Dashboard Toolbox - AssetView: Host Scan Time Management (v1.0)

Document created by Felix Jimenez Employee on Oct 6, 2018Last modified by Felix Jimenez Employee on Oct 29, 2018
Version 28Show Document
  • View in full screen mode

fjimenez This page contains information to create a Scorecard dashboard leveraging the AssetView interface and data in your Qualys Vulnerability Management subscription.  

This dashboard is part of AssetView Dashboard Program, if you have any questions regarding the content, please comment below or Contact Support - Technical Assistance Inquiry Form | Qualys, Inc.

This AssetView Dashboard will enable you to be more pro-active in your Host Scan Time Management and Troubleshooting of Qualys.

Get a quick easy glance to KPIs for Host Scan Time.

 

 

Dashboard Demonstration Images:

* The Pre-built Dashboard JSON file can be found attached below ready for download & import into your Qualys subscription *

 

Troubleshoot Long Host Scan Times

After selecting the widget containing a host with an excessive scan time you can dig into details and, begin your troubleshooting. Try to identify the culprit host and troubleshoot, and open a case with support to get more details. Exclude the culprit host from your regular scans. This will help your regular scans complete effectively without the delay of the culprit host. Then scan the culprit host independently. 

 

 

 

 

* * * Requirements * * *

The following Widgets Require Groovy Scriptlet Tags to be created for each:  

Click the following link for assistance in converting time: Google Time Converter

The only section needed to be changed in the code for your desired time is in REDthreshold_minutes = ###

Host Scan Time Tags:

Scan time > 15 MinutesScan time > 60 MinutesScan time > 12 HoursScan time > 24 Hours
TAG-NAME:  ScanTime15mTAG-NAME:  ScanTime60mTAG-NAME:  ScanTime12HTAG-NAME:  ScanTime24H

TAG-CODE: Copy paste under Groovy Scriptlet rule:

TAG-CODE: Copy paste under Groovy Scriptlet rule:TAG-CODE: Copy paste under Groovy Scriptlet rule:TAG-CODE: Copy paste under Groovy Scriptlet rule:

// Skip testing on non-VM hosts.
if(asset.getAssetType()!=Asset.AssetType.HOST) return false;
// Tag if scan time for host takes longer than threshold_minutes minutes.
threshold_minutes = 15
host_scan_time = asset.resultsForQid(45038L);

// return false if the asset doesn't have QID 45038
// or the results for some reason is not the expected length
if(host_scan_time == null || host_scan_time.length() <= 16)
return false;

// Parse for duration.
host_scan_time = host_scan_time.substring(15,host_scan_time.indexOf(' seconds'));
// Convert number of seconds to integer
host_scan_time = host_scan_time.toInteger();
return host_scan_time > (threshold_minutes*60);

// Skip testing on non-VM hosts.
if(asset.getAssetType()!=Asset.AssetType.HOST) return false;
// Tag if scan time for host takes longer than threshold_minutes minutes.
threshold_minutes = 60
host_scan_time = asset.resultsForQid(45038L);

// return false if the asset doesn't have QID 45038
// or the results for some reason is not the expected length
if(host_scan_time == null || host_scan_time.length() <= 16)
return false;

// Parse for duration.
host_scan_time = host_scan_time.substring(15,host_scan_time.indexOf(' seconds'));
// Convert number of seconds to integer
host_scan_time = host_scan_time.toInteger();
return host_scan_time > (threshold_minutes*60);

// Skip testing on non-VM hosts.
if(asset.getAssetType()!=Asset.AssetType.HOST) return false;
// Tag if scan time for host takes longer than threshold_minutes minutes.
threshold_minutes = 900
host_scan_time = asset.resultsForQid(45038L);

// return false if the asset doesn't have QID 45038
// or the results for some reason is not the expected length
if(host_scan_time == null || host_scan_time.length() <= 16)
return false;

// Parse for duration.
host_scan_time = host_scan_time.substring(15,host_scan_time.indexOf(' seconds'));
// Convert number of seconds to integer
host_scan_time = host_scan_time.toInteger();
return host_scan_time > (threshold_minutes*60);

// Skip testing on non-VM hosts.
if(asset.getAssetType()!=Asset.AssetType.HOST) return false;
// Tag if scan time for host takes longer than threshold_minutes minutes.
threshold_minutes = 1440
host_scan_time = asset.resultsForQid(45038L);

// return false if the asset doesn't have QID 45038
// or the results for some reason is not the expected length
if(host_scan_time == null || host_scan_time.length() <= 16)
return false;

// Parse for duration.
host_scan_time = host_scan_time.substring(15,host_scan_time.indexOf(' seconds'));
// Convert number of seconds to integer
host_scan_time = host_scan_time.toInteger();
return host_scan_time > (threshold_minutes*60);

 

 

 

ScanTime Range Code for Tags New

Thanks to hjkreutzer for the editing of the code and providing the range calculation!

Scan Time Range in 5 MinutesScan Time Range in 10 Minutes
TAG-NAME:  ScanTimeMin5-10TAG-NAME:  ScanTimeMin10-20

TAG-CODE: Copy paste under Groovy Scriptlet rule:

TAG-CODE: Copy paste under Groovy Scriptlet rule:

// Skip testing on non-VM hosts.
if(asset.getAssetType()!=Asset.AssetType.HOST) return false;
// Tag if scan time for host takes longer than threshold_minutes minutes.
threshold_minutes = 5
//Next Threshold will always be 5 so do not TAG if more than that.
next_threshold_min = 5+threshold_minutes
// Obtain results for QID 45038.
host_scan_time = asset.resultsForQid(45038L);
if (host_scan_time == "null" || host_scan_time.isEmpty())
return false;
// Parse for duration.
host_scan_time = host_scan_time.substring(15,host_scan_time.indexOf(' seconds'));
// Convert number of seconds to integer;
host_scan_time = host_scan_time.toInteger()
return host_scan_time > (threshold_minutes*60) && host_scan_time < (next_threshold_min*60);

// Skip testing on non-VM hosts.
if(asset.getAssetType()!=Asset.AssetType.HOST) return false;
// Tag if scan time for host takes longer than threshold_minutes minutes.
threshold_minutes = 10
//Next Threshold will always be 10 so do not TAG if more than that.
next_threshold_min = 10+threshold_minutes
// Obtain results for QID 45038.
host_scan_time = asset.resultsForQid(45038L);
if (host_scan_time == "null" || host_scan_time.isEmpty())
return false;
// Parse for duration.
host_scan_time = host_scan_time.substring(15,host_scan_time.indexOf(' seconds'));
// Convert number of seconds to integer;
host_scan_time = host_scan_time.toInteger()
return host_scan_time > (threshold_minutes*60) && host_scan_time < (next_threshold_min*60);

 

 

API Guide  - Evaluate Tag: 

Asset Mgmt and Tagging v2 API

See Page:  31

* * * Re-Evaluate the Tags as needed per Scan Candance * * *

Evaluate all tags that have Groovy Script tag rules.

API Request:  **Note the POD API url & the file.xml needs to be created**

POD 1: curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/evaluate/am/tag" < file.xml

POD 2: curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qg2.apps.qualys.com/qps/rest/2.0/evaluate/am/tag< file.xml

POD 3: curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qg3.apps.qualys.com/qps/rest/2.0/evaluate/am/tag< file.xml

Request POST data:   file.xml
<?xml version="1.0" encoding="UTF-8" ?>
<ServiceRequest>
<filters>
<Criteria field="ruleType"
operator="EQUALS">GROOVY</Criteria>
</filters>
</ServiceRequest>

 

 

Example of Tags & Widget Structure & Trending:

Open the desired widget in edit mode, by selecting the 3 lines on the top right of the widget,

and clicking on Configure Widget. Then select the Collect trend data check box.

 

 

Qualys - Training Videos:

Self-Paced Class: Vulnerability Management Asset Tags

Self-Paced Class: AssetView and Threat Protection

AssetView Dashboards

 

 

Help Link:

POD - 1 - Apply Tags to Organize Your Assets

POD - 2 - Apply Tags to Organize Your Assets

POD - 3 - Apply Tags to Organize Your Assets

 

More to Come ... 

References: 

Looking for additional Qualys Documentation use the Resource link in the Qualys Portal (Help > Resources)

 

Related community Post:

 

Additional AssetView Dashboards:#performance_mgmt

Dashboard Toolbox - Asset View: How To - Importing Dashboard json 

- - - - - - - - - - - - - - - - - - - - - - - - - - - -- - - - - - - - - - - - - - - - - - - - - - - -

Dashboard Toolbox - AssetView: Performance Management (v1.0)

Dashboard Toolbox - AssetView: Scanning Activity Management (v1.0)
Dashboard Toolbox - AssetView: Open Ports Management & RTI (v1.0)

Dashboard Toolbox - AssetView: EOL/Obsolete Software & RTI MGMT (v1.0)

Dashboard Toolbox - AssetView: Windows Authentication Management (v1.2)

 

Back to Dashboarding and Reporting

 

* * * WARNING: Read Before Downloading * * *

At this time, Dashboard and Widget JSON files are not interchangeable between application dashboards, meaning AssetView JSON files may only be used in AssetView and Vulnerability Management JSON

files may only be used in Vulnerability Management. If you make a mistake and import a JSON file from one application into the other, you must contact Qualys Support to have the error corrected in the database for your subscription. 

Again, there is no way to reverse this mistake within the UI, it must be done in the database.

1 person found this helpful

Outcomes