HomeGuidesAPI ReferenceChangelog
Log In
Guides

Qualys CLI

This CLI is able to sync assets from Qualys along with their vulnerabilities from Qualys Cloud Platform (Vulnerability Manager, Policy Compliance) into RegScale as Issues.

  • sync_qualys - queries the Qualys instance for assets and vulnerability scans and syncs them to a Security Plan in RegScale
  • get_asset_groups - exports all asset groups from Qualys containing their Asset Group ID and Asset Group Name to a .json file
  • export_scans - exports a list of scans from the Qualys instance and saves to a .json file
  • save_results - save scan results for a specific scan or all scans
  • import_scans- Import flat file scan data

init.yaml Configuration

There are multiple pieces of information needed to configure the Tenable integration via the CLI:

  • qualysUrl - base URL for the Qualys API. Follow this guide to determine the URL: Identify your Qualys platform
  • qualysUserName - Qualys user name to log in
  • qualysPassword - Qualys password to log in
  • issues: {qualys: {high: 10, low: 365, moderate: 90, status: Draft}} - number of days to add to today's date when setting due dates to RegScale issues based on Qualys severity index and the status to use for a new RegScale issue.

Qualys Setup Workfow

  1. Get the Qualys URL and paste it into the qualysUrl field in init.yaml.
  2. Create an account or use an existing account within Qualys and add the user name and password to the corresponding fields in init.yaml. Once this is complete, the Qualys integrations is ready to use with the RegScale CLI.

Vulnerability Processing Workflow

The CLI currently supports processing Qualys assets and vulnerabilities to RegScale assets and issues. The issue processing workflow is shown below:

  • The user first logs into RegScale via the CLI to set the access token or otherwise creates a service account as described in the CLI Login documentation
  • The user then calls the CLI to fetch Qualys assets and vulnerabilities and if desired, save RegScale issues while setting the following flags:
    • get_asset_groups - export all asset groups from Qualys containing their asset group ID and asset group name
      • --save_output_to - file path to save the results as a .json file
    • sync_qualys - The primary function of this integration, query Qualys assets and vulnerabilities and create/update any related assets to RegScale.
      • --asset_group_name or --asset_group_id Filter assets from Qualys to add to your Security Plan in RegScale with the provided argument. (NOTE: You cannot use both of these filters, if you do not use one it will grab all assets and their vulnerabilities from Qualys)
      • --regscale_ssp_id - the RegScale security plan to be associated with the Qualys assets and vulnerabilities
      • --create_issue - a boolean flag to set if the CLI user would like to map these vulnerabilities into RegScale issues. Newly created issues will be set to the status from init.yaml for Qualys issues in RegScale.
    • save_results - a list of query definitions
      • --save_output_to - file path to save the results as a .json file
      • --scan_id - Qualys scan reference ID, if none provided it will pull all scans
    • export_scans - an export of all Qualys scans available to the user within the last X days
      • --save_output_to - file path to save the results as a .json file
      • --days - number of days to go back for completed Qualys scans, defaults to 30
    • import_scans - import flat file scan data exported from Qualys
      • --folder_path - provide a location to the scans to import

The CLI provides detailed logging throughout the process to indicate progress and to provide troubleshooting in case of issues.

File Format

Below are the expected columns of a Qualys file:

Header NameRequired
IPYes
DNSYes
NetBIOSYes
QG Host IDYes
IP Interfaces
Tracking Method
OSYes
IP Status
QID
TitleYes
Vuln Status
Type
SeverityYes
Port
Protocol
FQDNYes
SSL
First Detected
Last Detected
Times Detected
Date Last Fixed
First Reopened
Last Reopened
Times Reopened
CVE_IDYes
Vendor Reference
Bugtraq ID
CVSS3.1
CVSS3.1 Base
CVSS3.1 Temporal
Threat
Impact
SolutionYes
ExploitabilityYes
Associated Malware
Results
PCI Vuln
Ticket State
Instance
Category
Associated Tags
EC2 Instance ID
Public Hostname
Image ID
VPC ID
Instance State
Private Hostname
Instance Type
Account ID
Region Code
Subnet ID
QDS
ARS
ACS
TruRisk Score

Example Commands

Query Qualys using a defined asset group ID from the Qualys platform and relate it to an existing RegScale SSP. If any vulnerabilities are found, issues will be created in RegScale.

  • regscale qualys sync_qualys --asset_group_id 71413 --regscale_ssp_id 2 --create_issue True
  • regscale qualys get_asset_groups --save_output_to ./qualys_data/asset_groups
  • regscale qualys import_scans --regscale_ssp_id 34 --folder_path ./data/qualys

init.yaml Example

For a basic Qualys integration with RegScale, the following init.yaml structure is necessary (example/notional key structure shown below, replace with actual customer keys):

domain: https://mycompany.regscale.com
qualysPassword: My5UP3r_SeCR3t-P@$sw0rD!
qualysUrl: https://qualysapi.qg3.apps.qualys.com/
qualysUserName: regscale1234
issues:
  qualys:
    high: 10
    low: 365
    moderate: 90
    status: Draft

Building a Bash Script to Execute the CLI

You can chain together RegScale CLI commands using scripts. These scripts could be in Bash, Python, PowerShell, etc. Below is an example Bash file (named "regscaleScheduler.sh") in Ubuntu for executing the Qualys CLI that pulls all assets and their vulnerabilities after authenticating and assigns them to a specific Security Plan in RegScale:

#!/bin/sh

# Save assets from Qualys Query #37009 and relate to RegScale SSP #2
regscale qualys sync_qualys --regscale_ssp_id 2 --create_issue True

To execute the Bash file, run this command: /path/to/folder/regscaleScheduler.sh. You can chain together any arbitrary set of CLI commands to have them execute sequentially.

📘

NOTE: See All Scanner Integrations for information about how this updates Issues/POAMs