Qualys v2
This Integration is part of the Qualys Pack.#
Supported versions
Supported Cortex XSOAR versions: 5.5.0 and later.
Qualys Vulnerability Management lets you create, run, fetch and manage reports, launch and manage vulnerability and compliance scans, and manage the host assets you want to scan for vulnerabilities and compliance. This integration was integrated and tested with version 2.0 of QualysVulnerabilityManagement
Changes compared to V1#
Changes in commands#
- qualys-vm-scan-launch command - Added new parameters and outputs.
- qualys-ip-add - Added new parameters and outputs.
- qualys-ip-update - Added new parameters and changed existing parameters, added new outputs.
- qualys-virtual-host-manage - Added new parameters and outputs.
- qualys-host-excluded-manage - Changed existing parameters, added new outputs.
- qualys-vulnerability-list - Added new parameters, added new outputs.
- qualys-vm-scan-fetch - Added new parameters, changed context paths of outputs.
- qualys-pc-scan-fetch - Added outputs.
- qualys-report-list - Added new parameters, changed context paths of outputs.
- qualys-ip-list - Added new parameters, changed context paths of outputs.
- qualys-vm-scan-list - Removed context paths.
- qualys-scap-scan-list - Added new parameters, changed existing parameters, changed context paths.
- qualys-ip-restricted-list - New command.
- qualys-host-excluded-list - Added new parameters, added new outputs.
- qualys-report-fetch - Added new parameters, added new outputs.
- qualys-report-cancel - Added new outputs.
- qualys-group-list - Added new parameters, changed existing parameters, changed context paths.
- qualys-report-launch-compliance-policy - changed existing parameters.
- qualys-report-launch-remediation - changed existing parameters.
- qualys-report-launch-patch - changed existing parameters.
- qualys-report-launch-compliance - changed existing parameters.
- qualys-report-launch-scan-based-findings - changed existing parameters.
- qualys-report-launch-host-based-findings - changed existing parameters.
- qualys-vm-scan-action - Removed output.
- qualys-pc-scan-list - Added new parameters, changed existing parameters, changed outputs.
- qualys-pc-scan-launch - changed outputs.
- qualys-pc-scan-manage - changed outputs.
- qualys-schedule-scan-list - Added new parameters, changed outputs.
- qualys-host-list - Added new parameters, changed existing parameters, changed outputs.
- qualys-virtual-host-list - Added new parameters, changed outputs.
- qualys-scheduled-report-list - Added new parameters, changed existing parameters, changed outputs.
- qualys-report-template-list - Added new parameters, changed outputs.
- qualys-report-launch-map - changed existing parameters
- qualys-ip-restricted-manage - New command.
- qualys-purge-scan-host-data - New command.
Playbooks#
- Vulnerability Management - Qualys (Job) - migrated to work with this new version
- New playbook - qualys-pc-scan-launch-and-fetch
- New playbook - qualys-report-launch-compliance-and-fetch
- New playbook - qualys-vm-scan-launch-and-fetch.yml
- New playbook - qualys-report-launch-scan-based-findings-and-fetch.yml
- New playbook - qualys-scheduled-report-launch-and-fetch.yml
- New playbook - qualys-report-launch-remediation-and-fetch.yml
- New playbook - qualys-report-launch-patch-and-fetch.yml
- New playbook - qualys-report-launch-map-and-fetch.yml
- New playbook - qualys-report-launch-host-based-findings-and-fetch.yml
- New playbook - qualys-report-launch-compliance-policy-and-fetch.yml
Configure Qualys v2 on Cortex XSOAR#
Navigate to Settings > Integrations > Servers & Services.
Search for Qualys v2.
Click Add instance to create and configure a new integration instance.
Parameter Required Server URL True Username True Password True Trust any certificate (not secure) False Use system proxy settings False Click Test to validate the URLs, token, and connection.
Asset Tag Commands#
There are several API endpoints on the Qualys API that can be used in the QualysV2 integration configuration as the SERVER URL parameter.
When using asset-tag commands, the official documentation recommends that the SERVER URL parameter should be in the following format: https://qualysapi.<tenant>.apps.qualys.com/<end-point>.
Commands#
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
qualys-ip-list#
View a list of IP addresses in the user account.
Base Command#
qualys-ip-list
Input#
| Argument Name | Description | Required |
|---|---|---|
| ips | Show only certain IP addresses/ranges. | Optional |
| network_id | Restrict the request to a certain custom network ID. | Optional |
| tracking_method | Show only IP addresses/ranges which have a certain tracking method. Possible values are: IP, DNS, NETBIOS. | Optional |
| compliance_enabled | Specify 1 to list compliance IP addresses in the userβs account. These hosts are assigned to the policy compliance module. Specify 0 to get host that are not assigned to the policy compliance module. Possible values are: 0, 1. | Optional |
| certview_enabled | (Optional) Specify 1 to list IP addresses in the userβs account assigned to the Certificate View module. Specify 0 to list IP addresses that are not assigned to the Certificate View module. Note - This option will be supported when Certificate View GA is released and is enabled for your account. Possible values are: 0, 1. | Optional |
| limit | Specify a positive numeric value to limit the amount of results in the requested list. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| Qualys.IP.Address | unknown | IP addresses. |
| Qualys.IP.Range | unknown | IP range. |
Command Example#
!qualys-ip-list ips=1.1.1.1-1.1.1.5 compliance_enabled=1 certview_enabled=1
Context Example#
Human Readable Output#
ip 1.1.1.1 1.1.1.3
qualys-report-list#
Get a list of generated reports in the system
Base Command#
qualys-report-list
Input#
| Argument Name | Description | Required |
|---|---|---|
| id | Specify a report ID of a report that is saved in the Report Share storage space. | Optional |
| state | Specify reports with a certain state. Possible values are: Running, Finished, Canceled, Errors. | Optional |
| user_login | Specify a user login ID to get reports launched by the specified user login ID. | Optional |
| expires_before_datetime | Specify the date and time to get only reports that expire before it. use YYYY-MM-DD[THH:MM:SSZ] like β2007-07-01β or β2007-01-25T23:12:00Zβ or today, yesterday, 24hr ago, 3 days ago, last week. | Optional |
| client_id | (Optional) Id assigned to the client (Consultant type subscriptions). | Optional |
| client_name | (Optional) Name of the client (Consultant type subscriptions). Note, The client_id and client_name parameters are mutually exclusive and cannot be specified together in the same request. | Optional |
| limit | Specify a positive numeric value to limit the amount of results in the requested list. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| Qualys.Report.ID | String | Report ID. |
| Qualys.Report.TITLE | unknown | Report title. |
| Qualys.Report.TYPE | unknown | Report type. |
| Qualys.Report.LAUNCH_DATETIME | unknown | Date and time the report launched. |
| Qualys.Report.OUTPUT_FORMAT | unknown | Report output format. |
| Qualys.Report.SIZE | unknown | Report size. |
| Qualys.Report.STATUS.STATE | unknown | Report state status. |
| Qualys.Report.STATUS.MESSAGE | unknown | Report status message. |
| Qualys.Report.STATUS.PERCENT | unknown | Report status percent. |
| Qualys.Report.EXPIRATION_DATETIME | unknown | Report expiration datetime. |
Command Example#
!qualys-report-list state=Finished expires_before_datetime=2021-05-01
Human Readable Output#
No items found
qualys-vm-scan-list#
Lists vulnerability scans in the userβs account
Base Command#
qualys-vm-scan-list
Input#
| Argument Name | Description | Required |
|---|---|---|
| scan_ref | Show only a scan with a certain scan reference code. | Optional |
| state | Show only one or more scan states. | Optional |
| processed | Specify 0 to show only scans that are not processed. Specify 1 to show only scans that have been processed. Possible values are: 0, 1. | Optional |
| type | Show only a certain scan type. Possible values are: On-Demand, Scheduled, API. | Optional |
| target | Show only one or more target IP addresses. | Optional |
| user_login | Show only a certain user login. | Optional |
| launched_after_datetime | Show only scans launched after a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like β2007-07-01β or β2007-01-25T23:12:00Zβ or today, yesterday, 24hr ago, 3 days ago, last week.'. | Optional |
| launched_before_datetime | Show only scans launched before a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like β2007-07-01β or β2007-01-25T23:12:00Zβ or today, yesterday, 24hr ago, 3 days ago, last week.'. | Optional |
| show_ags | Specify 1 to show asset group information for each scan in the output. Possible values are: 1. | Optional |
| show_op | Specify 1 to show option profile information for each scan in the output. Possible values are: 1. | Optional |
| show_status | Specify 0 to not show scan status for each scan in the output. Possible values are: 0. | Optional |
| show_last | Specify 1 to show only the most recent scan (which meets all other search filters in the request) in the output. Possible values are: 1. | Optional |
| scan_id | (Optional) Show only a scan with a certain compliance scan ID. | Optional |
| client_id | (Optional) Id assigned to the client (Consultant type subscription only). Parameter client_id or client_name may be specified for the same request. | Optional |
| client_name | (Optional) Name of the client (Consultant type subscription only). Parameter client_id or client_name may be specified for the same request. | Optional |
| pci_only | (Optional) Specify 1 to show only external PCI scans in the XML output. External PCI scans are vulnerability scans run with the option profile "Payment Card Industry (PCI) Options". When pci_only=1 is specified, the XML output will not include other types of scans run with other option profiles. Possible values are: 1. | Optional |
| ignore_target | (Optional) Specify 1 to hide target information from the scan list. Specify 0 to display the target information. Possible values are: 1, 0. | Optional |
| limit | Specify a positive numeric value to limit the amount of results in the requested list. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| Qualys.Scan.REF | unknown | Scan REF. |
| Qualys.Scan.TYPE | unknown | Scan type. |
| Qualys.Scan.TITLE | unknown | Scan title. |
| Qualys.Scan.LAUNCH_DATETIME | unknown | Date and time the scan launched. |
| Qualys.Scan.DURATION | unknown | Scan Duration. |
| Qualys.Scan.PROCESSING_PRIORITY | unknown | Scan Processing Priority. |
| Qualys.Scan.PROCESSED | unknown | Scan Processed. |
| Qualys.Scan.STATUS.STATE | unknown | Scan status state. |
| Qualys.Scan.STATUS.SUB_STATE | unknown | Scan status sub state. |
| Qualys.Scan.SCHEDULE | unknown | Scan Schedule. |
| Qualys.Scan.TARGET | unknown | Scan Target. |
| Qualys.Scan.ASSET_GROUP_TITLE | unknown | Target Asset Group Title. |
| Qualys.Scan.DEFAULT_FLAG | unknown | Scan Default Flag. |
| Qualys.Scan.USER_LOGIN | unknown | The user that created the scan. |
Command Example#
!qualys-vm-scan-list launched_before_datetime=2021-04-20 type=API processed=1 state=Finished
Context Example#
Human Readable Output#
Scan List#
REF TITLE STATUS PROCESSED TYPE TARGET PROCESSING_PRIORITY LAUNCH_DATETIME DURATION USER_LOGIN scan/1618145659.78157 N/A STATE: Finished 1 API 1.1.1.1 0 - No Priority 2021-04-11T12:54:19Z 00:25:18 demst2nr scan/1618145624.78156 N/A STATE: Finished 1 API 1.1.1.1 0 - No Priority 2021-04-11T12:53:44Z 00:25:18 demst2nr scan/1618145560.78154 N/A STATE: Finished 1 API 1.1.1.1 0 - No Priority 2021-04-11T12:52:40Z 00:25:36 demst2nr scan/1618144983.78115 N/A STATE: Finished 1 API 1.1.1.1 0 - No Priority 2021-04-11T12:43:03Z 00:24:49 demst2nr scan/1618144942.78113 N/A STATE: Finished 1 API 1.1.1.1 0 - No Priority 2021-04-11T12:42:22Z 00:25:01 demst2nr scan/1618144892.78108 N/A STATE: Finished 1 API 1.1.1.1 0 - No Priority 2021-04-11T12:41:31Z 00:25:56 demst2nr scan/1618144883.78106 N/A STATE: Finished 1 API 1.1.1.1 0 - No Priority 2021-04-11T12:41:22Z 00:26:41 demst2nr scan/1618144811.78099 N/A STATE: Finished 1 API 1.1.1.1 0 - No Priority 2021-04-11T12:40:11Z 00:25:20 demst2nr scan/1618144745.78096 N/A STATE: Finished 1 API 1.1.1.1 0 - No Priority 2021-04-11T12:39:05Z 00:25:03 demst2nr scan/1618144416.78068 N/A STATE: Finished 1 API 1.1.1.1 0 - No Priority 2021-04-11T12:33:36Z 00:24:54 demst2nr scan/1615889949.37940 N/A STATE: Finished 1 API 1.1.1.1 0 - No Priority 2021-03-16T10:19:09Z 00:37:29 demst2nr scan/1615889300.37888 N/A STATE: Finished 1 API 1.1.1.1 0 - No Priority 2021-03-16T10:08:20Z 00:24:23 demst2nr scan/1615889177.37862 N/A STATE: Finished 1 API 1.1.1.1 0 - No Priority 2021-03-16T10:06:17Z 00:22:17 demst2nr scan/1615888948.37811 N/A STATE: Finished 1 API 1.1.1.1 0 - No Priority 2021-03-16T10:02:28Z 00:21:29 demst2nr scan/1615888897.37791 N/A STATE: Finished 1 API 1.1.1.1 0 - No Priority 2021-03-16T10:01:37Z 01:00:13 demst2nr scan/1615888869.37785 N/A STATE: Finished 1 API 1.1.1.1 0 - No Priority 2021-03-16T10:01:09Z 00:21:33 demst2nr scan/1615888780.37762 N/A STATE: Finished 1 API 1.1.1.1 0 - No Priority 2021-03-16T09:59:40Z 00:21:29 demst2nr scan/1615886852.37638 N/A STATE: Finished 1 API 1.1.1.1 0 - No Priority 2021-03-16T09:27:32Z 00:22:04 demst2nr scan/1615886791.37632 N/A STATE: Finished 1 API 1.1.1.1 0 - No Priority 2021-03-16T09:26:31Z 00:22:14 demst2nr scan/1615886558.37620 N/A STATE: Finished 1 API 1.1.1.1 0 - No Priority 2021-03-16T09:22:38Z 00:21:28 demst2nr scan/1615886333.37610 N/A STATE: Finished 1 API 1.1.1.1 0 - No Priority 2021-03-16T09:18:53Z 00:19:55 demst2nr
qualys-scap-scan-list#
Gives you a list of SCAP scans in your account
Base Command#
qualys-scap-scan-list
Input#
| Argument Name | Description | Required |
|---|---|---|
| scan_ref | Show only a scan with a certain scan reference code. | Optional |
| state | Show only one or more scan states. | Optional |
| processed | Specify 0 to show only scans that are not processed. Specify 1 to show only scans that have been processed. Possible values are: 0, 1. | Optional |
| type | Show only a certain scan type. Possible values are: On-Demand, Scheduled, API. | Optional |
| target | Show only one or more target IP addresses. | Optional |
| user_login | Show only a certain user login. | Optional |
| launched_after_datetime | Show only scans launched after a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like β2007-07-01β or β2007-01-25T23:12:00Zβ or today, yesterday, 24hr ago, 3 days ago, last week.'. | Optional |
| launched_before_datetime | Show only scans launched before a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like β2007-07-01β or β2007-01-25T23:12:00Zβ or today, yesterday, 24hr ago, 3 days ago, last week.'. | Optional |
| show_ags | Specify 1 to show asset group information for each scan in the output. Possible values are: 1. | Optional |
| show_op | Specify 1 to show option profile information for each scan in the output. Possible values are: 1. | Optional |
| show_status | Specify 0 to not show scan status for each scan in the output. Possible values are: 0. | Optional |
| show_last | Specify 1 to show only the most recent scan (which meets all other search filters in the request) in the output. Possible values are: 1. | Optional |
| scan_id | (Optional) Show only a scan with a certain compliance scan ID. | Optional |
| client_id | (Optional) Id assigned to the client (Consultant type subscription only). Parameter client_id or client_name may be specified for the same request. | Optional |
| client_name | (Optional) Name of the client (Consultant type subscription only). Parameter client_id or client_name may be specified for the same request. | Optional |
| pci_only | (Optional) Specify 1 to show only external PCI scans in the XML output. External PCI scans are vulnerability scans run with the option profile "Payment Card Industry (PCI) Options". When pci_only=1 is specified, the XML output will not include other types of scans run with other option profiles. Possible values are: 1. | Optional |
| ignore_target | (Optional) Specify 1 to hide target information from the scan list. Specify 0 to display the target information. Possible values are: 1, 0. | Optional |
| limit | Specify a positive numeric value to limit the amount of results in the requested list. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| Qualys.SCAP.Scan.ID | unknown | Scan ID. |
| Qualys.SCAP.Scan.Reference | unknown | Scan ref. |
| Qualys.SCAP.Scan.REF | unknown | Scan REF. |
| Qualys.SCAP.Scan.Type | unknown | Scan type. |
| Qualys.SCAP.Scan.Title | unknown | Scan title. |
| Qualys.SCAP.Scan.LaunchDatetime | unknown | Date and time the scan launched. |
| Qualys.SCAP.Scan.Duration | unknown | Scan Duration. |
| Qualys.SCAP.Scan.ProcessingPriority | unknown | Scan Processing Priority. |
| Qualys.SCAP.Scan.Processed | unknown | Scan Processed. |
| Qualys.SCAP.Scan.Status.State | unknown | Scan status state. |
| Qualys.SCAP.Scan.Status.SubState | unknown | Scan status sub state. |
| Qualys.SCAP.Scan.Schedule | unknown | Scan Schedule. |
| Qualys.SCAP.Scan.Target | unknown | Scan Target. |
| Qualys.SCAP.Scan.AssetGroupTitle | unknown | Target Asset Group Title. |
| Qualys.SCAP.Scan.DeafualtFlag | unknown | Scan Default Flag. |
| Qualys.SCAP.Scan.UserLogin | unknown | The user that created the scan. |
Command Example#
!qualys-scap-scan-list action=list
Human Readable Output#
qualys-pc-scan-list#
Get a list of compliance scans in your account.
Base Command#
qualys-pc-scan-list
Input#
| Argument Name | Description | Required |
|---|---|---|
| scan_id | Scan id. | Optional |
| scan_ref | Scan reference. | Optional |
| state | Show only one or more scan states. | Optional |
| processed | Specify 0 to show only scans that are not processed. Specify 1 to show only scans that have been processed. Possible values are: 0, 1. | Optional |
| type | Show only a certain scan type. | Optional |
| target | Show only one or more target IP addresses. | Optional |
| user_login | Show only a certain user login. | Optional |
| launched_after_datetime | Show only scans launched after a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like β2007-07-01β or β2007-01-25T23:12:00Zβ or today, yesterday, 24hr ago, 3 days ago, last week.'. | Optional |
| launched_before_datetime | Show only scans launched before a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like β2007-07-01β or β2007-01-25T23:12:00Zβ or today, yesterday, 24hr ago, 3 days ago, last week.'. | Optional |
| show_ags | Specify 1 to show asset group information for each scan in the output. Possible values are: 1. | Optional |
| show_op | Specify 1 to show option profile information for each scan in the output. Possible values are: 1. | Optional |
| show_status | Specify 0 to not show scan status for each scan in the output. Possible values are: 0. | Optional |
| show_last | Specify 1 to show only the most recent scan (which meets all other search filters in the request) in the output. Possible values are: 1. | Optional |
| pci_only | Specify 1 to show only external PCI scans in the XML output. External PCI scans are vulnerability scans run with the option profile "Payment Card Industry (PCI) Options". When pci_only=1 is specified, the XML output will not include other types of scans run with other option profiles. Possible values are: 1, 0. | Optional |
| ignore_target | Specify 1 to hide target information from the scan list. Specify 0 to display the target information. Possible values are: 1, 0. | Optional |
| client_id | (Optional) Id assigned to the client (Consultant type subscriptions). | Optional |
| client_name | (Optional) Name of the client (Consultant type subscriptions). Note, The client_id and client_name parameters are mutually exclusive and cannot be specified together in the same request. | Optional |
| limit | Specify a positive numeric value to limit the amount of results in the requested list. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| Qualys.Scan.REF | unknown | Scan REF. |
| Qualys.Scan.TYPE | unknown | Scan type. |
| Qualys.Scan.TITLE | unknown | Scan title. |
| Qualys.Scan.LAUNCH_DATETIME | unknown | Date and time the scan launched. |
| Qualys.Scan.DURATION | unknown | Scan Duration. |
| Qualys.Scan.PROCESSING_PRIORITY | unknown | Scan Processing Priority. |
| Qualys.Scan.PROCESSED | unknown | Scan Processed. |
| Qualys.Scan.STATUS.STATE | unknown | Scan status state. |
| Qualys.Scan.STATUS.SUB_STATE | unknown | Scan status sub state. |
| Qualys.Scan.SCHEDULE | unknown | Scan Schedule. |
| Qualys.Scan.TARGET | unknown | Scan Target. |
| Qualys.Scan.ASSET_GROUP_TITLE | unknown | Target Asset Group Title. |
| Qualys.Scan.DEFAULT_FLAG | unknown | Scan Default Flag. |
| Qualys.Scan.USER_LOGIN | unknown | The user that created the scan. |
Command Example#
!qualys-pc-scan-list scan_ref=compliance/1619018638.71779 processed=1 state=Finished
Human Readable Output#
No items found
qualys-schedule-scan-list#
Shows schedule scans
Base Command#
qualys-schedule-scan-list
Input#
| Argument Name | Description | Required |
|---|---|---|
| id | The ID of the scan schedule you want to display. | Optional |
| active | Specify 1 for active schedules only, or 0 for deactivated schedules only. Possible values are: 0, 1. | Optional |
| show_notifications | (Optional) Specify 1 to include the notification settings for each schedule in the XML output. | Optional |
| scan_type | (Optional) Launch a scan with a certain type. Possible values are: certview, perimeter. | Optional |
| fqdn | (Optional) The target FQDN for a vulnerability scan. You must specify at least one target i.e. IPs, asset groups or FQDNs. Multiple values are comma separated. | Optional |
| show_cloud_details | (Optional) Set to 1 to display the cloud details (Provider, Connector, Scan Type and Cloud Target) in the XML output. Otherwise the details are not displayed in the output. The cloud details will show scan type "Cloud Perimeter" for cloud perimeter scans. | Optional |
| client_id | (Optional) Id assigned to the client (Consultant type subscription only). Parameter client_id or client_name may be specified for the same request. | Optional |
| client_name | (Optional) Name of the client (Consultant type subscription only). Parameter client_id or client_name may be specified for the same request. | Optional |
| limit | Specify a positive numeric value to limit the amount of results in the requested list. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| Qualys.Scan.ID | unknown | Scan ID. |
| Qualys.Scan.REF | unknown | Scan REF. |
| Qualys.Scan.TYPE | unknown | Scan type. |
| Qualys.Scan.TITLE | unknown | Scan title. |
| Qualys.Scan.LAUNCH_DATETIME | unknown | Date and time the scan launched. |
| Qualys.Scan.DURATION | unknown | Scan Duration. |
| Qualys.Scan.PROCESSING_PRIORITY | unknown | Scan Processing Priority. |
| Qualys.Scan.PROCESSED | unknown | Scan Processed. |
| Qualys.Scan.STATUS.STATE | unknown | Scan status state. |
| Qualys.Scan.STATUS.SUB_STATE | unknown | Scan status sub state. |
| Qualys.Scan.TARGET | unknown | Scan Target. |
| Qualys.Scan.ASSET_GROUP_TITLE | unknown | Target Asset Group Title. |
| Qualys.Scan.DEFAULT_FLAG | unknown | Scan Default Flag. |
| Qualys.Scan.USER_LOGIN | unknown | The user that created the scan. |
| Qualys.Scan.ACTIVE | unknown | Scheduled scan active. |
| Qualys.Scan.USER_ENTERED_IPS.RANGE.START | unknown | IP range requested start. |
| Qualys.Scan.USER_ENTERED_IPS.RANGE.END | unknown | IP range requested end. |
| Qualys.Scan.ISCANNER_NAME | unknown | Iscanner name used in the scan. |
| Qualys.Scan.SCHEDULE.DAILY.@frequency_days | unknown | Frequency of usage of the scan. |
| Qualys.Scan.SCHEDULE.START_DATE_UTC | unknown | Start date of the scheduled scan in UTC format. |
| Qualys.Scan.SCHEDULE.START_HOUR | unknown | Start hour of the scheduled scan. |
| Qualys.Scan.SCHEDULE.START_MINUTE | unknown | Start minute of the scheduled scan. |
| Qualys.Scan.SCHEDULE.TIME_ZONE.TIME_ZONE_CODE | unknown | Time zone code of the time for the scheduled scan. |
| Qualys.Scan.SCHEDULE.TIME_ZONE.TIME_ZONE_DETAILS | unknown | Time zone details of the time for the scheduled scan. |
| Qualys.Scan.OPTION_PROFILE.DEFAULT_FLAG | unknown | Default flag of the option profile. |
| Qualys.Scan.OPTION_PROFILE.TITLE | unknown | Title of the option profile. |
| Qualys.Scan.EC2_INSTANCE.CONNECTOR_UUID | unknown | Connector UUID of EC2 instance. |
| Qualys.Scan.EC2_INSTANCE.EC2_ENDPOINT | unknown | Endpoint of EC2 instance. |
| Qualys.Scan.EC2_INSTANCE.EC2_ONLY_CLASSIC | unknown | EC2 only classic. |
Command Example#
!qualys-schedule-scan-list active=0 id=130694
Context Example#
Human Readable Output#
Schedule Scan List#
ACTIVE ID ISCANNER_NAME OPTION_PROFILE PROCESSING_PRIORITY SCHEDULE TARGET TITLE USER_ENTERED_IPS USER_LOGIN 0 130694 External Scanner TITLE: Initial Options
DEFAULT_FLAG: 10 - No Priority DAILY: {"@frequency_days": "1"}
START_DATE_UTC: 2017-06-07T22:00:00Z
START_HOUR: 0
START_MINUTE: 0
TIME_ZONE: {"TIME_ZONE_CODE": "BG", "TIME_ZONE_DETAILS": "(GMT+0200) Bulgaria: Europe/Sofia"}
DST_SELECTED: 023.96.25.100 MyScan01 RANGE: {"START": "23.96.25.100", "END": "23.96.25.100"} demst2nr
qualys-host-list#
View a list of scanned hosts in the user account.
Base Command#
qualys-host-list
Input#
| Argument Name | Description | Required |
|---|---|---|
| os_pattern | Show only hosts which have an operating system matching a certain regular expression. An empty value cannot be specified. Use β%5E%24β to match empty string. | Optional |
| truncation_limit | Specify the maximum number of host records processed per request. When not specified, the truncation limit is set to 1000 host records. You may specify a value less than the default (1-999) or greater than the default (1001-1000000). | Optional |
| ips | Show only certain IP addresses/ranges. One or more IPs/ranges may be specified. Multiple entries are comma separated. An IP range is specified with a hyphen (for example, 10.10.10.1-10.10.10.100). | Optional |
| ag_titles | Show only hosts belonging to asset groups with certain strings in the asset group title. One or more asset group titles may be specified. Multiple entries are comma separated (for example, My+First+Asset+Group,Another+Asset+Group). | Optional |
| ids | Show only certain host IDs/ranges. One or more host IDs/ranges may be specified. Multiple entries are comma separated. A host ID range is specified with a hyphen (for example, 190-400).Valid host IDs are required. | Optional |
| network_ids | (Optional, and valid only when the Network Support feature is enabled for the userβs account) Restrict the request to certain custom network IDs. Multiple network IDs are comma separated. | Optional |
| no_vm_scan_since | Show hosts not scanned since a certain date and time (optional). use YYYY-MM-DD[THH:MM:SSZ] like β2007-07-01β or β2007-01-25T23:12:00Zβ or today, yesterday, 24hr ago, 3 days ago, last week. Permissions: An Auditor cannot specify this parameter. | Optional |
| vm_scan_since | Show hosts that were last scanned for vulnerabilities since a certain date and time (optional). Hosts that were the target of a vulnerability scan since the date/time will be shown. use YYYY-MM-DD[THH:MM:SSZ] like β2007-07-01β or β2007-01-25T23:12:00Zβ or today, yesterday, 24hr ago, 3 days ago, last week. Permissions: An Auditor cannot specify this parameter. | Optional |
| no_compliance_scan_since | (Optional) Show compliance hosts not scanned since a certain date and time (optional). This parameter is invalid for an Express Lite user. use YYYY-MM-DD[THH:MM:SSZ] like β2007-07-01β or β2007-01-25T23:12:00Zβ or today, yesterday, 24hr ago, 3 days ago, last week. | Optional |
| use_tags | Specify 0 (the default) if you want to select hosts based on IP addresses/ranges and/or asset groups. Specify 1 if you want to select hosts based on asset tags. Possible values are: 0, 1. | Optional |
| tag_set_by | (Optional when use_tags=1) Specify βidβ (the default) to select a tag set by providing tag IDs. Specify βnameβ to select a tag set by providing tag names. Possible values are: id, name. | Optional |
| tag_include_selector | (Optional when use_tags=1) Select βanyβ (the default) to include hosts that match at least one of the selected tags. Select βallβ to include hosts that match all of the selected tags. Possible values are: any, all. | Optional |
| tag_exclude_selector | (Optional when use_tags=1) Select βanyβ (the default) to exclude hosts that match at least one of the selected tags. Select βallβ to exclude hosts that match all of the selected tags. Possible values are: any, all. | Optional |
| tag_set_include | (Optional when use_tags=1) Specify a tag set to include. Hosts that match these tags will be included. You identify the tag set by providing tag names or IDs. Multiple entries are comma separated. | Optional |
| tag_set_exclude | (Optional when use_tags=1) Specify a tag set to exclude. Hosts that match these tags will be excluded. You identify the tag set by providing tag names or IDs. Multiple entries are comma separated. | Optional |
| show_tags | (Optional) Specify 1 to display asset tags associated with each host in the XML output. Possible values are: 0, 1. | Optional |
| host_metadata | Specify the name of the cloud provider to show the assets managed by the cloud provider. Valid values: ec2, google, azure. | Optional |
| host_metadata_fields | (Optional when host_metadata is specified) Specify metadata fields to only return data for certain attributes. | Optional |
| show_cloud_tags | (Optional) Specify 1 to display cloud provider tags for each scanned host asset in the output. The default value of the parameter is set to 0. When set to 0, we will not show the cloud provider tags for the scanned assets. Possible values are: 0, 1. | Optional |
| cloud_tag_fields | (Optional when show_cloud_tags is specified) Specify cloud tags or cloud tag and name combinations to only return information for specified cloud tags. A cloud tag name and value combination is specified with a colon (for example:SomeTag6:AY_ec2). For each cloud tag, we show the cloud tagβs name, its value, and last success date (the tag last success date/time, fetched from instance). If this parameter is not specified and "show_cloud_tags" is set to 1, we will show all the cloud provider tags for the assets. | Optional |
| limit | Specify a positive numeric value to limit the amount of results in the requested list. | Optional |
| details | (Optional) Show the requested amount of host information for each host. A valid value is: Basic, Basic/AGs, All, All/AGs, or None. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| Qualys.Endpoint.ID | unknown | Endpoint ID. |
| Qualys.Endpoint.IP | unknown | IP. |
| Qualys.Endpoint.CLOUD_PROVIDER | unknown | Host's cloud provider. |
| Qualys.Endpoint.DNS | unknown | DNS. |
| Qualys.Endpoint.EC2_INSTANCE_ID | unknown | EC2 instance ID. |
| Qualys.Endpoint.QG_HOSTID | unknown | QG host ID. |
| Qualys.Endpoint.CLOUD_SERVICE | unknown | Cloud service of the endpoint. |
| Qualys.Endpoint.TRACKING_METHOD | unknown | Tracking method of the endpoint. |
| Qualys.Endpoint.CLOUD_RESOURCE_ID | unknown | Cloud resource ID of the endpoint. |
| Qualys.Endpoint.DNS_DATA.DOMAIN | unknown | Domain of the endpoint. |
| Qualys.Endpoint.DNS_DATA.HOSTNAME | unknown | Host name of the endpoint. |
| Qualys.Endpoint.NETBIOS | unknown | NETBIOS. |
| Qualys.Endpoint.OS | unknown | Endpoint operating system. |
Command Example#
!qualys-host-list show_tags=1 vm_scan_since=2021-04-01
Context Example#
Human Readable Output#
Host List#
DNS DNS_DATA ID IP OS TAGS TRACKING_METHOD one.one.one.one HOSTNAME: one
DOMAIN: one.one.one
FQDN: one.one.one.one143444841 1.1.1.1 Linux 3.13 TAG: {"TAG_ID": "31029217", "NAME": "Internet Facing Assets"} IP 299167859 1.1.1.1 Linux 2.x TAG: {"TAG_ID": "31029217", "NAME": "Internet Facing Assets"} IP
qualys-virtual-host-list#
View a list of virtual hosts in the user account.
Base Command#
qualys-virtual-host-list
Input#
| Argument Name | Description | Required |
|---|---|---|
| ip | Show only virtual hosts that have a certain IP address. | Optional |
| port | Show only virtual hosts that have a certain port. | Optional |
| limit | Specify a positive numeric value to limit the amount of results in the requested list. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| Qualys.VirtualEndpoint.IP | unknown | IP. |
| Qualys.VirtualEndpoint.PORT | unknown | Port. |
| Qualys.VirtualEndpoint.FQDN | unknown | Fully qualified domain name. |
Command Example#
!qualys-virtual-host-list ip=1.1.1.1 port=1231
Context Example#
Human Readable Output#
Virtual Host List#
FQDN IP PORT panw.raz.com 1.1.1.1 1231
qualys-virtual-host-manage#
View a list of virtual hosts in the user account.
Base Command#
qualys-virtual-host-manage
Input#
| Argument Name | Description | Required |
|---|---|---|
| action | Virtual host action to perform. Possible values are: create, update, delete, add_fqdn, delete_fqdn. | Required |
| ip | An IP address for the virtual host configuration. | Required |
| port | A port number for the virtual host configuration. | Required |
| network_id | Network support must be enabled to specify the network_id. If network support is enabled and you do not provide a network_id, then the Default Global Network is considered. You can specify only one network_id. | Optional |
| fqdn | (Required for all actions except βdeleteβ. Invalid for βdeleteβ.) One or more fully-qualified domain names (FQDNs) for the virtual host configuration. Multiple entries are comma separated. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| Qualys.VirtualEndpoint.DATETIME | unknown | Date and time of the executed manage action. |
| Qualys.VirtualEndpoint.TEXT | unknown | Result message of the executed action. |
Command Example#
!qualys-virtual-host-manage action=create ip=1.1.1.1 port=1291 fqdn=qualys-test.com
Context Example#
Human Readable Output#
DATETIME TEXT 2021-05-30T08:48:03Z Virtual host successfully created.
qualys-host-excluded-list#
Show the excluded host list for the user's account. Hosts in your excluded host list will not be scanned.
Base Command#
qualys-host-excluded-list
Input#
| Argument Name | Description | Required |
|---|---|---|
| ips | Get list of excluded hosts or addresses range. | Optional |
| network_id | (Optional, and valid only when the Network Support feature is enabled for the userβs account) Restrict the request to a certain custom network ID. | Optional |
| ag_ids | (Optional) Show excluded hosts belonging to asset groups with certain IDs. One or more asset group IDs and/or ranges may be specified. Multiple entries are comma separated. A range is specified with a dash (for example, 386941-386945). Valid asset group IDs are required. | Optional |
| ag_titles | (Optional) Show excluded hosts belonging to asset groups with certain strings in the asset group title. One or more asset group titles may be specified. Multiple entries are comma separated (for example, My+First+Asset+Group,Another+Asset+Group). | Optional |
| use_tags | (Optional) Specify 0 (the default) if you want to select hosts based on IP addresses/ranges and/or asset groups. Specify 1 if you want to select hosts based on asset tags. Possible values are: 0, 1. | Optional |
| tag_include_selector | (Optional when use_tags=1) Specify "any" (the default) to include excluded hosts that match at least one of the selected tags. Specify "all" to include excluded hosts that match all of the selected tags. Possible values are: any, all. | Optional |
| tag_exclude_selector | (Optional when use_tags=1) Specify "any" (the default) to ignore excluded hosts that match at least one of the selected tags. Specify "all" to ignore excluded hosts that match all of the selected tags. Possible values are: any, all. | Optional |
| tag_set_by | (Optional when use_tags=1) Specify "id" (the default) to select a tag set by providing tag IDs. Specify "name" to select a tag set by providing tag names. Possible values are: id, name. | Optional |
| tag_set_include | (Optional when use_tags=1) Specify a tag set to include. Excluded hosts that match these tags will be included. You identify the tag set by providing tag names or IDs. Multiple entries are comma separated. | Optional |
| tag_set_exclude | (Optional when use_tags=1) Specify a tag set to exclude. Excluded hosts that match these tags will be ignored. You identify the tag set by providing tag names or IDs. Multiple entries are comma separated. | Optional |
| limit | Specify a positive numeric value to limit the amount of results in the requested list. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| Qualys.Excluded.Host.Address | unknown | IP Address. |
| Qualys.Excluded.Host.Address.#text | unknown | IP of excluded host with expiration date. |
| Qualys.Excluded.Host.Address.@expiration_date | unknown | Expiration date of excluded host address. |
| Qualys.Excluded.Host.Range.#text | unknown | Range of excluded hosts with expiration date. |
| Qualys.Excluded.Host.Range.@expiration_date | unknown | Expiration date of excluded hosts ranges. |
| Qualys.Excluded.Host.Range | unknown | Range of IP addresses. |
Command Example#
!qualys-host-excluded-list ips=1.1.1.1
Context Example#
Human Readable Output#
ip @expiration_date #text
qualys-scheduled-report-list#
Get list of scheduled reports
Base Command#
qualys-scheduled-report-list
Input#
| Argument Name | Description | Required |
|---|---|---|
| id | Scheduled report ID. | Optional |
| is_active | Select is_active=1 for active or is_active=0 for inactive scheduled reports to view. Possible values are: 1, 0. | Optional |
| limit | Specify a positive numeric value to limit the amount of results in the requested list. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| Qualys.Report.ID | String | Report ID. |
| Qualys.Report.TITLE | unknown | Report title. |
| Qualys.Report.TYPE | unknown | Report type. |
| Qualys.Report.LAUNCH_DATETIME | unknown | Date and time the report launched. |
| Qualys.Report.OUTPUT_FORMAT | unknown | Report output format. |
| Qualys.Report.SIZE | unknown | Report size. |
| Qualys.Report.STATUS.STATE | unknown | Report state status. |
| Qualys.Report.STATUS.MESSAGE | unknown | Report status message. |
| Qualys.Report.STATUS.PERCENT | unknown | Report status percent. |
| Qualys.Report.EXPIRATION_DATETIME | unknown | Report expiration datetime. |
| Qualys.Report.ACTIVE | unknown | Report active. |
| Qualys.Report.TEMPLATE_TITLE | unknown | Title of the template. |
| Qualys.Report.SCHEDULE.START_DATE_UTC | unknown | Start date of the scheduled report in UTC format. |
| Qualys.Report.SCHEDULE.START_HOUR | unknown | Start hour of the scheduled report. |
| Qualys.Report.SCHEDULE.START_MINUTE | unknown | Start minute of the scheduled report. |
| Qualys.Report.SCHEDULE.DAILY.@frequency_days | unknown | Frequency of the scheduled report. |
| Qualys.Report.SCHEDULE.TIME_ZONE.TIME_ZONE_CODE | unknown | Timezone of the scheduled report. |
| Qualys.Report.SCHEDULE.TIME_ZONE.TIME_ZONE_DETAILS | unknown | Timezone details of the scheduled report. |
Command Example#
!qualys-scheduled-report-list id=8084468 is_active=1
Context Example#
Human Readable Output#
Scheduled Report List#
ACTIVE ID OUTPUT_FORMAT SCHEDULE TEMPLATE_TITLE TITLE 1 8084468 DAILY: {"@frequency_days": "1"}
START_DATE_UTC: 2021-03-15T09:49:00Z
START_HOUR: 11
START_MINUTE: 49
TIME_ZONE: {"TIME_ZONE_CODE": "IL", "TIME_ZONE_DETAILS": "(GMT +02:00) Israel"}
DST_SELECTED: 0Executive Report Test - 20210315
qualys-report-template-list#
get list of report template for user
Base Command#
qualys-report-template-list
Input#
| Argument Name | Description | Required |
|---|---|---|
| limit | Specify a positive numeric value to limit the amount of results in the requested list. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| Qualys.ReportTemplate.ID | unknown | Report template ID. |
| Qualys.ReportTemplate.TYPE | unknown | Report type. |
| Qualys.ReportTemplate.TITLE | unknown | Report template title. |
| Qualys.ReportTemplate.LAST_UPDATE | unknown | Last update time. |
| Qualys.ReportTemplate.GLOBAL | unknown | Report template global. |
| Qualys.ReportTemplate.DEFAULT | unknown | Report template default. |
| Qualys.ReportTemplate.USER.LOGIN | unknown | Last updated user login. |
| Qualys.ReportTemplate.USER.FIRSTNAME | unknown | Last updated user login first name. |
| Qualys.ReportTemplate.USER.LASTNAME | unknown | Last updated user login last name. |
| Qualys.ReportTemplate.TEMPLATE_TYPE | unknown | Type of report template. |
Command Example#
!qualys-report-template-list
Context Example#
Human Readable Output#
Template Report List#
GLOBAL ID LAST_UPDATE TEMPLATE_TYPE TITLE TYPE USER 1 2385938 2021-04-08T09:50:45Z Map maptemptest Manual LOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi0 2383157 2021-03-15T10:19:46Z Scan Remediated Vulnerabilities Last 30 Days v.1 Auto LOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi0 2383160 2021-03-15T10:38:09Z Scan Assets at risk of Malware v.1 Auto LOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi1 2339987 2020-04-07T06:14:41Z Scan Patchable High-priority Vulnerabilities v.1 - (1) Auto LOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi1 1977713 2018-05-08T14:18:50Z Scan Virtually Patchable Assets v.1 Auto LOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi1 1977717 2018-05-08T14:22:47Z Scan Virtually Patchable Assets v.2 Auto LOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi1 1977716 2018-05-08T14:20:29Z Scan Assets with Obsolete Software v.1 Auto LOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi1 1977714 2018-05-08T14:19:31Z Scan Patchable High-priority Vulnerabilities v.1 Auto LOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi1 1528875 2017-06-07T20:34:57Z Patch Qualys Patch Report Auto LOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi1 1528873 2017-06-07T20:34:57Z Scan Executive Report Auto LOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi1 1528874 2017-06-07T20:34:57Z Scan Technical Report Auto LOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi1 1528876 2017-06-07T20:34:57Z Scan High Severity Report Auto LOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi1 1528877 2017-06-07T20:34:57Z Compliance 2008 SANS Top 20 Report Auto LOGIN: System
FIRSTNAME: System
LASTNAME: System1 1528878 2017-06-07T20:34:57Z Compliance Qualys Top 20 Report Auto LOGIN: System
FIRSTNAME: System
LASTNAME: System1 1528879 2017-06-07T20:34:57Z Compliance Payment Card Industry (PCI) Technical Report Manual LOGIN: System
FIRSTNAME: System
LASTNAME: System1 1528880 2017-06-07T20:34:57Z Compliance Payment Card Industry (PCI) Executive Report Manual LOGIN: System
FIRSTNAME: System
LASTNAME: System1 1528881 2017-06-07T20:34:57Z Remediation Executive Remediation Report Auto LOGIN: System
FIRSTNAME: System
LASTNAME: System1 1528882 2017-06-07T20:34:57Z Remediation Tickets per Vulnerability Auto LOGIN: System
FIRSTNAME: System
LASTNAME: System1 1528883 2017-06-07T20:34:57Z Remediation Tickets per User Auto LOGIN: System
FIRSTNAME: System
LASTNAME: System1 1528884 2017-06-07T20:34:57Z Remediation Tickets per Asset Group Auto LOGIN: System
FIRSTNAME: System
LASTNAME: System1 1528886 2017-06-07T20:35:05Z Policy Policy Report Template Auto LOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi1 1528888 2017-06-07T20:34:58Z Map Unknown Device Report Manual LOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi1 2389895 2021-05-07T15:28:52Z Patch Critical Patches Required v.1 Auto LOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi
qualys-vulnerability-list#
download a list of vulnerabilities from Qualysβ KnowledgeBase
Base Command#
qualys-vulnerability-list
Input#
| Argument Name | Description | Required |
|---|---|---|
| details | Show the requested amount of information for each vulnerability in the XML output. A valid value is: Basic (default), All, or None. Basic includes basic elements plus CVSS Base and Temporal scores. All includes all vulnerability details, including the Basic details. Possible values are: Basic, All, None. | Optional |
| ids | Used to filter the XML output to include only vulnerabilities that have QID numbers matching the QID numbers you specify. | Optional |
| id_min | Used to filter the XML output to show only vulnerabilities that have a QID number greater than or equal to a QID number you specify. | Optional |
| id_max | Used to filter the XML output to show only vulnerabilities that have a QID number less than or equal to a QID number you specify. | Optional |
| is_patchable | Used to filter the XML output to show only vulnerabilities that are patchable or not patchable. A vulnerability is considered patchable when a patch exists for it. When 1 is specified, only vulnerabilities that are patchable will be included in the output. When 0 is specified, only vulnerabilities that are not patchable will be included in the output. When unspecified, patchable and unpatchable vulnerabilities will be included in the output. Possible values are: 0, 1. | Optional |
| last_modified_after | Used to filter the XML output to show only vulnerabilities last modified after a certain date and time. When specified vulnerabilities last modified by a user or by the service will be shown. use YYYY-MM-DD[THH:MM:SSZ] like β2007-07-01β or β2007-01-25T23:12:00Zβ or today, yesterday, 24hr ago, 3 days ago, last week. | Optional |
| last_modified_before | Used to filter the XML output to show only vulnerabilities last modified before a certain date and time. When specified vulnerabilities last modified by a user or by the service will be shown. use YYYY-MM-DD[THH:MM:SSZ] like β2007-07-01β or β2007-01-25T23:12:00Zβ or today, yesterday, 24hr ago, 3 days ago, last week. | Optional |
| last_modified_by_user_after | Used to filter the XML output to show only vulnerabilities last modified by a user after a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like β2007-07-01β or β2007-01-25T23:12:00Zβ or today, yesterday, 24hr ago, 3 days ago, last week. | Optional |
| last_modified_by_user_before | Used to filter the XML output to show only vulnerabilities last modified by a user before a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like β2007-07-01β or β2007-01-25T23:12:00Zβ or today, yesterday, 24hr ago, 3 days ago, last week. | Optional |
| last_modified_by_service_after | Used to filter the XML output to show only vulnerabilities last modified by the service after a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like β2007-07-01β or β2007-01-25T23:12:00Zβ or today, yesterday, 24hr ago, 3 days ago, last week. | Optional |
| last_modified_by_service_before | Used to filter the XML output to show only vulnerabilities last modified by the service before a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like β2007-07-01β or β2007-01-25T23:12:00Zβ or today, yesterday, 24hr ago, 3 days ago, last week. | Optional |
| published_after | Used to filter the XML output to show only vulnerabilities published after a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like β2007-07-01β or β2007-01-25T23:12:00Zβ or today, yesterday, 24hr ago, 3 days ago, last week. | Optional |
| published_before | Used to filter the XML output to show only vulnerabilities published before a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like β2007-07-01β or β2007-01-25T23:12:00Zβ or today, yesterday, 24hr ago, 3 days ago, last week. | Optional |
| discovery_method | (Optional) Used to filter the XML output to show only vulnerabilities assigned a certain discovery method. A valid value is: Remote, Authenticated, RemoteOnly, AuthenticatedOnly, or RemoteAndAuthenticated. Possible values are: Remote, Authenticated, RemoteOnly, AuthenticatedOnly, RemoteAndAuthenticated. | Optional |
| discovery_auth_types | Used to filter the XML output to show only vulnerabilities having one or more authentication types. A valid value is: Windows, Oracle, Unix or SNMP. Multiple values are entered as a comma-separated list. | Optional |
| show_pci_reasons | Used to filter the XML output to show reasons for passing or failing PCI compliance (when the CVSS Scoring feature is turned on in the userβs subscription). Specify 1 to view the reasons in the XML output. When unspecified, the reasons are not included in the XML output. Possible values are: 0, 1. | Optional |
| show_supported_modules_info | Used to filter the XML output to show Qualys modules that can be used to detect each vulnerability. Specify 1 to view supported modules in the XML output. When unspecified, supported modules are not included in the XML output. Possible values are: 0, 1. | Optional |
| show_disabled_flag | Specify 1 to include the disabled flag for each vulnerability in the XML output. Possible values are: 0, 1. | Optional |
| show_qid_change_log | Specify 1 to include QID changes for each vulnerability in the XML output. Possible values are: 0, 1. | Optional |
| limit | Specify a positive numeric value to limit the amount of results in the requested list. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| Qualys.Vulnerability.List.QID | unknown | Vulnerability QID. |
| Qualys.Vulnerability.List.PATCHABLE | unknown | Is Vulnerability patchable. |
| Qualys.Vulnerability.List.SEVERITY_LEVEL | unknown | Severity level of the Vulnerability. |
| Qualys.Vulnerability.List.CONSEQUENCE | unknown | Consequence of the Vulnerability. |
| Qualys.Vulnerability.List.VENDOR_REFERENCE_LIST.VENDOR_REFERENCE.ID | unknown | ID of the vendor. |
| Qualys.Vulnerability.List.VENDOR_REFERENCE_LIST.VENDOR_REFERENCE.URL | unknown | URL of the vendor. |
| Qualys.Vulnerability.List.LAST_SERVICE_MODIFICATION_DATETIME | unknown | Date of the last service modification. |
| Qualys.Vulnerability.List.CVE_LIST.CVE.ID | unknown | CVE ID. |
| Qualys.Vulnerability.List.CVE_LIST.CVE.URL | unknown | CVE URL. |
| Qualys.Vulnerability.List.PUBLISHED_DATETIME | unknown | Published date. |
| Qualys.Vulnerability.List.DISCOVERY.ADDITIONAL_INFO | unknown | Additional info. |
| Qualys.Vulnerability.List.DISCOVERY.AUTH_TYPE_LIST.AUTH_TYPE | unknown | Discovery Authentication type. |
| Qualys.Vulnerability.List.DISCOVERY.REMOTE | unknown | Is discovery remote. |
| Qualys.Vulnerability.List.DIAGNOSIS | unknown | Diagnosis of vulnerability. |
| Qualys.Vulnerability.List.PCI_FLAG | unknown | PCI flag. |
| Qualys.Vulnerability.List.SOFTWARE_LIST.SOFTWARE.PRODUCT | unknown | Product name. |
| Qualys.Vulnerability.List.SOFTWARE_LIST.SOFTWARE.VENDOR | unknown | Vendor of the product. |
| Qualys.Vulnerability.List.VULN_TYPE | unknown | Type of the vulnerability. |
| Qualys.Vulnerability.List.TITLE | unknown | Title of the vulnerability. |
| Qualys.Vulnerability.List.SOLUTION | unknown | Solution for the vulnerability. |
| Qualys.Vulnerability.List.CATEGORY | unknown | Category of the vulnerability. |
Command Example#
!qualys-vulnerability-list published_after=2021-04-01 published_before=2021-04-20 details=Basic is_patchable=1