Qualys VMDR
The Qualys VMDR Connector App allows security teams to integrate with the Qualys VMDR enterprise application to track assets on the network and manage hardware/software inventory and IP addresses.
Supported Actions and Example Prompts
The following table lists the supported actions and prompt examples for an action:
Action Name | Description | Prompt Example |
---|---|---|
Purge hosts | This action purges hosts in your account to remove the assessment data associated with them. For more information, see Purge hosts. | Purge the host with the ID 10.10.30.1-10.10.30.50. |
Launch VM scan | This action launches a vulnerability scan in the user’s account. For more information, see Launch VM scan. | Launch a vulnerability scan with the title scan-1 on the IP address 10.10.10.10 in Qualys VMDR. |
Host List Detection | This action downloads a list of hosts with the hosts' latest vulnerability data, based on the host scan data available in the user’s account. For more information, see Host List Detection. | Downloads a list of hosts detected using Qualys VMDR. |
Add IP addresses | This action can be used to add IP addresses to the user's subscription. Once added, they are available for scanning and reporting. For more information, see Add IP addresses. | Add the IP address 10.10.30.1 to the user's subscriptions in Qualys VMDR. |
Get a list of IP addresses | This action retrieves a list of IP addresses in the user's account. For more information, see Get a list of IP addresses. | Get a list of IP addresses from Qualys VMDR. |
Launch compliance scan | This action can be used to launch a compliance scan in the user’s account. For more information, see Launch compliance scan | Launch a compliance scan with the title compliance-1 on the IP address 10.10.25.52 using Qualys VMDR. |
Install and Configure the App
Install and configure the required apps to enable Quarterback AI to perform various security-related tasks and provide relevant responses. After installing an app, you must create an instance that will be used to communicate with the app endpoints. An app can have multiple instances, and you can set a default instance from the configured instance list.
Before you Start
Ensure that you have the API token to authenticate with the Qualys VMDR app.
Steps
To install and configure an app, follow these steps:
Go to the application, in the left pane, select Quarterback AI.
In Apps, select Qualys VMDR and click Install.
After the app is installed, click Configure and enter the following details to create an instance:
Instance Name: Enter a name for the instance.
Instance Description: Enter a description for the instance.
Expiry: Select an expiry date for the instance.
Set as default instance: Select this option to set this instance as the default instance. By default, this instance will be used to perform actions from this app.
Base URL: Enter the Qualys VMDR base URL.
Username: Enter the username associated with the Qualys VMDR instance.
Password: Enter a password to authenticate with Qualys VMDR.
SSL verification: Select this option to verify SSL while making requests. It is recommended to select this option to ensure a secure connection. By default, this option is not selected.
Timeout: Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Qualys VMDR. You can enter values between 15 - 120 seconds. By default, 15 seconds is set.
Click Done.
The instance is created, and you can view it in Instances. To create another instance, click Add Instance.
Purge hosts
This action can be used to purge hosts in your account to remove the assessment data associated with them.
Action Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
---|---|---|---|---|
Additional Parameters | Enter additional parameters in the form of key-value pairs to filter results. | Key Value | Optional | |
IP Address | Enter one or more comma-separated IP addresses or ranges to purge. Use a hyphen for ranges. Example: 10.10.30.1-10.10.30.50 | Text | Required |
Add IP addresses
This action adds IP addresses to the user's subscription. Once added, they are available for scanning and reporting.
Action Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
---|---|---|---|---|
IP Addresses | Enter IPs to be added. Multiple IPs/ranges can be added as comma-separated values. An IP range is specified with a hyphen. For example, 10.10.30.1-10.10.30.50. | Text | Required | |
Additional Parameters | Enter additional parameters in the form of key-value pairs to filter results. For example, "ips": "1.1.2.3" | Key Value | Optional | Allowed keys are ips, network_id, tracking_method, compliance_enabled, certview_enabled, and limit |
Enable VM | Preference to enable or disable the VM app | Integer | Optional | Allowed values:
Default value: 0 |
Enable PC | Preference to enable or disable the PC app | Integer | Optional | Allowed values:
Default value: 0 |
Launch VM scan
This action launches a vulnerability scan in the user’s account.
Action Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
---|---|---|---|---|
Additional Parameters | Enter additional parameters in the form of key-value pairs to filter results. | Key Value | Optional | |
Title | Enter the title for VM Scan. | Text | Required | |
IP Address | Enter one or more IP addresses to launch a scan on them. For example: 10.10.10.10 | Text | Required | |
Option Profile ID | Enter the option profile ID for VM Scan. | Integer | Optional | You must enter either the Option Profile ID or the Option Profile Title to make the request. |
Option Profile Title | Enter the option profile title for VM Scan. | Text | Optional | You must enter either the Option Profile ID or the Option Profile Title to make the request. |
Get a list of IP addresses
This action retrieves a list of IP addresses in the user's account.
Action Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
---|---|---|---|---|
Additional Parameters | Enter additional parameters in the form of key-value pairs to filter results. For example, "ips": "1.1.1.1-1.1.1.5" | Key Value | Optional | Allowed keys are IPs, network_id, tracking_method, compliance_enabled, certview_enabled, and limit. |
Host List Detection
This action downloads a list of hosts with the hosts' latest vulnerability data, based on the host scan data available in the user’s account.
Action Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
---|---|---|---|---|
Additional Parameters | Enter additional parameters in the form of key-value pairs to filter results. | Key Value | Optional |
Launch compliance scan
This action launches a compliance scan in the user’s account.
Action Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
---|---|---|---|---|
Title | Enter the title for VM Scan. | Text | Required | |
IP Address | Enter one or more IP addresses to launch a compliance scan on them. Example: 10.10.25.52 | Text | Required | |
Option Profile ID | Enter the option profile ID for VM Scan. | Integer | Optional | You must enter either the Option Profile ID or the Option Profile Title to make the request. |
Option Profile Title | Enter the option profile title for VM Scan. | Text | Optional | You must enter either the Option Profile ID or the Option Profile Title to make the request. |
Additional Parameters | Enter additional parameters in the form of key-value pairs to filter results. Example: Example: {'key1': 'value1', 'key2': 'value2'} | Key Value | Optional |