Qualys

Details
Content
Dependencies
Version History

Qualys Vulnerability Management let's you create, run, fetch and manage reports, launch and manage vulnerability and compliance scans, and manage the host assets you want to scan for vulnerabilities and compliance

If you have a network with many assets, Qualys can detect vulnerabilities and policy compliance.

What does this content pack do?

Run scans for vulnerabilities and policy compliance.
Create reports about the scans.
Manage the hosts and assets on your network.

There are several playbooks in this pack. Each playbook launches a report or scan and fetches it when it is ready.

Authentication

Qualys Vulnerability Management uses basic authentication. You'll need your Qualys login credentials to use this integration.
Qualys user accounts that have been enabled with VIP two-factor authentication can be used with the Qualys API, however two-factor authentication will not be used when making API requests. Two-factor authentication is only supported when logging into the Qualys GUI.

If you have a network with many assets, Qualys can detect vulnerabilities and policy compliance.

What does this content pack do?

Run scans for vulnerabilities and policy compliance.
Create reports about the scans.
Manage the hosts and assets on your network.
Fetches Activity Logs ang Hosts Vulnerabilities.
There are several playbooks in this pack. Each playbook launches a report or scan and fetches it when it is ready.

Authentication

Qualys Vulnerability Management uses basic authentication. You'll need your Qualys login credentials to use this integration.
Qualys user accounts that have been enabled with VIP two-factor authentication can be used with the Qualys API, however two-factor authentication will not be used when making API requests. Two-factor authentication is only supported when logging into the Qualys GUI.

Automations

Name	Description
QualysCreateIncidentFromReport	Create incidents from a Qualys report (XML), based on the Qualys asset ID and vulnerability ID (QID). Duplicate incidents are not created for the same asset ID and QID.

Integrations

Name	Description
Qualys VMDR	Qualys Vulnerability Management lets you create, run, manage reports and to fetch Activity Logs, Assets and Vulnerabilities, launch and manage vulnerability and compliance scans, and manage the host assets you want to scan for vulnerabilities and compliance.
Qualys (Deprecated)	Deprecated. Use Qualys VMDR instead.

Playbooks

Name	Description
Launch And Fetch Compliance Policy Report - Qualys	Launches a compliance policy report and then fetches the report when it's ready.
Launch And Fetch Remediation Report - Qualys	Launches a remediation report and fetches the report when it's ready.
Launch And Fetch PC Scan - Qualys	Launches a PC scan and fetches the scan when it's ready.
Launch And Fetch Patch Report - Qualys	Launches a patch report and fetches the report when it's ready.
Vulnerability Management - Qualys (Job) - V2	Use the latest Qualys report to manage vulnerabilities. This playbook runs as a job, and by default creates incidents of type "Vulnerability" based on assets and vulnerabilities. The incidents are created from the latest version of the report determined by the report timestamp. You can define the minimum severity (minSeverity) that incidents are created for. Duplicate incidents are not created for the same asset ID and QID. This playbook is a part of a series of playbooks for Qualys vulnerability management and remediation. For this series of playbooks to run successfully, create a Job and do the following: Assign this playbook to the Job Enter the Qualys XML report name into the "Details" field Associate the "Vulnerability" type incident to the "Vulnerability Handling - Qualys" playbook.
Launch And Fetch Host Based Findings Report - Qualys	Launches a host based report and fetches the report when it's ready.
Launch And Fetch Compliance Report - Qualys	Launches a compliance report and fetches the report when it's ready.
Launch And Fetch Scan Based Findings Report - Qualys	Launches a scan based report and fetcesh the report when it's ready.
Vulnerability Management - Qualys (Job)	Deprecated. Use the `Vulnerability Management - Qualys (Job) - V2` playbook instead. Use the latest Qualys report to manage vulnerabilities. This playbook runs as a job, and by default creates incidents of type "Vulnerability" based on assets and vulnerabilities. The incidents are created from the latest version of the report determined by the report timestamp. You can define the minimum severity (minSeverity) that incidents are created for. Duplicate incidents are not created for the same asset ID and QID. This playbook is a part of a series of playbooks for Qualys vulnerability management and remediation. For this series of playbooks to run successfully, create a Job and do the following: Assign this playbook to the Job Enter the Qualys XML report name into the "Details" field Associate the "Vulnerability" type incident to the "Vulnerability Handling - Qualys" playbook.
Launch And Fetch VM Scan - Qualys	Launches a scan and fetches the scan when it's ready.
Launch And Fetch Scheduled Report - Qualys	Launches a scheduled report and fetches the report when it's ready.
Launch And Fetch Map Report - Qualys	Launches a map scan report and fetches the report when it's ready.

Automations

Name	Description
QualysCreateIncidentFromReport	Create incidents from a Qualys report (XML), based on the Qualys asset ID and vulnerability ID (QID). Duplicate incidents are not created for the same asset ID and QID.
QualysCreateAlertFromReport	Create alerts from a Qualys report (XML), based on the Qualys asset ID and vulnerability ID (QID). Duplicate alerts are not created for the same asset ID and QID.

Integrations

Name	Description
Qualys VMDR	Qualys Vulnerability Management lets you create, run, manage reports and to fetch Activity Logs, Assets and Vulnerabilities, launch and manage vulnerability and compliance scans, and manage the host assets you want to scan for vulnerabilities and compliance.
Qualys (Deprecated)	Deprecated. Use Qualys VMDR instead.

Modeling Rules

Name	Description
Qualys Modeling Rule

Playbooks

Name	Description
Launch And Fetch Map Report - Qualys	Launches a map scan report and fetches the report when it's ready.
Launch And Fetch Remediation Report - Qualys	Launches a remediation report and fetches the report when it's ready.
Launch And Fetch Host Based Findings Report - Qualys	Launches a host based report and fetches the report when it's ready.
Launch And Fetch Patch Report - Qualys	Launches a patch report and fetches the report when it's ready.
Launch And Fetch Compliance Report - Qualys	Launches a compliance report and fetches the report when it's ready.
Launch And Fetch Scheduled Report - Qualys	Launches a scheduled report and fetches the report when it's ready.
Launch And Fetch Compliance Policy Report - Qualys	Launches a compliance policy report and then fetches the report when it's ready.
Launch And Fetch VM Scan - Qualys	Launches a scan and fetches the scan when it's ready.
Launch And Fetch Scan Based Findings Report - Qualys	Launches a scan based report and fetcesh the report when it's ready.
Launch And Fetch PC Scan - Qualys	Launches a PC scan and fetches the scan when it's ready.

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (6)

Pack Name	Pack By
Cortex REST API	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR

3.1.0 - 1569341 (October 30, 2024)

Integrations

Qualys VMDR

Improved fetch assets process when handling large objects - Assets larger than 1MB will be truncated, a key called 'isTruncated' will indicate that the assets were truncated.
Improved the integration behavior in cases of timeouts when pulling assets - The integration will now immediately retry to fetch the assets instead of waiting for the next fetch window.

Related pull requests:
- 36816

Download

3.0.7 - 1457639 (October 1, 2024)

Integrations

Qualys VMDR

Fixed an issue where the fetch-assets process would fail when automatically adjusting the pull limit.

Related pull requests:
- 36584

Download

3.0.6 - 1434344 (September 25, 2024)

Integrations

Qualys VMDR

Fixed an issue where the fetch-assets process occasionally failed on timeout.

Related pull requests:
- 36388

Download

3.0.5 - 1238470 (August 4, 2024)

Integrations

Qualys VMDR

Fixed an issue where fetch-assets failed on timeout.
Updated the Docker image to: demisto/python3:3.11.9.104957.

Related pull requests:
- 35580

Download

3.0.4 - 1202417 (July 23, 2024)

Integrations

Qualys (Deprecated)

Updated the deprecation message in the documentation regarding the redirection to Qualys VMDR integration.

Related pull requests:
- 35561

Download

3.0.3 - R1189290 (July 18, 2024)

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 34804

Download

3.0.2 - 998827 (May 6, 2024)

Qualys

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 34212

Download

3.0.1 - 972465 (April 22, 2024)

Integrations

Qualys VMDR

Fixed an issue where test failed on timeout.
Updated the Docker image to: demisto/python3:3.10.14.92207.

Related pull requests:
- 34026

Download

3.0.0 - 938811 (April 7, 2024)

Integrations

Qualys VMDR

Breaking Change: The Qualys Event Collector was removed from this pack. To fetch events and assets from Qualys, use the Qualys VMDR integration instead.
Renamed the integration from Qualys v2 to Qualys VMDR.
Added the following commands:
- fetch-events
- fetch-assets
- qualys-get-events
- qualys-get-assets
Updated the Docker image to: demisto/python3:3.10.14.90585.

Related pull requests:
- 33240

Download

2.0.11 - 834381 (February 18, 2024)

Integrations

Qualys v2

Added the following commands.
- qualys-update-vmware-record
- qualys-update-vcenter-record
- qualys-vcenter-esxi-mapped-record-list
- qualys-vcenter-esxi-mapped-record-import
- qualys-vcenter-esxi-mapped-record-purge
Updated the Docker image to: demisto/python3:3.10.13.87159.

Related pull requests:
- 31917
- 32972

Download

2.0.10 - 793334 (January 30, 2024)

Scripts

QualysCreateIncidentFromReport

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32408

Download

2.0.9 - 778227 (January 22, 2024)

Qualys

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 32331

Download

2.0.8 - 765039 (January 16, 2024)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 32212

Download

2.0.7 - 743135 (January 4, 2024)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 31967

Download

2.0.6 - 6910634 (November 16, 2023)

Integrations

Qualys v2

Updated the Docker image to: demisto/python3:3.10.13.80014.
Improved the error messages for HTTP status codes 414, 520.

Related pull requests:
- 30341
- 30217
- 30718
- 30583
- 30743
- 30728
- 30740
- 30626
- 29527

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	June 30, 2020
Last Release	October 30, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.