Update Azure Storage Blob Integration
Once you enable the Azure Storage Blob integration, you can update the name, connectionString, baseCategory, resultSectionNeeded, and other parameters of the Azure Storage Blob with Qualys.
Input ParametersInput Parameters
|
Platform |
Mandator /Optional |
Data Type |
IP Address |
|---|---|---|---|
|
connectionString={value} |
Optional |
String |
Provide the connection string assigned to the container in Azure Storage Blob. |
|
minSeverity={value} |
Optional |
Text |
The minimum severity level of the vulnerabilities fetched from Qualys (VM/VMDR app) is to be posted on the Azure Storage Blob. For example, if you set the value to 1, all findings with severity levels 1 to 5 are fetched and available on Azure Storage Blob. |
|
baseCategory={IG|Potential| Confirmed} |
Optional |
Text |
The category of the vulnerabilities fetched from Qualys (VM/VMDR app) is to be posted on Azure Storage Blob. The valid values are IG, Confirmed, and Potential.
|
|
name={value} |
Optional |
Text |
Provide a unique name for the integration in the API request. The maximum length allowed for name is 50 characters. |
|
resultSectionNeeded={true|false} |
Optional |
Boolean |
Set this to true to include the result section in the findings. |
|
sendVulnInfo={true|false} |
Optional |
Boolean |
Set this to true if you need the vulnerability information. |
|
compressData={true|false} |
Optional |
Boolean |
Set this to true to compress the data in the response. Batch and compress data saves on disk and network IO. |
|
containerName={value} |
Optional |
Text |
Provide the name of the container, which was created under Azure Storage Blob account for this integration. You can find the vulnerability findings and vulnerability information in this container. |
|
filterQuery |
Optional |
Query |
Filter vulnerabilities and assets using the supported tokens. |
Filter Query Tokens
The tokens listed below can be used to create the filterQuery for vulnerabilities and assets.
Vulnerability Filter Tokens
The following table lists vulnerability filter tokens and their data types.
|
Token |
Data Type |
|---|---|
|
qid |
LONG |
|
port |
LONG |
|
ignored |
BOOLEAN |
|
Disabled |
BOOLEAN |
|
filterQuery |
Optional |
|
ssl |
BOOLEAN |
|
protocol |
STRING |
|
timesFound |
LONG |
|
status |
STRING |
|
firstFound |
STRING |
|
lastUpdate |
STRING |
|
lastProcessed |
STRING |
|
lastReopened |
STRING |
|
lastFixed |
STRING |
|
lastFound |
STRING |
|
lastTest |
STRING |
Asset Filter Tokens
The following table lists asset filter tokens and their data types.
|
Token |
Data Type |
|---|---|
|
assetId |
LONG |
|
assetUuid |
STRING |
|
hostId |
LONG |
|
netBios |
STRING |
|
dns |
STRING |
|
ip |
STRING |
|
os |
STRING |
|
trackingMethod |
STRING |
"curl -X PUT --header""Content-Type:application/json""<qualys_gateway_urls>/partner-integration/azure/storage-blob/{integrationId}/vm""--data""@integration.json""-H""\"Authorization: Bearer <token>"
“integration.json” contains the request PUT data.
Request PUT Data (integration.json)
{
"connectionString":"BlobEndpoint=https://user_john.blob.core.windows.net/;SharedAccessSignature=sv=2019-12-12&ss=b&srt=co&sp=rwx&se=2020-09-04T22:36:36Z&st=2020-09-04T14:36:36Z&spr=https&sig=key%ckd%3D",
"minSeverity":4,
"baseCategory":"Potential",
"name":"Integration name",
"resultSectionNeeded":true,
"sendVulnInfo":true,
"compressData":false,
"containerName":"qualys-vm-findings"
}
Output
{
"message":"Azure Storage Blob VM integration successfully updated."
}