This importer supports both, Qualys Web Application Scans and Vulnerability Management Scans.
Limitations: The Qualys XML exports don't include CVSS vectors, which is why CVSS scores are not populated to the findings. It, however, populates the "severity" field if your design uses it as a finding field.
Qualys
123
catqualys.xml|reptorqualys
catqualys.xml|reptorqualys--upload# Upload findings as notes
catqualys.xml|reptorqualys--push-findings# Create findings from scan results
Filter your Qualys results:
Qualys Filter
1234
catqualys.xml|reptorqualys--severity-filtermedium-critical--push-findings
catqualys.xml|reptorqualys--include-plugins150158--push-findings
catqualys.xml|reptorqualys--exclude-plugins150158--push-findings
reptorqualys-iqualys_1.xmlqualys_2.xml--push-findings# Use multiple input files
You can add those filter settings to your config by running:
OpenVAS conf
1
reptorqualys--conf
Usage
1 2 3 4 5 6 7 8 910111213141516171819202122232425
usage: reptor qualys [-h] [--conf] [-i [INPUT ...]]
[--format | --upload | --push-findings | --template-vars | --parse | --upload-finding-templates]
[--severity-filter SEVERITY_FILTER]
[--exclude EXCLUDED_PLUGINS] [--include INCLUDED_PLUGINS]
Qualys vulnerability importer
optional arguments:
-h, --help show this help message and exit
--conf, --config Configure plugin settings
-i [INPUT ...], --input [INPUT ...]
Input file, if not stdin (multiple files allowed)
--format
--upload
--push-findings
--template-vars Print template variables (needed for finding template customization).
--parse
--upload-finding-templates
Upload local finding templates to SysReptor
--severity-filter SEVERITY_FILTER
Filter findings by severity comma-separated ("high,medium") or as range ("medium-critical")
--exclude EXCLUDED_PLUGINS
Exclude plugin IDs, comma-separated
--include INCLUDED_PLUGINS
Include plugin IDs, comma-separated; default: all are included