AnsweredAssumed Answered

Multi scan and first detected, scan start dates

Question asked by wkolatac on Mar 6, 2018
Latest reply on Mar 13, 2018 by John Delaroderie

Hi
I'm trying to develop a process using the Qualys APIs to identify scans that have level 4 or 5 vulnerabilites. The plan is to run this process everyday, reporting on the scans and/or the vulnerabilities detected since the process last ran.
I thought about using the Findings API to retrieve vulnerabilities and use the first detected date.

I'm running into some unexpected results. The environment I will be running this process against contians multi-scan configurations. These configurations can have hundreds of WAS configurtions included in them and the multi-scan can run for days. In this scenario, when I use the Findings API to download the vulnerabilities while the multi-scan is running, I can see different results over each day. So as a scan finishes it seems the results (findings) are available. But the issue is that the first detected date is always the start date/time of the multi-scan itself, not the date/time that the individual scan started. For example let's say a multi-scan starts on 03-01 and completes on 03-04. For individual sites scans that actually run on 03-04, the first detected date/time of the vulnerabilites is start date/time of the multi-scan, 03-01. And the start date/time of the individual scan is 03-01 as well.

Is this how the multi-scan details are stored? I was expected that if a WAS site scan acutally ran on 03-04, then the start time of the scan and any vulnerabilities found during the scan would have the 03-04 date/time stamp. Am I missing something?

Is there another way (API) i should be using to achieve this? I would prefer not to have to download/save data on one day and compare it to data downloaded/saved the following day to detect any new differences. That seems a bit crude...
Does anyone have a suggestions? I'm running this in a Windows/PHP environment and would prefer a PHP solution if possible.
thanks in advance for your help!

Outcomes