This article describes which of the XML formats available from Qualys are supported by the platform when performing manual imports of XML Scan Results from Qualys VM and Qualys WAS modules

Importing Qualys VM ‘Scan-Based’ Results (XML)

The XML format provided by Qualys VM, when electing to download the results from a single scan is supported by the platform. In Qualys VM, this referred to as ‘scan-based’ results.

In Qualys, there are two methods of downloading a ‘scan-based’ report in XML format

Method 1: From the “Scans” interface.

The “Download” option available for any Scans entry will generate an XML file that can be directly loaded into the platform.

Shown below is the area of Qualys VM where direct XML exports/downloads of a specific scan be performed.

Open

Method 2: By generating a report that uses a ‘scan-based’ report template.

The “Reports” section in Qualys is where ad-hoc reports can be generated for a specific scan. When creating a report, a template must also be specified. The report template chosen must use ‘scan-based’ findings

Below are screen-shots of a new Scan Report Template - note that the Findings are set to ‘Scan Based’

Open

Below are screen-shots of a New Scan Report that, in addition to a title, also shows a scan-based report template being selected

The resulting XML file can be uploaded and imported into the platform by selecting the corresponding template in the platform’s “Import Issues” screen:

Importing Qualys VM ‘Host-Based’ Results (XML)

The platform will also accept Qualys XML files that are generated from Report Templates that use ‘Host Based Findings'

The process is similar to that of ‘Scan-Based’ results. An ad-hoc or scheduled report can be defined in Qualys VM that must use a Report Template that uses ‘Host Based’ findings:

Below are screen-shots of a new Scan Report Template - note the Findings are set to ‘Host Based’

Below are screen-shots of a New Scan Report that, in addition to a title, also shows a host-based report template being selected

The resulting XML file can be uploaded and imported into the platform by selecting the corresponding template in the platform’s “Import Issues” screen:

Importing Qualys WAS Results (XML)

The XML format provided by Qualys WAS, when electing to download the results from the “Scans” page is not supported by the platform. This is because the XML format provided is considered a ‘legacy’ (v1) format by Qualys.

If you attempt to download results directly from the “Scans” page in Qualys WAS; a warning is presented confirming that ‘Legacy XML’ has been requested.

The XML format supported by the platform, and considered v3 by Qualys, is only possible by generating either ad-hoc or scheduled reports in Qualys WAS. As with any report generation in Qualys, a Report Template must also be selected:

By default, a number of Report Templates are available in Qualys WAS, as highlighted below.

Report types of “Scan Report” are supported by the platform - the other types are not supported

When creating a new Report Template, the report type must be set to “Scan Report” for the correct XML format to be used:

Once the Report Template has been created, a new report can be generated:

NOTE the selection of the Report Type is “Scan Report”, and the Report Template chosen is using a template that is of type ‘Scan Report’ also.

When the report has been generated and the XML has been downloaded, this XML can be imported into the platform’s “Import Issues” screen:

When defining a new report template, it is possible to apply filters at the report template level to refine what information is retrieved when the actual report is generated. These ‘custom’ templates, as long as they are of a ‘scan report’ type, are also supported in the platform when the resulting XML is imported.

For example, if a custom report template (of type ‘Scan Report’), includes a Dynamic search filter then the resulting XML report can also be imported into the platform as a “Qualys WAS XML” file.