New host, lost host, scan host time trending report

Document created by Parag Baxi on Jun 27, 2013Last modified by Parag Baxi on Jan 6, 2014
Version 6Show Document
  • View in full screen mode

Note: This is unsupported code.

 

Wrote a Python 2.x script. Source @ Github:

https://github.com/paragbaxi/qualysguard_vm_scan_trend

 

Summary

Provide operational context on why vulnerability numbers are fluctuating in QualysGuard. Audits scan trends and accuracy across various scan segments and scan time.  Automatically downloads scheduled scans to show differene in live hosts and host scan times.

Usage

 

Usage: scan_trend.py [-h] [-d DAYS] [-F] [-f FILTER_SCAN_TITLE]

                     [-r REPORT_TEMPLATE] [--scan_files SCAN_FILES]

                     [-t TITLE_OF_REPORT] [-v]

 

 

Trend IG information from scans.

 

 

optional arguments:

  -h, --help            show this help message and exit

  -d DAYS, --days DAYS  Number of days to process. Default: 10.

  -F, --force_download_scans

                        Delete existing scan XML and download scan XML.

  -f FILTER_SCAN_TITLE, --filter_scan_title FILTER_SCAN_TITLE

                        Scan title to filter.

  -r REPORT_TEMPLATE, --report_template REPORT_TEMPLATE

                        Generate reports against REPORT_TEMPLATE's ID to parse

                        data to save time and space. This report template

                        should only include QID 45038, Host Scan Time.

  --scan_files SCAN_FILES

                        Two scan XML files to be compared, separated by a

                        comma (,).

  -t TITLE_OF_REPORT, --title_of_report TITLE_OF_REPORT

                        Title to set for manual reports. Default =

                        vm_scan_trend

  -v, --verbose         Outputs additional information to log. log.

 

 

Example CSV output

 

Scan titleHostDuration 1Duration 2New hostLost host% duration difference
Weekly Environment Scan10.10.10.127657

TRUE
Weekly Environment Scan10.10.24.69219

TRUE
Weekly Environment Scan10.10.24.78209

TRUE
Seattle Data Center10.39.106.24229

TRUE
Seattle Data Center10.39.106.24235

TRUE
Seattle Data Center10.39.106.24609

TRUE
Seattle Data Center10.39.106.24550

TRUE
DMZ daily10.10.1.178614

TRUE
DMZ daily10.0.100.10
904TRUE

DMZ daily10.0.100.11934933

0.11
DMZ daily10.10.1.14990978

1.23
DMZ daily10.10.1.15424412

2.91
DMZ daily10.10.1.20381323

17.96
DMZ daily10.10.1.29
1484TRUE

DMZ daily10.10.1.30595630

5.56
DMZ daily10.10.1.31341552

38.22
DMZ daily10.10.1.33306363

15.7
DMZ daily10.10.1.43262268

2.24
DMZ daily10.10.1.44
339TRUE

Incremental Scan10.10.32.93840

TRUE
Incremental Scan10.10.32.95780

TRUE
Incremental Scan10.20.30.56997

TRUE
Incremental Scan10.20.30.58755

TRUE
Incremental Scan10.20.30.59716

TRUE

Attachments

    Outcomes