Qualys

Qualys Vulnerability Management let's you create, run, fetch and manage reports, launch and manage vulnerability and compliance scans, and manage the host assets you want to scan for vulnerabilities and compliance

If you have a network with many assets, Qualys can detect vulnerabilities and policy compliance.

What does this content pack do?

Run scans for vulnerabliites and policy compliance.
Create reports about the scans.
Manage the hosts and assets on your network.

There are several playbooks in this pack. Each playbook launches a report or scan and fetches it when it is ready.

Authentication

Qualys Vulnerability Management uses basic authentication. You'll need your Qualys login credentials to use this integration.
Qualys user accounts that have been enabled with VIP two-factor authentication can be used with the Qualys API, however two-factor authentication will not be used when making API requests. Two-factor authentication is only supported when logging into the Qualys GUI.

PUBLISHER

Cortex XSOAR

INFO

Certification	Certified	Read more
Supported By	Cortex XSOAR
Created	June 30, 2020
Last Release	December 2, 2021

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.

Automations

Name	Description
QualysCreateIncidentFromReport	Create incidents from a Qualys report (XML), based on the Qualys asset ID and vulnerability ID (QID). Duplicate incidents are not created for the same asset ID and QID.

Playbooks

Name	Description
Launch And Fetch PC Scan - Qualys	Launches a PC scan and fetches the scan when it's ready.
Launch And Fetch Compliance Report - Qualys	Launches a compliance report and fetches the report when it's ready.
Launch And Fetch Host Based Findings Report - Qualys	Launches a host based report and fetches the report when it's ready.
Launch And Fetch Patch Report - Qualys	Launches a patch report and fetches the report when it's ready.
Launch And Fetch Remediation Report - Qualys	Launches a remediation report and fetches the report when it's ready.
Launch And Fetch Scheduled Report - Qualys	Launches a scheduled report and fetches the report when it's ready.
Launch And Fetch Compliance Policy Report - Qualys	Launches a compliance policy report and then fetches the report when it's ready.
Launch And Fetch Map Report - Qualys	Launches a map scan report and fetches the report when it's ready.
Launch And Fetch Scan Based Findings Report - Qualys	Launches a scan based report and fetcesh the report when it's ready.
Launch And Fetch VM Scan - Qualys	Launches a scan and fetches the scan when it's ready.
Vulnerability Management - Qualys (Job) - V2	Use the latest Qualys report to manage vulnerabilities. This playbook runs as a job, and by default creates incidents of type "Vulnerability" based on assets and vulnerabilities. The incidents are created from the latest version of the report determined by the report timestamp. You can define the minimum severity (minSeverity) that incidents are created for. Duplicate incidents are not created for the same asset ID and QID. This playbook is a part of a series of playbooks for Qualys vulnerability management and remediation. For this series of playbooks to run successfully, create a Job and do the following: Assign this playbook to the Job Enter the Qualys XML report name into the "Details" field Associate the "Vulnerability" type incident to the "Vulnerability Handling - Qualys" playbook.
Vulnerability Management - Qualys (Job)	Use the latest Qualys report to manage vulnerabilities. This playbook runs as a job, and by default creates incidents of type "Vulnerability" based on assets and vulnerabilities. The incidents are created from the latest version of the report determined by the report timestamp. You can define the minimum severity (minSeverity) that incidents are created for. Duplicate incidents are not created for the same asset ID and QID. This playbook is a part of a series of playbooks for Qualys vulnerability management and remediation. For this series of playbooks to run successfully, create a Job and do the following: Assign this playbook to the Job Enter the Qualys XML report name into the "Details" field Associate the "Vulnerability" type incident to the "Vulnerability Handling - Qualys" playbook.

Integrations

Name	Description
Qualys (Deprecated)	Deprecated. Use Qualys v2 instead.
Qualys v2	Qualys Vulnerability Management let's you create, run, fetch and manage reports. Launch and manage vulnerability and compliance scans. Manage the host assets you want to scan for vulnerabilities and compliance

1.0.13 - 2042391 (December 2, 2021)

Playbooks

Vulnerability Management - Qualys (Job) - V2

Added the text/XML file type to support the Qualys report file for server version 6.2.

1.0.12 - 2020903 (November 28, 2021)

Playbooks

Vulnerability Management - Qualys (Job) - V2

Fixed an issue in which the playbook execution failed if no reports were retrieved from Qualys.

1.0.11 - 7944549 (October 5, 2021)

Integrations

Qualys v2

Documentation and metadata improvements.

1.0.10 - 7740378 (September 23, 2021)

Integrations

Qualys v2

Updated the Docker image to: demisto/python3:3.9.7.24076.

1.0.9 - 7567740 (September 12, 2021)

Scripts

QualysCreateIncidentFromReport

Updated the Docker image to: demisto/python:2.7.18.24066.

1.0.8 - 401987 (July 25, 2021)

Integrations

Qualys v2

Updated the Docker image to: demisto/python3:3.9.5.21272.
Maintenance and stability enhancements.

1.0.7 - 398245 (July 15, 2021)

Playbooks

Vulnerability Management - Qualys (Job) - V2

Maintenance and stability enhancements.

Launch And Fetch PC Scan - Qualys

Maintenance and stability enhancements.

Launch And Fetch Map Report - Qualys

Maintenance and stability enhancements.

Launch And Fetch Compliance Policy Report - Qualys

Maintenance and stability enhancements.

Launch And Fetch VM Scan - Qualys

Maintenance and stability enhancements.

Launch And Fetch Scheduled Report - Qualys

Maintenance and stability enhancements.

Launch And Fetch Patch Report - Qualys

Maintenance and stability enhancements.

Launch And Fetch Compliance Report - Qualys

Maintenance and stability enhancements.

Launch And Fetch Host Based Findings Report - Qualys

Maintenance and stability enhancements.

Launch And Fetch Scan Based Findings Report - Qualys

Maintenance and stability enhancements.

Launch And Fetch Remediation Report - Qualys

Maintenance and stability enhancements.

1.0.6 - 397182 (July 13, 2021)

Integrations

Qualys (Deprecated)

Deprecated. Use the Qualys v2 integration instead.

Scripts

QualysCreateIncidentFromReport

Updated the Docker image to: demisto/python:2.7.18.20958.

1.0.4 - 389935 (June 27, 2021)

Integrations

Maintenance and stability enhancements.

New: Qualys v2

Qualys Vulnerability Management lets you:

Create, run, fetch, and manage reports.
Launch and manage vulnerability and compliance scans.
Manage the host assets you want to scan for vulnerabilities and compliance. (Available from Cortex XSOAR 5.5.0).

Playbooks

New: Launch And Fetch Remediation Report - Qualys

Launches a remediation report and fetches the report when it's ready. (Available from Cortex XSOAR 5.5.0).

New: Launch And Fetch Host Based Findings Report - Qualys

Launches a host based report and fetches the report when it's ready. (Available from Cortex XSOAR 5.5.0).

New: Launch And Fetch VM Scan - Qualys

Launches a scan and fetches the scan when it's ready. (Available from Cortex XSOAR 5.5.0).

New: Launch And Fetch Scheduled Report - Qualys

Launches a scheduled report and fetches the report when it's ready. (Available from Cortex XSOAR 5.5.0).

New: Launch And Fetch Compliance Policy Report - Qualys

Launches a compliance policy report and fetches the report when it's ready. (Available from Cortex XSOAR 5.5.0).

New: Launch And Fetch Map Report - Qualys

Launches a map scan report and fetches the report when it's ready. (Available from Cortex XSOAR 5.5.0).

New: Launch And Fetch Scan Based Findings Report - Qualys

Launches a scan based report and fetches the report when it's ready. (Available from Cortex XSOAR 5.5.0).

New: Launch And Fetch PC Scan - Qualys

Launches a PC scan and fetches the scan when it's ready. (Available from Cortex XSOAR 5.5.0).

New: Launch And Fetch Patch Report - Qualys

Launches a patch report and fetches the report when it's ready. (Available from Cortex XSOAR 5.5.0).

New: Launch And Fetch Compliance Report - Qualys

Launches a compliance report and fetches the report when it's ready. (Available from Cortex XSOAR 5.5.0).

New: Vulnerability Management - Qualys (Job) - V2

Updated the V1 playbook to V2.

1.0.3 - R386517 (June 17, 2021)

Integrations

Qualys

Fixed an issue where the policy_id argument of the qualys-report-launch-compliance-policy command was mishandled.

1.0.2 - R264879 (November 9, 2020)

Integrations

Qualys

Added the outputs for the qualys-vm-scan-fetch command.

1.0.1 - R124496 (September 23, 2020)

Scripts

QualysCreateIncidentFromReport

Updated the script to execute using the LimitedUser role.

1.0.0 - 60526 (June 30, 2020)

Network Security and Vulnerability Management