Qualys Asset Management helps cybersecurity teams to find and manage cyber risks in their known and unknown IT assets. It continuously discovers and maintains a rich asset inventory of systems including desktops, servers, and other devices.
So, if you're trying to automate the launch scan, generate reports and search for assets, I've created some Python examples working with Qualys API to get you started.
Prerequisites
The API endpoints are different than your login URL so first, make sure to identify your platform endpoint here.
Introduction
This is a basic Python scripts collection for getting started with Qualys APIs.
Getting Started
STEP 1: Your Qualys subscription needs to have the API enabled (Note: this is a paid feature)
STEP 2: Check above prerequisites
STEP 3: Understand the API Limits
API Resources for more information:
- Qualys documentation.
- Qualys API Quick Reference for all APIs.
Examples
AUTHORIZATION (Basic Auth)
Authentication to your Qualys account with valid Qualys credentials is required for making Qualys API requests to the Qualys API servers.
Session based authentication Using this method, the user makes a sequence of API requests. APIs with request URL containing /2.0/ support session based authentication.
import requests
import json
headers = {
'X-Requested-With': 'From Python by Leo',
}
data = {
'action': 'login',
'username':'<USER_NAME>',
'password':'<PASSWORD>'
}
# Use the Qualys API session resource to make a login request.
response = requests.post('https://<QUALYS_API_ENDPOINT>/api/2.0/fo/session/', data=data, headers=headers)
# Upon success, the request returns a session ID in the Set-Cookie HTTP header.
QualysSession = response.cookies.get_dict()["QualysSession"]
Search for Vulnerabilities detections (Make resource requests)
The session cookie (QualysSession) was extracted from the βheadersβ file contents returned from the session login API call. Use the API resources to make API requests, and include the session ID in the cookie header for each request.
headers = {
"X-Requested-With": "From Python by Leo",
"Cookie": "QualysSession=" + QualysSession + "; path=/api; secure",
}
Search parameters example. This will generate a CSV Output (output_format is optional)
params = {
"action": "list",
"output_format": "CSV_NO_METADATA",
"max_days_since_last_vm_scan": 15,
"severities": "4-5", #High, Critical
}
endpoint_url = "https://<QUALYS_API_ENDPOINT>/api/2.0/fo/asset/host/vm/detection/"
resVulns = requests.get(endpoint_url, params=params, headers=headers)
repVulns = resVulns.content
Obtain asset data from the ASSETS API by Host ID
headers = {
'Accept': 'application/json',
'Content-Type': 'application/json',
'user': '<USER_NAME>',
'password': '<PASSWORD>',
}
# Result limits and filter criteria
data = '''
{
"ServiceRequest": {
"preferences": {
"limitResults": 100
},
"filters": {
"Criteria": {
"field": "qwebHostId",
"operator": "EQUALS",
"value": "<HOST_ID>"
}
}
}
}
}
'''
endpoint_url = "https://<QUALYS_API_ENDPOINT>/qps/rest/2.0/search/am/hostasset"
resAssets = requests.post(endpoint_url, headers=headers, data=data)
assets = resAssets.json()
Available Criteria fields: subnetId, ociTagNameSpace, resourceGroup, subnet, vmId, datacenterId, type, availabilityZone, netbiosNetworkId, trackingMethod, vmType, dnsHostName, instanceState, vnicId, networkGuid, cloudProviderType, id, state, image, imageId, shape, created, awsTagKey, compartmentName, activationKey, agentConfigurationId, lastVulnScan, publicDnsName, privateIpAddress,agentConfigurationName, accountId, launchTime, ociRegion, azureTagKey, lastComplianceScan, port,name, region, subscriptionId, updated, informationGatheredUpdated, awsTagValue, ociTagValue, hostName,vlanTag, tagId, subnetName, vcnName, ibmTagKey, ibmTagValue, instanceId, tenantName, ociTagKey, vpcId, imageOffer, ibmId, ociId, ociState, imageVersion, faultDomain, routerIP, subnetCidrBlock, lastCheckedIn, address, availabilityDomain, os, qwebHostId, publicIpAddress, instanceType, publicIp, tagName, installedSoftware, compartmentId, vcnId, azureTagValue, canonicalRegionName, netbiosName, vulnsUpdated, tenantId, agentVersion, privateDnsName, location, agentUuid, nicIndex.
Available Operators: CONTAINS, IN, EQUALS, NOT EQUALS, GREATER, LESSER, NONE, IS EMPTY
Hope this helps! π±βπ€