Extract Machine Readable Manufacturer and Model Information of Your Assets

Document created by Leif Kremkow Employee on Apr 4, 2018Last modified by Leif Kremkow Employee on Apr 4, 2018
Version 2Show Document
  • View in full screen mode

In order to update your asset inventory, you'd like to have a list of your assets as per Qualys, and also retrieve assets' manufacturer, model, and the installed software. Preferably in a programmatic fashion that can easily be automated.

 

This is best accomplished with the querying Qualys' API for data collected by Qualys' Cloud Agent.

 

As per the Asset Management and Tagging API v2 (as of version 2.31 of January 20th, 2018), you can use the call to "/qps/rest/2.0/search/am/hostasset" to get a list of assets, which also includes the "<manufacturer>", "<model>", and "<software>" tags.

 

You can use curl to test this (be sure to use your own username, password, and baseurl of the Qualys SOC you are on):

 

curl -u "username:password" -X POST -H "X-Requested-With: curl" "https://baseurl/qps/rest/2.0/search/am/hostasset"

 

This will produce XML output similar to this:

 

<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://baseurl/qps/xsd/2.0/am/hostasset.xsd">
   <responseCode>SUCCESS</responseCode>
   <count>1</count>
   <hasMoreRecords>false</hasMoreRecords>
   <data>
   <HostAsset>
     <id>123456</id>
     <name>XY012345</name>
     <created>1970-01-01T00:00:01Z</created>
     <modified>2018-04-04T16:24:12Z</modified>
     <type>HOST</type>
     <tags>
       <list>
         <TagSimple>
           <id>1234567</id>
           <name>Cloud Agent</name>
         </TagSimple>
       </list>
     </tags>
     <qwebHostId>603790</qwebHostId>
     <lastComplianceScan>2018-04-03T15:14:52Z</lastComplianceScan>
     <lastVulnScan>2018-04-04T16:24:12Z</lastVulnScan>
     <lastSystemBoot>1970-01-01T00:00:01Z</lastSystemBoot>
     <lastLoggedOnUser>.\Administrator</lastLoggedOnUser>
     <domain>domain.tld</domain>
     <fqdn>XY012345.domain.tld</fqdn>
     <os>Microsoft Windows Server</os>
     <dnsHostName>XY012345</dnsHostName>
     <agentInfo>
       <agentVersion>1.1.1.1</agentVersion>
       <agentId>zzzzzzzz-yyyy-xxxx-wwww-vvvvvvvvvvv</agentId>
       <status>STATUS_ACTIVE</status>
       <lastCheckedIn>2018-04-03T10:55:22Z</lastCheckedIn>
       <connectedFrom>4.3.2.1</connectedFrom>
       <location>place, country</location>
       <locationGeoLatitude>0.0000</locationGeoLatitude>
       <locationGeoLongtitude>0.0000</locationGeoLongtitude>
       <chirpStatus>Inventory Scan Complete</chirpStatus>
       <platform>Windows</platform>
       <activatedModule>AGENT_VM,AGENT_PC</activatedModule>
       <manifestVersion>VULNSIGS-VMPC-0.0.000-0</manifestVersion>
       <agentConfiguration>
         <id>1000</id>
         <name>A Profile</name>
       </agentConfiguration>
       <activationKey>
         <activationId>aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee</activationId>
         <title>Demo</title>
       </activationKey>
     </agentInfo>
     <netbiosName>XY012345</netbiosName>
     <address>1.2.3.4</address>
     <trackingMethod>QAGENT</trackingMethod>
     <manufacturer>Microsoft Corporation</manufacturer>
     <model>Virtual Machine</model>
     <totalMemory>8191</totalMemory>
     <timezone>+01:00</timezone>
     <biosDescription>bios manufacturer string</biosDescription>
     <openPort>
      <list>
        <HostAssetOpenPort>
          <port>80</port>
          <protocol>TCP</protocol>
        </HostAssetOpenPort>
        <HostAssetOpenPort>
          <port>443</port>
          <protocol>UDP</protocol>
        </HostAssetOpenPort>
      </list>
    </openPort>
    <software>
      <list>
        <HostAssetSoftware>
          <name>ABC 1.2.3.4</name>
          <version>1.2.3.4</version>
        </HostAssetSoftware>

        <HostAssetSoftware>
          <name>XYZ 5.6</name>
          <version>5.6</version>
        </HostAssetSoftware>
      </list>
    </software>
    <vuln>
      <list>
        <HostAssetVuln>
          <qid>123456</qid>
          <hostInstanceVulnId>12345678</hostInstanceVulnId>
          <firstFound>2018-02-21T11:24:31Z</firstFound>
          <lastFound>2018-03-31T06:52:14Z</lastFound>
        </HostAssetVuln>
      </list>
    </vuln>
    <processor>
      <list>
        <HostAssetProcessor>
          <name>Maker Type CPU X1234 @ 1.23GHz</name>
          <speed>1230</speed>
        </HostAssetProcessor>
      </list>
    </processor>
    <volume>
      <list>
        <HostAssetVolume>
          <name>C:</name>
          <size>123456789012</size>
          <free>9876543210</free>
        </HostAssetVolume>
      </list>
    </volume>
    <account>
      <list>
        <HostAssetAccount>
          <username>Administrator</username>
        </HostAssetAccount>
      </list>
    </account>
    <networkInterface>
      <list>
        <HostAssetInterface>
          <hostname>XY012345</hostname>
          <interfaceName>NIC Name</interfaceName>
          <macAddress>0A:0B:0C:0D:0E:0F</macAddress>
          <type>LOCAL</type>
          <address>1.2.3.4</address>
          <gatewayAddress>1.255.255.254</gatewayAddress>
        </HostAssetInterface>
      </list>
    </networkInterface>
  </HostAsset>
</data>

</ServiceResponse>

 

Parsing the XML you can now easily produce a list of hosts that you are tracking with Qualys' Cloud Agent and extract accurate data about the manufacturer, model, and installed software.

 

Qualys' Vulnerability Management service also offers this type of data in a less easily machine readable format in QIDs 90235 and 43567.

4 people found this helpful

Attachments

    Outcomes