Working with Scripts
Qualys CAR has a repository of scripts stored in its database. These scripts can be applied to multiple assets and tags. Apart from the scripts in the CAR repository, you can also use scripts posted on the Qualys GitHub account. You can create up to 2000 scripts per subscription.
You can share the output of the script execution job with different apps that are registered to get the script output.
The maximum script size limit for both Linux and Windows platforms is 500 KB. The API Gateway service version that you use must be 2.4.0-7 or later to support 1 MB script output.
Windows agent adheres to the PowerShScripts with potentially system-impacting commandsell execution policy set on the host on which a script is executed.
You may choose to bypass the PowerShell execution policy set on the host. While adding assets to a script, use the Bypass Powershell Execution Policy toggle switch to specify if you want to override the PowerShell execution policy on Windows hosts. When you switch this option to Yes, both signed and unsigned scripts are executed on the agent irrespective of the PowerShell execution policy set on the asset.
The Scripts tab lists all the scripts that you created.
If you have imported a script from a GitHub repository, the script is displayed with a 
icon. A 
icon denotes that sync with GitHub has failed.
You can perform the following actions on the scripts from the various options present in the Quick Actions menu:
|
View Details |
Displays details such as Script ID, date and time when the script was last updated, platform, category and so on. In case of a script imported from GitHub, details include the date and time when the script was last synced with GitHub, GitHub repository name and the repository owner besides other relevant details. Refer to Viewing Job Details |
|
Edit |
Lets you edit the selected script. Refer to Editing Scripts |
|
Enable auto sync |
Lets you enable auto-sync your script with GitHub. The GitHub sync occurs every four hours. This option is available only for those scripts that are imported from GitHub and the Sync the script with GitHub option was not selected while creating the script. Refer to Creating Scripts |
|
Sync with GitHub now
|
Lets you initiate an on-demand sync with GitHub. You can perform an on-demand sync at any time, even if the Automated option was selected for GitHub sync. This option is available only for those scripts that are imported from GitHub. The last sync date and the time are displayed below the script name. Refer to Creating Scripts |
|
Modify GitHub Access Token |
Lets you update the access token for the selected script. This option is available only if the selected script was imported from a GitHub private repository. The modified GitHub access token is updated in CAR. Qualys recommends that you provide an access token that does not have an expiration limit. Refer to Creating Scripts |
|
Test Script |
Lets you evaluate a script on a test asset before you execute it on production assets. This option is available only when the script is in the Pending Test status. Refer to Testing Scripts |
|
Review
|
Lets you approve or reject a script. You must have the appropriate user rights to approve or reject a script. Refer to: |
|
Run Now |
Lets you execute the script immediately. This option is available only when the script is approved. Refer to Executing Scripts |
|
Schedule |
Lets you create a schedule for the selected script. Refer to Scheduling Scripts |
|
Clone |
Lets you create a copy of an existing script along with its assets and tags and other properties. Refer to Cloning Scripts |
|
Export Script |
Lets you export a script and save it on your local computer. Refer to Exporting and Importing Scripts |
|
Deprecate |
Lets you deprecate a script that’s no longer required. You must have the 'View Jobs' permission to view the job details of a script. Refer to: |
|
View Latest Job |
Lets you view the status of the selected script and other corresponding details. This option is not available for scripts with 'Pending Test' status. Refer to: Role-Based Access Control in CAR
|
|
View All Jobs |
Lets you select a script and view details of the most recent job or all jobs within a recurring cycle. You must have the 'View Jobs' permission to view the job details of a script. Refer to: |
Related Topics
Reviewing and Approving Scripts