AnsweredAssumed Answered

How to pull a volume of simple Agent data ?

Question asked by Damian OHara on Jul 11, 2019
Latest reply on Jul 12, 2019 by Robert Dell'Immagine

On a subscription we have 33,000 cloud agents. Many have their host name changed after agent is installed meaning a mismatch between agent-based name and NetBIOS/DNS names reported to Qualys. You can find these mismatches by downloading all agent data from the CA module in CSV format then sorting for them in excel. I need to automate this but cannot find a usable API call for it.

 

The best shot I've found is the CA API call:

curl -s -u ${SCANUSER}:${SCANPASS} -X "POST" -H "Content-Type: text/xml" -H "Cache-Control: no-cache" --data-binary @list_all_agents.xml "https://qualysapi.qualys.${SOC}/qps/rest/2.0/search/am/hostasset/?fields=id,name,netbiosName" > CA_names.xml

 

This returns the three fields I want:

HOSTID,ASSET_NAME,NETBIOS_NAME

 

and would be ideal except the maximum number of hosts matched per API call is 100. So for 33,000 assets that's 330 API calls ! At 20 seconds per call this approaches 2 hours - if all goes well .... it exceeds our API call limits and all this just to get a list of hosts with 3 fields.

 

Looked at alternatives like the v2 API call below to provide the data :

/usr/bin/curl --insecure -s -u ${SCANUSER}:${SCANPASS} -H "X-Requested-With: curl" -X POST -d "action=list&details=All&use_tags=1&tag_set_by=id&tag_set_include=16231803" "https://qualysapi.qualys.${SOC}/api/2.0/fo/asset/host/" > host_data.xml

 

tag_set_include = the ID of the Cloud Agent tag for our subscription.

 

_except_ the CA name of the host is not included. It seems I can only get that from the CA API call above, which is unusable due to it's limits. Is that the case ?

 

Anybody found a way to do this ?

Outcomes