Supported XML Formats from Qualys VM & WAS
- Space Sync for Confluence
This article describes which of the XML formats available from Qualys are supported by the platform when performing manual imports of scan results from the Qualys VM and Qualys WAS modules
Importing Qualys VM ‘Scan-Based’ Results (XML)
The XML format provided by Qualys VM, when electing to download the results from a single scan is referred to as ‘scan-based’ results
In Qualys, there are two methods of downloading a ‘scan-based’ report in XML format:
Method 1: From the “Scans” interface.
The “Download” option from the Quick Action menu is available for any completed scan. This action will generate an XML file that can be directly uploaded into the Platform via the Import Issues page.
Shown below is the page in Qualys VM where direct XML exports/downloads of a specific scan be performed.
Method 2: By generating a report that uses a ‘scan-based’ report template.
The “Reports” section in Qualys VM is where ad-hoc reports can be generated for a specific scan. When creating a report, a template must also be specified. The report template chosen must use ‘scan-based’ findings, after which a specific scan must be chosen.
Below are screen-shots of a new Scan Report Template - note that the Findings are set to ‘Scan Based’
Below are screen-shots shown when generating a new scan report. In addition to providing a report title, it also shows a scan-based report template being selected
The resulting XML file, once downloaded from Qualys VM, can be uploaded and imported into the Platform by selecting the corresponding template in the Platform’s “Import Issues” page:
NOTE that the “Qualys VM Scan-based Report (XML)” must be used in the “Import Issues” page
Importing Qualys VM ‘Host-Based’ Results (XML)
The platform will also accept Qualys XML files that are generated from Report Templates that use ‘Host Based Findings' as the report’s scope.
The process is similar to that of ‘Scan-Based’ results. An ad-hoc or scheduled report can be defined in Qualys VM that uses a Report Template with ‘Host Based’ findings defined as the scope.
Below are screen-shots of a new Scan Report Template - note the Findings are set to ‘Host Based Findings’
Below are screen-shots of a New Scan Report that, in addition to give the report a title, it also shows a host-based report template being selected
The resulting XML file can be uploaded and imported into the platform by selecting the corresponding template in the platform’s “Import Issues” screen:
NOTE that the “Qualys Host Based Report XML” must be used.
Importing Qualys WAS Results (XML)
The Platform supports two Qualys WAS report types:
Scan Reports
Web Application Reports
A Scan Report in Qualys WAS is based on a specific point-in-time scan of an application. The scope of a Scan Report can only be a single application; even if the application was scanned as part of a Qualys WAS Multi-Scan.
A Web Application Report in Qualys WAS provides the latest 'view' of known/discovered vulnerabilities of one or more applications at the time the report is generated. The scope of a Web Application Report allows multiple applications to be included in the report’s scope.
By default, a number of Report Templates are available in Qualys WAS, as highlighted below.
NOTE: Only report templates of type “Scan Report” and “Web Application Report” are supported by the Platform
If creating a new Report Template, the template’s report type must be set to either “Web Application Report” or “Scan Report”, as shown below:
Once the Report Template has been created, a new report can be generated either ad-hoc or as part of a scheduled reporting task.
The following screenshot is an example creating a Scan Report, using the default template of “Scan Report”:
Similarly, the following screenshot is an example of creating a Web Application Report, using the “My WebApp Report Template”:
When either a Web Application report or Scan Report has been generated and the XML has been downloaded from Qualys VM, the XML file can be imported into the Platform’s “Import Issues” screen. The appropriate importer must be selected from the “Select Importer” drop down:
In this example below, a Web Application Report from Qualys WAS will be uploaded. There is also the option to choose a “Qualys WAS Scan-based Report (XML) if the XML file to be uploaded was generated from a Scan Report template (as detailed earlier in this article)
When defining a new report template, it is possible to apply filters at the report template level to include or exclude certain results data in the final report. These ‘custom’ report templates, as long as they are of a ‘Scan Report’ or ‘Web Application Report’ type, they are also supported in the platform when the resulting XML is imported.
For example, if a custom report template (of type ‘Scan Report’), includes a Dynamic search filter then the resulting XML report can also be imported into the platform as a “Qualys WAS XML” file.