This article describes which of the XML formats available from Qualys are supported by the platform when performing manual imports of XML Scan Results scan results from the Qualys VM and Qualys WAS modules
...
The XML format provided by Qualys VM, when electing to download the results from a single scan is supported by the platform. In Qualys VM, this referred to as ‘scan-based’ results.
In Qualys, there are two methods of downloading a ‘scan-based’ report in XML format:
Method 1: From the “Scans” interface.
The “Download” option from the Quick Action menu is available for any Scans entry completed scan. This action will generate an XML file that can be directly loaded uploaded into the platformthe Platform via the Import Issues page.
Shown below is the area of page in Qualys VM where direct XML exports/downloads of a specific scan be performed.
...
The “Reports” section in Qualys VM is where ad-hoc reports can be generated for a specific scan. When creating a report, a template must also be specified. The report template chosen must use ‘scan-based’ findings, after which a specific scan must be chosen.
Below are screen-shots of a new Scan Report Template - note that the Findings are set to ‘Scan Based’
...
Below are screen-shots of a New Scan Report that, in addition to a title, shown when generating a new scan report. In addition to providing a report title, it also shows a scan-based report template being selected
...
The resulting XML file, once downloaded from Qualys VM, can be uploaded and imported into the platform Platform by selecting the corresponding template in the platform’s Platform’s “Import Issues” screenpage:
| Info |
|---|
NOTE that the “Qualys VM Scan Based Report XML” -based Report (XML)” must be used .in the “Import Issues” page |
Importing Qualys VM ‘Host-Based’ Results (XML)
The platform will also accept Qualys XML files that are generated from Report Templates that use ‘Host Based Findings' as the report’s scope.
The process is similar to that of ‘Scan-Based’ results. An ad-hoc or scheduled report can be defined in Qualys VM that must use uses a Report Template that uses with ‘Host Based’ findings :defined as the scope.
Below are screen-shots of a new Scan Report Template - note the Findings are set to ‘Host Based’Based Findings’
...
Below are screen-shots of a New Scan Report that, in addition to give the report a title, it also shows a host-based report template being selected
...
Scan Reports
Web Application Reports
A Scan Report in Qualys WAS is based on a specific point-in-time scan of an application. The scope of a “Scan Report” is Scan Report can only be a single application; even if the application was scanned as part of a Qualys WAS Multi-Scan.
A Web Application Report in Qualys WAS provides the latest known detected vulnerabilities ('view' of known/discovered vulnerabilities of one or more applications at the time the report is generated). The scope of a Web Application Report also allows multiple applications to be included in the report, either use tags or choosing specific applications to includereport’s scope.
By default, a number of Report Templates are available in Qualys WAS, as highlighted below.
...
| Info |
|---|
NOTE: Only report templates of type “Scan Report” and “Web Application Report” are supported by the |
...
Platform |
If creating a new Report Template, the template’s report type must be set to either “Web Application Report” or “Scan Report” for the correct XML format to be used, as shown below:
...
Once the Report Template has been created, a new report can be generated either ad-hoc or as part of a scheduled reporting task:.
The following screenshot is an example creating a Scan Report, using the default template of “Scan Report”:
...
Similarly, the following screenshot is an example of creating a Web Application Report, using the “My WebApp Report Template”:
...
When either the a Web Application report or Scan Report has been generated and the XML has been downloaded from Qualys VM, this the XML file can be imported into the platform’s Platform’s “Import Issues” screen. The appropriate importer must be selected from the “Select Importer” drop down:
In this example below, a Web Application Report from Qualys WAS will be uploaded. There is also the option to choose a “Qualys WAS Scan-based Report (XML) if relevant.the XML file to be uploaded was generated from a Scan Report template (as detailed earlier in this article)
...
When defining a new report template, it is possible to apply filters at the report template level to refine what information is retrieved when the actual report is generatedinclude or exclude certain results data in the final report. These ‘custom’ report templates, as long as they are of a ‘scan report’ or ‘web application report’ ‘Scan Report’ or ‘Web Application Report’ type, they are also supported in the platform when the resulting XML is imported.
...