Create Custom Remediation QID Scripts 

The Custom Remediation QID script enables you to execute specific actions that fix an active vulnerability in VMDR. This script allows you to implement tailored remediation steps that may not be part of standard predefined solutions.

When you run the script successfully, the associated vulnerability is resolved or fully addressed.

You can only create and store Custom Remediation QID scripts in CAR. These scripts can only be executed through the Patch Management module.

You can create a Custom Remediation QID script using the following ways:

  • Manually enter a script
  • Upload script from local machine
  • Import from GitHub

To create a Custom Remediation QID script, follow these steps:

  1. Navigate to Scripts > Scripts  > Create  New Script.

    The Create New Script page is displayed. 

  2. Enter a Name and Description for the script.

    Script basic info.

  3. Click Next to view the Script Details page.
  4. Select the Type of Script as Remediation QID.
  5. Select Platform (Windows or Linux). 
  6. Complete the following Remediation QID Details:
    Fields Description
    QID Number Provide a QID number.
    QID Severity It is a QID Severity. You can select from values 1 (minimum) to 5 (urgent).
    Impact Factor Provide a value to determine the impact of the script on a vulnerability.
    For the remediation script, the value should be 100.

    This indicates that the vulnerability has been completely remediated.

    Implication The implication indicates whether the impact of the script on a vulnerability is permanent or temporary.

    The Implication value for the remediation script is Permanent.

    The Implication field is pre-populated depending upon the selected Type of Script.

    CVE IDs Provide CVE IDs that are associated with a specific QID.
    Mitigation Type Provide a text related to the mitigation type.

    Script details.

  7. Select the Scripting Language from the list in which you want to write the script.

    The list of scripting languages for Windows and Linux is different. 

    Platform Supported Scripting Language
    Windows PowerShell-Command, PowerShell-Script, Python, and VBScript
    Linux Lua, Perl, Python, and Shell
  8. Select a script Category from the list.
  9. Specify the Timeout Limit in seconds, minutes, or hours.

    The Timeout Limit lets you define how long a script must be in execution.

    The Timeout Limit for all Windows and Linux assets ranges from one second to 48 hours. The default value is 300 seconds.

    Add script.

  10. In the Scripts section, select Enter Script and manually enter the script by typing or copy-pasting it from another source.

    You also have the following options to provide the Remediation QID script:

    Example Remediation ScriptExample Remediation Script

    # Initialize counters for the specified application installations
    $Script:appCount = 0
    # Set the application name and version regex to be searched
    $targetAppName = "PowerShell"
    $versionRegex = "^6\..*"
    # Determine if the system is 64-bit or 32-bit and set the registry paths accordingly
    if ([Environment]::Is64BitOperatingSystem) {
        $regPaths = @("HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*", "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*")
    } else {
        $regPaths = @("HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*")
    }
    # Function to check if the specified application version is still present
    function Check-AppPresence {
        param (
            [string]$appName,
            [string]$versionRegex
        )
        
        # Retrieve all applications from the uninstall registry keys
        foreach ($regPath in $regPaths) {
            $apps = Get-ChildItem -Path $regPath | Get-ItemProperty
            foreach ($app in $apps) {
                if ($app.DisplayName -match $appName -and $app.DisplayVersion -match $versionRegex) {
                    return $true
                }
            }
        }
        return $false
    }
    # Retrieve all applications from the uninstall registry keys
    $appList = foreach ($regPath in $regPaths) {
        Get-ChildItem -Path $regPath | Get-ItemProperty
    }
    # Iterate over each application to find the specified installations
    foreach ($app in $appList) {
        $appName = $app.DisplayName
        if ($appName -match $targetAppName) {
            $appVer = $app.DisplayVersion
            if ($appVer -match $versionRegex) {
                $Script:appVersion = $appVer
                $appUninstallString = $app.UninstallString
                # Increment application counter
                $Script:appCount++
                # Check if the uninstall command uses MsiExec.exe
                if ($appUninstallString -match "MsiExec.exe") {
                    # Modify the uninstall command to run silently
                    $uninstallCommand = $appUninstallString -replace "MsiExec.exe", "MsiExec.exe /quiet"
                    # & cmd /c $uninstallCommand
                }
                # If no suitable uninstall method is found, notify the user
                else {
                    Write-Host "Unable to uninstall $appName"
                    exit 1
                }
            }
        }
    }
    # Notify the user if no specified applications were found
    if ($Script:appCount -eq 0) {
        Write-Host "$targetAppName with version matching $versionRegex not found"
        exit 0
    }
    # Recheck if the application with the same version is still present after uninstallation
    if (Check-AppPresence -appName $targetAppName -versionRegex $versionRegex) {
        Write-Host "Uninstallation of $targetAppName $Script:appVersion failed."
        exit 1
    } else {
        Write-Host "$targetAppName $Script:appVersion successfully uninstalled."
    }
    
  11. Select the Create Script in the approved state checkbox to create the script in approved state.

    This option is available only for the manager role.

    The user with any other user role must get the script approved by an authorized user.
    For more details, refer to Qualys CAR RBAC

    Approved script.

  12. Click Next to view the Review and Confirm page.
  13. Review the details and click Confirm & Save.

The Remediation QID script is created and displayed on the Scripts tab.

remediation script added.

As CAR is used as a repository for storing the Remediation QID script, you can only View Details, Edit, Clone, Export Script, and Deprecate.

Edit Remediation QID Scripts

To modify the script, follow these steps:

  1. Navigate to the Scripts tab.
  2. To edit a script, select a Remediation QID script and click Edit on the Quick Actions menu.

    edit remediation script.

    The Basic Information page is displayed.

  3. Modify the details as required and click Next to view the Scripts Details page.

  4. Modify the editable content as required.

    modify script details.

  5. Provide the Reason for Edit.

    script edit reason.

  6. Click Next to view the Review and Confirm page.
  7. Review the script and click Update to save the changes to the script.

Related Topics

Cloning Scripts

Exporting Scripts

Deprecating Scripts