QualysGuard Open Vulnerability Data Download

Document created by jnelson on Mar 12, 2014Last modified by Robert Dell'Immagine on Mar 19, 2014
Version 2Show Document
  • View in full screen mode

UNSUPPORTED - EXAMPLE SOFTWARE

 

FUNCTIONALITY:  Download all active vulnerabilities with severity 1-5 from a QualysGuard subscription using API.

 

IMPORTANT:  If a given vulnerability has a close/ignore remediation ticket assigned it is NOT downloaded.

 

For additional information, please see the details below.

 

The software residing herein is provided as-is, released under GPL v3

  http://www.gnu.org/licenses/quick-guide-gplv3.html

 

There is no support and there is no warranty either expressed or implied.

 

To download, access the following GIT repository:

https://github.com/jnelsonTAM/Qualys_Guard_Open_Vulnerability_Data_Download

 

The repo contains unsupported but useful BASH shell scripts for use with QualysGuard's Vulnerability Management Product and API. 

 

Command dependencies, setup information, configuration suggestions, and change history is provided within "INSTALLATION_README.txt"

 

The scripts are designed to first download the QualysGuard "QID" knowledgebase, then create a light version of this KB it will later use for joining to the XML vulnerability data by QID when it performs the XML to CSV. 

 

The vulnerability descriptions are downloaded ONCE instead of over and over (blended with the vulnerability data) so the downloads are much faster.  Since a light KB is used, the resulting CSVs are also much smaller.

 

The scripts are designed for enterprises who would like a method to download their vulnerability data to XML and CSV directly without using reporting. They avoide the report size limitations.

 

The scripts use Qualys Guard's API version 2

 

The scripts will download all OPEN Severity 1 - 5 vulnerablities in your auto vulnerability data.  They are stored in 5 XML files seperated by vulnerability severity. Like reports, the downloads are subject to your close/ignore remediation tickets.

 

The 5 XML vulnerability files are used to create 5 Comma Seperated Values (CSV) files. 

 

- API support is required on the account

- Knowledgebase download support is required on the account

 

The userID, password, API FQDN, and results output folder are all configurable.

 

The scripts operate single-threaded to avoid any API concurrency problems.

 

NOTE:  If the CSV contains too much or too little data, you can control it by changing the data column headers along with the CVE and non-CVE sections in the detection2csv.xsl. 

 

Due to the need to dynamically control output paths in the script, the XSL is actually generated as follows:

 

detection2csv.xsl_part1 ----> detection2csv.xsl  (overwrite each time the script is ran)

[dynamic script output]---->> detection2csv.xsl  (append to this new file)

detection2csv.xsl_part2 --->> detection2csv.xsl  (append to this new file)

 

You'll need to change _part1 and _part2, not the .xsl itself

Attachments

    Outcomes