Dashboard Toolbox - VM DASHBOARD BETA: Host Scan Time Management (v1.1)

Document created by Felix Jimenez Employee on Feb 6, 2019Last modified by Felix Jimenez Employee on Mar 1, 2019
Version 3Show Document
  • View in full screen mode

fjimenez This page contains information to create a Scorecard dashboard leveraging the Vulnerability Management Beta Dashboard interface and data in your Qualys Vulnerability Management subscription.  

This dashboard is part of Vulnerability Management Beta Dashboard Program, If you have any questions regarding the content, please comment below or Contact Support - Technical Assistance Inquiry Form | Qualys, Inc.

This Vulnerability Management Beta Dashboard will enable you to be more pro-active in your Host Scan Time Management and Troubleshooting of Qualys Scans.

Get a quick, easy glance to KPIs for Host Scan Time.

 

Why is ScanTime Management important?

When pursuing a strategy of continuous scanning and visibility while scanning by big subnets scan time is very important and if you are also constrained from

scanning outside scanning windows. Monitoring Scan time can help you find and detect possible issues with an asset on the network.

Monitoring this from time to time and troubleshooting those assets with big scan times will help ensure scans finished in a reasonable amount of time. 

 

Monitoring Scan TimeNew

 

 

Dashboard Demonstration Images: * * * New * * *

* The Pre-built Dashboard JSON file can be found attached below ready for download & import into your Qualys subscription *

 

* * * Requirements * * *

The following Widgets Require Groovy Scriptlet Tags to be created for each:  

Click the following link for assistance in converting time: Google Time Converter

The only section needed to be changed in the code for your desired time is in RED threshold_minutes = ###

Host Scan Time Tags:

Scan time 0 - 10 MinutesScan time 11 - 20 MinutesScan time 1 - 2 HoursScan time 2 - 4 Hours
TAG-NAME: ScanTimeMin-0-10TAG-NAME: ScanTimeMin-11-20TAG-NAME:  ScanTime-1-2HTAG-NAME:  ScanTime-2-4H

TAG-CODE: Copy paste under Groovy Scriptlet rule:

TAG-CODE: Copy paste under Groovy Scriptlet rule:TAG-CODE: Copy paste under Groovy Scriptlet rule:TAG-CODE: Copy paste under Groovy Scriptlet rule:

// Skip testing on non-VM hosts.
if(asset.getAssetType()!=Asset.AssetType.HOST) return false;
// Tag if scan time for host takes longer than threshold_minutes minutes.
threshold_minutes = 0
//Next Threshold will always be 11 so do not TAG if more than that.
next_threshold_min = 11+threshold_minutes
// Obtain results for QID 45038.
host_scan_time = asset.resultsForQid(45038L);
if (host_scan_time == "null" || host_scan_time.isEmpty())
return false;
// Parse for duration.
host_scan_time = host_scan_time.substring(15,host_scan_time.indexOf(' seconds'));
// Convert number of seconds to integer;
host_scan_time = host_scan_time.toInteger()
return host_scan_time > (threshold_minutes*60) && host_scan_time < (next_threshold_min*60);

// Skip testing on non-VM hosts.
if(asset.getAssetType()!=Asset.AssetType.HOST) return false;
// Tag if scan time for host takes longer than threshold_minutes minutes.
threshold_minutes = 11
//Next Threshold will always be 11 so do not TAG if more than that.
next_threshold_min = 11+threshold_minutes
// Obtain results for QID 45038.
host_scan_time = asset.resultsForQid(45038L);
if (host_scan_time == "null" || host_scan_time.isEmpty())
return false;
// Parse for duration.
host_scan_time = host_scan_time.substring(15,host_scan_time.indexOf(' seconds'));
// Convert number of seconds to integer;
host_scan_time = host_scan_time.toInteger()
return host_scan_time > (threshold_minutes*60) && host_scan_time < (next_threshold_min*60);

// Skip testing on non-VM hosts. 

if(asset.getAssetType()!=Asset.AssetType.HOST) return false;
// Tag if scan time for host takes longer than threshold_minutes minutes. 
threshold_minutes = 60
//Next Threshold will always be 61 so do not TAG if more than that.
next_threshold_min = 61+threshold_minutes
// Obtain results for QID 45038. 
host_scan_time = asset.resultsForQid(45038L); 
if (host_scan_time == "null" || host_scan_time.isEmpty())
return false;
// Parse for duration. 
host_scan_time = host_scan_time.substring(15,host_scan_time.indexOf(' seconds')); 
// Convert number of seconds to integer; 
host_scan_time = host_scan_time.toInteger()
return host_scan_time > (threshold_minutes*60) && host_scan_time < (next_threshold_min*60);

// Skip testing on non-VM hosts.

if(asset.getAssetType()!=Asset.AssetType.HOST) return false;
// Tag if scan time for host takes longer than threshold_minutes minutes.
threshold_minutes = 120
//Next Threshold will always be 121 so do not TAG if more than that.
next_threshold_min = 121+threshold_minutes
// Obtain results for QID 45038.
host_scan_time = asset.resultsForQid(45038L);
if (host_scan_time == "null" || host_scan_time.isEmpty())
return false;
// Parse for duration.
host_scan_time = host_scan_time.substring(15,host_scan_time.indexOf(' seconds'));
// Convert number of seconds to integer;
host_scan_time = host_scan_time.toInteger()
return host_scan_time > (threshold_minutes*60) && host_scan_time < (next_threshold_min*60);

 

 

API Guide  - Evaluate Tag: 

Asset Mgmt and Tagging v2 API

See Page:  31

* * * Re-Evaluate the Tags as needed per Scan Candance * * *

Evaluate all tags that have Groovy Script rules.

API Request:  **Note the POD API url & the file.xml needs to be created**

POD 1: curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/evaluate/am/tag" < file.xml

POD 2: curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qg2.apps.qualys.com/qps/rest/2.0/evaluate/am/tag< file.xml

POD 3: curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qg3.apps.qualys.com/qps/rest/2.0/evaluate/am/tag< file.xml

Request POST data:   file.xml  or   GROOVY.xml
<?xml version="1.0" encoding="UTF-8" ?>
<ServiceRequest>
<filters>
<Criteria field="ruleType"
operator="EQUALS">GROOVY</Criteria>
</filters>
</ServiceRequest>
Request POST data:   file.xml   or  ASSETSEARCH.xml
<?xml version="1.0" encoding="UTF-8" ?>
<ServiceRequest>
<filters>
<Criteria field="ruleType"
operator="EQUALS">ASSET_SEARCH</Criteria>
</filters>
</ServiceRequest>

 

 

 

Example of Tags & Widget Structure & Trending:

Open the desired widget in edit mode, by selecting the 3 lines on the top right of the widget,

and clicking on Configure Widget. Then select the Collect trend data check box.


 

 

Troubleshoot Long Host Scan Times

After selecting the widget containing a host with an excessive scan time you can dig into details and, begin your troubleshooting. Try to identify the culprit host and troubleshoot, and open a case with support to get more details. Exclude the culprit host from your regular scans. This will help your regular scans complete effectively without the delay of the culprit host. Then scan the culprit host independently. 

 

 

 

 

Help Link:

POD - 1 - Apply Tags to Organize Your Assets

POD - 2 - Apply Tags to Organize Your Assets

POD - 3 - Apply Tags to Organize Your Assets

 

 

More to Come ... 

 

 

References: 

Looking for additional Qualys Documentation use the Resource link in the Qualys Portal (Help > Resources)
Documentation specific to Host Scan Time:

 

Related community Posts:

 

Additional VM Beta Dashboards:#performance_mgmt

Dashboard Toolbox - How To Enable the New VM Dashboard BETA within the Qualys UI 

Dashboard Toolbox - How To - Importing Dashboard json 

- - - - - - - - - - - - - - - - - - - - - - - - - - - -- - - - - - - - - - - - - - - - - - - - - - -

Dashboard Toolbox - VM DASHBOARD BETA: QID Specific Remediation Dashboard (v1.0) 

Dashboard Toolbox - VM DASHBOARD BETA: Host Scan Time Management (v1.1) 

Dashboard Toolbox - VM DASHBOARD BETA: Per Year Environment View - Vr1.0 

Dashboard Toolbox - VM DASHBOARD BETA: Severity 1 thru 5  & Threat Protection (RTI) Dashboard BETA 

Dashboard Toolbox - VM DASHBOARD BETA: PCI Compliance Vulnerability Exposure Dashboard 

Dashboard Toolbox - VM DASHBOARD BETA: Windows Authentication Management (v1.2) 

Dashboard Toolbox - VM DASHBOARD BETA: Total Vulnerabilities Scorecard    

Dashboard Toolbox - VM DASHBOARD BETA: Total Unremediated Scorecard   

Dashboard Toolbox - VM DASHBOARD BETA: Top 10 Vulnerabilities Scorecard 

Dashboard Toolbox - VM DASHBOARD BETA: Top 10 Assets Scorecard 

Dashboard Toolbox - VM DASHBOARD BETA: Hosts Assessment Dashboard 

Dashboard Toolbox - VM DASHBOARD BETA: Threat Real Time Indicator (RTI) Dashboard 

Dashboard Toolbox - Top 5 Vendor Open Vulns Sev3-5 Assessment Dashboard BETA

Dashboard Toolbox - [Tags.Name] Confirmed Sev 3- 5 Excl NRK 90D BETA

Dashboard Toolbox - VM DASHBOARD BETA: Windows 7 Confirmed/Potential Sev 3-5 90D Assessment 

Dashboard Toolbox - Cisco Vendor Only Confirmed/Potential Sev 3-5 90D Assessment BETA

Dashboards and Reporting: Apache Struts RCE Vulnerabilities: CVE-2017-5638 and CVE-2018-11776

QID Tracking Dashboard: .NET Framework Service Packs - All of a Sudden

Adobe Product Dashboard: Qualys API - List Assets by Vulnerability Title

 

Back to Dashboard Toolbox - New Vulnerability Management (VM) Dashboard BETA 

Back to Dashboarding and Reporting 

 

* * * WARNING: Read Before Downloading * * *

At this time, Dashboard and Widget JSON files are not interchangeable between application dashboards, meaning Vulnerability Management Beta Dashboard JSON files may only be used in VM Dashboard and AssetView JSON files may only be used in AssetView. If you make a mistake and import a JSON file from one application into the other, you must contact Qualys Support to have the error corrected in the database for your subscription. 

Again, there is no way to reverse this mistake within the UI, it must be done in the database.

1 person found this helpful

Outcomes