Qualys VMDR
App Vendor: Qualys
App Category: Vulnerability Management
Connector Version: 1.3.0
About App
The Qualys VMDR app allows security teams to integrate with the Qualys VMDR enterprise application. The app helps Analysts automate the tasks of identifying assets, prioritizing threats, and detecting patches to identify and respond to vulnerabilities.
The Qualys VMDR app in the Orchestrate application can perform the following actions:
Action Name | Description |
|---|---|
Download a list of hosts | This action can be used to download a list of hosts with the latest vulnerability data, based on the host scan data available in the user’s account. |
Get a List of IP Addresses | This action can be used to retrieve a list of IP addresses in the user's account. |
Get KBs for CVE | This action retrieves KBs associated with the specified CVE. |
Search KBs | This action searches for KB articles based on the given criteria. |
Add IP Addresses | This action can be used to add IP addresses in the user's subscription. Once added they are available for scanning and reporting. |
Update IP Addresses | This action can be used to update IP addresses in the user's subscription. Once added they are available for scanning and reporting. |
Get a List of Hosts | This action can be used to retrieve a list of scanned hosts from the user’s account. |
Download a Report | This action can be used to download a saved report in the user’s account. All report types namely, map, scan, patch, authentication, scorecard, remediation, and compliance can be downloaded. |
Get a List of Restricted IP Addresses | This action can be used to list restricted IPs within the user's subscription. |
Manage Restricted IP Addresses | This action can be used to add, clear, delete, and replace restricted IP addresses within the user's subscription. |
Get a List of Asset Groups | This action can be used to list Asset Groups in the user’s account. |
Create a Dynamic Search List | This action creates a dynamic search list in the user's account. |
Get a List of Dynamic Search | This action retrieves a list of dynamic searches from the user's account. |
Create Asset Groups | This action can be used to create asset groups in the user’s account. |
Purge Hosts | This action can be used to purge hosts in your account to remove the assessment data associated with them. |
Get a List of all Patches | This action can be used to retrieve a list of all superseding patches for detection on a specific host. |
Get Vulnerability Scan Details | This action can be used to retrieve vulnerability scans from the user’s account. By default, the XML output retrieves scans launched in the past 30 days. |
Launch VM Scan | This action can be used to launch a vulnerability scan in the user’s account. |
List Compliance Scans | This action can be used to retrieve compliance scans in your account. By default, the XML output retrieves scans launched in the past 30 days. |
Launch Compliance Scan | This action can be used to launch a compliance scan in the user’s account. |
Get a List of Reports | This action can be used to view a list of reports in the user’s account when "Report Share" feature is enabled. |
Generic Action | This is a generic action used to make requests to any Qualys VMDR endpoint. |
Prerequisites
All the actions configured in the Qualys VMDR app relate to private APIs. Qualys VMDR Enterprise subscription is required to access private APIs.
Configuration Parameters
The following configuration parameters are required for the Qualys VMDR app to communicate with Qualys VMDR enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the Qualys VMDR base URL. | Text | Required | |
Username | Enter the Qualys VMDR username. | Text | Required | |
Password | Enter the Qualys VMDR password. | Password | Required | |
SSL verification | Optional preference to either verify or skip the SSL certificate verification. | Boolean | Optional | Allowed values: true, false By default, the value is false. |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Qualys VMDR. | Integer | Optional | Allowed range: 15-120 Default value: 15 |
Action: Download a list of hosts
This action can be used to download a list of hosts with the hosts latest vulnerability data, based on the host scan data available in the user’s account.
Action Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Additional parameters | Enter additional parameters in the form of key-value pairs to filter results. For example, {"vm_scan_since": "2021-04-01"} | Key Value | Optional | Allowed parameters are os_pattern, truncation_limit, ips, ag_titles, ids, network_ids, no_vm_scan_since, vm_scan_since, no_compliance_scan_since, use_tags, tag_set_by, tag_include_selector, tag_exclude_selector, tag_set_include, tag_set_exclude, show_tags, host_metadata, host_metadata_fields, show_cloud_tags, cloud_tag_fields, limit, and details. |
Example Request
[
{
"params":
{
"vm_scan_since": "2021-04-01"
}
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.Qualys | Object | Qualys-specific data |
app_instance.Qualys.Endpoint | Array | An array of endpoint objects |
app_instance.Qualys.Endpoint.DNS | String | The DNS name of the endpoint |
app_instance.Qualys.Endpoint.DNS_DATA | Object | DNS data related to the endpoint |
app_instance.Qualys.Endpoint.DNS_DATA.DOMAIN | String | The domain name of the endpoint |
app_instance.Qualys.Endpoint.DNS_DATA.FQDN | String | The fully qualified domain name of the endpoint |
app_instance.Qualys.Endpoint.DNS_DATA.HOSTNAME | String | The hostname of the endpoint |
app_instance.Qualys.Endpoint.ID | String | The unique identifier of the endpoint |
app_instance.Qualys.Endpoint.IP | String | The IP address of the endpoint |
app_instance.Qualys.Endpoint.OS | String | The operating system of the endpoint. Example: Linux 3.13 |
app_instance.Qualys.Endpoint.TAGS | Object | Tags associated with the endpoint |
app_instance.Qualys.Endpoint.TAGS.TAG | Object | A single tag associated with the endpoint |
app_instance.Qualys.Endpoint.TAGS.TAG.NAME | String | The name of the tag. Example: Internet Facing Assets |
app_instance.Qualys.Endpoint.TAGS.TAG.TAG_ID | String | The unique identifier of the tag. Example: 31029217 |
app_instance.Qualys.Endpoint.TRACKING_METHOD | String | The tracking method used for the endpoint (e.g., "IP") |
Action: Get a list of IP addresses
This action can be used to retrieve a list of IP addresses in the user's account.
Action Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Additional parameters | Enter additional parameters in the form of key-value pairs to filter results. For example, "ips": "1.1.1.1-1.1.1.5" | Key Value | Optional | Allowed keys are ips, network_id, tracking_method, compliance_enabled, certview_enabled, and limit. |
[
{
"params":
{
"ips": "1.1.1.1-1.1.1.5"
}
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.Qualys.IP.Address | Unknown | IP addresses from Qualys |
app_instance.Qualys.IP.Range | Unknown | IP range |
Action: Get KBs for CVE
This action retrieves KBs associated with the specified CVE.
Action Input Parameter
Parameter | Description | Field Type | Required/Optional | Comments |
CVE | Enter the CVE to retrieve KB articles associated with it. Example: CVE-2020-2022 | Text | Required |
Action: Search KBs
This action searches for KB articles based on the given criteria.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
Last Modified After | Enter the date and time to show KBs modified after this date. The date/time is specified in YYYY-MMDD[THH:MM:SSZ] format (UTC/GMT). Example: 2021-10-1, 2021-10-1T12:00:01Z | Text | Optional | |
Last Modified Before | Enter the date and time to show KBs modified before this date. The date/time is specified in YYYY-MMDD[THH:MM:SSZ] format (UTC/GMT). Example: 2021-10-1, 2021-10-1T12:00:01Z | Text | Optional | |
Published After | Enter the date to show KBs published after this date. The date/time is specified in YYYY-MMDD[THH:MM:SSZ] format (UTC/GMT). Example: 2021-10-1, 2021-10-1T12:00:01Z | Text | Optional | |
Published Before | Enter the date to show KBs published before this date. The date/time is specified in YYYY-MMDD[THH:MM:SSZ] format (UTC/GMT). Example: 2021-10-1, 2021-10-1T12:00:01Z | Text | Optional | |
ID Min | Enter the QID to filter the response to retrieve vulnerabilities that have a QID number greater than or equal to the specified QID number. Example: 35010 | Text | Optional | |
ID Max | Enter the QID to filter the response to retrieve vulnerabilities that have a QID number less than or equal to the specified QID number. Example: 35010 | Text | Optional | The default value is 15. |
IDs | Enter the IDs to retrieve the vulnerabilities that have QID numbers matching the QID numbers you specify. This is a comma separated list of values for multiple QIDs Example: 35010 or 13523, 10501 | Text | Optional | |
Is Patchable | Enter the value to filter the XML output to show only vulnerabilities that are patchable or not patchable. A vulnerability is considered patchable when a patch exists for it. | Text | Optional | When 1 is specified, only vulnerabilities that are patchable will be included in the output. When 0 is specified, only vulnerabilities that are not patchable will be included in the output. |
Action: Add IP addresses
This action can be used to add IP addresses to the user's subscription. Once added they are available for scanning and reporting.
Action Input Parameter
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
IP addresses | Enter IPs to be added. Multiple IPs/ranges can be added as comma-separated values. An IP range is specified with a hyphen. For example, 10.10.30.1-10.10.30.50. | Text | Required | |
Additional parameters | Enter additional parameters in the form of key-value pairs to filter results. For example, "ips": "1.1.2.3" | Key Value | Optional | Allowed keys are ips, tracking_method, enable_vm, enable_pc, owner, ud1, ud2, ud3, comment, ag_title, and enable_certview. |
Example Request
[
{
"ips": "10.10.30.1-10.10.30.50"
"params":
{
"<key>": "<value>"
}
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.Qualys.IP.Add.TEXT | String | Action result message. Example: IPs successfully added to Vulnerability Management |
app_instance.Qualys.IP.Add.DATETIME | Date | Date & time of the action. Example: 2021-05-30T08:47:50Z |
Action: Update IP addresses
This action can be used to update IP addresses in the user's subscription. Once added they are available for scanning and reporting.
Action Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
IP addresses | Enter the IPs to be updated. Multiple IPs/ranges can be added as comma-separated values. An IP range is specified with a hyphen. Example: 10.10.30.1-10.10.30.50. | Text | Required | CIDR notation is supported. |
Additional Parameters | Enter additional parameters in the form of key-value pairs to filter results. | Key Value | Optional | Allowed keys: ips, network_id, host_dns, host_netbios, tracking_method, owner, ud1, ud2, ud3, and comment |
Additional Data | Enter the additional data to pass to the API. | Key Value | Required | Allowed keys: tracking_method, comment, host_dns, host_netbios |
Example Request
[
{
"ips": "10.10.30.1-10.10.30.50"
"params":
{
"<key>": "<value>"
}
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.Qualys.IP.Add.TEXT | String | Action result message. Example: IPs successfully updated |
app_instance.Qualys.IP.Add.DATETIME | Date | Date & time of the action. Example: 2021-05-30T08:47:50Z |
Action: Get a list of hosts
This action can be used to retrieve a list of scanned hosts from the user’s account.
Action Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Additional parameters | Enter additional parameters in the form of key-value pairs to filter results. For example, "<key>": "<value>" | Key Value | Optional |
Example Request
[
{
"ips": "10.10.30.1-10.10.30.50"
"params":
{
"<key>": "<value>"
}
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.Qualys.Endpoint.ID | Unknown | Endpoint ID. |
app_instance.Qualys.Endpoint.IP | Unknown | IP address associated with host |
app_instance.Qualys.Endpoint.CLOUD_PROVIDER | Unknown | Host's cloud provider. |
app_instance.Qualys.Endpoint.DNS | Unknown | DNS associated with host |
app_instance.Qualys.Endpoint.EC2_INSTANCE_ID | Unknown | The EC2 instance ID |
app_instance.Qualys.Endpoint.QG_HOSTID | Unknown | The QG host ID |
app_instance.Qualys.Endpoint.CLOUD_SERVICE | Unknown | Cloud service of the endpoint. |
app_instance.Qualys.Endpoint.TRACKING_METHOD | Unknown | Tracking method of the endpoint. |
app_instance.Qualys.Endpoint.CLOUD_RESOURCE_ID | Unknown | Cloud resource ID of the endpoint. |
app_instance.Qualys.Endpoint.DNS_DATA.DOMAIN | Unknown | Domain of the endpoint. |
app_instance.Qualys.Endpoint.DNS_DATA.HOSTNAME | Unknown | Host name of the endpoint. |
app_instance.Qualys.Endpoint.NETBIOS | Unknown | The NTEBIOS associated. |
app_instance.Qualys.Endpoint.OS | Unknown | Endpoint operating system. |
Action: Download a Report
This action can be used to download a saved report in the user’s account. All report types namely, map, scan, patch, authentication, scorecard, remediation, compliance can be downloaded.
Action Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Report ID | Enter the report ID of a saved report that you want to download. For example, <Sample Report ID> | Text | Required | The status of the report must be "finished". |
Additional parameters | Enter additional parameters to filter results in the form of key-value pairs. For example, "<Key>": "<Value>" | Key Value | Optional | Allowed key is file_format. Possible values are: pdf, html, mht, xml, csv, docx, online. |
Example Request
[
{
"report_id": "<Sample Report ID>",
"params":
{
"<Key>": "<Value>"
}
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.InfoFile.Name | Unknown | The file name. |
app_instance.InfoFile.EntryID | Unknown | The ID for locating the file in the War Room. |
app_instance.InfoFile.Size | Unknown | The size of the file (in bytes). |
app_instance.InfoFile.Type | Unknown | The file type, as determined by libmagic (same as displayed in file entries). |
app_instance.InfoFile.Extension | Unknown | The file extension. |
app_instance.InfoFile.Info | Unknown | Basic information about the file. |
Action: Get a list of restricted IP addresses
This action can be used to list restricted IPs within the user's subscription.
Action Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Additional parameters | Enter additional parameters to filter results in the form of key-value pairs. For example, "<Key>": "<Value>" | Key Value | Optional |
Example Request
[
{
"params":
{
"<Key>": "<Value>"
}
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.Qualys.Restricted.Address | Unknown | List of the restricted IPs. |
app_instance.Qualys.Restricted.Range | Unknown | List of the restricted IP range. |
Action: Manage restricted IP addresses
This action can be used to add, clear, delete, and replace restricted IP addresses within the user's subscription.
Action Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Action | Enter the action to be performed on the restricted IPs. Example: activate | Text | Required | Allowed values: activate, clear, add, delete, replace |
Additional parameters | Enter additional parameters to filter results in the form of key-value pairs. | Key Value | Optional | |
IP Address | Enter one or more comma-separated IP addresses or ranges to add, remove, or replace in the restricted IP list. Use a hyphen for ranges. Example: 10.10.30.1-10.10.30.50 | Text | Required |
Example Request
[
{
"action": "activate",
"params":
{
"<Key>": "<Value>"
}
}
]Action Response Parameters
Parameter | Type | Parameter |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.Qualys.Restricted.Manage.TEXT | Unknown | Action result message. |
app_instance.Qualys.Restricted.Manage.DATETIME | Unknown | Date & time of the action. |
app_instance.Qualys.Restricted.Manage.ITEM_LIST.ITEM.VALUE | Unknown | Status of the restricted ips feature. |
Action: Get a list of Asset Groups
This action can be used to list Asset Groups in the user’s account.
Action Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Additional parameters | Enter additional parameters in the form of key-value pairs to filter results. | Key Value | Optional |
Example Request
[
{
"params":
{
"<Key>": "<Value>"
}
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.Qualys.AssetGroup.ID | Unknown | Asset Group ID. |
app_instance.Qualys.AssetGroup.TITLE | Unknown | Asset Group title. |
app_instance.Qualys.AssetGroup.OWNER_ID | Unknown | Asset Group owner ID. |
app_instance.Qualys.AssetGroup.UNIT_ID | Unknown | Asset Group unit ID. |
app_instance.Qualys.AssetGroup.NETWORK_ID | Unknown | Asset Group network ID. |
app_instance.Qualys.AssetGroup.IP_SET.IP | Unknown | IP in the asset group. |
app_instance.Qualys.AssetGroup.IP_SET.IP_RANGE | Unknown | Asset Group IP range. |
app_instance.Qualys.AssetGroup.APPLIANCE_IDS | Unknown | Appliance IDs of the asset group. |
app_instance.Qualys.AssetGroup.DEFAULT_APPLIANCE_ID | Unknown | Default appliance IDs of the asset group. |
Action: Create a Dynamic Search List
This action creates a dynamic search list in the user's account.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
Title | Enter the title for VM Scan. | Text | Required | |
Search Criteria | Enter the search criteria in the form of key-value pairs to filter results. | Key Value | Optional |
Action: Get a List of Dynamic Search
This action retrieves a list of dynamic searches from the user's account.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
Additional Parameters | Enter the additional parameters in the form of key-value pairs to filter results. | Key Value | Optional |
Action: Create Asset Groups
This action can be used to create asset groups in the user’s account.
Action Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Asset Group title | Enter the Asset Group title. For example, CDATA | Text | Required | This name must be unique and can’t be "All". |
Additional parameters | Enter additional parameters in the form of key-value pairs to filter results. | Key Value | Optional |
Example Request
[
{
"title": "CDATA",
"params":
{
"<Key>": "<Value>"
}
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.Qualys.AssetGroup.ID | String | Asset group ID. |
app_instance.Qualys.AssetGroup.DATETIME | Date | Date the command was executed. |
app_instance.Qualys.AssetGroup.TEXT | String | Qualys response for the asset group creation. |
Action: Purge hosts
This action can be used to purge hosts in your account to remove the assessment data associated with them.
Action Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Additional Parameters | Enter additional parameters in the form of key-value pairs to filter results. | Key Value | Optional | |
IP Address | Enter one or more comma-separated IP addresses or ranges to purge. Use a hyphen for ranges. Example: 10.10.30.1-10.10.30.50 | Text | Required |
Example Request
[
{
"params":
{
"<Key>": "<Value>"
}
}
]Action: Get a list of all patches
This action can be used to retrieve a list of all superseding patches for detection on a specific host.
Action Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Host ID | Enter the ID for the host to include in the report. For example, <Sample Host ID> | Text | Required | |
Additional parameters | Enter additional parameters in the form of key-value pairs to filter results. | Key Value | Optional |
Example Request
[
{
"host_id": "<Sample Host ID>",
"params":
{
"<Key>": "<Value>"
}
}
]Action: Get Vulnerability Scan details
This action can be used to retrieve vulnerability scans from the user’s account. By default, the XML output retrieves the scan launched in the past 30 days.
Action Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Additional parameters | Enter additional parameters in the form of key-value pairs to filter results. | Key Value | Optional |
Example Request
[
{
"params":
{
"<Key>": "<Value>"
}
}
]Action Response Parameters
Parameters | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.Qualys.Scan.REF | Unknown | Scan REF. |
app_instance.Qualys.Scan.TYPE | Unknown | Scan type. |
app_instance.Qualys.Scan.LAUNCH_DATETIME | Unknown | Date and time the scan launched. |
app_instance.Qualys.Scan.DURATION | Unknown | Scan Duration. |
app_instance.Qualys.Scan.PROCESSING_PRIORITY | Unknown | Scan Processing Priority. |
app_instance.Qualys.Scan.PROCESSED | Unknown | Scan Processed. |
app_instance.Qualys.Scan.STATUS.STATE | Unknown | Scan status state. |
app_instance.Qualys.Scan.STATUS.SUB_STATE | Unknown | Scan status sub state. |
app_instance.Qualys.Scan.SCHEDULE | Unknown | Scan Schedule. |
app_instance.Qualys.Scan.TARGET | Unknown | Scan Target. |
app_instance.Qualys.Scan.ASSET_GROUP_TITLE | Unknown | Target Asset Group Title. |
app_instance.Qualys.Scan.DEFAULT_FLAG | Unknown | Scan Default Flag. |
app_instance.Qualys.Scan.USER_LOGIN | Unknown | The user that created the scan. |
Action: Launch VM Scan
This action can be used to launch a vulnerability scan in the user’s account.
Action Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Additional Parameters | Enter additional parameters in the form of key-value pairs to filter results. | Key Value | Optional | |
Title | Enter title for VM Scan. | Text | Required | |
IP Address | Enter one or more IP addresses to launch a scan on them. For example: 10.10.10.10 | Text | Required | |
Option Profile ID | Enter option profile ID for VM Scan. | Integer | Optional | You must enter either the Option Profile ID or Option Profile Title to make the request. |
Option Profile Title | Enter option profile title for VM Scan. | Text | Optional | You must enter either the Option Profile ID or Option Profile Title to make the request. |
Example Request
[
{
"params":
{
"<Key>": "<Value>"
}
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.Qualys.Report.VM.Launched.KEY | Unknown | Key name of launched VM scan, either ID or a REFERENCE. |
app_instance.Qualys.Report.VM.Launched.KEY | Unknown | Value of the key. |
Action: List Compliance Scans
This action can be used to retrieve compliance scans in your account. By default, the XML output retrieves the scan launched in the past 30 days.
Action Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Additional parameters | Enter additional parameters in the form of key-value pairs to filter results. | Key Value | Optional |
Example Request
[
{
"params":
{
"<Key>": "<Value>"
}
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.Qualys.PC.USERNAME | Unknown | The user who executed the scan. |
app_instance.Qualys.PC.COMPANY | Unknown | The company of the user who executed the scan. |
app_instance.Qualys.PC.USERNAME | Unknown | The user who executed the scan. |
app_instance.Qualys.PC.DATE | Unknown | The date of the scan. |
app_instance.Qualys.PC.TITLE | Unknown | The scan title. |
app_instance.Qualys.PC.TARGET | Unknown | IP’s which were scanned. |
app_instance.Qualys.PC.EXCLUDED_TARGET | Unknown | IP’s which were excluded from the scan. |
app_instance.Qualys.PC.DURATION | Unknown | The duration of the scan. |
app_instance.Qualys.PC.NBHOST_ALIVE | Unknown | Number of hosts that are available during the scan. |
app_instance.Qualys.PC.NBHOST_TOTAL | Unknown | Total number of hosts that were submitted to scan. |
app_instance.Qualys.PC.REPORT_TYPE | Unknown | Type of the report. |
app_instance.Qualys.PC.OPTIONS | Unknown | Scan option profile. |
app_instance.Qualys.PC.STATUS | Unknown | Status of the scan. |
Action: Launch Compliance Scan
This action can be used to launch a compliance scan in the user’s account.
Action Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Title | Enter title for VM Scan. | Text | Required | |
IP Address | Enter one or more IP addresses to launch a compliance scan on them. Example: 10.10.25.52 | Text | Required | |
Option Profile ID | Enter the option profile ID for VM Scan. | Integer | Optional | You must enter either the Option Profile ID or Option Profile Title to make the request. |
Option Profile Title | Enter the option profile title for VM Scan. | Text | Optional | You must enter either the Option Profile ID or Option Profile Title to make the request. |
Additional Parameters | Enter additional parameters in the form of key-value pairs to filter results. | Key Value | Optional |
Example Request
[
{
"params":
{
"<Key>": "<Value>"
}
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
{app_instance} | Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
app_instance.Qualys.Report.ID | String | Compliance report ID. |
app_instance.Qualys.ScheduleScan.DATETIME | Date | Date the command was executed. |
app_instance.Qualys.ScheduleScan.TEXT | String | Qualys response for the launch compliance. |
Action: Get a list of Reports
This action can be used to view a list of reports in the user’s account when the "Report Share" feature is enabled.
Action Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Additional parameters | Enter additional parameters in the form of key-value pairs to filter results. | Key Value | Optional |
Example Request
[
{
"params":
{
"<Key>": "<Value>"
}
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
app_instance.Report.ID | String | The ID of the report |
app_instance.Report.TITLE | Unknown | The title of the report |
app_instance.Report.TYPE | Unknown | The report type. |
app_instance.Report.LAUNCH_DATETIME | Unknown | Date and time the report launched. |
app_instance.Report.OUTPUT_FORMAT | Unknown | Report output format. |
app_instance.Report.SIZE | Unknown | Report size. |
app_instance.Report.STATUS.STATE | Unknown | Report state status. |
app_instance.Report.STATUS.MESSAGE | Unknown | Report status message. |
app_instance.Report.STATUS.PERCENT | Unknown | Report status percent. |
app_instance.Report.EXPIRATION_DATETIME | Unknown | Report expiration datetime. |
Action: Generic Action
This is a generic action used to make requests to any Qualys VMDR endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
Method | Enter the HTTP method to make the request. | Text | Required | Allowed values: GET, PUT, POST, PATCH, DELETE |
Endpoint | Enter the endpoint to make the request. Example: spotter/index/search | Text | Required | |
Query Params | Enter the query parameters to pass to the API. Example: {'type': 'status','incidentId': '<incident_id>'} | Key value | Optional | |
Payload | Enter the payload to pass to the API. Example: {'apiKey': 'socmdcoimsd'} | Key value | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key value | Optional | Allowed keys: payload_json, custom_output, download, filename, files, retry_wait, retry_count, use_api_20_path_in_url |
Use v2 API | Choose true to use the 2.0 version endpoint ({Base URL}/api/2.0/fo/{endpoint}) in the API request. If you choose false, the request will use the following endpoint format: ({Base URL}/{endpoint}). | Boolean | Required | By default, this is set to true. |