Dashboard Toolbox - AssetView: Performance Management (v1.0)

Document created by Felix Jimenez Employee on Oct 5, 2018Last modified by Felix Jimenez Employee on Oct 29, 2018
Version 39Show Document
  • View in full screen mode

fjimenez This page contains information to create a Scorecard dashboard leveraging the AssetView interface and data in your Qualys Vulnerability Management subscription.  

This dashboard is part of AssetView Dashboard Program, If you have any questions regarding the content, please comment below or Contact Support - Technical Assistance Inquiry Form | Qualys, Inc. 

                  

This AssetView Dashboard will enable you to be more pro-active in your performance management of Qualys.

Get a quick easy glance to KPIs for Authentication successes and failures and Scan Time and many others.

 

Dashboard Demonstration Images: New

* The Pre-built Dashboard JSON file can be found attached below ready for download & import into your Qualys subscription *

* * Authentication Widgets are not a replacement for the Qualys Authentication Report * *

 

 

* * * Requirements * * *

The following Widgets Require Tags to be created: 

 

Auth With NTLMv1Auth with NTLMv2Assets NO Asset Group!
TAG-NAME:  Auth Using NTLMv1TAG-NAME:  Auth Using NTLMv2TAG-NAME: Assets NO Asset Group!
TAG-CODE: Copy paste under Asset Search rule:TAG-CODE: Copy paste under Asset Search rule:TAG-CODE:  Copy paste under Groovy Scriptlet rule:

<?xml version="1.0" encoding="UTF-8"?>

<TAG_CRITERIA>
<DETECTION>
<QID_LIST>
<QID>70053</QID>
</QID_LIST>
<RESULTS>
<SEARCH_TYPE>CONTAINING</SEARCH_TYPE>
<SEARCH_TERM>NTLMSSP_v1</SEARCH_TERM>
</RESULTS>
</DETECTION>
</TAG_CRITERIA>

<?xml version="1.0" encoding="UTF-8"?>

<TAG_CRITERIA>
<DETECTION>
<QID_LIST>

<QID>70053</QID>
</QID_LIST>
<RESULTS>
<SEARCH_TYPE>CONTAINING</SEARCH_TYPE>
<SEARCH_TERM>NTLMSSP_v2</SEARCH_TERM>
</RESULTS>
</DETECTION>
</TAG_CRITERIA>

if(asset.getAssetType()!=Asset.AssetType.HOST) return false;

return asset.tags.reservedType.findAll { it.toString().equals("ASSET_GROUP") }.size() < 1;

 

 

The following Widgets Require Groovy Scriptlet Tags to be created for each:  

Click the following link for assistance in converting time: Google Time Converter

The only section needed to be changed in the code for your desired time is in RED threshold_minutes = ###

Host Scan Time Tags:

Scan time > 15 MinutesScan time > 60 MinutesScan time > 12 HoursScan time > 24 Hours
TAG-NAME:  ScanTime15mTAG-NAME:  ScanTime60mTAG-NAME:  ScanTime12HTAG-NAME:  ScanTime24H

TAG-CODE: Copy paste under Groovy Scriptlet rule:

TAG-CODE: Copy paste under Groovy Scriptlet rule:TAG-CODE: Copy paste under Groovy Scriptlet rule:TAG-CODE: Copy paste under Groovy Scriptlet rule:

// Skip testing on non-VM hosts.
if(asset.getAssetType()!=Asset.AssetType.HOST) return false;
// Tag if scan time for host takes longer than threshold_minutes minutes.
threshold_minutes = 15
host_scan_time = asset.resultsForQid(45038L);

// return false if the asset doesn't have QID 45038
// or the results for some reason is not the expected length
if(host_scan_time == null || host_scan_time.length() <= 16)
return false;

// Parse for duration. 
host_scan_time = host_scan_time.substring(15,host_scan_time.indexOf(' seconds'));
// Convert number of seconds to integer
host_scan_time = host_scan_time.toInteger();
return host_scan_time > (threshold_minutes*60);

// Skip testing on non-VM hosts.
if(asset.getAssetType()!=Asset.AssetType.HOST) return false;
// Tag if scan time for host takes longer than threshold_minutes minutes.
threshold_minutes = 60
host_scan_time = asset.resultsForQid(45038L);

// return false if the asset doesn't have QID 45038
// or the results for some reason is not the expected length
if(host_scan_time == null || host_scan_time.length() <= 16)
return false;

// Parse for duration. 
host_scan_time = host_scan_time.substring(15,host_scan_time.indexOf(' seconds'));
// Convert number of seconds to integer
host_scan_time = host_scan_time.toInteger();
return host_scan_time > (threshold_minutes*60);

// Skip testing on non-VM hosts.
if(asset.getAssetType()!=Asset.AssetType.HOST) return false;
// Tag if scan time for host takes longer than threshold_minutes minutes.
threshold_minutes = 900
host_scan_time = asset.resultsForQid(45038L);

// return false if the asset doesn't have QID 45038
// or the results for some reason is not the expected length
if(host_scan_time == null || host_scan_time.length() <= 16)
return false;

// Parse for duration. 
host_scan_time = host_scan_time.substring(15,host_scan_time.indexOf(' seconds'));
// Convert number of seconds to integer
host_scan_time = host_scan_time.toInteger();
return host_scan_time > (threshold_minutes*60);

// Skip testing on non-VM hosts.
if(asset.getAssetType()!=Asset.AssetType.HOST) return false;
// Tag if scan time for host takes longer than threshold_minutes minutes.
threshold_minutes = 1440
host_scan_time = asset.resultsForQid(45038L);

// return false if the asset doesn't have QID 45038
// or the results for some reason is not the expected length
if(host_scan_time == null || host_scan_time.length() <= 16)
return false;

// Parse for duration. 
host_scan_time = host_scan_time.substring(15,host_scan_time.indexOf(' seconds'));
// Convert number of seconds to integer
host_scan_time = host_scan_time.toInteger();
return host_scan_time > (threshold_minutes*60); 

 

ScanTime Range Code for Tags New

Thanks to hjkreutzer for the editing of the code and providing the range calculation!

Scan Time Range in 5 MinutesScan Time Range in 10 Minutes
TAG-NAME:  ScanTimeMin5-10TAG-NAME:  ScanTimeMin10-20

TAG-CODE: Copy paste under Groovy Scriptlet rule:

TAG-CODE: Copy paste under Groovy Scriptlet rule:

// Skip testing on non-VM hosts.
if(asset.getAssetType()!=Asset.AssetType.HOST) return false;
// Tag if scan time for host takes longer than threshold_minutes minutes.
threshold_minutes = 5
//Next Threshold will always be 5 so do not TAG if more than that.
next_threshold_min = 5+threshold_minutes
// Obtain results for QID 45038.
host_scan_time = asset.resultsForQid(45038L);
if (host_scan_time == "null" || host_scan_time.isEmpty())
return false;
// Parse for duration.
host_scan_time = host_scan_time.substring(15,host_scan_time.indexOf(' seconds'));
// Convert number of seconds to integer;
host_scan_time = host_scan_time.toInteger()
return host_scan_time > (threshold_minutes*60) && host_scan_time < (next_threshold_min*60);

// Skip testing on non-VM hosts.
if(asset.getAssetType()!=Asset.AssetType.HOST) return false;
// Tag if scan time for host takes longer than threshold_minutes minutes.
threshold_minutes = 10
//Next Threshold will always be 10 so do not TAG if more than that.
next_threshold_min = 10+threshold_minutes
// Obtain results for QID 45038.
host_scan_time = asset.resultsForQid(45038L);
if (host_scan_time == "null" || host_scan_time.isEmpty())
return false;
// Parse for duration.
host_scan_time = host_scan_time.substring(15,host_scan_time.indexOf(' seconds'));
// Convert number of seconds to integer;
host_scan_time = host_scan_time.toInteger()
return host_scan_time > (threshold_minutes*60) && host_scan_time < (next_threshold_min*60);

 

API Guide  - Evaluate Tag: 

Asset Mgmt and Tagging v2 API

See Page:  31

* * * Re-Evaluate the Tags as needed per Scan Candance * * *

Evaluate all tags that have Groovy Script or Asset Search tag rules.

API Request:  **Note the POD API url & the file.xml needs to be created**

POD 1: curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/evaluate/am/tag" < file.xml

POD 2: curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qg2.apps.qualys.com/qps/rest/2.0/evaluate/am/tag< file.xml

POD 3: curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qg3.apps.qualys.com/qps/rest/2.0/evaluate/am/tag< file.xml

Request POST data:   file.xml  or   GROOVY.xml
<?xml version="1.0" encoding="UTF-8" ?>
<ServiceRequest>
<filters>
<Criteria field="ruleType"
operator="EQUALS">GROOVY</Criteria>
</filters>
</ServiceRequest>
Request POST data:   file.xml   or  ASSETSEARCH.xml
<?xml version="1.0" encoding="UTF-8" ?>
<ServiceRequest>
<filters>
<Criteria field="ruleType"
operator="EQUALS">ASSET_SEARCH</Criteria>
</filters>
</ServiceRequest>

 

 

 

How to Enable Trending on the widgets:

Open the desired widget in edit mode, by selecting the 3 lines on the top right of the widget,

and clicking on Configure Widget. Then select the Collect trend data check box.

 

 

Qualys - Training Videos:

Self-Paced Class: Vulnerability Management Asset Tags

Self-Paced Class: AssetView and Threat Protection

AssetView Dashboards

 

 

Help Link:

POD - 1 - Apply Tags to Organize Your Assets

POD - 2 - Apply Tags to Organize Your Assets

POD - 3 - Apply Tags to Organize Your Assets

 

 

 

More to Come ... 

 

References: 

Looking for additional Qualys Documentation use the Resource link in the Qualys Portal (Help > Resources)

 

Related community Post:

 

Additional AssetView Dashboards:#performance_mgmt

Dashboard Toolbox - Asset View: How To - Importing Dashboard json 

- - - - - - - - - - - - - - - - - - - - - - - - - - - -- - - - - - - - - - - - - - - - - - - - -
Dashboard Toolbox - AssetView: Host Scan Time Management (v1.0)
Dashboard Toolbox - AssetView: Scanning Activity Management (v1.0) 
Dashboard Toolbox - AssetView: Open Ports Management & RTI (v1.0)

Dashboard Toolbox - AssetView: EOL/Obsolete Software & RTI MGMT (v1.0)

Dashboard Toolbox - AssetView: Windows Authentication Management (v1.2)

 

Back to Dashboarding and Reporting 

 

* * * WARNING: Read Before Downloading * * *

At this time, Dashboard and Widget JSON files are not interchangeable between application dashboards, meaning AssetView JSON files may only be used in AssetView and Vulnerability Management JSON

files may only be used in Vulnerability Management. If you make a mistake and import a JSON file from one application into the other, you must contact Qualys Support to have the error corrected in the database for your subscription. 

Again, there is no way to reverse this mistake within the UI, it must be done in the database.

4 people found this helpful

Outcomes