Skip to content

Qualys

Examples

This importer supports both, Qualys Web Application Scans and Vulnerability Management Scans.

Limitations: The Qualys XML exports don't include CVSS vectors, which is why CVSS scores are not populated to the findings. It, however, populates the "severity" field if your design uses it as a finding field.

Qualys
1
2
3
cat qualys.xml | reptor qualys
cat qualys.xml | reptor qualys --upload  # Upload findings as notes
cat qualys.xml | reptor qualys --push-findings  # Create findings from scan results

Pushed Qualys findings

Qualys findings as notes

Filter your Qualys results:

Qualys Filter
1
2
3
4
cat qualys.xml | reptor qualys --severity-filter medium-critical --push-findings
cat qualys.xml | reptor qualys --include-plugins 150158 --push-findings
cat qualys.xml | reptor qualys --exclude-plugins 150158 --push-findings
reptor qualys -i qualys_1.xml qualys_2.xml --push-findings  # Use multiple input files

You can add those filter settings to your config by running:

OpenVAS conf
1
reptor qualys --conf

Usage

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
usage: reptor qualys [-h] [--conf] [-i [INPUT ...]]
                     [--format | --upload | --push-findings | --template-vars | --parse | --upload-finding-templates]
                     [--severity-filter SEVERITY_FILTER]
                     [--exclude EXCLUDED_PLUGINS] [--include INCLUDED_PLUGINS]

Qualys vulnerability importer

optional arguments:
  -h, --help            show this help message and exit
  --conf, --config      Configure plugin settings
  -i [INPUT ...], --input [INPUT ...]
                        Input file, if not stdin (multiple files allowed)
  --format
  --upload
  --push-findings
  --template-vars       Print template variables (needed for finding template customization).
  --parse
  --upload-finding-templates
                        Upload local finding templates to SysReptor
  --severity-filter SEVERITY_FILTER
                        Filter findings by severity comma-separated ("high,medium") or as range ("medium-critical")
  --exclude EXCLUDED_PLUGINS
                        Exclude plugin IDs, comma-separated
  --include INCLUDED_PLUGINS
                        Include plugin IDs, comma-separated; default: all are included