Working with Scripts

Qualys CAR has a repository of scripts stored in its database. These scripts can be applied to multiple assets and tags. Apart from the scripts in the CAR repository, you can also use scripts posted on the Qualys GitHub account. You can create up to 2000 scripts per subscription.

You can share the output of the script execution job with different apps that are registered to get the script output.

The maximum script size limit for both Linux and Windows platforms is 500 KB. The API Gateway service version that you use must be 2.4.0-7 or later to support 1 MB script output.

Windows agent adheres to the PowerShScripts with potentially system-impacting commandsell execution policy set on the host on which a script is executed.

You may choose to bypass the PowerShell execution policy set on the host. While adding assets to a script, use the Bypass Powershell Execution Policy toggle switch to specify if you want to override the PowerShell execution policy on Windows hosts. When you switch this option to Yes, both signed and unsigned scripts are executed on the agent irrespective of the PowerShell execution policy set on the asset.

The Scripts tab lists all the scripts that you created.

If you have imported a script from a GitHub repository, the script is displayed with a  icon. A  icon denotes that sync with GitHub has failed.

You can perform the following actions on the scripts from the various options present in the Quick Actions menu:

View Details

Displays details such as Script ID, date and time when the script was last updated, platform, category and so on. In case of a script imported from GitHub, details include the date and time when the script was last synced with GitHub, GitHub repository name and the repository owner besides other relevant details.

Refer to Viewing Job Details

Edit

Lets you edit the selected script.

Refer to Editing Scripts

Enable auto sync

Lets you enable auto-sync your script with GitHub. The GitHub sync occurs every four hours.

This option is available only for those scripts that are imported from GitHub and the Sync the script with GitHub option was not selected while creating the script.

Refer to Creating Scripts

Sync with GitHub now

 

Lets you initiate an on-demand sync with GitHub. You can perform an on-demand sync at any time, even if the Automated option was selected for GitHub sync. 

This option is available only for those scripts that are imported from GitHub. The last sync date and the time are displayed below the script name.

Refer to Creating Scripts

Modify GitHub Access Token

Lets you update the access token for the selected script. This option is available only if the selected script was imported from a GitHub private repository. The modified GitHub access token is updated in CAR.

Qualys recommends that you provide an access token that does not have an expiration limit.

Refer to Creating Scripts

Test Script

Lets you evaluate a script on a test asset before you execute it on production assets. This option is available only when the script is in the Pending Test status.

Refer to Testing Scripts

Review

 

Lets you approve or reject a script. You must have the appropriate user rights to approve or reject a script.

Refer to:

Role-Based Access Control in CAR

Reviewing and Approving Scripts

Run Now

Lets you execute the script immediately. This option is available only when the script is approved.

Refer to Executing Scripts

Schedule

Lets you create a schedule for the selected script.

Refer to Scheduling Scripts

Clone

Lets you create a copy of an existing script along with its assets and tags and other properties.

Refer to Cloning Scripts

Export Script

Lets you export a script and save it on your local computer.

Refer to Exporting Scripts

Deprecate

Lets you deprecate a script that’s no longer required. You must have the 'View Jobs' permission to view the job details of a script.

Refer to:

Role-Based Access Control in CAR

Deprecating Scripts

View Latest Job

Lets you view the status of the selected script and other corresponding details. This option is not available for scripts with 'Pending Test' status.

Refer to:

Role-Based Access Control in CAR

Viewing Script Jobs

 

View All Jobs

Lets you select a script and view details of the most recent job or all jobs within a recurring cycle. You must have the 'View Jobs' permission to view the job details of a script.

Refer to:

Role-Based Access Control in CAR

Viewing Script Jobs

Related Topics

Creating Scripts

Testing Scripts

Reviewing and Approving Scripts

Executing Scripts

Scheduling Scripts