Qualys
  • 1 Minute to read
  • Contributors
  • Dark
    Light
  • PDF

Qualys

  • Dark
    Light
  • PDF

Overview

Qualys is a trigger API to scan for vulnerabilities in a network of systems.

Qualys trigger plugin functions

Details of the function that can be used with the Qualys Scan lookup is given in this section.

  • add_scan_ip

This function allows for scanning and adding IP addresses to Vulnerability Management and Compliance Management.

  • Input
    $DstIP: IP Address for the host to be added to ip list.

Example

_fetch * from event where $DevSrcIP=X.X.X.X AND $LogName=CHECKPOINT AND $Duration=12h group count_unique $ActionTaken, $SrcIP, $DstIP limit 100
>>_checkif int_compare count_unique >100000 include
>>_trigger api qualys add_scan_ip $DstIP

Output
image.png

  • start_scan

This function allows for scanning specific IP address.

  • Input

$DstIP: IP Address for the host to be scanned.

Example

_fetch * from event where $DevSrcIP=X.X.X.X AND $LogName=CHECKPOINT AND $Duration=12h group count_unique $ActionTaken, $SrcIP, $DstIP limit 100
>>_checkif int_compare count_unique >100000 include
>>_trigger api qualys start_scan $DstIP

Output

image.png

Getting started with Qualys API

  • Login to your Adapter, A10 containers and access DNIF Containers via SSH.

  • Copy the files on the server from location /var/tmp to the relevant location using below commands:

cp /var/tmp/qualys.tar.gz /dnif/<D-Key>/trigger_plugins/
  • Move to the ‘/dnif/<D-Key>/trigger_plugins’ folder path.
cd /dnif/<D-Key>/trigger_plugins/
  • Extract the qualys.tar.gz using the following command
tar -xvzf qualys.tar.gz

  • Move to the ‘/dnif/<D-key>/trigger_plugins/qualys/’ folder path and edit the dnifconfig.yml configuration file

  • Replace the tag: <Add_your_*> with necessary credentials

lookup_plugin:
  USERNAME: <Add_your_Qualys_username>
  PASSWORD: <Add_your_Qualys_password>
  URL : https://qualysguard.qg1.apps.qualys.in/
  SCANNER_NAME : <Add_your_Qualys_scanner_name>

Was this article helpful?

What's Next