Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 2 Next »

This article describes which of the XML formats available from Qualys are supported by the platform when performing manual imports of XML Scan Results from Qualys VM and Qualys WAS modules

Importing Qualys VM ‘Scan-Based’ Results (XML)

The XML format provided by Qualys VM, when electing to download the results from a single scan is supported by the platform. In Qualys VM, this referred to as ‘scan-based’ results.

In Qualys, there are two methods of downloading a ‘scan-based’ report in XML format

Method 1: From the “Scans” interface.

The “Download” option available for any Scans entry will generate an XML file that can be directly loaded into the platform.

Shown below is the area of Qualys VM where direct XML exports/downloads of a specific scan be performed.

Method 2: By generating a report that uses a ‘scan-based’ report template.

The “Reports” section in Qualys is where ad-hoc reports can be generated for a specific scan. When creating a report, a template must also be specified. The report template chosen must use ‘scan-based’ findings

Below are screen-shots of a new Scan Report Template - note that the Findings are set to ‘Scan Based’

Below are screen-shots of a New Scan Report that, in addition to a title, also shows a scan-based report template being selected

The resulting XML file can be uploaded and imported into the platform by selecting the corresponding template in the platform’s “Import Issues” screen:

NOTE that the “Qualys Scan Based Report XML” must be used.

image-20240821-141959.png

Importing Qualys VM ‘Host-Based’ Results (XML)

The platform will also accept Qualys XML files that are generated from Report Templates that use ‘Host Based Findings'

The process is similar to that of ‘Scan-Based’ results. An ad-hoc or scheduled report can be defined in Qualys VM that must use a Report Template that uses ‘Host Based’ findings:

Below are screen-shots of a new Scan Report Template - note the Findings are set to ‘Host Based’

Below are screen-shots of a New Scan Report that, in addition to a title, also shows a host-based report template being selected

The resulting XML file can be uploaded and imported into the platform by selecting the corresponding template in the platform’s “Import Issues” screen:

NOTE that the “Qualys Host Based Report XML” must be used.

image-20240821-141912.png

Importing Qualys WAS Results (XML)

The Platform supports two Qualys WAS report types:

  • Scan Reports

  • Web Application Reports

A Scan Report is based on a specific point-in-time scan. The scope of a “Scan Report” is a single application.

A Web Application Report provides the latest known detected vulnerabilities (at the time the report is generated). The scope of a Web Application Report also allows multiple applications to be included in the report, either use tags or choosing specific applications to include

By default, a number of Report Templates are available in Qualys WAS, as highlighted below.

image-20240821-140339.png

Only report templates of type “Scan Report” and “Web Application Report” are supported by the platform - the other types are not supported

If creating a new Report Template, the template’s report type must be set to either “Web Application Report” or “Scan Report” for the correct XML format to be used:

image-20240821-140534.png

Once the Report Template has been created, a new report can be generated either ad-hoc or as part of a scheduled reporting task:

The following is an example creating a Scan Report, using the default template of “Scan Report”:

image-20240821-140832.png

Similarly, the following is an example of creating a Web Application Report, using the “My WebApp Report Template”:

image-20240821-140933.png

When either the Web Application report or Scan Report has been generated and the XML has been downloaded, this XML can be imported into the platform’s “Import Issues” screen. The appropriate importer must be selected from the “Select Importer” drop down:

In this example, a Web Application Report from Qualys WAS will be uploaded. There is also the option to choose a “Qualys WAS Scan-based Report (XML) if relevant.

image-20240821-141202.png

When defining a new report template, it is possible to apply filters at the report template level to refine what information is retrieved when the actual report is generated. These ‘custom’ templates, as long as they are of a ‘scan report’ or ‘web application report’ type, they are also supported in the platform when the resulting XML is imported.

For example, if a custom report template (of type ‘Scan Report’), includes a Dynamic search filter then the resulting XML report can also be imported into the platform as a “Qualys WAS XML” file.

  • No labels