AnsweredAssumed Answered

Qualys Technical Report Based Integrations

Question asked by QM_SSJ4 on Mar 21, 2012
Latest reply on Mar 21, 2012 by Eric Perraudeau

We are struggling a bit with the 'Technical Report' based integrations with various Tools & Partners that leverage Qualys vuln data as part of their services. From what I understand, the "Best Practice" is to create a template called Technical Report which is used to designate what data is pulled (Report Details, Services, Custom QID list, etc.) and from where (Asset Groups and/or IP's) and then an API calll of /msp/asset_data_report.php is used to retrieve the Vuln's.

 

The issue we are running into is that this Technical Report is much much too large given the # of IP's and amount of data we collect on each to allow a single synch of Qualys data into each tool. Further since this Technical Report method seems hardcoded (per Qualys standards?), we cannot create multiple reports with various options and/or assets in them so even if the 3rd party tool performing the synch allows  for multiple scheduled synch jobs, one must continuously go back into Qualys and update the Technical Report with an ever changing IP and/or QID list. If your try to do the 'all in one' approach the report times out as their is simply too much data to retrieve (or maybe a built in API call timeout?).

 

With over 400 network segments we are left to develop our own API code to continuously update Technical Report with each Segment and QID list to 'chunk down' our data to get the synch to work. However, this is very frustrating as the timing is not always consistent with each synch and even with the semi-automated API based update, we simply cannot finish the synch before new scan data is populated.

 

Has anyone else used this Technical Report type synch with their other tools and struggled with the 'too much data' problem?

Outcomes