused. Resume: Restarts a vulnerability scan that has been paused on the Qualys cloud. Delete: Deletes a vulnerability scan from your user account on the Qualys cloud. |
| Scan Reference | Reference of the vulnerability scan that you want to manage, i.e., on which you want to perform the specified action on the Qualys cloud. Format for this field is: scan/987659876.19876 |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": [
{
"KEY": "",
"VALUE": ""
}
]
}
}
| Parameter | Description |
|---|---|
| Scan Title | (Optional) Title of the compliance scan that you want to run on the Qualys cloud. |
| Option Profile | Option based on which you want to run the compliance scan on the Qualys cloud. You must select Option ID or Option Title. If you choose 'Option ID'
|
| Scanner Appliance | (Optional) Scanner Appliance that you want to use for the compliance scan that you want to run on the Qualys cloud. You must select Scanner ID or Scanner Name. If you choose 'Scanner ID'
|
| Default Scanner | (Optional) Select this option, i.e., set it to True, if you want to use the default scanner in each target asset group for the scan that you want to run on the Qualys cloud. |
| Choose Target Host to Scan From | (Optional) Targets on which you want to run the compliance scan on the Qualys cloud. You must select Assets or Tags. Assets: Specify the IP addresses/ranges and/or asset groups that you want to scan on the Qualys cloud. Tags: Specify the asset tags based on which you want to run the scan on the Qualys cloud. If you choose 'Assets'
|
| Runtime HTTP Header | (Optional) |
| IP Network ID | (Optional) ID of a network used to filter the IP addresses or IP ranges specified in the IPs/Ranges parameter. Specify a custom network ID, or specify 0, which is the default for the Global Default Network - this is used to scan hosts outside of your custom networks. Note: This parameter is valid only when the Network Support feature is enabled for the user's account |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": [
{
"KEY": "",
"VALUE": ""
}
]
}
}
| Parameter | Description |
|---|---|
| Scan ID | (Optional) ID of the scan for which you want to retrieve compliance scan details from the Qualys cloud. |
| Scan Reference | (Optional) Scan Reference for which you want to retrieve compliance scan details from the Qualys cloud. For a compliance scan, the format is: compliance/98765456.12345 |
| Scan State | (Optional) Scan state(s) for which you want to retrieve compliance scan details from the Qualys cloud. Select one or more scan states from the available options: Running, Paused, Canceled, Finished, Error, Queued (scan job is waiting to be distributed to scanner(s), or Loading (scanner(s) are finished, and scan results are being loaded onto the platform). |
| Scan Type | (Optional) Type of scan or which you want to retrieve compliance scan details from the Qualys cloud. You can select one of the following options: On Demand, Scheduled, or API. |
| Target IPs | (Optional) IP addresses whose compliance scan details you want to retrieve from the Qualys cloud. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-). |
| User Who Launched Scan | (Optional) Compliance scan details will be retrieved from the Qualys cloud based on the user login that you specify in this field. |
| Show Scan Launched After Datetime | (Optional) Retrieve compliance scan details for all vulnerability scans that were launched after the datetime you have specified in this field from the Qualys cloud. |
| Show Scan Launched Before Datetime | (Optional) Retrieve compliance scan details for all vulnerability scans that were launched after the datetime you have specified in this field from the Qualys cloud. |
| Processed Scans | (Optional) Process state(s) of the compliance scans whose details you want to retrieve from the Qualys cloud. You can select Show only Processed scans or Show scans that are not Processed scans. If you do not specify any option, then the scan list output is not filtered based on the processed state. |
| Show Asset Group Information | (Optional) Select this option, i.e., set it to True, to include asset group information for each compliance scan in the output. By default, this is set to False, and the asset group information is not included in the output. |
| Show Option Profile Information | (Optional) Select this option, i.e., set it to True, to include option profile information for each compliance scan in the output. By default, this is set to False, and the option profile information is not included in the output. |
| Show Scan Status | (Optional) Select this option, i.e., set it to True, to include the status information for each compliance scan in the output. By default, this is set to True. |
| Show Most Recent Scan | (Optional) Select this option, i.e., set it to True, to include only the most recent compliance scan (which meets all other search filters in the request) information in the output. By default, this is set to False, and all vulnerability scans are included in the output. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"SCAN_LIST": {
"SCAN": [
{
"ID": "",
"REF": "",
"TYPE": "",
"TITLE": "",
"USER_LOGIN": "",
"LAUNCH_DATETIME": "",
"DURATION": "",
"PROCESSED": "",
"STATUS": {
"STATE": ""
},
"TARGET": "",
"ASSET_GROUP_TITLE_LIST": {
"ASSET_GROUP_TITLE": ""
},
"OPTION_PROFILE": {
"TITLE": "",
"DEFAULT_FLAG": ""
}
}
]
}
}
| Parameter | Description |
|---|---|
| Scan Reference | (Optional) Reference of the scan for which you want to download compliance management scan results from the Qualys cloud. Format for this field is: scan/987659876.19876 |
| Download Result As an Attachment | (Optional) Select this option, i.e., set it to True to download PC scan results in a file and add it as an attachment in CyOPs™. The PC scan must have the status Finished in order to download the scan results.Clear this option, i.e., set it to False (default) to include PC scan results in the connector output. |
The output contains the following populated JSON schema:
{
"HEADER": {
"OPTION_PROFILE": {
"OPTION_PROFILE_TITLE": ""
},
"COMPANY_INFO": {
"CITY": "",
"STATE": "",
"ADDRESS": "",
"COUNTRY": "",
"NAME": "",
"ZIP_CODE": ""
},
"GENERATION_DATETIME": "",
"NAME": "",
"ASSET_GROUPS": {
"ASSET_GROUP": {
"ASSET_GROUP_TITLE": ""
}
},
"KEY": [],
"USER_INFO": {
"NAME": "",
"ROLE": "",
"USERNAME": ""
}
},
"APPENDIX": {
"OS_AUTH_BASED_TECHNOLOGY_LIST": "",
"TARGET_DISTRIBUTION": {
"SCANNER": {
"NAME": "",
"HOSTS": ""
}
},
"TARGET_HOSTS": {
"HOSTS_NOT_ALIVE": "",
"HOSTS_SCANNED": ""
}
}
}
| Parameter | Description |
|---|---|
| Action | Action that you want to perform on the compliance scan that you want to manage on the Qualys cloud. You must choose one of the following actions: Cancel: Stops a compliance scan that is in progress on the Qualys cloud. Pause: Stops a compliance scan that is in progress on the Qualys cloud and changes its status to Paused. Resume: Restarts a compliance scan that has been paused on the Qualys cloud. Delete: Deletes a compliance scan from your user account on the Qualys cloud. |
| Scan Reference | Reference of the compliance scan that you want to manage, i.e., on which you want to perform the specified action on the Qualys cloud. Format for this field is: compliance/98765456.12345 |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": [
{
"KEY": "",
"VALUE": ""
}
]
}
}
| Parameter | Description |
|---|---|
| Scan ID | (Optional) ID of the scan whose scan schedule you want to retrieve from the Qualys cloud. |
| Show Active/Deactive Schedule Scans | (Optional) You can select Show Deactivated Schedules or Show Active Schedules whose details you want to retrieve from the Qualys cloud. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"SCHEDULE_SCAN_LIST": {
"SCAN": [
{
"ID": "",
"ACTIVE": "",
"TITLE": "",
"USER_LOGIN": "",
"TARGET": "",
"ISCANNER_NAME": "",
"USER_ENTERED_IPS": {
"RANGE": [
{
"START": "",
"END": ""
},
{
"START": "",
"END": ""
}
]
},
"OPTION_PROFILE": {
"TITLE": "",
"DEFAULT_FLAG": ""
},
"PROCESSING_PRIORITY": "",
"SCHEDULE": {
"WEEKLY": "",
"START_DATE_UTC": "",
"START_HOUR": "",
"START_MINUTE": "",
"NEXTLAUNCH_UTC": "",
"TIME_ZONE": {
"TIME_ZONE_CODE": "",
"TIME_ZONE_DETAILS": ""
},
"DST_SELECTED": "",
"MAX_OCCURRENCE": ""
}
}
]
}
}
| Parameter | Description |
|---|---|
| CVE ID | (Optional) Specify the CVE ID whose details you want to fetch from Qualys.You can specify multiple CVE as comma-separated values. |
| Details | (Optional) Amount of vulnerability information that you want to retrieve from the Qualys cloud. You can choose from the following values: Basic (Default): Retrieves basic vulnerability information that includes basic elements plus CVSS Base and Temporal scores All: Retrieves all vulnerability information that includes all vulnerability details, including the Basic details from the Qualys cloud. None: Retrieves only the vulnerability IDs from the Qualys cloud |
| QIDs | (Optional) QIDs whose vulnerability information you want to retrieve from the Qualys cloud. In this case, vulnerability information of only those QIDs that have specified will be retrieved from the Qualys cloud. You can enter multiple hosts using a comma separator, or you can add a range of hosts using a hyphen (-). |
| Minimum QID | (Optional) Minimum QID value based on which you want to retrieve vulnerability information from the Qualys cloud. |
| Maximum QID | (Optional) Maximum QID value based on which you want to retrieve vulnerability information from the Qualys cloud. |
| Is Patchable | (Optional) Filter the output to include only vulnerabilities that are patchable or not patchable. You can choose from the following options: Show Vulnerabilities that are Patchable Show Vulnerabilities that are Not Patchable |
| Last Modified After | (Optional) Filter the output to include only those vulnerabilities that have been last modified after the datetime you have specified. The list of vulnerabilities will include vulnerabilities last modified by a user or by the service. |
| Last Modified Before | (Optional) Filter the output to include only those vulnerabilities that have been last modified before the datetime you have specified. The list of vulnerabilities will include vulnerabilities last modified by a user or by the service. |
| Last Modified By User After | (Optional) Filter the output to include only those vulnerabilities that have been last modified by the user after the datetime you have specified. |
| Last Modified By User Before | (Optional) Filter the output to include only those vulnerabilities that have been last modified by the user before the datetime you have specified. |
| Last Modified By Service After | (Optional) Filter the output to include only those vulnerabilities that have been last modified by the service after the datetime you have specified. |
| Last Modified By Service Before | (Optional) Filter the output to include only those vulnerabilities that have been last modified by the service before the datetime you have specified. |
| Published After | (Optional) Filter the output to include only those vulnerabilities that have been published after the datetime you have specified. |
| Published Before | (Optional) Filter the output to include only those vulnerabilities that have been published before the datetime you have specified. |
| Discovery Method | (Optional) Filter the output to include only those vulnerabilities that are assigned the specified discovery method. You can choose from the following options: Remote Authenticated Remote Only Authenticated Only |
| Discovery Authentication Types | (Optional) Filter the XML output to include only those vulnerabilities that have one or more specified authentication types. You can choose multiple values from the following options: Windows Oracle Unix SNMP DB2 HTTP MySQL VMware |
| Show PCI Reasons | (Optional) Select this option, i.e., set it to True,to include the reasons for passing or failing PCI compliance (when the CVSS Scoring feature is turned on in the user's subscription) in the output. Clear this option, i.e., set to False (default) to exclude the reasons the reasons for passing or failing PCI compliance from the output. |
| Show Supported Modules Information | (Optional) Select this option, i.e., set it to True, to include the supported Qualys modules that can be used to detect each vulnerability in the output. Clear this option, i.e., set to False (default) to exclude the supported modules from the output. |
| Show Disabled Flag | (Optional) Select this option, i.e., set it to True, to include the disabled flag for each vulnerability in the output. Clear this option, i.e., set to False (default) to exclude the disabled flag for each vulnerability from the output. |
| Show QID Change Log | (Optional) Select this option, i.e., set it to True, to include QID changes for each vulnerability in output. Clear this option, i.e., set to False (default) to exclude QID changes for each vulnerability from the output |
| Download Result As an Attachment | (Optional) Select this option, i.e., set it to True to add vulnerability results in a file and add it as an attachment in CyOPs™. Clear this option, i.e., set it to False (default) to include vulnerability results in the connector output. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"VULN_LIST": {
"VULN": [
{
"QID": "",
"VULN_TYPE": "",
"SEVERITY_LEVEL": "",
"TITLE": "",
"CATEGORY": "",
"LAST_SERVICE_MODIFICATION_DATETIME": "",
"PUBLISHED_DATETIME": "",
"BUGTRAQ_LIST": {
"BUGTRAQ": [
{
"ID": "",
"URL": ""
}
]
},
"PATCHABLE": "",
"SOFTWARE_LIST": {
"SOFTWARE": {
"PRODUCT": "",
"VENDOR": ""
}
},
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": {
"ID": "",
"URL": ""
}
},
"CVE_LIST": {
"CVE": [
{
"ID": "",
"URL": ""
}
]
},
"DIAGNOSIS": "",
"CONSEQUENCE": "",
"SOLUTION": "",
"PCI_FLAG": "",
"DISCOVERY": {
"REMOTE": "",
"AUTH_TYPE_LIST": {
"AUTH_TYPE": ""
},
"ADDITIONAL_INFO": ""
}
}
]
}
}
None.
The output contains the following populated JSON schema:
{
"REPORT_TEMPLATE": [
{
"ID": "",
"TYPE": "",
"TEMPLATE_TYPE": "",
"TITLE": "",
"USER": {
"LOGIN": "",
"FIRSTNAME": "",
"LASTNAME": ""
},
"LAST_UPDATE": "",
"GLOBAL": ""
}
]
}
| Parameter | Description |
|---|---|
| Scheduled Report ID | ID of the scheduled report that you want to launch on the Qualys cloud. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Template ID | ID of the template of the scan-based findings report that you want to launch on the Qualys cloud. |
| Report Title | (Optional) Title of the scan-based findings report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters. |
| Scan References | Scan Reference based on which you want to launch the scan-based findings report on the Qualys cloud. Format for this field is: scan/1532543415.81997 You can enter multiple scan references using a comma separator. |
| Output Format | Format of the scan-based findings report that you want to launch on the Qualys cloud. You can choose from the following options: PDF HTML MHT XMLbCSV Docx Note: Based on the output format that you choose, you might require to specify other parameters. For the PDF output, enter the following parameters: In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account. In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. For the CSV output, you can select the Hide Header checkbox, i.e., set it to True, to omit the header information from the report. By default, this is set to False, i.e., Header information is included in the report If you choose 'CSV'
|
| IP Restriction | (Optional) Important: Currently, this functionality is not available for this report type. Qualys might provide this functionality in the future. This field is used to restrict the scan report content to only the IP addresses you have specified. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-). |
| Use Tags | (Optional) Select this option, i.e., set it to True, to include assets tags in the scan-based findings report. By default, this is set to False, i.e., to include IP addresses/ranges and/or asset groups in the report. If you set the Use Tags parameter as True, then you can optionally specify the following parameters: If you choose 'False'
|
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Template ID | ID of the template of the host-based findings report that you want to launch on the Qualys cloud. |
| Report Title | (Optional) Title of the host-based findings report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters. |
| Output Format | Format of the scan-based findings report that you want to launch on the Qualys cloud. You can choose from the following options: PDF HTML MHT XMLbCSV Docx Note: Based on the output format that you choose, you might require to specify other parameters. For the PDF output, enter the following parameters: In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account. In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. For the CSV output, you can select the Hide Header checkbox, i.e., set it to True, to omit the header information from the report. By default, this is set to False, i.e., Header information is included in the report If you choose 'CSV'
|
| IPs Network ID | (Optional) Enter the IPs network ID to restrict the scan report content to only the IPs network ID you have specified. |
| Use Tags | (Optional) Select this option, i.e., set it to True, to include assets tags in the host-based findings report. By default, this is set to False, i.e., to include IP addresses/ranges and/or asset groups in the host-based findings report. If you set the Use Tags parameter as True, then you can optionally specify the following parameters: If you choose 'False'
|
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Template ID | ID of the template of the patch report that you want to launch on the Qualys cloud. |
| Report Title | (Optional) Title of the patch report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters. |
| Output Format | Format of the patch report that you want to launch on the Qualys cloud. You can choose from the following options: PDF Online XML CSV Note: Based on the output format that you choose, you might require to specify other parameters. For the PDF output, enter the following parameters: In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account. In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. For the CSV output, you can select the Hide Header checkbox, i.e., set it to True, to omit the header information from the report. By default, this is set to False, i.e., Header information is included in the report If you choose 'CSV'
|
| Use Tags | (Optional) Select this option, i.e., set it to True, to include assets tags in the patch report. By default, this is set to False, i.e., to include IP addresses/ranges and/or asset groups in the report. If you choose 'False'
|
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Template ID | ID of the template of the remediation report that you want to launch on the Qualys cloud. |
| Report Title | (Optional) Title of the remediation report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters. |
| Output Format | Format of the remediation report that you want to launch on the Qualys cloud. You can choose from the following options: PDF HTML MHT CSV Note: Based on the output format that you choose, you might require to specify other parameters. For the PDF output, enter the following parameters: In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account. In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. For the CSV output, you can select the Hide Header checkbox, i.e., set it to True, to omit the header information from the report. By default, this is set to False, i.e., Header information is included in the report If you choose 'CSV'
|
| Assignee Type | Select User in this field to specify that the remediation report will include tickets that are assigned to the current user only (User is set by default). Select All in this field to specify that the remediation report will include all the tickets in the user's account. |
| Use Tags | (Optional) Select this option, i.e., set it to True, to include assets tags in the report. By default, this is set to False, i.e., to include IP addresses/ranges and/or asset groups in the remediation report. If you set the Use Tags parameter as True, then you can optionally specify the following parameters: If you choose 'False'
|
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Template ID | ID of the template of the compliance report that you want to launch on the Qualys cloud. |
| Report Title | (Optional) Title of the compliance report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters. |
| Output Format | Format of the compliance report that you want to launch on the Qualys cloud. You can choose from the following options: PDF HTML MHT CSV Note: Based on the output format that you choose, you might require to specify other parameters. For the PDF output, enter the following parameters: In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account. In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. For the CSV output, you can select the Hide Header checkbox, i.e., set it to True, to omit the header information from the report. By default, this is set to False, i.e., Header information is included in the report If you choose 'CSV'
|
| Scan References | (Optional) (Required for PCI compliance report) For a PCI compliance report, either the technical or executive report, this parameter specifies the scan reference to include. The scan reference must be for a scan that was run using the PCI Options profile. Only one scan reference may be specified. Format for this field is: scan/1532543415.81997 |
| IPs/Ranges | (Optional) IP addresses or a range of IP addresses based on which you want to launch the compliance report on the Qualys cloud. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-). |
| Asset Group IDS | (Optional) Asset Group IDs based on which you want to launch the compliance report on the Qualys cloud. You can enter multiple IDs using a comma separator, or you can add a range of IDs using a hyphen (-). |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Template ID | ID of the template of the compliance policy report that you want to launch on the Qualys cloud. |
| Report Title | (Optional) Title of the compliance policy report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters. |
| Output Format | Format of the compliance policy report that you want to launch on the Qualys cloud. You can choose from the following options: PDF HTML MHT XML CSV Note: Based on the output format that you choose, you might require to specify other parameters. For the PDF output, enter the following parameters: In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account. In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. For the CSV output, you can select the Hide Header checkbox, i.e., set it to True, to omit the header information from the report. By default, this is set to False, i.e., Header information is included in the report If you choose 'CSV'
|
| Policy ID | ID of the compliance policy based on which you want to launch the compliance policy report on the Qualys cloud. |
| Host ID | (Optional) ID of the host, if you want to launch the compliance policy report on the Qualys cloud based on only a single host instance. Important: Specify the Host ID parameter, if you are specifying the Instance String parameter. |
| Instance String | (Optional) Single instance on the host that you have specified. You can enter the instance string in the format as: “os” or in a a string-like format: “oracle10:1:1521:ora10204u” |
| Use Tags | (Optional) Select this option, i.e., set it to True, to include assets tags in the compliance policy report. By default, this is set to False, i.e., to include IP addresses/ranges and/or asset groups in the compliance report. If you set the Use Tags parameter as True, then you can optionally specify the following parameters: If you choose 'False'
|
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Scorecard Type | Type of the vulnerability scorecard report you want to launch on the Qualys cloud. You can choose from the following options: Service Provided Scorecard or User Created Scorecard. If you choose 'Service Provided Scorecard'
|
| Report Title | (Optional) Title of the scorecard report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters. Note: If you do not specify a report title, then the scorecard name will become the report title also. |
| Output Format | Format of the scorecard policy report that you want to launch on the Qualys cloud. You can choose from the following options: You can choose from the following options: PDF HTML MHT XML CSV Note: Based on the output format that you choose, you might require to specify other parameters. For the PDF output, enter the following parameters: In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account. In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. For the CSV output, you can select the Hide Header checkbox, i.e., set it to True, to omit the header information from the report. By default, this is set to False, i.e., Header information is included in the report If you choose 'CSV'
|
| Source | (Optional) Source asset groups based on which you want to launch the scorecard report on the Qualys cloud. You can choose from the following options: Asset Groups: This is the default option and select this option launch a scorecard report with all assets groups. Business Unit: Select this option to launch a scorecard report with all assets groups in a particular business unit. Note: Based on the source that you choose, you might require to specify other parameters. If you choose 'Asset Groups'
|
| Patch QIDs | (Optional) Patch QIDs for vulnerabilities or potential vulnerabilities with available patches, when these detected on the host, this means the host does not have the patches installed, and it will be reported in the scorecard output. You can enter multiple patch QIDs, up to a maximum of 10, using a comma separator. Note: Valid and required in case of a Patch Scorecard Report. |
| Missing QIDs | (Optional) Missing software QIDs when not detected on host means the host is missing software and it will be reported in the scorecard output. You can enter multiple patch QIDs, up to a maximum of 2, using a comma separator. Note: Valid and required in case of a Patch Scorecard Report. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Report ID | ID of a saved report that you want to download in the user's account on the Qualys cloud. Note: To download a saved report, the status of the report must be Finished. |
The output contains the following populated JSON schema:
{
"name": "",
"@id": "",
"type": "",
"file": {
"uploadDate": "",
"@type": "",
"@id": "",
"file": {
"@type": ""
},
"owners": "",
"@context": "",
"filename": "",
"metadata": "",
"size": "",
"mimeType": ""
},
"createDate": "",
"description": "",
"modifyUser": {
"avatar": "",
"@id": "",
"modifyDate": "",
"userType": "",
"createDate": "",
"modifyUser": "",
"@type": "",
"@settings": "",
"createUser": "",
"id": "",
"userId": "",
"name": ""
},
"@type": "",
"@context": "",
"modifyDate": "",
"createUser": {
"avatar": "",
"@id": "",
"modifyDate": "",
"userType": "",
"createDate": "",
"modifyUser": "",
"@type": "",
"@settings": "",
"createUser": "",
"id": "",
"userId": "",
"name": ""
},
"id": ""
}
| Parameter | Description |
|---|---|
| Report ID | (Optional) ID of the report that is saved in the user's Report Share storage space, whose details you want to retrieve from the Qualys cloud. |
| Report State | (Optional) State of the report that is saved in the user's Report Share storage space, whose details you want to retrieve from the Qualys cloud. You can select from the available options: Running (reports are in progress), Finished, Submitted, Canceled or Errors. |
| User User Who Launched Report | (Optional) Login of the user who has launched the report in the user's Report Share, whose details you want to retrieve from the Qualys cloud. |
| Show Reports Expires Before Datetime | (Optional) Retrieve those reports from the Qualys cloud that expire before the datetime that you specify in this field. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"REPORT_LIST": {
"REPORT": [
{
"ID": "",
"TITLE": "",
"TYPE": "",
"USER_LOGIN": "",
"LAUNCH_DATETIME": "",
"OUTPUT_FORMAT": "",
"SIZE": "",
"STATUS": {
"STATE": ""
},
"EXPIRATION_DATETIME": ""
}
]
}
}
| Parameter | Description |
|---|---|
| Report ID | (Optional) ID of the scheduled report that is saved in the user's Report Share storage space, whose details you want to retrieve from the Qualys cloud. |
| Is Active | (Optional) Filter the output to include only reports that are Active or Inactive. You can choose from the following options: List Active Scheduled Reports only List Inactive Scheduled Reports only |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"SCHEDULE_REPORT_LIST": {
"REPORT": [
{
"ID": "",
"TITLE": "",
"OUTPUT_FORMAT": "",
"TEMPLATE_TITLE": "",
"ACTIVE": "",
"SCHEDULE": {
"DAILY": "",
"START_DATE_UTC": "",
"START_HOUR": "",
"START_MINUTE": "",
"TIME_ZONE": {
"TIME_ZONE_CODE": "",
"TIME_ZONE_DETAILS": ""
},
"DST_SELECTED": "",
"MAX_OCCURRENCE": ""
}
}
]
}
}
| Parameter | Description |
|---|---|
| Report ID | ID of a saved report that you want to delete from the user's account on the Qualys cloud. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Search List ID | (Optional) Specify search list ID to fetch its details. You can specify multiple IDs as comma separated values. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"STATIC_LISTS": {
"STATIC_LIST": [
{
"ID": "",
"QIDS": {
"QID": []
},
"OWNER": "",
"TITLE": "",
"GLOBAL": "",
"CREATED": "",
"COMMENTS": "",
"MODIFIED": "",
"MODIFIED_BY": ""
}
]
}
}
| Parameter | Description |
|---|---|
| Title | Specify a user defined search list title. Maximum is 256 characters (ascii). |
| QIDs | Specify QIDs to include in the search list. Ranges are allowed. You can specify multiple IDs as comma separated values. |
| Make global search list | (Optional) Select this option, i.e., set it to True, to make this a global search list that makes it available to all subscription users. By default, this is set to False. |
| Comments | (Optional) Specify the comments to include in static search list. |
The output contains the following populated JSON schema:
{
"TEXT": "",
"DATETIME": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Search List ID | Specify the ID of the search list you want to update. |
| Title | (Optional) Specify a user defined search list title. Maximum is 256 characters (ascii). |
| Make global search list | (Optional) Select this option, i.e., set it to True, to make this a global search list that makes it available to all subscription users. By default, this is set to False. |
| Operation to Perform on QIDs | (Optional) Select an operation to perform on the QIDs. You can choose from the following options:
|
| Comments | (Optional) Specify the comments to include in static search list. |
The output contains the following populated JSON schema:
{
"TEXT": "",
"DATETIME": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Search List ID | Specify the ID of the search list you want to delete. |
The output contains the following populated JSON schema:
{
"TEXT": "",
"DATETIME": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Title | Specify the title with which you want to create vm option profile. |
| Scan TCP Ports | Select the scan type for scanning TCP ports. You can choose from the following options:
NOTE: Qualys scans only the standard list of ports unless a different option is selcted in the profile. |
| Scan UDP Ports | Select the scan type for scanning UDP ports. You can choose from the following options:
NOTE: Qualys scans only the standard list of ports unless a different option is selcted in the profile. |
| Vulnerability Detection | Select the scan type for scanning vulnerabilities. You can choose from the following options:
NOTE: Qualys scans only the standard list of ports unless a different option is selcted in the profile. |
| Basic Information Gathering | Select the basic information gathering type. You can choose from the following options:
|
| Additional Parameters | (Optional) Specify additional parameters with which to create a VM option profile in Qualys. For more information, refer to the section Create VM Option Profile in the Qualys API documentation available at https://cdn2.qualys.com/docs/qualys-api-vmpc-user-guide.pdf. |
The output contains the following populated JSON schema:
{
"TEXT": "",
"DATETIME": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Option Profile ID | Specify the ID of the option profile you want to update. |
| Additional Parameters | (Optional) Specify additional parameters to update VM option profile in Qualys. |
The output contains the following populated JSON schema:
{
"TEXT": "",
"DATETIME": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Additional Parameters | (Optional) Specify additional parameters with which to filter VM option profile in Qualys. |
The output contains the following populated JSON schema:
{
"OPTION_PROFILE": [
{
"MAP": {
"MAP_OPTIONS": {
"DISABLE_DNS_TRAFFIC": "",
"PERFORM_LIVE_HOST_SWEEP": ""
},
"MAP_PERFORMANCE": {
"MAP_PARALLEL": {
"NETBLOCK_SIZE": "",
"EXTERNAL_SCANNERS": "",
"SCANNER_APPLIANCES": ""
},
"PACKET_DELAY": "",
"OVERALL_PERFORMANCE": ""
},
"MAP_AUTHENTICATION": "",
"BASIC_INFO_GATHERING_ON": ""
},
"SCAN": {
"PORTS": {
"TCP_PORTS": {
"TCP_PORTS_TYPE": "",
"THREE_WAY_HANDSHAKE": ""
},
"UDP_PORTS": {
"UDP_PORTS_TYPE": ""
},
"AUTHORITATIVE_OPTION": ""
},
"PERFORMANCE": {
"PACKET_DELAY": "",
"HOSTS_TO_SCAN": {
"EXTERNAL_SCANNERS": "",
"SCANNER_APPLIANCES": ""
},
"PARALLEL_SCALING": "",
"PROCESSES_TO_RUN": {
"HTTP_PROCESSES": "",
"TOTAL_PROCESSES": ""
},
"OVERALL_PERFORMANCE": "",
"PORT_SCANNING_AND_HOST_DISCOVERY": ""
},
"SCAN_DEAD_HOSTS": "",
"ADDL_CERT_DETECTION": "",
"LOAD_BALANCER_DETECTION": "",
"VULNERABILITY_DETECTION": {
"CUSTOM_LIST": {
"CUSTOM": {
"ID": "",
"TITLE": ""
}
},
"DETECTION_INCLUDE": {
"OVAL_CHECKS": "",
"BASIC_HOST_INFO_CHECKS": ""
}
},
"PURGE_OLD_HOST_OS_CHANGED": ""
},
"ADDITIONAL": {
"HOST_DISCOVERY": {
"ICMP": "",
"TCP_PORTS": {
"STANDARD_SCAN": ""
},
"UDP_PORTS": {
"STANDARD_SCAN": ""
}
},
"PACKET_OPTIONS": {
"IGNORE_ALL_TCP_RST": "",
"IGNORE_FIREWALL_GENERATED_TCP_RST": "",
"IGNORE_FIREWALL_GENERATED_TCP_SYN_ACK": "",
"NOT_SEND_TCP_ACK_OR_SYN_ACK_DURING_HOST_DISCOVERY": ""
}
},
"BASIC_INFO": {
"ID": "",
"UNIT_ID": "",
"USER_ID": "",
"IS_GLOBAL": "",
"GROUP_NAME": "",
"GROUP_TYPE": "",
"IS_DEFAULT": "",
"UPDATE_DATE": "",
"SUBSCRIPTION_ID": "",
"IS_OFFLINE_SYNCABLE": ""
}
}
]
}
| Parameter | Description |
|---|---|
| Option Profile ID | Specify the ID of the option profile to delete. |
The output contains the following populated JSON schema:
{
"TEXT": "",
"DATETIME": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Output Format | Select the output format of the asset search report. You can choose from the following options:
|
| Additional Parameters | (Optional) Specify additional parameters with which to filter asset search report in Qualys. |
| Download Result As an Attachment | (Optional) Select this option, i.e., set it to True to add asset search report in a file and add it as an attachment in FortiSOAR™. Clear this option, i.e., set it to False (default) to include the result in the connector output. |
The output contains the following populated JSON schema:
{
"TEXT": "",
"DATETIME": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Title | Specify the asset group title. This name must be unique and cannot be All. |
| Network ID | (Optional) Specify the network ID of the network to which to assign the asset group. |
| Additional Parameters | (Optional) Specify additional parameters with which to create the asset group in Qualys. |
The output contains the following populated JSON schema:
{
"TEXT": "",
"DATETIME": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Asset Group ID | Specify the ID of the asset group to edit. |
| Additional Parameters | (Optional) Specify additional parameters to edit in the asset group in Qualys. |
The output contains the following populated JSON schema:
{
"TEXT": "",
"DATETIME": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Asset Group ID | Specify the ID of the asset group to delete. |
The output contains the following populated JSON schema:
{
"TEXT": "",
"DATETIME": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
The Sample - Qualys - 1.1.0 playbook collection comes bundled with the Qualys connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Qualys connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Qualys Vulnerability Management is a cloud service that gives you immediate, global visibility into where your IT systems might be vulnerable to the latest Internet threats and how to protect them. It helps you to continuously secure your IT infrastructure and comply with internal policies and external regulations, allows you to address new security and compliance requirements, and to find and fix vulnerabilities fast before hackers can attack or compromise your system.
This document provides information about the Qualys connector, which facilitates automated interactions, with a Qualys server using FortiSOAR™ playbooks. Add the Qualys connector as a step in FortiSOAR™ playbooks and perform automated operations, such as launching compliance scans on the Qualys API server and managing virtual hosts from the Qualys API server.
Connector Version: 1.1.0
FortiSOAR™ Version Tested on: 7.6.0-5012
Qualys Version Tested on: Cloud Platform 3.18.1.0-6
Authored By: Fortinet
Certified: Yes
Following enhancements have been made to the Qualys connector in version 1.1.0:
Show Tags parameter in Get Host Detection List action.Client ID parameter in VM - Launch Scan action.CVE ID parameter in Get Vulnerability List action.Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command as a root user to install the connector:
yum install cyops-connector-qualys
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the Qualys connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
| Parameter | Description |
|---|---|
| Server URL | API Server URL of the Qualys Cloud that you want to use for API requests. This will depend on the platform where your account is located. |
| Username | Username used to connect to the Qualys Cloud to which you will connect and perform automated operations. |
| Password | Password used to connect to the Qualys Cloud to which you will connect and perform automated operations. |
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified. By default, this option is selected, i.e., set to true. |
You can use the following automated operations in playbooks and also use the annotations to access operations:
| Function | Description | Annotation and Category |
|---|---|---|
| Add Assets | Adds assets, i.e., IP addresses, to the subscription on the Qualys cloud based on the IP addresses, tracking method, and other input parameters you have specified. | add_ip Investigation |
| Get Asset List | Retrieves the list of all IP addresses present in the user's account on the Qualys cloud based on the IP addresses, tracking method, and other input parameters you have specified. | get_ip_list Investigation |
| Update Asset | Updates assets, i.e., existing IP addresses, in the subscription on the Qualys cloud based on the IP addresses, tracking method, and other input parameters you have specified. | update_ip Investigation |
| Get Scanned Host List | Retrieves a detailed list of all scanned hosts present in the user's account on the Qualys cloud based on the IP addresses, host IDs, and other input parameters you have specified. | get_scanned_host Investigation |
| Get Asset Group List | Retrieves a detailed list of asset groups from Qualys cloud based on the asset group IDs, asset group ID range, and other filter criteria that you have specified. | get_asset_groups Investigation |
| Get Host Detection List | Retrieves a detailed list of hosts from Qualys cloud based on the host group IDs, host group ID range, and other filter criteria that you have specified. | get_host_detection_list Investigation |
| Manage Virtual Host | Manages a virtual host on the Qualys cloud based on the actions, IP addresses, and other input parameters you have specified. | manage_host Investigation |
| Get Virtual Host List | Retrieves a detailed list of all virtual hosts present in the user's account on the Qualys cloud, or specific virtual hosts based on the port and IP address that you have specified. | get_host_list Investigation |
| Manage Excluded Host | Manages an excluded host on the Qualys cloud based on the actions, IP addresses, and other input parameters you have specified. | manage_host Investigation |
| Get Excluded Host List | Retrieves a detailed list of specific or all excluded hosts present in the user's account on the Qualys cloud based on the IP range and network ID that you have specified. | list_hosts Investigation |
| Get Option Profiles | Retrieves a detailed list of available option profiles from the user's account on the Qualys cloud. | get_option_profile Investigation |
| Get Scanner Appliance | Retrieves a detailed list of available scanner appliances from the user's account on the Qualys cloud based on the scan reference, scanner appliance name, and other input parameters that you have specified. | get_scanner_appliance Investigation |
| VM - Launch Scan | Launches vulnerability scans in the user's account on the Qualys cloud based on the scan title, option profile, and other input parameters that you have specified. | launch_scan Investigation |
| VM - Get Scan List | Retrieves a detailed list of specific or all vulnerability scans present in the user's account on the Qualys cloud based on the scan reference, scan state, and other input parameters that you have specified. | get_scan_list Investigation |
| VM - Fetch Scan | Downloads specific or all the vulnerability management scan results from the Qualys cloud based on the scan reference, IP address, and other input parameters that you have specified. | get_report Investigation |
| VM - Manage Scan | Manages a vulnerability management scan on the Qualys cloud based on the scan reference and action that you have specified. | manage_scan Investigation |
| PC - Launch Scan | Launches compliance scans in the user's account on the Qualys cloud based on the scan title, option profile, and other input parameters that you have specified. | launch_scan Investigation |
| PC - Get Scan List | Retrieves a detailed list of specific or all policy compliance scans present in the user's account on the Qualys cloud based on the scan ID, scan state, and other input parameters you have specified. | get_scan_list Investigation |
| PC - Fetch Scan | Downloads specific or all compliance management scan results from the Qualys cloud based on the scan reference and other input parameters you have specified. | get_report Investigation |
| PC - Manage Scan | Manages a vulnerability management scan on the Qualys cloud based on the scan reference and action that you have specified. | manage_scan Investigation |
| Get Schedule Scan List | Retrieves a detailed list of specific or all scheduled scans present in the user's account on the Qualys cloud based on the scan ID and other input parameters you have specified. | get_scan Investigation |
| Get Vulnerability List | Retrieves a detailed list of vulnerabilities from KnowledgeBase on the Qualys cloud based on the CVE ID, QID, and other input parameters you have specified. | search_vulnerability Investigation |
| Get Report Template List | Retrieves a detailed list of all report templates present in the user's account on the Qualys cloud. | get_template Investigation |
| Launch Scheduled Report | Launches a scheduled report in the user's account on the Qualys cloud based on the scheduled report ID you have specified. | launch_report Investigation |
| Launch Scan Based Findings Report | Launches a scan-based findings report in the user's account on the Qualys cloud based on the template ID, report title, and other input parameters you have specified. | launch_report Investigation |
| Launch Host Based Findings Report | Launches a host-based findings report in the user's account on the Qualys cloud based on the template ID, report title, and other input parameters you have specified. | launch_report Investigation |
| Launch Patch Report | Launches a patch report in the user's account on the Qualys cloud based on the template ID, report title, and other input parameters you have specified. | launch_report Investigation |
| Launch Remediation Report | Launches a remediation report in the user's account on the Qualys cloud based on the template ID, report title, and other input parameters you have specified. | launch_report Investigation |
| Launch Compliance Report | Launches a compliance report in the user's account on the Qualys cloud based on the template ID, report title, and other input parameters you have specified. | launch_report Investigation |
| Launch Compliance Policy Report | Launches a compliance policy report in the user's account on the Qualys cloud based on the template ID, report title, and other input parameters you have specified. | launch_report Investigation |
| Launch Scorecard Report | Launches a vulnerability scorecard report in the user's report share on the Qualys cloud based on the scorecard type, report title, and other input parameters you have specified. | launch_report Investigation |
| Download Saved Report | Downloads a saved report in the user's account on the Qualys cloud based on the report ID you have specified. | get_report Investigation |
| Get Report List | Retrieves a list of reports from the user's report share on the Qualys cloud based on the report ID, report state, and other input parameters that you have specified. | get_report Investigation |
| Get Scheduled Report List | Retrieves a list of scheduled reports from the user's report share on the Qualys cloud based on the report ID and other input parameters that you have specified. | get_report Investigation |
| Delete Report | Deletes a saved report from the user's account on the Qualys cloud based on the report ID you have specified. | delete_report Investigation |
| Get Static Search List | Retrieves Static Search list details from Qualys cloud based on the search list ID that you have specified. | get_static_search_list Investigation |
| Create Static Search List | Creates static search list in Qualys Cloud based on the title, QID, and other input parameters that you have specified. | create_static_search_list Investigation |
| Update Static Search List | Updates static search list in Qualys Cloud based on the search list ID, title, and other input parameters that you have specified. | update_static_search_list Investigation |
| Delete Static Search List | Deletes static search list in Qualys Cloud based on the search list ID that you have specified. | delete_static_search_list Investigation |
| Create VM Option Profile | Creates option profiles for VM scans in Qualys Cloud based on the title, scan type, and other input parameters that you have specified. | create_vm_option_profile Investigation |
| Update VM Option Profile | Updates option profiles for VM scans in Qualys Cloud based on the option profile ID and other input parameters that you have specified. | update_vm_option_profile Investigation |
| Get VM Option Profile List | Retrieves option profiles for VM scans in Qualys Cloud based on the filter criteria that you have specified. | get_vm_option_profile_list Investigation |
| Delete VM Option Profile | Deletes option profiles for VM scans in Qualys Cloud based on the option profile ID that you have specified. | delete_vm_option_profile Investigation |
| Get Asset Search Report | Retrieves report on assets from Qualys Cloud based on the output format and other input parameters that you have specified. | get_asset_search_report Investigation |
| Create Asset Group | Adds a new asset group in the user's account in Qualys Cloud based on the title, network ID, and other input parameters that you have specified. | create_asset_group Investigation |
| Edit Asset Group | Edit an existing asset group in the user's account in Qualys Cloud based on the asset group ID and other input parameters that you have specified. | edit_asset_group Investigation |
| Delete Asset Group | Delete an asset group present in the user's account in Qualys Cloud based on the asset group ID that you have specified.
NOTE: By deleting an asset group any scheduled scans using the asset group will be deactivated. |
delete_asset_group Investigation |
| Parameter | Description |
|---|---|
| IPs/Ranges | Specify IP addresses to add to the subscription on the Qualys cloud. You can enter multiple IP addresses as comma-separated values, or add a range of IP addresses using a hyphen (-). For example: xx.xx.xx.1, xx.xx.xx.1-xx.xx.xx.10. |
| Add to Vulnerability Management Module | Select this option, i.e., set it to True, to enable hosts for the VM application. By default, this is set to False. |
| Add to Policy Compliance Module | Select this option, i.e., set it to True, to enable hosts for the PC application. By default, this is set to False. |
| Tracking Method | (Optional) Select the tracking method used for the IP address that you want to add on the Qualys cloud. You can choose from the following options:
|
| Owner | (Optional) Specify owner of the host assets. |
| Attribute 1 | (Optional) Specify host attribute name that is displayed while viewing host information. This is a user-defined field. You can define up to 3 attributes while adding an asset. |
| Attribute 2 | (Optional) Host attribute name that is displayed while viewing host information. This is a user-defined field. You can define up to 3 attributes while adding an asset. |
| Attribute 3 | (Optional) Host attribute name that is displayed while viewing host information. This is a user-defined field. You can define up to 3 attributes while adding an asset. |
| Comments | (Optional) User-defined comments that you want to add while adding an asset. |
| Asset Group Title | (Optional) Title of an asset group in the Unit Manager's business unit to which the host(s) will be added. Note: This parameter is valid and required only if the request is being made by the Unit Manager. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": ""
}
| Parameter | Description |
|---|---|
| IPs/Ranges | (Optional) Hosts (IP addresses) for which you want to retrieve details from the Qualys cloud. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-). For example, xx.xx.xx.1, xx.xx.xx.1-xx.xx.xx.10 |
| Tracking Method | (Optional) Select the tracking method used, i.e., retrieve a list for only those IP addresses that have been tracked using the selected tracking method from the Qualys cloud. You can choose from the following IP, DNS, or NETBIOS. By default, this is set to IP. |
| Network ID | (Optional) Specify the Network ID, i.e., retrieve a list for only those IP addresses that have the specified network ID from the Qualys cloud. Note: This parameter is valid only when the Network Support feature is enabled for the user's account. |
| Compliance Enabled | (Optional) Select this option, i.e., set it to true, to retrieve a list for only those IP addresses from the user's account that are assigned to the Policy Compliance module on the Qualys cloud.Clear this option, i.e., set it to false, to retrieve a list for only those IP addresses from the user's account that are not assigned to the Policy Compliance module on the Qualys cloud. Note: This parameter is valid only when the Policy Compliance module is enabled for the user's account. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"IP_SET": {
"IP": [],
"IP_RANGE": []
}
}
| Parameter | Description |
|---|---|
| IPS/Ranges | Hosts (IP addresses) that you want to update in the subscription on the Qualys cloud. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-).For example, xx.xx.xx.1, xx.xx.xx.1-xx.xx.xx.10 |
| Tracking Method | (Optional) Select the tracking method used for the IP address that you want to update on the Qualys cloud.You can choose from the following IP, DNS, or NETBIOS.By default, this is set to IP. |
| Host DNS | (Optional) The DNS hostname for the IP you want to update.A single IP must be specified in the same request and the IP will only be updated if it matches the hostname specified. |
| Host NETBIOS | (Optional) The NetBIOS hostname for the IP you want to update. A single IP must be specified in the same request and the IP will only be updated if it matches the hostname specified. |
| Owner | (Optional) Owner of the host asset(s). |
| Attribute 1 | (Optional) Host attribute name that is displayed while viewing host information. This is a user-defined field. You can define up to 3 attributes while adding an asset. |
| Attribute 2 | (Optional) Host attribute name that is displayed while viewing host information. This is a user-defined field. You can define up to 3 attributes while adding an asset. |
| Attribute 3 | (Optional) Host attribute name that is displayed while viewing host information. This is a user-defined field. You can define up to 3 attributes while adding an asset. |
| Comments | (Optional) User-defined comments that you want to add while updating an asset. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": ""
}
| Parameter | Description |
|---|---|
| Details | (Optional) Choose the amount of host information you want to retrieve for each host from the Qualys cloud. You can choose from the following values: Basic (Default): Retrieves basic host information that includes the host ID, IP address, tracking method, DNS and NetBIOS hostnames, and operating system, from the Qualys cloud. Basic/AGs: Retrieves basic host information plus asset group information, which includes asset group ID and title, from the Qualys cloud. All: Retrieves all host information that includes the basic host information plus the last vulnerability and compliance scan dates, from the Qualys cloud. All/AGs: Retrieves all host information plus asset group information, which includes asset group ID and title, from the Qualys cloud. |
| IPs/Ranges | (Optional) Hosts (IP addresses) for which you want to retrieve scanned host details from the Qualys cloud. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-). For example, xx.xx.xx.1, xx.xx.xx.1-xx.xx.xx.10 |
| Host IDs | (Optional) Host IDs whose scan details you want to retrieve from the Qualys cloud. In this case, scan details of only those host IDs that have specified will be retrieved from the Qualys cloud. You can enter multiple hosts using a comma separator, or you can add a range of hosts using a hyphen (-). |
| Asset Group IDs | (Optional) Asset Group IDs whose host scan details you want to retrieve from the Qualys cloud. In this case, scan details of only those hosts that are part of the Asset Groups that have specified will be retrieved from the Qualys cloud. You can enter multiple IDs using a comma separator, or you can add a range of IDs using a hyphen (-). You can specify either the Asset Group IDs or the Asset Group titles but not both. |
| Asset Group Titles | (Optional) Asset Groups whose host scan details you want to retrieve from the Qualys cloud. In this case, scan details of only those hosts that are part of the Asset Groups that have specified and which contain certain strings in the asset group title will be retrieved from the Qualys cloud. You can enter multiple entries using a comma separator. You can specify either the Asset Group IDs or the Asset Group titles but not both. |
| Show Host with Minimum Host ID | (Optional) Minimum Host ID value based on which you want to retrieve host scan details from the Qualys cloud. |
| Show Host with Maximum Host ID | (Optional) Maximum Host ID value based on which you want to retrieve host scan details from the Qualys cloud. |
| Show Host within Network IDs | (Optional) Specify the Network ID, i.e., retrieves a list for only scanned hosts that have the specified network ID from the Qualys cloud. Note: This parameter is valid only when the Network Support feature is enabled for the user's account. |
| Show Hosts Not Scanned Since | (Optional) Retrieve scan details for those hosts that have not been scanned from the datetime you have specified in this field from the Qualys cloud. |
| Show Compliance Hosts Not Scanned Since | (Optional) Retrieve scan details for those hosts that have not been scanned for compliance from the datetime you have specified in this field from the Qualys cloud. |
| Show VM Scan Hosts Since | (Optional) Retrieve scan details for those hosts that have been last scanned for vulnerabilities since the datetime you have specified in this field from the Qualys cloud. |
| Show Compliance Scan Hosts Since | (Optional) Retrieve scan details for those hosts that have been last scanned for compliance since the datetime you have specified in this field from the Qualys cloud. |
| Show VM Scan Processed Host Before | (Optional) Retrieve scan details for those hosts that have vulnerability scan results processed before the datetime you have specified in this field from the Qualys cloud. |
| Show VM Processed Host After | (Optional) Retrieve scan details for those hosts that have vulnerability scan results processed after the datetime you have specified in this field from the Qualys cloud. |
| Show Hosts with VM Scan End Date Before | (Optional) Retrieve scan details for those hosts that have their vulnerability scan end date before the datetime you have specified in this field from the Qualys cloud. |
| Show Hosts with VM Scan End Date After | (Optional) Retrieve scan details for those hosts that have their vulnerability scan end date after the datetime you have specified in this field from the Qualys cloud. |
| OS Pattern | (Optional) Retrieve scan details for those hosts that have an operating system matching the regular expression, which you have specified in this field, from the Qualys cloud. For Example ^Win.*64+bit.*Service+Pack+1 or ^Windows. To match the empty string use '^$' |
| Truncation Limit | (Optional) Specify the maximum number of scanned host records that are processed per request. If you do not specify the truncation limit, then this limit is set to 1000 host records. You can specify a value less than the default (1-999), or greater than the default (1001-1000000). |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"HOST_LIST": {
"HOST": [
{
"ID": "",
"LAST_VULN_SCAN_DATETIME": "",
"LAST_COMPLIANCE_SCAN_DATETIME": "",
"USER_DEF": {
"VALUE_3": "",
"VALUE_1": "",
"VALUE_2": ""
},
"IP": "",
"OS": "",
"OWNER": "",
"NETBIOS": "",
"COMMENTS": "",
"LAST_VM_SCANNED_DURATION": "",
"TRACKING_METHOD": "",
"DNS": "",
"LAST_VM_SCANNED_DATE": ""
}
]
},
"GLOSSARY": {
"USER_LIST": {
"USER": {
"USER_LOGIN": "",
"FIRST_NAME": "",
"LAST_NAME": ""
}
},
"ASSET_GROUP_LIST": {
"ASSET_GROUP": [
{
"ID": "",
"TITLE": ""
}
]
},
"USER_DEF": {
"LABEL_3": "",
"LABEL_2": "",
"LABEL_1": ""
}
}
}
| Parameter | Description |
|---|---|
| Asset Group IDs | (Optional) Group IDs based on which you want to retrieve the asset group list from the Qualys cloud. You can enter multiple group IDs using a comma separator. |
| Minimum Asset Group ID | (Optional) Retrieve only those asset groups that have an ID greater than or equal to the specified ID from the Qualys cloud. |
| Maximum Asset Group ID | (Optional) Retrieve only those asset groups that have an ID lesser than or equal to the specified ID from the Qualys cloud. |
| Show Asset Group with Business Unit ID | (Optional) Retrieve only those asset groups that have a business unit ID equal to the specified ID. |
| Show Asset Group with User ID | (Optional) Retrieve only those asset groups that have a user ID equal to the specified ID. |
| Show Asset Group with Title | (Optional) Retrieve only those asset groups that have a title equal to the specified string. Note: This must be an exact match. |
| Network IDs | (Optional) Valid only when the Networks feature is enabled for your account. Network IDs based on which you want to retrieve the asset group list from the Qualys cloud. You can enter multiple network IDs using a comma separator. |
| Truncation Limit | (Optional) Maximum number of asset group records that are processed per request from the Qualys cloud. By default, this is set to 1000 records. If you specify truncation_limit=0, the output is not paginated and all records are returned in a single output. |
| Show Attributes | (Optional) Specify the attributes that you want to retrieve for each asset group along with the ID. You can choose from the following options: All ID Title Owner User Name Owner User ID Owner Unit ID Last Update IP Set Appliance List Domain List Host IDs Assigned User IDs Assigned Unit IDs Business Impact CommentsNote: Select All or list of attribute names. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"ASSET_GROUP_LIST": {
"ASSET_GROUP": [
{
"ID": "",
"TITLE": "",
"OWNER_USER_ID": "",
"LAST_UPDATE": "",
"BUSINESS_IMPACT": "",
"IP_SET": {
"IP": [],
"IP_RANGE": []
},
"HOST_IDS": "",
"ASSIGNED_UNIT_IDS": "",
"OWNER_USER_NAME": ""
}
]
}
}
| Parameter | Description |
|---|---|
| Host IDs | (Optional) Host IDs whose scan details you want to retrieve from the Qualys cloud. In this case, scan details of only those host IDs that have specified will be retrieved from the Qualys cloud. You can enter multiple hosts using a comma separator, or you can add a range of hosts using a hyphen (-). |
| Show Host with Minimum Host ID | (Optional) Minimum Host ID value based on which you want to retrieve host details from the Qualys cloud. |
| Show Host with Maximum Host ID | (Optional) Maximum Host ID value based on which you want to retrieve host details from the Qualys cloud. |
| Use Tags | (Optional) Set this option as True, to include assets tags in the host details. By default, this is set to False. If you choose 'False'
|
| Show Host within Network IDs | (Optional) Specify the Network ID, i.e., retrieves only hosts details that have the specified network ID from the Qualys cloud. Note: This parameter is valid only when the Network Support feature is enabled for the user's account. You can enter multiple network IDs using a comma separator. |
| Show VM Scan Hosts Since | (Optional) Retrieve host details for those hosts that have been last scanned for vulnerabilities since the datetime you have specified in this field from the Qualys cloud. |
| Show Hosts Not VM Scanned Since | (Optional) Retrieve host details for those hosts that have not been scanned from the datetime you have specified in this field from the Qualys cloud. Note:This parameter cannot be specified with Show Hosts Scanned in Past Number of Days in the same request. |
| Show Hosts Scanned in Past Number of Days | (Optional) Retrieve only hosts scanned and processed in the past number of days, value of which you specify, from the Qualys cloud. |
| Show VM Scan Processed Host Before | (Optional) Retrieve host details, from the Qualys cloud, for those hosts that have vulnerability scan results processed before the datetime you have specified in this field. |
| Show VM Processed Host After | (Optional) Retrieve host details, from the Qualys cloud, for those hosts that have vulnerability scan results processed after the datetime you have specified in this field. |
| Show Hosts with VM Scan End Date Before | (Optional) Retrieve host details, from the Qualys cloud, for those hosts that have vulnerability end date before the datetime you have specified in this field. |
| Show Hosts with VM Scan End Date After | (Optional) Retrieve host details, from the Qualys cloud, for those hosts that have vulnerability end date after the datetime you have specified in this field. |
| Show Hosts with VM Auth Scan Date Before | (Optional) Retrieve host details, from the Qualys cloud, which have a successful authenticated vulnerability scan end date before a the date and time you have specified. |
| Show Hosts with VM Auth Scan Date After | (Optional) Retrieve host details, from the Qualys cloud, which have a successful authenticated vulnerability scan end date after a the date and time you have specified. |
| Show Hosts with Vulnearability Status | (Optional) Retrieve host details, from the Qualys cloud, which have one or more of these status values: New, Active, Re-Opened, Fixed. You can enter multiple status values using a comma separator. |
| Compliance Enabled | (Optional) Select one of the following options: List hosts which are assigned to Policy Compliance Module List hosts which are not assigned to Policy Compliance Module |
| OS Pattern | (Optional) Retrieve host details, from the Qualys cloud, which have an operating system that matches the regular expression that you have specified in this field. For example,^Win.*64+bit.*Service+Pack+1 or ^Windows |
| QIDs | (Optional) Retrieve host detection records, from the Qualys cloud based on the QIDs you have specified. You must enter valid QIDs and you can enter multiple QIDs using a comma separator, or you can add a range of QIDs using a hyphen (-), for example, 68518-68522. |
| Severity Level | (Optional) Retrieve host details, from the Qualys cloud, which have one or more of these severity values: 1-Minimal, 2-Medium, 3-Serious, 4-Critical-Standard, or 5-Urgent. |
| Show Information Gathered | (Optional) Select one of the options below:Show Detection Records with Information Gathered Hide Detection Record's Information Gathered Note: If you do not selected any option this information will not be shown. |
| Search List By | (Optional) Show detection records based on following: IDs Titles If you choose 'IDs'
|
| Show Results | (Optional) Select this option, i.e, set it True (default) to include results in the output. |
| Show Tags | (Optional) Select this option, i.e, set it True (default) to include tags in the output. |
| Show Reopened Information | (Optional) Select this option, i.e, set it True to include reopened information, i.e., first/last reopened date, times reopened etc. When this option is not selected, i.e., set to False (default) reopened information for reopened vulnerabilities is not included in the output. |
| Kernel Filter | (Optional) Filter for identifying vulnerabilities found on running or non-running Linux kernels. You can choose from the following options: 0-Vulnerabilities are not filtered based on kernel activity 1-Exclude kernel related vulnerabilities that are not exploitable (found on non-running kernels) 2-Include kernel related vulnerabilities that are not exploitable (found on non-running kernels) 3-Include kernel related vulnerabilities that are exploitable (found on running kernels) 4-Include kernel related vulnerabilities |
| Service Filter | (Optional) Filter for identifying vulnerabilities found on running or non-running ports/services. You can choose from the following options: 0-Vulnerabilities are not filtered based on running ports/services 1-Exclude service related vulnerabilities that are not exploitable (found on non-running ports/services) 2-Include service related vulnerabilities that are not exploitable (found on non-running ports/services) 3-Include exploitable service related vulnerabilities (found on running ports/services) 4-Include service related vulnerabilities |
| Configuration Filter | (Optional) Filter for identifying vulnerabilities that might or might not be exploitable due to the current host configuration. You can choose from the following options: 0- Vulnerabilities are not filtered based on host configuration 1-Exclude vulnerabilities not exploitable due to host configuration 2-Include config related vulnerabilities that are not exploitable 3-Include config related vulnerabilities that are exploitable 4-Include config related vulnerabilities |
| Output Format | (Optional) Format of the host detection list output retrieved from Qualys. When you do not specify the output format, then the default output format is XML. Forllowing are valid output format values: XML, CSV, or CSV_No_Metadata. |
| Suppress Duplicated Data From CSV | (Optional) Clear this option, i.e., set it to False (default) to repeat host details in each line of detection information in the CSV output. When this option is selected, i.e., set to True, host details will not be repeated (suppressed) in each detection line.You must specify this parameter only if the output format is selected as CSV, or CSV_No_Metadata. |
| Truncation Limit | (Optional) Maximum number of host records that are processed per request from the Qualys cloud. By default, this is set to 1000 records. You can specify a value less than the default (1-999), or greater than the default (1001-1000000). |
| Maximum Days Since Detection Updated | (Optional) Retrieve only those detections from Qualys whose detection status ihs changed since some maximum number of days you specify. For detections that have never changed, the maximum number of days is applied as the last detection date. |
| Detection Updated Since | (Optional) Retrieve only those detections from Qualys whose detection status has changed after the date and time you have specified. For detections that have never changed the date is applied as the last detection date. |
| Detection Updated Before | (Optional) Retrieve only those detections from Qualys whose detection status has changed before the date and time you have specified. |
| Dectection Processed Before | (Optional) Retrieve only those detections from Qualys whose vulnerability scan results are processed before the date and time you have specified. |
| Dectection Processed After | (Optional) Retrieve only those detections from Qualys whose vulnerability scan results are processed after the date and time you have specified. |
| Download Result As an Attachment | (Optional) Select this option, i.e., set it to True to add detections with vulnerability scan results in a file and add it as an attachment in CyOPs™. Clear this option, i.e., set it to False (default) to include detections with vulnerability scan results in the connector output. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"HOST_LIST": {
"HOST": [
{
"ID": "",
"IP": "",
"TRACKING_METHOD": "",
"OS": "",
"DNS": "",
"DNS_DATA": {
"HOSTNAME": "",
"DOMAIN": "",
"FQDN": ""
},
"QG_HOSTID": "",
"LAST_SCAN_DATETIME": "",
"LAST_VM_SCANNED_DATE": "",
"LAST_VM_AUTH_SCANNED_DATE": "",
"DETECTION_LIST": {
"DETECTION": [
{
"UNIQUE_VULN_ID": "",
"QID": "",
"TYPE": "",
"SEVERITY": "",
"SSL": "",
"RESULTS": "",
"STATUS": "",
"FIRST_FOUND_DATETIME": "",
"LAST_FOUND_DATETIME": "",
"TIMES_FOUND": "",
"LAST_TEST_DATETIME": "",
"LAST_UPDATE_DATETIME": "",
"IS_IGNORED": "",
"IS_DISABLED": "",
"LAST_PROCESSED_DATETIME": ""
}
]
}
}
]
}
}
| Parameter | Description |
|---|---|
| Action | Action that you want to perform on the virtual host on the Qualys cloud. You must choose one of the following actions: Create: Creates a virtual host on the Qualys cloud. Update: Update or edit an existing virtual host on the Qualys cloud. Delete: Deletes a virtual host from the Qualys cloud. Add FQDN: Adds one or more FQDNs to an existing virtual host on the Qualys cloud. Delete FQDN: Removes one or more FQDNs from an existing virtual host on the Qualys cloud. |
| IP Address | IP address that you will use for virtual host configuration on the Qualys cloud. |
| Port | A port number that you will use for the virtual host configuration on the Qualys cloud. |
| Fully Qualified Domain Name | (Optional) One or more FQDNs that you will use for virtual host configuration on the Qualys cloud. Note: You must fill this field for all actions, except the Delete action. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": ""
}
| Parameter | Description |
|---|---|
| Port | (Optional) Retrieve details only for those hosts that have the port that you have specified in this field from the Qualys cloud. |
| IP Address | (Optional) Retrieve details only for those hosts that have the IP address that you have specified in this field from the Qualys cloud. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"VIRTUAL_HOST_LIST": {
"VIRTUAL_HOST": [
{
"IP": "",
"PORT": "",
"FQDN": ""
}
]
}
}
| Parameter | Description |
|---|---|
| Action | If you choose 'Add'
|
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": [
{
"KEY": "",
"VALUE": ""
}
]
}
}
| Parameter | Description |
|---|---|
| IPs/Ranges | (Optional) Retrieve the list of only for those excluded IP address(es) that you have specified in this field from the Qualys cloud. If you do not specify any IP addresses, then all excluded IP addresses and IP ranges are retrieved from the Qualys cloud. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-). |
| Network ID | (Optional) Retrieve the list of only for those excluded IP address(es) that belong to the Network ID that you have specified in this field from the Qualys cloud. Note: This parameter is valid only when the Network Support feature is enabled for the user's account. |
The output contains the following populated JSON schema:
{
"IP_SET": {
"IP": []
},
"DATETIME": ""
}
None.
The output contains the following populated JSON schema:
{
"OPTION_PROFILE": [
{
"BASIC_INFO": {
"ID": "",
"GROUP_NAME": "",
"GROUP_TYPE": "",
"USER_ID": "",
"UNIT_ID": "",
"SUBSCRIPTION_ID": "",
"IS_DEFAULT": "",
"IS_GLOBAL": "",
"IS_OFFLINE_SYNCABLE": "",
"UPDATE_DATE": ""
},
"SCAN": {
"PORTS": {
"TCP_PORTS": {
"TCP_PORTS_TYPE": "",
"THREE_WAY_HANDSHAKE": ""
},
"UDP_PORTS": {
"UDP_PORTS_TYPE": ""
},
"AUTHORITATIVE_OPTION": ""
},
"SCAN_DEAD_HOSTS": "",
"PERFORMANCE": {
"PARALLEL_SCALING": "",
"OVERALL_PERFORMANCE": "",
"HOSTS_TO_SCAN": {
"EXTERNAL_SCANNERS": "",
"SCANNER_APPLIANCES": ""
},
"PROCESSES_TO_RUN": {
"TOTAL_PROCESSES": "",
"HTTP_PROCESSES": ""
},
"PACKET_DELAY": "",
"PORT_SCANNING_AND_HOST_DISCOVERY": ""
},
"LOAD_BALANCER_DETECTION": "",
"VULNERABILITY_DETECTION": {
"COMPLETE": "",
"DETECTION_INCLUDE": {
"BASIC_HOST_INFO_CHECKS": "",
"OVAL_CHECKS": ""
}
},
"AUTHENTICATION": "",
"ADDL_CERT_DETECTION": ""
},
"MAP": {
"BASIC_INFO_GATHERING_ON": "",
"TCP_PORTS": {
"TCP_PORTS_STANDARD_SCAN": ""
},
"MAP_OPTIONS": {
"PERFORM_LIVE_HOST_SWEEP": "",
"DISABLE_DNS_TRAFFIC": ""
},
"MAP_PERFORMANCE": {
"OVERALL_PERFORMANCE": "",
"MAP_PARALLEL": {
"EXTERNAL_SCANNERS": "",
"SCANNER_APPLIANCES": "",
"NETBLOCK_SIZE": ""
},
"PACKET_DELAY": ""
},
"MAP_AUTHENTICATION": ""
},
"ADDITIONAL": {
"HOST_DISCOVERY": {
"TCP_PORTS": {
"STANDARD_SCAN": ""
},
"UDP_PORTS": {
"STANDARD_SCAN": ""
},
"ICMP": ""
},
"PACKET_OPTIONS": {
"IGNORE_FIREWALL_GENERATED_TCP_RST": "",
"IGNORE_ALL_TCP_RST": "",
"IGNORE_FIREWALL_GENERATED_TCP_SYN_ACK": "",
"NOT_SEND_TCP_ACK_OR_SYN_ACK_DURING_HOST_DISCOVERY": ""
}
}
}
]
}
| Parameter | Description |
|---|---|
| Scan Reference | (Optional) Scan reference code based on which you to retrieve the scanner appliances that are running a particular scan on Qualys. You can enter a valid scan reference code for a currently running scan. |
| Scanner Appliances's Name | (Optional) Name based on which you want to retrieve the list of scanner appliances (physical and virtual) from Qualys. If you specify a name, then this operation will return only those scanner appliances that have names matching the string that you have specified. |
| Scanner Appliance IDs | (Optional) IDs based on which you want to retrieve the list of scanner appliances (physical and virtual) from Qualys. If you specify IDs, then this operation will return only those scanner appliances that have IDs matching the IDs that you have specified. You can specify multiple IDs using a comma separator. |
| Busy | (Optional) If you do not select any of the following options, then all scanner appliances in the user account will be retrieved from Qualys: Show appliances which are not currently running scans (Default) Show appliances which are currently running scan |
| Scan Detail | (Optional) Select this option, i.e., set it to True to include scan details for scans currently running on the scanner appliance. Clear this option, i.e., set it to False (default) to exclude scan details. Scan detail includes scan ID, title, scan reference, scan type, and scan date. |
| Output Mode | (Optional) Amount of detail to be retrieved from Qualys for each scanner appliance in the output. You can select from the following options: Brief (default): Includes this information for each appliance: appliance ID, friendly name, software version, the number of running scans, and heartbeat check status (online or offline) Full : includes the full appliance information, including the same details available in the Qualys user interface If you choose Full, then you can optionally specify the following parameters: If you choose 'Full'
|
| Include License Information | (Optional) Select this option, i.e., set it to True to include virtual scanner license information. Clear this option, i.e., set it to False (default) to exclude virtual scanner license information. License information includes the number of licenses you have and the number of licenses you have used. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"APPLIANCE_LIST": {
"APPLIANCE": [
{
"ID": "",
"UUID": "",
"NAME": "",
"SOFTWARE_VERSION": "",
"RUNNING_SLICES_COUNT": "",
"RUNNING_SCAN_COUNT": "",
"STATUS": "",
"MODEL_NUMBER": "",
"TYPE": "",
"SERIAL_NUMBER": "",
"ACTIVATION_CODE": "",
"INTERFACE_SETTINGS": [
{
"INTERFACE": "",
"IP_ADDRESS": "",
"NETMASK": "",
"GATEWAY": "",
"LEASE": "",
"SPEED": "",
"DUPLEX": "",
"DNS": {
"DOMAIN": "",
"PRIMARY": "",
"SECONDARY": ""
}
},
{
"SETTING": "",
"INTERFACE": "",
"IP_ADDRESS": "",
"NETMASK": "",
"GATEWAY": "",
"LEASE": "",
"SPEED": "",
"DUPLEX": "",
"DNS": {
"PRIMARY": "",
"SECONDARY": ""
}
}
],
"PROXY_SETTINGS": {
"SETTING": "",
"PROXY": {
"IP_ADDRESS": "",
"PORT": "",
"USER": ""
}
},
"ML_LATEST": "",
"ML_VERSION": "",
"VULNSIGS_LATEST": "",
"VULNSIGS_VERSION": "",
"ASSET_GROUP_COUNT": "",
"ASSET_GROUP_LIST": {
"ASSET_GROUP": {
"ID": "",
"NAME": ""
}
},
"ASSET_TAGS_LIST": {
"ASSET_TAG": [
{
"UUID": "",
"NAME": ""
}
]
},
"LAST_UPDATED_DATE": "",
"POLLING_INTERVAL": "",
"USER_LOGIN": "",
"HEARTBEATS_MISSED": "",
"SS_CONNECTION": "",
"SS_LAST_CONNECTED": "",
"USER_LIST": "",
"UPDATED": "",
"COMMENTS": "",
"RUNNING_SCANS": {
"SCAN": {
"ID": "",
"TITLE": "",
"REF": "",
"TYPE": "",
"SCAN_DATE": ""
}
},
"MAX_CAPACITY_UNITS": ""
}
]
}
}
| Parameter | Description |
|---|---|
| Scan Title | (Optional) Title of the vulnerability scan that you want to run on the Qualys cloud. |
| Option Profile | Option based on which you want to run the vulnerability scan on the Qualys cloud. You must select Option ID or Option Title. If you choose 'Option ID'
|
| Processing Priority | (Optional) Processing priority level for the vulnerability scan that you want to run on the Qualys cloud. You can select any value between 0-9. If you do not choose any value, then the value of 0, i.e. no priority is assigned You can select from one of the following values: 0: No Priority (default value) 1: Emergency 2: Ultimate 3: Critical 4: Major 5: High 6: Standard 7: Medium 8: Minor 9: Low |
| Scanner Appliance | (Optional) Scanner Appliance that you want to use for the vulnerability scan that you want to run on the Qualys cloud. You must select Scanner ID or Scanner Name. If you choose 'Scanner ID'
|
| Default Scanner | (Optional) Select this option, i.e., set it to True, if you want to use the default scanner in each target asset group for the scan that you want to run on the Qualys cloud. |
| Choose Target Host to Scan From | (Optional) Assets: Specify the IP addresses/ranges and/or asset groups that you want to scan on the Qualys cloud. Tags: Specify the asset tags based on which you want to run the scan on the Qualys cloud. If you choose 'Assets'
|
| Runtime Http Header | (Optional) Sets a custom value in order to drop defenses (such as logging, IPs, etc.) when an authorized scan is being run. The value you enter will be used in the “Qualys-Scan:” header that will be set for many CGI and web application fingerprinting checks. Some discovery and web server fingerprinting checks will not use this header. |
| IP Network ID | (Optional) ID of a network used to filter the IP addresses or IP ranges specified in the IPs/Ranges parameter. Specify a custom network ID, or specify 0, which is the default for the Global Default Network - this is used to scan hosts outside of your custom networks. Note: This parameter is valid only when the Network Support feature is enabled for the user's account |
| Client ID | (Optional) Specify the ID of client (Consultant type subscription only) to be used for launching the scan. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": [
{
"KEY": "",
"VALUE": ""
}
]
}
}
| Parameter | Description |
|---|---|
| Scan Reference | (Optional) Scan Reference for which you want to retrieve vulnerability scan details from the Qualys cloud. For a vulnerability scan, the format is: scan/987659876.19876 |
| Scan State | (Optional) Scan state(s) for which you want to retrieve vulnerability scan details from the Qualys cloud. Select one or more scan states from the available options: Running, Paused, Canceled, Finished, Error, Queued (scan job is waiting to be distributed to scanner(s), or Loading (scanner(s) are finished, and scan results are being loaded onto the platform). |
| Scan Type | (Optional) Type of scan or which you want to retrieve vulnerability scan details from the Qualys cloud. You can select one of the following options: On Demand, Scheduled, or API. |
| Target IPs | (Optional) IP addresses whose vulnerability scan details you want to retrieve from the Qualys cloud. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-). |
| User Who Launched Scan | (Optional) Vulnerability scan details will be retrieved from the Qualys cloud based on the user login that you specify in this field. |
| Show Scan Launched After Datetime | (Optional) Retrieve vulnerability scan details for all vulnerability scans that were launched after the datetime you have specified in this field from the Qualys cloud. |
| Show Scan Launched Before Datetime | (Optional) Retrieve vulnerability scan details for all vulnerability scans that were launched before the datetime you have specified in this field from the Qualys cloud. |
| Processed Scan | (Optional) Process state(s) of the vulnerability scans whose details you want to retrieve from the Qualys cloud. You can select Show only Processed scans or Show scans that are not Processed scans. If you do not specify any option, then the scan list output is not filtered based on the processed state. |
| Show Asset Group Information | (Optional) Select this option, i.e., set it to True, to include asset group information for each vulnerability scan in the output. By default, this is set to False, and the asset group information is not included in the output. |
| Show Option Profile Information | (Optional) Select this option, i.e., set it to True, to include option profile information for each vulnerability scan in the output. By default, this is set to False, and the option profile information is not included in the output. |
| Show Scan Status | (Optional) Select this option, i.e., set it to True, to include the status information for each vulnerability scan in the output. By default, this is set to True. |
| Show Most Recent Scan | (Optional) Select this option, i.e., set it to True, to include only the most recent vulnerability scan (which meets all other search filters in the request) information in the output. By default, this is set to False, and all vulnerability scans are included in the output. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"SCAN_LIST": {
"SCAN": [
{
"REF": "",
"TYPE": "",
"TITLE": "",
"USER_LOGIN": "",
"LAUNCH_DATETIME": "",
"DURATION": "",
"PROCESSING_PRIORITY": "",
"PROCESSED": "",
"STATUS": {
"STATE": "",
"SUB_STATE": ""
},
"TARGET": ""
}
]
}
}
| Parameter | Description |
|---|---|
| Scan Reference | (Optional) Scan Reference for which you want to retrieve vulnerability management scan results from the Qualys cloud. Format for this field is: scan/987659876.19876 |
| IPs/Ranges | (Optional) IP addresses whose vulnerability management scan results you want to retrieve from the Qualys cloud. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-). |
| Scan Result Details | (Optional) Mode based on which information of the vulnerability management scan results will be retrieved from the Qualys cloud. You can enter choose from the following options: Brief: This is the default option, and it includes the IP address, DNS hostname, NetBIOS hostname, QID and scan test results if applicable. Extended: Includes the brief output plus following extended information: protocol, port, an SSL flag (“yes” is returned when SSL was used for the detection, “no” is returned when SSL was not used), and FQDN if applicable. |
| Download Result As an Attachment | (Optional) Select this option, i.e., set it to True to download VM scan results in a file and add it as an attachment in CyOPs™. The VM scan must have the status “Finished”, “Canceled”, “Paused” or “Error” in order to download the scan results. Clear this option, i.e., set it to False (default) to include VM scan results in the connector output. |
The output contains the following populated JSON schema:
{
"result": [
{
"instance": "",
"result": "",
"ssl": "",
"port": "",
"qid": "",
"fqdn": "",
"netbios": "",
"protocol": "",
"dns": "",
"ip": ""
}
]
}
| Parameter | Description |
|---|---|
| Action | Action that you want to perform on the vulnerability scan that you want to manage on the Qualys cloud. You must choose one of the following actions: Cancel: Stops a vulnerability scan that is in progress on the Qualys cloud. Pause: Stops a vulnerability scan that is in progress on the Qualys cloud and changes its status to Paused. Resume: Restarts a vulnerability scan that has been paused on the Qualys cloud. Delete: Deletes a vulnerability scan from your user account on the Qualys cloud. |
| Scan Reference | Reference of the vulnerability scan that you want to manage, i.e., on which you want to perform the specified action on the Qualys cloud. Format for this field is: scan/987659876.19876 |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": [
{
"KEY": "",
"VALUE": ""
}
]
}
}
| Parameter | Description |
|---|---|
| Scan Title | (Optional) Title of the compliance scan that you want to run on the Qualys cloud. |
| Option Profile | Option based on which you want to run the compliance scan on the Qualys cloud. You must select Option ID or Option Title. If you choose 'Option ID'
|
| Scanner Appliance | (Optional) Scanner Appliance that you want to use for the compliance scan that you want to run on the Qualys cloud. You must select Scanner ID or Scanner Name. If you choose 'Scanner ID'
|
| Default Scanner | (Optional) Select this option, i.e., set it to True, if you want to use the default scanner in each target asset group for the scan that you want to run on the Qualys cloud. |
| Choose Target Host to Scan From | (Optional) Targets on which you want to run the compliance scan on the Qualys cloud. You must select Assets or Tags. Assets: Specify the IP addresses/ranges and/or asset groups that you want to scan on the Qualys cloud. Tags: Specify the asset tags based on which you want to run the scan on the Qualys cloud. If you choose 'Assets'
|
| Runtime HTTP Header | (Optional) |
| IP Network ID | (Optional) ID of a network used to filter the IP addresses or IP ranges specified in the IPs/Ranges parameter. Specify a custom network ID, or specify 0, which is the default for the Global Default Network - this is used to scan hosts outside of your custom networks. Note: This parameter is valid only when the Network Support feature is enabled for the user's account |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": [
{
"KEY": "",
"VALUE": ""
}
]
}
}
| Parameter | Description |
|---|---|
| Scan ID | (Optional) ID of the scan for which you want to retrieve compliance scan details from the Qualys cloud. |
| Scan Reference | (Optional) Scan Reference for which you want to retrieve compliance scan details from the Qualys cloud. For a compliance scan, the format is: compliance/98765456.12345 |
| Scan State | (Optional) Scan state(s) for which you want to retrieve compliance scan details from the Qualys cloud. Select one or more scan states from the available options: Running, Paused, Canceled, Finished, Error, Queued (scan job is waiting to be distributed to scanner(s), or Loading (scanner(s) are finished, and scan results are being loaded onto the platform). |
| Scan Type | (Optional) Type of scan or which you want to retrieve compliance scan details from the Qualys cloud. You can select one of the following options: On Demand, Scheduled, or API. |
| Target IPs | (Optional) IP addresses whose compliance scan details you want to retrieve from the Qualys cloud. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-). |
| User Who Launched Scan | (Optional) Compliance scan details will be retrieved from the Qualys cloud based on the user login that you specify in this field. |
| Show Scan Launched After Datetime | (Optional) Retrieve compliance scan details for all vulnerability scans that were launched after the datetime you have specified in this field from the Qualys cloud. |
| Show Scan Launched Before Datetime | (Optional) Retrieve compliance scan details for all vulnerability scans that were launched after the datetime you have specified in this field from the Qualys cloud. |
| Processed Scans | (Optional) Process state(s) of the compliance scans whose details you want to retrieve from the Qualys cloud. You can select Show only Processed scans or Show scans that are not Processed scans. If you do not specify any option, then the scan list output is not filtered based on the processed state. |
| Show Asset Group Information | (Optional) Select this option, i.e., set it to True, to include asset group information for each compliance scan in the output. By default, this is set to False, and the asset group information is not included in the output. |
| Show Option Profile Information | (Optional) Select this option, i.e., set it to True, to include option profile information for each compliance scan in the output. By default, this is set to False, and the option profile information is not included in the output. |
| Show Scan Status | (Optional) Select this option, i.e., set it to True, to include the status information for each compliance scan in the output. By default, this is set to True. |
| Show Most Recent Scan | (Optional) Select this option, i.e., set it to True, to include only the most recent compliance scan (which meets all other search filters in the request) information in the output. By default, this is set to False, and all vulnerability scans are included in the output. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"SCAN_LIST": {
"SCAN": [
{
"ID": "",
"REF": "",
"TYPE": "",
"TITLE": "",
"USER_LOGIN": "",
"LAUNCH_DATETIME": "",
"DURATION": "",
"PROCESSED": "",
"STATUS": {
"STATE": ""
},
"TARGET": "",
"ASSET_GROUP_TITLE_LIST": {
"ASSET_GROUP_TITLE": ""
},
"OPTION_PROFILE": {
"TITLE": "",
"DEFAULT_FLAG": ""
}
}
]
}
}
| Parameter | Description |
|---|---|
| Scan Reference | (Optional) Reference of the scan for which you want to download compliance management scan results from the Qualys cloud. Format for this field is: scan/987659876.19876 |
| Download Result As an Attachment | (Optional) Select this option, i.e., set it to True to download PC scan results in a file and add it as an attachment in CyOPs™. The PC scan must have the status Finished in order to download the scan results.Clear this option, i.e., set it to False (default) to include PC scan results in the connector output. |
The output contains the following populated JSON schema:
{
"HEADER": {
"OPTION_PROFILE": {
"OPTION_PROFILE_TITLE": ""
},
"COMPANY_INFO": {
"CITY": "",
"STATE": "",
"ADDRESS": "",
"COUNTRY": "",
"NAME": "",
"ZIP_CODE": ""
},
"GENERATION_DATETIME": "",
"NAME": "",
"ASSET_GROUPS": {
"ASSET_GROUP": {
"ASSET_GROUP_TITLE": ""
}
},
"KEY": [],
"USER_INFO": {
"NAME": "",
"ROLE": "",
"USERNAME": ""
}
},
"APPENDIX": {
"OS_AUTH_BASED_TECHNOLOGY_LIST": "",
"TARGET_DISTRIBUTION": {
"SCANNER": {
"NAME": "",
"HOSTS": ""
}
},
"TARGET_HOSTS": {
"HOSTS_NOT_ALIVE": "",
"HOSTS_SCANNED": ""
}
}
}
| Parameter | Description |
|---|---|
| Action | Action that you want to perform on the compliance scan that you want to manage on the Qualys cloud. You must choose one of the following actions: Cancel: Stops a compliance scan that is in progress on the Qualys cloud. Pause: Stops a compliance scan that is in progress on the Qualys cloud and changes its status to Paused. Resume: Restarts a compliance scan that has been paused on the Qualys cloud. Delete: Deletes a compliance scan from your user account on the Qualys cloud. |
| Scan Reference | Reference of the compliance scan that you want to manage, i.e., on which you want to perform the specified action on the Qualys cloud. Format for this field is: compliance/98765456.12345 |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": [
{
"KEY": "",
"VALUE": ""
}
]
}
}
| Parameter | Description |
|---|---|
| Scan ID | (Optional) ID of the scan whose scan schedule you want to retrieve from the Qualys cloud. |
| Show Active/Deactive Schedule Scans | (Optional) You can select Show Deactivated Schedules or Show Active Schedules whose details you want to retrieve from the Qualys cloud. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"SCHEDULE_SCAN_LIST": {
"SCAN": [
{
"ID": "",
"ACTIVE": "",
"TITLE": "",
"USER_LOGIN": "",
"TARGET": "",
"ISCANNER_NAME": "",
"USER_ENTERED_IPS": {
"RANGE": [
{
"START": "",
"END": ""
},
{
"START": "",
"END": ""
}
]
},
"OPTION_PROFILE": {
"TITLE": "",
"DEFAULT_FLAG": ""
},
"PROCESSING_PRIORITY": "",
"SCHEDULE": {
"WEEKLY": "",
"START_DATE_UTC": "",
"START_HOUR": "",
"START_MINUTE": "",
"NEXTLAUNCH_UTC": "",
"TIME_ZONE": {
"TIME_ZONE_CODE": "",
"TIME_ZONE_DETAILS": ""
},
"DST_SELECTED": "",
"MAX_OCCURRENCE": ""
}
}
]
}
}
| Parameter | Description |
|---|---|
| CVE ID | (Optional) Specify the CVE ID whose details you want to fetch from Qualys.You can specify multiple CVE as comma-separated values. |
| Details | (Optional) Amount of vulnerability information that you want to retrieve from the Qualys cloud. You can choose from the following values: Basic (Default): Retrieves basic vulnerability information that includes basic elements plus CVSS Base and Temporal scores All: Retrieves all vulnerability information that includes all vulnerability details, including the Basic details from the Qualys cloud. None: Retrieves only the vulnerability IDs from the Qualys cloud |
| QIDs | (Optional) QIDs whose vulnerability information you want to retrieve from the Qualys cloud. In this case, vulnerability information of only those QIDs that have specified will be retrieved from the Qualys cloud. You can enter multiple hosts using a comma separator, or you can add a range of hosts using a hyphen (-). |
| Minimum QID | (Optional) Minimum QID value based on which you want to retrieve vulnerability information from the Qualys cloud. |
| Maximum QID | (Optional) Maximum QID value based on which you want to retrieve vulnerability information from the Qualys cloud. |
| Is Patchable | (Optional) Filter the output to include only vulnerabilities that are patchable or not patchable. You can choose from the following options: Show Vulnerabilities that are Patchable Show Vulnerabilities that are Not Patchable |
| Last Modified After | (Optional) Filter the output to include only those vulnerabilities that have been last modified after the datetime you have specified. The list of vulnerabilities will include vulnerabilities last modified by a user or by the service. |
| Last Modified Before | (Optional) Filter the output to include only those vulnerabilities that have been last modified before the datetime you have specified. The list of vulnerabilities will include vulnerabilities last modified by a user or by the service. |
| Last Modified By User After | (Optional) Filter the output to include only those vulnerabilities that have been last modified by the user after the datetime you have specified. |
| Last Modified By User Before | (Optional) Filter the output to include only those vulnerabilities that have been last modified by the user before the datetime you have specified. |
| Last Modified By Service After | (Optional) Filter the output to include only those vulnerabilities that have been last modified by the service after the datetime you have specified. |
| Last Modified By Service Before | (Optional) Filter the output to include only those vulnerabilities that have been last modified by the service before the datetime you have specified. |
| Published After | (Optional) Filter the output to include only those vulnerabilities that have been published after the datetime you have specified. |
| Published Before | (Optional) Filter the output to include only those vulnerabilities that have been published before the datetime you have specified. |
| Discovery Method | (Optional) Filter the output to include only those vulnerabilities that are assigned the specified discovery method. You can choose from the following options: Remote Authenticated Remote Only Authenticated Only |
| Discovery Authentication Types | (Optional) Filter the XML output to include only those vulnerabilities that have one or more specified authentication types. You can choose multiple values from the following options: Windows Oracle Unix SNMP DB2 HTTP MySQL VMware |
| Show PCI Reasons | (Optional) Select this option, i.e., set it to True,to include the reasons for passing or failing PCI compliance (when the CVSS Scoring feature is turned on in the user's subscription) in the output. Clear this option, i.e., set to False (default) to exclude the reasons the reasons for passing or failing PCI compliance from the output. |
| Show Supported Modules Information | (Optional) Select this option, i.e., set it to True, to include the supported Qualys modules that can be used to detect each vulnerability in the output. Clear this option, i.e., set to False (default) to exclude the supported modules from the output. |
| Show Disabled Flag | (Optional) Select this option, i.e., set it to True, to include the disabled flag for each vulnerability in the output. Clear this option, i.e., set to False (default) to exclude the disabled flag for each vulnerability from the output. |
| Show QID Change Log | (Optional) Select this option, i.e., set it to True, to include QID changes for each vulnerability in output. Clear this option, i.e., set to False (default) to exclude QID changes for each vulnerability from the output |
| Download Result As an Attachment | (Optional) Select this option, i.e., set it to True to add vulnerability results in a file and add it as an attachment in CyOPs™. Clear this option, i.e., set it to False (default) to include vulnerability results in the connector output. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"VULN_LIST": {
"VULN": [
{
"QID": "",
"VULN_TYPE": "",
"SEVERITY_LEVEL": "",
"TITLE": "",
"CATEGORY": "",
"LAST_SERVICE_MODIFICATION_DATETIME": "",
"PUBLISHED_DATETIME": "",
"BUGTRAQ_LIST": {
"BUGTRAQ": [
{
"ID": "",
"URL": ""
}
]
},
"PATCHABLE": "",
"SOFTWARE_LIST": {
"SOFTWARE": {
"PRODUCT": "",
"VENDOR": ""
}
},
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": {
"ID": "",
"URL": ""
}
},
"CVE_LIST": {
"CVE": [
{
"ID": "",
"URL": ""
}
]
},
"DIAGNOSIS": "",
"CONSEQUENCE": "",
"SOLUTION": "",
"PCI_FLAG": "",
"DISCOVERY": {
"REMOTE": "",
"AUTH_TYPE_LIST": {
"AUTH_TYPE": ""
},
"ADDITIONAL_INFO": ""
}
}
]
}
}
None.
The output contains the following populated JSON schema:
{
"REPORT_TEMPLATE": [
{
"ID": "",
"TYPE": "",
"TEMPLATE_TYPE": "",
"TITLE": "",
"USER": {
"LOGIN": "",
"FIRSTNAME": "",
"LASTNAME": ""
},
"LAST_UPDATE": "",
"GLOBAL": ""
}
]
}
| Parameter | Description |
|---|---|
| Scheduled Report ID | ID of the scheduled report that you want to launch on the Qualys cloud. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Template ID | ID of the template of the scan-based findings report that you want to launch on the Qualys cloud. |
| Report Title | (Optional) Title of the scan-based findings report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters. |
| Scan References | Scan Reference based on which you want to launch the scan-based findings report on the Qualys cloud. Format for this field is: scan/1532543415.81997 You can enter multiple scan references using a comma separator. |
| Output Format | Format of the scan-based findings report that you want to launch on the Qualys cloud. You can choose from the following options: PDF HTML MHT XMLbCSV Docx Note: Based on the output format that you choose, you might require to specify other parameters. For the PDF output, enter the following parameters: In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account. In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. For the CSV output, you can select the Hide Header checkbox, i.e., set it to True, to omit the header information from the report. By default, this is set to False, i.e., Header information is included in the report If you choose 'CSV'
|
| IP Restriction | (Optional) Important: Currently, this functionality is not available for this report type. Qualys might provide this functionality in the future. This field is used to restrict the scan report content to only the IP addresses you have specified. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-). |
| Use Tags | (Optional) Select this option, i.e., set it to True, to include assets tags in the scan-based findings report. By default, this is set to False, i.e., to include IP addresses/ranges and/or asset groups in the report. If you set the Use Tags parameter as True, then you can optionally specify the following parameters: If you choose 'False'
|
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Template ID | ID of the template of the host-based findings report that you want to launch on the Qualys cloud. |
| Report Title | (Optional) Title of the host-based findings report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters. |
| Output Format | Format of the scan-based findings report that you want to launch on the Qualys cloud. You can choose from the following options: PDF HTML MHT XMLbCSV Docx Note: Based on the output format that you choose, you might require to specify other parameters. For the PDF output, enter the following parameters: In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account. In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. For the CSV output, you can select the Hide Header checkbox, i.e., set it to True, to omit the header information from the report. By default, this is set to False, i.e., Header information is included in the report If you choose 'CSV'
|
| IPs Network ID | (Optional) Enter the IPs network ID to restrict the scan report content to only the IPs network ID you have specified. |
| Use Tags | (Optional) Select this option, i.e., set it to True, to include assets tags in the host-based findings report. By default, this is set to False, i.e., to include IP addresses/ranges and/or asset groups in the host-based findings report. If you set the Use Tags parameter as True, then you can optionally specify the following parameters: If you choose 'False'
|
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Template ID | ID of the template of the patch report that you want to launch on the Qualys cloud. |
| Report Title | (Optional) Title of the patch report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters. |
| Output Format | Format of the patch report that you want to launch on the Qualys cloud. You can choose from the following options: PDF Online XML CSV Note: Based on the output format that you choose, you might require to specify other parameters. For the PDF output, enter the following parameters: In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account. In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. For the CSV output, you can select the Hide Header checkbox, i.e., set it to True, to omit the header information from the report. By default, this is set to False, i.e., Header information is included in the report If you choose 'CSV'
|
| Use Tags | (Optional) Select this option, i.e., set it to True, to include assets tags in the patch report. By default, this is set to False, i.e., to include IP addresses/ranges and/or asset groups in the report. If you choose 'False'
|
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Template ID | ID of the template of the remediation report that you want to launch on the Qualys cloud. |
| Report Title | (Optional) Title of the remediation report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters. |
| Output Format | Format of the remediation report that you want to launch on the Qualys cloud. You can choose from the following options: PDF HTML MHT CSV Note: Based on the output format that you choose, you might require to specify other parameters. For the PDF output, enter the following parameters: In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account. In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. For the CSV output, you can select the Hide Header checkbox, i.e., set it to True, to omit the header information from the report. By default, this is set to False, i.e., Header information is included in the report If you choose 'CSV'
|
| Assignee Type | Select User in this field to specify that the remediation report will include tickets that are assigned to the current user only (User is set by default). Select All in this field to specify that the remediation report will include all the tickets in the user's account. |
| Use Tags | (Optional) Select this option, i.e., set it to True, to include assets tags in the report. By default, this is set to False, i.e., to include IP addresses/ranges and/or asset groups in the remediation report. If you set the Use Tags parameter as True, then you can optionally specify the following parameters: If you choose 'False'
|
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Template ID | ID of the template of the compliance report that you want to launch on the Qualys cloud. |
| Report Title | (Optional) Title of the compliance report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters. |
| Output Format | Format of the compliance report that you want to launch on the Qualys cloud. You can choose from the following options: PDF HTML MHT CSV Note: Based on the output format that you choose, you might require to specify other parameters. For the PDF output, enter the following parameters: In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account. In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. For the CSV output, you can select the Hide Header checkbox, i.e., set it to True, to omit the header information from the report. By default, this is set to False, i.e., Header information is included in the report If you choose 'CSV'
|
| Scan References | (Optional) (Required for PCI compliance report) For a PCI compliance report, either the technical or executive report, this parameter specifies the scan reference to include. The scan reference must be for a scan that was run using the PCI Options profile. Only one scan reference may be specified. Format for this field is: scan/1532543415.81997 |
| IPs/Ranges | (Optional) IP addresses or a range of IP addresses based on which you want to launch the compliance report on the Qualys cloud. You can enter multiple IP addresses using a comma separator, or you can add a range of IP addresses using a hyphen (-). |
| Asset Group IDS | (Optional) Asset Group IDs based on which you want to launch the compliance report on the Qualys cloud. You can enter multiple IDs using a comma separator, or you can add a range of IDs using a hyphen (-). |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Template ID | ID of the template of the compliance policy report that you want to launch on the Qualys cloud. |
| Report Title | (Optional) Title of the compliance policy report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters. |
| Output Format | Format of the compliance policy report that you want to launch on the Qualys cloud. You can choose from the following options: PDF HTML MHT XML CSV Note: Based on the output format that you choose, you might require to specify other parameters. For the PDF output, enter the following parameters: In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account. In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. For the CSV output, you can select the Hide Header checkbox, i.e., set it to True, to omit the header information from the report. By default, this is set to False, i.e., Header information is included in the report If you choose 'CSV'
|
| Policy ID | ID of the compliance policy based on which you want to launch the compliance policy report on the Qualys cloud. |
| Host ID | (Optional) ID of the host, if you want to launch the compliance policy report on the Qualys cloud based on only a single host instance. Important: Specify the Host ID parameter, if you are specifying the Instance String parameter. |
| Instance String | (Optional) Single instance on the host that you have specified. You can enter the instance string in the format as: “os” or in a a string-like format: “oracle10:1:1521:ora10204u” |
| Use Tags | (Optional) Select this option, i.e., set it to True, to include assets tags in the compliance policy report. By default, this is set to False, i.e., to include IP addresses/ranges and/or asset groups in the compliance report. If you set the Use Tags parameter as True, then you can optionally specify the following parameters: If you choose 'False'
|
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Scorecard Type | Type of the vulnerability scorecard report you want to launch on the Qualys cloud. You can choose from the following options: Service Provided Scorecard or User Created Scorecard. If you choose 'Service Provided Scorecard'
|
| Report Title | (Optional) Title of the scorecard report that you want to launch on the Qualys cloud. A title can have a maximum of 128 characters. Note: If you do not specify a report title, then the scorecard name will become the report title also. |
| Output Format | Format of the scorecard policy report that you want to launch on the Qualys cloud. You can choose from the following options: You can choose from the following options: PDF HTML MHT XML CSV Note: Based on the output format that you choose, you might require to specify other parameters. For the PDF output, enter the following parameters: In the PDF Password field, enter the password to be used for encryption. This information is valid and required when secure PDF distribution is enabled for the user's account. In the Recipient Group ID field, enter the IDs of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group IDs using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. In the Recipient Group field, enter the names of the one or more distribution groups to whom this report should be distributed. You can enter multiple distribution group names using a comma separator. You can specify either the Recipient Group IDs or the Recipient Groups but not both. For the CSV output, you can select the Hide Header checkbox, i.e., set it to True, to omit the header information from the report. By default, this is set to False, i.e., Header information is included in the report If you choose 'CSV'
|
| Source | (Optional) Source asset groups based on which you want to launch the scorecard report on the Qualys cloud. You can choose from the following options: Asset Groups: This is the default option and select this option launch a scorecard report with all assets groups. Business Unit: Select this option to launch a scorecard report with all assets groups in a particular business unit. Note: Based on the source that you choose, you might require to specify other parameters. If you choose 'Asset Groups'
|
| Patch QIDs | (Optional) Patch QIDs for vulnerabilities or potential vulnerabilities with available patches, when these detected on the host, this means the host does not have the patches installed, and it will be reported in the scorecard output. You can enter multiple patch QIDs, up to a maximum of 10, using a comma separator. Note: Valid and required in case of a Patch Scorecard Report. |
| Missing QIDs | (Optional) Missing software QIDs when not detected on host means the host is missing software and it will be reported in the scorecard output. You can enter multiple patch QIDs, up to a maximum of 2, using a comma separator. Note: Valid and required in case of a Patch Scorecard Report. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Report ID | ID of a saved report that you want to download in the user's account on the Qualys cloud. Note: To download a saved report, the status of the report must be Finished. |
The output contains the following populated JSON schema:
{
"name": "",
"@id": "",
"type": "",
"file": {
"uploadDate": "",
"@type": "",
"@id": "",
"file": {
"@type": ""
},
"owners": "",
"@context": "",
"filename": "",
"metadata": "",
"size": "",
"mimeType": ""
},
"createDate": "",
"description": "",
"modifyUser": {
"avatar": "",
"@id": "",
"modifyDate": "",
"userType": "",
"createDate": "",
"modifyUser": "",
"@type": "",
"@settings": "",
"createUser": "",
"id": "",
"userId": "",
"name": ""
},
"@type": "",
"@context": "",
"modifyDate": "",
"createUser": {
"avatar": "",
"@id": "",
"modifyDate": "",
"userType": "",
"createDate": "",
"modifyUser": "",
"@type": "",
"@settings": "",
"createUser": "",
"id": "",
"userId": "",
"name": ""
},
"id": ""
}
| Parameter | Description |
|---|---|
| Report ID | (Optional) ID of the report that is saved in the user's Report Share storage space, whose details you want to retrieve from the Qualys cloud. |
| Report State | (Optional) State of the report that is saved in the user's Report Share storage space, whose details you want to retrieve from the Qualys cloud. You can select from the available options: Running (reports are in progress), Finished, Submitted, Canceled or Errors. |
| User User Who Launched Report | (Optional) Login of the user who has launched the report in the user's Report Share, whose details you want to retrieve from the Qualys cloud. |
| Show Reports Expires Before Datetime | (Optional) Retrieve those reports from the Qualys cloud that expire before the datetime that you specify in this field. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"REPORT_LIST": {
"REPORT": [
{
"ID": "",
"TITLE": "",
"TYPE": "",
"USER_LOGIN": "",
"LAUNCH_DATETIME": "",
"OUTPUT_FORMAT": "",
"SIZE": "",
"STATUS": {
"STATE": ""
},
"EXPIRATION_DATETIME": ""
}
]
}
}
| Parameter | Description |
|---|---|
| Report ID | (Optional) ID of the scheduled report that is saved in the user's Report Share storage space, whose details you want to retrieve from the Qualys cloud. |
| Is Active | (Optional) Filter the output to include only reports that are Active or Inactive. You can choose from the following options: List Active Scheduled Reports only List Inactive Scheduled Reports only |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"SCHEDULE_REPORT_LIST": {
"REPORT": [
{
"ID": "",
"TITLE": "",
"OUTPUT_FORMAT": "",
"TEMPLATE_TITLE": "",
"ACTIVE": "",
"SCHEDULE": {
"DAILY": "",
"START_DATE_UTC": "",
"START_HOUR": "",
"START_MINUTE": "",
"TIME_ZONE": {
"TIME_ZONE_CODE": "",
"TIME_ZONE_DETAILS": ""
},
"DST_SELECTED": "",
"MAX_OCCURRENCE": ""
}
}
]
}
}
| Parameter | Description |
|---|---|
| Report ID | ID of a saved report that you want to delete from the user's account on the Qualys cloud. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"TEXT": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Search List ID | (Optional) Specify search list ID to fetch its details. You can specify multiple IDs as comma separated values. |
The output contains the following populated JSON schema:
{
"DATETIME": "",
"STATIC_LISTS": {
"STATIC_LIST": [
{
"ID": "",
"QIDS": {
"QID": []
},
"OWNER": "",
"TITLE": "",
"GLOBAL": "",
"CREATED": "",
"COMMENTS": "",
"MODIFIED": "",
"MODIFIED_BY": ""
}
]
}
}
| Parameter | Description |
|---|---|
| Title | Specify a user defined search list title. Maximum is 256 characters (ascii). |
| QIDs | Specify QIDs to include in the search list. Ranges are allowed. You can specify multiple IDs as comma separated values. |
| Make global search list | (Optional) Select this option, i.e., set it to True, to make this a global search list that makes it available to all subscription users. By default, this is set to False. |
| Comments | (Optional) Specify the comments to include in static search list. |
The output contains the following populated JSON schema:
{
"TEXT": "",
"DATETIME": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Search List ID | Specify the ID of the search list you want to update. |
| Title | (Optional) Specify a user defined search list title. Maximum is 256 characters (ascii). |
| Make global search list | (Optional) Select this option, i.e., set it to True, to make this a global search list that makes it available to all subscription users. By default, this is set to False. |
| Operation to Perform on QIDs | (Optional) Select an operation to perform on the QIDs. You can choose from the following options:
|
| Comments | (Optional) Specify the comments to include in static search list. |
The output contains the following populated JSON schema:
{
"TEXT": "",
"DATETIME": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Search List ID | Specify the ID of the search list you want to delete. |
The output contains the following populated JSON schema:
{
"TEXT": "",
"DATETIME": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Title | Specify the title with which you want to create vm option profile. |
| Scan TCP Ports | Select the scan type for scanning TCP ports. You can choose from the following options:
NOTE: Qualys scans only the standard list of ports unless a different option is selcted in the profile. |
| Scan UDP Ports | Select the scan type for scanning UDP ports. You can choose from the following options:
NOTE: Qualys scans only the standard list of ports unless a different option is selcted in the profile. |
| Vulnerability Detection | Select the scan type for scanning vulnerabilities. You can choose from the following options:
NOTE: Qualys scans only the standard list of ports unless a different option is selcted in the profile. |
| Basic Information Gathering | Select the basic information gathering type. You can choose from the following options:
|
| Additional Parameters | (Optional) Specify additional parameters with which to create a VM option profile in Qualys. For more information, refer to the section Create VM Option Profile in the Qualys API documentation available at https://cdn2.qualys.com/docs/qualys-api-vmpc-user-guide.pdf. |
The output contains the following populated JSON schema:
{
"TEXT": "",
"DATETIME": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Option Profile ID | Specify the ID of the option profile you want to update. |
| Additional Parameters | (Optional) Specify additional parameters to update VM option profile in Qualys. |
The output contains the following populated JSON schema:
{
"TEXT": "",
"DATETIME": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Additional Parameters | (Optional) Specify additional parameters with which to filter VM option profile in Qualys. |
The output contains the following populated JSON schema:
{
"OPTION_PROFILE": [
{
"MAP": {
"MAP_OPTIONS": {
"DISABLE_DNS_TRAFFIC": "",
"PERFORM_LIVE_HOST_SWEEP": ""
},
"MAP_PERFORMANCE": {
"MAP_PARALLEL": {
"NETBLOCK_SIZE": "",
"EXTERNAL_SCANNERS": "",
"SCANNER_APPLIANCES": ""
},
"PACKET_DELAY": "",
"OVERALL_PERFORMANCE": ""
},
"MAP_AUTHENTICATION": "",
"BASIC_INFO_GATHERING_ON": ""
},
"SCAN": {
"PORTS": {
"TCP_PORTS": {
"TCP_PORTS_TYPE": "",
"THREE_WAY_HANDSHAKE": ""
},
"UDP_PORTS": {
"UDP_PORTS_TYPE": ""
},
"AUTHORITATIVE_OPTION": ""
},
"PERFORMANCE": {
"PACKET_DELAY": "",
"HOSTS_TO_SCAN": {
"EXTERNAL_SCANNERS": "",
"SCANNER_APPLIANCES": ""
},
"PARALLEL_SCALING": "",
"PROCESSES_TO_RUN": {
"HTTP_PROCESSES": "",
"TOTAL_PROCESSES": ""
},
"OVERALL_PERFORMANCE": "",
"PORT_SCANNING_AND_HOST_DISCOVERY": ""
},
"SCAN_DEAD_HOSTS": "",
"ADDL_CERT_DETECTION": "",
"LOAD_BALANCER_DETECTION": "",
"VULNERABILITY_DETECTION": {
"CUSTOM_LIST": {
"CUSTOM": {
"ID": "",
"TITLE": ""
}
},
"DETECTION_INCLUDE": {
"OVAL_CHECKS": "",
"BASIC_HOST_INFO_CHECKS": ""
}
},
"PURGE_OLD_HOST_OS_CHANGED": ""
},
"ADDITIONAL": {
"HOST_DISCOVERY": {
"ICMP": "",
"TCP_PORTS": {
"STANDARD_SCAN": ""
},
"UDP_PORTS": {
"STANDARD_SCAN": ""
}
},
"PACKET_OPTIONS": {
"IGNORE_ALL_TCP_RST": "",
"IGNORE_FIREWALL_GENERATED_TCP_RST": "",
"IGNORE_FIREWALL_GENERATED_TCP_SYN_ACK": "",
"NOT_SEND_TCP_ACK_OR_SYN_ACK_DURING_HOST_DISCOVERY": ""
}
},
"BASIC_INFO": {
"ID": "",
"UNIT_ID": "",
"USER_ID": "",
"IS_GLOBAL": "",
"GROUP_NAME": "",
"GROUP_TYPE": "",
"IS_DEFAULT": "",
"UPDATE_DATE": "",
"SUBSCRIPTION_ID": "",
"IS_OFFLINE_SYNCABLE": ""
}
}
]
}
| Parameter | Description |
|---|---|
| Option Profile ID | Specify the ID of the option profile to delete. |
The output contains the following populated JSON schema:
{
"TEXT": "",
"DATETIME": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Output Format | Select the output format of the asset search report. You can choose from the following options:
|
| Additional Parameters | (Optional) Specify additional parameters with which to filter asset search report in Qualys. |
| Download Result As an Attachment | (Optional) Select this option, i.e., set it to True to add asset search report in a file and add it as an attachment in FortiSOAR™. Clear this option, i.e., set it to False (default) to include the result in the connector output. |
The output contains the following populated JSON schema:
{
"TEXT": "",
"DATETIME": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Title | Specify the asset group title. This name must be unique and cannot be All. |
| Network ID | (Optional) Specify the network ID of the network to which to assign the asset group. |
| Additional Parameters | (Optional) Specify additional parameters with which to create the asset group in Qualys. |
The output contains the following populated JSON schema:
{
"TEXT": "",
"DATETIME": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Asset Group ID | Specify the ID of the asset group to edit. |
| Additional Parameters | (Optional) Specify additional parameters to edit in the asset group in Qualys. |
The output contains the following populated JSON schema:
{
"TEXT": "",
"DATETIME": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
| Parameter | Description |
|---|---|
| Asset Group ID | Specify the ID of the asset group to delete. |
The output contains the following populated JSON schema:
{
"TEXT": "",
"DATETIME": "",
"ITEM_LIST": {
"ITEM": {
"KEY": "",
"VALUE": ""
}
}
}
The Sample - Qualys - 1.1.0 playbook collection comes bundled with the Qualys connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Qualys connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.