AnsweredAssumed Answered

Identifying Special Notes in Scan Reusult XML from V1 API

Question asked by Sankar V on Apr 9, 2014
Latest reply on Apr 11, 2014 by Bernie Weidel

Hi All,

        I am using the V1 API to retrieve the scan result of a completed scan and have to parse the resulting xml to generate custom reports.

 

I was wondering how an item in the resulting Scan Result XML can be identified as an item requiring Special Notes.

 

Say for example in the below case a sample scan result with the following INFO node. As a developer parsing a scan result is there a way to query the Qualys Knowledge Base if a particular item , say this ITEM with NO 42017, is an item  that requires special notes.

 

 

      <INFO number="42017"severity="3">

        <TITLE><![CDATA[Remote Accessor Management Service Detected]]></TITLE>

       <LAST_UPDATE><![CDATA[2011-10-17T18:28:42Z]]></LAST_UPDATE>

        <PCI_FLAG>0</PCI_FLAG>

<DIAGNOSIS>

<![CDATA[A remote access orremote management service was detected. If such a service is accessible tomalicious users it can be used to carry different type of attacks. Malicioususers could try to brute force credentials or collect additional information onthe service which could enable them in crafting further attacks.

<P>

The Results section includesinformation on the remote access service that was found on the target.

<P>

Services like Telnet, Rlogin, SSH,windows remote desktop, pcAnywhere, Citrix Management Console, Remote Admin(RAdmin), VNC, OPENVPN and ISAKMP are checked.]]>

</DIAGNOSIS>

       <CONSEQUENCE><![CDATA[Consequences vary by the type ofattack.]]></CONSEQUENCE>

        <SOLUTION><![CDATA[Expose theremote access or remote management services only to the system administratorsor intended users of the system.]]></SOLUTION>

       <RESULT><![CDATA[Service name: SSHon TCP port 40022.]]></RESULT>

      </INFO>

 

 

I am exploring the API and been reading the guide but I dont see any mention in the guide regarding special notes. So I was hoping if anyone in the forum has dealt with this issue and can help me out on this

 

Thank you.

Outcomes