Verification Scan Asset Tag

Document created by vavarachen on Mar 31, 2017Last modified by vavarachen on Mar 31, 2017
Version 2Show Document
  • View in full screen mode

Following Groovy script (provided by Qualys support) can be used to create a Asset Tag which meets the following criterias:

  1. Active, New or Re-opened Confirmed vulnerabilities
  2. Found within the last 90 days
  3. Severity >= 4
  4. Remote detection (does not require authentication)

 

import com.qualys.portal.application.module.asset.domain.asset.data.HostInstanceVuln;
import com.qualys.portal.application.module.vulnoffice.domain.VulnDef;
import org.joda.time.DateTime;
import org.joda.time.Days;

 

if(asset.getAssetType()!=Asset.AssetType.HOST) return false;
ArrayList<HostInstanceVuln> vulnList = asset.getVulns();
VulnDef vulnDef=null;
int severity=0;
for(HostInstanceVuln vuln:vulnList){
    /*
    In this script, for Confirmed vulnerabilities we use HostInstanceVuln.getCategory() method. Possible values are:
    1 = Potential
    2 = Invalid/Deprecated
    4 = Confirmed
    The vulnerability Status is retrieved using HostInstanceVuln.getFound(). Possible values are:
    1 = Active, New or Re-Opened
    0 = Fixed
    */
    if((vuln.getCategory()==4)&& vuln.getFound()){
        vulnDef=vuln.getVuln();
        severity=vulnDef.getSeverity();
        /*
        Unauthenticated QiDs filter is applied using VulnDef.getProperties() method. Possible return values (single or comma separated) are:
        r = remote detection (no authentication required)
        v = potential vulnerability
        n = windows authentication required
        u = Unix authentication required (SSH)
        o = oracle authentication required
        m = snmp authentication required
        e = VMware authentication required
        d = db2 authentication required
        b = http basic authentication required
        h = form authentication required
        d = exploitive (dangerous, can take down services, crash, etc)
        p = pci-related vulnerability
        c = NAC/NAM vulnerability
        */
        if(vulnDef.getProperties().contains("r") && (severity==4 ||severity==5)) {
            if(Days.daysBetween(vuln.getLastScannedDate(),new DateTime()).getDays()<90)
            { return true; }
        }
    }
}
return false;

Attachments

    Outcomes