Qualys
Qualys CLI
This CLI is able to sync assets from Qualys along with their vulnerabilities from Qualys Cloud Platform (Vulnerability Manager, Policy Compliance) into RegScale as Issues.
sync_qualys
- queries the Qualys instance for assets and vulnerability scans and syncs them to a Security Plan in RegScaleget_asset_groups
- exports all asset groups from Qualys containing their Asset Group ID and Asset Group Name to a .json fileexport_scans
- exports a list of scans from the Qualys instance and saves to a .json filesave_results
- save scan results for a specific scan or all scansimport_scans
- Import flat file scan data
init.yaml Configuration
There are multiple pieces of information needed to configure the Tenable integration via the CLI:
qualysUrl
- base URL for the Qualys API. Follow this guide to determine the URL: Identify your Qualys platformqualysUserName
- Qualys user name to log inqualysPassword
- Qualys password to log inissues: {qualys: {high: 10, low: 365, moderate: 90, status: Draft}}
- number of days to add to today's date when setting due dates to RegScale issues based on Qualys severity index and the status to use for a new RegScale issue.
Qualys Setup Workfow
- Get the Qualys URL and paste it into the
qualysUrl
field ininit.yaml
. - Create an account or use an existing account within Qualys and add the user name and password to the corresponding fields in
init.yaml
. Once this is complete, the Qualys integrations is ready to use with the RegScale CLI.
Vulnerability Processing Workflow
The CLI currently supports processing Qualys assets and vulnerabilities to RegScale assets and issues. The issue processing workflow is shown below:
- The user first logs into RegScale via the CLI to set the access token or otherwise creates a service account as described in the CLI Login documentation
- The user then calls the CLI to fetch Qualys assets and vulnerabilities and if desired, save RegScale issues while setting the following flags:
get_asset_groups
- export all asset groups from Qualys containing their asset group ID and asset group name--save_output_to
- file path to save the results as a .json file
sync_qualys
- The primary function of this integration, query Qualys assets and vulnerabilities and create/update any related assets to RegScale.--asset_group_name
or--asset_group_id
Filter assets from Qualys to add to your Security Plan in RegScale with the provided argument. (NOTE: You cannot use both of these filters, if you do not use one it will grab all assets and their vulnerabilities from Qualys)--regscale_ssp_id
- the RegScale security plan to be associated with the Qualys assets and vulnerabilities--create_issue
- a boolean flag to set if the CLI user would like to map these vulnerabilities into RegScale issues. Newly created issues will be set to the status frominit.yaml
for Qualys issues in RegScale.
save_results
- a list of query definitions--save_output_to
- file path to save the results as a .json file--scan_id
- Qualys scan reference ID, if none provided it will pull all scans
export_scans
- an export of all Qualys scans available to the user within the last X days--save_output_to
- file path to save the results as a .json file--days
- number of days to go back for completed Qualys scans, defaults to 30
import_scans
- import flat file scan data exported from Qualys--folder_path
- provide a location to the scans to import
The CLI provides detailed logging throughout the process to indicate progress and to provide troubleshooting in case of issues.
File Format
Below are the expected columns of a Qualys file:
Header Name | Required |
---|---|
IP | Yes |
DNS | Yes |
NetBIOS | Yes |
QG Host ID | Yes |
IP Interfaces | |
Tracking Method | |
OS | Yes |
IP Status | |
QID | |
Title | Yes |
Vuln Status | |
Type | |
Severity | Yes |
Port | |
Protocol | |
FQDN | Yes |
SSL | |
First Detected | |
Last Detected | |
Times Detected | |
Date Last Fixed | |
First Reopened | |
Last Reopened | |
Times Reopened | |
CVE_ID | Yes |
Vendor Reference | |
Bugtraq ID | |
CVSS3.1 | |
CVSS3.1 Base | |
CVSS3.1 Temporal | |
Threat | |
Impact | |
Solution | Yes |
Exploitability | Yes |
Associated Malware | |
Results | |
PCI Vuln | |
Ticket State | |
Instance | |
Category | |
Associated Tags | |
EC2 Instance ID | |
Public Hostname | |
Image ID | |
VPC ID | |
Instance State | |
Private Hostname | |
Instance Type | |
Account ID | |
Region Code | |
Subnet ID | |
QDS | |
ARS | |
ACS | |
TruRisk Score |
Example Commands
Query Qualys using a defined asset group ID from the Qualys platform and relate it to an existing RegScale SSP. If any vulnerabilities are found, issues will be created in RegScale.
regscale qualys sync_qualys --asset_group_id 71413 --regscale_ssp_id 2 --create_issue True
regscale qualys get_asset_groups --save_output_to ./qualys_data/asset_groups
regscale qualys import_scans --regscale_ssp_id 34 --folder_path ./data/qualys
init.yaml Example
For a basic Qualys integration with RegScale, the following init.yaml
structure is necessary (example/notional key structure shown below, replace with actual customer keys):
domain: https://mycompany.regscale.com
qualysPassword: My5UP3r_SeCR3t-P@$sw0rD!
qualysUrl: https://qualysapi.qg3.apps.qualys.com/
qualysUserName: regscale1234
issues:
qualys:
high: 10
low: 365
moderate: 90
status: Draft
Building a Bash Script to Execute the CLI
You can chain together RegScale CLI commands using scripts. These scripts could be in Bash, Python, PowerShell, etc. Below is an example Bash file (named "regscaleScheduler.sh") in Ubuntu for executing the Qualys CLI that pulls all assets and their vulnerabilities after authenticating and assigns them to a specific Security Plan in RegScale:
#!/bin/sh
# Save assets from Qualys Query #37009 and relate to RegScale SSP #2
regscale qualys sync_qualys --regscale_ssp_id 2 --create_issue True
To execute the Bash file, run this command: /path/to/folder/regscaleScheduler.sh
. You can chain together any arbitrary set of CLI commands to have them execute sequentially.
NOTE: See All Scanner Integrations for information about how this updates Issues/POAMs
Updated about 1 month ago