Register Integration
Registers an integration.
Input ParametersInput Parameters
|
Parameter |
Optional/ Manadatory |
Data Type |
Description |
|---|---|---|---|
|
bucketName={value} |
Mandatory | Integer |
Provide the name of the AWS S3 bucket being used for integration. |
|
bucketRegion={value} |
Mandatory | Integer |
Provide the region where the AWS S3 bucket is located. |
|
roleArn={value} |
Mandatory | Integer |
Specify the ARN of the cross-account role which you created in your AWS account. |
|
name={value} |
Mandatory | Integer |
Provide a unique name for the integration in the API request. The maximum length allowed for the name is 50 characters. |
|
filterQuery |
Optional |
string |
Filter vulnerabilities and assets using the supported tokens. |
|
resultSectionNeeded={true|false} |
Optional | Boolean |
Set this to true to include the result section in the finding. If you want to exclude the result section, set this parameter to false. By default, the resultSectionNeeded parameter is configured to false. |
|
sendVulnInfo={true|false} |
Optional | Boolean |
Set this to true if you need the vulnerability information. If you want to exclude the vulnerability information, set this parameter to false. By default, the sendVulnInfo parameter is configured to false. |
|
compressData={true|false} |
Optional | Boolean |
Set this to true to compress the data in the response. It saves on disk and network IO. If you want to exclude the compression, set this parameter to false. By default, the compressData parameter is configured to true. |
|
sendAlerts |
Optional | Boolean |
Set to true to receive ProActive alert notifications. |
|
errorEmails |
Optional |
When sendAlerts is set to true, provide the email list for ProActive Alert notifications. Add upto aList of maximum 5 email addresses as comma-separated values. |
Filter Query Tokens
The Qualys Query Language is used to build search queries and fetch information from the Qualys database. You can pick the tokens from our repository and build your own query to find the relevant information.
For example, the below query fetches assessments of a specified qid, discovers ignored vulnerabilities and searches from the specified range of dates.
"vuln" : "qId: 11547 ignored: true AND lastUpdate: [2023-07-06 .. 2023-07-07]"
The below query fetches information of a specified asset id within the provided IP range.
"asset" : "assetUuid: `151334c4-3811-40b5-ba92-cfd0064eb9f4` AND ip: (1.1.1.1 .. 5.5.5.5)"
Learn more about building search queries using the Qualys Query Language (QQL) here.
The “Now” keyword is not supported for QQL currently. Building search queries with it will not produce any results.
The tokens listed below can be used to create the filterQuery for vulnerabilities and assets.
Vulnerbility Filter Tokens:
| Token | Data Type |
|---|---|
| qid | LONG |
| port | LONG |
| ignored | BOOLEAN |
| Disabled | BOOLEAN |
| filterQuery | Optional |
| ssl | BOOLEAN |
| protocol | STRING |
| timesFound | LONG |
| status | STRING |
| firstFound | STRING |
| lastUpdate | STRING |
| lastProcessed | STRING |
| lastReopened | STRING |
| lastFixed | STRING |
| lastFound | STRING |
| lastTest | STRING |
| superseded |
BOOLEAN |
| patchable |
BOOLEAN |
| runningKernel |
BOOLEAN |
| runningService |
BOOLEAN |
|
category Supported values are
|
STRING |
| severity Supported values are {1|2|3|4|5} |
LONG |
The category token lets you specify the vulnerabilities fetched from Qualys (VM/VMDR app) to be posted on the AWS S3. The valid values are IG, Confirmed, and Potential.
By default, it is configured to Confirmed. In this case, only confirmed vulnerabilities are included.
The severity token lets you specify the minimum severity level of the vulnerabilities fetched from Qualys (VM/VMDR app) to be posted on the AWS S3 bucket.
Asset Filter Tokens:
| Token | Data Type |
|---|---|
| assetId | LONG |
| assetUuid | STRING |
| hostId | LONG |
| netBios | STRING |
| dns | STRING |
| ip | STRING |
| os | STRING |
| trackingMethod | STRING |
API Request
"curl -H ‘Authorization":"Bearer <token>’""Content-Type:application/json""<qualys_gateway_url>/partner-integration/aws/s3/vm""--data""@integration.json"
'integration.json' contains the request POST data.
Request POST Data (integration.json)
{
"name": "string",
"bucketName": "string",
"bucketRegion": "string",
"roleArn": "string",
"resultSectionNeeded": true,
"sendVulnInfo": true,
"compressData": true,
"sendAlerts": true,
"errorEmails": [
"string"
],
"filterQuery": {
"vuln": "category: [`Confirmed`] AND severity >= 3 and superseded: true and runningKernel: true and runningService: true and isPatchable: true",
"asset": "string"
}
}
Output
{
"integrationId":5,
"externalId":"US_POD_1-1-xxxxxxxx-xxxx-xxxx-xxxxxx-xxxxxxxxxxxxx"
}