Creating workflows for Qualys assets

Let Oomnitza be your single source of truth!

You'll get complete visibility of your assets as data from Qualys is automatically transformed into consumable information and actionable insights.

Connect Oomnitza and Qualys in minutes

You'll get visibility of your Qualys assets by creating configurable workflows to automate tasks such as:

• Workflows for getting, removing, and adding excluded hosts.
• Workflows for creating editing and deleting virtual hosts.

Let Oomnitza be your single source of truth!

You'll get visibility of your devices as data from Qualys is automatically transformed into consumable information and actionable insights.

Before you start

Creating workflows

Create asset workflows

Qualys Get Excluded Hosts List

Qualys Remove from Excluded Host List

Qualys Add to Excluded Host List

Qualys Delete Virtual Host

Qualys Edit Virtual Host

Qualys Create Virtual Host

Qualys Update Host

Qualys Purge Host

Before you start

Before you create workflows, you need to have added your Qualys credentials to Oomnitza. Follow the steps in Adding your Qualys credentials to Oomnitza and add your credentials to Oomnitza.

We recommend that you also create the extended integration for Qualys assets. You will need the information retrieved in the Virtual Asset Load, Excluded Asset Load, and standard Asset Load to help you run workflows.

To save time running the integration you should also have added your Qualys API URL as a global variable in Oomnitza.

Creating workflows

Create asset workflows

To create an asset workflow, you must complete these steps:  

1. Click Configuration > Workflows 
2. Click Add (+) and select Assets from the list.
3. Drag and drop the API block onto the Sandbox.
4. Click Edit on the API block and enter Qualys in the search field. 
5. Select a preset:
   • Qualys Get Excluded Hosts List
   • Qualys Remove from Excluded Host List
   • Qualys Add to Excluded Host List
   • Qualys Delete Virtual Host
   • Qualys Edit Virtual Host
   • Qualys Create Virtual Host
   • Qualys Update Host
   • Qualys Purge Host
   • To choose a preset, click the forward arrow (>).
6. Select the credentials that you created in Adding your Qualys credentials to Oomnitza.
   
7. Your Qualys API URL is derived from the global variable you created in Adding Qualys global variables
8. Configure the API Block following the preset instructions below, and save your changes.
9. Edit the Begin Block and add rules to trigger the workflow. For example, if you set the Actions to New you can trigger a workflow every time a new asset is created. Refer to Using the Begin block.
10. Connect the Blocks. 
11. Save, validate, and activate your workflow.

Using the Qualys Get Excluded Hosts List preset

The Qualys Get Excluded Host List preset shows the excluded host list for the user's account. Hosts in your excluded host list will not be scanned.

You can configure the message payload by selecting Advanced Mode.

1. In the API block window, click the Advanced Mode button located in the upper right of the window.
2. Select the Response tab. You can map the entire response by placing {{response}} in the Response field and mapping it to a custom long text Oomnitza field, such as API Response. Once you have the entire response, you can then parse the JSON response values to custom Oomnitza fields as per the example below.

For further information, refer to the Qualys API Documentation: excluded Host list.

Using the Qualys Remove from Excluded Host List preset

This Qualys Remove from Excluded Host List preset removes certain hosts from your excluded hosts list, by IP address. When you select this preset you need to enter the following:

Comment: User-defined notes (up to 1024 characters).

View input in the XML output: Select this checkbox to view (echo) input parameters in the XML output. 

You can configure the message payload by selecting Advanced Mode.

1. In the API block window, click the Advanced Mode button located in the upper right of the window.
2. Select the Params tab. You will notice that the Qualys IP address is referenced in the property {{ip_address}}. Ensure that this property exists in Oomnitza and is populated with information before you run this workflow.
3. Select the Response tab. You can map the entire response by placing {{response}} in the Response field and mapping it to a custom long text Oomnitza field, such as API Response. Once you have the entire response, you can then parse the JSON response values to custom Oomnitza fields.

Tip
Run the Get Excluded Host List preset or the Excluded Asset Load before using this workflow to get a list of excluded IP addresses.

For further information, refer to the Qualys API Documentation: Remove excluded hosts.

Using the Qualys Add to Excluded Host List preset 

The Qualys Add to Excluded Host List preset adds hosts (IPs) to your excluded host list, by IP address. Hosts in your excluded host list will not be scanned. When you select this preset you need to enter the following:

Comment: User-defined notes (up to 1024 characters).

View input in the XML output: Select this checkbox to view (echo) input parameters in the XML output. 

Select Advanced Mode to review the IP address and map the message response in the same manner as the Qualys Remove from Excluded Host List preset.

For further information, refer to the Qualys API Documentation: Add excluded hosts.

Using the Qualys Delete Virtual Host preset

The Qualys Delete Virtual Host preset deletes a virtual host, by IP address.

You can configure the message payload by selecting Advanced Mode.

1. In the API block window, click the Advanced Mode button located in the upper right of the window.
2. Select the Params tab. You will notice that the Qualys Port Number and IP address are referenced in the properties {{qualys_port}}and{{ip_address}}. Create a Virtual Asset Load so that this property exists in Oomnitza and is populated with information before you run this workflow.
3. Select the Response tab. You can map the entire response by placing {{response}} in the Response field and mapping it to a custom long text Oomnitza field, such as API Response. Once you have the entire response, you can then parse the JSON response values to custom Oomnitza fields.

For further information, refer to the Qualys API Documentation: Manage virtual hosts.

Using the Qualys Edit Virtual Host preset

The Qualys Edit Virtual Host preset updates a virtual host, by IP address. 

Select Advanced Mode to enter the virtual host details.

1. Select the Params tab. You will notice that the new IP address, FDQN, and Port are referenced in the following properties: {{ip_address}}, {{qualys_port}}, {{iqualys_fqdn}}.Create a Virtual Asset Load so that this property exists in Oomnitza and is populated with information before you run this workflow.
2. Select the Response tab. You can map the entire response by placing {{response}} in the Response field and mapping it to a custom long text Oomnitza field, such as API Response. Once you have the entire response, you can then parse the JSON response values to custom Oomnitza fields.

For further information, refer to the Qualys API Documentation: Manage virtual hosts.

Using the Qualys Create Virtual Host preset

The Qualys Create Virtual Host preset creates a virtual host. Select Advanced Mode to review the IP address, Port Number, and FDQN, and map the message response in the same manner as the Qualys Edit Virtual Host preset

For further information, refer to the Qualys API Documentation: Manage virtual hosts.

Using the Qualys Update Host preset

The Qualys Update Host preset updates host attributes like tracking method (IP, DNS, NETBIOS), owner, user-defined fields (ud1, ud2, ud3), and comments, by Host ID. When you select this preset you need to enter the following:

View input in the XML output: Select this checkbox to view (echo) input parameters in the XML output. 

Select Advanced Mode to enter the Host ID.

1. Select the Params tab. You will notice that the Host ID is referenced in the following properties: {{qualys_host_id }}.Create an Asset Load so that this property exists in Oomnitza and is populated with information before you run this workflow.
2. Select the Response tab. You can map the entire response by placing {{response}} in the Response field and mapping it to a custom long text Oomnitza field, such as API Response. Once you have the entire response, you can then parse the JSON response values to custom Oomnitza fields.

Tip
You can add additional filters in the Params tab in Advanced Mode. For example, add ipsto filter the hosts you want to update by IP Address. For further information, refer to the Qualys API Documentation: Host Update.

Using the Qualys Purge Host preset

The Qualys Purge Host preset purges hosts in your account to remove the assessment data associated with them. When you select this preset you need to enter the following:

View input in the XML output: Select this checkbox to view (echo) input parameters in the XML output. 

Type of data to purge: Specify the type of data to purge. Specifyvmto purge vulnerability data, specify pc to purge compliance data, or specify both as a comma-separated list to purge both types of data.

Select Advanced Mode to review the Host ID and map the message response in the same manner as the Qualys Update Host preset

For further information, refer to the Qualys API Documentation: Purge hosts.

Reference articles for workflows

• Mapping positive and negative responses
• Troubleshooting workflows 
• Using the API block