Get Vulnerability Scan Reports from Qualys
Import Qualys vulnerability scan reports into IoT Security
and view them from the IoT Security portal.
XSOAR can run jobs that download vulnerability
scan reports from Qualys, even those not initiated from the IoT
Security portal, and then export them to IoT Security when they
include devices in the IoT Security inventory.
One job runs
periodically and downloads any new vulnerability scan reports that
Qualys generated within the past hour. The other job must be manually
initiated and downloads all reports from Qualys generated within
the past 30 days in bulk.
Because the bulk job retrieves all
vulnerability reports for the past 30 days, older reports for devices
with dynamically assigned IP addresses might not align with devices
using these IP addresses now. As a result, vulnerability information
might be associated with the wrong devices and risk scores might
be miscalculated. Therefore, use this tool sparingly and with caution,
or rely solely on the periodic job to gather recently generated
reports from Qualys incrementally.
Qualys supports scans of
single devices and multiple devices. If a Qualys vulnerability scan
report for single or multiple devices includes any devices in your IoT
Security inventory, then the IoT Security portal displays the report
on the
Device Details
page for the included
devices and on the page.A
vulnerability scan report for multiple devices contains results for
all the scanned devices. However, IoT Security changes the report
name of the file that each scanned device links to so that the name
includes its MAC address. As a result, different report names will
link to the same file if the report includes results for multiple
devices.
If you are using the default integration instance
(and haven’t changed its name) for the jobs that retrieve vulnerability
scan reports from Qualys incrementally or in bulk, simply select
one of the predefined jobs and click
Enable
or Run
now
:- PANW IoT Incremental Export of reports from Qualys (Enable)
- PANW IoT Bulk Export of reports from Qualys (Run now)
If
you are using a custom-defined integration instance that you created,
follow the steps below.
- Create an XSOAR job to retrieve vulnerability scan reports from Qualys incrementally.
- Navigate toSettingsin the XSOAR UI, open the Qualys integration instance that you previously created, and copy the integration instance name.
- Navigate toJobsand then clickNew Jobat the top of the page.
- In the New Job panel that appears, enter the following and leave the other settings at their default values:Recurring: Select this to poll Qualys periodically for new reports.Every: Enter a number and set the interval value (Minutes, Hours, Days, or Weeks) and select the days on which to run the job. (To run the job every day, either select all days or leave them unselected.) This determines how often XSOAR checks Qualys for scan reports generated within the past hour and downloads them if available.To ensure IoT Security doesn’t miss any reports, set this for 1 hour (or 60 minutes).Name: Enter a name for the job.Playbook: ChooseIncremental Qualys Get Scans and Report Handling V2- PANW IoT 3rd Party Integration.Integration Instance Name: Paste the Qualys integration instance name you copied.
- ClickCreate new job.
- To start running the job at recurring intervals, select the job and clickEnableat the top of the Jobs table.
- Create an XSOAR job to retrieve vulnerability scan reports from Qualys in bulk.
- On the Settings page in the XSOAR UI, open the Qualys integration instance that you previously created and copy the integration instance name.
- Navigate toJobsand then clickNew Jobat the top of the page.
- In the New Job panel, enter the following and leave the other settings at their default values:Name: Enter a name for the job.Playbook: ChooseBulk Qualys Get Scans and Report Handling V2- PANW IoT 3rd Party Integration.Integration Instance Name: Paste the Qualys integration instance name you copied.
- ClickCreate new job.
- To initiate the job, select it and then clickRun nowat the top of the Jobs table.
- View imported vulnerability scan reports in the IoT Security portal.Open theDevice Detailspage for a device whose report you want to see and then click the link to the PDF in the Security summary section near the top of the page.
orClick and click the report name for a scanned device.
